1 /* pass 3:
2 * - optimize $i = $i+expr to $i+=expr
3 * - optimize series of JMPs
4 * - change $i++ to ++$i where possible
5 */
6
7 /* compares opcodes with allowing oc1 be _EX of oc2 */
8 #define SAME_OPCODE_EX(oc1, oc2) ((oc1 == oc2) || (oc1 == ZEND_JMPZ_EX && oc2 == ZEND_JMPZ) || (oc1 == ZEND_JMPNZ_EX && oc2 == ZEND_JMPNZ))
9
10 /* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
11 #define CHECK_JMP(target, label) \
12 for (i=0; i<jmp_hitlist_count; i++) { \
13 if (jmp_hitlist[i] == ZEND_OP1(&op_array->opcodes[target]).opline_num) { \
14 goto label; \
15 } \
16 } \
17 jmp_hitlist[jmp_hitlist_count++] = ZEND_OP1(&op_array->opcodes[target]).opline_num;
18
19 #define CHECK_JMP2(target, label) \
20 for (i=0; i<jmp_hitlist_count; i++) { \
21 if (jmp_hitlist[i] == ZEND_OP2(&op_array->opcodes[target]).opline_num) { \
22 goto label; \
23 } \
24 } \
25 jmp_hitlist[jmp_hitlist_count++] = ZEND_OP2(&op_array->opcodes[target]).opline_num;
26
27 if (ZEND_OPTIMIZER_PASS_3 & OPTIMIZATION_LEVEL) {
28 zend_op *opline;
29 zend_op *end = op_array->opcodes + op_array->last;
30 zend_uint *jmp_hitlist;
31 int jmp_hitlist_count;
32 int i;
33 zend_uint opline_num = 0;
34 ALLOCA_FLAG(use_heap);
35
36 jmp_hitlist = (zend_uint *)DO_ALLOCA(sizeof(zend_uint)*op_array->last);
37 opline = op_array->opcodes;
38
39 while (opline < end) {
40 jmp_hitlist_count = 0;
41
42 switch (opline->opcode) {
43 case ZEND_ADD:
44 case ZEND_SUB:
45 case ZEND_MUL:
46 case ZEND_DIV:
47 case ZEND_MOD:
48 #if ZEND_EXTENSION_API_NO >= PHP_5_6_X_API_NO
49 case ZEND_POW:
50 #endif
51 case ZEND_CONCAT:
52 case ZEND_SL:
53 case ZEND_SR:
54 case ZEND_BW_OR:
55 case ZEND_BW_AND:
56 case ZEND_BW_XOR:
57 {
58 zend_op *next_opline = opline + 1;
59
60 while (next_opline < end && next_opline->opcode == ZEND_NOP) {
61 ++next_opline;
62 }
63
64 if (next_opline >= end || next_opline->opcode != ZEND_ASSIGN) {
65 break;
66 }
67
68 if ((ZEND_OP2_TYPE(opline) == IS_VAR || ZEND_OP2_TYPE(opline) == IS_CV)
69 && ZEND_OP2(opline).var == ZEND_OP1(next_opline).var &&
70 (opline->opcode == ZEND_ADD ||
71 opline->opcode == ZEND_MUL ||
72 opline->opcode == ZEND_BW_OR ||
73 opline->opcode == ZEND_BW_AND ||
74 opline->opcode == ZEND_BW_XOR)) {
75 /* change $i=expr+$i to $i=$i+expr so that the next
76 * optimization works on it
77 */
78 #if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO
79 zend_uchar tmp_type = opline->op1_type;
80 znode_op tmp = opline->op1;
81 #else
82 znode tmp = opline->op1;
83 #endif
84
85 if (opline->opcode != ZEND_ADD || ZEND_OP1_TYPE(opline) == IS_CONST) {
86 /* protection from array add: $a = array + $a is not commutative! */
87 COPY_NODE(opline->op1, opline->op2);
88 COPY_NODE(opline->op2, tmp);
89 }
90 }
91 if ((ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_CV)
92 && ZEND_OP1(opline).var == ZEND_OP1(next_opline).var
93 && ZEND_OP1_TYPE(opline) == ZEND_OP1_TYPE(next_opline)) {
94 switch (opline->opcode) {
95 case ZEND_ADD:
96 opline->opcode = ZEND_ASSIGN_ADD;
97 break;
98 case ZEND_SUB:
99 opline->opcode = ZEND_ASSIGN_SUB;
100 break;
101 case ZEND_MUL:
102 opline->opcode = ZEND_ASSIGN_MUL;
103 break;
104 case ZEND_DIV:
105 opline->opcode = ZEND_ASSIGN_DIV;
106 break;
107 case ZEND_MOD:
108 opline->opcode = ZEND_ASSIGN_MOD;
109 break;
110 #if ZEND_EXTENSION_API_NO >= PHP_5_6_X_API_NO
111 case ZEND_POW:
112 opline->opcode = ZEND_ASSIGN_POW;
113 break;
114 #endif
115 case ZEND_CONCAT:
116 opline->opcode = ZEND_ASSIGN_CONCAT;
117 break;
118 case ZEND_SL:
119 opline->opcode = ZEND_ASSIGN_SL;
120 break;
121 case ZEND_SR:
122 opline->opcode = ZEND_ASSIGN_SR;
123 break;
124 case ZEND_BW_OR:
125 opline->opcode = ZEND_ASSIGN_BW_OR;
126 break;
127 case ZEND_BW_AND:
128 opline->opcode = ZEND_ASSIGN_BW_AND;
129 break;
130 case ZEND_BW_XOR:
131 opline->opcode = ZEND_ASSIGN_BW_XOR;
132 break;
133 }
134 COPY_NODE(opline->result, next_opline->result);
135 MAKE_NOP(next_opline);
136 opline++;
137 opline_num++;
138 }
139 }
140 break;
141
142 case ZEND_JMP:
143 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
144 if (op_array->has_finally_block) {
145 break;
146 }
147 #endif
148
149 /* convert L: JMP L+1 to NOP */
150 if (ZEND_OP1(opline).opline_num == opline_num + 1) {
151 MAKE_NOP(opline);
152 goto done_jmp_optimization;
153 }
154
155 /* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
156 while (ZEND_OP1(opline).opline_num < op_array->last
157 && op_array->opcodes[ZEND_OP1(opline).opline_num].opcode == ZEND_JMP) {
158 int target = ZEND_OP1(opline).opline_num;
159 CHECK_JMP(target, done_jmp_optimization);
160 ZEND_OP1(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
161 }
162 break;
163
164 #if ZEND_EXTENSION_API_NO >= PHP_5_3_X_API_NO
165 case ZEND_JMP_SET:
166 #if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO
167 case ZEND_JMP_SET_VAR:
168 #endif
169
170 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
171 if (op_array->has_finally_block) {
172 break;
173 }
174 #endif
175
176 while (ZEND_OP2(opline).opline_num < op_array->last) {
177 int target = ZEND_OP2(opline).opline_num;
178 if (op_array->opcodes[target].opcode == ZEND_JMP) {
179 ZEND_OP2(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
180 } else {
181 break;
182 }
183 }
184 break;
185 #endif
186
187 case ZEND_JMPZ:
188 case ZEND_JMPNZ:
189 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
190 if (op_array->has_finally_block) {
191 break;
192 }
193 #endif
194
195 /* convert L: JMPZ L+1 to NOP */
196 if (ZEND_OP2(opline).opline_num == opline_num + 1) {
197 MAKE_NOP(opline);
198 goto done_jmp_optimization;
199 }
200
201 while (ZEND_OP2(opline).opline_num < op_array->last) {
202 int target = ZEND_OP2(opline).opline_num;
203
204 if (op_array->opcodes[target].opcode == ZEND_JMP) {
205 /* plain JMP */
206 /* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
207 CHECK_JMP(target, done_jmp_optimization);
208 ZEND_OP2(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
209 } else if (op_array->opcodes[target].opcode == opline->opcode &&
210 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
211 /* same opcode and same var as this opcode */
212 /* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
213 CHECK_JMP2(target, done_jmp_optimization);
214 ZEND_OP2(opline).opline_num = ZEND_OP2(&op_array->opcodes[target]).opline_num;
215 } else if (op_array->opcodes[target].opcode == opline->opcode + 3 &&
216 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
217 /* convert JMPZ(X,L1), L1: T JMPZ_EX(X,L2) to
218 T = JMPZ_EX(X, L2) */
219 ZEND_OP2(opline).opline_num = ZEND_OP2(&op_array->opcodes[target]).opline_num;opline->opcode += 3;
220 COPY_NODE(opline->result, op_array->opcodes[target].result);
221 break;
222 } else if (op_array->opcodes[target].opcode == INV_COND(opline->opcode) &&
223 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
224 /* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
225 JMPZ(X,L1+1) */
226 ZEND_OP2(opline).opline_num = target + 1;
227 break;
228 } else if (op_array->opcodes[target].opcode == INV_COND_EX(opline->opcode) &&
229 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
230 /* convert JMPZ(X,L1), L1: T = JMPNZ_EX(X,L2) to
231 T = JMPZ_EX(X,L1+1) */
232 ZEND_OP2(opline).opline_num = target + 1;
233 opline->opcode += 3;
234 COPY_NODE(opline->result, op_array->opcodes[target].result);
235 break;
236 } else {
237 break;
238 }
239 }
240 break;
241
242 case ZEND_JMPZ_EX:
243 case ZEND_JMPNZ_EX: {
244 #if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO
245 zend_uchar T_type = opline->result_type;
246 znode_op T = opline->result;
247 #else
248 znode T = opline->result;
249 #endif
250 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
251 if (op_array->has_finally_block) {
252 break;
253 }
254 #endif
255 /* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
256 /* convert L: T = JMPZ_EX T,L+1 to NOP */
257 if (ZEND_OP2(opline).opline_num == opline_num + 1) {
258 if (ZEND_OP1(opline).var == ZEND_RESULT(opline).var) {
259 MAKE_NOP(opline);
260 } else {
261 opline->opcode = ZEND_BOOL;
262 SET_UNUSED(opline->op2);
263 }
264 goto done_jmp_optimization;
265 }
266
267 while (ZEND_OP2(opline).opline_num < op_array->last) {
268 int target = ZEND_OP2(opline).opline_num;
269 if (SAME_OPCODE_EX(opline->opcode, op_array->opcodes[target].opcode) &&
270 SAME_VAR(op_array->opcodes[target].op1, T)) {
271 /* Check for JMPZ_EX to JMPZ[_EX] with the same condition, either with _EX or not */
272 if (op_array->opcodes[target].opcode == opline->opcode) {
273 /* change T only if we have _EX opcode there */
274 COPY_NODE(T, op_array->opcodes[target].result);
275 }
276 CHECK_JMP2(target, continue_jmp_ex_optimization);
277 ZEND_OP2(opline).opline_num = ZEND_OP2(&op_array->opcodes[target]).opline_num;
278 } else if (op_array->opcodes[target].opcode == ZEND_JMPZNZ &&
279 SAME_VAR(op_array->opcodes[target].op1, T)) {
280 /* Check for JMPZNZ with same cond variable */
281 int new_target;
282 CHECK_JMP2(target, continue_jmp_ex_optimization);
283 if (opline->opcode == ZEND_JMPZ_EX) {
284 new_target = ZEND_OP2(&op_array->opcodes[target]).opline_num;
285 } else {
286 /* JMPNZ_EX */
287 new_target = op_array->opcodes[target].extended_value;
288 }
289 ZEND_OP2(opline).opline_num = new_target;
290 } else if ((op_array->opcodes[target].opcode == INV_EX_COND_EX(opline->opcode) ||
291 op_array->opcodes[target].opcode == INV_EX_COND(opline->opcode)) &&
292 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
293 /* convert JMPZ_EX(X,L1), L1: JMPNZ_EX(X,L2) to
294 JMPZ_EX(X,L1+1) */
295 ZEND_OP2(opline).opline_num = target + 1;
296 break;
297 } else {
298 break;
299 }
300 } /* while */
301 continue_jmp_ex_optimization:
302 break;
303 #if 0
304 /* If Ti = JMPZ_EX(X, L) and Ti is not used, convert to JMPZ(X, L) */
305 {
306 zend_op *op;
307 for(op = opline+1; op<end; op++) {
308 if(ZEND_RESULT_TYPE(op) == IS_TMP_VAR &&
309 ZEND_RESULT(op).var == ZEND_RESULT(opline).var) {
310 break; /* can pass to part 2 */
311 }
312
313 if(op->opcode == ZEND_JMP ||
314 op->opcode == ZEND_JMPZ ||
315 op->opcode == ZEND_JMPZ_EX ||
316 op->opcode == ZEND_JMPNZ ||
317 op->opcode == ZEND_JMPNZ_EX ||
318 op->opcode == ZEND_JMPZNZ ||
319 op->opcode == ZEND_BRK ||
320 op->opcode == ZEND_CONT ||
321 op->opcode == ZEND_CASE ||
322 op->opcode == ZEND_RETURN ||
323 #if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO
324 op->opcode == ZEND_RETURN_BY_REF ||
325 #endif
326 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
327 op->opcode == ZEND_FAST_RET ||
328 #endif
329 op->opcode == ZEND_FE_FETCH ||
330 op->opcode == ZEND_EXIT) {
331 break;
332 }
333
334 if(ZEND_OP1_TYPE(op) == IS_TMP_VAR &&
335 ZEND_OP1(op).var == ZEND_RESULT(opline).var) {
336 goto done_jmp_optimization;
337 }
338
339 if(ZEND_OP2_TYPE(op) == IS_TMP_VAR &&
340 ZEND_OP2(op).var == ZEND_RESULT(opline).var) {
341 goto done_jmp_optimization;
342 }
343 } /* for */
344
345 for(op = &op_array->opcodes[ZEND_OP2(opline).opline_num]; op<end; op++) {
346
347 if(ZEND_RESULT_TYPE(op) == IS_TMP_VAR &&
348 ZEND_RESULT(op).var == ZEND_RESULT(opline).var) {
349 break; /* can pass to optimization */
350 }
351
352 if(op->opcode == ZEND_JMP ||
353 op->opcode == ZEND_JMPZ ||
354 op->opcode == ZEND_JMPZ_EX ||
355 op->opcode == ZEND_JMPNZ ||
356 op->opcode == ZEND_JMPNZ_EX ||
357 op->opcode == ZEND_JMPZNZ ||
358 op->opcode == ZEND_BRK ||
359 op->opcode == ZEND_CONT ||
360 op->opcode == ZEND_CASE ||
361 op->opcode == ZEND_RETURN ||
362 #if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO
363 op->opcode == ZEND_RETURN_BY_REF ||
364 #endif
365 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
366 op->opcode == ZEND_FAST_RET ||
367 #endif
368 op->opcode == ZEND_FE_FETCH ||
369 op->opcode == ZEND_EXIT) {
370 break;
371 }
372
373 if(ZEND_OP1_TYPE(op) == IS_TMP_VAR &&
374 ZEND_OP1(op).var == ZEND_RESULT(opline).var) {
375 goto done_jmp_optimization;
376 }
377
378 if(ZEND_OP2_TYPE(op) == IS_TMP_VAR &&
379 ZEND_OP2(op).var == ZEND_RESULT(opline).var) {
380 goto done_jmp_optimization;
381 }
382 }
383
384 opline->opcode = opline->opcode-3; /* JMP_EX -> JMP */
385 SET_UNUSED(opline->result);
386 break;
387 }
388 #endif
389 }
390 break;
391
392 case ZEND_JMPZNZ:
393 #if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO
394 if (op_array->has_finally_block) {
395 break;
396 }
397 #endif
398 /* JMPZNZ(X,L1,L2), L1: JMP(L3) => JMPZNZ(X,L3,L2), L1: JMP(L3) */
399 while (ZEND_OP2(opline).opline_num < op_array->last
400 && op_array->opcodes[ZEND_OP2(opline).opline_num].opcode == ZEND_JMP) {
401 int target = ZEND_OP2(opline).opline_num;
402 CHECK_JMP(target, continue_jmpznz_optimization);
403 ZEND_OP2(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
404 }
405 continue_jmpznz_optimization:
406 /* JMPZNZ(X,L1,L2), L2: JMP(L3) => JMPZNZ(X,L1,L3), L2: JMP(L3) */
407 while (opline->extended_value < op_array->last
408 && op_array->opcodes[opline->extended_value].opcode == ZEND_JMP) {
409 int target = opline->extended_value;
410 CHECK_JMP(target, done_jmp_optimization);
411 opline->extended_value = ZEND_OP1(&op_array->opcodes[target]).opline_num;
412 }
413 break;
414
415 case ZEND_POST_INC:
416 case ZEND_POST_DEC: {
417 /* POST_INC, FREE => PRE_INC */
418 zend_op *next_op = opline + 1;
419
420 if (next_op >= end) {
421 break;
422 }
423 if (next_op->opcode == ZEND_FREE &&
424 ZEND_OP1(next_op).var == ZEND_RESULT(opline).var) {
425 MAKE_NOP(next_op);
426 switch (opline->opcode) {
427 case ZEND_POST_INC:
428 opline->opcode = ZEND_PRE_INC;
429 break;
430 case ZEND_POST_DEC:
431 opline->opcode = ZEND_PRE_DEC;
432 break;
433 }
434 #if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO
435 ZEND_RESULT_TYPE(opline) = IS_VAR | EXT_TYPE_UNUSED;
436 #else
437 ZEND_RESULT_TYPE(opline) = IS_VAR;
438 ZEND_RESULT(opline).EA.type = 0;
439 ZEND_RESULT(opline).EA.type |= EXT_TYPE_UNUSED;
440 #endif
441 }
442 }
443 break;
444 }
445 done_jmp_optimization:
446 opline++;
447 opline_num++;
448 }
449 FREE_ALLOCA(jmp_hitlist);
450 }