/src/php-src/Zend/Optimizer/optimize_func_calls.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend OPcache                                                         |
   +----------------------------------------------------------------------+
   | Copyright © The PHP Group and Contributors.                          |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Dmitry Stogov <dmitry@php.net>                              |
   |          Xinchen Hui <laruence@php.net>                              |
   +----------------------------------------------------------------------+
*/

/* pass 4
 * - optimize INIT_FCALL_BY_NAME to DO_FCALL
 */

#include "Optimizer/zend_optimizer.h"
#include "Optimizer/zend_optimizer_internal.h"
#include "zend_API.h"
#include "zend_constants.h"
#include "zend_execute.h"
#include "zend_vm.h"

typedef struct _optimizer_call_info {
  zend_function *func;
  zend_op       *opline;
  zend_op       *last_check_func_arg_opline;
  bool      is_prototype;
  bool      try_inline;
  uint32_t       func_arg_num;
} optimizer_call_info;

static void zend_delete_call_instructions(const zend_op_array *op_array, zend_op *opline)
{
  int call = 0;

  while (1) {
    switch (opline->opcode) {
      case ZEND_INIT_FCALL_BY_NAME:
      case ZEND_INIT_NS_FCALL_BY_NAME:
      case ZEND_INIT_STATIC_METHOD_CALL:
      case ZEND_INIT_METHOD_CALL:
      case ZEND_INIT_FCALL:
      case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
        if (call == 0) {
          MAKE_NOP(opline);
          return;
        }
        ZEND_FALLTHROUGH;
      case ZEND_NEW:
      case ZEND_INIT_DYNAMIC_CALL:
      case ZEND_INIT_USER_CALL:
        call--;
        break;
      case ZEND_DO_FCALL:
      case ZEND_DO_ICALL:
      case ZEND_DO_UCALL:
      case ZEND_DO_FCALL_BY_NAME:
        call++;
        break;
      case ZEND_SEND_VAL:
      case ZEND_SEND_VAR:
        if (call == 0) {
          zend_optimizer_convert_to_free_op1(op_array, opline);
        }
        break;
    }
    opline--;
  }
}

static void zend_try_inline_call(zend_op_array *op_array, const zend_op *fcall, zend_op *opline, const zend_function *func)
{
  const uint32_t no_discard = RETURN_VALUE_USED(opline) ? 0 : ZEND_ACC_NODISCARD;

  if (func->type == ZEND_USER_FUNCTION
   && !(func->op_array.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_DEPRECATED|no_discard))
    /* TODO: function copied from trait may be inconsistent ??? */
   && !(func->op_array.fn_flags & (ZEND_ACC_TRAIT_CLONE))
   && fcall->extended_value >= func->op_array.required_num_args
   && func->op_array.opcodes[func->op_array.num_args].opcode == ZEND_RETURN) {

    zend_op *ret_opline = func->op_array.opcodes + func->op_array.num_args;

    if (ret_opline->op1_type == IS_CONST) {
      uint32_t i, num_args = func->op_array.num_args;
      num_args += (func->op_array.fn_flags & ZEND_ACC_VARIADIC) != 0;

      if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
          && !(func->op_array.fn_flags & ZEND_ACC_STATIC)) {
        /* Don't inline static call to instance method. */
        return;
      }

      for (i = 0; i < num_args; i++) {
        /* Don't inline functions with by-reference arguments. This would require
         * correct handling of INDIRECT arguments. */
        if (ZEND_ARG_SEND_MODE(&func->op_array.arg_info[i])) {
          return;
        }
      }

      if (fcall->extended_value < func->op_array.num_args) {
        /* don't inline functions with named constants in default arguments */
        i = fcall->extended_value;

        do {
          if (Z_TYPE_P(CRT_CONSTANT_EX(&func->op_array, &func->op_array.opcodes[i], func->op_array.opcodes[i].op2)) == IS_CONSTANT_AST) {
            return;
          }
          i++;
        } while (i < func->op_array.num_args);
      }

      if (RETURN_VALUE_USED(opline)) {
        zval zv;

        ZVAL_COPY(&zv, CRT_CONSTANT_EX(&func->op_array, ret_opline, ret_opline->op1));
        opline->opcode = ZEND_QM_ASSIGN;
        opline->op1_type = IS_CONST;
        opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
        SET_UNUSED(opline->op2);
      } else {
        MAKE_NOP(opline);
      }

      zend_delete_call_instructions(op_array, opline-1);
    }
  }
}

/* arg_num is 1-based here, to match SEND encoding. */
static bool has_known_send_mode(const optimizer_call_info *info, uint32_t arg_num)
{
  if (!info->func) {
    return false;
  }

  /* For prototype functions we should not make assumptions about arguments that are not part of
   * the signature: And inheriting method can add an optional by-ref argument. */
  return !info->is_prototype
    || arg_num <= info->func->common.num_args
    || (info->func->common.fn_flags & ZEND_ACC_VARIADIC);
}

void zend_optimize_func_calls(zend_op_array *op_array, zend_optimizer_ctx *ctx)
{
  zend_op *opline = op_array->opcodes;
  const zend_op *end = opline + op_array->last;
  int call = 0;
  void *checkpoint;
  optimizer_call_info *call_stack;

  if (op_array->last < 2) {
    return;
  }

  checkpoint = zend_arena_checkpoint(ctx->arena);
  call_stack = zend_arena_calloc(&ctx->arena, op_array->last / 2, sizeof(optimizer_call_info));
  while (opline < end) {
    switch (opline->opcode) {
      case ZEND_INIT_FCALL_BY_NAME:
      case ZEND_INIT_NS_FCALL_BY_NAME:
      case ZEND_INIT_STATIC_METHOD_CALL:
      case ZEND_INIT_METHOD_CALL:
      case ZEND_INIT_FCALL:
      case ZEND_NEW:
      case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
        /* The argument passing optimizations are valid for prototypes as well,
         * as inheritance cannot change between ref <-> non-ref arguments. */
        call_stack[call].func = zend_optimizer_get_called_func(
          ctx->script, op_array, opline, &call_stack[call].is_prototype);
        call_stack[call].try_inline =
          !call_stack[call].is_prototype
          && opline->opcode != ZEND_NEW
          && opline->opcode != ZEND_INIT_PARENT_PROPERTY_HOOK_CALL;
        ZEND_FALLTHROUGH;
      case ZEND_INIT_DYNAMIC_CALL:
      case ZEND_INIT_USER_CALL:
        call_stack[call].opline = opline;
        call_stack[call].func_arg_num = (uint32_t)-1;
        call++;
        break;
      case ZEND_DO_FCALL:
      case ZEND_DO_ICALL:
      case ZEND_DO_UCALL:
      case ZEND_DO_FCALL_BY_NAME:
      case ZEND_CALLABLE_CONVERT:
        call--;
        if (call_stack[call].func && call_stack[call].opline) {
          zend_op *fcall = call_stack[call].opline;

          if (fcall->opcode == ZEND_INIT_FCALL) {
            /* nothing to do */
          } else if (fcall->opcode == ZEND_INIT_FCALL_BY_NAME) {
            fcall->opcode = ZEND_INIT_FCALL;
            fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
            literal_dtor(&ZEND_OP2_LITERAL(fcall));
            fcall->op2.constant = fcall->op2.constant + 1;
          } else if (fcall->opcode == ZEND_INIT_NS_FCALL_BY_NAME) {
            fcall->opcode = ZEND_INIT_FCALL;
            fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
            literal_dtor(&op_array->literals[fcall->op2.constant]);
            literal_dtor(&op_array->literals[fcall->op2.constant + 2]);
            fcall->op2.constant = fcall->op2.constant + 1;
          } else if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
              || fcall->opcode == ZEND_INIT_METHOD_CALL
              || fcall->opcode == ZEND_INIT_PARENT_PROPERTY_HOOK_CALL
              || fcall->opcode == ZEND_NEW) {
            /* We don't have specialized opcodes for this, do nothing */
          } else {
            ZEND_UNREACHABLE();
          }

          /* If the INIT opcode changed the DO opcode can also change to
           * a more optimized one.
           *
           * At this point we also know whether or not the result of
           * the DO opcode is used, allowing to optimize calls to
           * ZEND_ACC_NODISCARD functions. */
          if (opline->opcode != ZEND_CALLABLE_CONVERT) {
            opline->opcode = zend_get_call_op(fcall, call_stack[call].func, !RESULT_UNUSED(opline));
          }

          if ((ZEND_OPTIMIZER_PASS_16 & ctx->optimization_level)
              && call_stack[call].try_inline
              && opline->opcode != ZEND_CALLABLE_CONVERT) {
            zend_try_inline_call(op_array, fcall, opline, call_stack[call].func);
          }
        }
        call_stack[call].func = NULL;
        call_stack[call].opline = NULL;
        call_stack[call].try_inline = false;
        call_stack[call].func_arg_num = (uint32_t)-1;
        break;
      case ZEND_FETCH_FUNC_ARG:
      case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
      case ZEND_FETCH_OBJ_FUNC_ARG:
      case ZEND_FETCH_DIM_FUNC_ARG:
        if (call_stack[call - 1].func_arg_num != (uint32_t)-1
            && has_known_send_mode(&call_stack[call - 1], call_stack[call - 1].func_arg_num)) {
          if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, call_stack[call - 1].func_arg_num)) {
            /* There's no TMP specialization for FETCH_OBJ_W/FETCH_DIM_W. Avoid
             * converting it and error at runtime in the FUNC_ARG variant. */
            if ((opline->opcode == ZEND_FETCH_OBJ_FUNC_ARG || opline->opcode == ZEND_FETCH_DIM_FUNC_ARG)
             && (opline->op1_type == IS_TMP_VAR || call_stack[call - 1].last_check_func_arg_opline == NULL)) {
              /* Don't remove the associated CHECK_FUNC_ARG opcode. */
              call_stack[call - 1].last_check_func_arg_opline = NULL;
              break;
            }
            if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
              opline->opcode -= 9;
            } else {
              opline->opcode = ZEND_FETCH_STATIC_PROP_W;
            }
          } else {
            if (opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
                && opline->op2_type == IS_UNUSED) {
              /* FETCH_DIM_FUNC_ARG supports UNUSED op2, while FETCH_DIM_R does not.
               * Performing the replacement would create an invalid opcode. */
              call_stack[call - 1].try_inline = false;
              break;
            }

            if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
              opline->opcode -= 12;
            } else {
              opline->opcode = ZEND_FETCH_STATIC_PROP_R;
            }
          }
        }
        break;
      case ZEND_SEND_VAL_EX:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          if (!ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_VAL;
          }
        }
        break;
      case ZEND_CHECK_FUNC_ARG:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          call_stack[call - 1].func_arg_num = (uint32_t)-1;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          call_stack[call - 1].func_arg_num = opline->op2.num;
          call_stack[call - 1].last_check_func_arg_opline = opline;
        }
        break;
      case ZEND_SEND_FUNC_ARG:
        /* Don't transform SEND_FUNC_ARG if any FETCH opcodes weren't transformed. */
        if (call_stack[call - 1].last_check_func_arg_opline == NULL) {
          if (opline->op2_type == IS_CONST) {
            call_stack[call - 1].try_inline = false;
          }
          break;
        }
        MAKE_NOP(call_stack[call - 1].last_check_func_arg_opline);
        call_stack[call - 1].last_check_func_arg_opline = NULL;
        ZEND_FALLTHROUGH;
      case ZEND_SEND_VAR_EX:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          call_stack[call - 1].func_arg_num = (uint32_t)-1;
          if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_REF;
          } else {
            opline->opcode = ZEND_SEND_VAR;
          }
        }
        break;
      case ZEND_SEND_VAR_NO_REF_EX:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          if (ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_VAR_NO_REF;
          } else if (ARG_MAY_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_VAL;
          } else {
            opline->opcode = ZEND_SEND_VAR;
          }
        }
        break;
      case ZEND_SEND_VAL:
      case ZEND_SEND_VAR:
      case ZEND_SEND_REF:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }
        break;
      case ZEND_SEND_UNPACK:
      case ZEND_SEND_USER:
      case ZEND_SEND_ARRAY:
        call_stack[call - 1].try_inline = false;
        break;
      default:
        break;
    }
    opline++;
  }

  zend_arena_release(&ctx->arena, checkpoint);
}

Coverage Report

Created: 2026-06-13 07:01

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend OPcache \|
4		+----------------------------------------------------------------------+
5		\| Copyright © The PHP Group and Contributors. \|
6		+----------------------------------------------------------------------+
7		\| This source file is subject to the Modified BSD License that is \|
8		\| bundled with this package in the file LICENSE, and is available \|
9		\| through the World Wide Web at <https://www.php.net/license/>. \|
10		\| \|
11		\| SPDX-License-Identifier: BSD-3-Clause \|
12		+----------------------------------------------------------------------+
13		\| Authors: Dmitry Stogov <dmitry@php.net> \|
14		\| Xinchen Hui <laruence@php.net> \|
15		+----------------------------------------------------------------------+
16		*/
17
18		/* pass 4
19		* - optimize INIT_FCALL_BY_NAME to DO_FCALL
20		*/
21
22		#include "Optimizer/zend_optimizer.h"
23		#include "Optimizer/zend_optimizer_internal.h"
24		#include "zend_API.h"
25		#include "zend_constants.h"
26		#include "zend_execute.h"
27		#include "zend_vm.h"
28
29		typedef struct _optimizer_call_info {
30		zend_function *func;
31		zend_op *opline;
32		zend_op *last_check_func_arg_opline;
33		bool is_prototype;
34		bool try_inline;
35		uint32_t func_arg_num;
36		} optimizer_call_info;
37
38		static void zend_delete_call_instructions(const zend_op_array op_array, zend_op opline)
39	472	{
40	472	int call = 0;
41
42	1.01k	while (1) {
43	1.01k	switch (opline->opcode) {
44	6	case ZEND_INIT_FCALL_BY_NAME:
45	6	case ZEND_INIT_NS_FCALL_BY_NAME:
46	46	case ZEND_INIT_STATIC_METHOD_CALL:
47	46	case ZEND_INIT_METHOD_CALL:
48	518	case ZEND_INIT_FCALL:
49	518	case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
50	518	if (call == 0) {
51	472	MAKE_NOP(opline);
52	472	return;
53	472	}
54	46	ZEND_FALLTHROUGH;
55	52	case ZEND_NEW:
56	52	case ZEND_INIT_DYNAMIC_CALL:
57	52	case ZEND_INIT_USER_CALL:
58	52	call--;
59	52	break;
60	36	case ZEND_DO_FCALL:
61	36	case ZEND_DO_ICALL:
62	52	case ZEND_DO_UCALL:
63	52	case ZEND_DO_FCALL_BY_NAME:
64	52	call++;
65	52	break;
66	114	case ZEND_SEND_VAL:
67	168	case ZEND_SEND_VAR:
68	168	if (call == 0) {
69	168	zend_optimizer_convert_to_free_op1(op_array, opline);
70	168	}
71	168	break;
72	1.01k	}
73	538	opline--;
74	538	}
75	472	}
76
77		static void zend_try_inline_call(zend_op_array op_array, const zend_op fcall, zend_op opline, const zend_function func)
78	111k	{
79	111k	const uint32_t no_discard = RETURN_VALUE_USED(opline) ? 0 : ZEND_ACC_NODISCARD;
80
81	111k	if (func->type == ZEND_USER_FUNCTION
82	23.4k	&& !(func->op_array.fn_flags & (ZEND_ACC_ABSTRACT\|ZEND_ACC_HAS_TYPE_HINTS\|ZEND_ACC_DEPRECATED\|no_discard))
83		/* TODO: function copied from trait may be inconsistent ??? */
84	18.2k	&& !(func->op_array.fn_flags & (ZEND_ACC_TRAIT_CLONE))
85	18.2k	&& fcall->extended_value >= func->op_array.required_num_args
86	18.0k	&& func->op_array.opcodes[func->op_array.num_args].opcode == ZEND_RETURN) {
87
88	1.00k	zend_op *ret_opline = func->op_array.opcodes + func->op_array.num_args;
89
90	1.00k	if (ret_opline->op1_type == IS_CONST) {
91	539	uint32_t i, num_args = func->op_array.num_args;
92	539	num_args += (func->op_array.fn_flags & ZEND_ACC_VARIADIC) != 0;
93
94	539	if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
95	36	&& !(func->op_array.fn_flags & ZEND_ACC_STATIC)) {
96		/* Don't inline static call to instance method. */
97	0	return;
98	0	}
99
100	691	for (i = 0; i < num_args; i++) {
101		/* Don't inline functions with by-reference arguments. This would require
102		* correct handling of INDIRECT arguments. */
103	175	if (ZEND_ARG_SEND_MODE(&func->op_array.arg_info[i])) {
104	23	return;
105	23	}
106	175	}
107
108	516	if (fcall->extended_value < func->op_array.num_args) {
109		/* don't inline functions with named constants in default arguments */
110	46	i = fcall->extended_value;
111
112	50	do {
113	50	if (Z_TYPE_P(CRT_CONSTANT_EX(&func->op_array, &func->op_array.opcodes[i], func->op_array.opcodes[i].op2)) == IS_CONSTANT_AST) {
114	44	return;
115	44	}
116	6	i++;
117	6	} while (i < func->op_array.num_args);
118	46	}
119
120	472	if (RETURN_VALUE_USED(opline)) {
121	365	zval zv;
122
123	365	ZVAL_COPY(&zv, CRT_CONSTANT_EX(&func->op_array, ret_opline, ret_opline->op1));
124	365	opline->opcode = ZEND_QM_ASSIGN;
125	365	opline->op1_type = IS_CONST;
126	365	opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
127	365	SET_UNUSED(opline->op2);
128	365	} else {
129	107	MAKE_NOP(opline);
130	107	}
131
132	472	zend_delete_call_instructions(op_array, opline-1);
133	472	}
134	1.00k	}
135	111k	}
136
137		/* arg_num is 1-based here, to match SEND encoding. */
138		static bool has_known_send_mode(const optimizer_call_info *info, uint32_t arg_num)
139	29.1k	{
140	29.1k	if (!info->func) {
141	26.7k	return false;
142	26.7k	}
143
144		/* For prototype functions we should not make assumptions about arguments that are not part of
145		* the signature: And inheriting method can add an optional by-ref argument. */
146	2.43k	return !info->is_prototype
147	503	\|\| arg_num <= info->func->common.num_args
148	9	\|\| (info->func->common.fn_flags & ZEND_ACC_VARIADIC);
149	29.1k	}
150
151		void zend_optimize_func_calls(zend_op_array op_array, zend_optimizer_ctx ctx)
152	94.6k	{
153	94.6k	zend_op *opline = op_array->opcodes;
154	94.6k	const zend_op *end = opline + op_array->last;
155	94.6k	int call = 0;
156	94.6k	void *checkpoint;
157	94.6k	optimizer_call_info *call_stack;
158
159	94.6k	if (op_array->last < 2) {
160	2.56k	return;
161	2.56k	}
162
163	92.0k	checkpoint = zend_arena_checkpoint(ctx->arena);
164	92.0k	call_stack = zend_arena_calloc(&ctx->arena, op_array->last / 2, sizeof(optimizer_call_info));
165	2.45M	while (opline < end) {
166	2.36M	switch (opline->opcode) {
167	7.19k	case ZEND_INIT_FCALL_BY_NAME:
168	9.77k	case ZEND_INIT_NS_FCALL_BY_NAME:
169	16.0k	case ZEND_INIT_STATIC_METHOD_CALL:
170	53.8k	case ZEND_INIT_METHOD_CALL:
171	161k	case ZEND_INIT_FCALL:
172	211k	case ZEND_NEW:
173	211k	case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
174		/* The argument passing optimizations are valid for prototypes as well,
175		* as inheritance cannot change between ref <-> non-ref arguments. */
176	211k	call_stack[call].func = zend_optimizer_get_called_func(
177	211k	ctx->script, op_array, opline, &call_stack[call].is_prototype);
178	211k	call_stack[call].try_inline =
179	211k	!call_stack[call].is_prototype
180	211k	&& opline->opcode != ZEND_NEW
181	161k	&& opline->opcode != ZEND_INIT_PARENT_PROPERTY_HOOK_CALL;
182	211k	ZEND_FALLTHROUGH;
183	216k	case ZEND_INIT_DYNAMIC_CALL:
184	217k	case ZEND_INIT_USER_CALL:
185	217k	call_stack[call].opline = opline;
186	217k	call_stack[call].func_arg_num = (uint32_t)-1;
187	217k	call++;
188	217k	break;
189	206k	case ZEND_DO_FCALL:
190	206k	case ZEND_DO_ICALL:
191	216k	case ZEND_DO_UCALL:
192	216k	case ZEND_DO_FCALL_BY_NAME:
193	217k	case ZEND_CALLABLE_CONVERT:
194	217k	call--;
195	217k	if (call_stack[call].func && call_stack[call].opline) {
196	116k	zend_op *fcall = call_stack[call].opline;
197
198	116k	if (fcall->opcode == ZEND_INIT_FCALL) {
199		/* nothing to do */
200	107k	} else if (fcall->opcode == ZEND_INIT_FCALL_BY_NAME) {
201	1.29k	fcall->opcode = ZEND_INIT_FCALL;
202	1.29k	fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
203	1.29k	literal_dtor(&ZEND_OP2_LITERAL(fcall));
204	1.29k	fcall->op2.constant = fcall->op2.constant + 1;
205	7.62k	} else if (fcall->opcode == ZEND_INIT_NS_FCALL_BY_NAME) {
206	337	fcall->opcode = ZEND_INIT_FCALL;
207	337	fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
208	337	literal_dtor(&op_array->literals[fcall->op2.constant]);
209	337	literal_dtor(&op_array->literals[fcall->op2.constant + 2]);
210	337	fcall->op2.constant = fcall->op2.constant + 1;
211	7.28k	} else if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
212	3.62k	\|\| fcall->opcode == ZEND_INIT_METHOD_CALL
213	3.10k	\|\| fcall->opcode == ZEND_INIT_PARENT_PROPERTY_HOOK_CALL
214	7.28k	\|\| fcall->opcode == ZEND_NEW) {
215		/* We don't have specialized opcodes for this, do nothing */
216	7.28k	} else {
217	0	ZEND_UNREACHABLE();
218	0	}
219
220		/* If the INIT opcode changed the DO opcode can also change to
221		* a more optimized one.
222		*
223		* At this point we also know whether or not the result of
224		* the DO opcode is used, allowing to optimize calls to
225		* ZEND_ACC_NODISCARD functions. */
226	116k	if (opline->opcode != ZEND_CALLABLE_CONVERT) {
227	116k	opline->opcode = zend_get_call_op(fcall, call_stack[call].func, !RESULT_UNUSED(opline));
228	116k	}
229
230	116k	if ((ZEND_OPTIMIZER_PASS_16 & ctx->optimization_level)
231	116k	&& call_stack[call].try_inline
232	111k	&& opline->opcode != ZEND_CALLABLE_CONVERT) {
233	111k	zend_try_inline_call(op_array, fcall, opline, call_stack[call].func);
234	111k	}
235	116k	}
236	217k	call_stack[call].func = NULL;
237	217k	call_stack[call].opline = NULL;
238	217k	call_stack[call].try_inline = false;
239	217k	call_stack[call].func_arg_num = (uint32_t)-1;
240	217k	break;
241	31	case ZEND_FETCH_FUNC_ARG:
242	306	case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
243	642	case ZEND_FETCH_OBJ_FUNC_ARG:
244	1.26k	case ZEND_FETCH_DIM_FUNC_ARG:
245	1.26k	if (call_stack[call - 1].func_arg_num != (uint32_t)-1
246	120	&& has_known_send_mode(&call_stack[call - 1], call_stack[call - 1].func_arg_num)) {
247	120	if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, call_stack[call - 1].func_arg_num)) {
248		/* There's no TMP specialization for FETCH_OBJ_W/FETCH_DIM_W. Avoid
249		* converting it and error at runtime in the FUNC_ARG variant. */
250	34	if ((opline->opcode == ZEND_FETCH_OBJ_FUNC_ARG \|\| opline->opcode == ZEND_FETCH_DIM_FUNC_ARG)
251	34	&& (opline->op1_type == IS_TMP_VAR \|\| call_stack[call - 1].last_check_func_arg_opline == NULL)) {
252		/* Don't remove the associated CHECK_FUNC_ARG opcode. */
253	8	call_stack[call - 1].last_check_func_arg_opline = NULL;
254	8	break;
255	8	}
256	26	if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
257	26	opline->opcode -= 9;
258	26	} else {
259	0	opline->opcode = ZEND_FETCH_STATIC_PROP_W;
260	0	}
261	86	} else {
262	86	if (opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
263	34	&& opline->op2_type == IS_UNUSED) {
264		/* FETCH_DIM_FUNC_ARG supports UNUSED op2, while FETCH_DIM_R does not.
265		* Performing the replacement would create an invalid opcode. */
266	10	call_stack[call - 1].try_inline = false;
267	10	break;
268	10	}
269
270	76	if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
271	76	opline->opcode -= 12;
272	76	} else {
273	0	opline->opcode = ZEND_FETCH_STATIC_PROP_R;
274	0	}
275	76	}
276	120	}
277	1.24k	break;
278	16.2k	case ZEND_SEND_VAL_EX:
279	16.2k	if (opline->op2_type == IS_CONST) {
280	828	call_stack[call - 1].try_inline = false;
281	828	break;
282	828	}
283
284	15.3k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
285	846	if (!ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
286	781	opline->opcode = ZEND_SEND_VAL;
287	781	}
288	846	}
289	15.3k	break;
290	1.15k	case ZEND_CHECK_FUNC_ARG:
291	1.15k	if (opline->op2_type == IS_CONST) {
292	156	call_stack[call - 1].try_inline = false;
293	156	call_stack[call - 1].func_arg_num = (uint32_t)-1;
294	156	break;
295	156	}
296
297	996	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
298	122	call_stack[call - 1].func_arg_num = opline->op2.num;
299	122	call_stack[call - 1].last_check_func_arg_opline = opline;
300	122	}
301	996	break;
302	1.15k	case ZEND_SEND_FUNC_ARG:
303		/* Don't transform SEND_FUNC_ARG if any FETCH opcodes weren't transformed. */
304	1.15k	if (call_stack[call - 1].last_check_func_arg_opline == NULL) {
305	1.03k	if (opline->op2_type == IS_CONST) {
306	156	call_stack[call - 1].try_inline = false;
307	156	}
308	1.03k	break;
309	1.03k	}
310	114	MAKE_NOP(call_stack[call - 1].last_check_func_arg_opline);
311	114	call_stack[call - 1].last_check_func_arg_opline = NULL;
312	114	ZEND_FALLTHROUGH;
313	11.5k	case ZEND_SEND_VAR_EX:
314	11.5k	if (opline->op2_type == IS_CONST) {
315	548	call_stack[call - 1].try_inline = false;
316	548	break;
317	548	}
318
319	11.0k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
320	1.09k	call_stack[call - 1].func_arg_num = (uint32_t)-1;
321	1.09k	if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
322	40	opline->opcode = ZEND_SEND_REF;
323	1.05k	} else {
324	1.05k	opline->opcode = ZEND_SEND_VAR;
325	1.05k	}
326	1.09k	}
327	11.0k	break;
328	1.86k	case ZEND_SEND_VAR_NO_REF_EX:
329	1.86k	if (opline->op2_type == IS_CONST) {
330	224	call_stack[call - 1].try_inline = false;
331	224	break;
332	224	}
333
334	1.64k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
335	242	if (ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
336	178	opline->opcode = ZEND_SEND_VAR_NO_REF;
337	178	} else if (ARG_MAY_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
338	0	opline->opcode = ZEND_SEND_VAL;
339	64	} else {
340	64	opline->opcode = ZEND_SEND_VAR;
341	64	}
342	242	}
343	1.64k	break;
344	109k	case ZEND_SEND_VAL:
345	167k	case ZEND_SEND_VAR:
346	170k	case ZEND_SEND_REF:
347	170k	if (opline->op2_type == IS_CONST) {
348	978	call_stack[call - 1].try_inline = false;
349	978	break;
350	978	}
351	169k	break;
352	169k	case ZEND_SEND_UNPACK:
353	4.18k	case ZEND_SEND_USER:
354	4.70k	case ZEND_SEND_ARRAY:
355	4.70k	call_stack[call - 1].try_inline = false;
356	4.70k	break;
357	1.72M	default:
358	1.72M	break;
359	2.36M	}
360	2.36M	opline++;
361	2.36M	}
362
363	92.0k	zend_arena_release(&ctx->arena, checkpoint);
364	92.0k	}