1/*
2   +----------------------------------------------------------------------+
3   | Zend OPcache                                                         |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 1998-2014 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt                                  |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Andi Gutmans <andi@zend.com>                                |
16   |          Zeev Suraski <zeev@zend.com>                                |
17   |          Stanislav Malyshev <stas@zend.com>                          |
18   |          Dmitry Stogov <dmitry@zend.com>                             |
19   +----------------------------------------------------------------------+
20*/
21
22#include "php.h"
23#include "Optimizer/zend_optimizer.h"
24#include "Optimizer/zend_optimizer_internal.h"
25#include "zend_API.h"
26#include "zend_constants.h"
27#include "zend_execute.h"
28#include "zend_vm.h"
29
30#define DEBUG_BLOCKPASS 0
31
32/* Checks if a constant (like "true") may be replaced by its value */
33int zend_optimizer_get_persistent_constant(zend_string *name, zval *result, int copy TSRMLS_DC)
34{
35    zend_constant *c;
36    char *lookup_name;
37    int retval = 1;
38    ALLOCA_FLAG(use_heap);
39
40    if ((c = zend_hash_find_ptr(EG(zend_constants), name)) == NULL) {
41        lookup_name = DO_ALLOCA(name->len + 1);
42        memcpy(lookup_name, name->val, name->len + 1);
43        zend_str_tolower(lookup_name, name->len);
44
45        if ((c = zend_hash_str_find_ptr(EG(zend_constants), lookup_name, name->len)) != NULL) {
46            if (!(c->flags & CONST_CT_SUBST) || (c->flags & CONST_CS)) {
47                retval = 0;
48            }
49        } else {
50            retval = 0;
51        }
52        FREE_ALLOCA(lookup_name);
53    }
54
55    if (retval) {
56        if (c->flags & CONST_PERSISTENT) {
57            ZVAL_COPY_VALUE(result, &c->value);
58            if (copy) {
59                zval_copy_ctor(result);
60            }
61        } else {
62            retval = 0;
63        }
64    }
65
66    return retval;
67}
68
69#if DEBUG_BLOCKPASS
70# define BLOCK_REF(b) b?op_array->opcodes-b->start_opline:-1
71
72static inline void print_block(zend_code_block *block, zend_op *opcodes, char *txt)
73{
74    fprintf(stderr, "%sBlock: %d-%d (%d)", txt, block->start_opline - opcodes, block->start_opline - opcodes + block->len - 1, block->len);
75    if (!block->access) {
76        fprintf(stderr, " unused");
77    }
78    if (block->op1_to) {
79        fprintf(stderr, " 1: %d", block->op1_to->start_opline - opcodes);
80    }
81    if (block->op2_to) {
82        fprintf(stderr, " 2: %d", block->op2_to->start_opline - opcodes);
83    }
84    if (block->ext_to) {
85        fprintf(stderr, " e: %d", block->ext_to->start_opline - opcodes);
86    }
87    if (block->follow_to) {
88        fprintf(stderr, " f: %d", block->follow_to->start_opline - opcodes);
89    }
90
91    if (block->sources) {
92        zend_block_source *bs = block->sources;
93        fprintf(stderr, " s:");
94        while (bs) {
95            fprintf(stderr, " %d", bs->from->start_opline - opcodes);
96            bs = bs->next;
97        }
98    }
99
100    fprintf(stderr, "\n");
101    fflush(stderr);
102}
103#else
104#define print_block(a,b,c)
105#endif
106
107#define START_BLOCK_OP(opno) blocks[opno].start_opline = &op_array->opcodes[opno]; blocks[opno].start_opline_no = opno; blocks[opno].access = 1
108
109/* find code blocks in op_array
110   code block is a set of opcodes with single flow of control, i.e. without jmps,
111   branches, etc. */
112static int find_code_blocks(zend_op_array *op_array, zend_cfg *cfg, zend_optimizer_ctx *ctx)
113{
114    zend_op *opline;
115    zend_op *end = op_array->opcodes + op_array->last;
116    zend_code_block *blocks, *cur_block;
117    uint32_t opno = 0;
118
119    memset(cfg, 0, sizeof(zend_cfg));
120    blocks = cfg->blocks = zend_arena_calloc(&ctx->arena, op_array->last + 2, sizeof(zend_code_block));
121    opline = op_array->opcodes;
122    blocks[0].start_opline = opline;
123    blocks[0].start_opline_no = 0;
124    while (opline < end) {
125        switch((unsigned)opline->opcode) {
126            case ZEND_BRK:
127            case ZEND_CONT:
128            case ZEND_GOTO:
129                /* would not optimize non-optimized BRK/CONTs - we cannot
130                 really know where it jumps, so these optimizations are
131                too dangerous */
132                return 0;
133            case ZEND_FAST_CALL:
134                START_BLOCK_OP(ZEND_OP1(opline).opline_num);
135                if (opline->extended_value) {
136                    START_BLOCK_OP(ZEND_OP2(opline).opline_num);
137                }
138                START_BLOCK_OP(opno + 1);
139                break;
140            case ZEND_FAST_RET:
141                if (opline->extended_value) {
142                    START_BLOCK_OP(ZEND_OP2(opline).opline_num);
143                }
144                START_BLOCK_OP(opno + 1);
145                break;
146            case ZEND_JMP:
147                START_BLOCK_OP(ZEND_OP1(opline).opline_num);
148                /* break missing intentionally */
149            case ZEND_RETURN:
150            case ZEND_RETURN_BY_REF:
151            case ZEND_GENERATOR_RETURN:
152            case ZEND_EXIT:
153            case ZEND_THROW:
154                /* start new block from this+1 */
155                START_BLOCK_OP(opno + 1);
156                break;
157                /* TODO: if conditional jmp depends on constant,
158                         don't start block that won't be executed */
159            case ZEND_CATCH:
160                START_BLOCK_OP(opline->extended_value);
161                START_BLOCK_OP(opno + 1);
162                break;
163            case ZEND_JMPZNZ:
164                START_BLOCK_OP(opline->extended_value);
165            case ZEND_JMPZ:
166            case ZEND_JMPNZ:
167            case ZEND_JMPZ_EX:
168            case ZEND_JMPNZ_EX:
169            case ZEND_FE_RESET:
170            case ZEND_NEW:
171            case ZEND_JMP_SET:
172            case ZEND_COALESCE:
173                START_BLOCK_OP(ZEND_OP2(opline).opline_num);
174                START_BLOCK_OP(opno + 1);
175                break;
176            case ZEND_FE_FETCH:
177                START_BLOCK_OP(ZEND_OP2(opline).opline_num);
178                START_BLOCK_OP(opno + 2);
179                break;
180        }
181        opno++;
182        opline++;
183    }
184
185    /* first find block start points */
186    if (op_array->last_try_catch) {
187        int i;
188        cfg->try = zend_arena_calloc(&ctx->arena, op_array->last_try_catch, sizeof(zend_code_block *));
189        cfg->catch = zend_arena_calloc(&ctx->arena, op_array->last_try_catch, sizeof(zend_code_block *));
190        for (i = 0; i< op_array->last_try_catch; i++) {
191            cfg->try[i] = &blocks[op_array->try_catch_array[i].try_op];
192            cfg->catch[i] = &blocks[op_array->try_catch_array[i].catch_op];
193            START_BLOCK_OP(op_array->try_catch_array[i].try_op);
194            START_BLOCK_OP(op_array->try_catch_array[i].catch_op);
195            blocks[op_array->try_catch_array[i].try_op].protected = 1;
196        }
197    }
198    /* Currently, we don't optimize op_arrays with BRK/CONT/GOTO opcodes,
199     * but, we have to keep brk_cont_array to avoid memory leaks during
200     * exception handling */
201    if (op_array->last_brk_cont) {
202        int i, j;
203
204        j = 0;
205        for (i = 0; i< op_array->last_brk_cont; i++) {
206            if (op_array->brk_cont_array[i].start >= 0 &&
207                op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_FREE) {
208                int parent = op_array->brk_cont_array[i].parent;
209
210                while (parent >= 0 &&
211                       op_array->brk_cont_array[parent].start < 0 &&
212                       op_array->opcodes[op_array->brk_cont_array[parent].brk].opcode != ZEND_FREE) {
213                    parent = op_array->brk_cont_array[parent].parent;
214                }
215                op_array->brk_cont_array[i].parent = parent;
216                j++;
217            }
218        }
219        if (j) {
220            cfg->loop_start = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
221            cfg->loop_cont  = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
222            cfg->loop_brk   = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
223            j = 0;
224            for (i = 0; i< op_array->last_brk_cont; i++) {
225                if (op_array->brk_cont_array[i].start >= 0 &&
226                    op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_FREE) {
227                    if (i != j) {
228                        op_array->brk_cont_array[j] = op_array->brk_cont_array[i];
229                    }
230                    cfg->loop_start[j] = &blocks[op_array->brk_cont_array[j].start];
231                    cfg->loop_cont[j]  = &blocks[op_array->brk_cont_array[j].cont];
232                    cfg->loop_brk[j]   = &blocks[op_array->brk_cont_array[j].brk];
233                    START_BLOCK_OP(op_array->brk_cont_array[j].start);
234                    START_BLOCK_OP(op_array->brk_cont_array[j].cont);
235                    START_BLOCK_OP(op_array->brk_cont_array[j].brk);
236                    blocks[op_array->brk_cont_array[j].start].protected = 1;
237                    blocks[op_array->brk_cont_array[j].brk].protected = 1;
238                    j++;
239                }
240            }
241            op_array->last_brk_cont = j;
242        } else {
243            efree(op_array->brk_cont_array);
244            op_array->brk_cont_array = NULL;
245            op_array->last_brk_cont = 0;
246        }
247    }
248
249    /* Build CFG (Control Flow Graph) */
250    cur_block = blocks;
251    for (opno = 1; opno < op_array->last; opno++) {
252        if (blocks[opno].start_opline) {
253            /* found new block start */
254            cur_block->len = blocks[opno].start_opline - cur_block->start_opline;
255            cur_block->next = &blocks[opno];
256            /* what is the last OP of previous block? */
257            opline = blocks[opno].start_opline - 1;
258            if (opline->opcode == ZEND_OP_DATA) {
259                opline--;
260            }
261            switch((unsigned)opline->opcode) {
262                case ZEND_RETURN:
263                case ZEND_RETURN_BY_REF:
264                case ZEND_GENERATOR_RETURN:
265                case ZEND_EXIT:
266                case ZEND_THROW:
267                    break;
268                case ZEND_FAST_CALL:
269                    if (opline->extended_value) {
270                        cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
271                    }
272                    cur_block->op1_to = &blocks[ZEND_OP1(opline).opline_num];
273                    break;
274                case ZEND_FAST_RET:
275                    if (opline->extended_value) {
276                        cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
277                    }
278                    break;
279                case ZEND_JMP:
280                    cur_block->op1_to = &blocks[ZEND_OP1(opline).opline_num];
281                    break;
282                case ZEND_JMPZNZ:
283                    cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
284                    cur_block->ext_to = &blocks[opline->extended_value];
285                    break;
286                case ZEND_CATCH:
287                    cur_block->ext_to = &blocks[opline->extended_value];
288                    cur_block->follow_to = &blocks[opno];
289                    break;
290                case ZEND_JMPZ:
291                case ZEND_JMPNZ:
292                case ZEND_JMPZ_EX:
293                case ZEND_JMPNZ_EX:
294                case ZEND_FE_RESET:
295                case ZEND_NEW:
296                case ZEND_JMP_SET:
297                case ZEND_COALESCE:
298                case ZEND_FE_FETCH:
299                    cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
300                    /* break missing intentionally */
301                default:
302                    /* next block follows this */
303                    cur_block->follow_to = &blocks[opno];
304                    break;
305            }
306            print_block(cur_block, op_array->opcodes, "");
307            cur_block = cur_block->next;
308        }
309    }
310    cur_block->len = end - cur_block->start_opline;
311    cur_block->next = &blocks[op_array->last + 1];
312    print_block(cur_block, op_array->opcodes, "");
313
314    return 1;
315}
316
317/* CFG back references management */
318
319#define ADD_SOURCE(fromb, tob) { \
320    zend_block_source *__s = tob->sources; \
321    while (__s && __s->from != fromb) __s = __s->next; \
322    if (__s == NULL) { \
323        zend_block_source *__t = zend_arena_alloc(&ctx->arena, sizeof(zend_block_source)); \
324        __t->next = tob->sources; \
325        tob->sources = __t; \
326        __t->from = fromb; \
327    } \
328}
329
330#define DEL_SOURCE(cs) do { \
331        *(cs) = (*(cs))->next; \
332    } while (0)
333
334
335static inline void replace_source(zend_block_source *list, zend_code_block *old, zend_code_block *new)
336{
337    /* replace all references to 'old' in 'list' with 'new' */
338    zend_block_source **cs;
339    int found = 0;
340
341    for (cs = &list; *cs; cs = &((*cs)->next)) {
342        if ((*cs)->from == new) {
343            if (found) {
344                DEL_SOURCE(cs);
345            } else {
346                found = 1;
347            }
348        }
349
350        if ((*cs)->from == old) {
351            if (found) {
352                DEL_SOURCE(cs);
353            } else {
354                (*cs)->from = new;
355                found = 1;
356            }
357        }
358    }
359}
360
361static inline void del_source(zend_code_block *from, zend_code_block *to)
362{
363    /* delete source 'from' from 'to'-s sources list */
364    zend_block_source **cs = &to->sources;
365
366    if (to->sources == NULL) {
367        to->access = 0;
368        return;
369    }
370
371    while (*cs) {
372        if ((*cs)->from == from) {
373            DEL_SOURCE(cs);
374            break;
375        }
376        cs = &((*cs)->next);
377    }
378
379    if (to->sources == NULL) {
380        /* 'to' has no more sources - it's unused, will be stripped */
381        to->access = 0;
382        return;
383    }
384
385    if (to->sources->next == NULL) {
386        /* source to only one block */
387        zend_code_block *from_block = to->sources->from;
388
389        if (from_block->access && from_block->follow_to == to &&
390            from_block->op1_to == NULL &&
391            from_block->op2_to == NULL &&
392            from_block->ext_to == NULL) {
393            /* this block follows it's only predecessor - we can join them */
394            zend_op *new_to = from_block->start_opline + from_block->len;
395            if (new_to != to->start_opline) {
396                /* move block to new location */
397                memmove(new_to, to->start_opline, sizeof(zend_op)*to->len);
398            }
399            /* join blocks' lengths */
400            from_block->len += to->len;
401            /* move 'to'`s references to 'from' */
402            to->start_opline = NULL;
403            to->access = 0;
404            to->sources = NULL;
405            from_block->follow_to = to->follow_to;
406            if (to->op1_to) {
407                from_block->op1_to = to->op1_to;
408                replace_source(to->op1_to->sources, to, from_block);
409            }
410            if (to->op2_to) {
411                from_block->op2_to = to->op2_to;
412                replace_source(to->op2_to->sources, to, from_block);
413            }
414            if (to->ext_to) {
415                from_block->ext_to = to->ext_to;
416                replace_source(to->ext_to->sources, to, from_block);
417            }
418            if (to->follow_to) {
419                replace_source(to->follow_to->sources, to, from_block);
420            }
421            /* remove "to" from list */
422        }
423    }
424}
425
426static void delete_code_block(zend_code_block *block, zend_optimizer_ctx *ctx)
427{
428    if (block->protected) {
429        return;
430    }
431    if (block->follow_to) {
432        zend_block_source *bs = block->sources;
433        while (bs) {
434            zend_code_block *from_block = bs->from;
435            zend_code_block *to = block->follow_to;
436            if (from_block->op1_to == block) {
437                from_block->op1_to = to;
438                ADD_SOURCE(from_block, to);
439            }
440            if (from_block->op2_to == block) {
441                from_block->op2_to = to;
442                ADD_SOURCE(from_block, to);
443            }
444            if (from_block->ext_to == block) {
445                from_block->ext_to = to;
446                ADD_SOURCE(from_block, to);
447            }
448            if (from_block->follow_to == block) {
449                from_block->follow_to = to;
450                ADD_SOURCE(from_block, to);
451            }
452            bs = bs->next;
453        }
454    }
455    block->access = 0;
456}
457
458static void zend_access_path(zend_code_block *block, zend_optimizer_ctx *ctx)
459{
460    if (block->access) {
461        return;
462    }
463
464    block->access = 1;
465    if (block->op1_to) {
466        zend_access_path(block->op1_to, ctx);
467        ADD_SOURCE(block, block->op1_to);
468    }
469    if (block->op2_to) {
470        zend_access_path(block->op2_to, ctx);
471        ADD_SOURCE(block, block->op2_to);
472    }
473    if (block->ext_to) {
474        zend_access_path(block->ext_to, ctx);
475        ADD_SOURCE(block, block->ext_to);
476    }
477    if (block->follow_to) {
478        zend_access_path(block->follow_to, ctx);
479        ADD_SOURCE(block, block->follow_to);
480    }
481}
482
483/* Traverse CFG, mark reachable basic blocks and build back references */
484static void zend_rebuild_access_path(zend_cfg *cfg, zend_op_array *op_array, int find_start, zend_optimizer_ctx *ctx)
485{
486    zend_code_block *blocks = cfg->blocks;
487    zend_code_block *start = find_start? NULL : blocks;
488    zend_code_block *b;
489
490    /* Mark all blocks as unaccessible and destroy back references */
491    b = blocks;
492    while (b != NULL) {
493        if (!start && b->access) {
494            start = b;
495        }
496        b->access = 0;
497        b->sources = NULL;
498        b = b->next;
499    }
500
501    /* Walk thorough all paths */
502    zend_access_path(start, ctx);
503
504    /* Add brk/cont paths */
505    if (op_array->last_brk_cont) {
506        int i;
507        for (i=0; i< op_array->last_brk_cont; i++) {
508            zend_access_path(cfg->loop_start[i], ctx);
509            zend_access_path(cfg->loop_cont[i], ctx);
510            zend_access_path(cfg->loop_brk[i], ctx);
511        }
512    }
513
514    /* Add exception paths */
515    if (op_array->last_try_catch) {
516        int i;
517        for (i=0; i< op_array->last_try_catch; i++) {
518            if (!cfg->catch[i]->access) {
519                zend_access_path(cfg->catch[i], ctx);
520            }
521        }
522    }
523}
524
525/* Data dependencies macros */
526
527#define VAR_NUM_EX(op) VAR_NUM((op).var)
528
529#define VAR_SOURCE(op) Tsource[VAR_NUM(op.var)]
530#define SET_VAR_SOURCE(opline) Tsource[VAR_NUM(opline->result.var)] = opline
531
532#define VAR_UNSET(op) do { if (op ## _type & (IS_TMP_VAR|IS_VAR)) {VAR_SOURCE(op) = NULL;}} while (0)
533
534#define convert_to_string_safe(v) \
535    if (Z_TYPE_P((v)) == IS_NULL) { \
536        ZVAL_STRINGL((v), "", 0); \
537    } else { \
538        convert_to_string((v)); \
539    }
540
541static void strip_nop(zend_code_block *block, zend_optimizer_ctx *ctx)
542{
543    zend_op *opline = block->start_opline;
544    zend_op *end, *new_end;
545
546    /* remove leading NOPs */
547    while (block->len > 0 && block->start_opline->opcode == ZEND_NOP) {
548        if (block->len == 1) {
549            /* this block is all NOPs, join with following block */
550            if (block->follow_to) {
551                delete_code_block(block, ctx);
552            }
553            return;
554        }
555        block->start_opline++;
556        block->start_opline_no++;
557        block->len--;
558    }
559
560    /* strip the inside NOPs */
561    opline = new_end = block->start_opline;
562    end = opline + block->len;
563
564    while (opline < end) {
565        zend_op *src;
566        int len = 0;
567
568        while (opline < end && opline->opcode == ZEND_NOP) {
569            opline++;
570        }
571        src = opline;
572
573        while (opline < end && opline->opcode != ZEND_NOP) {
574            opline++;
575        }
576        len = opline - src;
577
578        /* move up non-NOP opcodes */
579        memmove(new_end, src, len*sizeof(zend_op));
580
581        new_end += len;
582    }
583    block->len = new_end - block->start_opline;
584}
585
586static void zend_optimize_block(zend_code_block *block, zend_op_array *op_array, char *used_ext, zend_cfg *cfg, zend_optimizer_ctx *ctx TSRMLS_DC)
587{
588    zend_op *opline = block->start_opline;
589    zend_op *end, *last_op = NULL;
590    zend_op **Tsource = cfg->Tsource;
591
592    print_block(block, op_array->opcodes, "Opt ");
593
594    /* remove leading NOPs */
595    while (block->len > 0 && block->start_opline->opcode == ZEND_NOP) {
596        if (block->len == 1) {
597            /* this block is all NOPs, join with following block */
598            if (block->follow_to) {
599                delete_code_block(block, ctx);
600            }
601            return;
602        }
603        block->start_opline++;
604        block->start_opline_no++;
605        block->len--;
606    }
607
608    /* we track data dependencies only insight a single basic block */
609    memset(Tsource, 0, (op_array->last_var + op_array->T) * sizeof(zend_op *));
610    opline = block->start_opline;
611    end = opline + block->len;
612    while ((op_array->T) && (opline < end)) {
613        /* strip X = QM_ASSIGN(const) */
614        if ((ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
615            VAR_SOURCE(opline->op1) &&
616            VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN &&
617            ZEND_OP1_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
618            opline->opcode != ZEND_CASE &&         /* CASE _always_ expects variable */
619            opline->opcode != ZEND_FETCH_LIST &&
620            opline->opcode != ZEND_FE_RESET &&
621            opline->opcode != ZEND_FREE
622            ) {
623            zend_op *src = VAR_SOURCE(opline->op1);
624            zval c = ZEND_OP1_LITERAL(src);
625            VAR_UNSET(opline->op1);
626            zval_copy_ctor(&c);
627            zend_optimizer_update_op1_const(op_array, opline, &c TSRMLS_CC);
628            literal_dtor(&ZEND_OP1_LITERAL(src));
629            MAKE_NOP(src);
630        }
631
632        /* T = QM_ASSIGN(C), F(T) => NOP, F(C) */
633        if ((ZEND_OP2_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
634            VAR_SOURCE(opline->op2) &&
635            VAR_SOURCE(opline->op2)->opcode == ZEND_QM_ASSIGN &&
636            ZEND_OP1_TYPE(VAR_SOURCE(opline->op2)) == IS_CONST) {
637            zend_op *src = VAR_SOURCE(opline->op2);
638            zval c = ZEND_OP1_LITERAL(src);
639            VAR_UNSET(opline->op2);
640            zval_copy_ctor(&c);
641            zend_optimizer_update_op2_const(op_array, opline, &c TSRMLS_CC);
642            literal_dtor(&ZEND_OP1_LITERAL(src));
643            MAKE_NOP(src);
644        }
645
646        /* T = PRINT(X), F(T) => ECHO(X), F(1) */
647        if (ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
648            VAR_SOURCE(opline->op1) &&
649            VAR_SOURCE(opline->op1)->opcode == ZEND_PRINT &&
650            opline->opcode != ZEND_CASE && opline->opcode != ZEND_FREE) {
651            ZEND_OP1_TYPE(opline) = IS_CONST;
652            LITERAL_LONG(opline->op1, 1);
653        }
654
655        if (ZEND_OP2_TYPE(opline) == IS_TMP_VAR &&
656            VAR_SOURCE(opline->op2) &&
657            VAR_SOURCE(opline->op2)->opcode == ZEND_PRINT) {
658            ZEND_OP2_TYPE(opline) = IS_CONST;
659            LITERAL_LONG(opline->op2, 1);
660        }
661
662        /* T = CAST(X, String), ECHO(T) => NOP, ECHO(X) */
663        if ((opline->opcode == ZEND_ECHO || opline->opcode == ZEND_PRINT) &&
664            ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR) &&
665            VAR_SOURCE(opline->op1) &&
666            VAR_SOURCE(opline->op1)->opcode == ZEND_CAST &&
667            VAR_SOURCE(opline->op1)->extended_value == IS_STRING) {
668            zend_op *src = VAR_SOURCE(opline->op1);
669            COPY_NODE(opline->op1, src->op1);
670            MAKE_NOP(src);
671        }
672
673        /* T = PRINT(X), FREE(T) => ECHO(X) */
674        if (opline->opcode == ZEND_FREE &&
675            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
676            VAR_SOURCE(opline->op1)) {
677            zend_op *src = VAR_SOURCE(opline->op1);
678            if (src->opcode == ZEND_PRINT) {
679                src->opcode = ZEND_ECHO;
680                ZEND_RESULT_TYPE(src) = IS_UNUSED;
681                MAKE_NOP(opline);
682            }
683        }
684
685       /* T = BOOL(X), FREE(T) => NOP */
686        if (opline->opcode == ZEND_FREE &&
687            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
688            VAR_SOURCE(opline->op1)) {
689            zend_op *src = VAR_SOURCE(opline->op1);
690            if (src->opcode == ZEND_BOOL) {
691                if (ZEND_OP1_TYPE(src) == IS_CONST) {
692                    literal_dtor(&ZEND_OP1_LITERAL(src));
693                }
694                MAKE_NOP(src);
695                MAKE_NOP(opline);
696            }
697        }
698
699#if 0
700        /* pre-evaluate functions:
701           constant(x)
702           defined(x)
703           function_exists(x)
704           extension_loaded(x)
705           BAD: interacts badly with Accelerator
706        */
707        if((ZEND_OP1_TYPE(opline) & IS_VAR) &&
708           VAR_SOURCE(opline->op1) && VAR_SOURCE(opline->op1)->opcode == ZEND_DO_CF_FCALL &&
709           VAR_SOURCE(opline->op1)->extended_value == 1) {
710            zend_op *fcall = VAR_SOURCE(opline->op1);
711            zend_op *sv = fcall-1;
712            if(sv >= block->start_opline && sv->opcode == ZEND_SEND_VAL &&
713               ZEND_OP1_TYPE(sv) == IS_CONST && Z_TYPE(OPLINE_OP1_LITERAL(sv)) == IS_STRING &&
714               Z_LVAL(OPLINE_OP2_LITERAL(sv)) == 1
715               ) {
716                zval *arg = &OPLINE_OP1_LITERAL(sv);
717                char *fname = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].function_name;
718                int flen = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].name_len;
719                if(flen == sizeof("defined")-1 && zend_binary_strcasecmp(fname, flen, "defined", sizeof("defined")-1) == 0) {
720                    zval c;
721                    if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 0 TSRMLS_CC ELS_CC) != 0) {
722                        literal_dtor(arg);
723                        MAKE_NOP(sv);
724                        MAKE_NOP(fcall);
725                        LITERAL_BOOL(opline->op1, 1);
726                        ZEND_OP1_TYPE(opline) = IS_CONST;
727                    }
728                } else if((flen == sizeof("function_exists")-1 && zend_binary_strcasecmp(fname, flen, "function_exists", sizeof("function_exists")-1) == 0) ||
729                          (flen == sizeof("is_callable")-1 && zend_binary_strcasecmp(fname, flen, "is_callable", sizeof("is_callable")-1) == 0)
730                          ) {
731                    zend_function *function;
732                    if((function = zend_hash_find_ptr(EG(function_table), Z_STR_P(arg))) != NULL) {
733                        literal_dtor(arg);
734                        MAKE_NOP(sv);
735                        MAKE_NOP(fcall);
736                        LITERAL_BOOL(opline->op1, 1);
737                        ZEND_OP1_TYPE(opline) = IS_CONST;
738                    }
739                } else if(flen == sizeof("constant")-1 && zend_binary_strcasecmp(fname, flen, "constant", sizeof("constant")-1) == 0) {
740                    zval c;
741                    if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 1 TSRMLS_CC ELS_CC) != 0) {
742                        literal_dtor(arg);
743                        MAKE_NOP(sv);
744                        MAKE_NOP(fcall);
745                        ZEND_OP1_LITERAL(opline) = zend_optimizer_add_literal(op_array, &c TSRMLS_CC);
746                        /* no copy ctor - get already copied it */
747                        ZEND_OP1_TYPE(opline) = IS_CONST;
748                    }
749                } else if(flen == sizeof("extension_loaded")-1 && zend_binary_strcasecmp(fname, flen, "extension_loaded", sizeof("extension_loaded")-1) == 0) {
750                    if(zend_hash_exists(&module_registry, Z_STR_P(arg))) {
751                        literal_dtor(arg);
752                        MAKE_NOP(sv);
753                        MAKE_NOP(fcall);
754                        LITERAL_BOOL(opline->op1, 1);
755                        ZEND_OP1_TYPE(opline) = IS_CONST;
756                    }
757                }
758            }
759        }
760#endif
761
762        /* IS_EQ(TRUE, X)      => BOOL(X)
763         * IS_EQ(FALSE, X)     => BOOL_NOT(X)
764         * IS_NOT_EQ(TRUE, X)  => BOOL_NOT(X)
765         * IS_NOT_EQ(FALSE, X) => BOOL(X)
766         * CASE(TRUE, X)       => BOOL(X)
767         * CASE(FALSE, X)      => BOOL_NOT(X)
768         */
769        if (opline->opcode == ZEND_IS_EQUAL ||
770            opline->opcode == ZEND_IS_NOT_EQUAL ||
771            opline->opcode == ZEND_CASE) {
772            if (ZEND_OP1_TYPE(opline) == IS_CONST &&
773// TODO: Optimization of comparison with null may be not safe ???
774#if 1
775                (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_FALSE ||
776                 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_TRUE)) {
777#else
778                 Z_TYPE(ZEND_OP1_LITERAL(opline)) <= IS_TRUE) {
779#endif
780                opline->opcode =
781                    ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP1_LITERAL(opline))) == IS_TRUE)) ?
782                    ZEND_BOOL : ZEND_BOOL_NOT;
783                COPY_NODE(opline->op1, opline->op2);
784                SET_UNUSED(opline->op2);
785            } else if (ZEND_OP2_TYPE(opline) == IS_CONST &&
786// TODO: Optimization of comparison with null may be not safe ???
787#if 1
788                       (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
789                        Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
790#else
791                        Z_TYPE(ZEND_OP2_LITERAL(opline)) <= IS_TRUE) {
792#endif
793                opline->opcode =
794                    ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
795                    ZEND_BOOL : ZEND_BOOL_NOT;
796                SET_UNUSED(opline->op2);
797            }
798        }
799
800        if ((opline->opcode == ZEND_BOOL ||
801            opline->opcode == ZEND_BOOL_NOT ||
802            opline->opcode == ZEND_JMPZ ||
803            opline->opcode == ZEND_JMPNZ ||
804            opline->opcode == ZEND_JMPZNZ) &&
805            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
806            VAR_SOURCE(opline->op1) != NULL &&
807            !used_ext[VAR_NUM(ZEND_OP1(opline).var)] &&
808            VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL_NOT) {
809            /* T = BOOL_NOT(X) + JMPZ(T) -> NOP, JMPNZ(X) */
810            zend_op *src = VAR_SOURCE(opline->op1);
811
812            COPY_NODE(opline->op1, src->op1);
813
814            switch (opline->opcode) {
815                case ZEND_BOOL:
816                    /* T = BOOL_NOT(X) + BOOL(T) -> NOP, BOOL_NOT(X) */
817                    opline->opcode = ZEND_BOOL_NOT;
818                    break;
819                case ZEND_BOOL_NOT:
820                    /* T = BOOL_NOT(X) + BOOL_BOOL(T) -> NOP, BOOL(X) */
821                    opline->opcode = ZEND_BOOL;
822                    break;
823                case ZEND_JMPZ:
824                    /* T = BOOL_NOT(X) + JMPZ(T,L) -> NOP, JMPNZ(X,L) */
825                    opline->opcode = ZEND_JMPNZ;
826                    break;
827                case ZEND_JMPNZ:
828                    /* T = BOOL_NOT(X) + JMPNZ(T,L) -> NOP, JMPZ(X,L) */
829                    opline->opcode = ZEND_JMPZ;
830                    break;
831                case ZEND_JMPZNZ:
832                {
833                    /* T = BOOL_NOT(X) + JMPZNZ(T,L1,L2) -> NOP, JMPZNZ(X,L2,L1) */
834                    int op_t;
835                    zend_code_block *op_b;
836
837                    op_t = opline->extended_value;
838                    opline->extended_value = ZEND_OP2(opline).opline_num;
839                    ZEND_OP2(opline).opline_num = op_t;
840
841                    op_b = block->ext_to;
842                    block->ext_to = block->op2_to;
843                    block->op2_to = op_b;
844                }
845                break;
846            }
847
848            VAR_UNSET(opline->op1);
849            MAKE_NOP(src);
850            continue;
851        } else
852#if 0
853        /* T = BOOL_NOT(X) + T = JMPZ_EX(T, X) -> T = BOOL_NOT(X), JMPNZ(X) */
854        if(0 && (opline->opcode == ZEND_JMPZ_EX ||
855            opline->opcode == ZEND_JMPNZ_EX) &&
856           ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
857           VAR_SOURCE(opline->op1) != NULL &&
858           VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL_NOT &&
859           ZEND_OP1(opline).var == ZEND_RESULT(opline).var
860           ) {
861            zend_op *src = VAR_SOURCE(opline->op1);
862            if(opline->opcode == ZEND_JMPZ_EX) {
863                opline->opcode = ZEND_JMPNZ;
864            } else {
865                opline->opcode = ZEND_JMPZ;
866            }
867            COPY_NODE(opline->op1, src->op1);
868            SET_UNUSED(opline->result);
869            continue;
870        } else
871#endif
872        /* T = BOOL(X) + JMPZ(T) -> NOP, JMPZ(X) */
873        if ((opline->opcode == ZEND_BOOL ||
874            opline->opcode == ZEND_BOOL_NOT ||
875            opline->opcode == ZEND_JMPZ ||
876            opline->opcode == ZEND_JMPZ_EX ||
877            opline->opcode == ZEND_JMPNZ_EX ||
878            opline->opcode == ZEND_JMPNZ ||
879            opline->opcode == ZEND_JMPZNZ) &&
880            (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
881            VAR_SOURCE(opline->op1) != NULL &&
882            (!used_ext[VAR_NUM(ZEND_OP1(opline).var)] ||
883            ((ZEND_RESULT_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
884             ZEND_RESULT(opline).var == ZEND_OP1(opline).var)) &&
885            (VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL ||
886            VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN)) {
887            zend_op *src = VAR_SOURCE(opline->op1);
888            COPY_NODE(opline->op1, src->op1);
889
890            VAR_UNSET(opline->op1);
891            MAKE_NOP(src);
892            continue;
893        } else if (last_op && opline->opcode == ZEND_ECHO &&
894                  last_op->opcode == ZEND_ECHO &&
895                  ZEND_OP1_TYPE(opline) == IS_CONST &&
896                  Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_DOUBLE &&
897                  ZEND_OP1_TYPE(last_op) == IS_CONST &&
898                  Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_DOUBLE) {
899            /* compress consecutive ECHO's.
900             * Float to string conversion may be affected by current
901             * locale setting.
902             */
903            int l, old_len;
904
905            if (Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_STRING) {
906                convert_to_string_safe(&ZEND_OP1_LITERAL(opline));
907            }
908            if (Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_STRING) {
909                convert_to_string_safe(&ZEND_OP1_LITERAL(last_op));
910            }
911            old_len = Z_STRLEN(ZEND_OP1_LITERAL(last_op));
912            l = old_len + Z_STRLEN(ZEND_OP1_LITERAL(opline));
913            if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(last_op))) {
914                zend_string *tmp = zend_string_alloc(l, 0);
915                memcpy(tmp->val, Z_STRVAL(ZEND_OP1_LITERAL(last_op)), old_len);
916                Z_STR(ZEND_OP1_LITERAL(last_op)) = tmp;
917            } else {
918                Z_STR(ZEND_OP1_LITERAL(last_op)) = zend_string_realloc(Z_STR(ZEND_OP1_LITERAL(last_op)), l, 0);
919            }
920            Z_TYPE_INFO(ZEND_OP1_LITERAL(last_op)) = IS_STRING_EX;
921            memcpy(Z_STRVAL(ZEND_OP1_LITERAL(last_op)) + old_len, Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)));
922            Z_STRVAL(ZEND_OP1_LITERAL(last_op))[l] = '\0';
923            zval_dtor(&ZEND_OP1_LITERAL(opline));
924            Z_STR(ZEND_OP1_LITERAL(opline)) = zend_new_interned_string(Z_STR(ZEND_OP1_LITERAL(last_op)) TSRMLS_CC);
925            if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(opline))) {
926                Z_TYPE_FLAGS(ZEND_OP1_LITERAL(opline)) &= ~ (IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE);
927            }
928            ZVAL_NULL(&ZEND_OP1_LITERAL(last_op));
929            MAKE_NOP(last_op);
930        } else if (opline->opcode == ZEND_CONCAT &&
931                  ZEND_OP2_TYPE(opline) == IS_CONST &&
932                  ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
933                  VAR_SOURCE(opline->op1) &&
934                  (VAR_SOURCE(opline->op1)->opcode == ZEND_CONCAT ||
935                   VAR_SOURCE(opline->op1)->opcode == ZEND_ADD_STRING) &&
936                  ZEND_OP2_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
937                  ZEND_RESULT(VAR_SOURCE(opline->op1)).var == ZEND_OP1(opline).var) {
938            /* compress consecutive CONCATs */
939            zend_op *src = VAR_SOURCE(opline->op1);
940            int l, old_len;
941
942            if (Z_TYPE(ZEND_OP2_LITERAL(opline)) != IS_STRING) {
943                convert_to_string_safe(&ZEND_OP2_LITERAL(opline));
944            }
945            if (Z_TYPE(ZEND_OP2_LITERAL(src)) != IS_STRING) {
946                convert_to_string_safe(&ZEND_OP2_LITERAL(src));
947            }
948
949            VAR_UNSET(opline->op1);
950            if (ZEND_OP1_TYPE(src) == IS_UNUSED) {
951                /* 5.3 may use IS_UNUSED as first argument to ZEND_ADD_... */
952                opline->opcode = ZEND_ADD_STRING;
953            }
954            COPY_NODE(opline->op1, src->op1);
955            old_len = Z_STRLEN(ZEND_OP2_LITERAL(src));
956            l = old_len + Z_STRLEN(ZEND_OP2_LITERAL(opline));
957            if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(src))) {
958                zend_string *tmp = zend_string_alloc(l, 0);
959                memcpy(tmp->val, Z_STRVAL(ZEND_OP2_LITERAL(src)), old_len);
960                Z_STR(ZEND_OP2_LITERAL(last_op)) = tmp;
961            } else {
962                Z_STR(ZEND_OP2_LITERAL(src)) = zend_string_realloc(Z_STR(ZEND_OP2_LITERAL(src)), l, 0);
963            }
964            Z_TYPE_INFO(ZEND_OP2_LITERAL(last_op)) = IS_STRING_EX;
965            memcpy(Z_STRVAL(ZEND_OP2_LITERAL(src)) + old_len, Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)));
966            Z_STRVAL(ZEND_OP2_LITERAL(src))[l] = '\0';
967            zend_string_release(Z_STR(ZEND_OP2_LITERAL(opline)));
968            Z_STR(ZEND_OP2_LITERAL(opline)) = zend_new_interned_string(Z_STR(ZEND_OP2_LITERAL(src)) TSRMLS_CC);
969            if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(opline))) {
970                Z_TYPE_FLAGS(ZEND_OP2_LITERAL(opline)) &= ~ (IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE);
971            }
972            ZVAL_NULL(&ZEND_OP2_LITERAL(src));
973            MAKE_NOP(src);
974        } else if ((opline->opcode == ZEND_ADD_STRING || opline->opcode == ZEND_ADD_VAR) && ZEND_OP1_TYPE(opline) == IS_CONST) {
975            /* convert ADD_STRING(C1, C2) to CONCAT(C1, C2) */
976            opline->opcode = ZEND_CONCAT;
977            continue;
978        } else if (opline->opcode == ZEND_ADD_CHAR && ZEND_OP1_TYPE(opline) == IS_CONST && ZEND_OP2_TYPE(opline) == IS_CONST) {
979            /* convert ADD_CHAR(C1, C2) to CONCAT(C1, C2) */
980            char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
981            ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
982            opline->opcode = ZEND_CONCAT;
983            continue;
984        } else if ((opline->opcode == ZEND_ADD ||
985                    opline->opcode == ZEND_SUB ||
986                    opline->opcode == ZEND_MUL ||
987                    opline->opcode == ZEND_DIV ||
988                    opline->opcode == ZEND_MOD ||
989                    opline->opcode == ZEND_SL ||
990                    opline->opcode == ZEND_SR ||
991                    opline->opcode == ZEND_CONCAT ||
992                    opline->opcode == ZEND_IS_EQUAL ||
993                    opline->opcode == ZEND_IS_NOT_EQUAL ||
994                    opline->opcode == ZEND_IS_SMALLER ||
995                    opline->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
996                    opline->opcode == ZEND_IS_IDENTICAL ||
997                    opline->opcode == ZEND_IS_NOT_IDENTICAL ||
998                    opline->opcode == ZEND_BOOL_XOR ||
999                    opline->opcode == ZEND_BW_OR ||
1000                    opline->opcode == ZEND_BW_AND ||
1001                    opline->opcode == ZEND_BW_XOR) &&
1002                    ZEND_OP1_TYPE(opline)==IS_CONST &&
1003                    ZEND_OP2_TYPE(opline)==IS_CONST) {
1004            /* evaluate constant expressions */
1005            int (*binary_op)(zval *result, zval *op1, zval *op2 TSRMLS_DC) = get_binary_op(opline->opcode);
1006            zval result;
1007            int er;
1008
1009            if ((opline->opcode == ZEND_DIV || opline->opcode == ZEND_MOD) &&
1010                ((Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_LONG &&
1011                  Z_LVAL(ZEND_OP2_LITERAL(opline)) == 0) ||
1012                 (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_DOUBLE &&
1013                  Z_DVAL(ZEND_OP2_LITERAL(opline)) == 0.0))) {
1014                if (RESULT_USED(opline)) {
1015                    SET_VAR_SOURCE(opline);
1016                }
1017                opline++;
1018                continue;
1019            }
1020            er = EG(error_reporting);
1021            EG(error_reporting) = 0;
1022            if (binary_op(&result, &ZEND_OP1_LITERAL(opline), &ZEND_OP2_LITERAL(opline) TSRMLS_CC) == SUCCESS) {
1023                literal_dtor(&ZEND_OP1_LITERAL(opline));
1024                literal_dtor(&ZEND_OP2_LITERAL(opline));
1025                opline->opcode = ZEND_QM_ASSIGN;
1026                SET_UNUSED(opline->op2);
1027                zend_optimizer_update_op1_const(op_array, opline, &result TSRMLS_CC);
1028            }
1029            EG(error_reporting) = er;
1030        } else if ((opline->opcode == ZEND_BOOL ||
1031                    opline->opcode == ZEND_BOOL_NOT ||
1032                    opline->opcode == ZEND_BW_NOT) && ZEND_OP1_TYPE(opline) == IS_CONST) {
1033            /* evaluate constant unary ops */
1034            unary_op_type unary_op = get_unary_op(opline->opcode);
1035            zval result;
1036
1037            if (unary_op) {
1038                unary_op(&result, &ZEND_OP1_LITERAL(opline) TSRMLS_CC);
1039                literal_dtor(&ZEND_OP1_LITERAL(opline));
1040            } else {
1041                /* BOOL */
1042                result = ZEND_OP1_LITERAL(opline);
1043                convert_to_boolean(&result);
1044                ZVAL_NULL(&ZEND_OP1_LITERAL(opline));
1045            }
1046            opline->opcode = ZEND_QM_ASSIGN;
1047            zend_optimizer_update_op1_const(op_array, opline, &result TSRMLS_CC);
1048        } else if ((opline->opcode == ZEND_RETURN || opline->opcode == ZEND_EXIT) &&
1049                    (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
1050                    VAR_SOURCE(opline->op1) &&
1051                    VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN) {
1052            /* T = QM_ASSIGN(X), RETURN(T) to RETURN(X) */
1053            zend_op *src = VAR_SOURCE(opline->op1);
1054            VAR_UNSET(opline->op1);
1055            COPY_NODE(opline->op1, src->op1);
1056            MAKE_NOP(src);
1057        } else if ((opline->opcode == ZEND_ADD_STRING ||
1058                    opline->opcode == ZEND_ADD_CHAR ||
1059                    opline->opcode == ZEND_ADD_VAR ||
1060                    opline->opcode == ZEND_CONCAT) &&
1061                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1062                    VAR_SOURCE(opline->op1) &&
1063                    VAR_SOURCE(opline->op1)->opcode == ZEND_CONCAT &&
1064                    ZEND_OP2_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
1065                    Z_TYPE(ZEND_OP2_LITERAL(VAR_SOURCE(opline->op1))) == IS_STRING &&
1066                    Z_STRLEN(ZEND_OP2_LITERAL(VAR_SOURCE(opline->op1))) == 0) {
1067            /* convert T = CONCAT(X,''), T = ADD_STRING(T, Y) to T = CONCAT(X,Y) */
1068            zend_op *src = VAR_SOURCE(opline->op1);
1069            VAR_UNSET(opline->op1);
1070            COPY_NODE(opline->op1, src->op1);
1071            if (opline->opcode == ZEND_ADD_CHAR) {
1072                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1073                ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
1074            }
1075            opline->opcode = ZEND_CONCAT;
1076            literal_dtor(&ZEND_OP2_LITERAL(src)); /* will take care of empty_string too */
1077            MAKE_NOP(src);
1078        } else if ((opline->opcode == ZEND_ADD_STRING ||
1079                    opline->opcode == ZEND_ADD_CHAR ||
1080                    opline->opcode == ZEND_ADD_VAR ||
1081                    opline->opcode == ZEND_CONCAT) &&
1082                    (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
1083                    VAR_SOURCE(opline->op1) &&
1084                    VAR_SOURCE(opline->op1)->opcode == ZEND_CAST &&
1085                    VAR_SOURCE(opline->op1)->extended_value == IS_STRING) {
1086            /* convert T1 = CAST(STRING, X), T2 = CONCAT(T1, Y) to T2 = CONCAT(X,Y) */
1087            zend_op *src = VAR_SOURCE(opline->op1);
1088            VAR_UNSET(opline->op1);
1089            COPY_NODE(opline->op1, src->op1);
1090            if (opline->opcode == ZEND_ADD_CHAR) {
1091                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1092                ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
1093            }
1094            opline->opcode = ZEND_CONCAT;
1095            MAKE_NOP(src);
1096        } else if (opline->opcode == ZEND_QM_ASSIGN &&
1097                    ZEND_OP1_TYPE(opline) == ZEND_RESULT_TYPE(opline) &&
1098                    ZEND_OP1(opline).var == ZEND_RESULT(opline).var) {
1099            /* strip T = QM_ASSIGN(T) */
1100            MAKE_NOP(opline);
1101        } else if (opline->opcode == ZEND_BOOL &&
1102                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1103                    VAR_SOURCE(opline->op1) &&
1104                    (VAR_SOURCE(opline->op1)->opcode == ZEND_IS_EQUAL ||
1105                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_NOT_EQUAL ||
1106                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_SMALLER ||
1107                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
1108                    VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL ||
1109                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_IDENTICAL ||
1110                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_NOT_IDENTICAL ||
1111                    VAR_SOURCE(opline->op1)->opcode == ZEND_ISSET_ISEMPTY_VAR ||
1112                    VAR_SOURCE(opline->op1)->opcode == ZEND_ISSET_ISEMPTY_DIM_OBJ) &&
1113                    !used_ext[VAR_NUM(ZEND_OP1(opline).var)]) {
1114            /* T = IS_SMALLER(X, Y), T1 = BOOL(T) => T = IS_SMALLER(X, Y), T1 = QM_ASSIGN(T) */
1115            zend_op *src = VAR_SOURCE(opline->op1);
1116            COPY_NODE(src->result, opline->result);
1117            SET_VAR_SOURCE(src);
1118            MAKE_NOP(opline);
1119        }
1120        /* get variable source */
1121        if (RESULT_USED(opline)) {
1122            SET_VAR_SOURCE(opline);
1123        }
1124        if (opline->opcode != ZEND_NOP) {
1125            last_op = opline;
1126        }
1127        opline++;
1128    }
1129
1130    strip_nop(block, ctx);
1131}
1132
1133/* Rebuild plain (optimized) op_array from CFG */
1134static void assemble_code_blocks(zend_cfg *cfg, zend_op_array *op_array)
1135{
1136    zend_code_block *blocks = cfg->blocks;
1137    zend_op *new_opcodes = emalloc(op_array->last * sizeof(zend_op));
1138    zend_op *opline = new_opcodes;
1139    zend_code_block *cur_block = blocks;
1140
1141    /* Copy code of reachable blocks into a single buffer */
1142    while (cur_block) {
1143        if (cur_block->access) {
1144            memcpy(opline, cur_block->start_opline, cur_block->len * sizeof(zend_op));
1145            cur_block->start_opline = opline;
1146            opline += cur_block->len;
1147            if ((opline - 1)->opcode == ZEND_JMP) {
1148                zend_code_block *next;
1149                next = cur_block->next;
1150                while (next && !next->access) {
1151                    next = next->next;
1152                }
1153                if (next && next == cur_block->op1_to) {
1154                    /* JMP to the next block - strip it */
1155                    cur_block->follow_to = cur_block->op1_to;
1156                    cur_block->op1_to = NULL;
1157                    MAKE_NOP((opline - 1));
1158                    opline--;
1159                    cur_block->len--;
1160                }
1161            }
1162        } else {
1163            /* this block will not be used, delete all constants there */
1164            zend_op *_opl;
1165            zend_op *end = cur_block->start_opline + cur_block->len;
1166            for (_opl = cur_block->start_opline; _opl && _opl < end; _opl++) {
1167                if (ZEND_OP1_TYPE(_opl) == IS_CONST) {
1168                    literal_dtor(&ZEND_OP1_LITERAL(_opl));
1169                }
1170                if (ZEND_OP2_TYPE(_opl) == IS_CONST) {
1171                    literal_dtor(&ZEND_OP2_LITERAL(_opl));
1172                }
1173            }
1174        }
1175        cur_block = cur_block->next;
1176    }
1177
1178    if ((opline-1)->opcode == ZEND_THROW) {
1179        /* if we finished with THROW, we need to add space between THROW and HANDLE to not confuse
1180           zend_throw_internal */
1181        MAKE_NOP(opline);
1182        opline->lineno = opline[-1].lineno;
1183        opline++;
1184    }
1185
1186    op_array->last = opline-new_opcodes;
1187
1188    /* adjust exception jump targets */
1189    if (op_array->last_try_catch) {
1190        int i, j;
1191        for (i = 0, j = 0; i< op_array->last_try_catch; i++) {
1192            if (cfg->try[i]->access) {
1193                op_array->try_catch_array[j].try_op = cfg->try[i]->start_opline - new_opcodes;
1194                op_array->try_catch_array[j].catch_op = cfg->catch[i]->start_opline - new_opcodes;
1195                j++;
1196            }
1197        }
1198        op_array->last_try_catch = j;
1199    }
1200
1201    /* adjust loop jump targets */
1202    if (op_array->last_brk_cont) {
1203        int i;
1204        for (i = 0; i< op_array->last_brk_cont; i++) {
1205            op_array->brk_cont_array[i].start = cfg->loop_start[i]->start_opline - new_opcodes;
1206            op_array->brk_cont_array[i].cont = cfg->loop_cont[i]->start_opline - new_opcodes;
1207            op_array->brk_cont_array[i].brk = cfg->loop_brk[i]->start_opline - new_opcodes;
1208        }
1209    }
1210
1211    /* adjust jump targets */
1212    for (cur_block = blocks; cur_block; cur_block = cur_block->next) {
1213        if (!cur_block->access) {
1214            continue;
1215        }
1216        opline = cur_block->start_opline + cur_block->len - 1;
1217        if (opline->opcode == ZEND_OP_DATA) {
1218            opline--;
1219        }
1220        if (cur_block->op1_to) {
1221            ZEND_OP1(opline).opline_num = cur_block->op1_to->start_opline - new_opcodes;
1222        }
1223        if (cur_block->op2_to) {
1224            ZEND_OP2(opline).opline_num = cur_block->op2_to->start_opline - new_opcodes;
1225        }
1226        if (cur_block->ext_to) {
1227            opline->extended_value = cur_block->ext_to->start_opline - new_opcodes;
1228        }
1229        print_block(cur_block, new_opcodes, "Out ");
1230    }
1231    efree(op_array->opcodes);
1232    op_array->opcodes = erealloc(new_opcodes, op_array->last * sizeof(zend_op));
1233
1234    /* adjust early binding list */
1235    if (op_array->early_binding != (uint32_t)-1) {
1236        uint32_t *opline_num = &op_array->early_binding;
1237        zend_op *end;
1238
1239        opline = op_array->opcodes;
1240        end = opline + op_array->last;
1241        while (opline < end) {
1242            if (opline->opcode == ZEND_DECLARE_INHERITED_CLASS_DELAYED) {
1243                *opline_num = opline - op_array->opcodes;
1244                opline_num = &ZEND_RESULT(opline).opline_num;
1245            }
1246            ++opline;
1247        }
1248        *opline_num = -1;
1249    }
1250}
1251
1252static void zend_jmp_optimization(zend_code_block *block, zend_op_array *op_array, zend_code_block *blocks, zend_cfg *cfg, zend_optimizer_ctx *ctx TSRMLS_DC)
1253{
1254    /* last_op is the last opcode of the current block */
1255    zend_op *last_op = (block->start_opline + block->len - 1);
1256
1257    if (!block->len) {
1258        return;
1259    }
1260    switch (last_op->opcode) {
1261        case ZEND_JMP:
1262            {
1263                zend_op *target = block->op1_to->start_opline;
1264                zend_code_block *next = block->next;
1265
1266                while (next && !next->access) {
1267                    /* find used one */
1268                    next = next->next;
1269                }
1270
1271                /* JMP(next) -> NOP */
1272                if (block->op1_to == next) {
1273                    block->follow_to = block->op1_to;
1274                    block->op1_to = NULL;
1275                    MAKE_NOP(last_op);
1276                    block->len--;
1277                    if (block->len == 0) {
1278                        /* this block is nothing but NOP now */
1279                        delete_code_block(block, ctx);
1280                    }
1281                    break;
1282                }
1283
1284                if (((target->opcode == ZEND_JMP &&
1285                    block->op1_to != block->op1_to->op1_to) ||
1286                    target->opcode == ZEND_JMPZNZ) &&
1287                    !block->op1_to->protected) {
1288                    /* JMP L, L: JMP L1 -> JMP L1 */
1289                    /* JMP L, L: JMPZNZ L1,L2 -> JMPZNZ L1,L2 */
1290                    *last_op = *target;
1291                    if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1292                        zval zv = ZEND_OP1_LITERAL(last_op);
1293                        zval_copy_ctor(&zv);
1294                        last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv TSRMLS_CC);
1295                    }
1296                    del_source(block, block->op1_to);
1297                    if (block->op1_to->op2_to) {
1298                        block->op2_to = block->op1_to->op2_to;
1299                        ADD_SOURCE(block, block->op2_to);
1300                    }
1301                    if (block->op1_to->ext_to) {
1302                        block->ext_to = block->op1_to->ext_to;
1303                        ADD_SOURCE(block, block->ext_to);
1304                    }
1305                    if (block->op1_to->op1_to) {
1306                        block->op1_to = block->op1_to->op1_to;
1307                        ADD_SOURCE(block, block->op1_to);
1308                    } else {
1309                        block->op1_to = NULL;
1310                    }
1311                } else if (target->opcode == ZEND_RETURN ||
1312                          target->opcode == ZEND_RETURN_BY_REF ||
1313                          target->opcode == ZEND_FAST_RET ||
1314                          target->opcode == ZEND_EXIT) {
1315                    /* JMP L, L: RETURN to immediate RETURN */
1316                    *last_op = *target;
1317                    if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1318                        zval zv = ZEND_OP1_LITERAL(last_op);
1319                        zval_copy_ctor(&zv);
1320                        last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv TSRMLS_CC);
1321                    }
1322                    del_source(block, block->op1_to);
1323                    block->op1_to = NULL;
1324#if 0
1325                /* Temporarily disabled - see bug #0025274 */
1326                } else if (0&& block->op1_to != block &&
1327                       block->op1_to != blocks &&
1328                           op_array->last_try_catch == 0 &&
1329                           target->opcode != ZEND_FREE) {
1330                    /* Block Reordering (saves one JMP on each "for" loop iteration)
1331                     * It is disabled for some cases (ZEND_FREE)
1332                     * which may break register allocation.
1333                     */
1334                    zend_bool can_reorder = 0;
1335                    zend_block_source *cs = block->op1_to->sources;
1336
1337                    /* the "target" block doesn't had any followed block */
1338                    while(cs) {
1339                        if (cs->from->follow_to == block->op1_to) {
1340                            can_reorder = 0;
1341                            break;
1342                        }
1343                        cs = cs->next;
1344                    }
1345                    if (can_reorder) {
1346                        next = block->op1_to;
1347                        /* the "target" block is not followed by current "block" */
1348                        while (next->follow_to != NULL) {
1349                            if (next->follow_to == block) {
1350                                can_reorder = 0;
1351                                break;
1352                            }
1353                            next = next->follow_to;
1354                        }
1355                        if (can_reorder) {
1356                            zend_code_block *prev = blocks;
1357
1358                            while (prev->next != block->op1_to) {
1359                                prev = prev->next;
1360                            }
1361                            prev->next = next->next;
1362                            next->next = block->next;
1363                            block->next = block->op1_to;
1364
1365                            block->follow_to = block->op1_to;
1366                            block->op1_to = NULL;
1367                            MAKE_NOP(last_op);
1368                            block->len--;
1369                            if(block->len == 0) {
1370                                /* this block is nothing but NOP now */
1371                                delete_code_block(block, ctx);
1372                            }
1373                            break;
1374                        }
1375                    }
1376#endif
1377                }
1378            }
1379            break;
1380
1381        case ZEND_JMPZ:
1382        case ZEND_JMPNZ:
1383            /* constant conditional JMPs */
1384            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1385                int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC);
1386
1387                if (last_op->opcode == ZEND_JMPZ) {
1388                    should_jmp = !should_jmp;
1389                }
1390                literal_dtor(&ZEND_OP1_LITERAL(last_op));
1391                ZEND_OP1_TYPE(last_op) = IS_UNUSED;
1392                if (should_jmp) {
1393                    /* JMPNZ(true) -> JMP */
1394                    last_op->opcode = ZEND_JMP;
1395                    COPY_NODE(last_op->op1, last_op->op2);
1396                    block->op1_to = block->op2_to;
1397                    del_source(block, block->follow_to);
1398                    block->op2_to = NULL;
1399                    block->follow_to = NULL;
1400                } else {
1401                    /* JMPNZ(false) -> NOP */
1402                    MAKE_NOP(last_op);
1403                    del_source(block, block->op2_to);
1404                    block->op2_to = NULL;
1405                }
1406                break;
1407            }
1408
1409            if (block->op2_to) {
1410                zend_uchar same_type = ZEND_OP1_TYPE(last_op);
1411                uint32_t same_var = VAR_NUM_EX(last_op->op1);
1412                zend_op *target;
1413                zend_op *target_end;
1414                zend_code_block *target_block = block->op2_to;;
1415
1416next_target:
1417                target = target_block->start_opline;
1418                target_end = target_block->start_opline + target_block->len;
1419                while (target < target_end && target->opcode == ZEND_NOP) {
1420                    target++;
1421                }
1422
1423                /* next block is only NOP's */
1424                if (target == target_end) {
1425                    target_block = target_block->follow_to;
1426                    goto next_target;
1427                } else if (target->opcode == INV_COND(last_op->opcode) &&
1428                    /* JMPZ(X, L), L: JMPNZ(X, L2) -> JMPZ(X, L+1) */
1429                   (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1430                   same_type == ZEND_OP1_TYPE(target) &&
1431                   same_var == VAR_NUM_EX(target->op1) &&
1432                   target_block->follow_to &&
1433                   !target_block->protected
1434                   ) {
1435                    del_source(block, block->op2_to);
1436                    block->op2_to = target_block->follow_to;
1437                    ADD_SOURCE(block, block->op2_to);
1438                } else if (target->opcode == INV_COND_EX(last_op->opcode) &&
1439                            (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1440                            same_type == ZEND_OP1_TYPE(target) &&
1441                            same_var == VAR_NUM_EX(target->op1) &&
1442                            target_block->follow_to &&
1443                            !target_block->protected) {
1444                    /* JMPZ(X, L), L: X = JMPNZ_EX(X, L2) -> JMPZ(X, L+1) */
1445                    last_op->opcode += 3;
1446                    last_op->result = target->result;
1447                    del_source(block, block->op2_to);
1448                    block->op2_to = target_block->follow_to;
1449                    ADD_SOURCE(block, block->op2_to);
1450                } else if (target_block->op2_to &&
1451                           target->opcode == last_op->opcode &&
1452                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1453                           same_type == ZEND_OP1_TYPE(target) &&
1454                           same_var == VAR_NUM_EX(target->op1) &&
1455                           !target_block->protected) {
1456                    /* JMPZ(X, L), L: JMPZ(X, L2) -> JMPZ(X, L2) */
1457                    del_source(block, block->op2_to);
1458                    block->op2_to = target_block->op2_to;
1459                    ADD_SOURCE(block, block->op2_to);
1460                } else if (target_block->op1_to &&
1461                            target->opcode == ZEND_JMP &&
1462                            !target_block->protected) {
1463                    /* JMPZ(X, L), L: JMP(L2) -> JMPZ(X, L2) */
1464                    del_source(block, block->op2_to);
1465                    block->op2_to = target_block->op1_to;
1466                    ADD_SOURCE(block, block->op2_to);
1467                } else if (target_block->op2_to &&
1468                            target_block->ext_to &&
1469                            target->opcode == ZEND_JMPZNZ &&
1470                            (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1471                            same_type == ZEND_OP1_TYPE(target) &&
1472                            same_var == VAR_NUM_EX(target->op1) &&
1473                            !target_block->protected) {
1474                    /* JMPZ(X, L), L: JMPZNZ(X, L2, L3) -> JMPZ(X, L2) */
1475                    del_source(block, block->op2_to);
1476                    if (last_op->opcode == ZEND_JMPZ) {
1477                        block->op2_to = target_block->op2_to;
1478                    } else {
1479                        block->op2_to = target_block->ext_to;
1480                    }
1481                    ADD_SOURCE(block, block->op2_to);
1482                }
1483            }
1484
1485            if (block->follow_to &&
1486                (last_op->opcode == ZEND_JMPZ || last_op->opcode == ZEND_JMPNZ)) {
1487                zend_op *target;
1488                zend_op *target_end;
1489
1490                while (1) {
1491                    target = block->follow_to->start_opline;
1492                    target_end = block->follow_to->start_opline + block->follow_to->len;
1493                    while (target < target_end && target->opcode == ZEND_NOP) {
1494                        target++;
1495                    }
1496
1497                    /* next block is only NOP's */
1498                    if (target == target_end) {
1499                        del_source(block, block->follow_to);
1500                        block->follow_to = block->follow_to->follow_to;
1501                        ADD_SOURCE(block, block->follow_to);
1502                    } else {
1503                        break;
1504                    }
1505                }
1506                /* JMPZ(X,L1), JMP(L2) -> JMPZNZ(X,L1,L2) */
1507                if (target->opcode == ZEND_JMP &&
1508                    block->follow_to->op1_to &&
1509                    !block->follow_to->protected) {
1510                    del_source(block, block->follow_to);
1511                    if (last_op->opcode == ZEND_JMPZ) {
1512                        block->ext_to = block->follow_to->op1_to;
1513                        ADD_SOURCE(block, block->ext_to);
1514                    } else {
1515                        block->ext_to = block->op2_to;
1516                        block->op2_to = block->follow_to->op1_to;
1517                        ADD_SOURCE(block, block->op2_to);
1518                    }
1519                    block->follow_to = NULL;
1520                    last_op->opcode = ZEND_JMPZNZ;
1521                }
1522            }
1523            break;
1524
1525        case ZEND_JMPNZ_EX:
1526        case ZEND_JMPZ_EX:
1527            /* constant conditional JMPs */
1528            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1529                int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC);
1530
1531                if (last_op->opcode == ZEND_JMPZ_EX) {
1532                    should_jmp = !should_jmp;
1533                }
1534                if (!should_jmp) {
1535                    /* T = JMPZ_EX(true,L)   -> T = QM_ASSIGN(true)
1536                     * T = JMPNZ_EX(false,L) -> T = QM_ASSIGN(false)
1537                     */
1538                    last_op->opcode = ZEND_QM_ASSIGN;
1539                    SET_UNUSED(last_op->op2);
1540                    del_source(block, block->op2_to);
1541                    block->op2_to = NULL;
1542                }
1543                break;
1544            }
1545
1546            if (block->op2_to) {
1547                zend_op *target, *target_end;
1548                char *same_t=NULL;
1549                zend_code_block *target_block;
1550                int var_num = op_array->last_var + op_array->T;
1551
1552                if (var_num <= 0) {
1553                    return;
1554                }
1555                same_t = cfg->same_t;
1556                memset(same_t, 0, var_num);
1557                same_t[VAR_NUM_EX(last_op->op1)] |= ZEND_OP1_TYPE(last_op);
1558                same_t[VAR_NUM_EX(last_op->result)] |= ZEND_RESULT_TYPE(last_op);
1559                target_block = block->op2_to;
1560next_target_ex:
1561                target = target_block->start_opline;
1562                target_end = target_block->start_opline + target_block->len;
1563                while (target < target_end && target->opcode == ZEND_NOP) {
1564                    target++;
1565                }
1566                /* next block is only NOP's */
1567                if (target == target_end) {
1568                    target_block = target_block->follow_to;
1569                    goto next_target_ex;
1570                } else if (target_block->op2_to &&
1571                           target->opcode == last_op->opcode-3 &&
1572                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1573                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1574                           !target_block->protected) {
1575                    /* T = JMPZ_EX(X, L1), L1: JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1576                    del_source(block, block->op2_to);
1577                    block->op2_to = target_block->op2_to;
1578                    ADD_SOURCE(block, block->op2_to);
1579                } else if (target_block->op2_to &&
1580                           target->opcode == INV_EX_COND(last_op->opcode) &&
1581                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1582                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1583                           !target_block->protected) {
1584                    /* T = JMPZ_EX(X, L1), L1: JMPNZ({X|T1}, L2) -> T = JMPZ_EX(X, L1+1) */
1585                    del_source(block, block->op2_to);
1586                    block->op2_to = target_block->follow_to;
1587                    ADD_SOURCE(block, block->op2_to);
1588                } else if (target_block->op2_to &&
1589                           target->opcode == INV_EX_COND_EX(last_op->opcode) &&
1590                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1591                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1592                           (same_t[VAR_NUM_EX(target->result)] & ZEND_RESULT_TYPE(target)) != 0 &&
1593                           !target_block->protected) {
1594                    /* T = JMPZ_EX(X, L1), L1: T = JMPNZ_EX(T, L2) -> T = JMPZ_EX(X, L1+1) */
1595                    del_source(block, block->op2_to);
1596                    block->op2_to = target_block->follow_to;
1597                    ADD_SOURCE(block, block->op2_to);
1598                } else if (target_block->op2_to &&
1599                           target->opcode == last_op->opcode &&
1600                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1601                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1602                           (same_t[VAR_NUM_EX(target->result)] & ZEND_RESULT_TYPE(target)) != 0 &&
1603                           !target_block->protected) {
1604                    /* T = JMPZ_EX(X, L1), L1: T = JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1605                    del_source(block, block->op2_to);
1606                    block->op2_to = target_block->op2_to;
1607                    ADD_SOURCE(block, block->op2_to);
1608                } else if (target_block->op1_to &&
1609                           target->opcode == ZEND_JMP &&
1610                           !target_block->protected) {
1611                    /* T = JMPZ_EX(X, L), L: JMP(L2) -> T = JMPZ(X, L2) */
1612                    del_source(block, block->op2_to);
1613                    block->op2_to = target_block->op1_to;
1614                    ADD_SOURCE(block, block->op2_to);
1615                } else if (target_block->op2_to &&
1616                           target_block->ext_to &&
1617                           target->opcode == ZEND_JMPZNZ &&
1618                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1619                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1620                           !target_block->protected) {
1621                    /* T = JMPZ_EX(X, L), L: JMPZNZ({X|T}, L2, L3) -> T = JMPZ_EX(X, L2) */
1622                    del_source(block, block->op2_to);
1623                    if (last_op->opcode == ZEND_JMPZ_EX) {
1624                        block->op2_to = target_block->op2_to;
1625                    } else {
1626                        block->op2_to = target_block->ext_to;
1627                    }
1628                    ADD_SOURCE(block, block->op2_to);
1629                }
1630            }
1631            break;
1632
1633        case ZEND_JMPZNZ: {
1634            zend_code_block *next = block->next;
1635
1636            while (next && !next->access) {
1637                /* find first accessed one */
1638                next = next->next;
1639            }
1640
1641            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1642                if (!zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC)) {
1643                    /* JMPZNZ(false,L1,L2) -> JMP(L1) */
1644                    zend_code_block *todel;
1645
1646                    literal_dtor(&ZEND_OP1_LITERAL(last_op));
1647                    last_op->opcode = ZEND_JMP;
1648                    SET_UNUSED(last_op->op1);
1649                    SET_UNUSED(last_op->op2);
1650                    block->op1_to = block->op2_to;
1651                    todel = block->ext_to;
1652                    block->op2_to = NULL;
1653                    block->ext_to = NULL;
1654                    del_source(block, todel);
1655                } else {
1656                    /* JMPZNZ(true,L1,L2) -> JMP(L2) */
1657                    zend_code_block *todel;
1658
1659                    literal_dtor(&ZEND_OP1_LITERAL(last_op));
1660                    last_op->opcode = ZEND_JMP;
1661                    SET_UNUSED(last_op->op1);
1662                    SET_UNUSED(last_op->op2);
1663                    block->op1_to = block->ext_to;
1664                    todel =  block->op2_to;
1665                    block->op2_to = NULL;
1666                    block->ext_to = NULL;
1667                    del_source(block, todel);
1668                }
1669            } else if (block->op2_to == block->ext_to) {
1670                /* both goto the same one - it's JMP */
1671                /* JMPZNZ(?,L,L) -> JMP(L) */
1672                last_op->opcode = ZEND_JMP;
1673                SET_UNUSED(last_op->op1);
1674                SET_UNUSED(last_op->op2);
1675                block->op1_to = block->op2_to;
1676                block->op2_to = NULL;
1677                block->ext_to = NULL;
1678            } else if (block->op2_to == next) {
1679                /* jumping to next on Z - can follow to it and jump only on NZ */
1680                /* JMPZNZ(X,L1,L2) L1: -> JMPNZ(X,L2) */
1681                last_op->opcode = ZEND_JMPNZ;
1682                block->op2_to = block->ext_to;
1683                block->follow_to = next;
1684                block->ext_to = NULL;
1685                /* no need to add source - it's block->op2_to */
1686            } else if (block->ext_to == next) {
1687                /* jumping to next on NZ - can follow to it and jump only on Z */
1688                /* JMPZNZ(X,L1,L2) L2: -> JMPZ(X,L1) */
1689                last_op->opcode = ZEND_JMPZ;
1690                block->follow_to = next;
1691                block->ext_to = NULL;
1692                /* no need to add source - it's block->ext_to */
1693            }
1694
1695            if (last_op->opcode == ZEND_JMPZNZ && block->op2_to) {
1696                zend_uchar same_type = ZEND_OP1_TYPE(last_op);
1697                zend_uchar same_var = VAR_NUM_EX(last_op->op1);
1698                zend_op *target;
1699                zend_op *target_end;
1700                zend_code_block *target_block = block->op2_to;
1701
1702next_target_znz:
1703                target = target_block->start_opline;
1704                target_end = target_block->start_opline + target_block->len;
1705                while (target < target_end && target->opcode == ZEND_NOP) {
1706                    target++;
1707                }
1708                /* next block is only NOP's */
1709                if (target == target_end) {
1710                    target_block = target_block->follow_to;
1711                    goto next_target_znz;
1712                } else if (target_block->op2_to &&
1713                           (target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
1714                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1715                           same_type == ZEND_OP1_TYPE(target) &&
1716                           same_var == VAR_NUM_EX(target->op1) &&
1717                           !target_block->protected) {
1718                    /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
1719                    del_source(block, block->op2_to);
1720                    block->op2_to = target_block->op2_to;
1721                    ADD_SOURCE(block, block->op2_to);
1722                } else if (target->opcode == ZEND_JMPNZ &&
1723                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1724                           same_type == ZEND_OP1_TYPE(target) &&
1725                           same_var == VAR_NUM_EX(target->op1) &&
1726                           target_block->follow_to &&
1727                           !target_block->protected) {
1728                    /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
1729                    del_source(block, block->op2_to);
1730                    block->op2_to = target_block->follow_to;
1731                    ADD_SOURCE(block, block->op2_to);
1732                } else if (target_block->op1_to &&
1733                           target->opcode == ZEND_JMP &&
1734                           !target_block->protected) {
1735                    /* JMPZNZ(X, L1, L2), L1: JMP(L3) -> JMPZNZ(X, L3, L2) */
1736                    del_source(block, block->op2_to);
1737                    block->op2_to = target_block->op1_to;
1738                    ADD_SOURCE(block, block->op2_to);
1739                }
1740            }
1741            break;
1742        }
1743    }
1744}
1745
1746/* Global data dependencies */
1747
1748#define T_USAGE(op) do { \
1749        if ((op ## _type & (IS_VAR | IS_TMP_VAR)) && \
1750           !defined_here[VAR_NUM(op.var)] && !used_ext[VAR_NUM(op.var)]) {  \
1751            used_ext[VAR_NUM(op.var)] = 1;                                  \
1752        } \
1753    } while (0)
1754
1755#define NEVER_USED(op) ((op ## _type & (IS_VAR | IS_TMP_VAR)) && !usage[VAR_NUM(op.var)]) /* !used_ext[op.var] && */
1756#define RES_NEVER_USED(opline) (opline->result_type == IS_UNUSED || NEVER_USED(opline->result))
1757
1758/* Find a set of variables which are used outside of the block where they are
1759 * defined. We won't apply some optimization patterns for such variables. */
1760static void zend_t_usage(zend_code_block *block, zend_op_array *op_array, char *used_ext, zend_optimizer_ctx *ctx)
1761{
1762    zend_code_block *next_block = block->next;
1763    char *usage;
1764    char *defined_here;
1765    void *checkpoint;
1766
1767    if (op_array->T == 0) {
1768        /* shortcut - if no Ts, nothing to do */
1769        return;
1770    }
1771
1772    checkpoint = zend_arena_checkpoint(ctx->arena);
1773    usage = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1774    memset(usage, 0, op_array->last_var + op_array->T);
1775    defined_here = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1776
1777    while (next_block) {
1778        zend_op *opline = next_block->start_opline;
1779        zend_op *end = opline + next_block->len;
1780
1781        if (!next_block->access) {
1782            next_block = next_block->next;
1783            continue;
1784        }
1785        memset(defined_here, 0, op_array->last_var + op_array->T);
1786
1787        while (opline<end) {
1788            T_USAGE(opline->op1);
1789            T_USAGE(opline->op2);
1790
1791            if (RESULT_USED(opline)) {
1792                if (!defined_here[VAR_NUM(ZEND_RESULT(opline).var)] && !used_ext[VAR_NUM(ZEND_RESULT(opline).var)] &&
1793                    (opline->opcode == ZEND_RECV || opline->opcode == ZEND_RECV_INIT ||
1794                     opline->opcode == ZEND_RECV_VARIADIC ||
1795                    (opline->opcode == ZEND_OP_DATA && ZEND_RESULT_TYPE(opline) == IS_TMP_VAR) ||
1796                    opline->opcode == ZEND_ADD_ARRAY_ELEMENT)) {
1797                    /* these opcodes use the result as argument */
1798                    used_ext[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1799                }
1800                defined_here[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1801            }
1802            opline++;
1803        }
1804        next_block = next_block->next;
1805    }
1806
1807#if DEBUG_BLOCKPASS
1808    {
1809        int i;
1810        for (i = op_array->last_var; i< op_array->T; i++) {
1811            fprintf(stderr, "T%d: %c\n", i, used_ext[i] + '0');
1812        }
1813    }
1814#endif
1815
1816    while (block) {
1817        zend_op *opline = block->start_opline + block->len - 1;
1818
1819        if (!block->access) {
1820            block = block->next;
1821            continue;
1822        }
1823
1824        memcpy(usage, used_ext, op_array->last_var + op_array->T);
1825
1826        while (opline >= block->start_opline) {
1827            /* usage checks */
1828            if (RES_NEVER_USED(opline)) {
1829                switch (opline->opcode) {
1830                    case ZEND_ASSIGN_ADD:
1831                    case ZEND_ASSIGN_SUB:
1832                    case ZEND_ASSIGN_MUL:
1833                    case ZEND_ASSIGN_DIV:
1834                    case ZEND_ASSIGN_MOD:
1835                    case ZEND_ASSIGN_SL:
1836                    case ZEND_ASSIGN_SR:
1837                    case ZEND_ASSIGN_CONCAT:
1838                    case ZEND_ASSIGN_BW_OR:
1839                    case ZEND_ASSIGN_BW_AND:
1840                    case ZEND_ASSIGN_BW_XOR:
1841                    case ZEND_PRE_INC:
1842                    case ZEND_PRE_DEC:
1843                    case ZEND_POST_INC:
1844                    case ZEND_POST_DEC:
1845                    case ZEND_ASSIGN:
1846                    case ZEND_ASSIGN_REF:
1847                    case ZEND_DO_FCALL:
1848                        if (ZEND_RESULT_TYPE(opline) == IS_VAR) {
1849                            ZEND_RESULT_TYPE(opline) |= EXT_TYPE_UNUSED;
1850                        }
1851                        break;
1852                    case ZEND_QM_ASSIGN:
1853                    case ZEND_BOOL:
1854                    case ZEND_BOOL_NOT:
1855                        if (ZEND_OP1_TYPE(opline) == IS_CONST) {
1856                            literal_dtor(&ZEND_OP1_LITERAL(opline));
1857                        }
1858                        MAKE_NOP(opline);
1859                        break;
1860                    case ZEND_PRINT:
1861                        opline->opcode = ZEND_ECHO;
1862                        ZEND_RESULT_TYPE(opline) = IS_UNUSED;
1863                        break;
1864                    case ZEND_JMPZ_EX:
1865                    case ZEND_JMPNZ_EX:
1866                        opline->opcode -= 3;
1867                        SET_UNUSED(opline->result);
1868                        break;
1869                }
1870            }
1871
1872            if (opline->opcode == ZEND_RECV ||
1873                opline->opcode == ZEND_RECV_INIT ||
1874                opline->opcode == ZEND_RECV_VARIADIC ||
1875                opline->opcode == ZEND_ADD_ARRAY_ELEMENT) {
1876                if (ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_TMP_VAR) {
1877                    usage[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1878                }
1879            } else {
1880                if (RESULT_USED(opline)) {
1881                    usage[VAR_NUM(ZEND_RESULT(opline).var)] = 0;
1882                }
1883            }
1884
1885            if (ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_TMP_VAR) {
1886                usage[VAR_NUM(ZEND_OP1(opline).var)] = 1;
1887            }
1888
1889            if (ZEND_OP2_TYPE(opline) == IS_VAR || ZEND_OP2_TYPE(opline) == IS_TMP_VAR) {
1890                usage[VAR_NUM(ZEND_OP2(opline).var)] = 1;
1891            }
1892
1893            if ((ZEND_RESULT_TYPE(opline) & IS_VAR) &&
1894                (ZEND_RESULT_TYPE(opline) & EXT_TYPE_UNUSED) &&
1895                usage[VAR_NUM(ZEND_RESULT(opline).var)]) {
1896                ZEND_RESULT_TYPE(opline) &= ~EXT_TYPE_UNUSED;
1897            }
1898
1899            opline--;
1900        }
1901        block = block->next;
1902    } /* end blocks */
1903
1904    zend_arena_release(&ctx->arena, checkpoint);
1905}
1906
1907#define PASSES 3
1908
1909void optimize_cfg(zend_op_array *op_array, zend_optimizer_ctx *ctx TSRMLS_DC)
1910{
1911    zend_cfg cfg;
1912    zend_code_block *cur_block;
1913    int pass;
1914    char *usage;
1915    void *checkpoint;
1916
1917#if DEBUG_BLOCKPASS
1918    fprintf(stderr, "File %s func %s\n", op_array->filename, op_array->function_name? op_array->function_name : "main");
1919    fflush(stderr);
1920#endif
1921
1922    if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
1923        return;
1924    }
1925
1926    /* Build CFG */
1927    checkpoint = zend_arena_checkpoint(ctx->arena);
1928    if (!find_code_blocks(op_array, &cfg, ctx)) {
1929        zend_arena_release(&ctx->arena, checkpoint);
1930        return;
1931    }
1932
1933    zend_rebuild_access_path(&cfg, op_array, 0, ctx);
1934    /* full rebuild here to produce correct sources! */
1935    if (op_array->last_var || op_array->T) {
1936        cfg.Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
1937        cfg.same_t = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1938        usage = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1939    } else {
1940        cfg.Tsource = NULL;
1941        cfg.same_t = NULL;
1942        usage = NULL;
1943    }
1944    for (pass = 0; pass < PASSES; pass++) {
1945        /* Compute data dependencies */
1946        memset(usage, 0, op_array->last_var + op_array->T);
1947        zend_t_usage(cfg.blocks, op_array, usage, ctx);
1948
1949        /* optimize each basic block separately */
1950        for (cur_block = cfg.blocks; cur_block; cur_block = cur_block->next) {
1951            if (!cur_block->access) {
1952                continue;
1953            }
1954            zend_optimize_block(cur_block, op_array, usage, &cfg, ctx TSRMLS_CC);
1955        }
1956
1957        /* Jump optimization for each block */
1958        for (cur_block = cfg.blocks; cur_block; cur_block = cur_block->next) {
1959            if (!cur_block->access) {
1960                continue;
1961            }
1962            zend_jmp_optimization(cur_block, op_array, cfg.blocks, &cfg, ctx TSRMLS_CC);
1963        }
1964
1965        /* Eliminate unreachable basic blocks */
1966        zend_rebuild_access_path(&cfg, op_array, 1, ctx);
1967    }
1968
1969    memset(usage, 0, op_array->last_var + op_array->T);
1970    zend_t_usage(cfg.blocks, op_array, usage, ctx);
1971    assemble_code_blocks(&cfg, op_array);
1972
1973    /* Destroy CFG */
1974    zend_arena_release(&ctx->arena, checkpoint);
1975}
1976