Fix spec handler for zend_vm_call_opcode_handler

Author: iluuu1994

Zend/Optimizer/zend_optimizer.c

@@ -1222,13 +1222,7 @@ static void zend_redo_pass_two(zend_op_array *op_array)
 				}
 				break;
 		}
-		/* INIT_FCALL with IS_PTR *must* use the PTR specialization, because the default spec doesn't
-		 * handle IS_PTR. */
-		if (opline->opcode == ZEND_INIT_FCALL && Z_TYPE_P(RT_CONSTANT(opline, opline->op2)) == IS_PTR) {
-			zend_vm_set_opcode_handler_ex(opline, IS_UNUSED, IS_CONST, IS_UNUSED);
-		} else {
-			ZEND_VM_SET_OPCODE_HANDLER(opline);
-		}
+		ZEND_VM_SET_OPCODE_HANDLER(opline);
 		opline++;
 	}
 

Zend/zend_compile.c

@@ -4837,12 +4837,16 @@ static void zend_compile_call(znode *result, zend_ast *ast, uint32_t type) /* {{
 		}
 
 		zval_ptr_dtor(&name_node.u.constant);
-		if ((CG(compiler_options) & ZEND_COMPILE_WITH_INIT_FCALL_PTR)) {
+#if ZEND_VM_SPEC && !defined(ZEND_WIN32)
+		if (!(CG(compiler_options) & ZEND_COMPILE_WITH_FILE_CACHE)) {
 			zend_string_release_ex(lcname, 0);
 			ZVAL_PTR(&name_node.u.constant, fbc);
 		} else {
 			ZVAL_NEW_STR(&name_node.u.constant, lcname);
 		}
+#else
+		ZVAL_NEW_STR(&name_node.u.constant, lcname);
+#endif
 
 		opline = zend_emit_op(NULL, ZEND_INIT_FCALL, NULL, &name_node);
 		opline->result.num = zend_alloc_cache_slot();

Zend/zend_compile.h

@@ -1230,9 +1230,6 @@ END_EXTERN_C()
 /* ignore observer notifications, e.g. to manually notify afterwards in a post-processing step after compilation */
 #define ZEND_COMPILE_IGNORE_OBSERVER			(1<<18)
 
-/* Allow storing IS_PTR to function in INIT_ICALL op2. */
-#define ZEND_COMPILE_WITH_INIT_FCALL_PTR		(1<<19)
-
 /* The default value for CG(compiler_options) */
 #define ZEND_COMPILE_DEFAULT					ZEND_COMPILE_HANDLE_OP_ARRAY
 

Zend/zend_vm_execute.h

@@ -2832,14 +2832,21 @@ function gen_vm($def, $skel) {
         out($f, "\treturn (spec & SPEC_START_MASK) + offset;\n");
     }
     out($f, "}\n\n");
+
+    out($f, "static zend_always_inline uint32_t zend_vm_get_opcode_handler_spec_ex(uint8_t opcode, zend_op* op, uint32_t op1_info, uint32_t op2_info, uint32_t res_info, bool swap_operands);\n\n");
+
+    // Generate zend_vm_get_opcode_handler_spec() function
+    out($f, "static zend_always_inline uint32_t zend_vm_get_opcode_handler_spec(uint8_t opcode, zend_op* op, bool swap_operands)\n");
+    out($f, "{\n");
+    out($f, "\tuint32_t all_types = MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_UNDEF;\n");
+    out($f, "\treturn zend_vm_get_opcode_handler_spec_ex(opcode, op, all_types, all_types, all_types, swap_operands);\n");
+    out($f, "}\n\n");
+
     out($f, "#if (ZEND_VM_KIND != ZEND_VM_KIND_HYBRID) || !ZEND_VM_SPEC\n");
     out($f, "static const void *zend_vm_get_opcode_handler(uint8_t opcode, const zend_op* op)\n");
     out($f, "{\n");
-    if (!ZEND_VM_SPEC) {
-        out($f, "\treturn zend_opcode_handlers[zend_vm_get_opcode_handler_idx(opcode, op)];\n");
-    } else {
-        out($f, "\treturn zend_opcode_handlers[zend_vm_get_opcode_handler_idx(zend_spec_handlers[opcode], op)];\n");
-    }
+    out($f, "\t/* Casting away const is safe, as we're not swapping operands. */\n");
+    out($f, "\treturn zend_opcode_handlers[zend_vm_get_opcode_handler_spec(opcode, (zend_op*)op, false)];\n");
     out($f, "}\n");
     out($f, "#endif\n\n");
 
@@ -2848,11 +2855,11 @@ function gen_vm($def, $skel) {
         out($f, "#if ZEND_VM_KIND == ZEND_VM_KIND_HYBRID\n");
         out($f,"static const void *zend_vm_get_opcode_handler_func(uint8_t opcode, const zend_op* op)\n");
         out($f, "{\n");
-        out($f, "\tuint32_t spec = zend_spec_handlers[opcode];\n");
         if (!ZEND_VM_SPEC) {
-            out($f, "\treturn zend_opcode_handler_funcs[spec];\n");
+            out($f, "\treturn zend_opcode_handler_funcs[zend_spec_handlers[opcode]];\n");
         } else {
-            out($f, "\treturn zend_opcode_handler_funcs[zend_vm_get_opcode_handler_idx(spec, op)];\n");
+            out($f, "\t/* Casting away const is safe, as we're not swapping operands. */\n");
+            out($f, "\treturn zend_opcode_handler_funcs[zend_vm_get_opcode_handler_spec(opcode, (zend_op*)op, false)];\n");
         }
         out($f, "}\n\n");
         out($f, "#endif\n\n");
@@ -2861,26 +2868,20 @@ function gen_vm($def, $skel) {
     // Generate zend_vm_get_opcode_handler() function
     out($f, "ZEND_API void ZEND_FASTCALL zend_vm_set_opcode_handler(zend_op* op)\n");
     out($f, "{\n");
-    out($f, "\tuint8_t opcode = zend_user_opcodes[op->opcode];\n");
-    if (!ZEND_VM_SPEC) {
-        out($f, "\top->handler = zend_opcode_handlers[zend_vm_get_opcode_handler_idx(opcode, op)];\n");
-    } else {
-        out($f, "\n");
-        out($f, "\tif (zend_spec_handlers[op->opcode] & SPEC_RULE_COMMUTATIVE) {\n");
-        out($f, "\t\tif (op->op1_type < op->op2_type) {\n");
-        out($f, "\t\t\tzend_swap_operands(op);\n");
-        out($f, "\t\t}\n");
-        out($f, "\t}\n");
-        out($f, "\top->handler = zend_opcode_handlers[zend_vm_get_opcode_handler_idx(zend_spec_handlers[opcode], op)];\n");
-    }
+    out($f, "\top->handler = zend_opcode_handlers[zend_vm_get_opcode_handler_spec(zend_user_opcodes[op->opcode], op, true)];\n");
     out($f, "}\n\n");
 
     // Generate zend_vm_set_opcode_handler_ex() function
     out($f, "ZEND_API void ZEND_FASTCALL zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint32_t op2_info, uint32_t res_info)\n");
     out($f, "{\n");
-    out($f, "\tuint8_t opcode = zend_user_opcodes[op->opcode];\n");
+    out($f, "\top->handler = zend_opcode_handlers[zend_vm_get_opcode_handler_spec_ex(zend_user_opcodes[op->opcode], op, op1_info, op2_info, res_info, true)];\n");
+    out($f, "}\n\n");
+
+    // Generate zend_vm_get_opcode_handler_spec_ex() function
+    out($f, "static zend_always_inline uint32_t zend_vm_get_opcode_handler_spec_ex(uint8_t opcode, zend_op* op, uint32_t op1_info, uint32_t op2_info, uint32_t res_info, bool swap_operands)\n");
+    out($f, "{\n");
     if (!ZEND_VM_SPEC) {
-        out($f, "\top->handler = zend_opcode_handlers[zend_vm_get_opcode_handler_idx(opcode, op)];\n");
+        out($f, "\treturn zend_vm_get_opcode_handler_idx(opcode, op);\n");
     } else {
         out($f, "\tuint32_t spec = zend_spec_handlers[opcode];\n");
         if (isset($used_extra_spec["TYPE"])) {
@@ -2890,7 +2891,7 @@ function gen_vm($def, $skel) {
                     $orig_op = $dsc['op'];
                     out($f, "\t\tcase $orig_op:\n");
                     if (isset($dsc["spec"]["COMMUTATIVE"])) {
-                        out($f, "\t\t\tif (op->op1_type < op->op2_type) {\n");
+                        out($f, "\t\t\tif (swap_operands && op->op1_type < op->op2_type) {\n");
                         out($f, "\t\t\t\tzend_swap_operands(op);\n");
                         out($f, "\t\t\t}\n");
                     }
@@ -2911,7 +2912,7 @@ function gen_vm($def, $skel) {
                         }
                         out($f, "\t\t\t\tspec = {$spec_dsc['spec_code']};\n");
                         if (isset($spec_dsc["spec"]["COMMUTATIVE"]) && !isset($dsc["spec"]["COMMUTATIVE"])) {
-                            out($f, "\t\t\t\tif (op->op1_type < op->op2_type) {\n");
+                            out($f, "\t\t\t\tif (swap_operands && op->op1_type < op->op2_type) {\n");
                             out($f, "\t\t\t\t\tzend_swap_operands(op);\n");
                             out($f, "\t\t\t\t}\n");
                         }
@@ -2933,13 +2934,13 @@ function gen_vm($def, $skel) {
                 }
             }
             if ($has_commutative) {
-                out($f, "\t\t\tif (op->op1_type < op->op2_type) {\n");
+                out($f, "\t\t\tif (swap_operands && op->op1_type < op->op2_type) {\n");
                 out($f, "\t\t\t\tzend_swap_operands(op);\n");
                 out($f, "\t\t\t}\n");
                 out($f, "\t\t\tbreak;\n");
                 out($f, "\t\tcase ZEND_USER_OPCODE:\n");
                 out($f, "\t\t\tif (zend_spec_handlers[op->opcode] & SPEC_RULE_COMMUTATIVE) {\n");
-                out($f, "\t\t\t\tif (op->op1_type < op->op2_type) {\n");
+                out($f, "\t\t\t\tif (swap_operands && op->op1_type < op->op2_type) {\n");
                 out($f, "\t\t\t\t\tzend_swap_operands(op);\n");
                 out($f, "\t\t\t\t}\n");
                 out($f, "\t\t\t}\n");
@@ -2949,7 +2950,7 @@ function gen_vm($def, $skel) {
             out($f, "\t\t\tbreak;\n");
             out($f, "\t}\n");
         }
-        out($f, "\top->handler = zend_opcode_handlers[zend_vm_get_opcode_handler_idx(spec, op)];\n");
+        out($f, "\treturn zend_vm_get_opcode_handler_idx(spec, op);\n");
     }
     out($f, "}\n\n");
 

Zend/zend_vm_gen.php

@@ -1558,10 +1558,6 @@ static zend_persistent_script *cache_script_in_shared_memory(zend_persistent_scr
 	orig_compiler_options = CG(compiler_options);
 	if (ZCG(accel_directives).file_cache) {
 		CG(compiler_options) |= ZEND_COMPILE_WITH_FILE_CACHE;
-#ifndef ZEND_WIN32
-	} else {
-		CG(compiler_options) |= ZEND_COMPILE_WITH_INIT_FCALL_PTR;
-#endif
 	}
 	zend_optimize_script(&new_persistent_script->script, ZCG(accel_directives).optimization_level, ZCG(accel_directives).opt_debug_level);
 	zend_accel_finalize_delayed_early_binding_list(new_persistent_script);
@@ -1817,10 +1813,6 @@ static zend_persistent_script *opcache_compile_file(zend_file_handle *file_handl
 		CG(compiler_options) |= ZEND_COMPILE_IGNORE_OBSERVER;
 		if (ZCG(accel_directives).file_cache) {
 			CG(compiler_options) |= ZEND_COMPILE_WITH_FILE_CACHE;
-#ifndef ZEND_WIN32
-		} else {
-			CG(compiler_options) |= ZEND_COMPILE_WITH_INIT_FCALL_PTR;
-#endif
 		}
 		op_array = *op_array_p = accelerator_orig_compile_file(file_handle, type);
 		CG(compiler_options) = orig_compiler_options;

ext/opcache/ZendAccelerator.c

@@ -49,7 +49,7 @@ L0018 0001 DO_FCALL
 L0018 0002 INIT_METHOD_CALL 1 V0 string("Foo")
 L0018 0003 SEND_VAL_EX string("test \"quotes\"") 1
 L0018 0004 DO_FCALL
-L0019 0005 INIT_FCALL %d %d string("foo")
+L0019 0005 INIT_FCALL %d %d %s
 L0019 0006 SEND_VAL string("test") 1
 L0019 0007 DO_FCALL
 L0021 0008 RETURN int(1)