1/*
2   +----------------------------------------------------------------------+
3   | Zend OPcache                                                         |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 1998-2014 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt                                  |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Andi Gutmans <andi@zend.com>                                |
16   |          Zeev Suraski <zeev@zend.com>                                |
17   |          Stanislav Malyshev <stas@zend.com>                          |
18   |          Dmitry Stogov <dmitry@zend.com>                             |
19   +----------------------------------------------------------------------+
20*/
21
22#include "php.h"
23#include "Optimizer/zend_optimizer.h"
24#include "Optimizer/zend_optimizer_internal.h"
25#include "zend_API.h"
26#include "zend_constants.h"
27#include "zend_execute.h"
28#include "zend_vm.h"
29
30#define DEBUG_BLOCKPASS 0
31
32/* Checks if a constant (like "true") may be replaced by its value */
33int zend_optimizer_get_persistent_constant(zend_string *name, zval *result, int copy TSRMLS_DC)
34{
35    zend_constant *c;
36    char *lookup_name;
37    int retval = 1;
38    ALLOCA_FLAG(use_heap);
39
40    if ((c = zend_hash_find_ptr(EG(zend_constants), name)) == NULL) {
41        lookup_name = DO_ALLOCA(name->len + 1);
42        memcpy(lookup_name, name->val, name->len + 1);
43        zend_str_tolower(lookup_name, name->len);
44
45        if ((c = zend_hash_str_find_ptr(EG(zend_constants), lookup_name, name->len)) != NULL) {
46            if (!(c->flags & CONST_CT_SUBST) || (c->flags & CONST_CS)) {
47                retval = 0;
48            }
49        } else {
50            retval = 0;
51        }
52        FREE_ALLOCA(lookup_name);
53    }
54
55    if (retval) {
56        if (c->flags & CONST_PERSISTENT) {
57            ZVAL_COPY_VALUE(result, &c->value);
58            if (copy) {
59                zval_copy_ctor(result);
60            }
61        } else {
62            retval = 0;
63        }
64    }
65
66    return retval;
67}
68
69#if DEBUG_BLOCKPASS
70# define BLOCK_REF(b) b?op_array->opcodes-b->start_opline:-1
71
72static inline void print_block(zend_code_block *block, zend_op *opcodes, char *txt)
73{
74    fprintf(stderr, "%sBlock: %d-%d (%d)", txt, block->start_opline - opcodes, block->start_opline - opcodes + block->len - 1, block->len);
75    if (!block->access) {
76        fprintf(stderr, " unused");
77    }
78    if (block->op1_to) {
79        fprintf(stderr, " 1: %d", block->op1_to->start_opline - opcodes);
80    }
81    if (block->op2_to) {
82        fprintf(stderr, " 2: %d", block->op2_to->start_opline - opcodes);
83    }
84    if (block->ext_to) {
85        fprintf(stderr, " e: %d", block->ext_to->start_opline - opcodes);
86    }
87    if (block->follow_to) {
88        fprintf(stderr, " f: %d", block->follow_to->start_opline - opcodes);
89    }
90
91    if (block->sources) {
92        zend_block_source *bs = block->sources;
93        fprintf(stderr, " s:");
94        while (bs) {
95            fprintf(stderr, " %d", bs->from->start_opline - opcodes);
96            bs = bs->next;
97        }
98    }
99
100    fprintf(stderr, "\n");
101    fflush(stderr);
102}
103#else
104#define print_block(a,b,c)
105#endif
106
107#define START_BLOCK_OP(opno) blocks[opno].start_opline = &op_array->opcodes[opno]; blocks[opno].start_opline_no = opno; blocks[opno].access = 1
108
109/* find code blocks in op_array
110   code block is a set of opcodes with single flow of control, i.e. without jmps,
111   branches, etc. */
112static int find_code_blocks(zend_op_array *op_array, zend_cfg *cfg, zend_optimizer_ctx *ctx)
113{
114    zend_op *opline;
115    zend_op *end = op_array->opcodes + op_array->last;
116    zend_code_block *blocks, *cur_block;
117    uint32_t opno = 0;
118
119    memset(cfg, 0, sizeof(zend_cfg));
120    blocks = cfg->blocks = zend_arena_calloc(&ctx->arena, op_array->last + 2, sizeof(zend_code_block));
121    opline = op_array->opcodes;
122    blocks[0].start_opline = opline;
123    blocks[0].start_opline_no = 0;
124    while (opline < end) {
125        switch((unsigned)opline->opcode) {
126            case ZEND_BRK:
127            case ZEND_CONT:
128            case ZEND_GOTO:
129                /* would not optimize non-optimized BRK/CONTs - we cannot
130                 really know where it jumps, so these optimizations are
131                too dangerous */
132                return 0;
133            case ZEND_FAST_CALL:
134                START_BLOCK_OP(ZEND_OP1(opline).opline_num);
135                if (opline->extended_value) {
136                    START_BLOCK_OP(ZEND_OP2(opline).opline_num);
137                }
138                START_BLOCK_OP(opno + 1);
139                break;
140            case ZEND_FAST_RET:
141                if (opline->extended_value) {
142                    START_BLOCK_OP(ZEND_OP2(opline).opline_num);
143                }
144                START_BLOCK_OP(opno + 1);
145                break;
146            case ZEND_JMP:
147                START_BLOCK_OP(ZEND_OP1(opline).opline_num);
148                /* break missing intentionally */
149            case ZEND_RETURN:
150            case ZEND_RETURN_BY_REF:
151            case ZEND_GENERATOR_RETURN:
152            case ZEND_EXIT:
153            case ZEND_THROW:
154                /* start new block from this+1 */
155                START_BLOCK_OP(opno + 1);
156                break;
157                /* TODO: if conditional jmp depends on constant,
158                         don't start block that won't be executed */
159            case ZEND_CATCH:
160                START_BLOCK_OP(opline->extended_value);
161                START_BLOCK_OP(opno + 1);
162                break;
163            case ZEND_JMPZNZ:
164                START_BLOCK_OP(opline->extended_value);
165            case ZEND_JMPZ:
166            case ZEND_JMPNZ:
167            case ZEND_JMPZ_EX:
168            case ZEND_JMPNZ_EX:
169            case ZEND_FE_RESET:
170            case ZEND_NEW:
171            case ZEND_JMP_SET:
172                START_BLOCK_OP(ZEND_OP2(opline).opline_num);
173                START_BLOCK_OP(opno + 1);
174                break;
175            case ZEND_FE_FETCH:
176                START_BLOCK_OP(ZEND_OP2(opline).opline_num);
177                START_BLOCK_OP(opno + 2);
178                break;
179        }
180        opno++;
181        opline++;
182    }
183
184    /* first find block start points */
185    if (op_array->last_try_catch) {
186        int i;
187        cfg->try = zend_arena_calloc(&ctx->arena, op_array->last_try_catch, sizeof(zend_code_block *));
188        cfg->catch = zend_arena_calloc(&ctx->arena, op_array->last_try_catch, sizeof(zend_code_block *));
189        for (i = 0; i< op_array->last_try_catch; i++) {
190            cfg->try[i] = &blocks[op_array->try_catch_array[i].try_op];
191            cfg->catch[i] = &blocks[op_array->try_catch_array[i].catch_op];
192            START_BLOCK_OP(op_array->try_catch_array[i].try_op);
193            START_BLOCK_OP(op_array->try_catch_array[i].catch_op);
194            blocks[op_array->try_catch_array[i].try_op].protected = 1;
195        }
196    }
197    /* Currently, we don't optimize op_arrays with BRK/CONT/GOTO opcodes,
198     * but, we have to keep brk_cont_array to avoid memory leaks during
199     * exception handling */
200    if (op_array->last_brk_cont) {
201        int i, j;
202
203        j = 0;
204        for (i = 0; i< op_array->last_brk_cont; i++) {
205            if (op_array->brk_cont_array[i].start >= 0 &&
206                (op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_FREE ||
207                 op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_SWITCH_FREE)) {
208                int parent = op_array->brk_cont_array[i].parent;
209
210                while (parent >= 0 &&
211                       op_array->brk_cont_array[parent].start < 0 &&
212                       op_array->opcodes[op_array->brk_cont_array[parent].brk].opcode != ZEND_FREE &&
213                       op_array->opcodes[op_array->brk_cont_array[parent].brk].opcode != ZEND_SWITCH_FREE) {
214                    parent = op_array->brk_cont_array[parent].parent;
215                }
216                op_array->brk_cont_array[i].parent = parent;
217                j++;
218            }
219        }
220        if (j) {
221            cfg->loop_start = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
222            cfg->loop_cont  = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
223            cfg->loop_brk   = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
224            j = 0;
225            for (i = 0; i< op_array->last_brk_cont; i++) {
226                if (op_array->brk_cont_array[i].start >= 0 &&
227                    (op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_FREE ||
228                     op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_SWITCH_FREE)) {
229                    if (i != j) {
230                        op_array->brk_cont_array[j] = op_array->brk_cont_array[i];
231                    }
232                    cfg->loop_start[j] = &blocks[op_array->brk_cont_array[j].start];
233                    cfg->loop_cont[j]  = &blocks[op_array->brk_cont_array[j].cont];
234                    cfg->loop_brk[j]   = &blocks[op_array->brk_cont_array[j].brk];
235                    START_BLOCK_OP(op_array->brk_cont_array[j].start);
236                    START_BLOCK_OP(op_array->brk_cont_array[j].cont);
237                    START_BLOCK_OP(op_array->brk_cont_array[j].brk);
238                    blocks[op_array->brk_cont_array[j].start].protected = 1;
239                    blocks[op_array->brk_cont_array[j].brk].protected = 1;
240                    j++;
241                }
242            }
243            op_array->last_brk_cont = j;
244        } else {
245            efree(op_array->brk_cont_array);
246            op_array->brk_cont_array = NULL;
247            op_array->last_brk_cont = 0;
248        }
249    }
250
251    /* Build CFG (Control Flow Graph) */
252    cur_block = blocks;
253    for (opno = 1; opno < op_array->last; opno++) {
254        if (blocks[opno].start_opline) {
255            /* found new block start */
256            cur_block->len = blocks[opno].start_opline - cur_block->start_opline;
257            cur_block->next = &blocks[opno];
258            /* what is the last OP of previous block? */
259            opline = blocks[opno].start_opline - 1;
260            if (opline->opcode == ZEND_OP_DATA) {
261                opline--;
262            }
263            switch((unsigned)opline->opcode) {
264                case ZEND_RETURN:
265                case ZEND_RETURN_BY_REF:
266                case ZEND_GENERATOR_RETURN:
267                case ZEND_EXIT:
268                case ZEND_THROW:
269                    break;
270                case ZEND_FAST_CALL:
271                    if (opline->extended_value) {
272                        cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
273                    }
274                    cur_block->op1_to = &blocks[ZEND_OP1(opline).opline_num];
275                    break;
276                case ZEND_FAST_RET:
277                    if (opline->extended_value) {
278                        cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
279                    }
280                    break;
281                case ZEND_JMP:
282                    cur_block->op1_to = &blocks[ZEND_OP1(opline).opline_num];
283                    break;
284                case ZEND_JMPZNZ:
285                    cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
286                    cur_block->ext_to = &blocks[opline->extended_value];
287                    break;
288                case ZEND_CATCH:
289                    cur_block->ext_to = &blocks[opline->extended_value];
290                    cur_block->follow_to = &blocks[opno];
291                    break;
292                case ZEND_JMPZ:
293                case ZEND_JMPNZ:
294                case ZEND_JMPZ_EX:
295                case ZEND_JMPNZ_EX:
296                case ZEND_FE_RESET:
297                case ZEND_NEW:
298                case ZEND_JMP_SET:
299                case ZEND_FE_FETCH:
300                    cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
301                    /* break missing intentionally */
302                default:
303                    /* next block follows this */
304                    cur_block->follow_to = &blocks[opno];
305                    break;
306            }
307            print_block(cur_block, op_array->opcodes, "");
308            cur_block = cur_block->next;
309        }
310    }
311    cur_block->len = end - cur_block->start_opline;
312    cur_block->next = &blocks[op_array->last + 1];
313    print_block(cur_block, op_array->opcodes, "");
314
315    return 1;
316}
317
318/* CFG back references management */
319
320#define ADD_SOURCE(fromb, tob) { \
321    zend_block_source *__s = tob->sources; \
322    while (__s && __s->from != fromb) __s = __s->next; \
323    if (__s == NULL) { \
324        zend_block_source *__t = zend_arena_alloc(&ctx->arena, sizeof(zend_block_source)); \
325        __t->next = tob->sources; \
326        tob->sources = __t; \
327        __t->from = fromb; \
328    } \
329}
330
331#define DEL_SOURCE(cs) do { \
332        *(cs) = (*(cs))->next; \
333    } while (0)
334
335
336static inline void replace_source(zend_block_source *list, zend_code_block *old, zend_code_block *new)
337{
338    /* replace all references to 'old' in 'list' with 'new' */
339    zend_block_source **cs;
340    int found = 0;
341
342    for (cs = &list; *cs; cs = &((*cs)->next)) {
343        if ((*cs)->from == new) {
344            if (found) {
345                DEL_SOURCE(cs);
346            } else {
347                found = 1;
348            }
349        }
350
351        if ((*cs)->from == old) {
352            if (found) {
353                DEL_SOURCE(cs);
354            } else {
355                (*cs)->from = new;
356                found = 1;
357            }
358        }
359    }
360}
361
362static inline void del_source(zend_code_block *from, zend_code_block *to)
363{
364    /* delete source 'from' from 'to'-s sources list */
365    zend_block_source **cs = &to->sources;
366
367    if (to->sources == NULL) {
368        to->access = 0;
369        return;
370    }
371
372    while (*cs) {
373        if ((*cs)->from == from) {
374            DEL_SOURCE(cs);
375            break;
376        }
377        cs = &((*cs)->next);
378    }
379
380    if (to->sources == NULL) {
381        /* 'to' has no more sources - it's unused, will be stripped */
382        to->access = 0;
383        return;
384    }
385
386    if (to->sources->next == NULL) {
387        /* source to only one block */
388        zend_code_block *from_block = to->sources->from;
389
390        if (from_block->access && from_block->follow_to == to &&
391            from_block->op1_to == NULL &&
392            from_block->op2_to == NULL &&
393            from_block->ext_to == NULL) {
394            /* this block follows it's only predecessor - we can join them */
395            zend_op *new_to = from_block->start_opline + from_block->len;
396            if (new_to != to->start_opline) {
397                /* move block to new location */
398                memmove(new_to, to->start_opline, sizeof(zend_op)*to->len);
399            }
400            /* join blocks' lengths */
401            from_block->len += to->len;
402            /* move 'to'`s references to 'from' */
403            to->start_opline = NULL;
404            to->access = 0;
405            to->sources = NULL;
406            from_block->follow_to = to->follow_to;
407            if (to->op1_to) {
408                from_block->op1_to = to->op1_to;
409                replace_source(to->op1_to->sources, to, from_block);
410            }
411            if (to->op2_to) {
412                from_block->op2_to = to->op2_to;
413                replace_source(to->op2_to->sources, to, from_block);
414            }
415            if (to->ext_to) {
416                from_block->ext_to = to->ext_to;
417                replace_source(to->ext_to->sources, to, from_block);
418            }
419            if (to->follow_to) {
420                replace_source(to->follow_to->sources, to, from_block);
421            }
422            /* remove "to" from list */
423        }
424    }
425}
426
427static void delete_code_block(zend_code_block *block, zend_optimizer_ctx *ctx)
428{
429    if (block->protected) {
430        return;
431    }
432    if (block->follow_to) {
433        zend_block_source *bs = block->sources;
434        while (bs) {
435            zend_code_block *from_block = bs->from;
436            zend_code_block *to = block->follow_to;
437            if (from_block->op1_to == block) {
438                from_block->op1_to = to;
439                ADD_SOURCE(from_block, to);
440            }
441            if (from_block->op2_to == block) {
442                from_block->op2_to = to;
443                ADD_SOURCE(from_block, to);
444            }
445            if (from_block->ext_to == block) {
446                from_block->ext_to = to;
447                ADD_SOURCE(from_block, to);
448            }
449            if (from_block->follow_to == block) {
450                from_block->follow_to = to;
451                ADD_SOURCE(from_block, to);
452            }
453            bs = bs->next;
454        }
455    }
456    block->access = 0;
457}
458
459static void zend_access_path(zend_code_block *block, zend_optimizer_ctx *ctx)
460{
461    if (block->access) {
462        return;
463    }
464
465    block->access = 1;
466    if (block->op1_to) {
467        zend_access_path(block->op1_to, ctx);
468        ADD_SOURCE(block, block->op1_to);
469    }
470    if (block->op2_to) {
471        zend_access_path(block->op2_to, ctx);
472        ADD_SOURCE(block, block->op2_to);
473    }
474    if (block->ext_to) {
475        zend_access_path(block->ext_to, ctx);
476        ADD_SOURCE(block, block->ext_to);
477    }
478    if (block->follow_to) {
479        zend_access_path(block->follow_to, ctx);
480        ADD_SOURCE(block, block->follow_to);
481    }
482}
483
484/* Traverse CFG, mark reachable basic blocks and build back references */
485static void zend_rebuild_access_path(zend_cfg *cfg, zend_op_array *op_array, int find_start, zend_optimizer_ctx *ctx)
486{
487    zend_code_block *blocks = cfg->blocks;
488    zend_code_block *start = find_start? NULL : blocks;
489    zend_code_block *b;
490
491    /* Mark all blocks as unaccessible and destroy back references */
492    b = blocks;
493    while (b != NULL) {
494        if (!start && b->access) {
495            start = b;
496        }
497        b->access = 0;
498        b->sources = NULL;
499        b = b->next;
500    }
501
502    /* Walk thorough all paths */
503    zend_access_path(start, ctx);
504
505    /* Add brk/cont paths */
506    if (op_array->last_brk_cont) {
507        int i;
508        for (i=0; i< op_array->last_brk_cont; i++) {
509            zend_access_path(cfg->loop_start[i], ctx);
510            zend_access_path(cfg->loop_cont[i], ctx);
511            zend_access_path(cfg->loop_brk[i], ctx);
512        }
513    }
514
515    /* Add exception paths */
516    if (op_array->last_try_catch) {
517        int i;
518        for (i=0; i< op_array->last_try_catch; i++) {
519            if (!cfg->catch[i]->access) {
520                zend_access_path(cfg->catch[i], ctx);
521            }
522        }
523    }
524}
525
526/* Data dependencies macros */
527
528#define VAR_NUM_EX(op) VAR_NUM((op).var)
529
530#define VAR_SOURCE(op) Tsource[VAR_NUM(op.var)]
531#define SET_VAR_SOURCE(opline) Tsource[VAR_NUM(opline->result.var)] = opline
532
533#define VAR_UNSET(op) do { if (op ## _type & (IS_TMP_VAR|IS_VAR)) {VAR_SOURCE(op) = NULL;}} while (0)
534
535#define convert_to_string_safe(v) \
536    if (Z_TYPE_P((v)) == IS_NULL) { \
537        ZVAL_STRINGL((v), "", 0); \
538    } else { \
539        convert_to_string((v)); \
540    }
541
542static void strip_nop(zend_code_block *block, zend_optimizer_ctx *ctx)
543{
544    zend_op *opline = block->start_opline;
545    zend_op *end, *new_end;
546
547    /* remove leading NOPs */
548    while (block->len > 0 && block->start_opline->opcode == ZEND_NOP) {
549        if (block->len == 1) {
550            /* this block is all NOPs, join with following block */
551            if (block->follow_to) {
552                delete_code_block(block, ctx);
553            }
554            return;
555        }
556        block->start_opline++;
557        block->start_opline_no++;
558        block->len--;
559    }
560
561    /* strip the inside NOPs */
562    opline = new_end = block->start_opline;
563    end = opline + block->len;
564
565    while (opline < end) {
566        zend_op *src;
567        int len = 0;
568
569        while (opline < end && opline->opcode == ZEND_NOP) {
570            opline++;
571        }
572        src = opline;
573
574        while (opline < end && opline->opcode != ZEND_NOP) {
575            opline++;
576        }
577        len = opline - src;
578
579        /* move up non-NOP opcodes */
580        memmove(new_end, src, len*sizeof(zend_op));
581
582        new_end += len;
583    }
584    block->len = new_end - block->start_opline;
585}
586
587static void zend_optimize_block(zend_code_block *block, zend_op_array *op_array, char *used_ext, zend_cfg *cfg, zend_optimizer_ctx *ctx TSRMLS_DC)
588{
589    zend_op *opline = block->start_opline;
590    zend_op *end, *last_op = NULL;
591    zend_op **Tsource = cfg->Tsource;
592
593    print_block(block, op_array->opcodes, "Opt ");
594
595    /* remove leading NOPs */
596    while (block->len > 0 && block->start_opline->opcode == ZEND_NOP) {
597        if (block->len == 1) {
598            /* this block is all NOPs, join with following block */
599            if (block->follow_to) {
600                delete_code_block(block, ctx);
601            }
602            return;
603        }
604        block->start_opline++;
605        block->start_opline_no++;
606        block->len--;
607    }
608
609    /* we track data dependencies only insight a single basic block */
610    memset(Tsource, 0, (op_array->last_var + op_array->T) * sizeof(zend_op *));
611    opline = block->start_opline;
612    end = opline + block->len;
613    while ((op_array->T) && (opline < end)) {
614        /* strip X = QM_ASSIGN(const) */
615        if ((ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
616            VAR_SOURCE(opline->op1) &&
617            VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN &&
618            ZEND_OP1_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
619            opline->opcode != ZEND_CASE &&         /* CASE _always_ expects variable */
620            opline->opcode != ZEND_FETCH_DIM_TMP_VAR &&   /* in 5.1, FETCH_DIM_TMP_VAR expects T */
621            opline->opcode != ZEND_FE_RESET &&
622            opline->opcode != ZEND_FREE
623            ) {
624            zend_op *src = VAR_SOURCE(opline->op1);
625            zval c = ZEND_OP1_LITERAL(src);
626            VAR_UNSET(opline->op1);
627            zval_copy_ctor(&c);
628            zend_optimizer_update_op1_const(op_array, opline, &c TSRMLS_CC);
629            literal_dtor(&ZEND_OP1_LITERAL(src));
630            MAKE_NOP(src);
631        }
632
633        /* T = QM_ASSIGN(C), F(T) => NOP, F(C) */
634        if ((ZEND_OP2_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
635            VAR_SOURCE(opline->op2) &&
636            VAR_SOURCE(opline->op2)->opcode == ZEND_QM_ASSIGN &&
637            ZEND_OP1_TYPE(VAR_SOURCE(opline->op2)) == IS_CONST) {
638            zend_op *src = VAR_SOURCE(opline->op2);
639            zval c = ZEND_OP1_LITERAL(src);
640            VAR_UNSET(opline->op2);
641            zval_copy_ctor(&c);
642            zend_optimizer_update_op2_const(op_array, opline, &c TSRMLS_CC);
643            literal_dtor(&ZEND_OP1_LITERAL(src));
644            MAKE_NOP(src);
645        }
646
647        /* T = PRINT(X), F(T) => ECHO(X), F(1) */
648        if (ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
649            VAR_SOURCE(opline->op1) &&
650            VAR_SOURCE(opline->op1)->opcode == ZEND_PRINT &&
651            opline->opcode != ZEND_CASE && opline->opcode != ZEND_FREE) {
652            ZEND_OP1_TYPE(opline) = IS_CONST;
653            LITERAL_LONG(opline->op1, 1);
654        }
655
656        if (ZEND_OP2_TYPE(opline) == IS_TMP_VAR &&
657            VAR_SOURCE(opline->op2) &&
658            VAR_SOURCE(opline->op2)->opcode == ZEND_PRINT) {
659            ZEND_OP2_TYPE(opline) = IS_CONST;
660            LITERAL_LONG(opline->op2, 1);
661        }
662
663        /* T = CAST(X, String), ECHO(T) => NOP, ECHO(X) */
664        if ((opline->opcode == ZEND_ECHO || opline->opcode == ZEND_PRINT) &&
665            ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR) &&
666            VAR_SOURCE(opline->op1) &&
667            VAR_SOURCE(opline->op1)->opcode == ZEND_CAST &&
668            VAR_SOURCE(opline->op1)->extended_value == IS_STRING) {
669            zend_op *src = VAR_SOURCE(opline->op1);
670            COPY_NODE(opline->op1, src->op1);
671            MAKE_NOP(src);
672        }
673
674        /* T = PRINT(X), FREE(T) => ECHO(X) */
675        if (opline->opcode == ZEND_FREE &&
676            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
677            VAR_SOURCE(opline->op1)) {
678            zend_op *src = VAR_SOURCE(opline->op1);
679            if (src->opcode == ZEND_PRINT) {
680                src->opcode = ZEND_ECHO;
681                ZEND_RESULT_TYPE(src) = IS_UNUSED;
682                MAKE_NOP(opline);
683            }
684        }
685
686       /* T = BOOL(X), FREE(T) => NOP */
687        if (opline->opcode == ZEND_FREE &&
688            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
689            VAR_SOURCE(opline->op1)) {
690            zend_op *src = VAR_SOURCE(opline->op1);
691            if (src->opcode == ZEND_BOOL) {
692                if (ZEND_OP1_TYPE(src) == IS_CONST) {
693                    literal_dtor(&ZEND_OP1_LITERAL(src));
694                }
695                MAKE_NOP(src);
696                MAKE_NOP(opline);
697            }
698        }
699
700#if 0
701        /* pre-evaluate functions:
702           constant(x)
703           defined(x)
704           function_exists(x)
705           extension_loaded(x)
706           BAD: interacts badly with Accelerator
707        */
708        if((ZEND_OP1_TYPE(opline) & IS_VAR) &&
709           VAR_SOURCE(opline->op1) && VAR_SOURCE(opline->op1)->opcode == ZEND_DO_CF_FCALL &&
710           VAR_SOURCE(opline->op1)->extended_value == 1) {
711            zend_op *fcall = VAR_SOURCE(opline->op1);
712            zend_op *sv = fcall-1;
713            if(sv >= block->start_opline && sv->opcode == ZEND_SEND_VAL &&
714               ZEND_OP1_TYPE(sv) == IS_CONST && Z_TYPE(OPLINE_OP1_LITERAL(sv)) == IS_STRING &&
715               Z_LVAL(OPLINE_OP2_LITERAL(sv)) == 1
716               ) {
717                zval *arg = &OPLINE_OP1_LITERAL(sv);
718                char *fname = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].function_name;
719                int flen = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].name_len;
720                if(flen == sizeof("defined")-1 && zend_binary_strcasecmp(fname, flen, "defined", sizeof("defined")-1) == 0) {
721                    zval c;
722                    if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 0 TSRMLS_CC ELS_CC) != 0) {
723                        literal_dtor(arg);
724                        MAKE_NOP(sv);
725                        MAKE_NOP(fcall);
726                        LITERAL_BOOL(opline->op1, 1);
727                        ZEND_OP1_TYPE(opline) = IS_CONST;
728                    }
729                } else if((flen == sizeof("function_exists")-1 && zend_binary_strcasecmp(fname, flen, "function_exists", sizeof("function_exists")-1) == 0) ||
730                          (flen == sizeof("is_callable")-1 && zend_binary_strcasecmp(fname, flen, "is_callable", sizeof("is_callable")-1) == 0)
731                          ) {
732                    zend_function *function;
733                    if((function = zend_hash_find_ptr(EG(function_table), Z_STR_P(arg))) != NULL) {
734                        literal_dtor(arg);
735                        MAKE_NOP(sv);
736                        MAKE_NOP(fcall);
737                        LITERAL_BOOL(opline->op1, 1);
738                        ZEND_OP1_TYPE(opline) = IS_CONST;
739                    }
740                } else if(flen == sizeof("constant")-1 && zend_binary_strcasecmp(fname, flen, "constant", sizeof("constant")-1) == 0) {
741                    zval c;
742                    if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 1 TSRMLS_CC ELS_CC) != 0) {
743                        literal_dtor(arg);
744                        MAKE_NOP(sv);
745                        MAKE_NOP(fcall);
746                        ZEND_OP1_LITERAL(opline) = zend_optimizer_add_literal(op_array, &c TSRMLS_CC);
747                        /* no copy ctor - get already copied it */
748                        ZEND_OP1_TYPE(opline) = IS_CONST;
749                    }
750                } else if(flen == sizeof("extension_loaded")-1 && zend_binary_strcasecmp(fname, flen, "extension_loaded", sizeof("extension_loaded")-1) == 0) {
751                    if(zend_hash_exists(&module_registry, Z_STR_P(arg))) {
752                        literal_dtor(arg);
753                        MAKE_NOP(sv);
754                        MAKE_NOP(fcall);
755                        LITERAL_BOOL(opline->op1, 1);
756                        ZEND_OP1_TYPE(opline) = IS_CONST;
757                    }
758                }
759            }
760        }
761#endif
762
763        /* IS_EQ(TRUE, X)      => BOOL(X)
764         * IS_EQ(FALSE, X)     => BOOL_NOT(X)
765         * IS_NOT_EQ(TRUE, X)  => BOOL_NOT(X)
766         * IS_NOT_EQ(FALSE, X) => BOOL(X)
767         * CASE(TRUE, X)       => BOOL(X)
768         * CASE(FALSE, X)      => BOOL_NOT(X)
769         */
770        if (opline->opcode == ZEND_IS_EQUAL ||
771            opline->opcode == ZEND_IS_NOT_EQUAL ||
772            opline->opcode == ZEND_CASE) {
773            if (ZEND_OP1_TYPE(opline) == IS_CONST &&
774// TODO: Optimization of comparison with null may be not safe ???
775#if 1
776                (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_FALSE ||
777                 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_TRUE)) {
778#else
779                 Z_TYPE(ZEND_OP1_LITERAL(opline)) <= IS_TRUE) {
780#endif
781                opline->opcode =
782                    ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP1_LITERAL(opline))) == IS_TRUE)) ?
783                    ZEND_BOOL : ZEND_BOOL_NOT;
784                COPY_NODE(opline->op1, opline->op2);
785                SET_UNUSED(opline->op2);
786            } else if (ZEND_OP2_TYPE(opline) == IS_CONST &&
787// TODO: Optimization of comparison with null may be not safe ???
788#if 1
789                       (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
790                        Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
791#else
792                        Z_TYPE(ZEND_OP2_LITERAL(opline)) <= IS_TRUE) {
793#endif
794                opline->opcode =
795                    ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
796                    ZEND_BOOL : ZEND_BOOL_NOT;
797                SET_UNUSED(opline->op2);
798            }
799        }
800
801        if ((opline->opcode == ZEND_BOOL ||
802            opline->opcode == ZEND_BOOL_NOT ||
803            opline->opcode == ZEND_JMPZ ||
804            opline->opcode == ZEND_JMPNZ ||
805            opline->opcode == ZEND_JMPZNZ) &&
806            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
807            VAR_SOURCE(opline->op1) != NULL &&
808            !used_ext[VAR_NUM(ZEND_OP1(opline).var)] &&
809            VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL_NOT) {
810            /* T = BOOL_NOT(X) + JMPZ(T) -> NOP, JMPNZ(X) */
811            zend_op *src = VAR_SOURCE(opline->op1);
812
813            COPY_NODE(opline->op1, src->op1);
814
815            switch (opline->opcode) {
816                case ZEND_BOOL:
817                    /* T = BOOL_NOT(X) + BOOL(T) -> NOP, BOOL_NOT(X) */
818                    opline->opcode = ZEND_BOOL_NOT;
819                    break;
820                case ZEND_BOOL_NOT:
821                    /* T = BOOL_NOT(X) + BOOL_BOOL(T) -> NOP, BOOL(X) */
822                    opline->opcode = ZEND_BOOL;
823                    break;
824                case ZEND_JMPZ:
825                    /* T = BOOL_NOT(X) + JMPZ(T,L) -> NOP, JMPNZ(X,L) */
826                    opline->opcode = ZEND_JMPNZ;
827                    break;
828                case ZEND_JMPNZ:
829                    /* T = BOOL_NOT(X) + JMPNZ(T,L) -> NOP, JMPZ(X,L) */
830                    opline->opcode = ZEND_JMPZ;
831                    break;
832                case ZEND_JMPZNZ:
833                {
834                    /* T = BOOL_NOT(X) + JMPZNZ(T,L1,L2) -> NOP, JMPZNZ(X,L2,L1) */
835                    int op_t;
836                    zend_code_block *op_b;
837
838                    op_t = opline->extended_value;
839                    opline->extended_value = ZEND_OP2(opline).opline_num;
840                    ZEND_OP2(opline).opline_num = op_t;
841
842                    op_b = block->ext_to;
843                    block->ext_to = block->op2_to;
844                    block->op2_to = op_b;
845                }
846                break;
847            }
848
849            VAR_UNSET(opline->op1);
850            MAKE_NOP(src);
851            continue;
852        } else
853#if 0
854        /* T = BOOL_NOT(X) + T = JMPZ_EX(T, X) -> T = BOOL_NOT(X), JMPNZ(X) */
855        if(0 && (opline->opcode == ZEND_JMPZ_EX ||
856            opline->opcode == ZEND_JMPNZ_EX) &&
857           ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
858           VAR_SOURCE(opline->op1) != NULL &&
859           VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL_NOT &&
860           ZEND_OP1(opline).var == ZEND_RESULT(opline).var
861           ) {
862            zend_op *src = VAR_SOURCE(opline->op1);
863            if(opline->opcode == ZEND_JMPZ_EX) {
864                opline->opcode = ZEND_JMPNZ;
865            } else {
866                opline->opcode = ZEND_JMPZ;
867            }
868            COPY_NODE(opline->op1, src->op1);
869            SET_UNUSED(opline->result);
870            continue;
871        } else
872#endif
873        /* T = BOOL(X) + JMPZ(T) -> NOP, JMPZ(X) */
874        if ((opline->opcode == ZEND_BOOL ||
875            opline->opcode == ZEND_BOOL_NOT ||
876            opline->opcode == ZEND_JMPZ ||
877            opline->opcode == ZEND_JMPZ_EX ||
878            opline->opcode == ZEND_JMPNZ_EX ||
879            opline->opcode == ZEND_JMPNZ ||
880            opline->opcode == ZEND_JMPZNZ) &&
881            (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
882            VAR_SOURCE(opline->op1) != NULL &&
883            (!used_ext[VAR_NUM(ZEND_OP1(opline).var)] ||
884            ((ZEND_RESULT_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
885             ZEND_RESULT(opline).var == ZEND_OP1(opline).var)) &&
886            (VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL ||
887            VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN)) {
888            zend_op *src = VAR_SOURCE(opline->op1);
889            COPY_NODE(opline->op1, src->op1);
890
891            VAR_UNSET(opline->op1);
892            MAKE_NOP(src);
893            continue;
894        } else if (last_op && opline->opcode == ZEND_ECHO &&
895                  last_op->opcode == ZEND_ECHO &&
896                  ZEND_OP1_TYPE(opline) == IS_CONST &&
897                  Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_DOUBLE &&
898                  ZEND_OP1_TYPE(last_op) == IS_CONST &&
899                  Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_DOUBLE) {
900            /* compress consecutive ECHO's.
901             * Float to string conversion may be affected by current
902             * locale setting.
903             */
904            int l, old_len;
905
906            if (Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_STRING) {
907                convert_to_string_safe(&ZEND_OP1_LITERAL(opline));
908            }
909            if (Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_STRING) {
910                convert_to_string_safe(&ZEND_OP1_LITERAL(last_op));
911            }
912            old_len = Z_STRLEN(ZEND_OP1_LITERAL(last_op));
913            l = old_len + Z_STRLEN(ZEND_OP1_LITERAL(opline));
914            if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(last_op))) {
915                zend_string *tmp = zend_string_alloc(l, 0);
916                memcpy(tmp->val, Z_STRVAL(ZEND_OP1_LITERAL(last_op)), old_len);
917                Z_STR(ZEND_OP1_LITERAL(last_op)) = tmp;
918            } else {
919                Z_STR(ZEND_OP1_LITERAL(last_op)) = zend_string_realloc(Z_STR(ZEND_OP1_LITERAL(last_op)), l, 0);
920            }
921            Z_TYPE_INFO(ZEND_OP1_LITERAL(last_op)) = IS_STRING_EX;
922            memcpy(Z_STRVAL(ZEND_OP1_LITERAL(last_op)) + old_len, Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)));
923            Z_STRVAL(ZEND_OP1_LITERAL(last_op))[l] = '\0';
924            zval_dtor(&ZEND_OP1_LITERAL(opline));
925            Z_STR(ZEND_OP1_LITERAL(opline)) = zend_new_interned_string(Z_STR(ZEND_OP1_LITERAL(last_op)) TSRMLS_CC);
926            if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(opline))) {
927                Z_TYPE_FLAGS(ZEND_OP1_LITERAL(opline)) &= ~ (IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE);
928            }
929            ZVAL_NULL(&ZEND_OP1_LITERAL(last_op));
930            MAKE_NOP(last_op);
931        } else if (opline->opcode == ZEND_CONCAT &&
932                  ZEND_OP2_TYPE(opline) == IS_CONST &&
933                  ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
934                  VAR_SOURCE(opline->op1) &&
935                  (VAR_SOURCE(opline->op1)->opcode == ZEND_CONCAT ||
936                   VAR_SOURCE(opline->op1)->opcode == ZEND_ADD_STRING) &&
937                  ZEND_OP2_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
938                  ZEND_RESULT(VAR_SOURCE(opline->op1)).var == ZEND_OP1(opline).var) {
939            /* compress consecutive CONCATs */
940            zend_op *src = VAR_SOURCE(opline->op1);
941            int l, old_len;
942
943            if (Z_TYPE(ZEND_OP2_LITERAL(opline)) != IS_STRING) {
944                convert_to_string_safe(&ZEND_OP2_LITERAL(opline));
945            }
946            if (Z_TYPE(ZEND_OP2_LITERAL(src)) != IS_STRING) {
947                convert_to_string_safe(&ZEND_OP2_LITERAL(src));
948            }
949
950            VAR_UNSET(opline->op1);
951            if (ZEND_OP1_TYPE(src) == IS_UNUSED) {
952                /* 5.3 may use IS_UNUSED as first argument to ZEND_ADD_... */
953                opline->opcode = ZEND_ADD_STRING;
954            }
955            COPY_NODE(opline->op1, src->op1);
956            old_len = Z_STRLEN(ZEND_OP2_LITERAL(src));
957            l = old_len + Z_STRLEN(ZEND_OP2_LITERAL(opline));
958            if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(src))) {
959                zend_string *tmp = zend_string_alloc(l, 0);
960                memcpy(tmp->val, Z_STRVAL(ZEND_OP2_LITERAL(src)), old_len);
961                Z_STR(ZEND_OP2_LITERAL(last_op)) = tmp;
962            } else {
963                Z_STR(ZEND_OP2_LITERAL(src)) = zend_string_realloc(Z_STR(ZEND_OP2_LITERAL(src)), l, 0);
964            }
965            Z_TYPE_INFO(ZEND_OP2_LITERAL(last_op)) = IS_STRING_EX;
966            memcpy(Z_STRVAL(ZEND_OP2_LITERAL(src)) + old_len, Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)));
967            Z_STRVAL(ZEND_OP2_LITERAL(src))[l] = '\0';
968            zend_string_release(Z_STR(ZEND_OP2_LITERAL(opline)));
969            Z_STR(ZEND_OP2_LITERAL(opline)) = zend_new_interned_string(Z_STR(ZEND_OP2_LITERAL(src)) TSRMLS_CC);
970            if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(opline))) {
971                Z_TYPE_FLAGS(ZEND_OP2_LITERAL(opline)) &= ~ (IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE);
972            }
973            ZVAL_NULL(&ZEND_OP2_LITERAL(src));
974            MAKE_NOP(src);
975        } else if ((opline->opcode == ZEND_ADD_STRING || opline->opcode == ZEND_ADD_VAR) && ZEND_OP1_TYPE(opline) == IS_CONST) {
976            /* convert ADD_STRING(C1, C2) to CONCAT(C1, C2) */
977            opline->opcode = ZEND_CONCAT;
978            continue;
979        } else if (opline->opcode == ZEND_ADD_CHAR && ZEND_OP1_TYPE(opline) == IS_CONST && ZEND_OP2_TYPE(opline) == IS_CONST) {
980            /* convert ADD_CHAR(C1, C2) to CONCAT(C1, C2) */
981            char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
982            ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
983            opline->opcode = ZEND_CONCAT;
984            continue;
985        } else if ((opline->opcode == ZEND_ADD ||
986                    opline->opcode == ZEND_SUB ||
987                    opline->opcode == ZEND_MUL ||
988                    opline->opcode == ZEND_DIV ||
989                    opline->opcode == ZEND_MOD ||
990                    opline->opcode == ZEND_SL ||
991                    opline->opcode == ZEND_SR ||
992                    opline->opcode == ZEND_CONCAT ||
993                    opline->opcode == ZEND_IS_EQUAL ||
994                    opline->opcode == ZEND_IS_NOT_EQUAL ||
995                    opline->opcode == ZEND_IS_SMALLER ||
996                    opline->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
997                    opline->opcode == ZEND_IS_IDENTICAL ||
998                    opline->opcode == ZEND_IS_NOT_IDENTICAL ||
999                    opline->opcode == ZEND_BOOL_XOR ||
1000                    opline->opcode == ZEND_BW_OR ||
1001                    opline->opcode == ZEND_BW_AND ||
1002                    opline->opcode == ZEND_BW_XOR) &&
1003                    ZEND_OP1_TYPE(opline)==IS_CONST &&
1004                    ZEND_OP2_TYPE(opline)==IS_CONST) {
1005            /* evaluate constant expressions */
1006            int (*binary_op)(zval *result, zval *op1, zval *op2 TSRMLS_DC) = get_binary_op(opline->opcode);
1007            zval result;
1008            int er;
1009
1010            if ((opline->opcode == ZEND_DIV || opline->opcode == ZEND_MOD) &&
1011                ((Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_LONG &&
1012                  Z_LVAL(ZEND_OP2_LITERAL(opline)) == 0) ||
1013                 (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_DOUBLE &&
1014                  Z_DVAL(ZEND_OP2_LITERAL(opline)) == 0.0))) {
1015                if (RESULT_USED(opline)) {
1016                    SET_VAR_SOURCE(opline);
1017                }
1018                opline++;
1019                continue;
1020            }
1021            er = EG(error_reporting);
1022            EG(error_reporting) = 0;
1023            if (binary_op(&result, &ZEND_OP1_LITERAL(opline), &ZEND_OP2_LITERAL(opline) TSRMLS_CC) == SUCCESS) {
1024                literal_dtor(&ZEND_OP1_LITERAL(opline));
1025                literal_dtor(&ZEND_OP2_LITERAL(opline));
1026                opline->opcode = ZEND_QM_ASSIGN;
1027                SET_UNUSED(opline->op2);
1028                zend_optimizer_update_op1_const(op_array, opline, &result TSRMLS_CC);
1029            }
1030            EG(error_reporting) = er;
1031        } else if ((opline->opcode == ZEND_BOOL ||
1032                    opline->opcode == ZEND_BOOL_NOT ||
1033                    opline->opcode == ZEND_BW_NOT) && ZEND_OP1_TYPE(opline) == IS_CONST) {
1034            /* evaluate constant unary ops */
1035            unary_op_type unary_op = get_unary_op(opline->opcode);
1036            zval result;
1037
1038            if (unary_op) {
1039                unary_op(&result, &ZEND_OP1_LITERAL(opline) TSRMLS_CC);
1040                literal_dtor(&ZEND_OP1_LITERAL(opline));
1041            } else {
1042                /* BOOL */
1043                result = ZEND_OP1_LITERAL(opline);
1044                convert_to_boolean(&result);
1045                ZVAL_NULL(&ZEND_OP1_LITERAL(opline));
1046            }
1047            opline->opcode = ZEND_QM_ASSIGN;
1048            zend_optimizer_update_op1_const(op_array, opline, &result TSRMLS_CC);
1049        } else if ((opline->opcode == ZEND_RETURN || opline->opcode == ZEND_EXIT) &&
1050                    (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
1051                    VAR_SOURCE(opline->op1) &&
1052                    VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN) {
1053            /* T = QM_ASSIGN(X), RETURN(T) to RETURN(X) */
1054            zend_op *src = VAR_SOURCE(opline->op1);
1055            VAR_UNSET(opline->op1);
1056            COPY_NODE(opline->op1, src->op1);
1057            MAKE_NOP(src);
1058        } else if ((opline->opcode == ZEND_ADD_STRING ||
1059                    opline->opcode == ZEND_ADD_CHAR) &&
1060                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1061                    VAR_SOURCE(opline->op1) &&
1062                    VAR_SOURCE(opline->op1)->opcode == ZEND_INIT_STRING) {
1063            /* convert T = INIT_STRING(), T = ADD_STRING(T, X) to T = QM_ASSIGN(X) */
1064            /* CHECKME: Remove ZEND_ADD_VAR optimization, since some conversions -
1065               namely, BOOL(false)->string - don't allocate memory but use empty_string
1066               and ADD_CHAR fails */
1067            zend_op *src = VAR_SOURCE(opline->op1);
1068            VAR_UNSET(opline->op1);
1069            COPY_NODE(opline->op1, opline->op2);
1070            if (opline->opcode == ZEND_ADD_CHAR) {
1071                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1072                ZVAL_STRINGL(&ZEND_OP1_LITERAL(opline), &c, 1);
1073            }
1074            SET_UNUSED(opline->op2);
1075            MAKE_NOP(src);
1076            opline->opcode = ZEND_QM_ASSIGN;
1077        } else if ((opline->opcode == ZEND_ADD_STRING ||
1078                    opline->opcode == ZEND_ADD_CHAR ||
1079                    opline->opcode == ZEND_ADD_VAR ||
1080                    opline->opcode == ZEND_CONCAT) &&
1081                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1082                    VAR_SOURCE(opline->op1) &&
1083                    VAR_SOURCE(opline->op1)->opcode == ZEND_CONCAT &&
1084                    ZEND_OP2_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
1085                    Z_TYPE(ZEND_OP2_LITERAL(VAR_SOURCE(opline->op1))) == IS_STRING &&
1086                    Z_STRLEN(ZEND_OP2_LITERAL(VAR_SOURCE(opline->op1))) == 0) {
1087            /* convert T = CONCAT(X,''), T = ADD_STRING(T, Y) to T = CONCAT(X,Y) */
1088            zend_op *src = VAR_SOURCE(opline->op1);
1089            VAR_UNSET(opline->op1);
1090            COPY_NODE(opline->op1, src->op1);
1091            if (opline->opcode == ZEND_ADD_CHAR) {
1092                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1093                ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
1094            }
1095            opline->opcode = ZEND_CONCAT;
1096            literal_dtor(&ZEND_OP2_LITERAL(src)); /* will take care of empty_string too */
1097            MAKE_NOP(src);
1098//??? This optimization can't work anymore because ADD_VAR returns IS_TMP_VAR
1099//??? and ZEND_CAST returns IS_VAR.
1100//??? BTW: it wan't used for long time, because we don't use INIT_STRING
1101#if 0
1102        } else if (opline->opcode == ZEND_ADD_VAR &&
1103                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1104                    VAR_SOURCE(opline->op1) &&
1105                    VAR_SOURCE(opline->op1)->opcode == ZEND_INIT_STRING) {
1106            /* convert T = INIT_STRING(), T = ADD_VAR(T, X) to T = CAST(STRING, X) */
1107            zend_op *src = VAR_SOURCE(opline->op1);
1108            VAR_UNSET(opline->op1);
1109            COPY_NODE(opline->op1, opline->op2);
1110            SET_UNUSED(opline->op2);
1111            MAKE_NOP(src);
1112            opline->opcode = ZEND_CAST;
1113            opline->extended_value = IS_STRING;
1114#endif
1115        } else if ((opline->opcode == ZEND_ADD_STRING ||
1116                    opline->opcode == ZEND_ADD_CHAR ||
1117                    opline->opcode == ZEND_ADD_VAR ||
1118                    opline->opcode == ZEND_CONCAT) &&
1119                    ZEND_OP1_TYPE(opline) == (IS_TMP_VAR|IS_VAR) &&
1120                    VAR_SOURCE(opline->op1) &&
1121                    VAR_SOURCE(opline->op1)->opcode == ZEND_CAST &&
1122                    VAR_SOURCE(opline->op1)->extended_value == IS_STRING) {
1123            /* convert T1 = CAST(STRING, X), T2 = CONCAT(T1, Y) to T2 = CONCAT(X,Y) */
1124            zend_op *src = VAR_SOURCE(opline->op1);
1125            VAR_UNSET(opline->op1);
1126            COPY_NODE(opline->op1, src->op1);
1127            if (opline->opcode == ZEND_ADD_CHAR) {
1128                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1129                ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
1130            }
1131            opline->opcode = ZEND_CONCAT;
1132            MAKE_NOP(src);
1133        } else if (opline->opcode == ZEND_QM_ASSIGN &&
1134                    ZEND_OP1_TYPE(opline) == ZEND_RESULT_TYPE(opline) &&
1135                    ZEND_OP1(opline).var == ZEND_RESULT(opline).var) {
1136            /* strip T = QM_ASSIGN(T) */
1137            MAKE_NOP(opline);
1138        } else if (opline->opcode == ZEND_BOOL &&
1139                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1140                    VAR_SOURCE(opline->op1) &&
1141                    (VAR_SOURCE(opline->op1)->opcode == ZEND_IS_EQUAL ||
1142                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_NOT_EQUAL ||
1143                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_SMALLER ||
1144                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
1145                    VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL ||
1146                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_IDENTICAL ||
1147                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_NOT_IDENTICAL ||
1148                    VAR_SOURCE(opline->op1)->opcode == ZEND_ISSET_ISEMPTY_VAR ||
1149                    VAR_SOURCE(opline->op1)->opcode == ZEND_ISSET_ISEMPTY_DIM_OBJ) &&
1150                    !used_ext[VAR_NUM(ZEND_OP1(opline).var)]) {
1151            /* T = IS_SMALLER(X, Y), T1 = BOOL(T) => T = IS_SMALLER(X, Y), T1 = QM_ASSIGN(T) */
1152            zend_op *src = VAR_SOURCE(opline->op1);
1153            COPY_NODE(src->result, opline->result);
1154            SET_VAR_SOURCE(src);
1155            MAKE_NOP(opline);
1156        }
1157        /* get variable source */
1158        if (RESULT_USED(opline)) {
1159            SET_VAR_SOURCE(opline);
1160        }
1161        if (opline->opcode != ZEND_NOP) {
1162            last_op = opline;
1163        }
1164        opline++;
1165    }
1166
1167    strip_nop(block, ctx);
1168}
1169
1170/* Rebuild plain (optimized) op_array from CFG */
1171static void assemble_code_blocks(zend_cfg *cfg, zend_op_array *op_array)
1172{
1173    zend_code_block *blocks = cfg->blocks;
1174    zend_op *new_opcodes = emalloc(op_array->last * sizeof(zend_op));
1175    zend_op *opline = new_opcodes;
1176    zend_code_block *cur_block = blocks;
1177
1178    /* Copy code of reachable blocks into a single buffer */
1179    while (cur_block) {
1180        if (cur_block->access) {
1181            memcpy(opline, cur_block->start_opline, cur_block->len * sizeof(zend_op));
1182            cur_block->start_opline = opline;
1183            opline += cur_block->len;
1184            if ((opline - 1)->opcode == ZEND_JMP) {
1185                zend_code_block *next;
1186                next = cur_block->next;
1187                while (next && !next->access) {
1188                    next = next->next;
1189                }
1190                if (next && next == cur_block->op1_to) {
1191                    /* JMP to the next block - strip it */
1192                    cur_block->follow_to = cur_block->op1_to;
1193                    cur_block->op1_to = NULL;
1194                    MAKE_NOP((opline - 1));
1195                    opline--;
1196                    cur_block->len--;
1197                }
1198            }
1199        } else {
1200            /* this block will not be used, delete all constants there */
1201            zend_op *_opl;
1202            zend_op *end = cur_block->start_opline + cur_block->len;
1203            for (_opl = cur_block->start_opline; _opl && _opl < end; _opl++) {
1204                if (ZEND_OP1_TYPE(_opl) == IS_CONST) {
1205                    literal_dtor(&ZEND_OP1_LITERAL(_opl));
1206                }
1207                if (ZEND_OP2_TYPE(_opl) == IS_CONST) {
1208                    literal_dtor(&ZEND_OP2_LITERAL(_opl));
1209                }
1210            }
1211        }
1212        cur_block = cur_block->next;
1213    }
1214
1215    if ((opline-1)->opcode == ZEND_THROW) {
1216        /* if we finished with THROW, we need to add space between THROW and HANDLE to not confuse
1217           zend_throw_internal */
1218        MAKE_NOP(opline);
1219        opline->lineno = opline[-1].lineno;
1220        opline++;
1221    }
1222
1223    op_array->last = opline-new_opcodes;
1224
1225    /* adjust exception jump targets */
1226    if (op_array->last_try_catch) {
1227        int i, j;
1228        for (i = 0, j = 0; i< op_array->last_try_catch; i++) {
1229            if (cfg->try[i]->access) {
1230                op_array->try_catch_array[j].try_op = cfg->try[i]->start_opline - new_opcodes;
1231                op_array->try_catch_array[j].catch_op = cfg->catch[i]->start_opline - new_opcodes;
1232                j++;
1233            }
1234        }
1235        op_array->last_try_catch = j;
1236    }
1237
1238    /* adjust loop jump targets */
1239    if (op_array->last_brk_cont) {
1240        int i;
1241        for (i = 0; i< op_array->last_brk_cont; i++) {
1242            op_array->brk_cont_array[i].start = cfg->loop_start[i]->start_opline - new_opcodes;
1243            op_array->brk_cont_array[i].cont = cfg->loop_cont[i]->start_opline - new_opcodes;
1244            op_array->brk_cont_array[i].brk = cfg->loop_brk[i]->start_opline - new_opcodes;
1245        }
1246    }
1247
1248    /* adjust jump targets */
1249    for (cur_block = blocks; cur_block; cur_block = cur_block->next) {
1250        if (!cur_block->access) {
1251            continue;
1252        }
1253        opline = cur_block->start_opline + cur_block->len - 1;
1254        if (opline->opcode == ZEND_OP_DATA) {
1255            opline--;
1256        }
1257        if (cur_block->op1_to) {
1258            ZEND_OP1(opline).opline_num = cur_block->op1_to->start_opline - new_opcodes;
1259        }
1260        if (cur_block->op2_to) {
1261            ZEND_OP2(opline).opline_num = cur_block->op2_to->start_opline - new_opcodes;
1262        }
1263        if (cur_block->ext_to) {
1264            opline->extended_value = cur_block->ext_to->start_opline - new_opcodes;
1265        }
1266        print_block(cur_block, new_opcodes, "Out ");
1267    }
1268    efree(op_array->opcodes);
1269    op_array->opcodes = erealloc(new_opcodes, op_array->last * sizeof(zend_op));
1270
1271    /* adjust early binding list */
1272    if (op_array->early_binding != (uint32_t)-1) {
1273        uint32_t *opline_num = &op_array->early_binding;
1274        zend_op *end;
1275
1276        opline = op_array->opcodes;
1277        end = opline + op_array->last;
1278        while (opline < end) {
1279            if (opline->opcode == ZEND_DECLARE_INHERITED_CLASS_DELAYED) {
1280                *opline_num = opline - op_array->opcodes;
1281                opline_num = &ZEND_RESULT(opline).opline_num;
1282            }
1283            ++opline;
1284        }
1285        *opline_num = -1;
1286    }
1287}
1288
1289static void zend_jmp_optimization(zend_code_block *block, zend_op_array *op_array, zend_code_block *blocks, zend_cfg *cfg, zend_optimizer_ctx *ctx TSRMLS_DC)
1290{
1291    /* last_op is the last opcode of the current block */
1292    zend_op *last_op = (block->start_opline + block->len - 1);
1293
1294    if (!block->len) {
1295        return;
1296    }
1297    switch (last_op->opcode) {
1298        case ZEND_JMP:
1299            {
1300                zend_op *target = block->op1_to->start_opline;
1301                zend_code_block *next = block->next;
1302
1303                while (next && !next->access) {
1304                    /* find used one */
1305                    next = next->next;
1306                }
1307
1308                /* JMP(next) -> NOP */
1309                if (block->op1_to == next) {
1310                    block->follow_to = block->op1_to;
1311                    block->op1_to = NULL;
1312                    MAKE_NOP(last_op);
1313                    block->len--;
1314                    if (block->len == 0) {
1315                        /* this block is nothing but NOP now */
1316                        delete_code_block(block, ctx);
1317                    }
1318                    break;
1319                }
1320
1321                if (((target->opcode == ZEND_JMP &&
1322                    block->op1_to != block->op1_to->op1_to) ||
1323                    target->opcode == ZEND_JMPZNZ) &&
1324                    !block->op1_to->protected) {
1325                    /* JMP L, L: JMP L1 -> JMP L1 */
1326                    /* JMP L, L: JMPZNZ L1,L2 -> JMPZNZ L1,L2 */
1327                    *last_op = *target;
1328                    if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1329                        zval zv = ZEND_OP1_LITERAL(last_op);
1330                        zval_copy_ctor(&zv);
1331                        last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv TSRMLS_CC);
1332                    }
1333                    del_source(block, block->op1_to);
1334                    if (block->op1_to->op2_to) {
1335                        block->op2_to = block->op1_to->op2_to;
1336                        ADD_SOURCE(block, block->op2_to);
1337                    }
1338                    if (block->op1_to->ext_to) {
1339                        block->ext_to = block->op1_to->ext_to;
1340                        ADD_SOURCE(block, block->ext_to);
1341                    }
1342                    if (block->op1_to->op1_to) {
1343                        block->op1_to = block->op1_to->op1_to;
1344                        ADD_SOURCE(block, block->op1_to);
1345                    } else {
1346                        block->op1_to = NULL;
1347                    }
1348                } else if (target->opcode == ZEND_RETURN ||
1349                          target->opcode == ZEND_RETURN_BY_REF ||
1350                          target->opcode == ZEND_FAST_RET ||
1351                          target->opcode == ZEND_EXIT) {
1352                    /* JMP L, L: RETURN to immediate RETURN */
1353                    *last_op = *target;
1354                    if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1355                        zval zv = ZEND_OP1_LITERAL(last_op);
1356                        zval_copy_ctor(&zv);
1357                        last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv TSRMLS_CC);
1358                    }
1359                    del_source(block, block->op1_to);
1360                    block->op1_to = NULL;
1361#if 0
1362                /* Temporarily disabled - see bug #0025274 */
1363                } else if (0&& block->op1_to != block &&
1364                       block->op1_to != blocks &&
1365                           op_array->last_try_catch == 0 &&
1366                           target->opcode != ZEND_FREE &&
1367                           target->opcode != ZEND_SWITCH_FREE) {
1368                    /* Block Reordering (saves one JMP on each "for" loop iteration)
1369                     * It is disabled for some cases (ZEND_FREE/ZEND_SWITCH_FREE)
1370                     * which may break register allocation.
1371                     */
1372                    zend_bool can_reorder = 0;
1373                    zend_block_source *cs = block->op1_to->sources;
1374
1375                    /* the "target" block doesn't had any followed block */
1376                    while(cs) {
1377                        if (cs->from->follow_to == block->op1_to) {
1378                            can_reorder = 0;
1379                            break;
1380                        }
1381                        cs = cs->next;
1382                    }
1383                    if (can_reorder) {
1384                        next = block->op1_to;
1385                        /* the "target" block is not followed by current "block" */
1386                        while (next->follow_to != NULL) {
1387                            if (next->follow_to == block) {
1388                                can_reorder = 0;
1389                                break;
1390                            }
1391                            next = next->follow_to;
1392                        }
1393                        if (can_reorder) {
1394                            zend_code_block *prev = blocks;
1395
1396                            while (prev->next != block->op1_to) {
1397                                prev = prev->next;
1398                            }
1399                            prev->next = next->next;
1400                            next->next = block->next;
1401                            block->next = block->op1_to;
1402
1403                            block->follow_to = block->op1_to;
1404                            block->op1_to = NULL;
1405                            MAKE_NOP(last_op);
1406                            block->len--;
1407                            if(block->len == 0) {
1408                                /* this block is nothing but NOP now */
1409                                delete_code_block(block, ctx);
1410                            }
1411                            break;
1412                        }
1413                    }
1414#endif
1415                }
1416            }
1417            break;
1418
1419        case ZEND_JMPZ:
1420        case ZEND_JMPNZ:
1421            /* constant conditional JMPs */
1422            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1423                int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC);
1424
1425                if (last_op->opcode == ZEND_JMPZ) {
1426                    should_jmp = !should_jmp;
1427                }
1428                literal_dtor(&ZEND_OP1_LITERAL(last_op));
1429                ZEND_OP1_TYPE(last_op) = IS_UNUSED;
1430                if (should_jmp) {
1431                    /* JMPNZ(true) -> JMP */
1432                    last_op->opcode = ZEND_JMP;
1433                    COPY_NODE(last_op->op1, last_op->op2);
1434                    block->op1_to = block->op2_to;
1435                    del_source(block, block->follow_to);
1436                    block->op2_to = NULL;
1437                    block->follow_to = NULL;
1438                } else {
1439                    /* JMPNZ(false) -> NOP */
1440                    MAKE_NOP(last_op);
1441                    del_source(block, block->op2_to);
1442                    block->op2_to = NULL;
1443                }
1444                break;
1445            }
1446
1447            if (block->op2_to) {
1448                zend_uchar same_type = ZEND_OP1_TYPE(last_op);
1449                uint32_t same_var = VAR_NUM_EX(last_op->op1);
1450                zend_op *target;
1451                zend_op *target_end;
1452                zend_code_block *target_block = block->op2_to;;
1453
1454next_target:
1455                target = target_block->start_opline;
1456                target_end = target_block->start_opline + target_block->len;
1457                while (target < target_end && target->opcode == ZEND_NOP) {
1458                    target++;
1459                }
1460
1461                /* next block is only NOP's */
1462                if (target == target_end) {
1463                    target_block = target_block->follow_to;
1464                    goto next_target;
1465                } else if (target->opcode == INV_COND(last_op->opcode) &&
1466                    /* JMPZ(X, L), L: JMPNZ(X, L2) -> JMPZ(X, L+1) */
1467                   (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1468                   same_type == ZEND_OP1_TYPE(target) &&
1469                   same_var == VAR_NUM_EX(target->op1) &&
1470                   target_block->follow_to &&
1471                   !target_block->protected
1472                   ) {
1473                    del_source(block, block->op2_to);
1474                    block->op2_to = target_block->follow_to;
1475                    ADD_SOURCE(block, block->op2_to);
1476                } else if (target->opcode == INV_COND_EX(last_op->opcode) &&
1477                            (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1478                            same_type == ZEND_OP1_TYPE(target) &&
1479                            same_var == VAR_NUM_EX(target->op1) &&
1480                            target_block->follow_to &&
1481                            !target_block->protected) {
1482                    /* JMPZ(X, L), L: X = JMPNZ_EX(X, L2) -> JMPZ(X, L+1) */
1483                    last_op->opcode += 3;
1484                    last_op->result = target->result;
1485                    del_source(block, block->op2_to);
1486                    block->op2_to = target_block->follow_to;
1487                    ADD_SOURCE(block, block->op2_to);
1488                } else if (target_block->op2_to &&
1489                           target->opcode == last_op->opcode &&
1490                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1491                           same_type == ZEND_OP1_TYPE(target) &&
1492                           same_var == VAR_NUM_EX(target->op1) &&
1493                           !target_block->protected) {
1494                    /* JMPZ(X, L), L: JMPZ(X, L2) -> JMPZ(X, L2) */
1495                    del_source(block, block->op2_to);
1496                    block->op2_to = target_block->op2_to;
1497                    ADD_SOURCE(block, block->op2_to);
1498                } else if (target_block->op1_to &&
1499                            target->opcode == ZEND_JMP &&
1500                            !target_block->protected) {
1501                    /* JMPZ(X, L), L: JMP(L2) -> JMPZ(X, L2) */
1502                    del_source(block, block->op2_to);
1503                    block->op2_to = target_block->op1_to;
1504                    ADD_SOURCE(block, block->op2_to);
1505                } else if (target_block->op2_to &&
1506                            target_block->ext_to &&
1507                            target->opcode == ZEND_JMPZNZ &&
1508                            (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1509                            same_type == ZEND_OP1_TYPE(target) &&
1510                            same_var == VAR_NUM_EX(target->op1) &&
1511                            !target_block->protected) {
1512                    /* JMPZ(X, L), L: JMPZNZ(X, L2, L3) -> JMPZ(X, L2) */
1513                    del_source(block, block->op2_to);
1514                    if (last_op->opcode == ZEND_JMPZ) {
1515                        block->op2_to = target_block->op2_to;
1516                    } else {
1517                        block->op2_to = target_block->ext_to;
1518                    }
1519                    ADD_SOURCE(block, block->op2_to);
1520                }
1521            }
1522
1523            if (block->follow_to &&
1524                (last_op->opcode == ZEND_JMPZ || last_op->opcode == ZEND_JMPNZ)) {
1525                zend_op *target;
1526                zend_op *target_end;
1527
1528                while (1) {
1529                    target = block->follow_to->start_opline;
1530                    target_end = block->follow_to->start_opline + block->follow_to->len;
1531                    while (target < target_end && target->opcode == ZEND_NOP) {
1532                        target++;
1533                    }
1534
1535                    /* next block is only NOP's */
1536                    if (target == target_end) {
1537                        del_source(block, block->follow_to);
1538                        block->follow_to = block->follow_to->follow_to;
1539                        ADD_SOURCE(block, block->follow_to);
1540                    } else {
1541                        break;
1542                    }
1543                }
1544                /* JMPZ(X,L1), JMP(L2) -> JMPZNZ(X,L1,L2) */
1545                if (target->opcode == ZEND_JMP &&
1546                    block->follow_to->op1_to &&
1547                    !block->follow_to->protected) {
1548                    del_source(block, block->follow_to);
1549                    if (last_op->opcode == ZEND_JMPZ) {
1550                        block->ext_to = block->follow_to->op1_to;
1551                        ADD_SOURCE(block, block->ext_to);
1552                    } else {
1553                        block->ext_to = block->op2_to;
1554                        block->op2_to = block->follow_to->op1_to;
1555                        ADD_SOURCE(block, block->op2_to);
1556                    }
1557                    block->follow_to = NULL;
1558                    last_op->opcode = ZEND_JMPZNZ;
1559                }
1560            }
1561            break;
1562
1563        case ZEND_JMPNZ_EX:
1564        case ZEND_JMPZ_EX:
1565            /* constant conditional JMPs */
1566            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1567                int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC);
1568
1569                if (last_op->opcode == ZEND_JMPZ_EX) {
1570                    should_jmp = !should_jmp;
1571                }
1572                if (!should_jmp) {
1573                    /* T = JMPZ_EX(true,L)   -> T = QM_ASSIGN(true)
1574                     * T = JMPNZ_EX(false,L) -> T = QM_ASSIGN(false)
1575                     */
1576                    last_op->opcode = ZEND_QM_ASSIGN;
1577                    SET_UNUSED(last_op->op2);
1578                    del_source(block, block->op2_to);
1579                    block->op2_to = NULL;
1580                }
1581                break;
1582            }
1583
1584            if (block->op2_to) {
1585                zend_op *target, *target_end;
1586                char *same_t=NULL;
1587                zend_code_block *target_block;
1588                int var_num = op_array->last_var + op_array->T;
1589
1590                if (var_num <= 0) {
1591                    return;
1592                }
1593                same_t = cfg->same_t;
1594                memset(same_t, 0, var_num);
1595                same_t[VAR_NUM_EX(last_op->op1)] |= ZEND_OP1_TYPE(last_op);
1596                same_t[VAR_NUM_EX(last_op->result)] |= ZEND_RESULT_TYPE(last_op);
1597                target_block = block->op2_to;
1598next_target_ex:
1599                target = target_block->start_opline;
1600                target_end = target_block->start_opline + target_block->len;
1601                while (target < target_end && target->opcode == ZEND_NOP) {
1602                    target++;
1603                }
1604                /* next block is only NOP's */
1605                if (target == target_end) {
1606                    target_block = target_block->follow_to;
1607                    goto next_target_ex;
1608                } else if (target_block->op2_to &&
1609                           target->opcode == last_op->opcode-3 &&
1610                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1611                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1612                           !target_block->protected) {
1613                    /* T = JMPZ_EX(X, L1), L1: JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1614                    del_source(block, block->op2_to);
1615                    block->op2_to = target_block->op2_to;
1616                    ADD_SOURCE(block, block->op2_to);
1617                } else if (target_block->op2_to &&
1618                           target->opcode == INV_EX_COND(last_op->opcode) &&
1619                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1620                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1621                           !target_block->protected) {
1622                    /* T = JMPZ_EX(X, L1), L1: JMPNZ({X|T1}, L2) -> T = JMPZ_EX(X, L1+1) */
1623                    del_source(block, block->op2_to);
1624                    block->op2_to = target_block->follow_to;
1625                    ADD_SOURCE(block, block->op2_to);
1626                } else if (target_block->op2_to &&
1627                           target->opcode == INV_EX_COND_EX(last_op->opcode) &&
1628                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1629                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1630                           (same_t[VAR_NUM_EX(target->result)] & ZEND_RESULT_TYPE(target)) != 0 &&
1631                           !target_block->protected) {
1632                    /* T = JMPZ_EX(X, L1), L1: T = JMPNZ_EX(T, L2) -> T = JMPZ_EX(X, L1+1) */
1633                    del_source(block, block->op2_to);
1634                    block->op2_to = target_block->follow_to;
1635                    ADD_SOURCE(block, block->op2_to);
1636                } else if (target_block->op2_to &&
1637                           target->opcode == last_op->opcode &&
1638                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1639                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1640                           (same_t[VAR_NUM_EX(target->result)] & ZEND_RESULT_TYPE(target)) != 0 &&
1641                           !target_block->protected) {
1642                    /* T = JMPZ_EX(X, L1), L1: T = JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1643                    del_source(block, block->op2_to);
1644                    block->op2_to = target_block->op2_to;
1645                    ADD_SOURCE(block, block->op2_to);
1646                } else if (target_block->op1_to &&
1647                           target->opcode == ZEND_JMP &&
1648                           !target_block->protected) {
1649                    /* T = JMPZ_EX(X, L), L: JMP(L2) -> T = JMPZ(X, L2) */
1650                    del_source(block, block->op2_to);
1651                    block->op2_to = target_block->op1_to;
1652                    ADD_SOURCE(block, block->op2_to);
1653                } else if (target_block->op2_to &&
1654                           target_block->ext_to &&
1655                           target->opcode == ZEND_JMPZNZ &&
1656                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1657                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1658                           !target_block->protected) {
1659                    /* T = JMPZ_EX(X, L), L: JMPZNZ({X|T}, L2, L3) -> T = JMPZ_EX(X, L2) */
1660                    del_source(block, block->op2_to);
1661                    if (last_op->opcode == ZEND_JMPZ_EX) {
1662                        block->op2_to = target_block->op2_to;
1663                    } else {
1664                        block->op2_to = target_block->ext_to;
1665                    }
1666                    ADD_SOURCE(block, block->op2_to);
1667                }
1668            }
1669            break;
1670
1671        case ZEND_JMPZNZ: {
1672            zend_code_block *next = block->next;
1673
1674            while (next && !next->access) {
1675                /* find first accessed one */
1676                next = next->next;
1677            }
1678
1679            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1680                if (!zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC)) {
1681                    /* JMPZNZ(false,L1,L2) -> JMP(L1) */
1682                    zend_code_block *todel;
1683
1684                    literal_dtor(&ZEND_OP1_LITERAL(last_op));
1685                    last_op->opcode = ZEND_JMP;
1686                    SET_UNUSED(last_op->op1);
1687                    SET_UNUSED(last_op->op2);
1688                    block->op1_to = block->op2_to;
1689                    todel = block->ext_to;
1690                    block->op2_to = NULL;
1691                    block->ext_to = NULL;
1692                    del_source(block, todel);
1693                } else {
1694                    /* JMPZNZ(true,L1,L2) -> JMP(L2) */
1695                    zend_code_block *todel;
1696
1697                    literal_dtor(&ZEND_OP1_LITERAL(last_op));
1698                    last_op->opcode = ZEND_JMP;
1699                    SET_UNUSED(last_op->op1);
1700                    SET_UNUSED(last_op->op2);
1701                    block->op1_to = block->ext_to;
1702                    todel =  block->op2_to;
1703                    block->op2_to = NULL;
1704                    block->ext_to = NULL;
1705                    del_source(block, todel);
1706                }
1707            } else if (block->op2_to == block->ext_to) {
1708                /* both goto the same one - it's JMP */
1709                /* JMPZNZ(?,L,L) -> JMP(L) */
1710                last_op->opcode = ZEND_JMP;
1711                SET_UNUSED(last_op->op1);
1712                SET_UNUSED(last_op->op2);
1713                block->op1_to = block->op2_to;
1714                block->op2_to = NULL;
1715                block->ext_to = NULL;
1716            } else if (block->op2_to == next) {
1717                /* jumping to next on Z - can follow to it and jump only on NZ */
1718                /* JMPZNZ(X,L1,L2) L1: -> JMPNZ(X,L2) */
1719                last_op->opcode = ZEND_JMPNZ;
1720                block->op2_to = block->ext_to;
1721                block->follow_to = next;
1722                block->ext_to = NULL;
1723                /* no need to add source - it's block->op2_to */
1724            } else if (block->ext_to == next) {
1725                /* jumping to next on NZ - can follow to it and jump only on Z */
1726                /* JMPZNZ(X,L1,L2) L2: -> JMPZ(X,L1) */
1727                last_op->opcode = ZEND_JMPZ;
1728                block->follow_to = next;
1729                block->ext_to = NULL;
1730                /* no need to add source - it's block->ext_to */
1731            }
1732
1733            if (last_op->opcode == ZEND_JMPZNZ && block->op2_to) {
1734                zend_uchar same_type = ZEND_OP1_TYPE(last_op);
1735                zend_uchar same_var = VAR_NUM_EX(last_op->op1);
1736                zend_op *target;
1737                zend_op *target_end;
1738                zend_code_block *target_block = block->op2_to;
1739
1740next_target_znz:
1741                target = target_block->start_opline;
1742                target_end = target_block->start_opline + target_block->len;
1743                while (target < target_end && target->opcode == ZEND_NOP) {
1744                    target++;
1745                }
1746                /* next block is only NOP's */
1747                if (target == target_end) {
1748                    target_block = target_block->follow_to;
1749                    goto next_target_znz;
1750                } else if (target_block->op2_to &&
1751                           (target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
1752                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1753                           same_type == ZEND_OP1_TYPE(target) &&
1754                           same_var == VAR_NUM_EX(target->op1) &&
1755                           !target_block->protected) {
1756                    /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
1757                    del_source(block, block->op2_to);
1758                    block->op2_to = target_block->op2_to;
1759                    ADD_SOURCE(block, block->op2_to);
1760                } else if (target->opcode == ZEND_JMPNZ &&
1761                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1762                           same_type == ZEND_OP1_TYPE(target) &&
1763                           same_var == VAR_NUM_EX(target->op1) &&
1764                           target_block->follow_to &&
1765                           !target_block->protected) {
1766                    /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
1767                    del_source(block, block->op2_to);
1768                    block->op2_to = target_block->follow_to;
1769                    ADD_SOURCE(block, block->op2_to);
1770                } else if (target_block->op1_to &&
1771                           target->opcode == ZEND_JMP &&
1772                           !target_block->protected) {
1773                    /* JMPZNZ(X, L1, L2), L1: JMP(L3) -> JMPZNZ(X, L3, L2) */
1774                    del_source(block, block->op2_to);
1775                    block->op2_to = target_block->op1_to;
1776                    ADD_SOURCE(block, block->op2_to);
1777                }
1778            }
1779            break;
1780        }
1781    }
1782}
1783
1784/* Global data dependencies */
1785
1786#define T_USAGE(op) do { \
1787        if ((op ## _type & (IS_VAR | IS_TMP_VAR)) && \
1788           !defined_here[VAR_NUM(op.var)] && !used_ext[VAR_NUM(op.var)]) {  \
1789            used_ext[VAR_NUM(op.var)] = 1;                                  \
1790        } \
1791    } while (0)
1792
1793#define NEVER_USED(op) ((op ## _type & (IS_VAR | IS_TMP_VAR)) && !usage[VAR_NUM(op.var)]) /* !used_ext[op.var] && */
1794#define RES_NEVER_USED(opline) (opline->result_type == IS_UNUSED || NEVER_USED(opline->result))
1795
1796/* Find a set of variables which are used outside of the block where they are
1797 * defined. We won't apply some optimization patterns for such variables. */
1798static void zend_t_usage(zend_code_block *block, zend_op_array *op_array, char *used_ext, zend_optimizer_ctx *ctx)
1799{
1800    zend_code_block *next_block = block->next;
1801    char *usage;
1802    char *defined_here;
1803    void *checkpoint;
1804
1805    if (op_array->T == 0) {
1806        /* shortcut - if no Ts, nothing to do */
1807        return;
1808    }
1809
1810    checkpoint = zend_arena_checkpoint(ctx->arena);
1811    usage = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1812    memset(usage, 0, op_array->last_var + op_array->T);
1813    defined_here = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1814
1815    while (next_block) {
1816        zend_op *opline = next_block->start_opline;
1817        zend_op *end = opline + next_block->len;
1818
1819        if (!next_block->access) {
1820            next_block = next_block->next;
1821            continue;
1822        }
1823        memset(defined_here, 0, op_array->last_var + op_array->T);
1824
1825        while (opline<end) {
1826            T_USAGE(opline->op1);
1827            T_USAGE(opline->op2);
1828
1829            if (RESULT_USED(opline)) {
1830                if (!defined_here[VAR_NUM(ZEND_RESULT(opline).var)] && !used_ext[VAR_NUM(ZEND_RESULT(opline).var)] &&
1831                    (opline->opcode == ZEND_RECV || opline->opcode == ZEND_RECV_INIT ||
1832                     opline->opcode == ZEND_RECV_VARIADIC ||
1833                    (opline->opcode == ZEND_OP_DATA && ZEND_RESULT_TYPE(opline) == IS_TMP_VAR) ||
1834                    opline->opcode == ZEND_ADD_ARRAY_ELEMENT)) {
1835                    /* these opcodes use the result as argument */
1836                    used_ext[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1837                }
1838                defined_here[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1839            }
1840            opline++;
1841        }
1842        next_block = next_block->next;
1843    }
1844
1845#if DEBUG_BLOCKPASS
1846    {
1847        int i;
1848        for (i = op_array->last_var; i< op_array->T; i++) {
1849            fprintf(stderr, "T%d: %c\n", i, used_ext[i] + '0');
1850        }
1851    }
1852#endif
1853
1854    while (block) {
1855        zend_op *opline = block->start_opline + block->len - 1;
1856
1857        if (!block->access) {
1858            block = block->next;
1859            continue;
1860        }
1861
1862        memcpy(usage, used_ext, op_array->last_var + op_array->T);
1863
1864        while (opline >= block->start_opline) {
1865            /* usage checks */
1866            if (RES_NEVER_USED(opline)) {
1867                switch (opline->opcode) {
1868                    case ZEND_ASSIGN_ADD:
1869                    case ZEND_ASSIGN_SUB:
1870                    case ZEND_ASSIGN_MUL:
1871                    case ZEND_ASSIGN_DIV:
1872                    case ZEND_ASSIGN_MOD:
1873                    case ZEND_ASSIGN_SL:
1874                    case ZEND_ASSIGN_SR:
1875                    case ZEND_ASSIGN_CONCAT:
1876                    case ZEND_ASSIGN_BW_OR:
1877                    case ZEND_ASSIGN_BW_AND:
1878                    case ZEND_ASSIGN_BW_XOR:
1879                    case ZEND_PRE_INC:
1880                    case ZEND_PRE_DEC:
1881                    case ZEND_POST_INC:
1882                    case ZEND_POST_DEC:
1883                    case ZEND_ASSIGN:
1884                    case ZEND_ASSIGN_REF:
1885                    case ZEND_DO_FCALL:
1886                        if (ZEND_RESULT_TYPE(opline) == IS_VAR) {
1887                            ZEND_RESULT_TYPE(opline) |= EXT_TYPE_UNUSED;
1888                        }
1889                        break;
1890                    case ZEND_QM_ASSIGN:
1891                    case ZEND_BOOL:
1892                    case ZEND_BOOL_NOT:
1893                        if (ZEND_OP1_TYPE(opline) == IS_CONST) {
1894                            literal_dtor(&ZEND_OP1_LITERAL(opline));
1895                        }
1896                        MAKE_NOP(opline);
1897                        break;
1898                    case ZEND_PRINT:
1899                        opline->opcode = ZEND_ECHO;
1900                        ZEND_RESULT_TYPE(opline) = IS_UNUSED;
1901                        break;
1902                    case ZEND_JMPZ_EX:
1903                    case ZEND_JMPNZ_EX:
1904                        opline->opcode -= 3;
1905                        SET_UNUSED(opline->result);
1906                        break;
1907                }
1908            }
1909
1910            if (opline->opcode == ZEND_RECV ||
1911                opline->opcode == ZEND_RECV_INIT ||
1912                opline->opcode == ZEND_RECV_VARIADIC ||
1913                opline->opcode == ZEND_ADD_ARRAY_ELEMENT) {
1914                if (ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_TMP_VAR) {
1915                    usage[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1916                }
1917            } else {
1918                if (RESULT_USED(opline)) {
1919                    usage[VAR_NUM(ZEND_RESULT(opline).var)] = 0;
1920                }
1921            }
1922
1923            if (ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_TMP_VAR) {
1924                usage[VAR_NUM(ZEND_OP1(opline).var)] = 1;
1925            }
1926
1927            if (ZEND_OP2_TYPE(opline) == IS_VAR || ZEND_OP2_TYPE(opline) == IS_TMP_VAR) {
1928                usage[VAR_NUM(ZEND_OP2(opline).var)] = 1;
1929            }
1930
1931            if ((ZEND_RESULT_TYPE(opline) & IS_VAR) &&
1932                (ZEND_RESULT_TYPE(opline) & EXT_TYPE_UNUSED) &&
1933                usage[VAR_NUM(ZEND_RESULT(opline).var)]) {
1934                ZEND_RESULT_TYPE(opline) &= ~EXT_TYPE_UNUSED;
1935            }
1936
1937            opline--;
1938        }
1939        block = block->next;
1940    } /* end blocks */
1941
1942    zend_arena_release(&ctx->arena, checkpoint);
1943}
1944
1945#define PASSES 3
1946
1947void optimize_cfg(zend_op_array *op_array, zend_optimizer_ctx *ctx TSRMLS_DC)
1948{
1949    zend_cfg cfg;
1950    zend_code_block *cur_block;
1951    int pass;
1952    char *usage;
1953    void *checkpoint;
1954
1955#if DEBUG_BLOCKPASS
1956    fprintf(stderr, "File %s func %s\n", op_array->filename, op_array->function_name? op_array->function_name : "main");
1957    fflush(stderr);
1958#endif
1959
1960    if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
1961        return;
1962    }
1963
1964    /* Build CFG */
1965    checkpoint = zend_arena_checkpoint(ctx->arena);
1966    if (!find_code_blocks(op_array, &cfg, ctx)) {
1967        zend_arena_release(&ctx->arena, checkpoint);
1968        return;
1969    }
1970
1971    zend_rebuild_access_path(&cfg, op_array, 0, ctx);
1972    /* full rebuild here to produce correct sources! */
1973    if (op_array->last_var || op_array->T) {
1974        cfg.Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
1975        cfg.same_t = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1976        usage = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1977    } else {
1978        cfg.Tsource = NULL;
1979        cfg.same_t = NULL;
1980        usage = NULL;
1981    }
1982    for (pass = 0; pass < PASSES; pass++) {
1983        /* Compute data dependencies */
1984        memset(usage, 0, op_array->last_var + op_array->T);
1985        zend_t_usage(cfg.blocks, op_array, usage, ctx);
1986
1987        /* optimize each basic block separately */
1988        for (cur_block = cfg.blocks; cur_block; cur_block = cur_block->next) {
1989            if (!cur_block->access) {
1990                continue;
1991            }
1992            zend_optimize_block(cur_block, op_array, usage, &cfg, ctx TSRMLS_CC);
1993        }
1994
1995        /* Jump optimization for each block */
1996        for (cur_block = cfg.blocks; cur_block; cur_block = cur_block->next) {
1997            if (!cur_block->access) {
1998                continue;
1999            }
2000            zend_jmp_optimization(cur_block, op_array, cfg.blocks, &cfg, ctx TSRMLS_CC);
2001        }
2002
2003        /* Eliminate unreachable basic blocks */
2004        zend_rebuild_access_path(&cfg, op_array, 1, ctx);
2005    }
2006
2007    memset(usage, 0, op_array->last_var + op_array->T);
2008    zend_t_usage(cfg.blocks, op_array, usage, ctx);
2009    assemble_code_blocks(&cfg, op_array);
2010
2011    /* Destroy CFG */
2012    zend_arena_release(&ctx->arena, checkpoint);
2013}
2014