1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | https://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 /* pass 3: (Jump optimization)
23 * - optimize series of JMPs
24 */
25
26 #include "Optimizer/zend_optimizer.h"
27 #include "Optimizer/zend_optimizer_internal.h"
28 #include "zend_API.h"
29 #include "zend_constants.h"
30 #include "zend_execute.h"
31 #include "zend_vm.h"
32
33 /* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
in_hitlist(zend_op * target,zend_op ** jmp_hitlist,int jmp_hitlist_count)34 static zend_always_inline int in_hitlist(zend_op *target, zend_op **jmp_hitlist, int jmp_hitlist_count)
35 {
36 int i;
37
38 for (i = 0; i < jmp_hitlist_count; i++) {
39 if (jmp_hitlist[i] == target) {
40 return 1;
41 }
42 }
43 return 0;
44 }
45
46 #define CHECK_LOOP(target) \
47 if (EXPECTED(!in_hitlist(target, jmp_hitlist, jmp_hitlist_count))) { \
48 jmp_hitlist[jmp_hitlist_count++] = target; \
49 } else { \
50 break; \
51 }
52
zend_optimizer_pass3(zend_op_array * op_array,zend_optimizer_ctx * ctx)53 void zend_optimizer_pass3(zend_op_array *op_array, zend_optimizer_ctx *ctx)
54 {
55 zend_op *opline;
56 zend_op *end;
57 zend_op *target;
58 zend_op **jmp_hitlist;
59 int jmp_hitlist_count;
60 ALLOCA_FLAG(use_heap);
61
62 jmp_hitlist = (zend_op**)do_alloca(sizeof(zend_op*)*op_array->last, use_heap);
63 opline = op_array->opcodes;
64 end = opline + op_array->last;
65
66 while (opline < end) {
67
68 switch (opline->opcode) {
69 case ZEND_JMP:
70 jmp_hitlist_count = 0;
71
72 target = ZEND_OP1_JMP_ADDR(opline);
73 while (1) {
74 if (target->opcode == ZEND_JMP) {
75 /* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
76 target = ZEND_OP1_JMP_ADDR(target);
77 CHECK_LOOP(target);
78 } else if (target->opcode == ZEND_NOP) {
79 target = target + 1;
80 } else {
81 break;
82 }
83 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target);
84 }
85
86 if (target == opline + 1) {
87 /* convert L: JMP L+1 to NOP */
88 MAKE_NOP(opline);
89 } else if (target->opcode == ZEND_JMPZNZ) {
90 /* JMP L, L: JMPZNZ L1,L2 -> JMPZNZ L1,L2 */
91 *opline = *target;
92 if (opline->op1_type == IS_CONST) {
93 zval zv;
94 ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(opline));
95 opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
96 }
97 /* Jump addresses may be encoded as offsets, recompute them. */
98 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(target));
99 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline,
100 ZEND_OFFSET_TO_OPLINE(target, target->extended_value));
101 goto optimize_jmpznz;
102 } else if ((target->opcode == ZEND_RETURN ||
103 target->opcode == ZEND_RETURN_BY_REF ||
104 target->opcode == ZEND_GENERATOR_RETURN ||
105 target->opcode == ZEND_EXIT) &&
106 !(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
107 /* JMP L, L: RETURN to immediate RETURN */
108 *opline = *target;
109 if (opline->op1_type == IS_CONST) {
110 zval zv;
111 ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(opline));
112 opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
113 }
114 } else if (opline > op_array->opcodes &&
115 ((opline-1)->opcode == ZEND_JMPZ ||
116 (opline-1)->opcode == ZEND_JMPNZ)) {
117 if (ZEND_OP2_JMP_ADDR(opline-1) == target) {
118 /* JMPZ(X,L1), JMP(L1) -> NOP, JMP(L1) */
119 if ((opline-1)->op1_type == IS_CV) {
120 (opline-1)->opcode = ZEND_CHECK_VAR;
121 (opline-1)->op2.num = 0;
122 } else if ((opline-1)->op1_type & (IS_TMP_VAR|IS_VAR)) {
123 (opline-1)->opcode = ZEND_FREE;
124 (opline-1)->op2.num = 0;
125 } else {
126 MAKE_NOP(opline-1);
127 }
128 } else {
129 /* JMPZ(X,L1), JMP(L2) -> JMPZNZ(X,L1,L2) */
130 if ((opline-1)->opcode == ZEND_JMPZ) {
131 (opline-1)->extended_value = ZEND_OPLINE_TO_OFFSET((opline-1), target);
132 } else {
133 (opline-1)->extended_value = ZEND_OPLINE_TO_OFFSET((opline-1), ZEND_OP2_JMP_ADDR(opline-1));
134 ZEND_SET_OP_JMP_ADDR((opline-1), (opline-1)->op2, target);
135 }
136 (opline-1)->opcode = ZEND_JMPZNZ;
137 }
138 }
139 break;
140
141 case ZEND_JMP_SET:
142 case ZEND_COALESCE:
143 jmp_hitlist_count = 0;
144
145 target = ZEND_OP2_JMP_ADDR(opline);
146 while (1) {
147 if (target->opcode == ZEND_JMP) {
148 target = ZEND_OP1_JMP_ADDR(target);
149 CHECK_LOOP(target);
150 } else if (target->opcode == ZEND_NOP) {
151 target = target + 1;
152 } else {
153 break;
154 }
155 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
156 }
157 break;
158
159 case ZEND_JMPZ:
160 case ZEND_JMPNZ:
161 jmp_hitlist_count = 0;
162
163 target = ZEND_OP2_JMP_ADDR(opline);
164 while (1) {
165 if (target->opcode == ZEND_JMP) {
166 /* plain JMP */
167 /* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
168 target = ZEND_OP1_JMP_ADDR(target);
169 CHECK_LOOP(target);
170 } else if (target->opcode == opline->opcode &&
171 SAME_VAR(opline->op1, target->op1)) {
172 /* same opcode and same var as this opcode */
173 /* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
174 target = ZEND_OP2_JMP_ADDR(target);
175 CHECK_LOOP(target);
176 } else if (target->opcode == INV_COND(opline->opcode) &&
177 SAME_VAR(opline->op1, target->op1)) {
178 /* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
179 JMPZ(X,L1+1) */
180 target = target + 1;
181 } else if (target->opcode == ZEND_JMPZNZ &&
182 SAME_VAR(opline->op1, target->op1)) {
183 target = (opline->opcode == ZEND_JMPZ) ?
184 ZEND_OP2_JMP_ADDR(target) :
185 ZEND_OFFSET_TO_OPLINE(target, target->extended_value);
186 CHECK_LOOP(target);
187 } else if (target->opcode == ZEND_NOP) {
188 target = target + 1;
189 } else {
190 break;
191 }
192 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
193 }
194
195 /* convert L: JMPZ L+1 to NOP */
196 if (target == opline + 1) {
197 if (opline->op1_type == IS_CV) {
198 opline->opcode = ZEND_CHECK_VAR;
199 opline->op2.num = 0;
200 } else if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
201 opline->opcode = ZEND_FREE;
202 opline->op2.num = 0;
203 } else {
204 MAKE_NOP(opline);
205 }
206 }
207 break;
208
209 case ZEND_JMPZ_EX:
210 case ZEND_JMPNZ_EX:
211 jmp_hitlist_count = 0;
212
213 target = ZEND_OP2_JMP_ADDR(opline);
214 while (1) {
215 if (target->opcode == ZEND_JMP) {
216 /* plain JMP */
217 /* JMPZ_EX(X,L1), L1: JMP(L2) => JMPZ_EX(X,L2), L1: JMP(L2) */
218 target = ZEND_OP1_JMP_ADDR(target);
219 CHECK_LOOP(target);
220 } else if (target->opcode == opline->opcode-3 &&
221 (SAME_VAR(target->op1, opline->result) ||
222 SAME_VAR(target->op1, opline->op1))) {
223 /* convert T=JMPZ_EX(X,L1), L1: JMPZ(T,L2) to
224 JMPZ_EX(X,L2) */
225 target = ZEND_OP2_JMP_ADDR(target);
226 CHECK_LOOP(target);
227 } else if (target->opcode == opline->opcode &&
228 target->result.var == opline->result.var &&
229 (SAME_VAR(target->op1, opline->result) ||
230 SAME_VAR(target->op1, opline->op1))) {
231 /* convert T=JMPZ_EX(X,L1), L1: T=JMPZ_EX(T,L2) to
232 JMPZ_EX(X,L2) */
233 target = ZEND_OP2_JMP_ADDR(target);
234 CHECK_LOOP(target);
235 } else if (target->opcode == ZEND_JMPZNZ &&
236 (SAME_VAR(target->op1, opline->result) ||
237 SAME_VAR(target->op1, opline->op1))) {
238 /* Check for JMPZNZ with same cond variable */
239 target = (opline->opcode == ZEND_JMPZ_EX) ?
240 ZEND_OP2_JMP_ADDR(target) :
241 ZEND_OFFSET_TO_OPLINE(target, target->extended_value);
242 CHECK_LOOP(target);
243 } else if (target->opcode == INV_EX_COND(opline->opcode) &&
244 (SAME_VAR(target->op1, opline->result) ||
245 SAME_VAR(target->op1, opline->op1))) {
246 /* convert T=JMPZ_EX(X,L1), L1: JMPNZ(T,L2) to
247 JMPZ_EX(X,L1+1) */
248 target = target + 1;
249 } else if (target->opcode == INV_EX_COND_EX(opline->opcode) &&
250 target->result.var == opline->result.var &&
251 (SAME_VAR(target->op1, opline->result) ||
252 SAME_VAR(target->op1, opline->op1))) {
253 /* convert T=JMPZ_EX(X,L1), L1: T=JMPNZ_EX(T,L2) to
254 JMPZ_EX(X,L1+1) */
255 target = target + 1;
256 } else if (target->opcode == ZEND_BOOL &&
257 (SAME_VAR(target->op1, opline->result) ||
258 SAME_VAR(target->op1, opline->op1))) {
259 /* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
260 Z = JMPZ_EX(X,L1+1) */
261
262 /* NOTE: This optimization pattern is not safe, but works, */
263 /* because result of JMPZ_EX instruction */
264 /* is not used on the following path and */
265 /* should be used once on the branch path. */
266 /* */
267 /* The pattern works well only if jumps processed in */
268 /* direct order, otherwise it breaks JMPZ_EX */
269 /* sequences too early. */
270 opline->result.var = target->result.var;
271 target = target + 1;
272 CHECK_LOOP(target);
273 } else if (target->opcode == ZEND_NOP) {
274 target = target + 1;
275 } else {
276 break;
277 }
278 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
279 }
280
281 /* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
282 if (target == opline + 1) {
283 opline->opcode = ZEND_BOOL;
284 opline->op2.num = 0;
285 }
286 break;
287
288 case ZEND_JMPZNZ:
289 optimize_jmpznz:
290 jmp_hitlist_count = 0;
291 target = ZEND_OP2_JMP_ADDR(opline);
292 while (1) {
293 if (target->opcode == ZEND_JMP) {
294 /* JMPZNZ(X,L1,L2), L1: JMP(L3) => JMPZNZ(X,L3,L2), L1: JMP(L3) */
295 target = ZEND_OP1_JMP_ADDR(target);
296 CHECK_LOOP(target);
297 } else if ((target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
298 SAME_VAR(target->op1, opline->op1)) {
299 /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
300 target = ZEND_OP2_JMP_ADDR(target);
301 CHECK_LOOP(target);
302 } else if (target->opcode == ZEND_JMPNZ &&
303 SAME_VAR(target->op1, opline->op1)) {
304 /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
305 target = target + 1;
306 } else if (target->opcode == ZEND_NOP) {
307 target = target + 1;
308 } else {
309 break;
310 }
311 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
312 }
313
314 jmp_hitlist_count = 0;
315 target = ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value);
316 while (1) {
317 if (target->opcode == ZEND_JMP) {
318 /* JMPZNZ(X,L1,L2), L2: JMP(L3) => JMPZNZ(X,L1,L3), L2: JMP(L3) */
319 target = ZEND_OP1_JMP_ADDR(target);
320 CHECK_LOOP(target);
321 } else if (target->opcode == ZEND_JMPNZ &&
322 SAME_VAR(target->op1, opline->op1)) {
323 /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
324 target = ZEND_OP2_JMP_ADDR(target);
325 CHECK_LOOP(target);
326 } else if (target->opcode == ZEND_JMPZ &&
327 SAME_VAR(target->op1, opline->op1)) {
328 /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
329 target = target + 1;
330 } else if (target->opcode == ZEND_JMPZNZ &&
331 SAME_VAR(target->op1, opline->op1)) {
332 /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
333 target = ZEND_OFFSET_TO_OPLINE(target, target->extended_value);
334 CHECK_LOOP(target);
335 } else if (target->opcode == ZEND_NOP) {
336 target = target + 1;
337 } else {
338 break;
339 }
340 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, target);
341 }
342
343 if (ZEND_OP2_JMP_ADDR(opline) == target &&
344 !(opline->op1_type & (IS_VAR|IS_TMP_VAR))) {
345 /* JMPZNZ(?,L,L) -> JMP(L) */
346 opline->opcode = ZEND_JMP;
347 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target);
348 SET_UNUSED(opline->op1);
349 SET_UNUSED(opline->op2);
350 opline->extended_value = 0;
351 }
352 /* Don't convert JMPZNZ back to JMPZ/JMPNZ, because the
353 following JMP is not removed yet. */
354 break;
355 }
356 opline++;
357 }
358 free_alloca(jmp_hitlist, use_heap);
359 }
360