1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "php.h"
20 #include "Optimizer/zend_optimizer.h"
21 #include "Optimizer/zend_optimizer_internal.h"
22 #include "zend_API.h"
23 #include "zend_constants.h"
24 #include "zend_execute.h"
25 #include "zend_vm.h"
26 #include "zend_bitset.h"
27 #include "zend_cfg.h"
28 #include "zend_ssa.h"
29 #include "zend_func_info.h"
30 #include "zend_call_graph.h"
31 #include "zend_inference.h"
32 #include "zend_dump.h"
33
34 #ifndef ZEND_DEBUG_DFA
35 # define ZEND_DEBUG_DFA ZEND_DEBUG
36 #endif
37
38 #if ZEND_DEBUG_DFA
39 # include "ssa_integrity.c"
40 #endif
41
zend_dfa_analyze_op_array(zend_op_array * op_array,zend_optimizer_ctx * ctx,zend_ssa * ssa)42 int zend_dfa_analyze_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx, zend_ssa *ssa)
43 {
44 uint32_t build_flags;
45
46 if (op_array->last_try_catch) {
47 /* TODO: we can't analyze functions with try/catch/finally ??? */
48 return FAILURE;
49 }
50
51 /* Build SSA */
52 memset(ssa, 0, sizeof(zend_ssa));
53
54 if (zend_build_cfg(&ctx->arena, op_array, ZEND_CFG_NO_ENTRY_PREDECESSORS, &ssa->cfg) != SUCCESS) {
55 return FAILURE;
56 }
57
58 if ((ssa->cfg.flags & ZEND_FUNC_INDIRECT_VAR_ACCESS)) {
59 /* TODO: we can't analyze functions with indirect variable access ??? */
60 return FAILURE;
61 }
62
63 if (zend_cfg_build_predecessors(&ctx->arena, &ssa->cfg) != SUCCESS) {
64 return FAILURE;
65 }
66
67 if (ctx->debug_level & ZEND_DUMP_DFA_CFG) {
68 zend_dump_op_array(op_array, ZEND_DUMP_CFG, "dfa cfg", &ssa->cfg);
69 }
70
71 /* Compute Dominators Tree */
72 if (zend_cfg_compute_dominators_tree(op_array, &ssa->cfg) != SUCCESS) {
73 return FAILURE;
74 }
75
76 /* Identify reducible and irreducible loops */
77 if (zend_cfg_identify_loops(op_array, &ssa->cfg) != SUCCESS) {
78 return FAILURE;
79 }
80
81 if (ctx->debug_level & ZEND_DUMP_DFA_DOMINATORS) {
82 zend_dump_dominators(op_array, &ssa->cfg);
83 }
84
85 build_flags = 0;
86 if (ctx->debug_level & ZEND_DUMP_DFA_LIVENESS) {
87 build_flags |= ZEND_SSA_DEBUG_LIVENESS;
88 }
89 if (ctx->debug_level & ZEND_DUMP_DFA_PHI) {
90 build_flags |= ZEND_SSA_DEBUG_PHI_PLACEMENT;
91 }
92 if (zend_build_ssa(&ctx->arena, ctx->script, op_array, build_flags, ssa) != SUCCESS) {
93 return FAILURE;
94 }
95
96 if (ctx->debug_level & ZEND_DUMP_DFA_SSA) {
97 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "dfa ssa", ssa);
98 }
99
100
101 if (zend_ssa_compute_use_def_chains(&ctx->arena, op_array, ssa) != SUCCESS){
102 return FAILURE;
103 }
104
105 if (zend_ssa_find_false_dependencies(op_array, ssa) != SUCCESS) {
106 return FAILURE;
107 }
108
109 if (zend_ssa_find_sccs(op_array, ssa) != SUCCESS){
110 return FAILURE;
111 }
112
113 if (zend_ssa_inference(&ctx->arena, op_array, ctx->script, ssa, ctx->optimization_level) != SUCCESS) {
114 return FAILURE;
115 }
116
117 if (zend_ssa_escape_analysis(ctx->script, op_array, ssa) != SUCCESS) {
118 return FAILURE;
119 }
120
121 if (ctx->debug_level & ZEND_DUMP_DFA_SSA_VARS) {
122 zend_dump_ssa_variables(op_array, ssa, 0);
123 }
124
125 return SUCCESS;
126 }
127
zend_ssa_remove_nops(zend_op_array * op_array,zend_ssa * ssa,zend_optimizer_ctx * ctx)128 static void zend_ssa_remove_nops(zend_op_array *op_array, zend_ssa *ssa, zend_optimizer_ctx *ctx)
129 {
130 zend_basic_block *blocks = ssa->cfg.blocks;
131 zend_basic_block *blocks_end = blocks + ssa->cfg.blocks_count;
132 zend_basic_block *b;
133 zend_func_info *func_info;
134 int j;
135 uint32_t i = 0;
136 uint32_t target = 0;
137 uint32_t *shiftlist;
138 ALLOCA_FLAG(use_heap);
139
140 shiftlist = (uint32_t *)do_alloca(sizeof(uint32_t) * op_array->last, use_heap);
141 memset(shiftlist, 0, sizeof(uint32_t) * op_array->last);
142 /* remove empty callee_info */
143 func_info = ZEND_FUNC_INFO(op_array);
144 if (func_info) {
145 zend_call_info **call_info = &func_info->callee_info;
146 while ((*call_info)) {
147 if ((*call_info)->caller_init_opline->opcode == ZEND_NOP) {
148 *call_info = (*call_info)->next_callee;
149 } else {
150 call_info = &(*call_info)->next_callee;
151 }
152 }
153 }
154
155 for (b = blocks; b < blocks_end; b++) {
156 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
157 if (b->len) {
158 uint32_t new_start, old_end;
159 while (i < b->start) {
160 shiftlist[i] = i - target;
161 i++;
162 }
163
164 if (b->flags & ZEND_BB_UNREACHABLE_FREE) {
165 /* Only keep the FREE for the loop var */
166 ZEND_ASSERT(op_array->opcodes[b->start].opcode == ZEND_FREE
167 || op_array->opcodes[b->start].opcode == ZEND_FE_FREE);
168 b->len = 1;
169 }
170
171 new_start = target;
172 old_end = b->start + b->len;
173 while (i < old_end) {
174 shiftlist[i] = i - target;
175 if (EXPECTED(op_array->opcodes[i].opcode != ZEND_NOP)) {
176 if (i != target) {
177 op_array->opcodes[target] = op_array->opcodes[i];
178 ssa->ops[target] = ssa->ops[i];
179 ssa->cfg.map[target] = b - blocks;
180 }
181 target++;
182 }
183 i++;
184 }
185 b->start = new_start;
186 if (target != old_end) {
187 zend_op *opline;
188 zend_op *new_opline;
189
190 b->len = target - b->start;
191 opline = op_array->opcodes + old_end - 1;
192 if (opline->opcode == ZEND_NOP) {
193 continue;
194 }
195
196 new_opline = op_array->opcodes + target - 1;
197 zend_optimizer_migrate_jump(op_array, new_opline, opline);
198 }
199 } else {
200 b->start = target;
201 }
202 } else {
203 b->start = target;
204 b->len = 0;
205 }
206 }
207
208 if (target != op_array->last) {
209 /* reset rest opcodes */
210 for (i = target; i < op_array->last; i++) {
211 MAKE_NOP(op_array->opcodes + i);
212 }
213
214 /* update SSA variables */
215 for (j = 0; j < ssa->vars_count; j++) {
216 if (ssa->vars[j].definition >= 0) {
217 ssa->vars[j].definition -= shiftlist[ssa->vars[j].definition];
218 }
219 if (ssa->vars[j].use_chain >= 0) {
220 ssa->vars[j].use_chain -= shiftlist[ssa->vars[j].use_chain];
221 }
222 }
223 for (i = 0; i < op_array->last; i++) {
224 if (ssa->ops[i].op1_use_chain >= 0) {
225 ssa->ops[i].op1_use_chain -= shiftlist[ssa->ops[i].op1_use_chain];
226 }
227 if (ssa->ops[i].op2_use_chain >= 0) {
228 ssa->ops[i].op2_use_chain -= shiftlist[ssa->ops[i].op2_use_chain];
229 }
230 if (ssa->ops[i].res_use_chain >= 0) {
231 ssa->ops[i].res_use_chain -= shiftlist[ssa->ops[i].res_use_chain];
232 }
233 }
234
235 /* update branch targets */
236 for (b = blocks; b < blocks_end; b++) {
237 if ((b->flags & ZEND_BB_REACHABLE) && b->len != 0) {
238 zend_op *opline = op_array->opcodes + b->start + b->len - 1;
239 zend_optimizer_shift_jump(op_array, opline, shiftlist);
240 }
241 }
242
243 /* update try/catch array */
244 for (j = 0; j < op_array->last_try_catch; j++) {
245 op_array->try_catch_array[j].try_op -= shiftlist[op_array->try_catch_array[j].try_op];
246 op_array->try_catch_array[j].catch_op -= shiftlist[op_array->try_catch_array[j].catch_op];
247 if (op_array->try_catch_array[j].finally_op) {
248 op_array->try_catch_array[j].finally_op -= shiftlist[op_array->try_catch_array[j].finally_op];
249 op_array->try_catch_array[j].finally_end -= shiftlist[op_array->try_catch_array[j].finally_end];
250 }
251 }
252
253 /* update early binding list */
254 if (op_array->fn_flags & ZEND_ACC_EARLY_BINDING) {
255 uint32_t *opline_num = &ctx->script->first_early_binding_opline;
256
257 ZEND_ASSERT(op_array == &ctx->script->main_op_array);
258 do {
259 *opline_num -= shiftlist[*opline_num];
260 opline_num = &op_array->opcodes[*opline_num].result.opline_num;
261 } while (*opline_num != (uint32_t)-1);
262 }
263
264 /* update call graph */
265 if (func_info) {
266 zend_call_info *call_info = func_info->callee_info;
267 while (call_info) {
268 call_info->caller_init_opline -=
269 shiftlist[call_info->caller_init_opline - op_array->opcodes];
270 if (call_info->caller_call_opline) {
271 call_info->caller_call_opline -=
272 shiftlist[call_info->caller_call_opline - op_array->opcodes];
273 }
274 call_info = call_info->next_callee;
275 }
276 }
277
278 op_array->last = target;
279 }
280 free_alloca(shiftlist, use_heap);
281 }
282
safe_instanceof(zend_class_entry * ce1,zend_class_entry * ce2)283 static zend_bool safe_instanceof(zend_class_entry *ce1, zend_class_entry *ce2) {
284 if (ce1 == ce2) {
285 return 1;
286 }
287 if (!(ce1->ce_flags & ZEND_ACC_LINKED)) {
288 /* This case could be generalized, similarly to unlinked_instanceof */
289 return 0;
290 }
291 return instanceof_function(ce1, ce2);
292 }
293
can_elide_return_type_check(zend_op_array * op_array,zend_ssa * ssa,zend_ssa_op * ssa_op)294 static inline zend_bool can_elide_return_type_check(
295 zend_op_array *op_array, zend_ssa *ssa, zend_ssa_op *ssa_op) {
296 zend_arg_info *info = &op_array->arg_info[-1];
297 zend_ssa_var_info *use_info = &ssa->var_info[ssa_op->op1_use];
298 zend_ssa_var_info *def_info = &ssa->var_info[ssa_op->op1_def];
299
300 /* TODO: It would be better to rewrite this without using def_info,
301 * which may not be an exact representation of the type. */
302 if (use_info->type & MAY_BE_REF) {
303 return 0;
304 }
305
306 /* A type is possible that is not in the allowed types */
307 if ((use_info->type & (MAY_BE_ANY|MAY_BE_UNDEF)) & ~(def_info->type & MAY_BE_ANY)) {
308 return 0;
309 }
310
311 /* These types are not represented exactly */
312 if (ZEND_TYPE_FULL_MASK(info->type) & (MAY_BE_CALLABLE|MAY_BE_ITERABLE|MAY_BE_STATIC)) {
313 return 0;
314 }
315
316 if (ZEND_TYPE_HAS_CLASS(info->type)) {
317 if (!use_info->ce || !def_info->ce || !safe_instanceof(use_info->ce, def_info->ce)) {
318 return 0;
319 }
320 }
321
322 return 1;
323 }
324
opline_supports_assign_contraction(zend_op_array * op_array,zend_ssa * ssa,zend_op * opline,int src_var,uint32_t cv_var)325 static zend_bool opline_supports_assign_contraction(
326 zend_op_array *op_array, zend_ssa *ssa, zend_op *opline, int src_var, uint32_t cv_var) {
327 if (opline->opcode == ZEND_NEW) {
328 /* see Zend/tests/generators/aborted_yield_during_new.phpt */
329 return 0;
330 }
331
332 if (opline->opcode == ZEND_DO_ICALL || opline->opcode == ZEND_DO_UCALL
333 || opline->opcode == ZEND_DO_FCALL || opline->opcode == ZEND_DO_FCALL_BY_NAME) {
334 /* Function calls may dtor the return value after it has already been written -- allow
335 * direct assignment only for types where a double-dtor does not matter. */
336 uint32_t type = ssa->var_info[src_var].type;
337 uint32_t simple = MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE;
338 return !((type & MAY_BE_ANY) & ~simple);
339 }
340
341 if (opline->opcode == ZEND_POST_INC || opline->opcode == ZEND_POST_DEC) {
342 /* POST_INC/DEC write the result variable before performing the inc/dec. For $i = $i++
343 * eliding the temporary variable would thus yield an incorrect result. */
344 return opline->op1_type != IS_CV || opline->op1.var != cv_var;
345 }
346
347 if (opline->opcode == ZEND_INIT_ARRAY) {
348 /* INIT_ARRAY initializes the result array before reading key/value. */
349 return (opline->op1_type != IS_CV || opline->op1.var != cv_var)
350 && (opline->op2_type != IS_CV || opline->op2.var != cv_var);
351 }
352
353 if (opline->opcode == ZEND_CAST
354 && (opline->extended_value == IS_ARRAY || opline->extended_value == IS_OBJECT)) {
355 /* CAST to array/object may initialize the result to an empty array/object before
356 * reading the expression. */
357 return opline->op1_type != IS_CV || opline->op1.var != cv_var;
358 }
359
360 if (opline->opcode == ZEND_ASSIGN_OP
361 && opline->op1_type == IS_CV
362 && opline->op1.var == cv_var
363 && zend_may_throw(opline, &ssa->ops[ssa->vars[src_var].definition], op_array, ssa)) {
364 return 0;
365 }
366
367 return 1;
368 }
369
variable_defined_or_used_in_range(zend_ssa * ssa,int var,int start,int end)370 static bool variable_defined_or_used_in_range(zend_ssa *ssa, int var, int start, int end)
371 {
372 while (start < end) {
373 const zend_ssa_op *ssa_op = &ssa->ops[start];
374 if ((ssa_op->op1_def >= 0 && ssa->vars[ssa_op->op1_def].var == var) ||
375 (ssa_op->op2_def >= 0 && ssa->vars[ssa_op->op2_def].var == var) ||
376 (ssa_op->result_def >= 0 && ssa->vars[ssa_op->result_def].var == var) ||
377 (ssa_op->op1_use >= 0 && ssa->vars[ssa_op->op1_use].var == var) ||
378 (ssa_op->op2_use >= 0 && ssa->vars[ssa_op->op2_use].var == var) ||
379 (ssa_op->result_use >= 0 && ssa->vars[ssa_op->result_use].var == var)
380 ) {
381 return 1;
382 }
383 start++;
384 }
385 return 0;
386 }
387
zend_dfa_optimize_calls(zend_op_array * op_array,zend_ssa * ssa)388 int zend_dfa_optimize_calls(zend_op_array *op_array, zend_ssa *ssa)
389 {
390 zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
391 int removed_ops = 0;
392
393 if (func_info->callee_info) {
394 zend_call_info *call_info = func_info->callee_info;
395
396 do {
397 if (call_info->caller_call_opline
398 && call_info->caller_call_opline->opcode == ZEND_DO_ICALL
399 && call_info->callee_func
400 && zend_string_equals_literal(call_info->callee_func->common.function_name, "in_array")
401 && (call_info->caller_init_opline->extended_value == 2
402 || (call_info->caller_init_opline->extended_value == 3
403 && (call_info->caller_call_opline - 1)->opcode == ZEND_SEND_VAL
404 && (call_info->caller_call_opline - 1)->op1_type == IS_CONST))) {
405
406 zend_op *send_array;
407 zend_op *send_needly;
408 zend_bool strict = 0;
409
410 if (call_info->caller_init_opline->extended_value == 2) {
411 send_array = call_info->caller_call_opline - 1;
412 send_needly = call_info->caller_call_opline - 2;
413 } else {
414 if (zend_is_true(CT_CONSTANT_EX(op_array, (call_info->caller_call_opline - 1)->op1.constant))) {
415 strict = 1;
416 }
417 send_array = call_info->caller_call_opline - 2;
418 send_needly = call_info->caller_call_opline - 3;
419 }
420
421 if (send_array->opcode == ZEND_SEND_VAL
422 && send_array->op1_type == IS_CONST
423 && Z_TYPE_P(CT_CONSTANT_EX(op_array, send_array->op1.constant)) == IS_ARRAY
424 && (send_needly->opcode == ZEND_SEND_VAL
425 || send_needly->opcode == ZEND_SEND_VAR)
426 ) {
427 int ok = 1;
428
429 HashTable *src = Z_ARRVAL_P(CT_CONSTANT_EX(op_array, send_array->op1.constant));
430 HashTable *dst;
431 zval *val, tmp;
432 zend_ulong idx;
433
434 ZVAL_TRUE(&tmp);
435 dst = zend_new_array(zend_hash_num_elements(src));
436 if (strict) {
437 ZEND_HASH_FOREACH_VAL(src, val) {
438 if (Z_TYPE_P(val) == IS_STRING) {
439 zend_hash_add(dst, Z_STR_P(val), &tmp);
440 } else if (Z_TYPE_P(val) == IS_LONG) {
441 zend_hash_index_add(dst, Z_LVAL_P(val), &tmp);
442 } else {
443 zend_array_destroy(dst);
444 ok = 0;
445 break;
446 }
447 } ZEND_HASH_FOREACH_END();
448 } else {
449 ZEND_HASH_FOREACH_VAL(src, val) {
450 if (Z_TYPE_P(val) != IS_STRING || ZEND_HANDLE_NUMERIC(Z_STR_P(val), idx)) {
451 zend_array_destroy(dst);
452 ok = 0;
453 break;
454 }
455 zend_hash_add(dst, Z_STR_P(val), &tmp);
456 } ZEND_HASH_FOREACH_END();
457 }
458
459 if (ok) {
460 uint32_t op_num = send_needly - op_array->opcodes;
461 zend_ssa_op *ssa_op = ssa->ops + op_num;
462
463 if (ssa_op->op1_use >= 0) {
464 /* Reconstruct SSA */
465 int var_num = ssa_op->op1_use;
466 zend_ssa_var *var = ssa->vars + var_num;
467
468 ZEND_ASSERT(ssa_op->op1_def < 0);
469 zend_ssa_unlink_use_chain(ssa, op_num, ssa_op->op1_use);
470 ssa_op->op1_use = -1;
471 ssa_op->op1_use_chain = -1;
472 op_num = call_info->caller_call_opline - op_array->opcodes;
473 ssa_op = ssa->ops + op_num;
474 ssa_op->op1_use = var_num;
475 ssa_op->op1_use_chain = var->use_chain;
476 var->use_chain = op_num;
477 }
478
479 ZVAL_ARR(&tmp, dst);
480
481 /* Update opcode */
482 call_info->caller_call_opline->opcode = ZEND_IN_ARRAY;
483 call_info->caller_call_opline->extended_value = strict;
484 call_info->caller_call_opline->op1_type = send_needly->op1_type;
485 call_info->caller_call_opline->op1.num = send_needly->op1.num;
486 call_info->caller_call_opline->op2_type = IS_CONST;
487 call_info->caller_call_opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
488 if (call_info->caller_init_opline->extended_value == 3) {
489 MAKE_NOP(call_info->caller_call_opline - 1);
490 }
491 MAKE_NOP(call_info->caller_init_opline);
492 MAKE_NOP(send_needly);
493 MAKE_NOP(send_array);
494 removed_ops++;
495
496 op_num = call_info->caller_call_opline - op_array->opcodes;
497 ssa_op = ssa->ops + op_num;
498 if (ssa_op->result_def >= 0) {
499 int var = ssa_op->result_def;
500 int use = ssa->vars[var].use_chain;
501
502 /* If the result is used only in a JMPZ/JMPNZ, replace result type with
503 * IS_TMP_VAR, which will enable use of smart branches. Don't do this
504 * in other cases, as not all opcodes support both VAR and TMP. */
505 if (ssa->vars[var].phi_use_chain == NULL
506 && ssa->ops[use].op1_use == var
507 && ssa->ops[use].op1_use_chain == -1
508 && (op_array->opcodes[use].opcode == ZEND_JMPZ
509 || op_array->opcodes[use].opcode == ZEND_JMPNZ)) {
510 call_info->caller_call_opline->result_type = IS_TMP_VAR;
511 op_array->opcodes[use].op1_type = IS_TMP_VAR;
512 }
513 }
514 }
515 }
516 }
517 call_info = call_info->next_callee;
518 } while (call_info);
519 }
520
521 return removed_ops;
522 }
523
take_successor_0(zend_ssa * ssa,int block_num,zend_basic_block * block)524 static zend_always_inline void take_successor_0(zend_ssa *ssa, int block_num, zend_basic_block *block)
525 {
526 if (block->successors_count == 2) {
527 if (block->successors[1] != block->successors[0]) {
528 zend_ssa_remove_predecessor(ssa, block_num, block->successors[1]);
529 }
530 block->successors_count = 1;
531 }
532 }
533
take_successor_1(zend_ssa * ssa,int block_num,zend_basic_block * block)534 static zend_always_inline void take_successor_1(zend_ssa *ssa, int block_num, zend_basic_block *block)
535 {
536 if (block->successors_count == 2) {
537 if (block->successors[1] != block->successors[0]) {
538 zend_ssa_remove_predecessor(ssa, block_num, block->successors[0]);
539 block->successors[0] = block->successors[1];
540 }
541 block->successors_count = 1;
542 }
543 }
544
take_successor_ex(zend_ssa * ssa,int block_num,zend_basic_block * block,int target_block)545 static zend_always_inline void take_successor_ex(zend_ssa *ssa, int block_num, zend_basic_block *block, int target_block)
546 {
547 int i;
548
549 for (i = 0; i < block->successors_count; i++) {
550 if (block->successors[i] != target_block) {
551 zend_ssa_remove_predecessor(ssa, block_num, block->successors[i]);
552 }
553 }
554 block->successors[0] = target_block;
555 block->successors_count = 1;
556 }
557
compress_block(zend_op_array * op_array,zend_basic_block * block)558 static void compress_block(zend_op_array *op_array, zend_basic_block *block)
559 {
560 while (block->len > 0) {
561 zend_op *opline = &op_array->opcodes[block->start + block->len - 1];
562
563 if (opline->opcode == ZEND_NOP) {
564 block->len--;
565 } else {
566 break;
567 }
568 }
569 }
570
replace_predecessor(zend_ssa * ssa,int block_id,int old_pred,int new_pred)571 static void replace_predecessor(zend_ssa *ssa, int block_id, int old_pred, int new_pred) {
572 zend_basic_block *block = &ssa->cfg.blocks[block_id];
573 int *predecessors = &ssa->cfg.predecessors[block->predecessor_offset];
574 zend_ssa_phi *phi;
575
576 int i;
577 int old_pred_idx = -1;
578 int new_pred_idx = -1;
579 for (i = 0; i < block->predecessors_count; i++) {
580 if (predecessors[i] == old_pred) {
581 old_pred_idx = i;
582 }
583 if (predecessors[i] == new_pred) {
584 new_pred_idx = i;
585 }
586 }
587
588 ZEND_ASSERT(old_pred_idx != -1);
589 if (new_pred_idx == -1) {
590 /* If the new predecessor doesn't exist yet, simply rewire the old one */
591 predecessors[old_pred_idx] = new_pred;
592 } else {
593 /* Otherwise, rewiring the old predecessor would make the new predecessor appear
594 * twice, which violates our CFG invariants. Remove the old predecessor instead. */
595 memmove(
596 predecessors + old_pred_idx,
597 predecessors + old_pred_idx + 1,
598 sizeof(int) * (block->predecessors_count - old_pred_idx - 1)
599 );
600
601 /* Also remove the corresponding phi node entries */
602 for (phi = ssa->blocks[block_id].phis; phi; phi = phi->next) {
603 if (phi->pi >= 0) {
604 if (phi->pi == old_pred || phi->pi == new_pred) {
605 zend_ssa_rename_var_uses(
606 ssa, phi->ssa_var, phi->sources[0], /* update_types */ 0);
607 zend_ssa_remove_phi(ssa, phi);
608 }
609 } else {
610 memmove(
611 phi->sources + old_pred_idx,
612 phi->sources + old_pred_idx + 1,
613 sizeof(int) * (block->predecessors_count - old_pred_idx - 1)
614 );
615 }
616 }
617
618 block->predecessors_count--;
619 }
620 }
621
zend_ssa_replace_control_link(zend_op_array * op_array,zend_ssa * ssa,int from,int to,int new_to)622 static void zend_ssa_replace_control_link(zend_op_array *op_array, zend_ssa *ssa, int from, int to, int new_to)
623 {
624 zend_basic_block *src = &ssa->cfg.blocks[from];
625 zend_basic_block *old = &ssa->cfg.blocks[to];
626 zend_basic_block *dst = &ssa->cfg.blocks[new_to];
627 int i;
628 zend_op *opline;
629
630 for (i = 0; i < src->successors_count; i++) {
631 if (src->successors[i] == to) {
632 src->successors[i] = new_to;
633 }
634 }
635
636 if (src->len > 0) {
637 opline = op_array->opcodes + src->start + src->len - 1;
638 switch (opline->opcode) {
639 case ZEND_JMP:
640 case ZEND_FAST_CALL:
641 ZEND_ASSERT(ZEND_OP1_JMP_ADDR(opline) == op_array->opcodes + old->start);
642 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, op_array->opcodes + dst->start);
643 break;
644 case ZEND_JMPZNZ:
645 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) == old->start) {
646 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
647 }
648 /* break missing intentionally */
649 case ZEND_JMPZ:
650 case ZEND_JMPNZ:
651 case ZEND_JMPZ_EX:
652 case ZEND_JMPNZ_EX:
653 case ZEND_FE_RESET_R:
654 case ZEND_FE_RESET_RW:
655 case ZEND_JMP_SET:
656 case ZEND_COALESCE:
657 case ZEND_ASSERT_CHECK:
658 case ZEND_JMP_NULL:
659 if (ZEND_OP2_JMP_ADDR(opline) == op_array->opcodes + old->start) {
660 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, op_array->opcodes + dst->start);
661 }
662 break;
663 case ZEND_CATCH:
664 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
665 if (ZEND_OP2_JMP_ADDR(opline) == op_array->opcodes + old->start) {
666 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, op_array->opcodes + dst->start);
667 }
668 }
669 break;
670 case ZEND_FE_FETCH_R:
671 case ZEND_FE_FETCH_RW:
672 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) == old->start) {
673 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
674 }
675 break;
676 case ZEND_SWITCH_LONG:
677 case ZEND_SWITCH_STRING:
678 case ZEND_MATCH:
679 {
680 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
681 zval *zv;
682 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
683 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)) == old->start) {
684 Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
685 }
686 } ZEND_HASH_FOREACH_END();
687 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) == old->start) {
688 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
689 }
690 break;
691 }
692 }
693 }
694
695 replace_predecessor(ssa, new_to, to, from);
696 }
697
zend_ssa_unlink_block(zend_op_array * op_array,zend_ssa * ssa,zend_basic_block * block,int block_num)698 static void zend_ssa_unlink_block(zend_op_array *op_array, zend_ssa *ssa, zend_basic_block *block, int block_num)
699 {
700 if (block->predecessors_count == 1 && ssa->blocks[block_num].phis == NULL) {
701 int *predecessors, i;
702
703 ZEND_ASSERT(block->successors_count == 1);
704 predecessors = &ssa->cfg.predecessors[block->predecessor_offset];
705 for (i = 0; i < block->predecessors_count; i++) {
706 zend_ssa_replace_control_link(op_array, ssa, predecessors[i], block_num, block->successors[0]);
707 }
708 zend_ssa_remove_block(op_array, ssa, block_num);
709 }
710 }
711
zend_dfa_optimize_jmps(zend_op_array * op_array,zend_ssa * ssa)712 static int zend_dfa_optimize_jmps(zend_op_array *op_array, zend_ssa *ssa)
713 {
714 int removed_ops = 0;
715 int block_num = 0;
716
717 for (block_num = 1; block_num < ssa->cfg.blocks_count; block_num++) {
718 zend_basic_block *block = &ssa->cfg.blocks[block_num];
719
720 if (!(block->flags & ZEND_BB_REACHABLE)) {
721 continue;
722 }
723 compress_block(op_array, block);
724 if (block->len == 0) {
725 zend_ssa_unlink_block(op_array, ssa, block, block_num);
726 }
727 }
728
729 block_num = 0;
730 while (block_num < ssa->cfg.blocks_count
731 && !(ssa->cfg.blocks[block_num].flags & ZEND_BB_REACHABLE)) {
732 block_num++;
733 }
734 while (block_num < ssa->cfg.blocks_count) {
735 int next_block_num = block_num + 1;
736 zend_basic_block *block = &ssa->cfg.blocks[block_num];
737 uint32_t op_num;
738 zend_op *opline;
739 zend_ssa_op *ssa_op;
740 zend_bool can_follow = 1;
741
742 while (next_block_num < ssa->cfg.blocks_count
743 && !(ssa->cfg.blocks[next_block_num].flags & ZEND_BB_REACHABLE)) {
744 if (ssa->cfg.blocks[next_block_num].flags & ZEND_BB_UNREACHABLE_FREE) {
745 can_follow = 0;
746 }
747 next_block_num++;
748 }
749
750 if (block->len) {
751 op_num = block->start + block->len - 1;
752 opline = op_array->opcodes + op_num;
753 ssa_op = ssa->ops + op_num;
754
755 switch (opline->opcode) {
756 case ZEND_JMP:
757 optimize_jmp:
758 if (block->successors[0] == next_block_num && can_follow) {
759 MAKE_NOP(opline);
760 removed_ops++;
761 goto optimize_nop;
762 }
763 break;
764 case ZEND_JMPZ:
765 optimize_jmpz:
766 if (opline->op1_type == IS_CONST) {
767 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
768 MAKE_NOP(opline);
769 removed_ops++;
770 take_successor_1(ssa, block_num, block);
771 goto optimize_nop;
772 } else {
773 opline->opcode = ZEND_JMP;
774 COPY_NODE(opline->op1, opline->op2);
775 take_successor_0(ssa, block_num, block);
776 goto optimize_jmp;
777 }
778 } else {
779 if (block->successors[0] == next_block_num && can_follow) {
780 take_successor_0(ssa, block_num, block);
781 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
782 opline->opcode = ZEND_CHECK_VAR;
783 opline->op2.num = 0;
784 } else if (opline->op1_type == IS_CV || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
785 zend_ssa_remove_instr(ssa, opline, ssa_op);
786 removed_ops++;
787 goto optimize_nop;
788 } else {
789 opline->opcode = ZEND_FREE;
790 opline->op2.num = 0;
791 }
792 }
793 }
794 break;
795 case ZEND_JMPNZ:
796 optimize_jmpnz:
797 if (opline->op1_type == IS_CONST) {
798 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
799 opline->opcode = ZEND_JMP;
800 COPY_NODE(opline->op1, opline->op2);
801 take_successor_0(ssa, block_num, block);
802 goto optimize_jmp;
803 } else {
804 MAKE_NOP(opline);
805 removed_ops++;
806 take_successor_1(ssa, block_num, block);
807 goto optimize_nop;
808 }
809 } else if (block->successors_count == 2) {
810 if (block->successors[0] == next_block_num && can_follow) {
811 take_successor_0(ssa, block_num, block);
812 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
813 opline->opcode = ZEND_CHECK_VAR;
814 opline->op2.num = 0;
815 } else if (opline->op1_type == IS_CV || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
816 zend_ssa_remove_instr(ssa, opline, ssa_op);
817 removed_ops++;
818 goto optimize_nop;
819 } else {
820 opline->opcode = ZEND_FREE;
821 opline->op2.num = 0;
822 }
823 }
824 }
825 break;
826 case ZEND_JMPZNZ:
827 if (opline->op1_type == IS_CONST) {
828 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
829 zend_op *target_opline = ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value);
830 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
831 take_successor_1(ssa, block_num, block);
832 } else {
833 zend_op *target_opline = ZEND_OP2_JMP_ADDR(opline);
834 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
835 take_successor_0(ssa, block_num, block);
836 }
837 opline->op1_type = IS_UNUSED;
838 opline->extended_value = 0;
839 opline->opcode = ZEND_JMP;
840 goto optimize_jmp;
841 } else if (block->successors_count == 2) {
842 if (block->successors[0] == block->successors[1]) {
843 take_successor_0(ssa, block_num, block);
844 if (block->successors[0] == next_block_num && can_follow) {
845 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
846 opline->opcode = ZEND_CHECK_VAR;
847 opline->op2.num = 0;
848 } else if (opline->op1_type == IS_CV || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
849 zend_ssa_remove_instr(ssa, opline, ssa_op);
850 removed_ops++;
851 goto optimize_nop;
852 } else {
853 opline->opcode = ZEND_FREE;
854 opline->op2.num = 0;
855 }
856 } else if ((opline->op1_type == IS_CV && !(OP1_INFO() & MAY_BE_UNDEF)) || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
857 ZEND_ASSERT(ssa_op->op1_use >= 0);
858 zend_ssa_unlink_use_chain(ssa, op_num, ssa_op->op1_use);
859 ssa_op->op1_use = -1;
860 ssa_op->op1_use_chain = -1;
861 opline->opcode = ZEND_JMP;
862 opline->op1_type = IS_UNUSED;
863 opline->op1.num = opline->op2.num;
864 goto optimize_jmp;
865 }
866 }
867 }
868 break;
869 case ZEND_JMPZ_EX:
870 if (ssa->vars[ssa_op->result_def].use_chain < 0
871 && ssa->vars[ssa_op->result_def].phi_use_chain == NULL) {
872 opline->opcode = ZEND_JMPZ;
873 opline->result_type = IS_UNUSED;
874 zend_ssa_remove_result_def(ssa, ssa_op);
875 goto optimize_jmpz;
876 } else if (opline->op1_type == IS_CONST) {
877 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
878 opline->opcode = ZEND_QM_ASSIGN;
879 take_successor_1(ssa, block_num, block);
880 }
881 }
882 break;
883 case ZEND_JMPNZ_EX:
884 if (ssa->vars[ssa_op->result_def].use_chain < 0
885 && ssa->vars[ssa_op->result_def].phi_use_chain == NULL) {
886 opline->opcode = ZEND_JMPNZ;
887 opline->result_type = IS_UNUSED;
888 zend_ssa_remove_result_def(ssa, ssa_op);
889 goto optimize_jmpnz;
890 } else if (opline->op1_type == IS_CONST) {
891 if (!zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
892 opline->opcode = ZEND_QM_ASSIGN;
893 take_successor_1(ssa, block_num, block);
894 }
895 }
896 break;
897 case ZEND_JMP_SET:
898 if (ssa->vars[ssa_op->result_def].use_chain < 0
899 && ssa->vars[ssa_op->result_def].phi_use_chain == NULL) {
900 opline->opcode = ZEND_JMPNZ;
901 opline->result_type = IS_UNUSED;
902 zend_ssa_remove_result_def(ssa, ssa_op);
903 goto optimize_jmpnz;
904 } else if (opline->op1_type == IS_CONST) {
905 if (!zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
906 MAKE_NOP(opline);
907 removed_ops++;
908 take_successor_1(ssa, block_num, block);
909 zend_ssa_remove_result_def(ssa, ssa_op);
910 goto optimize_nop;
911 }
912 }
913 break;
914 case ZEND_COALESCE:
915 {
916 zend_ssa_var *var = &ssa->vars[ssa_op->result_def];
917 if (opline->op1_type == IS_CONST
918 && var->use_chain < 0 && var->phi_use_chain == NULL) {
919 if (Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op1.constant)) == IS_NULL) {
920 zend_ssa_remove_result_def(ssa, ssa_op);
921 MAKE_NOP(opline);
922 removed_ops++;
923 take_successor_1(ssa, block_num, block);
924 goto optimize_nop;
925 } else {
926 opline->opcode = ZEND_JMP;
927 opline->result_type = IS_UNUSED;
928 zend_ssa_remove_result_def(ssa, ssa_op);
929 COPY_NODE(opline->op1, opline->op2);
930 take_successor_0(ssa, block_num, block);
931 goto optimize_jmp;
932 }
933 }
934 break;
935 }
936 case ZEND_JMP_NULL:
937 {
938 zend_ssa_var *var = &ssa->vars[ssa_op->result_def];
939 if (opline->op1_type == IS_CONST
940 && var->use_chain < 0 && var->phi_use_chain == NULL) {
941 if (Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op1.constant)) == IS_NULL) {
942 opline->opcode = ZEND_JMP;
943 opline->result_type = IS_UNUSED;
944 zend_ssa_remove_result_def(ssa, ssa_op);
945 COPY_NODE(opline->op1, opline->op2);
946 take_successor_0(ssa, block_num, block);
947 goto optimize_jmp;
948 } else {
949 zend_ssa_remove_result_def(ssa, ssa_op);
950 MAKE_NOP(opline);
951 removed_ops++;
952 take_successor_1(ssa, block_num, block);
953 goto optimize_nop;
954 }
955 }
956 break;
957 }
958 case ZEND_SWITCH_LONG:
959 case ZEND_SWITCH_STRING:
960 case ZEND_MATCH:
961 if (opline->op1_type == IS_CONST) {
962 zval *zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
963 zend_uchar type = Z_TYPE_P(zv);
964 zend_bool correct_type =
965 (opline->opcode == ZEND_SWITCH_LONG && type == IS_LONG)
966 || (opline->opcode == ZEND_SWITCH_STRING && type == IS_STRING)
967 || (opline->opcode == ZEND_MATCH && (type == IS_LONG || type == IS_STRING));
968
969 if (!correct_type) {
970 removed_ops++;
971 MAKE_NOP(opline);
972 opline->extended_value = 0;
973 take_successor_ex(ssa, block_num, block, block->successors[block->successors_count - 1]);
974 goto optimize_nop;
975 } else {
976 HashTable *jmptable = Z_ARRVAL_P(CT_CONSTANT_EX(op_array, opline->op2.constant));
977 zval *jmp_zv = type == IS_LONG
978 ? zend_hash_index_find(jmptable, Z_LVAL_P(zv))
979 : zend_hash_find(jmptable, Z_STR_P(zv));
980
981 uint32_t target;
982 if (jmp_zv) {
983 target = ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(jmp_zv));
984 } else {
985 target = ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value);
986 }
987 opline->opcode = ZEND_JMP;
988 opline->extended_value = 0;
989 SET_UNUSED(opline->op1);
990 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, op_array->opcodes + target);
991 SET_UNUSED(opline->op2);
992 take_successor_ex(ssa, block_num, block, ssa->cfg.map[target]);
993 goto optimize_jmp;
994 }
995 }
996 break;
997 case ZEND_NOP:
998 optimize_nop:
999 compress_block(op_array, block);
1000 if (block->len == 0) {
1001 if (block_num > 0) {
1002 zend_ssa_unlink_block(op_array, ssa, block, block_num);
1003 /* backtrack to previous basic block */
1004 do {
1005 block_num--;
1006 } while (block_num >= 0
1007 && !(ssa->cfg.blocks[block_num].flags & ZEND_BB_REACHABLE));
1008 if (block_num >= 0) {
1009 continue;
1010 }
1011 }
1012 }
1013 break;
1014 default:
1015 break;
1016 }
1017 }
1018
1019 block_num = next_block_num;
1020 }
1021
1022 return removed_ops;
1023 }
1024
zend_dfa_try_to_replace_result(zend_op_array * op_array,zend_ssa * ssa,int def,int cv_var)1025 static int zend_dfa_try_to_replace_result(zend_op_array *op_array, zend_ssa *ssa, int def, int cv_var)
1026 {
1027 int result_var = ssa->ops[def].result_def;
1028 int cv = EX_NUM_TO_VAR(ssa->vars[cv_var].var);
1029
1030 if (result_var >= 0
1031 && !(ssa->var_info[cv_var].type & MAY_BE_REF)
1032 && ssa->vars[cv_var].alias == NO_ALIAS
1033 && ssa->vars[result_var].phi_use_chain == NULL
1034 && ssa->vars[result_var].sym_use_chain == NULL) {
1035 int use = ssa->vars[result_var].use_chain;
1036
1037 if (use >= 0
1038 && zend_ssa_next_use(ssa->ops, result_var, use) < 0
1039 && op_array->opcodes[use].opcode != ZEND_FREE
1040 && op_array->opcodes[use].opcode != ZEND_SEND_VAL
1041 && op_array->opcodes[use].opcode != ZEND_SEND_VAL_EX
1042 && op_array->opcodes[use].opcode != ZEND_VERIFY_RETURN_TYPE
1043 && op_array->opcodes[use].opcode != ZEND_YIELD) {
1044 if (use > def) {
1045 int i = use;
1046 const zend_op *opline = &op_array->opcodes[use];
1047
1048 while (i > def) {
1049 if ((opline->op1_type == IS_CV && opline->op1.var == cv)
1050 || (opline->op2_type == IS_CV && opline->op2.var == cv)
1051 || (opline->result_type == IS_CV && opline->result.var == cv)) {
1052 return 0;
1053 }
1054 opline--;
1055 i--;
1056 }
1057
1058 /* Update opcodes and reconstruct SSA */
1059 ssa->vars[result_var].definition = -1;
1060 ssa->vars[result_var].use_chain = -1;
1061 ssa->ops[def].result_def = -1;
1062
1063 op_array->opcodes[def].result_type = IS_UNUSED;
1064 op_array->opcodes[def].result.var = 0;
1065
1066 if (ssa->ops[use].op1_use == result_var) {
1067 ssa->ops[use].op1_use = cv_var;
1068 ssa->ops[use].op1_use_chain = ssa->vars[cv_var].use_chain;
1069 ssa->vars[cv_var].use_chain = use;
1070
1071 op_array->opcodes[use].op1_type = IS_CV;
1072 op_array->opcodes[use].op1.var = cv;
1073 } else if (ssa->ops[use].op2_use == result_var) {
1074 ssa->ops[use].op2_use = cv_var;
1075 ssa->ops[use].op2_use_chain = ssa->vars[cv_var].use_chain;
1076 ssa->vars[cv_var].use_chain = use;
1077
1078 op_array->opcodes[use].op2_type = IS_CV;
1079 op_array->opcodes[use].op2.var = cv;
1080 } else if (ssa->ops[use].result_use == result_var) {
1081 ssa->ops[use].result_use = cv_var;
1082 ssa->ops[use].res_use_chain = ssa->vars[cv_var].use_chain;
1083 ssa->vars[cv_var].use_chain = use;
1084
1085 op_array->opcodes[use].result_type = IS_CV;
1086 op_array->opcodes[use].result.var = cv;
1087 }
1088
1089 return 1;
1090 }
1091 }
1092 }
1093
1094 return 0;
1095 }
1096
zend_dfa_optimize_op_array(zend_op_array * op_array,zend_optimizer_ctx * ctx,zend_ssa * ssa,zend_call_info ** call_map)1097 void zend_dfa_optimize_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx, zend_ssa *ssa, zend_call_info **call_map)
1098 {
1099 if (ctx->debug_level & ZEND_DUMP_BEFORE_DFA_PASS) {
1100 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "before dfa pass", ssa);
1101 }
1102
1103 if (ssa->var_info) {
1104 int op_1;
1105 int v;
1106 int remove_nops = 0;
1107 zend_op *opline;
1108 zend_ssa_op *ssa_op;
1109 zval tmp;
1110
1111 #if ZEND_DEBUG_DFA
1112 ssa_verify_integrity(op_array, ssa, "before dfa");
1113 #endif
1114
1115 if (ZEND_OPTIMIZER_PASS_8 & ctx->optimization_level) {
1116 if (sccp_optimize_op_array(ctx, op_array, ssa, call_map)) {
1117 remove_nops = 1;
1118 }
1119
1120 if (zend_dfa_optimize_jmps(op_array, ssa)) {
1121 remove_nops = 1;
1122 }
1123
1124 #if ZEND_DEBUG_DFA
1125 ssa_verify_integrity(op_array, ssa, "after sccp");
1126 #endif
1127 if (ZEND_FUNC_INFO(op_array)) {
1128 if (zend_dfa_optimize_calls(op_array, ssa)) {
1129 remove_nops = 1;
1130 }
1131 }
1132 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_8) {
1133 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "after sccp pass", ssa);
1134 }
1135 #if ZEND_DEBUG_DFA
1136 ssa_verify_integrity(op_array, ssa, "after calls");
1137 #endif
1138 }
1139
1140 if (ZEND_OPTIMIZER_PASS_14 & ctx->optimization_level) {
1141 if (dce_optimize_op_array(op_array, ssa, 0)) {
1142 remove_nops = 1;
1143 }
1144 if (zend_dfa_optimize_jmps(op_array, ssa)) {
1145 remove_nops = 1;
1146 }
1147 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_14) {
1148 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "after dce pass", ssa);
1149 }
1150 #if ZEND_DEBUG_DFA
1151 ssa_verify_integrity(op_array, ssa, "after dce");
1152 #endif
1153 }
1154
1155 for (v = op_array->last_var; v < ssa->vars_count; v++) {
1156
1157 op_1 = ssa->vars[v].definition;
1158
1159 if (op_1 < 0) {
1160 continue;
1161 }
1162
1163 opline = op_array->opcodes + op_1;
1164 ssa_op = &ssa->ops[op_1];
1165
1166 /* Convert LONG constants to DOUBLE */
1167 if (ssa->var_info[v].use_as_double) {
1168 if (opline->opcode == ZEND_ASSIGN
1169 && opline->op2_type == IS_CONST
1170 && ssa->ops[op_1].op1_def == v
1171 && !RETURN_VALUE_USED(opline)
1172 ) {
1173
1174 // op_1: ASSIGN ? -> #v [use_as_double], long(?) => ASSIGN ? -> #v, double(?)
1175
1176 zval *zv = CT_CONSTANT_EX(op_array, opline->op2.constant);
1177 ZEND_ASSERT(Z_TYPE_INFO_P(zv) == IS_LONG);
1178 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1179 opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
1180
1181 } else if (opline->opcode == ZEND_QM_ASSIGN
1182 && opline->op1_type == IS_CONST
1183 ) {
1184
1185 // op_1: QM_ASSIGN #v [use_as_double], long(?) => QM_ASSIGN #v, double(?)
1186
1187 zval *zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
1188 ZEND_ASSERT(Z_TYPE_INFO_P(zv) == IS_LONG);
1189 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1190 opline->op1.constant = zend_optimizer_add_literal(op_array, &tmp);
1191 }
1192
1193 } else {
1194 if (opline->opcode == ZEND_ADD
1195 || opline->opcode == ZEND_SUB
1196 || opline->opcode == ZEND_MUL
1197 || opline->opcode == ZEND_IS_EQUAL
1198 || opline->opcode == ZEND_IS_NOT_EQUAL
1199 || opline->opcode == ZEND_IS_SMALLER
1200 || opline->opcode == ZEND_IS_SMALLER_OR_EQUAL
1201 ) {
1202
1203 if (opline->op1_type == IS_CONST && opline->op2_type != IS_CONST) {
1204 zval *zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
1205
1206 if ((OP2_INFO() & MAY_BE_ANY) == MAY_BE_DOUBLE
1207 && Z_TYPE_INFO_P(zv) == IS_LONG) {
1208
1209 // op_1: #v.? = ADD long(?), #?.? [double] => #v.? = ADD double(?), #?.? [double]
1210
1211 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1212 opline->op1.constant = zend_optimizer_add_literal(op_array, &tmp);
1213 zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
1214 }
1215 if (opline->opcode == ZEND_ADD) {
1216 zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
1217
1218 if (((OP2_INFO() & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_LONG
1219 && Z_TYPE_INFO_P(zv) == IS_LONG
1220 && Z_LVAL_P(zv) == 0)
1221 || ((OP2_INFO() & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_DOUBLE
1222 && Z_TYPE_INFO_P(zv) == IS_DOUBLE
1223 && Z_DVAL_P(zv) == 0.0)) {
1224
1225 // op_1: #v.? = ADD 0, #?.? [double,long] => #v.? = QM_ASSIGN #?.?
1226
1227 opline->opcode = ZEND_QM_ASSIGN;
1228 opline->op1_type = opline->op2_type;
1229 opline->op1.var = opline->op2.var;
1230 opline->op2_type = IS_UNUSED;
1231 opline->op2.num = 0;
1232 ssa->ops[op_1].op1_use = ssa->ops[op_1].op2_use;
1233 ssa->ops[op_1].op1_use_chain = ssa->ops[op_1].op2_use_chain;
1234 ssa->ops[op_1].op2_use = -1;
1235 ssa->ops[op_1].op2_use_chain = -1;
1236 }
1237 }
1238 } else if (opline->op1_type != IS_CONST && opline->op2_type == IS_CONST) {
1239 zval *zv = CT_CONSTANT_EX(op_array, opline->op2.constant);
1240
1241 if ((OP1_INFO() & MAY_BE_ANY) == MAY_BE_DOUBLE
1242 && Z_TYPE_INFO_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == IS_LONG) {
1243
1244 // op_1: #v.? = ADD #?.? [double], long(?) => #v.? = ADD #?.? [double], double(?)
1245
1246 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1247 opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
1248 zv = CT_CONSTANT_EX(op_array, opline->op2.constant);
1249 }
1250 if (opline->opcode == ZEND_ADD || opline->opcode == ZEND_SUB) {
1251 if (((OP1_INFO() & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_LONG
1252 && Z_TYPE_INFO_P(zv) == IS_LONG
1253 && Z_LVAL_P(zv) == 0)
1254 || ((OP1_INFO() & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_DOUBLE
1255 && Z_TYPE_INFO_P(zv) == IS_DOUBLE
1256 && Z_DVAL_P(zv) == 0.0)) {
1257
1258 // op_1: #v.? = ADD #?.? [double,long], 0 => #v.? = QM_ASSIGN #?.?
1259
1260 opline->opcode = ZEND_QM_ASSIGN;
1261 opline->op2_type = IS_UNUSED;
1262 opline->op2.num = 0;
1263 }
1264 }
1265 }
1266 } else if (opline->opcode == ZEND_CONCAT) {
1267 if (!(OP1_INFO() & MAY_BE_OBJECT)
1268 && !(OP2_INFO() & MAY_BE_OBJECT)) {
1269 opline->opcode = ZEND_FAST_CONCAT;
1270 }
1271 } else if (opline->opcode == ZEND_VERIFY_RETURN_TYPE
1272 && opline->op1_type != IS_CONST
1273 && ssa->ops[op_1].op1_def == v
1274 && ssa->ops[op_1].op1_use >= 0
1275 && ssa->ops[op_1].op1_use_chain == -1
1276 && ssa->vars[v].use_chain >= 0
1277 && can_elide_return_type_check(op_array, ssa, &ssa->ops[op_1])) {
1278
1279 // op_1: VERIFY_RETURN_TYPE #orig_var.? [T] -> #v.? [T] => NOP
1280
1281 int orig_var = ssa->ops[op_1].op1_use;
1282 if (zend_ssa_unlink_use_chain(ssa, op_1, orig_var)) {
1283
1284 int ret = ssa->vars[v].use_chain;
1285
1286 ssa->ops[ret].op1_use = orig_var;
1287 ssa->ops[ret].op1_use_chain = ssa->vars[orig_var].use_chain;
1288 ssa->vars[orig_var].use_chain = ret;
1289
1290 ssa->vars[v].definition = -1;
1291 ssa->vars[v].use_chain = -1;
1292
1293 ssa->ops[op_1].op1_def = -1;
1294 ssa->ops[op_1].op1_use = -1;
1295
1296 MAKE_NOP(opline);
1297 remove_nops = 1;
1298 }
1299 }
1300 }
1301
1302 if (opline->opcode == ZEND_QM_ASSIGN
1303 && ssa->ops[op_1].result_def == v
1304 && opline->op1_type & (IS_TMP_VAR|IS_VAR)
1305 && !(ssa->var_info[v].type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))
1306 ) {
1307
1308 int src_var = ssa->ops[op_1].op1_use;
1309
1310 if (src_var >= 0
1311 && !(ssa->var_info[src_var].type & MAY_BE_REF)
1312 && ssa->vars[src_var].definition >= 0
1313 && ssa->ops[ssa->vars[src_var].definition].result_def == src_var
1314 && ssa->ops[ssa->vars[src_var].definition].result_use < 0
1315 && ssa->vars[src_var].use_chain == op_1
1316 && ssa->ops[op_1].op1_use_chain < 0
1317 && !ssa->vars[src_var].phi_use_chain
1318 && !ssa->vars[src_var].sym_use_chain
1319 && opline_supports_assign_contraction(
1320 op_array, ssa, &op_array->opcodes[ssa->vars[src_var].definition],
1321 src_var, opline->result.var)
1322 && !variable_defined_or_used_in_range(ssa, EX_VAR_TO_NUM(opline->result.var),
1323 ssa->vars[src_var].definition+1, op_1)
1324 ) {
1325
1326 int orig_var = ssa->ops[op_1].result_use;
1327 int op_2 = ssa->vars[src_var].definition;
1328
1329 // op_2: #src_var.T = OP ... => #v.CV = OP ...
1330 // op_1: QM_ASSIGN #src_var.T #orig_var.CV [undef,scalar] -> #v.CV, NOP
1331
1332 if (orig_var < 0 || zend_ssa_unlink_use_chain(ssa, op_1, orig_var)) {
1333 /* Reconstruct SSA */
1334 ssa->vars[v].definition = op_2;
1335 ssa->ops[op_2].result_def = v;
1336
1337 ssa->vars[src_var].definition = -1;
1338 ssa->vars[src_var].use_chain = -1;
1339
1340 ssa->ops[op_1].op1_use = -1;
1341 ssa->ops[op_1].op1_def = -1;
1342 ssa->ops[op_1].op1_use_chain = -1;
1343 ssa->ops[op_1].result_use = -1;
1344 ssa->ops[op_1].result_def = -1;
1345 ssa->ops[op_1].res_use_chain = -1;
1346
1347 /* Update opcodes */
1348 op_array->opcodes[op_2].result_type = opline->result_type;
1349 op_array->opcodes[op_2].result.var = opline->result.var;
1350
1351 MAKE_NOP(opline);
1352 remove_nops = 1;
1353
1354 if (op_array->opcodes[op_2].opcode == ZEND_SUB
1355 && op_array->opcodes[op_2].op1_type == op_array->opcodes[op_2].result_type
1356 && op_array->opcodes[op_2].op1.var == op_array->opcodes[op_2].result.var
1357 && op_array->opcodes[op_2].op2_type == IS_CONST
1358 && Z_TYPE_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == IS_LONG
1359 && Z_LVAL_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == 1
1360 && ssa->ops[op_2].op1_use >= 0
1361 && !(ssa->var_info[ssa->ops[op_2].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1362
1363 op_array->opcodes[op_2].opcode = ZEND_PRE_DEC;
1364 SET_UNUSED(op_array->opcodes[op_2].op2);
1365 SET_UNUSED(op_array->opcodes[op_2].result);
1366
1367 ssa->ops[op_2].result_def = -1;
1368 ssa->ops[op_2].op1_def = v;
1369
1370 } else if (op_array->opcodes[op_2].opcode == ZEND_ADD
1371 && op_array->opcodes[op_2].op1_type == op_array->opcodes[op_2].result_type
1372 && op_array->opcodes[op_2].op1.var == op_array->opcodes[op_2].result.var
1373 && op_array->opcodes[op_2].op2_type == IS_CONST
1374 && Z_TYPE_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == IS_LONG
1375 && Z_LVAL_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == 1
1376 && ssa->ops[op_2].op1_use >= 0
1377 && !(ssa->var_info[ssa->ops[op_2].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1378
1379 op_array->opcodes[op_2].opcode = ZEND_PRE_INC;
1380 SET_UNUSED(op_array->opcodes[op_2].op2);
1381 SET_UNUSED(op_array->opcodes[op_2].result);
1382
1383 ssa->ops[op_2].result_def = -1;
1384 ssa->ops[op_2].op1_def = v;
1385
1386 } else if (op_array->opcodes[op_2].opcode == ZEND_ADD
1387 && op_array->opcodes[op_2].op2_type == op_array->opcodes[op_2].result_type
1388 && op_array->opcodes[op_2].op2.var == op_array->opcodes[op_2].result.var
1389 && op_array->opcodes[op_2].op1_type == IS_CONST
1390 && Z_TYPE_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op1.constant)) == IS_LONG
1391 && Z_LVAL_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op1.constant)) == 1
1392 && ssa->ops[op_2].op2_use >= 0
1393 && !(ssa->var_info[ssa->ops[op_2].op2_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1394
1395 op_array->opcodes[op_2].opcode = ZEND_PRE_INC;
1396 op_array->opcodes[op_2].op1_type = op_array->opcodes[op_2].op2_type;
1397 op_array->opcodes[op_2].op1.var = op_array->opcodes[op_2].op2.var;
1398 SET_UNUSED(op_array->opcodes[op_2].op2);
1399 SET_UNUSED(op_array->opcodes[op_2].result);
1400
1401 ssa->ops[op_2].result_def = -1;
1402 ssa->ops[op_2].op1_def = v;
1403 ssa->ops[op_2].op1_use = ssa->ops[op_2].op2_use;
1404 ssa->ops[op_2].op1_use_chain = ssa->ops[op_2].op2_use_chain;
1405 ssa->ops[op_2].op2_use = -1;
1406 ssa->ops[op_2].op2_use_chain = -1;
1407 }
1408 }
1409 }
1410 }
1411
1412 if (ssa->vars[v].var >= op_array->last_var) {
1413 /* skip TMP and VAR */
1414 continue;
1415 }
1416
1417 if (ssa->ops[op_1].op1_def == v
1418 && RETURN_VALUE_USED(opline)) {
1419 if (opline->opcode == ZEND_ASSIGN
1420 || opline->opcode == ZEND_ASSIGN_OP
1421 || opline->opcode == ZEND_PRE_INC
1422 || opline->opcode == ZEND_PRE_DEC) {
1423 zend_dfa_try_to_replace_result(op_array, ssa, op_1, v);
1424 } else if (opline->opcode == ZEND_POST_INC) {
1425 int result_var = ssa->ops[op_1].result_def;
1426
1427 if (result_var >= 0
1428 && (ssa->var_info[result_var].type & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) == 0) {
1429 int use = ssa->vars[result_var].use_chain;
1430
1431 if (use >= 0 && op_array->opcodes[use].opcode == ZEND_IS_SMALLER
1432 && ssa->ops[use].op1_use == result_var
1433 && zend_dfa_try_to_replace_result(op_array, ssa, op_1, v)) {
1434 opline->opcode = ZEND_PRE_INC;
1435 op_array->opcodes[use].opcode = ZEND_IS_SMALLER_OR_EQUAL;
1436 }
1437 }
1438 } else if (opline->opcode == ZEND_POST_DEC) {
1439 int result_var = ssa->ops[op_1].result_def;
1440
1441 if (result_var >= 0
1442 && (ssa->var_info[result_var].type & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) == 0) {
1443 int use = ssa->vars[result_var].use_chain;
1444
1445 if (use >= 0 && op_array->opcodes[use].opcode == ZEND_IS_SMALLER
1446 && ssa->ops[use].op2_use == result_var
1447 && zend_dfa_try_to_replace_result(op_array, ssa, op_1, v)) {
1448 opline->opcode = ZEND_PRE_DEC;
1449 op_array->opcodes[use].opcode = ZEND_IS_SMALLER_OR_EQUAL;
1450 }
1451 }
1452 }
1453 }
1454
1455 if (opline->opcode == ZEND_ASSIGN
1456 && ssa->ops[op_1].op1_def == v
1457 && !RETURN_VALUE_USED(opline)
1458 ) {
1459 int orig_var = ssa->ops[op_1].op1_use;
1460
1461 if (orig_var >= 0
1462 && !(ssa->var_info[orig_var].type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))
1463 ) {
1464 int src_var = ssa->ops[op_1].op2_use;
1465
1466 if ((opline->op2_type & (IS_TMP_VAR|IS_VAR))
1467 && src_var >= 0
1468 && !(ssa->var_info[src_var].type & MAY_BE_REF)
1469 && ssa->vars[src_var].definition >= 0
1470 && ssa->ops[ssa->vars[src_var].definition].result_def == src_var
1471 && ssa->ops[ssa->vars[src_var].definition].result_use < 0
1472 && ssa->vars[src_var].use_chain == op_1
1473 && ssa->ops[op_1].op2_use_chain < 0
1474 && !ssa->vars[src_var].phi_use_chain
1475 && !ssa->vars[src_var].sym_use_chain
1476 && opline_supports_assign_contraction(
1477 op_array, ssa, &op_array->opcodes[ssa->vars[src_var].definition],
1478 src_var, opline->op1.var)
1479 && !variable_defined_or_used_in_range(ssa, EX_VAR_TO_NUM(opline->op1.var),
1480 ssa->vars[src_var].definition+1, op_1)
1481 ) {
1482
1483 int op_2 = ssa->vars[src_var].definition;
1484
1485 // op_2: #src_var.T = OP ... => #v.CV = OP ...
1486 // op_1: ASSIGN #orig_var.CV [undef,scalar] -> #v.CV, #src_var.T NOP
1487
1488 if (zend_ssa_unlink_use_chain(ssa, op_1, orig_var)) {
1489 /* Reconstruct SSA */
1490 ssa->vars[v].definition = op_2;
1491 ssa->ops[op_2].result_def = v;
1492
1493 ssa->vars[src_var].definition = -1;
1494 ssa->vars[src_var].use_chain = -1;
1495
1496 ssa->ops[op_1].op1_use = -1;
1497 ssa->ops[op_1].op2_use = -1;
1498 ssa->ops[op_1].op1_def = -1;
1499 ssa->ops[op_1].op1_use_chain = -1;
1500
1501 /* Update opcodes */
1502 op_array->opcodes[op_2].result_type = opline->op1_type;
1503 op_array->opcodes[op_2].result.var = opline->op1.var;
1504
1505 MAKE_NOP(opline);
1506 remove_nops = 1;
1507
1508 if (op_array->opcodes[op_2].opcode == ZEND_SUB
1509 && op_array->opcodes[op_2].op1_type == op_array->opcodes[op_2].result_type
1510 && op_array->opcodes[op_2].op1.var == op_array->opcodes[op_2].result.var
1511 && op_array->opcodes[op_2].op2_type == IS_CONST
1512 && Z_TYPE_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == IS_LONG
1513 && Z_LVAL_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == 1
1514 && ssa->ops[op_2].op1_use >= 0
1515 && !(ssa->var_info[ssa->ops[op_2].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1516
1517 op_array->opcodes[op_2].opcode = ZEND_PRE_DEC;
1518 SET_UNUSED(op_array->opcodes[op_2].op2);
1519 SET_UNUSED(op_array->opcodes[op_2].result);
1520
1521 ssa->ops[op_2].result_def = -1;
1522 ssa->ops[op_2].op1_def = v;
1523
1524 } else if (op_array->opcodes[op_2].opcode == ZEND_ADD
1525 && op_array->opcodes[op_2].op1_type == op_array->opcodes[op_2].result_type
1526 && op_array->opcodes[op_2].op1.var == op_array->opcodes[op_2].result.var
1527 && op_array->opcodes[op_2].op2_type == IS_CONST
1528 && Z_TYPE_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == IS_LONG
1529 && Z_LVAL_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op2.constant)) == 1
1530 && ssa->ops[op_2].op1_use >= 0
1531 && !(ssa->var_info[ssa->ops[op_2].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1532
1533 op_array->opcodes[op_2].opcode = ZEND_PRE_INC;
1534 SET_UNUSED(op_array->opcodes[op_2].op2);
1535 SET_UNUSED(op_array->opcodes[op_2].result);
1536
1537 ssa->ops[op_2].result_def = -1;
1538 ssa->ops[op_2].op1_def = v;
1539
1540 } else if (op_array->opcodes[op_2].opcode == ZEND_ADD
1541 && op_array->opcodes[op_2].op2_type == op_array->opcodes[op_2].result_type
1542 && op_array->opcodes[op_2].op2.var == op_array->opcodes[op_2].result.var
1543 && op_array->opcodes[op_2].op1_type == IS_CONST
1544 && Z_TYPE_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op1.constant)) == IS_LONG
1545 && Z_LVAL_P(CT_CONSTANT_EX(op_array, op_array->opcodes[op_2].op1.constant)) == 1
1546 && ssa->ops[op_2].op2_use >= 0
1547 && !(ssa->var_info[ssa->ops[op_2].op2_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1548
1549 op_array->opcodes[op_2].opcode = ZEND_PRE_INC;
1550 op_array->opcodes[op_2].op1_type = op_array->opcodes[op_2].op2_type;
1551 op_array->opcodes[op_2].op1.var = op_array->opcodes[op_2].op2.var;
1552 SET_UNUSED(op_array->opcodes[op_2].op2);
1553 SET_UNUSED(op_array->opcodes[op_2].result);
1554
1555 ssa->ops[op_2].result_def = -1;
1556 ssa->ops[op_2].op1_def = v;
1557 ssa->ops[op_2].op1_use = ssa->ops[op_2].op2_use;
1558 ssa->ops[op_2].op1_use_chain = ssa->ops[op_2].op2_use_chain;
1559 ssa->ops[op_2].op2_use = -1;
1560 ssa->ops[op_2].op2_use_chain = -1;
1561 }
1562 }
1563 } else if (opline->op2_type == IS_CONST
1564 || ((opline->op2_type & (IS_TMP_VAR|IS_VAR|IS_CV))
1565 && ssa->ops[op_1].op2_use >= 0
1566 && ssa->ops[op_1].op2_def < 0)
1567 ) {
1568
1569 // op_1: ASSIGN #orig_var.CV [undef,scalar] -> #v.CV, CONST|TMPVAR => QM_ASSIGN v.CV, CONST|TMPVAR
1570
1571 if (ssa->ops[op_1].op1_use != ssa->ops[op_1].op2_use) {
1572 zend_ssa_unlink_use_chain(ssa, op_1, orig_var);
1573 } else {
1574 ssa->ops[op_1].op2_use_chain = ssa->ops[op_1].op1_use_chain;
1575 }
1576
1577 /* Reconstruct SSA */
1578 ssa->ops[op_1].result_def = v;
1579 ssa->ops[op_1].op1_def = -1;
1580 ssa->ops[op_1].op1_use = ssa->ops[op_1].op2_use;
1581 ssa->ops[op_1].op1_use_chain = ssa->ops[op_1].op2_use_chain;
1582 ssa->ops[op_1].op2_use = -1;
1583 ssa->ops[op_1].op2_use_chain = -1;
1584
1585 /* Update opcode */
1586 opline->result_type = opline->op1_type;
1587 opline->result.var = opline->op1.var;
1588 opline->op1_type = opline->op2_type;
1589 opline->op1.var = opline->op2.var;
1590 opline->op2_type = IS_UNUSED;
1591 opline->op2.var = 0;
1592 opline->opcode = ZEND_QM_ASSIGN;
1593 }
1594 }
1595
1596 } else if (opline->opcode == ZEND_ASSIGN_OP
1597 && opline->extended_value == ZEND_ADD
1598 && ssa->ops[op_1].op1_def == v
1599 && opline->op2_type == IS_CONST
1600 && Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == IS_LONG
1601 && Z_LVAL_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == 1
1602 && ssa->ops[op_1].op1_use >= 0
1603 && !(ssa->var_info[ssa->ops[op_1].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1604
1605 // op_1: ASSIGN_ADD #?.CV [undef,null,int,foat] ->#v.CV, int(1) => PRE_INC #?.CV ->#v.CV
1606
1607 opline->opcode = ZEND_PRE_INC;
1608 opline->extended_value = 0;
1609 SET_UNUSED(opline->op2);
1610
1611 } else if (opline->opcode == ZEND_ASSIGN_OP
1612 && opline->extended_value == ZEND_SUB
1613 && ssa->ops[op_1].op1_def == v
1614 && opline->op2_type == IS_CONST
1615 && Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == IS_LONG
1616 && Z_LVAL_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == 1
1617 && ssa->ops[op_1].op1_use >= 0
1618 && !(ssa->var_info[ssa->ops[op_1].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1619
1620 // op_1: ASSIGN_SUB #?.CV [undef,null,int,foat] -> #v.CV, int(1) => PRE_DEC #?.CV ->#v.CV
1621
1622 opline->opcode = ZEND_PRE_DEC;
1623 opline->extended_value = 0;
1624 SET_UNUSED(opline->op2);
1625
1626 } else if (ssa->ops[op_1].op1_def == v
1627 && !RETURN_VALUE_USED(opline)
1628 && ssa->ops[op_1].op1_use >= 0
1629 && !(ssa->var_info[ssa->ops[op_1].op1_use].type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))
1630 && opline->opcode == ZEND_ASSIGN_OP
1631 && opline->extended_value != ZEND_CONCAT) {
1632
1633 // op_1: ASSIGN_OP #orig_var.CV [undef,null,bool,int,double] -> #v.CV, ? => #v.CV = ADD #orig_var.CV, ?
1634
1635 /* Reconstruct SSA */
1636 ssa->ops[op_1].result_def = ssa->ops[op_1].op1_def;
1637 ssa->ops[op_1].op1_def = -1;
1638
1639 /* Update opcode */
1640 opline->opcode = opline->extended_value;
1641 opline->extended_value = 0;
1642 opline->result_type = opline->op1_type;
1643 opline->result.var = opline->op1.var;
1644
1645 }
1646 }
1647
1648 #if ZEND_DEBUG_DFA
1649 ssa_verify_integrity(op_array, ssa, "after dfa");
1650 #endif
1651
1652 if (remove_nops) {
1653 zend_ssa_remove_nops(op_array, ssa, ctx);
1654 #if ZEND_DEBUG_DFA
1655 ssa_verify_integrity(op_array, ssa, "after nop");
1656 #endif
1657 }
1658 }
1659
1660 if (ctx->debug_level & ZEND_DUMP_AFTER_DFA_PASS) {
1661 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "after dfa pass", ssa);
1662 }
1663 }
1664
zend_optimize_dfa(zend_op_array * op_array,zend_optimizer_ctx * ctx)1665 void zend_optimize_dfa(zend_op_array *op_array, zend_optimizer_ctx *ctx)
1666 {
1667 void *checkpoint = zend_arena_checkpoint(ctx->arena);
1668 zend_ssa ssa;
1669
1670 if (zend_dfa_analyze_op_array(op_array, ctx, &ssa) != SUCCESS) {
1671 zend_arena_release(&ctx->arena, checkpoint);
1672 return;
1673 }
1674
1675 zend_dfa_optimize_op_array(op_array, ctx, &ssa, NULL);
1676
1677 /* Destroy SSA */
1678 zend_arena_release(&ctx->arena, checkpoint);
1679 }
1680