1/*
2   +----------------------------------------------------------------------+
3   | Zend OPcache                                                         |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 1998-2014 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt                                  |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Andi Gutmans <andi@zend.com>                                |
16   |          Zeev Suraski <zeev@zend.com>                                |
17   |          Stanislav Malyshev <stas@zend.com>                          |
18   |          Dmitry Stogov <dmitry@zend.com>                             |
19   +----------------------------------------------------------------------+
20*/
21
22#include "php.h"
23#include "Optimizer/zend_optimizer.h"
24#include "Optimizer/zend_optimizer_internal.h"
25#include "zend_API.h"
26#include "zend_constants.h"
27#include "zend_execute.h"
28#include "zend_vm.h"
29
30#define DEBUG_BLOCKPASS 0
31
32/* Checks if a constant (like "true") may be replaced by its value */
33int zend_optimizer_get_persistent_constant(zend_string *name, zval *result, int copy TSRMLS_DC)
34{
35    zend_constant *c;
36    char *lookup_name;
37    int retval = 1;
38    ALLOCA_FLAG(use_heap);
39
40    if ((c = zend_hash_find_ptr(EG(zend_constants), name)) == NULL) {
41        lookup_name = DO_ALLOCA(name->len + 1);
42        memcpy(lookup_name, name->val, name->len + 1);
43        zend_str_tolower(lookup_name, name->len);
44
45        if ((c = zend_hash_str_find_ptr(EG(zend_constants), lookup_name, name->len)) != NULL) {
46            if (!(c->flags & CONST_CT_SUBST) || (c->flags & CONST_CS)) {
47                retval = 0;
48            }
49        } else {
50            retval = 0;
51        }
52        FREE_ALLOCA(lookup_name);
53    }
54
55    if (retval) {
56        if (c->flags & CONST_PERSISTENT) {
57            ZVAL_COPY_VALUE(result, &c->value);
58            if (copy) {
59                zval_copy_ctor(result);
60            }
61        } else {
62            retval = 0;
63        }
64    }
65
66    return retval;
67}
68
69#if DEBUG_BLOCKPASS
70# define BLOCK_REF(b) b?op_array->opcodes-b->start_opline:-1
71
72static inline void print_block(zend_code_block *block, zend_op *opcodes, char *txt)
73{
74    fprintf(stderr, "%sBlock: %d-%d (%d)", txt, block->start_opline - opcodes, block->start_opline - opcodes + block->len - 1, block->len);
75    if (!block->access) {
76        fprintf(stderr, " unused");
77    }
78    if (block->op1_to) {
79        fprintf(stderr, " 1: %d", block->op1_to->start_opline - opcodes);
80    }
81    if (block->op2_to) {
82        fprintf(stderr, " 2: %d", block->op2_to->start_opline - opcodes);
83    }
84    if (block->ext_to) {
85        fprintf(stderr, " e: %d", block->ext_to->start_opline - opcodes);
86    }
87    if (block->follow_to) {
88        fprintf(stderr, " f: %d", block->follow_to->start_opline - opcodes);
89    }
90
91    if (block->sources) {
92        zend_block_source *bs = block->sources;
93        fprintf(stderr, " s:");
94        while (bs) {
95            fprintf(stderr, " %d", bs->from->start_opline - opcodes);
96            bs = bs->next;
97        }
98    }
99
100    fprintf(stderr, "\n");
101    fflush(stderr);
102}
103#else
104#define print_block(a,b,c)
105#endif
106
107#define START_BLOCK_OP(opno) blocks[opno].start_opline = &op_array->opcodes[opno]; blocks[opno].start_opline_no = opno; blocks[opno].access = 1
108
109/* find code blocks in op_array
110   code block is a set of opcodes with single flow of control, i.e. without jmps,
111   branches, etc. */
112static int find_code_blocks(zend_op_array *op_array, zend_cfg *cfg, zend_optimizer_ctx *ctx)
113{
114    zend_op *opline;
115    zend_op *end = op_array->opcodes + op_array->last;
116    zend_code_block *blocks, *cur_block;
117    uint32_t opno = 0;
118
119    memset(cfg, 0, sizeof(zend_cfg));
120    blocks = cfg->blocks = zend_arena_calloc(&ctx->arena, op_array->last + 2, sizeof(zend_code_block));
121    opline = op_array->opcodes;
122    blocks[0].start_opline = opline;
123    blocks[0].start_opline_no = 0;
124    while (opline < end) {
125        switch((unsigned)opline->opcode) {
126            case ZEND_BRK:
127            case ZEND_CONT:
128            case ZEND_GOTO:
129                /* would not optimize non-optimized BRK/CONTs - we cannot
130                 really know where it jumps, so these optimizations are
131                too dangerous */
132                return 0;
133            case ZEND_FAST_CALL:
134                START_BLOCK_OP(ZEND_OP1(opline).opline_num);
135                if (opline->extended_value) {
136                    START_BLOCK_OP(ZEND_OP2(opline).opline_num);
137                }
138                START_BLOCK_OP(opno + 1);
139                break;
140            case ZEND_FAST_RET:
141                if (opline->extended_value) {
142                    START_BLOCK_OP(ZEND_OP2(opline).opline_num);
143                }
144                START_BLOCK_OP(opno + 1);
145                break;
146            case ZEND_JMP:
147                START_BLOCK_OP(ZEND_OP1(opline).opline_num);
148                /* break missing intentionally */
149            case ZEND_RETURN:
150            case ZEND_RETURN_BY_REF:
151            case ZEND_GENERATOR_RETURN:
152            case ZEND_EXIT:
153            case ZEND_THROW:
154                /* start new block from this+1 */
155                START_BLOCK_OP(opno + 1);
156                break;
157                /* TODO: if conditional jmp depends on constant,
158                         don't start block that won't be executed */
159            case ZEND_CATCH:
160                START_BLOCK_OP(opline->extended_value);
161                START_BLOCK_OP(opno + 1);
162                break;
163            case ZEND_JMPZNZ:
164                START_BLOCK_OP(opline->extended_value);
165            case ZEND_JMPZ:
166            case ZEND_JMPNZ:
167            case ZEND_JMPZ_EX:
168            case ZEND_JMPNZ_EX:
169            case ZEND_FE_RESET:
170            case ZEND_NEW:
171            case ZEND_JMP_SET:
172            case ZEND_COALESCE:
173                START_BLOCK_OP(ZEND_OP2(opline).opline_num);
174                START_BLOCK_OP(opno + 1);
175                break;
176            case ZEND_FE_FETCH:
177                START_BLOCK_OP(ZEND_OP2(opline).opline_num);
178                START_BLOCK_OP(opno + 2);
179                break;
180        }
181        opno++;
182        opline++;
183    }
184
185    /* first find block start points */
186    if (op_array->last_try_catch) {
187        int i;
188        cfg->try = zend_arena_calloc(&ctx->arena, op_array->last_try_catch, sizeof(zend_code_block *));
189        cfg->catch = zend_arena_calloc(&ctx->arena, op_array->last_try_catch, sizeof(zend_code_block *));
190        for (i = 0; i< op_array->last_try_catch; i++) {
191            cfg->try[i] = &blocks[op_array->try_catch_array[i].try_op];
192            cfg->catch[i] = &blocks[op_array->try_catch_array[i].catch_op];
193            START_BLOCK_OP(op_array->try_catch_array[i].try_op);
194            START_BLOCK_OP(op_array->try_catch_array[i].catch_op);
195            blocks[op_array->try_catch_array[i].try_op].protected = 1;
196        }
197    }
198    /* Currently, we don't optimize op_arrays with BRK/CONT/GOTO opcodes,
199     * but, we have to keep brk_cont_array to avoid memory leaks during
200     * exception handling */
201    if (op_array->last_brk_cont) {
202        int i, j;
203
204        j = 0;
205        for (i = 0; i< op_array->last_brk_cont; i++) {
206            if (op_array->brk_cont_array[i].start >= 0 &&
207                (op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_FREE ||
208                 op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_END_SILENCE)) {
209                int parent = op_array->brk_cont_array[i].parent;
210
211                while (parent >= 0 &&
212                       op_array->brk_cont_array[parent].start < 0 &&
213                       op_array->opcodes[op_array->brk_cont_array[parent].brk].opcode != ZEND_FREE) {
214                    parent = op_array->brk_cont_array[parent].parent;
215                }
216                op_array->brk_cont_array[i].parent = parent;
217                j++;
218            }
219        }
220        if (j) {
221            cfg->loop_start = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
222            cfg->loop_cont  = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
223            cfg->loop_brk   = zend_arena_calloc(&ctx->arena, op_array->last_brk_cont, sizeof(zend_code_block *));
224            j = 0;
225            for (i = 0; i< op_array->last_brk_cont; i++) {
226                if (op_array->brk_cont_array[i].start >= 0 &&
227                    (op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_FREE ||
228                     op_array->opcodes[op_array->brk_cont_array[i].brk].opcode == ZEND_END_SILENCE)) {
229                    if (i != j) {
230                        op_array->brk_cont_array[j] = op_array->brk_cont_array[i];
231                    }
232                    cfg->loop_start[j] = &blocks[op_array->brk_cont_array[j].start];
233                    cfg->loop_cont[j]  = &blocks[op_array->brk_cont_array[j].cont];
234                    cfg->loop_brk[j]   = &blocks[op_array->brk_cont_array[j].brk];
235                    START_BLOCK_OP(op_array->brk_cont_array[j].start);
236                    START_BLOCK_OP(op_array->brk_cont_array[j].cont);
237                    START_BLOCK_OP(op_array->brk_cont_array[j].brk);
238                    blocks[op_array->brk_cont_array[j].start].protected = 1;
239                    blocks[op_array->brk_cont_array[j].brk].protected = 1;
240                    j++;
241                }
242            }
243            op_array->last_brk_cont = j;
244        } else {
245            efree(op_array->brk_cont_array);
246            op_array->brk_cont_array = NULL;
247            op_array->last_brk_cont = 0;
248        }
249    }
250
251    /* Build CFG (Control Flow Graph) */
252    cur_block = blocks;
253    for (opno = 1; opno < op_array->last; opno++) {
254        if (blocks[opno].start_opline) {
255            /* found new block start */
256            cur_block->len = blocks[opno].start_opline - cur_block->start_opline;
257            cur_block->next = &blocks[opno];
258            /* what is the last OP of previous block? */
259            opline = blocks[opno].start_opline - 1;
260            if (opline->opcode == ZEND_OP_DATA) {
261                opline--;
262            }
263            switch((unsigned)opline->opcode) {
264                case ZEND_RETURN:
265                case ZEND_RETURN_BY_REF:
266                case ZEND_GENERATOR_RETURN:
267                case ZEND_EXIT:
268                case ZEND_THROW:
269                    break;
270                case ZEND_FAST_CALL:
271                    if (opline->extended_value) {
272                        cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
273                    }
274                    cur_block->op1_to = &blocks[ZEND_OP1(opline).opline_num];
275                    break;
276                case ZEND_FAST_RET:
277                    if (opline->extended_value) {
278                        cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
279                    }
280                    break;
281                case ZEND_JMP:
282                    cur_block->op1_to = &blocks[ZEND_OP1(opline).opline_num];
283                    break;
284                case ZEND_JMPZNZ:
285                    cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
286                    cur_block->ext_to = &blocks[opline->extended_value];
287                    break;
288                case ZEND_CATCH:
289                    cur_block->ext_to = &blocks[opline->extended_value];
290                    cur_block->follow_to = &blocks[opno];
291                    break;
292                case ZEND_JMPZ:
293                case ZEND_JMPNZ:
294                case ZEND_JMPZ_EX:
295                case ZEND_JMPNZ_EX:
296                case ZEND_FE_RESET:
297                case ZEND_NEW:
298                case ZEND_JMP_SET:
299                case ZEND_COALESCE:
300                case ZEND_FE_FETCH:
301                    cur_block->op2_to = &blocks[ZEND_OP2(opline).opline_num];
302                    /* break missing intentionally */
303                default:
304                    /* next block follows this */
305                    cur_block->follow_to = &blocks[opno];
306                    break;
307            }
308            print_block(cur_block, op_array->opcodes, "");
309            cur_block = cur_block->next;
310        }
311    }
312    cur_block->len = end - cur_block->start_opline;
313    cur_block->next = &blocks[op_array->last + 1];
314    print_block(cur_block, op_array->opcodes, "");
315
316    return 1;
317}
318
319/* CFG back references management */
320
321#define ADD_SOURCE(fromb, tob) { \
322    zend_block_source *__s = tob->sources; \
323    while (__s && __s->from != fromb) __s = __s->next; \
324    if (__s == NULL) { \
325        zend_block_source *__t = zend_arena_alloc(&ctx->arena, sizeof(zend_block_source)); \
326        __t->next = tob->sources; \
327        tob->sources = __t; \
328        __t->from = fromb; \
329    } \
330}
331
332#define DEL_SOURCE(cs) do { \
333        *(cs) = (*(cs))->next; \
334    } while (0)
335
336
337static inline void replace_source(zend_block_source *list, zend_code_block *old, zend_code_block *new)
338{
339    /* replace all references to 'old' in 'list' with 'new' */
340    zend_block_source **cs;
341    int found = 0;
342
343    for (cs = &list; *cs; cs = &((*cs)->next)) {
344        if ((*cs)->from == new) {
345            if (found) {
346                DEL_SOURCE(cs);
347            } else {
348                found = 1;
349            }
350        }
351
352        if ((*cs)->from == old) {
353            if (found) {
354                DEL_SOURCE(cs);
355            } else {
356                (*cs)->from = new;
357                found = 1;
358            }
359        }
360    }
361}
362
363static inline void del_source(zend_code_block *from, zend_code_block *to)
364{
365    /* delete source 'from' from 'to'-s sources list */
366    zend_block_source **cs = &to->sources;
367
368    if (to->sources == NULL) {
369        to->access = 0;
370        return;
371    }
372
373    while (*cs) {
374        if ((*cs)->from == from) {
375            DEL_SOURCE(cs);
376            break;
377        }
378        cs = &((*cs)->next);
379    }
380
381    if (to->sources == NULL) {
382        /* 'to' has no more sources - it's unused, will be stripped */
383        to->access = 0;
384        return;
385    }
386
387    if (to->sources->next == NULL) {
388        /* source to only one block */
389        zend_code_block *from_block = to->sources->from;
390
391        if (from_block->access && from_block->follow_to == to &&
392            from_block->op1_to == NULL &&
393            from_block->op2_to == NULL &&
394            from_block->ext_to == NULL) {
395            /* this block follows it's only predecessor - we can join them */
396            zend_op *new_to = from_block->start_opline + from_block->len;
397            if (new_to != to->start_opline) {
398                /* move block to new location */
399                memmove(new_to, to->start_opline, sizeof(zend_op)*to->len);
400            }
401            /* join blocks' lengths */
402            from_block->len += to->len;
403            /* move 'to'`s references to 'from' */
404            to->start_opline = NULL;
405            to->access = 0;
406            to->sources = NULL;
407            from_block->follow_to = to->follow_to;
408            if (to->op1_to) {
409                from_block->op1_to = to->op1_to;
410                replace_source(to->op1_to->sources, to, from_block);
411            }
412            if (to->op2_to) {
413                from_block->op2_to = to->op2_to;
414                replace_source(to->op2_to->sources, to, from_block);
415            }
416            if (to->ext_to) {
417                from_block->ext_to = to->ext_to;
418                replace_source(to->ext_to->sources, to, from_block);
419            }
420            if (to->follow_to) {
421                replace_source(to->follow_to->sources, to, from_block);
422            }
423            /* remove "to" from list */
424        }
425    }
426}
427
428static void delete_code_block(zend_code_block *block, zend_optimizer_ctx *ctx)
429{
430    if (block->protected) {
431        return;
432    }
433    if (block->follow_to) {
434        zend_block_source *bs = block->sources;
435        while (bs) {
436            zend_code_block *from_block = bs->from;
437            zend_code_block *to = block->follow_to;
438            if (from_block->op1_to == block) {
439                from_block->op1_to = to;
440                ADD_SOURCE(from_block, to);
441            }
442            if (from_block->op2_to == block) {
443                from_block->op2_to = to;
444                ADD_SOURCE(from_block, to);
445            }
446            if (from_block->ext_to == block) {
447                from_block->ext_to = to;
448                ADD_SOURCE(from_block, to);
449            }
450            if (from_block->follow_to == block) {
451                from_block->follow_to = to;
452                ADD_SOURCE(from_block, to);
453            }
454            bs = bs->next;
455        }
456    }
457    block->access = 0;
458}
459
460static void zend_access_path(zend_code_block *block, zend_optimizer_ctx *ctx)
461{
462    if (block->access) {
463        return;
464    }
465
466    block->access = 1;
467    if (block->op1_to) {
468        zend_access_path(block->op1_to, ctx);
469        ADD_SOURCE(block, block->op1_to);
470    }
471    if (block->op2_to) {
472        zend_access_path(block->op2_to, ctx);
473        ADD_SOURCE(block, block->op2_to);
474    }
475    if (block->ext_to) {
476        zend_access_path(block->ext_to, ctx);
477        ADD_SOURCE(block, block->ext_to);
478    }
479    if (block->follow_to) {
480        zend_access_path(block->follow_to, ctx);
481        ADD_SOURCE(block, block->follow_to);
482    }
483}
484
485/* Traverse CFG, mark reachable basic blocks and build back references */
486static void zend_rebuild_access_path(zend_cfg *cfg, zend_op_array *op_array, int find_start, zend_optimizer_ctx *ctx)
487{
488    zend_code_block *blocks = cfg->blocks;
489    zend_code_block *start = find_start? NULL : blocks;
490    zend_code_block *b;
491
492    /* Mark all blocks as unaccessible and destroy back references */
493    b = blocks;
494    while (b != NULL) {
495        if (!start && b->access) {
496            start = b;
497        }
498        b->access = 0;
499        b->sources = NULL;
500        b = b->next;
501    }
502
503    /* Walk thorough all paths */
504    zend_access_path(start, ctx);
505
506    /* Add brk/cont paths */
507    if (op_array->last_brk_cont) {
508        int i;
509        for (i=0; i< op_array->last_brk_cont; i++) {
510            zend_access_path(cfg->loop_start[i], ctx);
511            zend_access_path(cfg->loop_cont[i], ctx);
512            zend_access_path(cfg->loop_brk[i], ctx);
513        }
514    }
515
516    /* Add exception paths */
517    if (op_array->last_try_catch) {
518        int i;
519        for (i=0; i< op_array->last_try_catch; i++) {
520            if (!cfg->catch[i]->access) {
521                zend_access_path(cfg->catch[i], ctx);
522            }
523        }
524    }
525}
526
527/* Data dependencies macros */
528
529#define VAR_NUM_EX(op) VAR_NUM((op).var)
530
531#define VAR_SOURCE(op) Tsource[VAR_NUM(op.var)]
532#define SET_VAR_SOURCE(opline) Tsource[VAR_NUM(opline->result.var)] = opline
533
534#define VAR_UNSET(op) do { if (op ## _type & (IS_TMP_VAR|IS_VAR)) {VAR_SOURCE(op) = NULL;}} while (0)
535
536#define convert_to_string_safe(v) \
537    if (Z_TYPE_P((v)) == IS_NULL) { \
538        ZVAL_STRINGL((v), "", 0); \
539    } else { \
540        convert_to_string((v)); \
541    }
542
543static void strip_nop(zend_code_block *block, zend_optimizer_ctx *ctx)
544{
545    zend_op *opline = block->start_opline;
546    zend_op *end, *new_end;
547
548    /* remove leading NOPs */
549    while (block->len > 0 && block->start_opline->opcode == ZEND_NOP) {
550        if (block->len == 1) {
551            /* this block is all NOPs, join with following block */
552            if (block->follow_to) {
553                delete_code_block(block, ctx);
554            }
555            return;
556        }
557        block->start_opline++;
558        block->start_opline_no++;
559        block->len--;
560    }
561
562    /* strip the inside NOPs */
563    opline = new_end = block->start_opline;
564    end = opline + block->len;
565
566    while (opline < end) {
567        zend_op *src;
568        int len = 0;
569
570        while (opline < end && opline->opcode == ZEND_NOP) {
571            opline++;
572        }
573        src = opline;
574
575        while (opline < end && opline->opcode != ZEND_NOP) {
576            opline++;
577        }
578        len = opline - src;
579
580        /* move up non-NOP opcodes */
581        memmove(new_end, src, len*sizeof(zend_op));
582
583        new_end += len;
584    }
585    block->len = new_end - block->start_opline;
586}
587
588static void zend_optimize_block(zend_code_block *block, zend_op_array *op_array, char *used_ext, zend_cfg *cfg, zend_optimizer_ctx *ctx TSRMLS_DC)
589{
590    zend_op *opline = block->start_opline;
591    zend_op *end, *last_op = NULL;
592    zend_op **Tsource = cfg->Tsource;
593
594    print_block(block, op_array->opcodes, "Opt ");
595
596    /* remove leading NOPs */
597    while (block->len > 0 && block->start_opline->opcode == ZEND_NOP) {
598        if (block->len == 1) {
599            /* this block is all NOPs, join with following block */
600            if (block->follow_to) {
601                delete_code_block(block, ctx);
602            }
603            return;
604        }
605        block->start_opline++;
606        block->start_opline_no++;
607        block->len--;
608    }
609
610    /* we track data dependencies only insight a single basic block */
611    memset(Tsource, 0, (op_array->last_var + op_array->T) * sizeof(zend_op *));
612    opline = block->start_opline;
613    end = opline + block->len;
614    while ((op_array->T) && (opline < end)) {
615        /* strip X = QM_ASSIGN(const) */
616        if ((ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
617            VAR_SOURCE(opline->op1) &&
618            VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN &&
619            ZEND_OP1_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
620            opline->opcode != ZEND_CASE &&         /* CASE _always_ expects variable */
621            opline->opcode != ZEND_FETCH_LIST &&
622            opline->opcode != ZEND_FE_RESET &&
623            opline->opcode != ZEND_FREE
624            ) {
625            zend_op *src = VAR_SOURCE(opline->op1);
626            zval c = ZEND_OP1_LITERAL(src);
627            VAR_UNSET(opline->op1);
628            zval_copy_ctor(&c);
629            zend_optimizer_update_op1_const(op_array, opline, &c TSRMLS_CC);
630            literal_dtor(&ZEND_OP1_LITERAL(src));
631            MAKE_NOP(src);
632        }
633
634        /* T = QM_ASSIGN(C), F(T) => NOP, F(C) */
635        if ((ZEND_OP2_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
636            VAR_SOURCE(opline->op2) &&
637            VAR_SOURCE(opline->op2)->opcode == ZEND_QM_ASSIGN &&
638            ZEND_OP1_TYPE(VAR_SOURCE(opline->op2)) == IS_CONST) {
639            zend_op *src = VAR_SOURCE(opline->op2);
640            zval c = ZEND_OP1_LITERAL(src);
641            VAR_UNSET(opline->op2);
642            zval_copy_ctor(&c);
643            zend_optimizer_update_op2_const(op_array, opline, &c TSRMLS_CC);
644            literal_dtor(&ZEND_OP1_LITERAL(src));
645            MAKE_NOP(src);
646        }
647
648        /* T = PRINT(X), F(T) => ECHO(X), F(1) */
649        if (ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
650            VAR_SOURCE(opline->op1) &&
651            VAR_SOURCE(opline->op1)->opcode == ZEND_PRINT &&
652            opline->opcode != ZEND_CASE && opline->opcode != ZEND_FREE) {
653            ZEND_OP1_TYPE(opline) = IS_CONST;
654            LITERAL_LONG(opline->op1, 1);
655        }
656
657        if (ZEND_OP2_TYPE(opline) == IS_TMP_VAR &&
658            VAR_SOURCE(opline->op2) &&
659            VAR_SOURCE(opline->op2)->opcode == ZEND_PRINT) {
660            ZEND_OP2_TYPE(opline) = IS_CONST;
661            LITERAL_LONG(opline->op2, 1);
662        }
663
664        /* T = CAST(X, String), ECHO(T) => NOP, ECHO(X) */
665        if ((opline->opcode == ZEND_ECHO || opline->opcode == ZEND_PRINT) &&
666            ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR) &&
667            VAR_SOURCE(opline->op1) &&
668            VAR_SOURCE(opline->op1)->opcode == ZEND_CAST &&
669            VAR_SOURCE(opline->op1)->extended_value == IS_STRING) {
670            zend_op *src = VAR_SOURCE(opline->op1);
671            COPY_NODE(opline->op1, src->op1);
672            MAKE_NOP(src);
673        }
674
675        /* T = PRINT(X), FREE(T) => ECHO(X) */
676        if (opline->opcode == ZEND_FREE &&
677            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
678            VAR_SOURCE(opline->op1)) {
679            zend_op *src = VAR_SOURCE(opline->op1);
680            if (src->opcode == ZEND_PRINT) {
681                src->opcode = ZEND_ECHO;
682                ZEND_RESULT_TYPE(src) = IS_UNUSED;
683                MAKE_NOP(opline);
684            }
685        }
686
687       /* T = BOOL(X), FREE(T) => NOP */
688        if (opline->opcode == ZEND_FREE &&
689            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
690            VAR_SOURCE(opline->op1)) {
691            zend_op *src = VAR_SOURCE(opline->op1);
692            if (src->opcode == ZEND_BOOL) {
693                if (ZEND_OP1_TYPE(src) == IS_CONST) {
694                    literal_dtor(&ZEND_OP1_LITERAL(src));
695                }
696                MAKE_NOP(src);
697                MAKE_NOP(opline);
698            }
699        }
700
701#if 0
702        /* pre-evaluate functions:
703           constant(x)
704           defined(x)
705           function_exists(x)
706           extension_loaded(x)
707           BAD: interacts badly with Accelerator
708        */
709        if((ZEND_OP1_TYPE(opline) & IS_VAR) &&
710           VAR_SOURCE(opline->op1) && VAR_SOURCE(opline->op1)->opcode == ZEND_DO_CF_FCALL &&
711           VAR_SOURCE(opline->op1)->extended_value == 1) {
712            zend_op *fcall = VAR_SOURCE(opline->op1);
713            zend_op *sv = fcall-1;
714            if(sv >= block->start_opline && sv->opcode == ZEND_SEND_VAL &&
715               ZEND_OP1_TYPE(sv) == IS_CONST && Z_TYPE(OPLINE_OP1_LITERAL(sv)) == IS_STRING &&
716               Z_LVAL(OPLINE_OP2_LITERAL(sv)) == 1
717               ) {
718                zval *arg = &OPLINE_OP1_LITERAL(sv);
719                char *fname = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].function_name;
720                int flen = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].name_len;
721                if(flen == sizeof("defined")-1 && zend_binary_strcasecmp(fname, flen, "defined", sizeof("defined")-1) == 0) {
722                    zval c;
723                    if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 0 TSRMLS_CC ELS_CC) != 0) {
724                        literal_dtor(arg);
725                        MAKE_NOP(sv);
726                        MAKE_NOP(fcall);
727                        LITERAL_BOOL(opline->op1, 1);
728                        ZEND_OP1_TYPE(opline) = IS_CONST;
729                    }
730                } else if((flen == sizeof("function_exists")-1 && zend_binary_strcasecmp(fname, flen, "function_exists", sizeof("function_exists")-1) == 0) ||
731                          (flen == sizeof("is_callable")-1 && zend_binary_strcasecmp(fname, flen, "is_callable", sizeof("is_callable")-1) == 0)
732                          ) {
733                    zend_function *function;
734                    if((function = zend_hash_find_ptr(EG(function_table), Z_STR_P(arg))) != NULL) {
735                        literal_dtor(arg);
736                        MAKE_NOP(sv);
737                        MAKE_NOP(fcall);
738                        LITERAL_BOOL(opline->op1, 1);
739                        ZEND_OP1_TYPE(opline) = IS_CONST;
740                    }
741                } else if(flen == sizeof("constant")-1 && zend_binary_strcasecmp(fname, flen, "constant", sizeof("constant")-1) == 0) {
742                    zval c;
743                    if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 1 TSRMLS_CC ELS_CC) != 0) {
744                        literal_dtor(arg);
745                        MAKE_NOP(sv);
746                        MAKE_NOP(fcall);
747                        ZEND_OP1_LITERAL(opline) = zend_optimizer_add_literal(op_array, &c TSRMLS_CC);
748                        /* no copy ctor - get already copied it */
749                        ZEND_OP1_TYPE(opline) = IS_CONST;
750                    }
751                } else if(flen == sizeof("extension_loaded")-1 && zend_binary_strcasecmp(fname, flen, "extension_loaded", sizeof("extension_loaded")-1) == 0) {
752                    if(zend_hash_exists(&module_registry, Z_STR_P(arg))) {
753                        literal_dtor(arg);
754                        MAKE_NOP(sv);
755                        MAKE_NOP(fcall);
756                        LITERAL_BOOL(opline->op1, 1);
757                        ZEND_OP1_TYPE(opline) = IS_CONST;
758                    }
759                }
760            }
761        }
762#endif
763
764        /* IS_EQ(TRUE, X)      => BOOL(X)
765         * IS_EQ(FALSE, X)     => BOOL_NOT(X)
766         * IS_NOT_EQ(TRUE, X)  => BOOL_NOT(X)
767         * IS_NOT_EQ(FALSE, X) => BOOL(X)
768         * CASE(TRUE, X)       => BOOL(X)
769         * CASE(FALSE, X)      => BOOL_NOT(X)
770         */
771        if (opline->opcode == ZEND_IS_EQUAL ||
772            opline->opcode == ZEND_IS_NOT_EQUAL ||
773            opline->opcode == ZEND_CASE) {
774            if (ZEND_OP1_TYPE(opline) == IS_CONST &&
775// TODO: Optimization of comparison with null may be not safe ???
776#if 1
777                (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_FALSE ||
778                 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_TRUE)) {
779#else
780                 Z_TYPE(ZEND_OP1_LITERAL(opline)) <= IS_TRUE) {
781#endif
782                opline->opcode =
783                    ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP1_LITERAL(opline))) == IS_TRUE)) ?
784                    ZEND_BOOL : ZEND_BOOL_NOT;
785                COPY_NODE(opline->op1, opline->op2);
786                SET_UNUSED(opline->op2);
787            } else if (ZEND_OP2_TYPE(opline) == IS_CONST &&
788// TODO: Optimization of comparison with null may be not safe ???
789#if 1
790                       (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
791                        Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
792#else
793                        Z_TYPE(ZEND_OP2_LITERAL(opline)) <= IS_TRUE) {
794#endif
795                opline->opcode =
796                    ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
797                    ZEND_BOOL : ZEND_BOOL_NOT;
798                SET_UNUSED(opline->op2);
799            }
800        }
801
802        if ((opline->opcode == ZEND_BOOL ||
803            opline->opcode == ZEND_BOOL_NOT ||
804            opline->opcode == ZEND_JMPZ ||
805            opline->opcode == ZEND_JMPNZ ||
806            opline->opcode == ZEND_JMPZNZ) &&
807            ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
808            VAR_SOURCE(opline->op1) != NULL &&
809            !used_ext[VAR_NUM(ZEND_OP1(opline).var)] &&
810            VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL_NOT) {
811            /* T = BOOL_NOT(X) + JMPZ(T) -> NOP, JMPNZ(X) */
812            zend_op *src = VAR_SOURCE(opline->op1);
813
814            COPY_NODE(opline->op1, src->op1);
815
816            switch (opline->opcode) {
817                case ZEND_BOOL:
818                    /* T = BOOL_NOT(X) + BOOL(T) -> NOP, BOOL_NOT(X) */
819                    opline->opcode = ZEND_BOOL_NOT;
820                    break;
821                case ZEND_BOOL_NOT:
822                    /* T = BOOL_NOT(X) + BOOL_BOOL(T) -> NOP, BOOL(X) */
823                    opline->opcode = ZEND_BOOL;
824                    break;
825                case ZEND_JMPZ:
826                    /* T = BOOL_NOT(X) + JMPZ(T,L) -> NOP, JMPNZ(X,L) */
827                    opline->opcode = ZEND_JMPNZ;
828                    break;
829                case ZEND_JMPNZ:
830                    /* T = BOOL_NOT(X) + JMPNZ(T,L) -> NOP, JMPZ(X,L) */
831                    opline->opcode = ZEND_JMPZ;
832                    break;
833                case ZEND_JMPZNZ:
834                {
835                    /* T = BOOL_NOT(X) + JMPZNZ(T,L1,L2) -> NOP, JMPZNZ(X,L2,L1) */
836                    int op_t;
837                    zend_code_block *op_b;
838
839                    op_t = opline->extended_value;
840                    opline->extended_value = ZEND_OP2(opline).opline_num;
841                    ZEND_OP2(opline).opline_num = op_t;
842
843                    op_b = block->ext_to;
844                    block->ext_to = block->op2_to;
845                    block->op2_to = op_b;
846                }
847                break;
848            }
849
850            VAR_UNSET(opline->op1);
851            MAKE_NOP(src);
852            continue;
853        } else
854#if 0
855        /* T = BOOL_NOT(X) + T = JMPZ_EX(T, X) -> T = BOOL_NOT(X), JMPNZ(X) */
856        if(0 && (opline->opcode == ZEND_JMPZ_EX ||
857            opline->opcode == ZEND_JMPNZ_EX) &&
858           ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
859           VAR_SOURCE(opline->op1) != NULL &&
860           VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL_NOT &&
861           ZEND_OP1(opline).var == ZEND_RESULT(opline).var
862           ) {
863            zend_op *src = VAR_SOURCE(opline->op1);
864            if(opline->opcode == ZEND_JMPZ_EX) {
865                opline->opcode = ZEND_JMPNZ;
866            } else {
867                opline->opcode = ZEND_JMPZ;
868            }
869            COPY_NODE(opline->op1, src->op1);
870            SET_UNUSED(opline->result);
871            continue;
872        } else
873#endif
874        /* T = BOOL(X) + JMPZ(T) -> NOP, JMPZ(X) */
875        if ((opline->opcode == ZEND_BOOL ||
876            opline->opcode == ZEND_BOOL_NOT ||
877            opline->opcode == ZEND_JMPZ ||
878            opline->opcode == ZEND_JMPZ_EX ||
879            opline->opcode == ZEND_JMPNZ_EX ||
880            opline->opcode == ZEND_JMPNZ ||
881            opline->opcode == ZEND_JMPZNZ) &&
882            (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
883            VAR_SOURCE(opline->op1) != NULL &&
884            (!used_ext[VAR_NUM(ZEND_OP1(opline).var)] ||
885            ((ZEND_RESULT_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
886             ZEND_RESULT(opline).var == ZEND_OP1(opline).var)) &&
887            (VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL ||
888            VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN)) {
889            zend_op *src = VAR_SOURCE(opline->op1);
890            COPY_NODE(opline->op1, src->op1);
891
892            VAR_UNSET(opline->op1);
893            MAKE_NOP(src);
894            continue;
895        } else if (last_op && opline->opcode == ZEND_ECHO &&
896                  last_op->opcode == ZEND_ECHO &&
897                  ZEND_OP1_TYPE(opline) == IS_CONST &&
898                  Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_DOUBLE &&
899                  ZEND_OP1_TYPE(last_op) == IS_CONST &&
900                  Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_DOUBLE) {
901            /* compress consecutive ECHO's.
902             * Float to string conversion may be affected by current
903             * locale setting.
904             */
905            int l, old_len;
906
907            if (Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_STRING) {
908                convert_to_string_safe(&ZEND_OP1_LITERAL(opline));
909            }
910            if (Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_STRING) {
911                convert_to_string_safe(&ZEND_OP1_LITERAL(last_op));
912            }
913            old_len = Z_STRLEN(ZEND_OP1_LITERAL(last_op));
914            l = old_len + Z_STRLEN(ZEND_OP1_LITERAL(opline));
915            if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(last_op))) {
916                zend_string *tmp = zend_string_alloc(l, 0);
917                memcpy(tmp->val, Z_STRVAL(ZEND_OP1_LITERAL(last_op)), old_len);
918                Z_STR(ZEND_OP1_LITERAL(last_op)) = tmp;
919            } else {
920                Z_STR(ZEND_OP1_LITERAL(last_op)) = zend_string_realloc(Z_STR(ZEND_OP1_LITERAL(last_op)), l, 0);
921            }
922            Z_TYPE_INFO(ZEND_OP1_LITERAL(last_op)) = IS_STRING_EX;
923            memcpy(Z_STRVAL(ZEND_OP1_LITERAL(last_op)) + old_len, Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)));
924            Z_STRVAL(ZEND_OP1_LITERAL(last_op))[l] = '\0';
925            zval_dtor(&ZEND_OP1_LITERAL(opline));
926            Z_STR(ZEND_OP1_LITERAL(opline)) = zend_new_interned_string(Z_STR(ZEND_OP1_LITERAL(last_op)) TSRMLS_CC);
927            if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(opline))) {
928                Z_TYPE_FLAGS(ZEND_OP1_LITERAL(opline)) &= ~ (IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE);
929            }
930            ZVAL_NULL(&ZEND_OP1_LITERAL(last_op));
931            MAKE_NOP(last_op);
932        } else if (opline->opcode == ZEND_CONCAT &&
933                  ZEND_OP2_TYPE(opline) == IS_CONST &&
934                  ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
935                  VAR_SOURCE(opline->op1) &&
936                  (VAR_SOURCE(opline->op1)->opcode == ZEND_CONCAT ||
937                   VAR_SOURCE(opline->op1)->opcode == ZEND_ADD_STRING) &&
938                  ZEND_OP2_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
939                  ZEND_RESULT(VAR_SOURCE(opline->op1)).var == ZEND_OP1(opline).var) {
940            /* compress consecutive CONCATs */
941            zend_op *src = VAR_SOURCE(opline->op1);
942            int l, old_len;
943
944            if (Z_TYPE(ZEND_OP2_LITERAL(opline)) != IS_STRING) {
945                convert_to_string_safe(&ZEND_OP2_LITERAL(opline));
946            }
947            if (Z_TYPE(ZEND_OP2_LITERAL(src)) != IS_STRING) {
948                convert_to_string_safe(&ZEND_OP2_LITERAL(src));
949            }
950
951            VAR_UNSET(opline->op1);
952            if (ZEND_OP1_TYPE(src) == IS_UNUSED) {
953                /* 5.3 may use IS_UNUSED as first argument to ZEND_ADD_... */
954                opline->opcode = ZEND_ADD_STRING;
955            }
956            COPY_NODE(opline->op1, src->op1);
957            old_len = Z_STRLEN(ZEND_OP2_LITERAL(src));
958            l = old_len + Z_STRLEN(ZEND_OP2_LITERAL(opline));
959            if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(src))) {
960                zend_string *tmp = zend_string_alloc(l, 0);
961                memcpy(tmp->val, Z_STRVAL(ZEND_OP2_LITERAL(src)), old_len);
962                Z_STR(ZEND_OP2_LITERAL(last_op)) = tmp;
963            } else {
964                Z_STR(ZEND_OP2_LITERAL(src)) = zend_string_realloc(Z_STR(ZEND_OP2_LITERAL(src)), l, 0);
965            }
966            Z_TYPE_INFO(ZEND_OP2_LITERAL(last_op)) = IS_STRING_EX;
967            memcpy(Z_STRVAL(ZEND_OP2_LITERAL(src)) + old_len, Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)));
968            Z_STRVAL(ZEND_OP2_LITERAL(src))[l] = '\0';
969            zend_string_release(Z_STR(ZEND_OP2_LITERAL(opline)));
970            Z_STR(ZEND_OP2_LITERAL(opline)) = zend_new_interned_string(Z_STR(ZEND_OP2_LITERAL(src)) TSRMLS_CC);
971            if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(opline))) {
972                Z_TYPE_FLAGS(ZEND_OP2_LITERAL(opline)) &= ~ (IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE);
973            }
974            ZVAL_NULL(&ZEND_OP2_LITERAL(src));
975            MAKE_NOP(src);
976        } else if ((opline->opcode == ZEND_ADD_STRING || opline->opcode == ZEND_ADD_VAR) && ZEND_OP1_TYPE(opline) == IS_CONST) {
977            /* convert ADD_STRING(C1, C2) to CONCAT(C1, C2) */
978            opline->opcode = ZEND_CONCAT;
979            continue;
980        } else if (opline->opcode == ZEND_ADD_CHAR && ZEND_OP1_TYPE(opline) == IS_CONST && ZEND_OP2_TYPE(opline) == IS_CONST) {
981            /* convert ADD_CHAR(C1, C2) to CONCAT(C1, C2) */
982            char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
983            ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
984            opline->opcode = ZEND_CONCAT;
985            continue;
986        } else if ((opline->opcode == ZEND_ADD ||
987                    opline->opcode == ZEND_SUB ||
988                    opline->opcode == ZEND_MUL ||
989                    opline->opcode == ZEND_DIV ||
990                    opline->opcode == ZEND_MOD ||
991                    opline->opcode == ZEND_SL ||
992                    opline->opcode == ZEND_SR ||
993                    opline->opcode == ZEND_CONCAT ||
994                    opline->opcode == ZEND_IS_EQUAL ||
995                    opline->opcode == ZEND_IS_NOT_EQUAL ||
996                    opline->opcode == ZEND_IS_SMALLER ||
997                    opline->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
998                    opline->opcode == ZEND_IS_IDENTICAL ||
999                    opline->opcode == ZEND_IS_NOT_IDENTICAL ||
1000                    opline->opcode == ZEND_BOOL_XOR ||
1001                    opline->opcode == ZEND_BW_OR ||
1002                    opline->opcode == ZEND_BW_AND ||
1003                    opline->opcode == ZEND_BW_XOR) &&
1004                    ZEND_OP1_TYPE(opline)==IS_CONST &&
1005                    ZEND_OP2_TYPE(opline)==IS_CONST) {
1006            /* evaluate constant expressions */
1007            int (*binary_op)(zval *result, zval *op1, zval *op2 TSRMLS_DC) = get_binary_op(opline->opcode);
1008            zval result;
1009            int er;
1010
1011            if ((opline->opcode == ZEND_DIV || opline->opcode == ZEND_MOD) &&
1012                ((Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_LONG &&
1013                  Z_LVAL(ZEND_OP2_LITERAL(opline)) == 0) ||
1014                 (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_DOUBLE &&
1015                  Z_DVAL(ZEND_OP2_LITERAL(opline)) == 0.0))) {
1016                if (RESULT_USED(opline)) {
1017                    SET_VAR_SOURCE(opline);
1018                }
1019                opline++;
1020                continue;
1021            }
1022            er = EG(error_reporting);
1023            EG(error_reporting) = 0;
1024            if (binary_op(&result, &ZEND_OP1_LITERAL(opline), &ZEND_OP2_LITERAL(opline) TSRMLS_CC) == SUCCESS) {
1025                literal_dtor(&ZEND_OP1_LITERAL(opline));
1026                literal_dtor(&ZEND_OP2_LITERAL(opline));
1027                opline->opcode = ZEND_QM_ASSIGN;
1028                SET_UNUSED(opline->op2);
1029                zend_optimizer_update_op1_const(op_array, opline, &result TSRMLS_CC);
1030            }
1031            EG(error_reporting) = er;
1032        } else if ((opline->opcode == ZEND_BOOL ||
1033                    opline->opcode == ZEND_BOOL_NOT ||
1034                    opline->opcode == ZEND_BW_NOT) && ZEND_OP1_TYPE(opline) == IS_CONST) {
1035            /* evaluate constant unary ops */
1036            unary_op_type unary_op = get_unary_op(opline->opcode);
1037            zval result;
1038
1039            if (unary_op) {
1040                unary_op(&result, &ZEND_OP1_LITERAL(opline) TSRMLS_CC);
1041                literal_dtor(&ZEND_OP1_LITERAL(opline));
1042            } else {
1043                /* BOOL */
1044                result = ZEND_OP1_LITERAL(opline);
1045                convert_to_boolean(&result);
1046                ZVAL_NULL(&ZEND_OP1_LITERAL(opline));
1047            }
1048            opline->opcode = ZEND_QM_ASSIGN;
1049            zend_optimizer_update_op1_const(op_array, opline, &result TSRMLS_CC);
1050        } else if ((opline->opcode == ZEND_RETURN || opline->opcode == ZEND_EXIT) &&
1051                    (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
1052                    VAR_SOURCE(opline->op1) &&
1053                    VAR_SOURCE(opline->op1)->opcode == ZEND_QM_ASSIGN) {
1054            /* T = QM_ASSIGN(X), RETURN(T) to RETURN(X) */
1055            zend_op *src = VAR_SOURCE(opline->op1);
1056            VAR_UNSET(opline->op1);
1057            COPY_NODE(opline->op1, src->op1);
1058            MAKE_NOP(src);
1059        } else if ((opline->opcode == ZEND_ADD_STRING ||
1060                    opline->opcode == ZEND_ADD_CHAR ||
1061                    opline->opcode == ZEND_ADD_VAR ||
1062                    opline->opcode == ZEND_CONCAT) &&
1063                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1064                    VAR_SOURCE(opline->op1) &&
1065                    VAR_SOURCE(opline->op1)->opcode == ZEND_CONCAT &&
1066                    ZEND_OP2_TYPE(VAR_SOURCE(opline->op1)) == IS_CONST &&
1067                    Z_TYPE(ZEND_OP2_LITERAL(VAR_SOURCE(opline->op1))) == IS_STRING &&
1068                    Z_STRLEN(ZEND_OP2_LITERAL(VAR_SOURCE(opline->op1))) == 0) {
1069            /* convert T = CONCAT(X,''), T = ADD_STRING(T, Y) to T = CONCAT(X,Y) */
1070            zend_op *src = VAR_SOURCE(opline->op1);
1071            VAR_UNSET(opline->op1);
1072            COPY_NODE(opline->op1, src->op1);
1073            if (opline->opcode == ZEND_ADD_CHAR) {
1074                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1075                ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
1076            }
1077            opline->opcode = ZEND_CONCAT;
1078            literal_dtor(&ZEND_OP2_LITERAL(src)); /* will take care of empty_string too */
1079            MAKE_NOP(src);
1080        } else if ((opline->opcode == ZEND_ADD_STRING ||
1081                    opline->opcode == ZEND_ADD_CHAR ||
1082                    opline->opcode == ZEND_ADD_VAR ||
1083                    opline->opcode == ZEND_CONCAT) &&
1084                    (ZEND_OP1_TYPE(opline) & (IS_TMP_VAR|IS_VAR)) &&
1085                    VAR_SOURCE(opline->op1) &&
1086                    VAR_SOURCE(opline->op1)->opcode == ZEND_CAST &&
1087                    VAR_SOURCE(opline->op1)->extended_value == IS_STRING) {
1088            /* convert T1 = CAST(STRING, X), T2 = CONCAT(T1, Y) to T2 = CONCAT(X,Y) */
1089            zend_op *src = VAR_SOURCE(opline->op1);
1090            VAR_UNSET(opline->op1);
1091            COPY_NODE(opline->op1, src->op1);
1092            if (opline->opcode == ZEND_ADD_CHAR) {
1093                char c = (char)Z_LVAL(ZEND_OP2_LITERAL(opline));
1094                ZVAL_STRINGL(&ZEND_OP2_LITERAL(opline), &c, 1);
1095            }
1096            opline->opcode = ZEND_CONCAT;
1097            MAKE_NOP(src);
1098        } else if (opline->opcode == ZEND_QM_ASSIGN &&
1099                    ZEND_OP1_TYPE(opline) == ZEND_RESULT_TYPE(opline) &&
1100                    ZEND_OP1(opline).var == ZEND_RESULT(opline).var) {
1101            /* strip T = QM_ASSIGN(T) */
1102            MAKE_NOP(opline);
1103        } else if (opline->opcode == ZEND_BOOL &&
1104                    ZEND_OP1_TYPE(opline) == IS_TMP_VAR &&
1105                    VAR_SOURCE(opline->op1) &&
1106                    (VAR_SOURCE(opline->op1)->opcode == ZEND_IS_EQUAL ||
1107                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_NOT_EQUAL ||
1108                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_SMALLER ||
1109                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
1110                    VAR_SOURCE(opline->op1)->opcode == ZEND_BOOL ||
1111                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_IDENTICAL ||
1112                    VAR_SOURCE(opline->op1)->opcode == ZEND_IS_NOT_IDENTICAL ||
1113                    VAR_SOURCE(opline->op1)->opcode == ZEND_ISSET_ISEMPTY_VAR ||
1114                    VAR_SOURCE(opline->op1)->opcode == ZEND_ISSET_ISEMPTY_DIM_OBJ) &&
1115                    !used_ext[VAR_NUM(ZEND_OP1(opline).var)]) {
1116            /* T = IS_SMALLER(X, Y), T1 = BOOL(T) => T = IS_SMALLER(X, Y), T1 = QM_ASSIGN(T) */
1117            zend_op *src = VAR_SOURCE(opline->op1);
1118            COPY_NODE(src->result, opline->result);
1119            SET_VAR_SOURCE(src);
1120            MAKE_NOP(opline);
1121        }
1122        /* get variable source */
1123        if (RESULT_USED(opline)) {
1124            SET_VAR_SOURCE(opline);
1125        }
1126        if (opline->opcode != ZEND_NOP) {
1127            last_op = opline;
1128        }
1129        opline++;
1130    }
1131
1132    strip_nop(block, ctx);
1133}
1134
1135/* Rebuild plain (optimized) op_array from CFG */
1136static void assemble_code_blocks(zend_cfg *cfg, zend_op_array *op_array)
1137{
1138    zend_code_block *blocks = cfg->blocks;
1139    zend_op *new_opcodes = emalloc(op_array->last * sizeof(zend_op));
1140    zend_op *opline = new_opcodes;
1141    zend_code_block *cur_block = blocks;
1142
1143    /* Copy code of reachable blocks into a single buffer */
1144    while (cur_block) {
1145        if (cur_block->access) {
1146            memcpy(opline, cur_block->start_opline, cur_block->len * sizeof(zend_op));
1147            cur_block->start_opline = opline;
1148            opline += cur_block->len;
1149            if ((opline - 1)->opcode == ZEND_JMP) {
1150                zend_code_block *next;
1151                next = cur_block->next;
1152                while (next && !next->access) {
1153                    next = next->next;
1154                }
1155                if (next && next == cur_block->op1_to) {
1156                    /* JMP to the next block - strip it */
1157                    cur_block->follow_to = cur_block->op1_to;
1158                    cur_block->op1_to = NULL;
1159                    MAKE_NOP((opline - 1));
1160                    opline--;
1161                    cur_block->len--;
1162                }
1163            }
1164        } else {
1165            /* this block will not be used, delete all constants there */
1166            zend_op *_opl;
1167            zend_op *end = cur_block->start_opline + cur_block->len;
1168            for (_opl = cur_block->start_opline; _opl && _opl < end; _opl++) {
1169                if (ZEND_OP1_TYPE(_opl) == IS_CONST) {
1170                    literal_dtor(&ZEND_OP1_LITERAL(_opl));
1171                }
1172                if (ZEND_OP2_TYPE(_opl) == IS_CONST) {
1173                    literal_dtor(&ZEND_OP2_LITERAL(_opl));
1174                }
1175            }
1176        }
1177        cur_block = cur_block->next;
1178    }
1179
1180    if ((opline-1)->opcode == ZEND_THROW) {
1181        /* if we finished with THROW, we need to add space between THROW and HANDLE to not confuse
1182           zend_throw_internal */
1183        MAKE_NOP(opline);
1184        opline->lineno = opline[-1].lineno;
1185        opline++;
1186    }
1187
1188    op_array->last = opline-new_opcodes;
1189
1190    /* adjust exception jump targets */
1191    if (op_array->last_try_catch) {
1192        int i, j;
1193        for (i = 0, j = 0; i< op_array->last_try_catch; i++) {
1194            if (cfg->try[i]->access) {
1195                op_array->try_catch_array[j].try_op = cfg->try[i]->start_opline - new_opcodes;
1196                op_array->try_catch_array[j].catch_op = cfg->catch[i]->start_opline - new_opcodes;
1197                j++;
1198            }
1199        }
1200        op_array->last_try_catch = j;
1201    }
1202
1203    /* adjust loop jump targets */
1204    if (op_array->last_brk_cont) {
1205        int i;
1206        for (i = 0; i< op_array->last_brk_cont; i++) {
1207            op_array->brk_cont_array[i].start = cfg->loop_start[i]->start_opline - new_opcodes;
1208            op_array->brk_cont_array[i].cont = cfg->loop_cont[i]->start_opline - new_opcodes;
1209            op_array->brk_cont_array[i].brk = cfg->loop_brk[i]->start_opline - new_opcodes;
1210        }
1211    }
1212
1213    /* adjust jump targets */
1214    for (cur_block = blocks; cur_block; cur_block = cur_block->next) {
1215        if (!cur_block->access) {
1216            continue;
1217        }
1218        opline = cur_block->start_opline + cur_block->len - 1;
1219        if (opline->opcode == ZEND_OP_DATA) {
1220            opline--;
1221        }
1222        if (cur_block->op1_to) {
1223            ZEND_OP1(opline).opline_num = cur_block->op1_to->start_opline - new_opcodes;
1224        }
1225        if (cur_block->op2_to) {
1226            ZEND_OP2(opline).opline_num = cur_block->op2_to->start_opline - new_opcodes;
1227        }
1228        if (cur_block->ext_to) {
1229            opline->extended_value = cur_block->ext_to->start_opline - new_opcodes;
1230        }
1231        print_block(cur_block, new_opcodes, "Out ");
1232    }
1233    efree(op_array->opcodes);
1234    op_array->opcodes = erealloc(new_opcodes, op_array->last * sizeof(zend_op));
1235
1236    /* adjust early binding list */
1237    if (op_array->early_binding != (uint32_t)-1) {
1238        uint32_t *opline_num = &op_array->early_binding;
1239        zend_op *end;
1240
1241        opline = op_array->opcodes;
1242        end = opline + op_array->last;
1243        while (opline < end) {
1244            if (opline->opcode == ZEND_DECLARE_INHERITED_CLASS_DELAYED) {
1245                *opline_num = opline - op_array->opcodes;
1246                opline_num = &ZEND_RESULT(opline).opline_num;
1247            }
1248            ++opline;
1249        }
1250        *opline_num = -1;
1251    }
1252}
1253
1254static void zend_jmp_optimization(zend_code_block *block, zend_op_array *op_array, zend_code_block *blocks, zend_cfg *cfg, zend_optimizer_ctx *ctx TSRMLS_DC)
1255{
1256    /* last_op is the last opcode of the current block */
1257    zend_op *last_op = (block->start_opline + block->len - 1);
1258
1259    if (!block->len) {
1260        return;
1261    }
1262    switch (last_op->opcode) {
1263        case ZEND_JMP:
1264            {
1265                zend_op *target = block->op1_to->start_opline;
1266                zend_code_block *next = block->next;
1267
1268                while (next && !next->access) {
1269                    /* find used one */
1270                    next = next->next;
1271                }
1272
1273                /* JMP(next) -> NOP */
1274                if (block->op1_to == next) {
1275                    block->follow_to = block->op1_to;
1276                    block->op1_to = NULL;
1277                    MAKE_NOP(last_op);
1278                    block->len--;
1279                    if (block->len == 0) {
1280                        /* this block is nothing but NOP now */
1281                        delete_code_block(block, ctx);
1282                    }
1283                    break;
1284                }
1285
1286                if (((target->opcode == ZEND_JMP &&
1287                    block->op1_to != block->op1_to->op1_to) ||
1288                    target->opcode == ZEND_JMPZNZ) &&
1289                    !block->op1_to->protected) {
1290                    /* JMP L, L: JMP L1 -> JMP L1 */
1291                    /* JMP L, L: JMPZNZ L1,L2 -> JMPZNZ L1,L2 */
1292                    *last_op = *target;
1293                    if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1294                        zval zv = ZEND_OP1_LITERAL(last_op);
1295                        zval_copy_ctor(&zv);
1296                        last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv TSRMLS_CC);
1297                    }
1298                    del_source(block, block->op1_to);
1299                    if (block->op1_to->op2_to) {
1300                        block->op2_to = block->op1_to->op2_to;
1301                        ADD_SOURCE(block, block->op2_to);
1302                    }
1303                    if (block->op1_to->ext_to) {
1304                        block->ext_to = block->op1_to->ext_to;
1305                        ADD_SOURCE(block, block->ext_to);
1306                    }
1307                    if (block->op1_to->op1_to) {
1308                        block->op1_to = block->op1_to->op1_to;
1309                        ADD_SOURCE(block, block->op1_to);
1310                    } else {
1311                        block->op1_to = NULL;
1312                    }
1313                } else if (target->opcode == ZEND_RETURN ||
1314                          target->opcode == ZEND_RETURN_BY_REF ||
1315                          target->opcode == ZEND_FAST_RET ||
1316                          target->opcode == ZEND_EXIT) {
1317                    /* JMP L, L: RETURN to immediate RETURN */
1318                    *last_op = *target;
1319                    if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1320                        zval zv = ZEND_OP1_LITERAL(last_op);
1321                        zval_copy_ctor(&zv);
1322                        last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv TSRMLS_CC);
1323                    }
1324                    del_source(block, block->op1_to);
1325                    block->op1_to = NULL;
1326#if 0
1327                /* Temporarily disabled - see bug #0025274 */
1328                } else if (0&& block->op1_to != block &&
1329                       block->op1_to != blocks &&
1330                           op_array->last_try_catch == 0 &&
1331                           target->opcode != ZEND_FREE) {
1332                    /* Block Reordering (saves one JMP on each "for" loop iteration)
1333                     * It is disabled for some cases (ZEND_FREE)
1334                     * which may break register allocation.
1335                     */
1336                    zend_bool can_reorder = 0;
1337                    zend_block_source *cs = block->op1_to->sources;
1338
1339                    /* the "target" block doesn't had any followed block */
1340                    while(cs) {
1341                        if (cs->from->follow_to == block->op1_to) {
1342                            can_reorder = 0;
1343                            break;
1344                        }
1345                        cs = cs->next;
1346                    }
1347                    if (can_reorder) {
1348                        next = block->op1_to;
1349                        /* the "target" block is not followed by current "block" */
1350                        while (next->follow_to != NULL) {
1351                            if (next->follow_to == block) {
1352                                can_reorder = 0;
1353                                break;
1354                            }
1355                            next = next->follow_to;
1356                        }
1357                        if (can_reorder) {
1358                            zend_code_block *prev = blocks;
1359
1360                            while (prev->next != block->op1_to) {
1361                                prev = prev->next;
1362                            }
1363                            prev->next = next->next;
1364                            next->next = block->next;
1365                            block->next = block->op1_to;
1366
1367                            block->follow_to = block->op1_to;
1368                            block->op1_to = NULL;
1369                            MAKE_NOP(last_op);
1370                            block->len--;
1371                            if(block->len == 0) {
1372                                /* this block is nothing but NOP now */
1373                                delete_code_block(block, ctx);
1374                            }
1375                            break;
1376                        }
1377                    }
1378#endif
1379                }
1380            }
1381            break;
1382
1383        case ZEND_JMPZ:
1384        case ZEND_JMPNZ:
1385            /* constant conditional JMPs */
1386            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1387                int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC);
1388
1389                if (last_op->opcode == ZEND_JMPZ) {
1390                    should_jmp = !should_jmp;
1391                }
1392                literal_dtor(&ZEND_OP1_LITERAL(last_op));
1393                ZEND_OP1_TYPE(last_op) = IS_UNUSED;
1394                if (should_jmp) {
1395                    /* JMPNZ(true) -> JMP */
1396                    last_op->opcode = ZEND_JMP;
1397                    COPY_NODE(last_op->op1, last_op->op2);
1398                    block->op1_to = block->op2_to;
1399                    del_source(block, block->follow_to);
1400                    block->op2_to = NULL;
1401                    block->follow_to = NULL;
1402                } else {
1403                    /* JMPNZ(false) -> NOP */
1404                    MAKE_NOP(last_op);
1405                    del_source(block, block->op2_to);
1406                    block->op2_to = NULL;
1407                }
1408                break;
1409            }
1410
1411            if (block->op2_to) {
1412                zend_uchar same_type = ZEND_OP1_TYPE(last_op);
1413                uint32_t same_var = VAR_NUM_EX(last_op->op1);
1414                zend_op *target;
1415                zend_op *target_end;
1416                zend_code_block *target_block = block->op2_to;;
1417
1418next_target:
1419                target = target_block->start_opline;
1420                target_end = target_block->start_opline + target_block->len;
1421                while (target < target_end && target->opcode == ZEND_NOP) {
1422                    target++;
1423                }
1424
1425                /* next block is only NOP's */
1426                if (target == target_end) {
1427                    target_block = target_block->follow_to;
1428                    goto next_target;
1429                } else if (target->opcode == INV_COND(last_op->opcode) &&
1430                    /* JMPZ(X, L), L: JMPNZ(X, L2) -> JMPZ(X, L+1) */
1431                   (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1432                   same_type == ZEND_OP1_TYPE(target) &&
1433                   same_var == VAR_NUM_EX(target->op1) &&
1434                   target_block->follow_to &&
1435                   !target_block->protected
1436                   ) {
1437                    del_source(block, block->op2_to);
1438                    block->op2_to = target_block->follow_to;
1439                    ADD_SOURCE(block, block->op2_to);
1440                } else if (target->opcode == INV_COND_EX(last_op->opcode) &&
1441                            (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1442                            same_type == ZEND_OP1_TYPE(target) &&
1443                            same_var == VAR_NUM_EX(target->op1) &&
1444                            target_block->follow_to &&
1445                            !target_block->protected) {
1446                    /* JMPZ(X, L), L: X = JMPNZ_EX(X, L2) -> JMPZ(X, L+1) */
1447                    last_op->opcode += 3;
1448                    last_op->result = target->result;
1449                    del_source(block, block->op2_to);
1450                    block->op2_to = target_block->follow_to;
1451                    ADD_SOURCE(block, block->op2_to);
1452                } else if (target_block->op2_to &&
1453                           target->opcode == last_op->opcode &&
1454                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1455                           same_type == ZEND_OP1_TYPE(target) &&
1456                           same_var == VAR_NUM_EX(target->op1) &&
1457                           !target_block->protected) {
1458                    /* JMPZ(X, L), L: JMPZ(X, L2) -> JMPZ(X, L2) */
1459                    del_source(block, block->op2_to);
1460                    block->op2_to = target_block->op2_to;
1461                    ADD_SOURCE(block, block->op2_to);
1462                } else if (target_block->op1_to &&
1463                            target->opcode == ZEND_JMP &&
1464                            !target_block->protected) {
1465                    /* JMPZ(X, L), L: JMP(L2) -> JMPZ(X, L2) */
1466                    del_source(block, block->op2_to);
1467                    block->op2_to = target_block->op1_to;
1468                    ADD_SOURCE(block, block->op2_to);
1469                } else if (target_block->op2_to &&
1470                            target_block->ext_to &&
1471                            target->opcode == ZEND_JMPZNZ &&
1472                            (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1473                            same_type == ZEND_OP1_TYPE(target) &&
1474                            same_var == VAR_NUM_EX(target->op1) &&
1475                            !target_block->protected) {
1476                    /* JMPZ(X, L), L: JMPZNZ(X, L2, L3) -> JMPZ(X, L2) */
1477                    del_source(block, block->op2_to);
1478                    if (last_op->opcode == ZEND_JMPZ) {
1479                        block->op2_to = target_block->op2_to;
1480                    } else {
1481                        block->op2_to = target_block->ext_to;
1482                    }
1483                    ADD_SOURCE(block, block->op2_to);
1484                }
1485            }
1486
1487            if (block->follow_to &&
1488                (last_op->opcode == ZEND_JMPZ || last_op->opcode == ZEND_JMPNZ)) {
1489                zend_op *target;
1490                zend_op *target_end;
1491
1492                while (1) {
1493                    target = block->follow_to->start_opline;
1494                    target_end = block->follow_to->start_opline + block->follow_to->len;
1495                    while (target < target_end && target->opcode == ZEND_NOP) {
1496                        target++;
1497                    }
1498
1499                    /* next block is only NOP's */
1500                    if (target == target_end) {
1501                        del_source(block, block->follow_to);
1502                        block->follow_to = block->follow_to->follow_to;
1503                        ADD_SOURCE(block, block->follow_to);
1504                    } else {
1505                        break;
1506                    }
1507                }
1508                /* JMPZ(X,L1), JMP(L2) -> JMPZNZ(X,L1,L2) */
1509                if (target->opcode == ZEND_JMP &&
1510                    block->follow_to->op1_to &&
1511                    !block->follow_to->protected) {
1512                    del_source(block, block->follow_to);
1513                    if (last_op->opcode == ZEND_JMPZ) {
1514                        block->ext_to = block->follow_to->op1_to;
1515                        ADD_SOURCE(block, block->ext_to);
1516                    } else {
1517                        block->ext_to = block->op2_to;
1518                        block->op2_to = block->follow_to->op1_to;
1519                        ADD_SOURCE(block, block->op2_to);
1520                    }
1521                    block->follow_to = NULL;
1522                    last_op->opcode = ZEND_JMPZNZ;
1523                }
1524            }
1525            break;
1526
1527        case ZEND_JMPNZ_EX:
1528        case ZEND_JMPZ_EX:
1529            /* constant conditional JMPs */
1530            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1531                int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC);
1532
1533                if (last_op->opcode == ZEND_JMPZ_EX) {
1534                    should_jmp = !should_jmp;
1535                }
1536                if (!should_jmp) {
1537                    /* T = JMPZ_EX(true,L)   -> T = QM_ASSIGN(true)
1538                     * T = JMPNZ_EX(false,L) -> T = QM_ASSIGN(false)
1539                     */
1540                    last_op->opcode = ZEND_QM_ASSIGN;
1541                    SET_UNUSED(last_op->op2);
1542                    del_source(block, block->op2_to);
1543                    block->op2_to = NULL;
1544                }
1545                break;
1546            }
1547
1548            if (block->op2_to) {
1549                zend_op *target, *target_end;
1550                char *same_t=NULL;
1551                zend_code_block *target_block;
1552                int var_num = op_array->last_var + op_array->T;
1553
1554                if (var_num <= 0) {
1555                    return;
1556                }
1557                same_t = cfg->same_t;
1558                memset(same_t, 0, var_num);
1559                same_t[VAR_NUM_EX(last_op->op1)] |= ZEND_OP1_TYPE(last_op);
1560                same_t[VAR_NUM_EX(last_op->result)] |= ZEND_RESULT_TYPE(last_op);
1561                target_block = block->op2_to;
1562next_target_ex:
1563                target = target_block->start_opline;
1564                target_end = target_block->start_opline + target_block->len;
1565                while (target < target_end && target->opcode == ZEND_NOP) {
1566                    target++;
1567                }
1568                /* next block is only NOP's */
1569                if (target == target_end) {
1570                    target_block = target_block->follow_to;
1571                    goto next_target_ex;
1572                } else if (target_block->op2_to &&
1573                           target->opcode == last_op->opcode-3 &&
1574                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1575                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1576                           !target_block->protected) {
1577                    /* T = JMPZ_EX(X, L1), L1: JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1578                    del_source(block, block->op2_to);
1579                    block->op2_to = target_block->op2_to;
1580                    ADD_SOURCE(block, block->op2_to);
1581                } else if (target_block->op2_to &&
1582                           target->opcode == INV_EX_COND(last_op->opcode) &&
1583                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1584                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1585                           !target_block->protected) {
1586                    /* T = JMPZ_EX(X, L1), L1: JMPNZ({X|T1}, L2) -> T = JMPZ_EX(X, L1+1) */
1587                    del_source(block, block->op2_to);
1588                    block->op2_to = target_block->follow_to;
1589                    ADD_SOURCE(block, block->op2_to);
1590                } else if (target_block->op2_to &&
1591                           target->opcode == INV_EX_COND_EX(last_op->opcode) &&
1592                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1593                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1594                           (same_t[VAR_NUM_EX(target->result)] & ZEND_RESULT_TYPE(target)) != 0 &&
1595                           !target_block->protected) {
1596                    /* T = JMPZ_EX(X, L1), L1: T = JMPNZ_EX(T, L2) -> T = JMPZ_EX(X, L1+1) */
1597                    del_source(block, block->op2_to);
1598                    block->op2_to = target_block->follow_to;
1599                    ADD_SOURCE(block, block->op2_to);
1600                } else if (target_block->op2_to &&
1601                           target->opcode == last_op->opcode &&
1602                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1603                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1604                           (same_t[VAR_NUM_EX(target->result)] & ZEND_RESULT_TYPE(target)) != 0 &&
1605                           !target_block->protected) {
1606                    /* T = JMPZ_EX(X, L1), L1: T = JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1607                    del_source(block, block->op2_to);
1608                    block->op2_to = target_block->op2_to;
1609                    ADD_SOURCE(block, block->op2_to);
1610                } else if (target_block->op1_to &&
1611                           target->opcode == ZEND_JMP &&
1612                           !target_block->protected) {
1613                    /* T = JMPZ_EX(X, L), L: JMP(L2) -> T = JMPZ(X, L2) */
1614                    del_source(block, block->op2_to);
1615                    block->op2_to = target_block->op1_to;
1616                    ADD_SOURCE(block, block->op2_to);
1617                } else if (target_block->op2_to &&
1618                           target_block->ext_to &&
1619                           target->opcode == ZEND_JMPZNZ &&
1620                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1621                           (same_t[VAR_NUM_EX(target->op1)] & ZEND_OP1_TYPE(target)) != 0 &&
1622                           !target_block->protected) {
1623                    /* T = JMPZ_EX(X, L), L: JMPZNZ({X|T}, L2, L3) -> T = JMPZ_EX(X, L2) */
1624                    del_source(block, block->op2_to);
1625                    if (last_op->opcode == ZEND_JMPZ_EX) {
1626                        block->op2_to = target_block->op2_to;
1627                    } else {
1628                        block->op2_to = target_block->ext_to;
1629                    }
1630                    ADD_SOURCE(block, block->op2_to);
1631                }
1632            }
1633            break;
1634
1635        case ZEND_JMPZNZ: {
1636            zend_code_block *next = block->next;
1637
1638            while (next && !next->access) {
1639                /* find first accessed one */
1640                next = next->next;
1641            }
1642
1643            if (ZEND_OP1_TYPE(last_op) == IS_CONST) {
1644                if (!zend_is_true(&ZEND_OP1_LITERAL(last_op) TSRMLS_CC)) {
1645                    /* JMPZNZ(false,L1,L2) -> JMP(L1) */
1646                    zend_code_block *todel;
1647
1648                    literal_dtor(&ZEND_OP1_LITERAL(last_op));
1649                    last_op->opcode = ZEND_JMP;
1650                    SET_UNUSED(last_op->op1);
1651                    SET_UNUSED(last_op->op2);
1652                    block->op1_to = block->op2_to;
1653                    todel = block->ext_to;
1654                    block->op2_to = NULL;
1655                    block->ext_to = NULL;
1656                    del_source(block, todel);
1657                } else {
1658                    /* JMPZNZ(true,L1,L2) -> JMP(L2) */
1659                    zend_code_block *todel;
1660
1661                    literal_dtor(&ZEND_OP1_LITERAL(last_op));
1662                    last_op->opcode = ZEND_JMP;
1663                    SET_UNUSED(last_op->op1);
1664                    SET_UNUSED(last_op->op2);
1665                    block->op1_to = block->ext_to;
1666                    todel =  block->op2_to;
1667                    block->op2_to = NULL;
1668                    block->ext_to = NULL;
1669                    del_source(block, todel);
1670                }
1671            } else if (block->op2_to == block->ext_to) {
1672                /* both goto the same one - it's JMP */
1673                /* JMPZNZ(?,L,L) -> JMP(L) */
1674                last_op->opcode = ZEND_JMP;
1675                SET_UNUSED(last_op->op1);
1676                SET_UNUSED(last_op->op2);
1677                block->op1_to = block->op2_to;
1678                block->op2_to = NULL;
1679                block->ext_to = NULL;
1680            } else if (block->op2_to == next) {
1681                /* jumping to next on Z - can follow to it and jump only on NZ */
1682                /* JMPZNZ(X,L1,L2) L1: -> JMPNZ(X,L2) */
1683                last_op->opcode = ZEND_JMPNZ;
1684                block->op2_to = block->ext_to;
1685                block->follow_to = next;
1686                block->ext_to = NULL;
1687                /* no need to add source - it's block->op2_to */
1688            } else if (block->ext_to == next) {
1689                /* jumping to next on NZ - can follow to it and jump only on Z */
1690                /* JMPZNZ(X,L1,L2) L2: -> JMPZ(X,L1) */
1691                last_op->opcode = ZEND_JMPZ;
1692                block->follow_to = next;
1693                block->ext_to = NULL;
1694                /* no need to add source - it's block->ext_to */
1695            }
1696
1697            if (last_op->opcode == ZEND_JMPZNZ && block->op2_to) {
1698                zend_uchar same_type = ZEND_OP1_TYPE(last_op);
1699                zend_uchar same_var = VAR_NUM_EX(last_op->op1);
1700                zend_op *target;
1701                zend_op *target_end;
1702                zend_code_block *target_block = block->op2_to;
1703
1704next_target_znz:
1705                target = target_block->start_opline;
1706                target_end = target_block->start_opline + target_block->len;
1707                while (target < target_end && target->opcode == ZEND_NOP) {
1708                    target++;
1709                }
1710                /* next block is only NOP's */
1711                if (target == target_end) {
1712                    target_block = target_block->follow_to;
1713                    goto next_target_znz;
1714                } else if (target_block->op2_to &&
1715                           (target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
1716                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1717                           same_type == ZEND_OP1_TYPE(target) &&
1718                           same_var == VAR_NUM_EX(target->op1) &&
1719                           !target_block->protected) {
1720                    /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
1721                    del_source(block, block->op2_to);
1722                    block->op2_to = target_block->op2_to;
1723                    ADD_SOURCE(block, block->op2_to);
1724                } else if (target->opcode == ZEND_JMPNZ &&
1725                           (ZEND_OP1_TYPE(target) & (IS_TMP_VAR|IS_CV)) &&
1726                           same_type == ZEND_OP1_TYPE(target) &&
1727                           same_var == VAR_NUM_EX(target->op1) &&
1728                           target_block->follow_to &&
1729                           !target_block->protected) {
1730                    /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
1731                    del_source(block, block->op2_to);
1732                    block->op2_to = target_block->follow_to;
1733                    ADD_SOURCE(block, block->op2_to);
1734                } else if (target_block->op1_to &&
1735                           target->opcode == ZEND_JMP &&
1736                           !target_block->protected) {
1737                    /* JMPZNZ(X, L1, L2), L1: JMP(L3) -> JMPZNZ(X, L3, L2) */
1738                    del_source(block, block->op2_to);
1739                    block->op2_to = target_block->op1_to;
1740                    ADD_SOURCE(block, block->op2_to);
1741                }
1742            }
1743            break;
1744        }
1745    }
1746}
1747
1748/* Global data dependencies */
1749
1750#define T_USAGE(op) do { \
1751        if ((op ## _type & (IS_VAR | IS_TMP_VAR)) && \
1752           !defined_here[VAR_NUM(op.var)] && !used_ext[VAR_NUM(op.var)]) {  \
1753            used_ext[VAR_NUM(op.var)] = 1;                                  \
1754        } \
1755    } while (0)
1756
1757#define NEVER_USED(op) ((op ## _type & (IS_VAR | IS_TMP_VAR)) && !usage[VAR_NUM(op.var)]) /* !used_ext[op.var] && */
1758#define RES_NEVER_USED(opline) (opline->result_type == IS_UNUSED || NEVER_USED(opline->result))
1759
1760/* Find a set of variables which are used outside of the block where they are
1761 * defined. We won't apply some optimization patterns for such variables. */
1762static void zend_t_usage(zend_code_block *block, zend_op_array *op_array, char *used_ext, zend_optimizer_ctx *ctx)
1763{
1764    zend_code_block *next_block = block->next;
1765    char *usage;
1766    char *defined_here;
1767    void *checkpoint;
1768
1769    if (op_array->T == 0) {
1770        /* shortcut - if no Ts, nothing to do */
1771        return;
1772    }
1773
1774    checkpoint = zend_arena_checkpoint(ctx->arena);
1775    usage = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1776    memset(usage, 0, op_array->last_var + op_array->T);
1777    defined_here = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1778
1779    while (next_block) {
1780        zend_op *opline = next_block->start_opline;
1781        zend_op *end = opline + next_block->len;
1782
1783        if (!next_block->access) {
1784            next_block = next_block->next;
1785            continue;
1786        }
1787        memset(defined_here, 0, op_array->last_var + op_array->T);
1788
1789        while (opline<end) {
1790            T_USAGE(opline->op1);
1791            T_USAGE(opline->op2);
1792
1793            if (RESULT_USED(opline)) {
1794                if (!defined_here[VAR_NUM(ZEND_RESULT(opline).var)] && !used_ext[VAR_NUM(ZEND_RESULT(opline).var)] &&
1795                    (opline->opcode == ZEND_RECV || opline->opcode == ZEND_RECV_INIT ||
1796                     opline->opcode == ZEND_RECV_VARIADIC ||
1797                    (opline->opcode == ZEND_OP_DATA && ZEND_RESULT_TYPE(opline) == IS_TMP_VAR) ||
1798                    opline->opcode == ZEND_ADD_ARRAY_ELEMENT)) {
1799                    /* these opcodes use the result as argument */
1800                    used_ext[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1801                }
1802                defined_here[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1803            }
1804            opline++;
1805        }
1806        next_block = next_block->next;
1807    }
1808
1809#if DEBUG_BLOCKPASS
1810    {
1811        int i;
1812        for (i = op_array->last_var; i< op_array->T; i++) {
1813            fprintf(stderr, "T%d: %c\n", i, used_ext[i] + '0');
1814        }
1815    }
1816#endif
1817
1818    while (block) {
1819        zend_op *opline = block->start_opline + block->len - 1;
1820
1821        if (!block->access) {
1822            block = block->next;
1823            continue;
1824        }
1825
1826        memcpy(usage, used_ext, op_array->last_var + op_array->T);
1827
1828        while (opline >= block->start_opline) {
1829            /* usage checks */
1830            if (RES_NEVER_USED(opline)) {
1831                switch (opline->opcode) {
1832                    case ZEND_ASSIGN_ADD:
1833                    case ZEND_ASSIGN_SUB:
1834                    case ZEND_ASSIGN_MUL:
1835                    case ZEND_ASSIGN_DIV:
1836                    case ZEND_ASSIGN_MOD:
1837                    case ZEND_ASSIGN_SL:
1838                    case ZEND_ASSIGN_SR:
1839                    case ZEND_ASSIGN_CONCAT:
1840                    case ZEND_ASSIGN_BW_OR:
1841                    case ZEND_ASSIGN_BW_AND:
1842                    case ZEND_ASSIGN_BW_XOR:
1843                    case ZEND_PRE_INC:
1844                    case ZEND_PRE_DEC:
1845                    case ZEND_POST_INC:
1846                    case ZEND_POST_DEC:
1847                    case ZEND_ASSIGN:
1848                    case ZEND_ASSIGN_REF:
1849                    case ZEND_DO_FCALL:
1850                        if (ZEND_RESULT_TYPE(opline) == IS_VAR) {
1851                            ZEND_RESULT_TYPE(opline) |= EXT_TYPE_UNUSED;
1852                        }
1853                        break;
1854                    case ZEND_QM_ASSIGN:
1855                    case ZEND_BOOL:
1856                    case ZEND_BOOL_NOT:
1857                        if (ZEND_OP1_TYPE(opline) == IS_CONST) {
1858                            literal_dtor(&ZEND_OP1_LITERAL(opline));
1859                        }
1860                        MAKE_NOP(opline);
1861                        break;
1862                    case ZEND_PRINT:
1863                        opline->opcode = ZEND_ECHO;
1864                        ZEND_RESULT_TYPE(opline) = IS_UNUSED;
1865                        break;
1866                    case ZEND_JMPZ_EX:
1867                    case ZEND_JMPNZ_EX:
1868                        opline->opcode -= 3;
1869                        SET_UNUSED(opline->result);
1870                        break;
1871                }
1872            }
1873
1874            if (opline->opcode == ZEND_RECV ||
1875                opline->opcode == ZEND_RECV_INIT ||
1876                opline->opcode == ZEND_RECV_VARIADIC ||
1877                opline->opcode == ZEND_ADD_ARRAY_ELEMENT) {
1878                if (ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_TMP_VAR) {
1879                    usage[VAR_NUM(ZEND_RESULT(opline).var)] = 1;
1880                }
1881            } else {
1882                if (RESULT_USED(opline)) {
1883                    usage[VAR_NUM(ZEND_RESULT(opline).var)] = 0;
1884                }
1885            }
1886
1887            if (ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_TMP_VAR) {
1888                usage[VAR_NUM(ZEND_OP1(opline).var)] = 1;
1889            }
1890
1891            if (ZEND_OP2_TYPE(opline) == IS_VAR || ZEND_OP2_TYPE(opline) == IS_TMP_VAR) {
1892                usage[VAR_NUM(ZEND_OP2(opline).var)] = 1;
1893            }
1894
1895            if ((ZEND_RESULT_TYPE(opline) & IS_VAR) &&
1896                (ZEND_RESULT_TYPE(opline) & EXT_TYPE_UNUSED) &&
1897                usage[VAR_NUM(ZEND_RESULT(opline).var)]) {
1898                ZEND_RESULT_TYPE(opline) &= ~EXT_TYPE_UNUSED;
1899            }
1900
1901            opline--;
1902        }
1903        block = block->next;
1904    } /* end blocks */
1905
1906    zend_arena_release(&ctx->arena, checkpoint);
1907}
1908
1909#define PASSES 3
1910
1911void optimize_cfg(zend_op_array *op_array, zend_optimizer_ctx *ctx TSRMLS_DC)
1912{
1913    zend_cfg cfg;
1914    zend_code_block *cur_block;
1915    int pass;
1916    char *usage;
1917    void *checkpoint;
1918
1919#if DEBUG_BLOCKPASS
1920    fprintf(stderr, "File %s func %s\n", op_array->filename, op_array->function_name? op_array->function_name : "main");
1921    fflush(stderr);
1922#endif
1923
1924    if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
1925        return;
1926    }
1927
1928    /* Build CFG */
1929    checkpoint = zend_arena_checkpoint(ctx->arena);
1930    if (!find_code_blocks(op_array, &cfg, ctx)) {
1931        zend_arena_release(&ctx->arena, checkpoint);
1932        return;
1933    }
1934
1935    zend_rebuild_access_path(&cfg, op_array, 0, ctx);
1936    /* full rebuild here to produce correct sources! */
1937    if (op_array->last_var || op_array->T) {
1938        cfg.Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
1939        cfg.same_t = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1940        usage = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1941    } else {
1942        cfg.Tsource = NULL;
1943        cfg.same_t = NULL;
1944        usage = NULL;
1945    }
1946    for (pass = 0; pass < PASSES; pass++) {
1947        /* Compute data dependencies */
1948        memset(usage, 0, op_array->last_var + op_array->T);
1949        zend_t_usage(cfg.blocks, op_array, usage, ctx);
1950
1951        /* optimize each basic block separately */
1952        for (cur_block = cfg.blocks; cur_block; cur_block = cur_block->next) {
1953            if (!cur_block->access) {
1954                continue;
1955            }
1956            zend_optimize_block(cur_block, op_array, usage, &cfg, ctx TSRMLS_CC);
1957        }
1958
1959        /* Jump optimization for each block */
1960        for (cur_block = cfg.blocks; cur_block; cur_block = cur_block->next) {
1961            if (!cur_block->access) {
1962                continue;
1963            }
1964            zend_jmp_optimization(cur_block, op_array, cfg.blocks, &cfg, ctx TSRMLS_CC);
1965        }
1966
1967        /* Eliminate unreachable basic blocks */
1968        zend_rebuild_access_path(&cfg, op_array, 1, ctx);
1969    }
1970
1971    memset(usage, 0, op_array->last_var + op_array->T);
1972    zend_t_usage(cfg.blocks, op_array, usage, ctx);
1973    assemble_code_blocks(&cfg, op_array);
1974
1975    /* Destroy CFG */
1976    zend_arena_release(&ctx->arena, checkpoint);
1977}
1978