/src/php-src/Zend/Optimizer/pass3.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend OPcache                                                         |
   +----------------------------------------------------------------------+
   | Copyright © The PHP Group and Contributors.                          |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Andi Gutmans <andi@php.net>                                 |
   |          Zeev Suraski <zeev@php.net>                                 |
   |          Stanislav Malyshev <stas@zend.com>                          |
   |          Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

/* pass 3: (Jump optimization)
 * - optimize series of JMPs
 */

#include "Optimizer/zend_optimizer.h"
#include "Optimizer/zend_optimizer_internal.h"
#include "zend_API.h"
#include "zend_constants.h"
#include "zend_execute.h"
#include "zend_vm.h"

/* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
static zend_always_inline bool in_hitlist(zend_op *target, zend_op **jmp_hitlist, int jmp_hitlist_count)
{
  int i;

  for (i = 0; i < jmp_hitlist_count; i++) {
    if (jmp_hitlist[i] == target) {
      return true;
    }
  }
  return false;
}

#define CHECK_LOOP(target) \
  if (EXPECTED(!in_hitlist(target, jmp_hitlist, jmp_hitlist_count))) { \
    jmp_hitlist[jmp_hitlist_count++] = target;  \
  } else { \
    break; \
  }

void zend_optimizer_pass3(zend_op_array *op_array, zend_optimizer_ctx *ctx)
{
  zend_op *opline;
  zend_op *end;
  zend_op *target;
  zend_op **jmp_hitlist;
  int jmp_hitlist_count;
  ALLOCA_FLAG(use_heap);

  jmp_hitlist = (zend_op**)do_alloca(sizeof(zend_op*)*op_array->last, use_heap);
  opline = op_array->opcodes;
  end =  opline + op_array->last;

  while (opline < end) {

    switch (opline->opcode) {
      case ZEND_JMP:
        jmp_hitlist_count = 0;

        target = ZEND_OP1_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            /* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target);
        }

        if (target == opline + 1) {
          /* convert L: JMP L+1 to NOP */
          MAKE_NOP(opline);
        } else if ((target->opcode == ZEND_RETURN ||
                    target->opcode == ZEND_RETURN_BY_REF ||
                    target->opcode == ZEND_GENERATOR_RETURN) &&
                   !(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
          /* JMP L, L: RETURN to immediate RETURN */
          *opline = *target;
          if (opline->op1_type == IS_CONST) {
            zval zv;
            ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(opline));
            opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
          }
        } else if (opline > op_array->opcodes &&
                   ((opline-1)->opcode == ZEND_JMPZ ||
                    (opline-1)->opcode == ZEND_JMPNZ)) {
            if (ZEND_OP2_JMP_ADDR(opline-1) == target) {
            /* JMPZ(X,L1), JMP(L1) -> NOP, JMP(L1) */
            zend_optimizer_convert_to_free_op1(op_array, opline - 1);
            }
        }
        break;

      case ZEND_JMP_SET:
      case ZEND_COALESCE:
        jmp_hitlist_count = 0;

        target = ZEND_OP2_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
        }
        break;

      case ZEND_JMPZ:
      case ZEND_JMPNZ:
        jmp_hitlist_count = 0;

        target = ZEND_OP2_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            /* plain JMP */
            /* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == opline->opcode &&
                     SAME_VAR(opline->op1, target->op1)) {
            /* same opcode and same var as this opcode */
            /* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
            target = ZEND_OP2_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == INV_COND(opline->opcode) &&
                     SAME_VAR(opline->op1, target->op1)) {
            /* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
               JMPZ(X,L1+1) */
            target = target + 1;
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
        }

        /* convert L: JMPZ L+1 to NOP */
        if (target == opline + 1) {
          zend_optimizer_convert_to_free_op1(op_array, opline);
        }
        break;

      case ZEND_JMPZ_EX:
      case ZEND_JMPNZ_EX:
        jmp_hitlist_count = 0;

        target = ZEND_OP2_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            /* plain JMP */
            /* JMPZ_EX(X,L1), L1: JMP(L2) => JMPZ_EX(X,L2), L1: JMP(L2) */
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == opline->opcode-3 &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
            /* convert T=JMPZ_EX(X,L1), L1: JMPZ(T,L2) to
               JMPZ_EX(X,L2) */
            target = ZEND_OP2_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == opline->opcode &&
                     target->result.var == opline->result.var &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
            /* convert T=JMPZ_EX(X,L1), L1: T=JMPZ_EX(T,L2) to
               JMPZ_EX(X,L2) */
            target = ZEND_OP2_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == INV_EX_COND(opline->opcode) &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
             /* convert T=JMPZ_EX(X,L1), L1: JMPNZ(T,L2) to
              JMPZ_EX(X,L1+1) */
            target = target + 1;
          } else if (target->opcode == INV_EX_COND_EX(opline->opcode) &&
                     target->result.var == opline->result.var &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
             /* convert T=JMPZ_EX(X,L1), L1: T=JMPNZ_EX(T,L2) to
              JMPZ_EX(X,L1+1) */
            target = target + 1;
          } else if (target->opcode == ZEND_BOOL &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
            /* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
               Z = JMPZ_EX(X,L1+1) */

            /* NOTE: This optimization pattern is not safe, but works, */
            /*       because result of JMPZ_EX instruction             */
            /*       is not used on the following path and             */
            /*       should be used once on the branch path.           */
            /*                                                         */
            /*       The pattern works well only if jumps processed in */
            /*       direct order, otherwise it breaks JMPZ_EX         */
            /*       sequences too early.                              */
            opline->result.var = target->result.var;
            target = target + 1;
            CHECK_LOOP(target);
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
        }

        /* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
        if (target == opline + 1) {
          opline->opcode = ZEND_BOOL;
          opline->op2.num = 0;
        }
        break;
    }
    opline++;
  }
  free_alloca(jmp_hitlist, use_heap);
}

Coverage Report

Created: 2026-06-13 07:01

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend OPcache \|
4		+----------------------------------------------------------------------+
5		\| Copyright © The PHP Group and Contributors. \|
6		+----------------------------------------------------------------------+
7		\| This source file is subject to the Modified BSD License that is \|
8		\| bundled with this package in the file LICENSE, and is available \|
9		\| through the World Wide Web at <https://www.php.net/license/>. \|
10		\| \|
11		\| SPDX-License-Identifier: BSD-3-Clause \|
12		+----------------------------------------------------------------------+
13		\| Authors: Andi Gutmans <andi@php.net> \|
14		\| Zeev Suraski <zeev@php.net> \|
15		\| Stanislav Malyshev <stas@zend.com> \|
16		\| Dmitry Stogov <dmitry@php.net> \|
17		+----------------------------------------------------------------------+
18		*/
19
20		/* pass 3: (Jump optimization)
21		* - optimize series of JMPs
22		*/
23
24		#include "Optimizer/zend_optimizer.h"
25		#include "Optimizer/zend_optimizer_internal.h"
26		#include "zend_API.h"
27		#include "zend_constants.h"
28		#include "zend_execute.h"
29		#include "zend_vm.h"
30
31		/* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
32		static zend_always_inline bool in_hitlist(zend_op target, zend_op *jmp_hitlist, int jmp_hitlist_count)
33	34.9k	{
34	34.9k	int i;
35
36	108k	for (i = 0; i < jmp_hitlist_count; i++) {
37	73.9k	if (jmp_hitlist[i] == target) {
38	97	return true;
39	97	}
40	73.9k	}
41	34.8k	return false;
42	34.9k	}
43
44		#define CHECK_LOOP(target) \
45	34.9k	if (EXPECTED(!in_hitlist(target, jmp_hitlist, jmp_hitlist_count))) { \
46	34.8k	jmp_hitlist[jmp_hitlist_count++] = target; \
47	34.8k	} else { \
48	97	break; \
49	97	}
50
51		void zend_optimizer_pass3(zend_op_array op_array, zend_optimizer_ctx ctx)
52	94.6k	{
53	94.6k	zend_op *opline;
54	94.6k	zend_op *end;
55	94.6k	zend_op *target;
56	94.6k	zend_op **jmp_hitlist;
57	94.6k	int jmp_hitlist_count;
58	94.6k	ALLOCA_FLAG(use_heap);
59
60	94.6k	jmp_hitlist = (zend_op*)do_alloca(sizeof(zend_op)*op_array->last, use_heap);
61	94.6k	opline = op_array->opcodes;
62	94.6k	end = opline + op_array->last;
63
64	2.46M	while (opline < end) {
65
66	2.36M	switch (opline->opcode) {
67	62.5k	case ZEND_JMP:
68	62.5k	jmp_hitlist_count = 0;
69
70	62.5k	target = ZEND_OP1_JMP_ADDR(opline);
71	73.5k	while (1) {
72	73.5k	if (target->opcode == ZEND_JMP) {
73		/* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
74	10.7k	target = ZEND_OP1_JMP_ADDR(target);
75	10.7k	CHECK_LOOP(target);
76	62.7k	} else if (target->opcode == ZEND_NOP) {
77	257	target = target + 1;
78	62.5k	} else {
79	62.5k	break;
80	62.5k	}
81	10.9k	ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target);
82	10.9k	}
83
84	62.5k	if (target == opline + 1) {
85		/* convert L: JMP L+1 to NOP */
86	2.55k	MAKE_NOP(opline);
87	60.0k	} else if ((target->opcode == ZEND_RETURN \|\|
88	54.7k	target->opcode == ZEND_RETURN_BY_REF \|\|
89	54.6k	target->opcode == ZEND_GENERATOR_RETURN) &&
90	5.58k	!(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
91		/* JMP L, L: RETURN to immediate RETURN */
92	5.18k	opline = target;
93	5.18k	if (opline->op1_type == IS_CONST) {
94	4.91k	zval zv;
95	4.91k	ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(opline));
96	4.91k	opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
97	4.91k	}
98	54.8k	} else if (opline > op_array->opcodes &&
99	54.6k	((opline-1)->opcode == ZEND_JMPZ \|\|
100	54.3k	(opline-1)->opcode == ZEND_JMPNZ)) {
101	839	if (ZEND_OP2_JMP_ADDR(opline-1) == target) {
102		/* JMPZ(X,L1), JMP(L1) -> NOP, JMP(L1) */
103	65	zend_optimizer_convert_to_free_op1(op_array, opline - 1);
104	65	}
105	839	}
106	62.5k	break;
107
108	1.91k	case ZEND_JMP_SET:
109	6.03k	case ZEND_COALESCE:
110	6.03k	jmp_hitlist_count = 0;
111
112	6.03k	target = ZEND_OP2_JMP_ADDR(opline);
113	6.03k	while (1) {
114	6.03k	if (target->opcode == ZEND_JMP) {
115	0	target = ZEND_OP1_JMP_ADDR(target);
116	0	CHECK_LOOP(target);
117	6.03k	} else if (target->opcode == ZEND_NOP) {
118	0	target = target + 1;
119	6.03k	} else {
120	6.03k	break;
121	6.03k	}
122	0	ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
123	0	}
124	6.03k	break;
125
126	18.0k	case ZEND_JMPZ:
127	27.1k	case ZEND_JMPNZ:
128	27.1k	jmp_hitlist_count = 0;
129
130	27.1k	target = ZEND_OP2_JMP_ADDR(opline);
131	37.4k	while (1) {
132	37.4k	if (target->opcode == ZEND_JMP) {
133		/* plain JMP */
134		/* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
135	10.1k	target = ZEND_OP1_JMP_ADDR(target);
136	10.1k	CHECK_LOOP(target);
137	27.3k	} else if (target->opcode == opline->opcode &&
138	334	SAME_VAR(opline->op1, target->op1)) {
139		/* same opcode and same var as this opcode */
140		/* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
141	134	target = ZEND_OP2_JMP_ADDR(target);
142	134	CHECK_LOOP(target);
143	27.2k	} else if (target->opcode == INV_COND(opline->opcode) &&
144	112	SAME_VAR(opline->op1, target->op1)) {
145		/* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
146		JMPZ(X,L1+1) */
147	0	target = target + 1;
148	27.2k	} else if (target->opcode == ZEND_NOP) {
149	107	target = target + 1;
150	27.1k	} else {
151	27.1k	break;
152	27.1k	}
153	10.2k	ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
154	10.2k	}
155
156		/* convert L: JMPZ L+1 to NOP */
157	27.1k	if (target == opline + 1) {
158	91	zend_optimizer_convert_to_free_op1(op_array, opline);
159	91	}
160	27.1k	break;
161
162	2.99k	case ZEND_JMPZ_EX:
163	6.19k	case ZEND_JMPNZ_EX:
164	6.19k	jmp_hitlist_count = 0;
165
166	6.19k	target = ZEND_OP2_JMP_ADDR(opline);
167	21.3k	while (1) {
168	21.3k	if (target->opcode == ZEND_JMP) {
169		/* plain JMP */
170		/* JMPZ_EX(X,L1), L1: JMP(L2) => JMPZ_EX(X,L2), L1: JMP(L2) */
171	228	target = ZEND_OP1_JMP_ADDR(target);
172	228	CHECK_LOOP(target);
173	21.0k	} else if (target->opcode == opline->opcode-3 &&
174	874	(SAME_VAR(target->op1, opline->result) \|\|
175	864	SAME_VAR(target->op1, opline->op1))) {
176		/* convert T=JMPZ_EX(X,L1), L1: JMPZ(T,L2) to
177		JMPZ_EX(X,L2) */
178	864	target = ZEND_OP2_JMP_ADDR(target);
179	864	CHECK_LOOP(target);
180	20.2k	} else if (target->opcode == opline->opcode &&
181	12.1k	target->result.var == opline->result.var &&
182	12.1k	(SAME_VAR(target->op1, opline->result) \|\|
183	12.1k	SAME_VAR(target->op1, opline->op1))) {
184		/* convert T=JMPZ_EX(X,L1), L1: T=JMPZ_EX(T,L2) to
185		JMPZ_EX(X,L2) */
186	12.1k	target = ZEND_OP2_JMP_ADDR(target);
187	12.1k	CHECK_LOOP(target);
188	12.1k	} else if (target->opcode == INV_EX_COND(opline->opcode) &&
189	389	(SAME_VAR(target->op1, opline->result) \|\|
190	389	SAME_VAR(target->op1, opline->op1))) {
191		/* convert T=JMPZ_EX(X,L1), L1: JMPNZ(T,L2) to
192		JMPZ_EX(X,L1+1) */
193	389	target = target + 1;
194	7.70k	} else if (target->opcode == INV_EX_COND_EX(opline->opcode) &&
195	788	target->result.var == opline->result.var &&
196	788	(SAME_VAR(target->op1, opline->result) \|\|
197	788	SAME_VAR(target->op1, opline->op1))) {
198		/* convert T=JMPZ_EX(X,L1), L1: T=JMPNZ_EX(T,L2) to
199		JMPZ_EX(X,L1+1) */
200	788	target = target + 1;
201	6.91k	} else if (target->opcode == ZEND_BOOL &&
202	1.12k	(SAME_VAR(target->op1, opline->result) \|\|
203	715	SAME_VAR(target->op1, opline->op1))) {
204		/* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
205		Z = JMPZ_EX(X,L1+1) */
206
207		/* NOTE: This optimization pattern is not safe, but works, */
208		/* because result of JMPZ_EX instruction */
209		/* is not used on the following path and */
210		/* should be used once on the branch path. */
211		/* */
212		/* The pattern works well only if jumps processed in */
213		/* direct order, otherwise it breaks JMPZ_EX */
214		/* sequences too early. */
215	715	opline->result.var = target->result.var;
216	715	target = target + 1;
217	715	CHECK_LOOP(target);
218	6.19k	} else if (target->opcode == ZEND_NOP) {
219	4	target = target + 1;
220	6.19k	} else {
221	6.19k	break;
222	6.19k	}
223	15.1k	ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
224	15.1k	}
225
226		/* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
227	6.19k	if (target == opline + 1) {
228	0	opline->opcode = ZEND_BOOL;
229	0	opline->op2.num = 0;
230	0	}
231	6.19k	break;
232	2.36M	}
233	2.36M	opline++;
234	2.36M	}
235	94.6k	free_alloca(jmp_hitlist, use_heap);
236	94.6k	}