1 /*
2    +----------------------------------------------------------------------+
3    | Zend Engine                                                          |
4    +----------------------------------------------------------------------+
5    | Copyright (c) Zend Technologies Ltd. (http://www.zend.com)           |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 2.00 of the Zend license,     |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.zend.com/license/2_00.txt.                                |
11    | If you did not receive a copy of the Zend license and are unable to  |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@zend.com so we can mail you a copy immediately.              |
14    +----------------------------------------------------------------------+
15    | Authors: Andi Gutmans <andi@php.net>                                 |
16    |          Zeev Suraski <zeev@php.net>                                 |
17    |          Nikita Popov <nikic@php.net>                                |
18    +----------------------------------------------------------------------+
19 */
20 
21 #include <zend_language_parser.h>
22 #include "zend.h"
23 #include "zend_compile.h"
24 #include "zend_constants.h"
25 #include "zend_llist.h"
26 #include "zend_API.h"
27 #include "zend_exceptions.h"
28 #include "zend_interfaces.h"
29 #include "zend_virtual_cwd.h"
30 #include "zend_multibyte.h"
31 #include "zend_language_scanner.h"
32 #include "zend_inheritance.h"
33 #include "zend_vm.h"
34 
35 #define SET_NODE(target, src) do { \
36 		target ## _type = (src)->op_type; \
37 		if ((src)->op_type == IS_CONST) { \
38 			target.constant = zend_add_literal(&(src)->u.constant); \
39 		} else { \
40 			target = (src)->u.op; \
41 		} \
42 	} while (0)
43 
44 #define GET_NODE(target, src) do { \
45 		(target)->op_type = src ## _type; \
46 		if ((target)->op_type == IS_CONST) { \
47 			ZVAL_COPY_VALUE(&(target)->u.constant, CT_CONSTANT(src)); \
48 		} else { \
49 			(target)->u.op = src; \
50 		} \
51 	} while (0)
52 
53 #define FC(member) (CG(file_context).member)
54 
55 typedef struct _zend_loop_var {
56 	zend_uchar opcode;
57 	zend_uchar var_type;
58 	uint32_t   var_num;
59 	uint32_t   try_catch_offset;
60 } zend_loop_var;
61 
zend_alloc_cache_slots(unsigned count)62 static inline uint32_t zend_alloc_cache_slots(unsigned count) {
63 	zend_op_array *op_array = CG(active_op_array);
64 	uint32_t ret = op_array->cache_size;
65 	op_array->cache_size += count * sizeof(void*);
66 	return ret;
67 }
68 
zend_alloc_cache_slot(void)69 static inline uint32_t zend_alloc_cache_slot(void) {
70 	return zend_alloc_cache_slots(1);
71 }
72 
73 ZEND_API zend_op_array *(*zend_compile_file)(zend_file_handle *file_handle, int type);
74 ZEND_API zend_op_array *(*zend_compile_string)(zval *source_string, char *filename);
75 
76 #ifndef ZTS
77 ZEND_API zend_compiler_globals compiler_globals;
78 ZEND_API zend_executor_globals executor_globals;
79 #endif
80 
81 static zend_op *zend_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2);
82 static zend_bool zend_try_ct_eval_array(zval *result, zend_ast *ast);
83 
init_op(zend_op *op)84 static void init_op(zend_op *op)
85 {
86 	MAKE_NOP(op);
87 	op->extended_value = 0;
88 	op->lineno = CG(zend_lineno);
89 }
90 
get_next_op_number(void)91 static zend_always_inline uint32_t get_next_op_number(void)
92 {
93 	return CG(active_op_array)->last;
94 }
95 
get_next_op(void)96 static zend_op *get_next_op(void)
97 {
98 	zend_op_array *op_array = CG(active_op_array);
99 	uint32_t next_op_num = op_array->last++;
100 	zend_op *next_op;
101 
102 	if (UNEXPECTED(next_op_num >= CG(context).opcodes_size)) {
103 		CG(context).opcodes_size *= 4;
104 		op_array->opcodes = erealloc(op_array->opcodes, CG(context).opcodes_size * sizeof(zend_op));
105 	}
106 
107 	next_op = &(op_array->opcodes[next_op_num]);
108 
109 	init_op(next_op);
110 
111 	return next_op;
112 }
113 
get_next_brk_cont_element(void)114 static zend_brk_cont_element *get_next_brk_cont_element(void)
115 {
116 	CG(context).last_brk_cont++;
117 	CG(context).brk_cont_array = erealloc(CG(context).brk_cont_array, sizeof(zend_brk_cont_element) * CG(context).last_brk_cont);
118 	return &CG(context).brk_cont_array[CG(context).last_brk_cont-1];
119 }
120 
zend_destroy_property_info_internal(zval *zv)121 static void zend_destroy_property_info_internal(zval *zv) /* {{{ */
122 {
123 	zend_property_info *property_info = Z_PTR_P(zv);
124 
125 	zend_string_release(property_info->name);
126 	free(property_info);
127 }
128 /* }}} */
129 
zend_build_runtime_definition_key(zend_string *name, uint32_t start_lineno)130 static zend_string *zend_build_runtime_definition_key(zend_string *name, uint32_t start_lineno) /* {{{ */
131 {
132 	zend_string *filename = CG(active_op_array)->filename;
133 	zend_string *result = zend_strpprintf(0, "%c%s%s:%" PRIu32 "$%" PRIx32,
134 		'\0', ZSTR_VAL(name), ZSTR_VAL(filename), start_lineno, CG(rtd_key_counter)++);
135 	return zend_new_interned_string(result);
136 }
137 /* }}} */
138 
zend_get_unqualified_name(const zend_string *name, const char **result, size_t *result_len)139 static zend_bool zend_get_unqualified_name(const zend_string *name, const char **result, size_t *result_len) /* {{{ */
140 {
141 	const char *ns_separator = zend_memrchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
142 	if (ns_separator != NULL) {
143 		*result = ns_separator + 1;
144 		*result_len = ZSTR_VAL(name) + ZSTR_LEN(name) - *result;
145 		return 1;
146 	}
147 
148 	return 0;
149 }
150 /* }}} */
151 
152 struct reserved_class_name {
153 	const char *name;
154 	size_t len;
155 };
156 static const struct reserved_class_name reserved_class_names[] = {
157 	{ZEND_STRL("bool")},
158 	{ZEND_STRL("false")},
159 	{ZEND_STRL("float")},
160 	{ZEND_STRL("int")},
161 	{ZEND_STRL("null")},
162 	{ZEND_STRL("parent")},
163 	{ZEND_STRL("self")},
164 	{ZEND_STRL("static")},
165 	{ZEND_STRL("string")},
166 	{ZEND_STRL("true")},
167 	{ZEND_STRL("void")},
168 	{ZEND_STRL("iterable")},
169 	{ZEND_STRL("object")},
170 	{NULL, 0}
171 };
172 
zend_is_reserved_class_name(const zend_string *name)173 static zend_bool zend_is_reserved_class_name(const zend_string *name) /* {{{ */
174 {
175 	const struct reserved_class_name *reserved = reserved_class_names;
176 
177 	const char *uqname = ZSTR_VAL(name);
178 	size_t uqname_len = ZSTR_LEN(name);
179 	zend_get_unqualified_name(name, &uqname, &uqname_len);
180 
181 	for (; reserved->name; ++reserved) {
182 		if (uqname_len == reserved->len
183 			&& zend_binary_strcasecmp(uqname, uqname_len, reserved->name, reserved->len) == 0
184 		) {
185 			return 1;
186 		}
187 	}
188 
189 	return 0;
190 }
191 /* }}} */
192 
zend_assert_valid_class_name(const zend_string *name)193 void zend_assert_valid_class_name(const zend_string *name) /* {{{ */
194 {
195 	if (zend_is_reserved_class_name(name)) {
196 		zend_error_noreturn(E_COMPILE_ERROR,
197 			"Cannot use '%s' as class name as it is reserved", ZSTR_VAL(name));
198 	}
199 }
200 /* }}} */
201 
202 typedef struct _builtin_type_info {
203 	const char* name;
204 	const size_t name_len;
205 	const zend_uchar type;
206 } builtin_type_info;
207 
208 static const builtin_type_info builtin_types[] = {
209 	{ZEND_STRL("int"), IS_LONG},
210 	{ZEND_STRL("float"), IS_DOUBLE},
211 	{ZEND_STRL("string"), IS_STRING},
212 	{ZEND_STRL("bool"), _IS_BOOL},
213 	{ZEND_STRL("void"), IS_VOID},
214 	{ZEND_STRL("iterable"), IS_ITERABLE},
215 	{ZEND_STRL("object"), IS_OBJECT},
216 	{NULL, 0, IS_UNDEF}
217 };
218 
219 
zend_lookup_builtin_type_by_name(const zend_string *name)220 static zend_always_inline zend_uchar zend_lookup_builtin_type_by_name(const zend_string *name) /* {{{ */
221 {
222 	const builtin_type_info *info = &builtin_types[0];
223 
224 	for (; info->name; ++info) {
225 		if (ZSTR_LEN(name) == info->name_len
226 			&& zend_binary_strcasecmp(ZSTR_VAL(name), ZSTR_LEN(name), info->name, info->name_len) == 0
227 		) {
228 			return info->type;
229 		}
230 	}
231 
232 	return 0;
233 }
234 /* }}} */
235 
236 
zend_oparray_context_begin(zend_oparray_context *prev_context)237 void zend_oparray_context_begin(zend_oparray_context *prev_context) /* {{{ */
238 {
239 	*prev_context = CG(context);
240 	CG(context).opcodes_size = INITIAL_OP_ARRAY_SIZE;
241 	CG(context).vars_size = 0;
242 	CG(context).literals_size = 0;
243 	CG(context).fast_call_var = -1;
244 	CG(context).try_catch_offset = -1;
245 	CG(context).current_brk_cont = -1;
246 	CG(context).last_brk_cont = 0;
247 	CG(context).brk_cont_array = NULL;
248 	CG(context).labels = NULL;
249 }
250 /* }}} */
251 
zend_oparray_context_end(zend_oparray_context *prev_context)252 void zend_oparray_context_end(zend_oparray_context *prev_context) /* {{{ */
253 {
254 	if (CG(context).brk_cont_array) {
255 		efree(CG(context).brk_cont_array);
256 		CG(context).brk_cont_array = NULL;
257 	}
258 	if (CG(context).labels) {
259 		zend_hash_destroy(CG(context).labels);
260 		FREE_HASHTABLE(CG(context).labels);
261 		CG(context).labels = NULL;
262 	}
263 	CG(context) = *prev_context;
264 }
265 /* }}} */
266 
zend_reset_import_tables(void)267 static void zend_reset_import_tables(void) /* {{{ */
268 {
269 	if (FC(imports)) {
270 		zend_hash_destroy(FC(imports));
271 		efree(FC(imports));
272 		FC(imports) = NULL;
273 	}
274 
275 	if (FC(imports_function)) {
276 		zend_hash_destroy(FC(imports_function));
277 		efree(FC(imports_function));
278 		FC(imports_function) = NULL;
279 	}
280 
281 	if (FC(imports_const)) {
282 		zend_hash_destroy(FC(imports_const));
283 		efree(FC(imports_const));
284 		FC(imports_const) = NULL;
285 	}
286 }
287 /* }}} */
288 
zend_end_namespace(void)289 static void zend_end_namespace(void) /* {{{ */ {
290 	FC(in_namespace) = 0;
291 	zend_reset_import_tables();
292 	if (FC(current_namespace)) {
293 		zend_string_release_ex(FC(current_namespace), 0);
294 		FC(current_namespace) = NULL;
295 	}
296 }
297 /* }}} */
298 
zend_file_context_begin(zend_file_context *prev_context)299 void zend_file_context_begin(zend_file_context *prev_context) /* {{{ */
300 {
301 	*prev_context = CG(file_context);
302 	FC(imports) = NULL;
303 	FC(imports_function) = NULL;
304 	FC(imports_const) = NULL;
305 	FC(current_namespace) = NULL;
306 	FC(in_namespace) = 0;
307 	FC(has_bracketed_namespaces) = 0;
308 	FC(declarables).ticks = 0;
309 	zend_hash_init(&FC(seen_symbols), 8, NULL, NULL, 0);
310 }
311 /* }}} */
312 
zend_file_context_end(zend_file_context *prev_context)313 void zend_file_context_end(zend_file_context *prev_context) /* {{{ */
314 {
315 	zend_end_namespace();
316 	zend_hash_destroy(&FC(seen_symbols));
317 	CG(file_context) = *prev_context;
318 }
319 /* }}} */
320 
zend_init_compiler_data_structures(void)321 void zend_init_compiler_data_structures(void) /* {{{ */
322 {
323 	zend_stack_init(&CG(loop_var_stack), sizeof(zend_loop_var));
324 	zend_stack_init(&CG(delayed_oplines_stack), sizeof(zend_op));
325 	CG(active_class_entry) = NULL;
326 	CG(in_compilation) = 0;
327 	CG(skip_shebang) = 0;
328 
329 	CG(encoding_declared) = 0;
330 	CG(memoized_exprs) = NULL;
331 	CG(memoize_mode) = 0;
332 }
333 /* }}} */
334 
zend_register_seen_symbol(zend_string *name, uint32_t kind)335 static void zend_register_seen_symbol(zend_string *name, uint32_t kind) {
336 	zval *zv = zend_hash_find(&FC(seen_symbols), name);
337 	if (zv) {
338 		Z_LVAL_P(zv) |= kind;
339 	} else {
340 		zval tmp;
341 		ZVAL_LONG(&tmp, kind);
342 		zend_hash_add_new(&FC(seen_symbols), name, &tmp);
343 	}
344 }
345 
zend_have_seen_symbol(zend_string *name, uint32_t kind)346 static zend_bool zend_have_seen_symbol(zend_string *name, uint32_t kind) {
347 	zval *zv = zend_hash_find(&FC(seen_symbols), name);
348 	return zv && (Z_LVAL_P(zv) & kind) != 0;
349 }
350 
file_handle_dtor(zend_file_handle *fh)351 ZEND_API void file_handle_dtor(zend_file_handle *fh) /* {{{ */
352 {
353 
354 	zend_file_handle_dtor(fh);
355 }
356 /* }}} */
357 
init_compiler(void)358 void init_compiler(void) /* {{{ */
359 {
360 	CG(arena) = zend_arena_create(64 * 1024);
361 	CG(active_op_array) = NULL;
362 	memset(&CG(context), 0, sizeof(CG(context)));
363 	zend_init_compiler_data_structures();
364 	zend_init_rsrc_list();
365 	zend_hash_init(&CG(filenames_table), 8, NULL, ZVAL_PTR_DTOR, 0);
366 	zend_llist_init(&CG(open_files), sizeof(zend_file_handle), (void (*)(void *)) file_handle_dtor, 0);
367 	CG(unclean_shutdown) = 0;
368 
369 	CG(delayed_variance_obligations) = NULL;
370 	CG(delayed_autoloads) = NULL;
371 }
372 /* }}} */
373 
shutdown_compiler(void)374 void shutdown_compiler(void) /* {{{ */
375 {
376 	zend_stack_destroy(&CG(loop_var_stack));
377 	zend_stack_destroy(&CG(delayed_oplines_stack));
378 	zend_hash_destroy(&CG(filenames_table));
379 	zend_arena_destroy(CG(arena));
380 
381 	if (CG(delayed_variance_obligations)) {
382 		zend_hash_destroy(CG(delayed_variance_obligations));
383 		FREE_HASHTABLE(CG(delayed_variance_obligations));
384 		CG(delayed_variance_obligations) = NULL;
385 	}
386 	if (CG(delayed_autoloads)) {
387 		zend_hash_destroy(CG(delayed_autoloads));
388 		FREE_HASHTABLE(CG(delayed_autoloads));
389 		CG(delayed_autoloads) = NULL;
390 	}
391 }
392 /* }}} */
393 
zend_set_compiled_filename(zend_string *new_compiled_filename)394 ZEND_API zend_string *zend_set_compiled_filename(zend_string *new_compiled_filename) /* {{{ */
395 {
396 	zval *p, rv;
397 
398 	if ((p = zend_hash_find(&CG(filenames_table), new_compiled_filename))) {
399 		ZEND_ASSERT(Z_TYPE_P(p) == IS_STRING);
400 		CG(compiled_filename) = Z_STR_P(p);
401 		return Z_STR_P(p);
402 	}
403 
404 	new_compiled_filename = zend_new_interned_string(zend_string_copy(new_compiled_filename));
405 	ZVAL_STR(&rv, new_compiled_filename);
406 	zend_hash_add_new(&CG(filenames_table), new_compiled_filename, &rv);
407 
408 	CG(compiled_filename) = new_compiled_filename;
409 	return new_compiled_filename;
410 }
411 /* }}} */
412 
zend_restore_compiled_filename(zend_string *original_compiled_filename)413 ZEND_API void zend_restore_compiled_filename(zend_string *original_compiled_filename) /* {{{ */
414 {
415 	CG(compiled_filename) = original_compiled_filename;
416 }
417 /* }}} */
418 
zend_get_compiled_filename(void)419 ZEND_API zend_string *zend_get_compiled_filename(void) /* {{{ */
420 {
421 	return CG(compiled_filename);
422 }
423 /* }}} */
424 
zend_get_compiled_lineno(void)425 ZEND_API int zend_get_compiled_lineno(void) /* {{{ */
426 {
427 	return CG(zend_lineno);
428 }
429 /* }}} */
430 
zend_is_compiling(void)431 ZEND_API zend_bool zend_is_compiling(void) /* {{{ */
432 {
433 	return CG(in_compilation);
434 }
435 /* }}} */
436 
get_temporary_variable(void)437 static zend_always_inline uint32_t get_temporary_variable(void) /* {{{ */
438 {
439 	return (uint32_t)CG(active_op_array)->T++;
440 }
441 /* }}} */
442 
lookup_cv(zend_string *name)443 static int lookup_cv(zend_string *name) /* {{{ */{
444 	zend_op_array *op_array = CG(active_op_array);
445 	int i = 0;
446 	zend_ulong hash_value = zend_string_hash_val(name);
447 
448 	while (i < op_array->last_var) {
449 		if (ZSTR_H(op_array->vars[i]) == hash_value
450 		 && zend_string_equals(op_array->vars[i], name)) {
451 			return (int)(zend_intptr_t)ZEND_CALL_VAR_NUM(NULL, i);
452 		}
453 		i++;
454 	}
455 	i = op_array->last_var;
456 	op_array->last_var++;
457 	if (op_array->last_var > CG(context).vars_size) {
458 		CG(context).vars_size += 16; /* FIXME */
459 		op_array->vars = erealloc(op_array->vars, CG(context).vars_size * sizeof(zend_string*));
460 	}
461 
462 	op_array->vars[i] = zend_string_copy(name);
463 	return (int)(zend_intptr_t)ZEND_CALL_VAR_NUM(NULL, i);
464 }
465 /* }}} */
466 
zend_del_literal(zend_op_array *op_array, int n)467 void zend_del_literal(zend_op_array *op_array, int n) /* {{{ */
468 {
469 	zval_ptr_dtor_nogc(CT_CONSTANT_EX(op_array, n));
470 	if (n + 1 == op_array->last_literal) {
471 		op_array->last_literal--;
472 	} else {
473 		ZVAL_UNDEF(CT_CONSTANT_EX(op_array, n));
474 	}
475 }
476 /* }}} */
477 
zval_make_interned_string(zval *zv)478 static inline zend_string *zval_make_interned_string(zval *zv) /* {{{ */
479 {
480 	ZEND_ASSERT(Z_TYPE_P(zv) == IS_STRING);
481 	Z_STR_P(zv) = zend_new_interned_string(Z_STR_P(zv));
482 	if (ZSTR_IS_INTERNED(Z_STR_P(zv))) {
483 		Z_TYPE_FLAGS_P(zv) = 0;
484 	}
485 	return Z_STR_P(zv);
486 }
487 
488 /* Common part of zend_add_literal and zend_append_individual_literal */
zend_insert_literal(zend_op_array *op_array, zval *zv, int literal_position)489 static inline void zend_insert_literal(zend_op_array *op_array, zval *zv, int literal_position) /* {{{ */
490 {
491 	zval *lit = CT_CONSTANT_EX(op_array, literal_position);
492 	if (Z_TYPE_P(zv) == IS_STRING) {
493 		zval_make_interned_string(zv);
494 	}
495 	ZVAL_COPY_VALUE(lit, zv);
496 	Z_EXTRA_P(lit) = 0;
497 }
498 /* }}} */
499 
500 /* Is used while compiling a function, using the context to keep track
501    of an approximate size to avoid to relocate to often.
502    Literals are truncated to actual size in the second compiler pass (pass_two()). */
zend_add_literal(zval *zv)503 static int zend_add_literal(zval *zv) /* {{{ */
504 {
505 	zend_op_array *op_array = CG(active_op_array);
506 	int i = op_array->last_literal;
507 	op_array->last_literal++;
508 	if (i >= CG(context).literals_size) {
509 		while (i >= CG(context).literals_size) {
510 			CG(context).literals_size += 16; /* FIXME */
511 		}
512 		op_array->literals = (zval*)erealloc(op_array->literals, CG(context).literals_size * sizeof(zval));
513 	}
514 	zend_insert_literal(op_array, zv, i);
515 	return i;
516 }
517 /* }}} */
518 
zend_add_literal_string(zend_string **str)519 static inline int zend_add_literal_string(zend_string **str) /* {{{ */
520 {
521 	int ret;
522 	zval zv;
523 	ZVAL_STR(&zv, *str);
524 	ret = zend_add_literal(&zv);
525 	*str = Z_STR(zv);
526 	return ret;
527 }
528 /* }}} */
529 
zend_add_func_name_literal(zend_string *name)530 static int zend_add_func_name_literal(zend_string *name) /* {{{ */
531 {
532 	/* Original name */
533 	int ret = zend_add_literal_string(&name);
534 
535 	/* Lowercased name */
536 	zend_string *lc_name = zend_string_tolower(name);
537 	zend_add_literal_string(&lc_name);
538 
539 	return ret;
540 }
541 /* }}} */
542 
zend_add_ns_func_name_literal(zend_string *name)543 static int zend_add_ns_func_name_literal(zend_string *name) /* {{{ */
544 {
545 	const char *unqualified_name;
546 	size_t unqualified_name_len;
547 
548 	/* Original name */
549 	int ret = zend_add_literal_string(&name);
550 
551 	/* Lowercased name */
552 	zend_string *lc_name = zend_string_tolower(name);
553 	zend_add_literal_string(&lc_name);
554 
555 	/* Lowercased unqualfied name */
556 	if (zend_get_unqualified_name(name, &unqualified_name, &unqualified_name_len)) {
557 		lc_name = zend_string_alloc(unqualified_name_len, 0);
558 		zend_str_tolower_copy(ZSTR_VAL(lc_name), unqualified_name, unqualified_name_len);
559 		zend_add_literal_string(&lc_name);
560 	}
561 
562 	return ret;
563 }
564 /* }}} */
565 
zend_add_class_name_literal(zend_string *name)566 static int zend_add_class_name_literal(zend_string *name) /* {{{ */
567 {
568 	/* Original name */
569 	int ret = zend_add_literal_string(&name);
570 
571 	/* Lowercased name */
572 	zend_string *lc_name = zend_string_tolower(name);
573 	zend_add_literal_string(&lc_name);
574 
575 	return ret;
576 }
577 /* }}} */
578 
zend_add_const_name_literal(zend_string *name, zend_bool unqualified)579 static int zend_add_const_name_literal(zend_string *name, zend_bool unqualified) /* {{{ */
580 {
581 	zend_string *tmp_name;
582 
583 	int ret = zend_add_literal_string(&name);
584 
585 	size_t ns_len = 0, after_ns_len = ZSTR_LEN(name);
586 	const char *after_ns = zend_memrchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
587 	if (after_ns) {
588 		after_ns += 1;
589 		ns_len = after_ns - ZSTR_VAL(name) - 1;
590 		after_ns_len = ZSTR_LEN(name) - ns_len - 1;
591 
592 		/* lowercased namespace name & original constant name */
593 		tmp_name = zend_string_init(ZSTR_VAL(name), ZSTR_LEN(name), 0);
594 		zend_str_tolower(ZSTR_VAL(tmp_name), ns_len);
595 		zend_add_literal_string(&tmp_name);
596 
597 		/* lowercased namespace name & lowercased constant name */
598 		tmp_name = zend_string_tolower(name);
599 		zend_add_literal_string(&tmp_name);
600 
601 		if (!unqualified) {
602 			return ret;
603 		}
604 	} else {
605 		after_ns = ZSTR_VAL(name);
606 	}
607 
608 	/* original unqualified constant name */
609 	tmp_name = zend_string_init(after_ns, after_ns_len, 0);
610 	zend_add_literal_string(&tmp_name);
611 
612 	/* lowercased unqualified constant name */
613 	tmp_name = zend_string_alloc(after_ns_len, 0);
614 	zend_str_tolower_copy(ZSTR_VAL(tmp_name), after_ns, after_ns_len);
615 	zend_add_literal_string(&tmp_name);
616 
617 	return ret;
618 }
619 /* }}} */
620 
621 #define LITERAL_STR(op, str) do { \
622 		zval _c; \
623 		ZVAL_STR(&_c, str); \
624 		op.constant = zend_add_literal(&_c); \
625 	} while (0)
626 
zend_stop_lexing(void)627 void zend_stop_lexing(void)
628 {
629 	if (LANG_SCNG(on_event)) {
630 		LANG_SCNG(on_event)(ON_STOP, END, 0, LANG_SCNG(on_event_context));
631 	}
632 
633 	LANG_SCNG(yy_cursor) = LANG_SCNG(yy_limit);
634 }
635 
zend_begin_loop( zend_uchar free_opcode, const znode *loop_var, zend_bool is_switch)636 static inline void zend_begin_loop(
637 		zend_uchar free_opcode, const znode *loop_var, zend_bool is_switch) /* {{{ */
638 {
639 	zend_brk_cont_element *brk_cont_element;
640 	int parent = CG(context).current_brk_cont;
641 	zend_loop_var info = {0};
642 
643 	CG(context).current_brk_cont = CG(context).last_brk_cont;
644 	brk_cont_element = get_next_brk_cont_element();
645 	brk_cont_element->parent = parent;
646 	brk_cont_element->is_switch = is_switch;
647 
648 	if (loop_var && (loop_var->op_type & (IS_VAR|IS_TMP_VAR))) {
649 		uint32_t start = get_next_op_number();
650 
651 		info.opcode = free_opcode;
652 		info.var_type = loop_var->op_type;
653 		info.var_num = loop_var->u.op.var;
654 		brk_cont_element->start = start;
655 	} else {
656 		info.opcode = ZEND_NOP;
657 		/* The start field is used to free temporary variables in case of exceptions.
658 		 * We won't try to free something of we don't have loop variable.  */
659 		brk_cont_element->start = -1;
660 	}
661 
662 	zend_stack_push(&CG(loop_var_stack), &info);
663 }
664 /* }}} */
665 
zend_end_loop(int cont_addr, const znode *var_node)666 static inline void zend_end_loop(int cont_addr, const znode *var_node) /* {{{ */
667 {
668 	uint32_t end = get_next_op_number();
669 	zend_brk_cont_element *brk_cont_element
670 		= &CG(context).brk_cont_array[CG(context).current_brk_cont];
671 	brk_cont_element->cont = cont_addr;
672 	brk_cont_element->brk = end;
673 	CG(context).current_brk_cont = brk_cont_element->parent;
674 
675 	zend_stack_del_top(&CG(loop_var_stack));
676 }
677 /* }}} */
678 
zend_do_free(znode *op1)679 void zend_do_free(znode *op1) /* {{{ */
680 {
681 	if (op1->op_type == IS_TMP_VAR) {
682 		zend_op *opline = &CG(active_op_array)->opcodes[CG(active_op_array)->last-1];
683 
684 		while (opline->opcode == ZEND_END_SILENCE) {
685 			opline--;
686 		}
687 
688 		if (opline->result_type == IS_TMP_VAR && opline->result.var == op1->u.op.var) {
689 			if (opline->opcode == ZEND_BOOL || opline->opcode == ZEND_BOOL_NOT) {
690 				return;
691 			}
692 		}
693 
694 		zend_emit_op(NULL, ZEND_FREE, op1, NULL);
695 	} else if (op1->op_type == IS_VAR) {
696 		zend_op *opline = &CG(active_op_array)->opcodes[CG(active_op_array)->last-1];
697 		while (opline->opcode == ZEND_END_SILENCE ||
698 				opline->opcode == ZEND_EXT_FCALL_END ||
699 				opline->opcode == ZEND_OP_DATA) {
700 			opline--;
701 		}
702 		if (opline->result_type == IS_VAR
703 			&& opline->result.var == op1->u.op.var) {
704 			if (opline->opcode == ZEND_FETCH_THIS) {
705 				opline->opcode = ZEND_NOP;
706 				opline->result_type = IS_UNUSED;
707 			} else {
708 				opline->result_type = IS_UNUSED;
709 			}
710 		} else {
711 			while (opline >= CG(active_op_array)->opcodes) {
712 				if ((opline->opcode == ZEND_FETCH_LIST_R ||
713                      opline->opcode == ZEND_FETCH_LIST_W) &&
714 				    opline->op1_type == IS_VAR &&
715 				    opline->op1.var == op1->u.op.var) {
716 					zend_emit_op(NULL, ZEND_FREE, op1, NULL);
717 					return;
718 				}
719 				if (opline->result_type == IS_VAR
720 					&& opline->result.var == op1->u.op.var) {
721 					if (opline->opcode == ZEND_NEW) {
722 						zend_emit_op(NULL, ZEND_FREE, op1, NULL);
723 					}
724 					break;
725 				}
726 				opline--;
727 			}
728 		}
729 	} else if (op1->op_type == IS_CONST) {
730 		/* Destroy value without using GC: When opcache moves arrays into SHM it will
731 		 * free the zend_array structure, so references to it from outside the op array
732 		 * become invalid. GC would cause such a reference in the root buffer. */
733 		zval_ptr_dtor_nogc(&op1->u.constant);
734 	}
735 }
736 /* }}} */
737 
zend_add_class_modifier(uint32_t flags, uint32_t new_flag)738 uint32_t zend_add_class_modifier(uint32_t flags, uint32_t new_flag) /* {{{ */
739 {
740 	uint32_t new_flags = flags | new_flag;
741 	if ((flags & ZEND_ACC_EXPLICIT_ABSTRACT_CLASS) && (new_flag & ZEND_ACC_EXPLICIT_ABSTRACT_CLASS)) {
742 		zend_throw_exception(zend_ce_compile_error,
743 			"Multiple abstract modifiers are not allowed", 0);
744 		return 0;
745 	}
746 	if ((flags & ZEND_ACC_FINAL) && (new_flag & ZEND_ACC_FINAL)) {
747 		zend_throw_exception(zend_ce_compile_error, "Multiple final modifiers are not allowed", 0);
748 		return 0;
749 	}
750 	if ((new_flags & ZEND_ACC_EXPLICIT_ABSTRACT_CLASS) && (new_flags & ZEND_ACC_FINAL)) {
751 		zend_throw_exception(zend_ce_compile_error,
752 			"Cannot use the final modifier on an abstract class", 0);
753 		return 0;
754 	}
755 	return new_flags;
756 }
757 /* }}} */
758 
zend_add_member_modifier(uint32_t flags, uint32_t new_flag)759 uint32_t zend_add_member_modifier(uint32_t flags, uint32_t new_flag) /* {{{ */
760 {
761 	uint32_t new_flags = flags | new_flag;
762 	if ((flags & ZEND_ACC_PPP_MASK) && (new_flag & ZEND_ACC_PPP_MASK)) {
763 		zend_throw_exception(zend_ce_compile_error,
764 			"Multiple access type modifiers are not allowed", 0);
765 		return 0;
766 	}
767 	if ((flags & ZEND_ACC_ABSTRACT) && (new_flag & ZEND_ACC_ABSTRACT)) {
768 		zend_throw_exception(zend_ce_compile_error, "Multiple abstract modifiers are not allowed", 0);
769 		return 0;
770 	}
771 	if ((flags & ZEND_ACC_STATIC) && (new_flag & ZEND_ACC_STATIC)) {
772 		zend_throw_exception(zend_ce_compile_error, "Multiple static modifiers are not allowed", 0);
773 		return 0;
774 	}
775 	if ((flags & ZEND_ACC_FINAL) && (new_flag & ZEND_ACC_FINAL)) {
776 		zend_throw_exception(zend_ce_compile_error, "Multiple final modifiers are not allowed", 0);
777 		return 0;
778 	}
779 	if ((new_flags & ZEND_ACC_ABSTRACT) && (new_flags & ZEND_ACC_FINAL)) {
780 		zend_throw_exception(zend_ce_compile_error,
781 			"Cannot use the final modifier on an abstract class member", 0);
782 		return 0;
783 	}
784 	return new_flags;
785 }
786 /* }}} */
787 
zend_concat3(char *str1, size_t str1_len, char *str2, size_t str2_len, char *str3, size_t str3_len)788 zend_string *zend_concat3(char *str1, size_t str1_len, char *str2, size_t str2_len, char *str3, size_t str3_len) /* {{{ */
789 {
790 	size_t len = str1_len + str2_len + str3_len;
791 	zend_string *res = zend_string_alloc(len, 0);
792 
793 	memcpy(ZSTR_VAL(res), str1, str1_len);
794 	memcpy(ZSTR_VAL(res) + str1_len, str2, str2_len);
795 	memcpy(ZSTR_VAL(res) + str1_len + str2_len, str3, str3_len);
796 	ZSTR_VAL(res)[len] = '\0';
797 
798 	return res;
799 }
800 
zend_concat_names(char *name1, size_t name1_len, char *name2, size_t name2_len)801 zend_string *zend_concat_names(char *name1, size_t name1_len, char *name2, size_t name2_len) {
802 	return zend_concat3(name1, name1_len, "\\", 1, name2, name2_len);
803 }
804 
zend_prefix_with_ns(zend_string *name)805 zend_string *zend_prefix_with_ns(zend_string *name) {
806 	if (FC(current_namespace)) {
807 		zend_string *ns = FC(current_namespace);
808 		return zend_concat_names(ZSTR_VAL(ns), ZSTR_LEN(ns), ZSTR_VAL(name), ZSTR_LEN(name));
809 	} else {
810 		return zend_string_copy(name);
811 	}
812 }
813 
zend_hash_find_ptr_lc(HashTable *ht, const char *str, size_t len)814 void *zend_hash_find_ptr_lc(HashTable *ht, const char *str, size_t len) {
815 	void *result;
816 	zend_string *lcname;
817 	ALLOCA_FLAG(use_heap);
818 
819 	ZSTR_ALLOCA_ALLOC(lcname, len, use_heap);
820 	zend_str_tolower_copy(ZSTR_VAL(lcname), str, len);
821 	result = zend_hash_find_ptr(ht, lcname);
822 	ZSTR_ALLOCA_FREE(lcname, use_heap);
823 
824 	return result;
825 }
826 
zend_resolve_non_class_name( zend_string *name, uint32_t type, zend_bool *is_fully_qualified, zend_bool case_sensitive, HashTable *current_import_sub )827 zend_string *zend_resolve_non_class_name(
828 	zend_string *name, uint32_t type, zend_bool *is_fully_qualified,
829 	zend_bool case_sensitive, HashTable *current_import_sub
830 ) {
831 	char *compound;
832 	*is_fully_qualified = 0;
833 
834 	if (ZSTR_VAL(name)[0] == '\\') {
835 		/* Remove \ prefix (only relevant if this is a string rather than a label) */
836 		*is_fully_qualified = 1;
837 		return zend_string_init(ZSTR_VAL(name) + 1, ZSTR_LEN(name) - 1, 0);
838 	}
839 
840 	if (type == ZEND_NAME_FQ) {
841 		*is_fully_qualified = 1;
842 		return zend_string_copy(name);
843 	}
844 
845 	if (type == ZEND_NAME_RELATIVE) {
846 		*is_fully_qualified = 1;
847 		return zend_prefix_with_ns(name);
848 	}
849 
850 	if (current_import_sub) {
851 		/* If an unqualified name is a function/const alias, replace it. */
852 		zend_string *import_name;
853 		if (case_sensitive) {
854 			import_name = zend_hash_find_ptr(current_import_sub, name);
855 		} else {
856 			import_name = zend_hash_find_ptr_lc(current_import_sub, ZSTR_VAL(name), ZSTR_LEN(name));
857 		}
858 
859 		if (import_name) {
860 			*is_fully_qualified = 1;
861 			return zend_string_copy(import_name);
862 		}
863 	}
864 
865 	compound = memchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
866 	if (compound) {
867 		*is_fully_qualified = 1;
868 	}
869 
870 	if (compound && FC(imports)) {
871 		/* If the first part of a qualified name is an alias, substitute it. */
872 		size_t len = compound - ZSTR_VAL(name);
873 		zend_string *import_name = zend_hash_find_ptr_lc(FC(imports), ZSTR_VAL(name), len);
874 
875 		if (import_name) {
876 			return zend_concat_names(
877 				ZSTR_VAL(import_name), ZSTR_LEN(import_name), ZSTR_VAL(name) + len + 1, ZSTR_LEN(name) - len - 1);
878 		}
879 	}
880 
881 	return zend_prefix_with_ns(name);
882 }
883 /* }}} */
884 
zend_resolve_function_name(zend_string *name, uint32_t type, zend_bool *is_fully_qualified)885 zend_string *zend_resolve_function_name(zend_string *name, uint32_t type, zend_bool *is_fully_qualified) /* {{{ */
886 {
887 	return zend_resolve_non_class_name(
888 		name, type, is_fully_qualified, 0, FC(imports_function));
889 }
890 /* }}} */
891 
zend_resolve_const_name(zend_string *name, uint32_t type, zend_bool *is_fully_qualified)892 zend_string *zend_resolve_const_name(zend_string *name, uint32_t type, zend_bool *is_fully_qualified) /* {{{ */ {
893 	return zend_resolve_non_class_name(
894 		name, type, is_fully_qualified, 1, FC(imports_const));
895 }
896 /* }}} */
897 
zend_resolve_class_name(zend_string *name, uint32_t type)898 zend_string *zend_resolve_class_name(zend_string *name, uint32_t type) /* {{{ */
899 {
900 	char *compound;
901 
902 	if (type == ZEND_NAME_RELATIVE) {
903 		return zend_prefix_with_ns(name);
904 	}
905 
906 	if (type == ZEND_NAME_FQ || ZSTR_VAL(name)[0] == '\\') {
907 		/* Remove \ prefix (only relevant if this is a string rather than a label) */
908 		if (ZSTR_VAL(name)[0] == '\\') {
909 			name = zend_string_init(ZSTR_VAL(name) + 1, ZSTR_LEN(name) - 1, 0);
910 		} else {
911 			zend_string_addref(name);
912 		}
913 		/* Ensure that \self, \parent and \static are not used */
914 		if (ZEND_FETCH_CLASS_DEFAULT != zend_get_class_fetch_type(name)) {
915 			zend_error_noreturn(E_COMPILE_ERROR, "'\\%s' is an invalid class name", ZSTR_VAL(name));
916 		}
917 		return name;
918 	}
919 
920 	if (FC(imports)) {
921 		compound = memchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
922 		if (compound) {
923 			/* If the first part of a qualified name is an alias, substitute it. */
924 			size_t len = compound - ZSTR_VAL(name);
925 			zend_string *import_name =
926 				zend_hash_find_ptr_lc(FC(imports), ZSTR_VAL(name), len);
927 
928 			if (import_name) {
929 				return zend_concat_names(
930 					ZSTR_VAL(import_name), ZSTR_LEN(import_name), ZSTR_VAL(name) + len + 1, ZSTR_LEN(name) - len - 1);
931 			}
932 		} else {
933 			/* If an unqualified name is an alias, replace it. */
934 			zend_string *import_name
935 				= zend_hash_find_ptr_lc(FC(imports), ZSTR_VAL(name), ZSTR_LEN(name));
936 
937 			if (import_name) {
938 				return zend_string_copy(import_name);
939 			}
940 		}
941 	}
942 
943 	/* If not fully qualified and not an alias, prepend the current namespace */
944 	return zend_prefix_with_ns(name);
945 }
946 /* }}} */
947 
zend_resolve_class_name_ast(zend_ast *ast)948 zend_string *zend_resolve_class_name_ast(zend_ast *ast) /* {{{ */
949 {
950 	zval *class_name = zend_ast_get_zval(ast);
951 	if (Z_TYPE_P(class_name) != IS_STRING) {
952 		zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
953 	}
954 	return zend_resolve_class_name(Z_STR_P(class_name), ast->attr);
955 }
956 /* }}} */
957 
label_ptr_dtor(zval *zv)958 static void label_ptr_dtor(zval *zv) /* {{{ */
959 {
960 	efree_size(Z_PTR_P(zv), sizeof(zend_label));
961 }
962 /* }}} */
963 
str_dtor(zval *zv)964 static void str_dtor(zval *zv)  /* {{{ */ {
965 	zend_string_release_ex(Z_STR_P(zv), 0);
966 }
967 /* }}} */
968 
969 static zend_bool zend_is_call(zend_ast *ast);
970 
zend_add_try_element(uint32_t try_op)971 static uint32_t zend_add_try_element(uint32_t try_op) /* {{{ */
972 {
973 	zend_op_array *op_array = CG(active_op_array);
974 	uint32_t try_catch_offset = op_array->last_try_catch++;
975 	zend_try_catch_element *elem;
976 
977 	op_array->try_catch_array = safe_erealloc(
978 		op_array->try_catch_array, sizeof(zend_try_catch_element), op_array->last_try_catch, 0);
979 
980 	elem = &op_array->try_catch_array[try_catch_offset];
981 	elem->try_op = try_op;
982 	elem->catch_op = 0;
983 	elem->finally_op = 0;
984 	elem->finally_end = 0;
985 
986 	return try_catch_offset;
987 }
988 /* }}} */
989 
function_add_ref(zend_function *function)990 ZEND_API void function_add_ref(zend_function *function) /* {{{ */
991 {
992 	if (function->type == ZEND_USER_FUNCTION) {
993 		zend_op_array *op_array = &function->op_array;
994 
995 		if (op_array->refcount) {
996 			(*op_array->refcount)++;
997 		}
998 		if (op_array->static_variables) {
999 			if (!(GC_FLAGS(op_array->static_variables) & IS_ARRAY_IMMUTABLE)) {
1000 				GC_ADDREF(op_array->static_variables);
1001 			}
1002 		}
1003 
1004 		if (CG(compiler_options) & ZEND_COMPILE_PRELOAD) {
1005 			ZEND_ASSERT(op_array->fn_flags & ZEND_ACC_PRELOADED);
1006 			ZEND_MAP_PTR_NEW(op_array->run_time_cache);
1007 			ZEND_MAP_PTR_NEW(op_array->static_variables_ptr);
1008 		} else {
1009 			ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, &op_array->static_variables);
1010 			ZEND_MAP_PTR_INIT(op_array->run_time_cache, zend_arena_alloc(&CG(arena), sizeof(void*)));
1011 			ZEND_MAP_PTR_SET(op_array->run_time_cache, NULL);
1012 		}
1013 	} else if (function->type == ZEND_INTERNAL_FUNCTION) {
1014 		if (function->common.function_name) {
1015 			zend_string_addref(function->common.function_name);
1016 		}
1017 	}
1018 }
1019 /* }}} */
1020 
do_bind_function_error(zend_string *lcname, zend_op_array *op_array, zend_bool compile_time)1021 static zend_never_inline ZEND_COLD ZEND_NORETURN void do_bind_function_error(zend_string *lcname, zend_op_array *op_array, zend_bool compile_time) /* {{{ */
1022 {
1023 	zval *zv = zend_hash_find_ex(compile_time ? CG(function_table) : EG(function_table), lcname, 1);
1024 	int error_level = compile_time ? E_COMPILE_ERROR : E_ERROR;
1025 	zend_function *old_function;
1026 
1027 	ZEND_ASSERT(zv != NULL);
1028 	old_function = (zend_function*)Z_PTR_P(zv);
1029 	if (old_function->type == ZEND_USER_FUNCTION
1030 		&& old_function->op_array.last > 0) {
1031 		zend_error_noreturn(error_level, "Cannot redeclare %s() (previously declared in %s:%d)",
1032 					op_array ? ZSTR_VAL(op_array->function_name) : ZSTR_VAL(old_function->common.function_name),
1033 					ZSTR_VAL(old_function->op_array.filename),
1034 					old_function->op_array.opcodes[0].lineno);
1035 	} else {
1036 		zend_error_noreturn(error_level, "Cannot redeclare %s()",
1037 			op_array ? ZSTR_VAL(op_array->function_name) : ZSTR_VAL(old_function->common.function_name));
1038 	}
1039 }
1040 
do_bind_function(zval *lcname)1041 ZEND_API int do_bind_function(zval *lcname) /* {{{ */
1042 {
1043 	zend_function *function;
1044 	zval *rtd_key, *zv;
1045 
1046 	rtd_key = lcname + 1;
1047 	zv = zend_hash_find_ex(EG(function_table), Z_STR_P(rtd_key), 1);
1048 	if (UNEXPECTED(!zv)) {
1049 		do_bind_function_error(Z_STR_P(lcname), NULL, 0);
1050 		return FAILURE;
1051 	}
1052 	function = (zend_function*)Z_PTR_P(zv);
1053 	zv = zend_hash_set_bucket_key(EG(function_table), (Bucket*)zv, Z_STR_P(lcname));
1054 	if (UNEXPECTED(!zv)) {
1055 		do_bind_function_error(Z_STR_P(lcname), &function->op_array, 0);
1056 		return FAILURE;
1057 	}
1058 	return SUCCESS;
1059 }
1060 /* }}} */
1061 
do_bind_class(zval *lcname, zend_string *lc_parent_name)1062 ZEND_API int do_bind_class(zval *lcname, zend_string *lc_parent_name) /* {{{ */
1063 {
1064 	zend_class_entry *ce;
1065 	zval *rtd_key, *zv;
1066 
1067 	rtd_key = lcname + 1;
1068 
1069 	zv = zend_hash_find_ex(EG(class_table), Z_STR_P(rtd_key), 1);
1070 
1071 	if (UNEXPECTED(!zv)) {
1072 		ce = zend_hash_find_ptr(EG(class_table), Z_STR_P(lcname));
1073 		if (ce) {
1074 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare %s %s, because the name is already in use", zend_get_object_type(ce), ZSTR_VAL(ce->name));
1075 			return FAILURE;
1076 		} else {
1077 			do {
1078 				ZEND_ASSERT(EG(current_execute_data)->func->op_array.fn_flags & ZEND_ACC_PRELOADED);
1079 				if (zend_preload_autoload
1080 				  && zend_preload_autoload(EG(current_execute_data)->func->op_array.filename) == SUCCESS) {
1081 					zv = zend_hash_find_ex(EG(class_table), Z_STR_P(rtd_key), 1);
1082 					if (EXPECTED(zv != NULL)) {
1083 						break;
1084 					}
1085 				}
1086 				zend_error_noreturn(E_ERROR, "Class %s wasn't preloaded", Z_STRVAL_P(lcname));
1087 				return FAILURE;
1088 			} while (0);
1089 		}
1090 	}
1091 
1092 	/* Register the derived class */
1093 	ce = (zend_class_entry*)Z_PTR_P(zv);
1094 	zv = zend_hash_set_bucket_key(EG(class_table), (Bucket*)zv, Z_STR_P(lcname));
1095 	if (UNEXPECTED(!zv)) {
1096 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare %s %s, because the name is already in use", zend_get_object_type(ce), ZSTR_VAL(ce->name));
1097 		return FAILURE;
1098 	}
1099 
1100 	if (zend_do_link_class(ce, lc_parent_name) == FAILURE) {
1101 		/* Reload bucket pointer, the hash table may have been reallocated */
1102 		zv = zend_hash_find(EG(class_table), Z_STR_P(lcname));
1103 		zend_hash_set_bucket_key(EG(class_table), (Bucket *) zv, Z_STR_P(rtd_key));
1104 		return FAILURE;
1105 	}
1106 
1107 	return SUCCESS;
1108 }
1109 /* }}} */
1110 
zend_mark_function_as_generatornull1111 static void zend_mark_function_as_generator() /* {{{ */
1112 {
1113 	if (!CG(active_op_array)->function_name) {
1114 		zend_error_noreturn(E_COMPILE_ERROR,
1115 			"The \"yield\" expression can only be used inside a function");
1116 	}
1117 
1118 	if (CG(active_op_array)->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) {
1119 		zend_arg_info return_info = CG(active_op_array)->arg_info[-1];
1120 
1121 		if (ZEND_TYPE_CODE(return_info.type) != IS_ITERABLE) {
1122 			const char *msg = "Generators may only declare a return type of Generator, Iterator, Traversable, or iterable, %s is not permitted";
1123 
1124 			if (!ZEND_TYPE_IS_CLASS(return_info.type)) {
1125 				zend_error_noreturn(E_COMPILE_ERROR, msg, zend_get_type_by_const(ZEND_TYPE_CODE(return_info.type)));
1126 			}
1127 
1128 			if (!zend_string_equals_literal_ci(ZEND_TYPE_NAME(return_info.type), "Traversable")
1129 				&& !zend_string_equals_literal_ci(ZEND_TYPE_NAME(return_info.type), "Iterator")
1130 				&& !zend_string_equals_literal_ci(ZEND_TYPE_NAME(return_info.type), "Generator")) {
1131 				zend_error_noreturn(E_COMPILE_ERROR, msg, ZSTR_VAL(ZEND_TYPE_NAME(return_info.type)));
1132 			}
1133 		}
1134 	}
1135 
1136 	CG(active_op_array)->fn_flags |= ZEND_ACC_GENERATOR;
1137 }
1138 /* }}} */
1139 
zend_build_delayed_early_binding_list(const zend_op_array *op_array)1140 ZEND_API uint32_t zend_build_delayed_early_binding_list(const zend_op_array *op_array) /* {{{ */
1141 {
1142 	if (op_array->fn_flags & ZEND_ACC_EARLY_BINDING) {
1143 		uint32_t  first_early_binding_opline = (uint32_t)-1;
1144 		uint32_t *prev_opline_num = &first_early_binding_opline;
1145 		zend_op  *opline = op_array->opcodes;
1146 		zend_op  *end = opline + op_array->last;
1147 
1148 		while (opline < end) {
1149 			if (opline->opcode == ZEND_DECLARE_CLASS_DELAYED) {
1150 				*prev_opline_num = opline - op_array->opcodes;
1151 				prev_opline_num = &opline->result.opline_num;
1152 			}
1153 			++opline;
1154 		}
1155 		*prev_opline_num = -1;
1156 		return first_early_binding_opline;
1157 	}
1158 	return (uint32_t)-1;
1159 }
1160 /* }}} */
1161 
zend_do_delayed_early_binding(zend_op_array *op_array, uint32_t first_early_binding_opline)1162 ZEND_API void zend_do_delayed_early_binding(zend_op_array *op_array, uint32_t first_early_binding_opline) /* {{{ */
1163 {
1164 	if (first_early_binding_opline != (uint32_t)-1) {
1165 		zend_bool orig_in_compilation = CG(in_compilation);
1166 		uint32_t opline_num = first_early_binding_opline;
1167 		void **run_time_cache;
1168 
1169 		if (!ZEND_MAP_PTR(op_array->run_time_cache)) {
1170 			void *ptr;
1171 
1172 			ZEND_ASSERT(op_array->fn_flags & ZEND_ACC_HEAP_RT_CACHE);
1173 			ptr = emalloc(op_array->cache_size + sizeof(void*));
1174 			ZEND_MAP_PTR_INIT(op_array->run_time_cache, ptr);
1175 			ptr = (char*)ptr + sizeof(void*);
1176 			ZEND_MAP_PTR_SET(op_array->run_time_cache, ptr);
1177 			memset(ptr, 0, op_array->cache_size);
1178 		}
1179 		run_time_cache = RUN_TIME_CACHE(op_array);
1180 
1181 		CG(in_compilation) = 1;
1182 		while (opline_num != (uint32_t)-1) {
1183 			const zend_op *opline = &op_array->opcodes[opline_num];
1184 			zval *lcname = RT_CONSTANT(opline, opline->op1);
1185 			zval *zv = zend_hash_find_ex(EG(class_table), Z_STR_P(lcname + 1), 1);
1186 
1187 			if (zv) {
1188 				zend_class_entry *ce = Z_CE_P(zv);
1189 				zend_string *lc_parent_name = Z_STR_P(RT_CONSTANT(opline, opline->op2));
1190 				zend_class_entry *parent_ce = zend_hash_find_ex_ptr(EG(class_table), lc_parent_name, 1);
1191 
1192 				if (parent_ce) {
1193 					if (zend_try_early_bind(ce, parent_ce, Z_STR_P(lcname), zv)) {
1194 						/* Store in run-time cache */
1195 						((void**)((char*)run_time_cache + opline->extended_value))[0] = ce;
1196 					}
1197 				}
1198 			}
1199 			opline_num = op_array->opcodes[opline_num].result.opline_num;
1200 		}
1201 		CG(in_compilation) = orig_in_compilation;
1202 	}
1203 }
1204 /* }}} */
1205 
zend_mangle_property_name(const char *src1, size_t src1_length, const char *src2, size_t src2_length, int internal)1206 ZEND_API zend_string *zend_mangle_property_name(const char *src1, size_t src1_length, const char *src2, size_t src2_length, int internal) /* {{{ */
1207 {
1208 	size_t prop_name_length = 1 + src1_length + 1 + src2_length;
1209 	zend_string *prop_name = zend_string_alloc(prop_name_length, internal);
1210 
1211 	ZSTR_VAL(prop_name)[0] = '\0';
1212 	memcpy(ZSTR_VAL(prop_name) + 1, src1, src1_length+1);
1213 	memcpy(ZSTR_VAL(prop_name) + 1 + src1_length + 1, src2, src2_length+1);
1214 	return prop_name;
1215 }
1216 /* }}} */
1217 
zend_strnlen(const char* s, size_t maxlen)1218 static zend_always_inline size_t zend_strnlen(const char* s, size_t maxlen) /* {{{ */
1219 {
1220 	size_t len = 0;
1221 	while (*s++ && maxlen--) len++;
1222 	return len;
1223 }
1224 /* }}} */
1225 
zend_unmangle_property_name_ex(const zend_string *name, const char **class_name, const char **prop_name, size_t *prop_len)1226 ZEND_API int zend_unmangle_property_name_ex(const zend_string *name, const char **class_name, const char **prop_name, size_t *prop_len) /* {{{ */
1227 {
1228 	size_t class_name_len;
1229 	size_t anonclass_src_len;
1230 
1231 	*class_name = NULL;
1232 
1233 	if (!ZSTR_LEN(name) || ZSTR_VAL(name)[0] != '\0') {
1234 		*prop_name = ZSTR_VAL(name);
1235 		if (prop_len) {
1236 			*prop_len = ZSTR_LEN(name);
1237 		}
1238 		return SUCCESS;
1239 	}
1240 	if (ZSTR_LEN(name) < 3 || ZSTR_VAL(name)[1] == '\0') {
1241 		zend_error(E_NOTICE, "Illegal member variable name");
1242 		*prop_name = ZSTR_VAL(name);
1243 		if (prop_len) {
1244 			*prop_len = ZSTR_LEN(name);
1245 		}
1246 		return FAILURE;
1247 	}
1248 
1249 	class_name_len = zend_strnlen(ZSTR_VAL(name) + 1, ZSTR_LEN(name) - 2);
1250 	if (class_name_len >= ZSTR_LEN(name) - 2 || ZSTR_VAL(name)[class_name_len + 1] != '\0') {
1251 		zend_error(E_NOTICE, "Corrupt member variable name");
1252 		*prop_name = ZSTR_VAL(name);
1253 		if (prop_len) {
1254 			*prop_len = ZSTR_LEN(name);
1255 		}
1256 		return FAILURE;
1257 	}
1258 
1259 	*class_name = ZSTR_VAL(name) + 1;
1260 	anonclass_src_len = zend_strnlen(*class_name + class_name_len + 1, ZSTR_LEN(name) - class_name_len - 2);
1261 	if (class_name_len + anonclass_src_len + 2 != ZSTR_LEN(name)) {
1262 		class_name_len += anonclass_src_len + 1;
1263 	}
1264 	*prop_name = ZSTR_VAL(name) + class_name_len + 2;
1265 	if (prop_len) {
1266 		*prop_len = ZSTR_LEN(name) - class_name_len - 2;
1267 	}
1268 	return SUCCESS;
1269 }
1270 /* }}} */
1271 
zend_lookup_reserved_const(const char *name, size_t len)1272 static zend_constant *zend_lookup_reserved_const(const char *name, size_t len) /* {{{ */
1273 {
1274 	zend_constant *c = zend_hash_find_ptr_lc(EG(zend_constants), name, len);
1275 	if (c && !(ZEND_CONSTANT_FLAGS(c) & CONST_CS) && (ZEND_CONSTANT_FLAGS(c) & CONST_CT_SUBST)) {
1276 		return c;
1277 	}
1278 	return NULL;
1279 }
1280 /* }}} */
1281 
zend_try_ct_eval_const(zval *zv, zend_string *name, zend_bool is_fully_qualified)1282 static zend_bool zend_try_ct_eval_const(zval *zv, zend_string *name, zend_bool is_fully_qualified) /* {{{ */
1283 {
1284 	zend_constant *c;
1285 
1286 	/* Substitute case-sensitive (or lowercase) constants */
1287 	c = zend_hash_find_ptr(EG(zend_constants), name);
1288 	if (c && (
1289 	      ((ZEND_CONSTANT_FLAGS(c) & CONST_PERSISTENT)
1290 	      && !(CG(compiler_options) & ZEND_COMPILE_NO_PERSISTENT_CONSTANT_SUBSTITUTION)
1291 	      && (!(ZEND_CONSTANT_FLAGS(c) & CONST_NO_FILE_CACHE) || !(CG(compiler_options) & ZEND_COMPILE_WITH_FILE_CACHE)))
1292 	   || (Z_TYPE(c->value) < IS_OBJECT && !(CG(compiler_options) & ZEND_COMPILE_NO_CONSTANT_SUBSTITUTION))
1293 	)) {
1294 		ZVAL_COPY_OR_DUP(zv, &c->value);
1295 		return 1;
1296 	}
1297 
1298 	{
1299 		/* Substitute true, false and null (including unqualified usage in namespaces) */
1300 		const char *lookup_name = ZSTR_VAL(name);
1301 		size_t lookup_len = ZSTR_LEN(name);
1302 
1303 		if (!is_fully_qualified) {
1304 			zend_get_unqualified_name(name, &lookup_name, &lookup_len);
1305 		}
1306 
1307 		c = zend_lookup_reserved_const(lookup_name, lookup_len);
1308 		if (c) {
1309 			ZVAL_COPY_OR_DUP(zv, &c->value);
1310 			return 1;
1311 		}
1312 	}
1313 
1314 	return 0;
1315 }
1316 /* }}} */
1317 
zend_is_scope_knownnull1318 static inline zend_bool zend_is_scope_known() /* {{{ */
1319 {
1320 	if (CG(active_op_array)->fn_flags & ZEND_ACC_CLOSURE) {
1321 		/* Closures can be rebound to a different scope */
1322 		return 0;
1323 	}
1324 
1325 	if (!CG(active_class_entry)) {
1326 		/* The scope is known if we're in a free function (no scope), but not if we're in
1327 		 * a file/eval (which inherits including/eval'ing scope). */
1328 		return CG(active_op_array)->function_name != NULL;
1329 	}
1330 
1331 	/* For traits self etc refers to the using class, not the trait itself */
1332 	return (CG(active_class_entry)->ce_flags & ZEND_ACC_TRAIT) == 0;
1333 }
1334 /* }}} */
1335 
class_name_refers_to_active_ce(zend_string *class_name, uint32_t fetch_type)1336 static inline zend_bool class_name_refers_to_active_ce(zend_string *class_name, uint32_t fetch_type) /* {{{ */
1337 {
1338 	if (!CG(active_class_entry)) {
1339 		return 0;
1340 	}
1341 	if (fetch_type == ZEND_FETCH_CLASS_SELF && zend_is_scope_known()) {
1342 		return 1;
1343 	}
1344 	return fetch_type == ZEND_FETCH_CLASS_DEFAULT
1345 		&& zend_string_equals_ci(class_name, CG(active_class_entry)->name);
1346 }
1347 /* }}} */
1348 
zend_get_class_fetch_type(zend_string *name)1349 uint32_t zend_get_class_fetch_type(zend_string *name) /* {{{ */
1350 {
1351 	if (zend_string_equals_literal_ci(name, "self")) {
1352 		return ZEND_FETCH_CLASS_SELF;
1353 	} else if (zend_string_equals_literal_ci(name, "parent")) {
1354 		return ZEND_FETCH_CLASS_PARENT;
1355 	} else if (zend_string_equals_literal_ci(name, "static")) {
1356 		return ZEND_FETCH_CLASS_STATIC;
1357 	} else {
1358 		return ZEND_FETCH_CLASS_DEFAULT;
1359 	}
1360 }
1361 /* }}} */
1362 
zend_get_class_fetch_type_ast(zend_ast *name_ast)1363 static uint32_t zend_get_class_fetch_type_ast(zend_ast *name_ast) /* {{{ */
1364 {
1365 	/* Fully qualified names are always default refs */
1366 	if (name_ast->attr == ZEND_NAME_FQ) {
1367 		return ZEND_FETCH_CLASS_DEFAULT;
1368 	}
1369 
1370 	return zend_get_class_fetch_type(zend_ast_get_str(name_ast));
1371 }
1372 /* }}} */
1373 
zend_ensure_valid_class_fetch_type(uint32_t fetch_type)1374 static void zend_ensure_valid_class_fetch_type(uint32_t fetch_type) /* {{{ */
1375 {
1376 	if (fetch_type != ZEND_FETCH_CLASS_DEFAULT && zend_is_scope_known()) {
1377 		zend_class_entry *ce = CG(active_class_entry);
1378 		if (!ce) {
1379 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use \"%s\" when no class scope is active",
1380 				fetch_type == ZEND_FETCH_CLASS_SELF ? "self" :
1381 				fetch_type == ZEND_FETCH_CLASS_PARENT ? "parent" : "static");
1382 		} else if (fetch_type == ZEND_FETCH_CLASS_PARENT && !ce->parent_name) {
1383 			zend_error(E_DEPRECATED,
1384 				"Cannot use \"parent\" when current class scope has no parent");
1385 		}
1386 	}
1387 }
1388 /* }}} */
1389 
zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_ast *class_ast)1390 static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_ast *class_ast) /* {{{ */
1391 {
1392 	uint32_t fetch_type;
1393 	zval *class_name;
1394 
1395 	if (class_ast->kind != ZEND_AST_ZVAL) {
1396 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use ::class with dynamic class name");
1397 	}
1398 
1399 	class_name = zend_ast_get_zval(class_ast);
1400 
1401 	if (Z_TYPE_P(class_name) != IS_STRING) {
1402 		zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
1403 	}
1404 
1405 	fetch_type = zend_get_class_fetch_type(Z_STR_P(class_name));
1406 	zend_ensure_valid_class_fetch_type(fetch_type);
1407 
1408 	switch (fetch_type) {
1409 		case ZEND_FETCH_CLASS_SELF:
1410 			if (CG(active_class_entry) && zend_is_scope_known()) {
1411 				ZVAL_STR_COPY(zv, CG(active_class_entry)->name);
1412 				return 1;
1413 			}
1414 			return 0;
1415 		case ZEND_FETCH_CLASS_PARENT:
1416 			if (CG(active_class_entry) && CG(active_class_entry)->parent_name
1417 					&& zend_is_scope_known()) {
1418 				ZVAL_STR_COPY(zv, CG(active_class_entry)->parent_name);
1419 				return 1;
1420 			}
1421 			return 0;
1422 		case ZEND_FETCH_CLASS_STATIC:
1423 			return 0;
1424 		case ZEND_FETCH_CLASS_DEFAULT:
1425 			ZVAL_STR(zv, zend_resolve_class_name_ast(class_ast));
1426 			return 1;
1427 		EMPTY_SWITCH_DEFAULT_CASE()
1428 	}
1429 }
1430 /* }}} */
1431 
1432 /* We don't use zend_verify_const_access because we need to deal with unlinked classes. */
zend_verify_ct_const_access(zend_class_constant *c, zend_class_entry *scope)1433 static zend_bool zend_verify_ct_const_access(zend_class_constant *c, zend_class_entry *scope)
1434 {
1435 	if (Z_ACCESS_FLAGS(c->value) & ZEND_ACC_PUBLIC) {
1436 		return 1;
1437 	} else if (Z_ACCESS_FLAGS(c->value) & ZEND_ACC_PRIVATE) {
1438 		return c->ce == scope;
1439 	} else {
1440 		zend_class_entry *ce = c->ce;
1441 		while (1) {
1442 			if (ce == scope) {
1443 				return 1;
1444 			}
1445 			if (!ce->parent) {
1446 				break;
1447 			}
1448 			if (ce->ce_flags & ZEND_ACC_RESOLVED_PARENT) {
1449 				ce = ce->parent;
1450 			} else {
1451 				ce = zend_hash_find_ptr_lc(CG(class_table), ZSTR_VAL(ce->parent_name), ZSTR_LEN(ce->parent_name));
1452 				if (!ce) {
1453 					break;
1454 				}
1455 			}
1456 		}
1457 		/* Reverse case cannot be true during compilation */
1458 		return 0;
1459 	}
1460 }
1461 
zend_try_ct_eval_class_const(zval *zv, zend_string *class_name, zend_string *name)1462 static zend_bool zend_try_ct_eval_class_const(zval *zv, zend_string *class_name, zend_string *name) /* {{{ */
1463 {
1464 	uint32_t fetch_type = zend_get_class_fetch_type(class_name);
1465 	zend_class_constant *cc;
1466 	zval *c;
1467 
1468 	if (class_name_refers_to_active_ce(class_name, fetch_type)) {
1469 		cc = zend_hash_find_ptr(&CG(active_class_entry)->constants_table, name);
1470 	} else if (fetch_type == ZEND_FETCH_CLASS_DEFAULT && !(CG(compiler_options) & ZEND_COMPILE_NO_CONSTANT_SUBSTITUTION)) {
1471 		zend_class_entry *ce = zend_hash_find_ptr_lc(CG(class_table), ZSTR_VAL(class_name), ZSTR_LEN(class_name));
1472 		if (ce) {
1473 			cc = zend_hash_find_ptr(&ce->constants_table, name);
1474 		} else {
1475 			return 0;
1476 		}
1477 	} else {
1478 		return 0;
1479 	}
1480 
1481 	if (CG(compiler_options) & ZEND_COMPILE_NO_PERSISTENT_CONSTANT_SUBSTITUTION) {
1482 		return 0;
1483 	}
1484 
1485 	if (!cc || !zend_verify_ct_const_access(cc, CG(active_class_entry))) {
1486 		return 0;
1487 	}
1488 
1489 	c = &cc->value;
1490 
1491 	/* Substitute case-sensitive (or lowercase) persistent class constants */
1492 	if (Z_TYPE_P(c) < IS_OBJECT) {
1493 		ZVAL_COPY_OR_DUP(zv, c);
1494 		return 1;
1495 	}
1496 
1497 	return 0;
1498 }
1499 /* }}} */
1500 
zend_add_to_list(void *result, void *item)1501 static void zend_add_to_list(void *result, void *item) /* {{{ */
1502 {
1503 	void** list = *(void**)result;
1504 	size_t n = 0;
1505 
1506 	if (list) {
1507 		while (list[n]) {
1508 			n++;
1509 		}
1510 	}
1511 
1512 	list = erealloc(list, sizeof(void*) * (n+2));
1513 
1514 	list[n]   = item;
1515 	list[n+1] = NULL;
1516 
1517 	*(void**)result = list;
1518 }
1519 /* }}} */
1520 
zend_do_extended_stmt(void)1521 void zend_do_extended_stmt(void) /* {{{ */
1522 {
1523 	zend_op *opline;
1524 
1525 	if (!(CG(compiler_options) & ZEND_COMPILE_EXTENDED_STMT)) {
1526 		return;
1527 	}
1528 
1529 	opline = get_next_op();
1530 
1531 	opline->opcode = ZEND_EXT_STMT;
1532 }
1533 /* }}} */
1534 
zend_do_extended_fcall_begin(void)1535 void zend_do_extended_fcall_begin(void) /* {{{ */
1536 {
1537 	zend_op *opline;
1538 
1539 	if (!(CG(compiler_options) & ZEND_COMPILE_EXTENDED_FCALL)) {
1540 		return;
1541 	}
1542 
1543 	opline = get_next_op();
1544 
1545 	opline->opcode = ZEND_EXT_FCALL_BEGIN;
1546 }
1547 /* }}} */
1548 
zend_do_extended_fcall_end(void)1549 void zend_do_extended_fcall_end(void) /* {{{ */
1550 {
1551 	zend_op *opline;
1552 
1553 	if (!(CG(compiler_options) & ZEND_COMPILE_EXTENDED_FCALL)) {
1554 		return;
1555 	}
1556 
1557 	opline = get_next_op();
1558 
1559 	opline->opcode = ZEND_EXT_FCALL_END;
1560 }
1561 /* }}} */
1562 
zend_is_auto_global_str(char *name, size_t len)1563 zend_bool zend_is_auto_global_str(char *name, size_t len) /* {{{ */ {
1564 	zend_auto_global *auto_global;
1565 
1566 	if ((auto_global = zend_hash_str_find_ptr(CG(auto_globals), name, len)) != NULL) {
1567 		if (auto_global->armed) {
1568 			auto_global->armed = auto_global->auto_global_callback(auto_global->name);
1569 		}
1570 		return 1;
1571 	}
1572 	return 0;
1573 }
1574 /* }}} */
1575 
zend_is_auto_global(zend_string *name)1576 zend_bool zend_is_auto_global(zend_string *name) /* {{{ */
1577 {
1578 	zend_auto_global *auto_global;
1579 
1580 	if ((auto_global = zend_hash_find_ptr(CG(auto_globals), name)) != NULL) {
1581 		if (auto_global->armed) {
1582 			auto_global->armed = auto_global->auto_global_callback(auto_global->name);
1583 		}
1584 		return 1;
1585 	}
1586 	return 0;
1587 }
1588 /* }}} */
1589 
zend_register_auto_global(zend_string *name, zend_bool jit, zend_auto_global_callback auto_global_callback)1590 int zend_register_auto_global(zend_string *name, zend_bool jit, zend_auto_global_callback auto_global_callback) /* {{{ */
1591 {
1592 	zend_auto_global auto_global;
1593 	int retval;
1594 
1595 	auto_global.name = name;
1596 	auto_global.auto_global_callback = auto_global_callback;
1597 	auto_global.jit = jit;
1598 
1599 	retval = zend_hash_add_mem(CG(auto_globals), auto_global.name, &auto_global, sizeof(zend_auto_global)) != NULL ? SUCCESS : FAILURE;
1600 
1601 	return retval;
1602 }
1603 /* }}} */
1604 
zend_activate_auto_globals(void)1605 ZEND_API void zend_activate_auto_globals(void) /* {{{ */
1606 {
1607 	zend_auto_global *auto_global;
1608 
1609 	ZEND_HASH_FOREACH_PTR(CG(auto_globals), auto_global) {
1610 		if (auto_global->jit) {
1611 			auto_global->armed = 1;
1612 		} else if (auto_global->auto_global_callback) {
1613 			auto_global->armed = auto_global->auto_global_callback(auto_global->name);
1614 		} else {
1615 			auto_global->armed = 0;
1616 		}
1617 	} ZEND_HASH_FOREACH_END();
1618 }
1619 /* }}} */
1620 
zendlex(zend_parser_stack_elem *elem)1621 int ZEND_FASTCALL zendlex(zend_parser_stack_elem *elem) /* {{{ */
1622 {
1623 	zval zv;
1624 	int ret;
1625 
1626 	if (CG(increment_lineno)) {
1627 		CG(zend_lineno)++;
1628 		CG(increment_lineno) = 0;
1629 	}
1630 
1631 	ret = lex_scan(&zv, elem);
1632 	ZEND_ASSERT(!EG(exception) || ret == T_ERROR);
1633 	return ret;
1634 
1635 }
1636 /* }}} */
1637 
zend_initialize_class_data(zend_class_entry *ce, zend_bool nullify_handlers)1638 ZEND_API void zend_initialize_class_data(zend_class_entry *ce, zend_bool nullify_handlers) /* {{{ */
1639 {
1640 	zend_bool persistent_hashes = ce->type == ZEND_INTERNAL_CLASS;
1641 
1642 	ce->refcount = 1;
1643 	ce->ce_flags = ZEND_ACC_CONSTANTS_UPDATED;
1644 
1645 	if (CG(compiler_options) & ZEND_COMPILE_GUARDS) {
1646 		ce->ce_flags |= ZEND_ACC_USE_GUARDS;
1647 	}
1648 
1649 	ce->default_properties_table = NULL;
1650 	ce->default_static_members_table = NULL;
1651 	zend_hash_init_ex(&ce->properties_info, 8, NULL, (persistent_hashes ? zend_destroy_property_info_internal : NULL), persistent_hashes, 0);
1652 	zend_hash_init_ex(&ce->constants_table, 8, NULL, NULL, persistent_hashes, 0);
1653 	zend_hash_init_ex(&ce->function_table, 8, NULL, ZEND_FUNCTION_DTOR, persistent_hashes, 0);
1654 
1655 	if (ce->type == ZEND_INTERNAL_CLASS) {
1656 		ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
1657 	} else {
1658 		ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
1659 		ce->info.user.doc_comment = NULL;
1660 	}
1661 
1662 	ce->default_properties_count = 0;
1663 	ce->default_static_members_count = 0;
1664 	ce->properties_info_table = NULL;
1665 
1666 	if (nullify_handlers) {
1667 		ce->constructor = NULL;
1668 		ce->destructor = NULL;
1669 		ce->clone = NULL;
1670 		ce->__get = NULL;
1671 		ce->__set = NULL;
1672 		ce->__unset = NULL;
1673 		ce->__isset = NULL;
1674 		ce->__call = NULL;
1675 		ce->__callstatic = NULL;
1676 		ce->__tostring = NULL;
1677 		ce->create_object = NULL;
1678 		ce->get_iterator = NULL;
1679 		ce->iterator_funcs_ptr = NULL;
1680 		ce->get_static_method = NULL;
1681 		ce->parent = NULL;
1682 		ce->parent_name = NULL;
1683 		ce->num_interfaces = 0;
1684 		ce->interfaces = NULL;
1685 		ce->num_traits = 0;
1686 		ce->trait_names = NULL;
1687 		ce->trait_aliases = NULL;
1688 		ce->trait_precedences = NULL;
1689 		ce->serialize = NULL;
1690 		ce->unserialize = NULL;
1691 		ce->serialize_func = NULL;
1692 		ce->unserialize_func = NULL;
1693 		ce->__debugInfo = NULL;
1694 		if (ce->type == ZEND_INTERNAL_CLASS) {
1695 			ce->info.internal.module = NULL;
1696 			ce->info.internal.builtin_functions = NULL;
1697 		}
1698 	}
1699 }
1700 /* }}} */
1701 
zend_get_compiled_variable_name(const zend_op_array *op_array, uint32_t var)1702 ZEND_API zend_string *zend_get_compiled_variable_name(const zend_op_array *op_array, uint32_t var) /* {{{ */
1703 {
1704 	return op_array->vars[EX_VAR_TO_NUM(var)];
1705 }
1706 /* }}} */
1707 
zend_ast_append_str(zend_ast *left_ast, zend_ast *right_ast)1708 zend_ast *zend_ast_append_str(zend_ast *left_ast, zend_ast *right_ast) /* {{{ */
1709 {
1710 	zval *left_zv = zend_ast_get_zval(left_ast);
1711 	zend_string *left = Z_STR_P(left_zv);
1712 	zend_string *right = zend_ast_get_str(right_ast);
1713 
1714 	zend_string *result;
1715 	size_t left_len = ZSTR_LEN(left);
1716 	size_t len = left_len + ZSTR_LEN(right) + 1; /* left\right */
1717 
1718 	result = zend_string_extend(left, len, 0);
1719 	ZSTR_VAL(result)[left_len] = '\\';
1720 	memcpy(&ZSTR_VAL(result)[left_len + 1], ZSTR_VAL(right), ZSTR_LEN(right));
1721 	ZSTR_VAL(result)[len] = '\0';
1722 	zend_string_release_ex(right, 0);
1723 
1724 	ZVAL_STR(left_zv, result);
1725 	return left_ast;
1726 }
1727 /* }}} */
1728 
zend_negate_num_string(zend_ast *ast)1729 zend_ast *zend_negate_num_string(zend_ast *ast) /* {{{ */
1730 {
1731 	zval *zv = zend_ast_get_zval(ast);
1732 	if (Z_TYPE_P(zv) == IS_LONG) {
1733 		if (Z_LVAL_P(zv) == 0) {
1734 			ZVAL_NEW_STR(zv, zend_string_init("-0", sizeof("-0")-1, 0));
1735 		} else {
1736 			ZEND_ASSERT(Z_LVAL_P(zv) > 0);
1737 			Z_LVAL_P(zv) *= -1;
1738 		}
1739 	} else if (Z_TYPE_P(zv) == IS_STRING) {
1740 		size_t orig_len = Z_STRLEN_P(zv);
1741 		Z_STR_P(zv) = zend_string_extend(Z_STR_P(zv), orig_len + 1, 0);
1742 		memmove(Z_STRVAL_P(zv) + 1, Z_STRVAL_P(zv), orig_len + 1);
1743 		Z_STRVAL_P(zv)[0] = '-';
1744 	} else {
1745 		ZEND_ASSERT(0);
1746 	}
1747 	return ast;
1748 }
1749 /* }}} */
1750 
zend_verify_namespace(void)1751 void zend_verify_namespace(void) /* {{{ */
1752 {
1753 	if (FC(has_bracketed_namespaces) && !FC(in_namespace)) {
1754 		zend_error_noreturn(E_COMPILE_ERROR, "No code may exist outside of namespace {}");
1755 	}
1756 }
1757 /* }}} */
1758 
1759 /* {{{ zend_dirname
1760    Returns directory name component of path */
zend_dirname(char *path, size_t len)1761 ZEND_API size_t zend_dirname(char *path, size_t len)
1762 {
1763 	register char *end = path + len - 1;
1764 	unsigned int len_adjust = 0;
1765 
1766 #ifdef ZEND_WIN32
1767 	/* Note that on Win32 CWD is per drive (heritage from CP/M).
1768 	 * This means dirname("c:foo") maps to "c:." or "c:" - which means CWD on C: drive.
1769 	 */
1770 	if ((2 <= len) && isalpha((int)((unsigned char *)path)[0]) && (':' == path[1])) {
1771 		/* Skip over the drive spec (if any) so as not to change */
1772 		path += 2;
1773 		len_adjust += 2;
1774 		if (2 == len) {
1775 			/* Return "c:" on Win32 for dirname("c:").
1776 			 * It would be more consistent to return "c:."
1777 			 * but that would require making the string *longer*.
1778 			 */
1779 			return len;
1780 		}
1781 	}
1782 #endif
1783 
1784 	if (len == 0) {
1785 		/* Illegal use of this function */
1786 		return 0;
1787 	}
1788 
1789 	/* Strip trailing slashes */
1790 	while (end >= path && IS_SLASH_P(end)) {
1791 		end--;
1792 	}
1793 	if (end < path) {
1794 		/* The path only contained slashes */
1795 		path[0] = DEFAULT_SLASH;
1796 		path[1] = '\0';
1797 		return 1 + len_adjust;
1798 	}
1799 
1800 	/* Strip filename */
1801 	while (end >= path && !IS_SLASH_P(end)) {
1802 		end--;
1803 	}
1804 	if (end < path) {
1805 		/* No slash found, therefore return '.' */
1806 		path[0] = '.';
1807 		path[1] = '\0';
1808 		return 1 + len_adjust;
1809 	}
1810 
1811 	/* Strip slashes which came before the file name */
1812 	while (end >= path && IS_SLASH_P(end)) {
1813 		end--;
1814 	}
1815 	if (end < path) {
1816 		path[0] = DEFAULT_SLASH;
1817 		path[1] = '\0';
1818 		return 1 + len_adjust;
1819 	}
1820 	*(end+1) = '\0';
1821 
1822 	return (size_t)(end + 1 - path) + len_adjust;
1823 }
1824 /* }}} */
1825 
zend_adjust_for_fetch_type(zend_op *opline, znode *result, uint32_t type)1826 static void zend_adjust_for_fetch_type(zend_op *opline, znode *result, uint32_t type) /* {{{ */
1827 {
1828 	zend_uchar factor = (opline->opcode == ZEND_FETCH_STATIC_PROP_R) ? 1 : 3;
1829 
1830 	switch (type) {
1831 		case BP_VAR_R:
1832 			opline->result_type = IS_TMP_VAR;
1833 			result->op_type = IS_TMP_VAR;
1834 			return;
1835 		case BP_VAR_W:
1836 			opline->opcode += 1 * factor;
1837 			return;
1838 		case BP_VAR_RW:
1839 			opline->opcode += 2 * factor;
1840 			return;
1841 		case BP_VAR_IS:
1842 			opline->result_type = IS_TMP_VAR;
1843 			result->op_type = IS_TMP_VAR;
1844 			opline->opcode += 3 * factor;
1845 			return;
1846 		case BP_VAR_FUNC_ARG:
1847 			opline->opcode += 4 * factor;
1848 			return;
1849 		case BP_VAR_UNSET:
1850 			opline->opcode += 5 * factor;
1851 			return;
1852 		EMPTY_SWITCH_DEFAULT_CASE()
1853 	}
1854 }
1855 /* }}} */
1856 
zend_make_var_result(znode *result, zend_op *opline)1857 static inline void zend_make_var_result(znode *result, zend_op *opline) /* {{{ */
1858 {
1859 	opline->result_type = IS_VAR;
1860 	opline->result.var = get_temporary_variable();
1861 	GET_NODE(result, opline->result);
1862 }
1863 /* }}} */
1864 
zend_make_tmp_result(znode *result, zend_op *opline)1865 static inline void zend_make_tmp_result(znode *result, zend_op *opline) /* {{{ */
1866 {
1867 	opline->result_type = IS_TMP_VAR;
1868 	opline->result.var = get_temporary_variable();
1869 	GET_NODE(result, opline->result);
1870 }
1871 /* }}} */
1872 
zend_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2)1873 static zend_op *zend_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2) /* {{{ */
1874 {
1875 	zend_op *opline = get_next_op();
1876 	opline->opcode = opcode;
1877 
1878 	if (op1 != NULL) {
1879 		SET_NODE(opline->op1, op1);
1880 	}
1881 
1882 	if (op2 != NULL) {
1883 		SET_NODE(opline->op2, op2);
1884 	}
1885 
1886 	if (result) {
1887 		zend_make_var_result(result, opline);
1888 	}
1889 	return opline;
1890 }
1891 /* }}} */
1892 
zend_emit_op_tmp(znode *result, zend_uchar opcode, znode *op1, znode *op2)1893 static zend_op *zend_emit_op_tmp(znode *result, zend_uchar opcode, znode *op1, znode *op2) /* {{{ */
1894 {
1895 	zend_op *opline = get_next_op();
1896 	opline->opcode = opcode;
1897 
1898 	if (op1 != NULL) {
1899 		SET_NODE(opline->op1, op1);
1900 	}
1901 
1902 	if (op2 != NULL) {
1903 		SET_NODE(opline->op2, op2);
1904 	}
1905 
1906 	if (result) {
1907 		zend_make_tmp_result(result, opline);
1908 	}
1909 
1910 	return opline;
1911 }
1912 /* }}} */
1913 
zend_emit_tick(void)1914 static void zend_emit_tick(void) /* {{{ */
1915 {
1916 	zend_op *opline;
1917 
1918 	/* This prevents a double TICK generated by the parser statement of "declare()" */
1919 	if (CG(active_op_array)->last && CG(active_op_array)->opcodes[CG(active_op_array)->last - 1].opcode == ZEND_TICKS) {
1920 		return;
1921 	}
1922 
1923 	opline = get_next_op();
1924 
1925 	opline->opcode = ZEND_TICKS;
1926 	opline->extended_value = FC(declarables).ticks;
1927 }
1928 /* }}} */
1929 
zend_emit_op_data(znode *value)1930 static inline zend_op *zend_emit_op_data(znode *value) /* {{{ */
1931 {
1932 	return zend_emit_op(NULL, ZEND_OP_DATA, value, NULL);
1933 }
1934 /* }}} */
1935 
zend_emit_jump(uint32_t opnum_target)1936 static inline uint32_t zend_emit_jump(uint32_t opnum_target) /* {{{ */
1937 {
1938 	uint32_t opnum = get_next_op_number();
1939 	zend_op *opline = zend_emit_op(NULL, ZEND_JMP, NULL, NULL);
1940 	opline->op1.opline_num = opnum_target;
1941 	return opnum;
1942 }
1943 /* }}} */
1944 
zend_is_smart_branch(zend_op *opline)1945 ZEND_API int zend_is_smart_branch(zend_op *opline) /* {{{ */
1946 {
1947 	switch (opline->opcode) {
1948 		case ZEND_IS_IDENTICAL:
1949 		case ZEND_IS_NOT_IDENTICAL:
1950 		case ZEND_IS_EQUAL:
1951 		case ZEND_IS_NOT_EQUAL:
1952 		case ZEND_IS_SMALLER:
1953 		case ZEND_IS_SMALLER_OR_EQUAL:
1954 		case ZEND_CASE:
1955 		case ZEND_ISSET_ISEMPTY_CV:
1956 		case ZEND_ISSET_ISEMPTY_VAR:
1957 		case ZEND_ISSET_ISEMPTY_DIM_OBJ:
1958 		case ZEND_ISSET_ISEMPTY_PROP_OBJ:
1959 		case ZEND_ISSET_ISEMPTY_STATIC_PROP:
1960 		case ZEND_INSTANCEOF:
1961 		case ZEND_TYPE_CHECK:
1962 		case ZEND_DEFINED:
1963 		case ZEND_IN_ARRAY:
1964 		case ZEND_ARRAY_KEY_EXISTS:
1965 			return 1;
1966 		default:
1967 			return 0;
1968 	}
1969 }
1970 /* }}} */
1971 
zend_emit_cond_jump(zend_uchar opcode, znode *cond, uint32_t opnum_target)1972 static inline uint32_t zend_emit_cond_jump(zend_uchar opcode, znode *cond, uint32_t opnum_target) /* {{{ */
1973 {
1974 	uint32_t opnum = get_next_op_number();
1975 	zend_op *opline;
1976 
1977 	if ((cond->op_type & (IS_CV|IS_CONST))
1978 	 && opnum > 0
1979 	 && zend_is_smart_branch(CG(active_op_array)->opcodes + opnum - 1)) {
1980 		/* emit extra NOP to avoid incorrect SMART_BRANCH in very rare cases */
1981 		zend_emit_op(NULL, ZEND_NOP, NULL, NULL);
1982 		opnum = get_next_op_number();
1983 	}
1984 	opline = zend_emit_op(NULL, opcode, cond, NULL);
1985 	opline->op2.opline_num = opnum_target;
1986 	return opnum;
1987 }
1988 /* }}} */
1989 
zend_update_jump_target(uint32_t opnum_jump, uint32_t opnum_target)1990 static inline void zend_update_jump_target(uint32_t opnum_jump, uint32_t opnum_target) /* {{{ */
1991 {
1992 	zend_op *opline = &CG(active_op_array)->opcodes[opnum_jump];
1993 	switch (opline->opcode) {
1994 		case ZEND_JMP:
1995 			opline->op1.opline_num = opnum_target;
1996 			break;
1997 		case ZEND_JMPZ:
1998 		case ZEND_JMPNZ:
1999 		case ZEND_JMPZ_EX:
2000 		case ZEND_JMPNZ_EX:
2001 		case ZEND_JMP_SET:
2002 		case ZEND_COALESCE:
2003 			opline->op2.opline_num = opnum_target;
2004 			break;
2005 		EMPTY_SWITCH_DEFAULT_CASE()
2006 	}
2007 }
2008 /* }}} */
2009 
zend_update_jump_target_to_next(uint32_t opnum_jump)2010 static inline void zend_update_jump_target_to_next(uint32_t opnum_jump) /* {{{ */
2011 {
2012 	zend_update_jump_target(opnum_jump, get_next_op_number());
2013 }
2014 /* }}} */
2015 
zend_delayed_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2)2016 static inline zend_op *zend_delayed_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2) /* {{{ */
2017 {
2018 	zend_op tmp_opline;
2019 
2020 	init_op(&tmp_opline);
2021 
2022 	tmp_opline.opcode = opcode;
2023 	if (op1 != NULL) {
2024 		SET_NODE(tmp_opline.op1, op1);
2025 	}
2026 	if (op2 != NULL) {
2027 		SET_NODE(tmp_opline.op2, op2);
2028 	}
2029 	if (result) {
2030 		zend_make_var_result(result, &tmp_opline);
2031 	}
2032 
2033 	zend_stack_push(&CG(delayed_oplines_stack), &tmp_opline);
2034 	return zend_stack_top(&CG(delayed_oplines_stack));
2035 }
2036 /* }}} */
2037 
zend_delayed_compile_begin(void)2038 static inline uint32_t zend_delayed_compile_begin(void) /* {{{ */
2039 {
2040 	return zend_stack_count(&CG(delayed_oplines_stack));
2041 }
2042 /* }}} */
2043 
zend_delayed_compile_end(uint32_t offset)2044 static zend_op *zend_delayed_compile_end(uint32_t offset) /* {{{ */
2045 {
2046 	zend_op *opline = NULL, *oplines = zend_stack_base(&CG(delayed_oplines_stack));
2047 	uint32_t i, count = zend_stack_count(&CG(delayed_oplines_stack));
2048 
2049 	ZEND_ASSERT(count >= offset);
2050 	for (i = offset; i < count; ++i) {
2051 		opline = get_next_op();
2052 		memcpy(opline, &oplines[i], sizeof(zend_op));
2053 	}
2054 	CG(delayed_oplines_stack).top = offset;
2055 	return opline;
2056 }
2057 /* }}} */
2058 
2059 #define ZEND_MEMOIZE_NONE 0
2060 #define ZEND_MEMOIZE_COMPILE 1
2061 #define ZEND_MEMOIZE_FETCH 2
2062 
zend_compile_memoized_expr(znode *result, zend_ast *expr)2063 static void zend_compile_memoized_expr(znode *result, zend_ast *expr) /* {{{ */
2064 {
2065 	int memoize_mode = CG(memoize_mode);
2066 	if (memoize_mode == ZEND_MEMOIZE_COMPILE) {
2067 		znode memoized_result;
2068 
2069 		/* Go through normal compilation */
2070 		CG(memoize_mode) = ZEND_MEMOIZE_NONE;
2071 		zend_compile_expr(result, expr);
2072 		CG(memoize_mode) = ZEND_MEMOIZE_COMPILE;
2073 
2074 		if (result->op_type == IS_VAR) {
2075 			zend_emit_op(&memoized_result, ZEND_COPY_TMP, result, NULL);
2076 		} else if (result->op_type == IS_TMP_VAR) {
2077 			zend_emit_op_tmp(&memoized_result, ZEND_COPY_TMP, result, NULL);
2078 		} else {
2079 			if (result->op_type == IS_CONST) {
2080 				Z_TRY_ADDREF(result->u.constant);
2081 			}
2082 			memoized_result = *result;
2083 		}
2084 
2085 		zend_hash_index_update_mem(
2086 			CG(memoized_exprs), (uintptr_t) expr, &memoized_result, sizeof(znode));
2087 	} else if (memoize_mode == ZEND_MEMOIZE_FETCH) {
2088 		znode *memoized_result = zend_hash_index_find_ptr(CG(memoized_exprs), (uintptr_t) expr);
2089 		*result = *memoized_result;
2090 		if (result->op_type == IS_CONST) {
2091 			Z_TRY_ADDREF(result->u.constant);
2092 		}
2093 	} else {
2094 		ZEND_ASSERT(0);
2095 	}
2096 }
2097 /* }}} */
2098 
zend_emit_return_type_check( znode *expr, zend_arg_info *return_info, zend_bool implicit)2099 static void zend_emit_return_type_check(
2100 		znode *expr, zend_arg_info *return_info, zend_bool implicit) /* {{{ */
2101 {
2102 	if (ZEND_TYPE_IS_SET(return_info->type)) {
2103 		zend_op *opline;
2104 
2105 		/* `return ...;` is illegal in a void function (but `return;` isn't) */
2106 		if (ZEND_TYPE_CODE(return_info->type) == IS_VOID) {
2107 			if (expr) {
2108 				if (expr->op_type == IS_CONST && Z_TYPE(expr->u.constant) == IS_NULL) {
2109 					zend_error_noreturn(E_COMPILE_ERROR,
2110 						"A void function must not return a value "
2111 						"(did you mean \"return;\" instead of \"return null;\"?)");
2112 				} else {
2113 					zend_error_noreturn(E_COMPILE_ERROR, "A void function must not return a value");
2114 				}
2115 			}
2116 			/* we don't need run-time check */
2117 			return;
2118 		}
2119 
2120 		if (!expr && !implicit) {
2121 			if (ZEND_TYPE_ALLOW_NULL(return_info->type)) {
2122 				zend_error_noreturn(E_COMPILE_ERROR,
2123 					"A function with return type must return a value "
2124 					"(did you mean \"return null;\" instead of \"return;\"?)");
2125 			} else {
2126 				zend_error_noreturn(E_COMPILE_ERROR,
2127 					"A function with return type must return a value");
2128 			}
2129 		}
2130 
2131 		if (expr && expr->op_type == IS_CONST) {
2132 			if ((ZEND_TYPE_CODE(return_info->type) == Z_TYPE(expr->u.constant))
2133 			 ||((ZEND_TYPE_CODE(return_info->type) == _IS_BOOL)
2134 			  && (Z_TYPE(expr->u.constant) == IS_FALSE
2135 			   || Z_TYPE(expr->u.constant) == IS_TRUE))
2136 			 || (ZEND_TYPE_ALLOW_NULL(return_info->type)
2137 			  && Z_TYPE(expr->u.constant) == IS_NULL)) {
2138 				/* we don't need run-time check */
2139 				return;
2140 			}
2141 		}
2142 
2143 		opline = zend_emit_op(NULL, ZEND_VERIFY_RETURN_TYPE, expr, NULL);
2144 		if (expr && expr->op_type == IS_CONST) {
2145 			opline->result_type = expr->op_type = IS_TMP_VAR;
2146 			opline->result.var = expr->u.op.var = get_temporary_variable();
2147 		}
2148 		if (ZEND_TYPE_IS_CLASS(return_info->type)) {
2149 			opline->op2.num = CG(active_op_array)->cache_size;
2150 			CG(active_op_array)->cache_size += sizeof(void*);
2151 		} else {
2152 			opline->op2.num = -1;
2153 		}
2154 	}
2155 }
2156 /* }}} */
2157 
zend_emit_final_return(int return_one)2158 void zend_emit_final_return(int return_one) /* {{{ */
2159 {
2160 	znode zn;
2161 	zend_op *ret;
2162 	zend_bool returns_reference = (CG(active_op_array)->fn_flags & ZEND_ACC_RETURN_REFERENCE) != 0;
2163 
2164 	if (CG(active_op_array)->fn_flags & ZEND_ACC_HAS_RETURN_TYPE
2165 			&& !(CG(active_op_array)->fn_flags & ZEND_ACC_GENERATOR)) {
2166 		zend_emit_return_type_check(NULL, CG(active_op_array)->arg_info - 1, 1);
2167 	}
2168 
2169 	zn.op_type = IS_CONST;
2170 	if (return_one) {
2171 		ZVAL_LONG(&zn.u.constant, 1);
2172 	} else {
2173 		ZVAL_NULL(&zn.u.constant);
2174 	}
2175 
2176 	ret = zend_emit_op(NULL, returns_reference ? ZEND_RETURN_BY_REF : ZEND_RETURN, &zn, NULL);
2177 	ret->extended_value = -1;
2178 }
2179 /* }}} */
2180 
zend_is_variable(zend_ast *ast)2181 static inline zend_bool zend_is_variable(zend_ast *ast) /* {{{ */
2182 {
2183 	return ast->kind == ZEND_AST_VAR || ast->kind == ZEND_AST_DIM
2184 		|| ast->kind == ZEND_AST_PROP || ast->kind == ZEND_AST_STATIC_PROP;
2185 }
2186 /* }}} */
2187 
zend_is_call(zend_ast *ast)2188 static inline zend_bool zend_is_call(zend_ast *ast) /* {{{ */
2189 {
2190 	return ast->kind == ZEND_AST_CALL
2191 		|| ast->kind == ZEND_AST_METHOD_CALL
2192 		|| ast->kind == ZEND_AST_STATIC_CALL;
2193 }
2194 /* }}} */
2195 
zend_is_variable_or_call(zend_ast *ast)2196 static inline zend_bool zend_is_variable_or_call(zend_ast *ast) /* {{{ */
2197 {
2198 	return zend_is_variable(ast) || zend_is_call(ast);
2199 }
2200 /* }}} */
2201 
zend_is_unticked_stmt(zend_ast *ast)2202 static inline zend_bool zend_is_unticked_stmt(zend_ast *ast) /* {{{ */
2203 {
2204 	return ast->kind == ZEND_AST_STMT_LIST || ast->kind == ZEND_AST_LABEL
2205 		|| ast->kind == ZEND_AST_PROP_DECL || ast->kind == ZEND_AST_CLASS_CONST_DECL
2206 		|| ast->kind == ZEND_AST_USE_TRAIT || ast->kind == ZEND_AST_METHOD;
2207 }
2208 /* }}} */
2209 
zend_can_write_to_variable(zend_ast *ast)2210 static inline zend_bool zend_can_write_to_variable(zend_ast *ast) /* {{{ */
2211 {
2212 	while (ast->kind == ZEND_AST_DIM || ast->kind == ZEND_AST_PROP) {
2213 		ast = ast->child[0];
2214 	}
2215 
2216 	return zend_is_variable_or_call(ast);
2217 }
2218 /* }}} */
2219 
zend_is_const_default_class_ref(zend_ast *name_ast)2220 static inline zend_bool zend_is_const_default_class_ref(zend_ast *name_ast) /* {{{ */
2221 {
2222 	if (name_ast->kind != ZEND_AST_ZVAL) {
2223 		return 0;
2224 	}
2225 
2226 	return ZEND_FETCH_CLASS_DEFAULT == zend_get_class_fetch_type_ast(name_ast);
2227 }
2228 /* }}} */
2229 
zend_handle_numeric_op(znode *node)2230 static inline void zend_handle_numeric_op(znode *node) /* {{{ */
2231 {
2232 	if (node->op_type == IS_CONST && Z_TYPE(node->u.constant) == IS_STRING) {
2233 		zend_ulong index;
2234 
2235 		if (ZEND_HANDLE_NUMERIC(Z_STR(node->u.constant), index)) {
2236 			zval_ptr_dtor(&node->u.constant);
2237 			ZVAL_LONG(&node->u.constant, index);
2238 		}
2239 	}
2240 }
2241 /* }}} */
2242 
zend_handle_numeric_dim(zend_op *opline, znode *dim_node)2243 static inline void zend_handle_numeric_dim(zend_op *opline, znode *dim_node) /* {{{ */
2244 {
2245 	if (Z_TYPE(dim_node->u.constant) == IS_STRING) {
2246 		zend_ulong index;
2247 
2248 		if (ZEND_HANDLE_NUMERIC(Z_STR(dim_node->u.constant), index)) {
2249 			/* For numeric indexes we also keep the original value to use by ArrayAccess
2250 			 * See bug #63217
2251 			 */
2252 			int c = zend_add_literal(&dim_node->u.constant);
2253 			ZEND_ASSERT(opline->op2.constant + 1 == c);
2254 			ZVAL_LONG(CT_CONSTANT(opline->op2), index);
2255 			Z_EXTRA_P(CT_CONSTANT(opline->op2)) = ZEND_EXTRA_VALUE;
2256 			return;
2257 		}
2258 	}
2259 }
2260 /* }}} */
2261 
zend_set_class_name_op1(zend_op *opline, znode *class_node)2262 static inline void zend_set_class_name_op1(zend_op *opline, znode *class_node) /* {{{ */
2263 {
2264 	if (class_node->op_type == IS_CONST) {
2265 		opline->op1_type = IS_CONST;
2266 		opline->op1.constant = zend_add_class_name_literal(
2267 			Z_STR(class_node->u.constant));
2268 	} else {
2269 		SET_NODE(opline->op1, class_node);
2270 	}
2271 }
2272 /* }}} */
2273 
zend_compile_class_ref(znode *result, zend_ast *name_ast, uint32_t fetch_flags)2274 static void zend_compile_class_ref(znode *result, zend_ast *name_ast, uint32_t fetch_flags) /* {{{ */
2275 {
2276 	uint32_t fetch_type;
2277 
2278 	if (name_ast->kind != ZEND_AST_ZVAL) {
2279 		znode name_node;
2280 
2281 		zend_compile_expr(&name_node, name_ast);
2282 
2283 		if (name_node.op_type == IS_CONST) {
2284 			zend_string *name;
2285 
2286 			if (Z_TYPE(name_node.u.constant) != IS_STRING) {
2287 				zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
2288 			}
2289 
2290 			name = Z_STR(name_node.u.constant);
2291 			fetch_type = zend_get_class_fetch_type(name);
2292 
2293 			if (fetch_type == ZEND_FETCH_CLASS_DEFAULT) {
2294 				result->op_type = IS_CONST;
2295 				ZVAL_STR(&result->u.constant, zend_resolve_class_name(name, ZEND_NAME_FQ));
2296 			} else {
2297 				zend_ensure_valid_class_fetch_type(fetch_type);
2298 				result->op_type = IS_UNUSED;
2299 				result->u.op.num = fetch_type | fetch_flags;
2300 			}
2301 
2302 			zend_string_release_ex(name, 0);
2303 		} else {
2304 			zend_op *opline = zend_emit_op(result, ZEND_FETCH_CLASS, NULL, &name_node);
2305 			opline->op1.num = ZEND_FETCH_CLASS_DEFAULT | fetch_flags;
2306 		}
2307 		return;
2308 	}
2309 
2310 	/* Fully qualified names are always default refs */
2311 	if (name_ast->attr == ZEND_NAME_FQ) {
2312 		result->op_type = IS_CONST;
2313 		ZVAL_STR(&result->u.constant, zend_resolve_class_name_ast(name_ast));
2314 		return;
2315 	}
2316 
2317 	fetch_type = zend_get_class_fetch_type(zend_ast_get_str(name_ast));
2318 	if (ZEND_FETCH_CLASS_DEFAULT == fetch_type) {
2319 		result->op_type = IS_CONST;
2320 		ZVAL_STR(&result->u.constant, zend_resolve_class_name_ast(name_ast));
2321 	} else {
2322 		zend_ensure_valid_class_fetch_type(fetch_type);
2323 		result->op_type = IS_UNUSED;
2324 		result->u.op.num = fetch_type | fetch_flags;
2325 	}
2326 }
2327 /* }}} */
2328 
zend_try_compile_cv(znode *result, zend_ast *ast)2329 static int zend_try_compile_cv(znode *result, zend_ast *ast) /* {{{ */
2330 {
2331 	zend_ast *name_ast = ast->child[0];
2332 	if (name_ast->kind == ZEND_AST_ZVAL) {
2333 		zval *zv = zend_ast_get_zval(name_ast);
2334 		zend_string *name;
2335 
2336 		if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
2337 			name = zval_make_interned_string(zv);
2338 		} else {
2339 			name = zend_new_interned_string(zval_get_string_func(zv));
2340 		}
2341 
2342 		if (zend_is_auto_global(name)) {
2343 			return FAILURE;
2344 		}
2345 
2346 		result->op_type = IS_CV;
2347 		result->u.op.var = lookup_cv(name);
2348 
2349 		if (UNEXPECTED(Z_TYPE_P(zv) != IS_STRING)) {
2350 			zend_string_release_ex(name, 0);
2351 		}
2352 
2353 		return SUCCESS;
2354 	}
2355 
2356 	return FAILURE;
2357 }
2358 /* }}} */
2359 
zend_compile_simple_var_no_cv(znode *result, zend_ast *ast, uint32_t type, int delayed)2360 static zend_op *zend_compile_simple_var_no_cv(znode *result, zend_ast *ast, uint32_t type, int delayed) /* {{{ */
2361 {
2362 	zend_ast *name_ast = ast->child[0];
2363 	znode name_node;
2364 	zend_op *opline;
2365 
2366 	zend_compile_expr(&name_node, name_ast);
2367 	if (name_node.op_type == IS_CONST) {
2368 		convert_to_string(&name_node.u.constant);
2369 	}
2370 
2371 	if (delayed) {
2372 		opline = zend_delayed_emit_op(result, ZEND_FETCH_R, &name_node, NULL);
2373 	} else {
2374 		opline = zend_emit_op(result, ZEND_FETCH_R, &name_node, NULL);
2375 	}
2376 
2377 	if (name_node.op_type == IS_CONST &&
2378 	    zend_is_auto_global(Z_STR(name_node.u.constant))) {
2379 
2380 		opline->extended_value = ZEND_FETCH_GLOBAL;
2381 	} else {
2382 		opline->extended_value = ZEND_FETCH_LOCAL;
2383 	}
2384 
2385 	zend_adjust_for_fetch_type(opline, result, type);
2386 	return opline;
2387 }
2388 /* }}} */
2389 
is_this_fetch(zend_ast *ast)2390 static zend_bool is_this_fetch(zend_ast *ast) /* {{{ */
2391 {
2392 	if (ast->kind == ZEND_AST_VAR && ast->child[0]->kind == ZEND_AST_ZVAL) {
2393 		zval *name = zend_ast_get_zval(ast->child[0]);
2394 		return Z_TYPE_P(name) == IS_STRING && zend_string_equals_literal(Z_STR_P(name), "this");
2395 	}
2396 
2397 	return 0;
2398 }
2399 /* }}} */
2400 
zend_compile_simple_var(znode *result, zend_ast *ast, uint32_t type, int delayed)2401 static zend_op *zend_compile_simple_var(znode *result, zend_ast *ast, uint32_t type, int delayed) /* {{{ */
2402 {
2403 	if (is_this_fetch(ast)) {
2404 		zend_op *opline = zend_emit_op(result, ZEND_FETCH_THIS, NULL, NULL);
2405 		if ((type == BP_VAR_R) || (type == BP_VAR_IS)) {
2406 			opline->result_type = IS_TMP_VAR;
2407 			result->op_type = IS_TMP_VAR;
2408 		}
2409 		CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
2410 		return opline;
2411 	} else if (zend_try_compile_cv(result, ast) == FAILURE) {
2412 		return zend_compile_simple_var_no_cv(result, ast, type, delayed);
2413 	}
2414 	return NULL;
2415 }
2416 /* }}} */
2417 
zend_separate_if_call_and_write(znode *node, zend_ast *ast, uint32_t type)2418 static void zend_separate_if_call_and_write(znode *node, zend_ast *ast, uint32_t type) /* {{{ */
2419 {
2420 	if (type != BP_VAR_R && type != BP_VAR_IS && zend_is_call(ast)) {
2421 		if (node->op_type == IS_VAR) {
2422 			zend_op *opline = zend_emit_op(NULL, ZEND_SEPARATE, node, NULL);
2423 			opline->result_type = IS_VAR;
2424 			opline->result.var = opline->op1.var;
2425 		} else {
2426 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use result of built-in function in write context");
2427 		}
2428 	}
2429 }
2430 /* }}} */
2431 
2432 zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t type, zend_bool by_ref);
2433 void zend_compile_assign(znode *result, zend_ast *ast);
2434 
zend_emit_assign_znode(zend_ast *var_ast, znode *value_node)2435 static inline void zend_emit_assign_znode(zend_ast *var_ast, znode *value_node) /* {{{ */
2436 {
2437 	znode dummy_node;
2438 	zend_ast *assign_ast = zend_ast_create(ZEND_AST_ASSIGN, var_ast,
2439 		zend_ast_create_znode(value_node));
2440 	zend_compile_assign(&dummy_node, assign_ast);
2441 	zend_do_free(&dummy_node);
2442 }
2443 /* }}} */
2444 
zend_delayed_compile_dim(znode *result, zend_ast *ast, uint32_t type)2445 static zend_op *zend_delayed_compile_dim(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
2446 {
2447 	if (ast->attr == ZEND_DIM_ALTERNATIVE_SYNTAX) {
2448 		zend_error(E_DEPRECATED, "Array and string offset access syntax with curly braces is deprecated");
2449 	}
2450 
2451 	zend_ast *var_ast = ast->child[0];
2452 	zend_ast *dim_ast = ast->child[1];
2453 	zend_op *opline;
2454 
2455 	znode var_node, dim_node;
2456 
2457 	opline = zend_delayed_compile_var(&var_node, var_ast, type, 0);
2458 	if (opline && type == BP_VAR_W && (opline->opcode == ZEND_FETCH_STATIC_PROP_W || opline->opcode == ZEND_FETCH_OBJ_W)) {
2459 		opline->extended_value |= ZEND_FETCH_DIM_WRITE;
2460 	}
2461 
2462 	zend_separate_if_call_and_write(&var_node, var_ast, type);
2463 
2464 	if (dim_ast == NULL) {
2465 		if (type == BP_VAR_R || type == BP_VAR_IS) {
2466 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
2467 		}
2468 		if (type == BP_VAR_UNSET) {
2469 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for unsetting");
2470 		}
2471 		dim_node.op_type = IS_UNUSED;
2472 	} else {
2473 		zend_compile_expr(&dim_node, dim_ast);
2474 	}
2475 
2476 	opline = zend_delayed_emit_op(result, ZEND_FETCH_DIM_R, &var_node, &dim_node);
2477 	zend_adjust_for_fetch_type(opline, result, type);
2478 
2479 	if (dim_node.op_type == IS_CONST) {
2480 		zend_handle_numeric_dim(opline, &dim_node);
2481 	}
2482 	return opline;
2483 }
2484 /* }}} */
2485 
zend_compile_dim(znode *result, zend_ast *ast, uint32_t type)2486 static zend_op *zend_compile_dim(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
2487 {
2488 	uint32_t offset = zend_delayed_compile_begin();
2489 	zend_delayed_compile_dim(result, ast, type);
2490 	return zend_delayed_compile_end(offset);
2491 }
2492 /* }}} */
2493 
zend_delayed_compile_prop(znode *result, zend_ast *ast, uint32_t type)2494 static zend_op *zend_delayed_compile_prop(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
2495 {
2496 	zend_ast *obj_ast = ast->child[0];
2497 	zend_ast *prop_ast = ast->child[1];
2498 
2499 	znode obj_node, prop_node;
2500 	zend_op *opline;
2501 
2502 	if (is_this_fetch(obj_ast)) {
2503 		obj_node.op_type = IS_UNUSED;
2504 		CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
2505 	} else {
2506 		opline = zend_delayed_compile_var(&obj_node, obj_ast, type, 0);
2507 		if (opline && type == BP_VAR_W && (opline->opcode == ZEND_FETCH_STATIC_PROP_W || opline->opcode == ZEND_FETCH_OBJ_W)) {
2508 			opline->extended_value |= ZEND_FETCH_OBJ_WRITE;
2509 		}
2510 
2511 		zend_separate_if_call_and_write(&obj_node, obj_ast, type);
2512 	}
2513 	zend_compile_expr(&prop_node, prop_ast);
2514 
2515 	opline = zend_delayed_emit_op(result, ZEND_FETCH_OBJ_R, &obj_node, &prop_node);
2516 	if (opline->op2_type == IS_CONST) {
2517 		convert_to_string(CT_CONSTANT(opline->op2));
2518 		opline->extended_value = zend_alloc_cache_slots(3);
2519 	}
2520 
2521 	zend_adjust_for_fetch_type(opline, result, type);
2522 	return opline;
2523 }
2524 /* }}} */
2525 
zend_compile_prop(znode *result, zend_ast *ast, uint32_t type, int by_ref)2526 static zend_op *zend_compile_prop(znode *result, zend_ast *ast, uint32_t type, int by_ref) /* {{{ */
2527 {
2528 	uint32_t offset = zend_delayed_compile_begin();
2529 	zend_op *opline = zend_delayed_compile_prop(result, ast, type);
2530 	if (by_ref) { /* shared with cache_slot */
2531 		opline->extended_value |= ZEND_FETCH_REF;
2532 	}
2533 	return zend_delayed_compile_end(offset);
2534 }
2535 /* }}} */
2536 
zend_compile_static_prop(znode *result, zend_ast *ast, uint32_t type, int by_ref, int delayed)2537 zend_op *zend_compile_static_prop(znode *result, zend_ast *ast, uint32_t type, int by_ref, int delayed) /* {{{ */
2538 {
2539 	zend_ast *class_ast = ast->child[0];
2540 	zend_ast *prop_ast = ast->child[1];
2541 
2542 	znode class_node, prop_node;
2543 	zend_op *opline;
2544 
2545 	zend_compile_class_ref(&class_node, class_ast, ZEND_FETCH_CLASS_EXCEPTION);
2546 
2547 	zend_compile_expr(&prop_node, prop_ast);
2548 
2549 	if (delayed) {
2550 		opline = zend_delayed_emit_op(result, ZEND_FETCH_STATIC_PROP_R, &prop_node, NULL);
2551 	} else {
2552 		opline = zend_emit_op(result, ZEND_FETCH_STATIC_PROP_R, &prop_node, NULL);
2553 	}
2554 	if (opline->op1_type == IS_CONST) {
2555 		convert_to_string(CT_CONSTANT(opline->op1));
2556 		opline->extended_value = zend_alloc_cache_slots(3);
2557 	}
2558 	if (class_node.op_type == IS_CONST) {
2559 		opline->op2_type = IS_CONST;
2560 		opline->op2.constant = zend_add_class_name_literal(
2561 			Z_STR(class_node.u.constant));
2562 		if (opline->op1_type != IS_CONST) {
2563 			opline->extended_value = zend_alloc_cache_slot();
2564 		}
2565 	} else {
2566 		SET_NODE(opline->op2, &class_node);
2567 	}
2568 
2569 	if (by_ref && (type == BP_VAR_W || type == BP_VAR_FUNC_ARG)) { /* shared with cache_slot */
2570 		opline->extended_value |= ZEND_FETCH_REF;
2571 	}
2572 
2573 	zend_adjust_for_fetch_type(opline, result, type);
2574 	return opline;
2575 }
2576 /* }}} */
2577 
zend_verify_list_assign_target(zend_ast *var_ast, zend_bool old_style)2578 static void zend_verify_list_assign_target(zend_ast *var_ast, zend_bool old_style) /* {{{ */ {
2579 	if (var_ast->kind == ZEND_AST_ARRAY) {
2580 		if (var_ast->attr == ZEND_ARRAY_SYNTAX_LONG) {
2581 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot assign to array(), use [] instead");
2582 		}
2583 		if (old_style != var_ast->attr) {
2584 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot mix [] and list()");
2585 		}
2586 	} else if (!zend_can_write_to_variable(var_ast)) {
2587 		zend_error_noreturn(E_COMPILE_ERROR, "Assignments can only happen to writable values");
2588 	}
2589 }
2590 /* }}} */
2591 
2592 static inline void zend_emit_assign_ref_znode(zend_ast *var_ast, znode *value_node);
2593 
2594 /* Propagate refs used on leaf elements to the surrounding list() structures. */
zend_propagate_list_refs(zend_ast *ast)2595 static zend_bool zend_propagate_list_refs(zend_ast *ast) { /* {{{ */
2596 	zend_ast_list *list = zend_ast_get_list(ast);
2597 	zend_bool has_refs = 0;
2598 	uint32_t i;
2599 
2600 	for (i = 0; i < list->children; ++i) {
2601 		zend_ast *elem_ast = list->child[i];
2602 
2603 		if (elem_ast) {
2604 			zend_ast *var_ast = elem_ast->child[0];
2605 			if (var_ast->kind == ZEND_AST_ARRAY) {
2606 				elem_ast->attr = zend_propagate_list_refs(var_ast);
2607 			}
2608 			has_refs |= elem_ast->attr;
2609 		}
2610 	}
2611 
2612 	return has_refs;
2613 }
2614 /* }}} */
2615 
zend_compile_list_assign( znode *result, zend_ast *ast, znode *expr_node, zend_bool old_style)2616 static void zend_compile_list_assign(
2617 		znode *result, zend_ast *ast, znode *expr_node, zend_bool old_style) /* {{{ */
2618 {
2619 	zend_ast_list *list = zend_ast_get_list(ast);
2620 	uint32_t i;
2621 	zend_bool has_elems = 0;
2622 	zend_bool is_keyed =
2623 		list->children > 0 && list->child[0] != NULL && list->child[0]->child[1] != NULL;
2624 
2625 	if (list->children && expr_node->op_type == IS_CONST && Z_TYPE(expr_node->u.constant) == IS_STRING) {
2626 		zval_make_interned_string(&expr_node->u.constant);
2627 	}
2628 
2629 	for (i = 0; i < list->children; ++i) {
2630 		zend_ast *elem_ast = list->child[i];
2631 		zend_ast *var_ast, *key_ast;
2632 		znode fetch_result, dim_node;
2633 		zend_op *opline;
2634 
2635 		if (elem_ast == NULL) {
2636 			if (is_keyed) {
2637 				zend_error(E_COMPILE_ERROR,
2638 					"Cannot use empty array entries in keyed array assignment");
2639 			} else {
2640 				continue;
2641 			}
2642 		}
2643 
2644 		if (elem_ast->kind == ZEND_AST_UNPACK) {
2645 			zend_error(E_COMPILE_ERROR,
2646 					"Spread operator is not supported in assignments");
2647 		}
2648 
2649 		var_ast = elem_ast->child[0];
2650 		key_ast = elem_ast->child[1];
2651 		has_elems = 1;
2652 
2653 		if (is_keyed) {
2654 			if (key_ast == NULL) {
2655 				zend_error(E_COMPILE_ERROR,
2656 					"Cannot mix keyed and unkeyed array entries in assignments");
2657 			}
2658 
2659 			zend_compile_expr(&dim_node, key_ast);
2660 		} else {
2661 			if (key_ast != NULL) {
2662 				zend_error(E_COMPILE_ERROR,
2663 					"Cannot mix keyed and unkeyed array entries in assignments");
2664 			}
2665 
2666 			dim_node.op_type = IS_CONST;
2667 			ZVAL_LONG(&dim_node.u.constant, i);
2668 		}
2669 
2670 		if (expr_node->op_type == IS_CONST) {
2671 			Z_TRY_ADDREF(expr_node->u.constant);
2672 		}
2673 
2674 		zend_verify_list_assign_target(var_ast, old_style);
2675 
2676 		opline = zend_emit_op(&fetch_result,
2677 			elem_ast->attr ? (expr_node->op_type == IS_CV ? ZEND_FETCH_DIM_W : ZEND_FETCH_LIST_W) : ZEND_FETCH_LIST_R, expr_node, &dim_node);
2678 
2679 		if (dim_node.op_type == IS_CONST) {
2680 			zend_handle_numeric_dim(opline, &dim_node);
2681 		}
2682 
2683 		if (var_ast->kind == ZEND_AST_ARRAY) {
2684 			if (elem_ast->attr) {
2685 				zend_emit_op(&fetch_result, ZEND_MAKE_REF, &fetch_result, NULL);
2686 			}
2687 			zend_compile_list_assign(NULL, var_ast, &fetch_result, var_ast->attr);
2688 		} else if (elem_ast->attr) {
2689 			zend_emit_assign_ref_znode(var_ast, &fetch_result);
2690 		} else {
2691 			zend_emit_assign_znode(var_ast, &fetch_result);
2692 		}
2693 	}
2694 
2695 	if (has_elems == 0) {
2696 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use empty list");
2697 	}
2698 
2699 	if (result) {
2700 		*result = *expr_node;
2701 	} else {
2702 		zend_do_free(expr_node);
2703 	}
2704 }
2705 /* }}} */
2706 
zend_ensure_writable_variable(const zend_ast *ast)2707 static void zend_ensure_writable_variable(const zend_ast *ast) /* {{{ */
2708 {
2709 	if (ast->kind == ZEND_AST_CALL) {
2710 		zend_error_noreturn(E_COMPILE_ERROR, "Can't use function return value in write context");
2711 	}
2712 	if (ast->kind == ZEND_AST_METHOD_CALL || ast->kind == ZEND_AST_STATIC_CALL) {
2713 		zend_error_noreturn(E_COMPILE_ERROR, "Can't use method return value in write context");
2714 	}
2715 }
2716 /* }}} */
2717 
2718 /* Detects $a... = $a pattern */
zend_is_assign_to_self(zend_ast *var_ast, zend_ast *expr_ast)2719 zend_bool zend_is_assign_to_self(zend_ast *var_ast, zend_ast *expr_ast) /* {{{ */
2720 {
2721 	if (expr_ast->kind != ZEND_AST_VAR || expr_ast->child[0]->kind != ZEND_AST_ZVAL) {
2722 		return 0;
2723 	}
2724 
2725 	while (zend_is_variable(var_ast) && var_ast->kind != ZEND_AST_VAR) {
2726 		var_ast = var_ast->child[0];
2727 	}
2728 
2729 	if (var_ast->kind != ZEND_AST_VAR || var_ast->child[0]->kind != ZEND_AST_ZVAL) {
2730 		return 0;
2731 	}
2732 
2733 	{
2734 		zend_string *name1 = zval_get_string(zend_ast_get_zval(var_ast->child[0]));
2735 		zend_string *name2 = zval_get_string(zend_ast_get_zval(expr_ast->child[0]));
2736 		zend_bool result = zend_string_equals(name1, name2);
2737 		zend_string_release_ex(name1, 0);
2738 		zend_string_release_ex(name2, 0);
2739 		return result;
2740 	}
2741 }
2742 /* }}} */
2743 
zend_compile_assign(znode *result, zend_ast *ast)2744 void zend_compile_assign(znode *result, zend_ast *ast) /* {{{ */
2745 {
2746 	zend_ast *var_ast = ast->child[0];
2747 	zend_ast *expr_ast = ast->child[1];
2748 
2749 	znode var_node, expr_node;
2750 	zend_op *opline;
2751 	uint32_t offset;
2752 
2753 	if (is_this_fetch(var_ast)) {
2754 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
2755 	}
2756 
2757 	zend_ensure_writable_variable(var_ast);
2758 
2759 	switch (var_ast->kind) {
2760 		case ZEND_AST_VAR:
2761 			offset = zend_delayed_compile_begin();
2762 			zend_delayed_compile_var(&var_node, var_ast, BP_VAR_W, 0);
2763 			zend_compile_expr(&expr_node, expr_ast);
2764 			zend_delayed_compile_end(offset);
2765 			zend_emit_op(result, ZEND_ASSIGN, &var_node, &expr_node);
2766 			return;
2767 		case ZEND_AST_STATIC_PROP:
2768 			offset = zend_delayed_compile_begin();
2769 			zend_delayed_compile_var(result, var_ast, BP_VAR_W, 0);
2770 			zend_compile_expr(&expr_node, expr_ast);
2771 
2772 			opline = zend_delayed_compile_end(offset);
2773 			opline->opcode = ZEND_ASSIGN_STATIC_PROP;
2774 
2775 			zend_emit_op_data(&expr_node);
2776 			return;
2777 		case ZEND_AST_DIM:
2778 			offset = zend_delayed_compile_begin();
2779 			zend_delayed_compile_dim(result, var_ast, BP_VAR_W);
2780 
2781 			if (zend_is_assign_to_self(var_ast, expr_ast)
2782 			 && !is_this_fetch(expr_ast)) {
2783 				/* $a[0] = $a should evaluate the right $a first */
2784 				znode cv_node;
2785 
2786 				if (zend_try_compile_cv(&cv_node, expr_ast) == FAILURE) {
2787 					zend_compile_simple_var_no_cv(&expr_node, expr_ast, BP_VAR_R, 0);
2788 				} else {
2789 					zend_emit_op_tmp(&expr_node, ZEND_QM_ASSIGN, &cv_node, NULL);
2790 				}
2791 			} else {
2792 				zend_compile_expr(&expr_node, expr_ast);
2793 			}
2794 
2795 			opline = zend_delayed_compile_end(offset);
2796 			opline->opcode = ZEND_ASSIGN_DIM;
2797 
2798 			opline = zend_emit_op_data(&expr_node);
2799 			return;
2800 		case ZEND_AST_PROP:
2801 			offset = zend_delayed_compile_begin();
2802 			zend_delayed_compile_prop(result, var_ast, BP_VAR_W);
2803 			zend_compile_expr(&expr_node, expr_ast);
2804 
2805 			opline = zend_delayed_compile_end(offset);
2806 			opline->opcode = ZEND_ASSIGN_OBJ;
2807 
2808 			zend_emit_op_data(&expr_node);
2809 			return;
2810 		case ZEND_AST_ARRAY:
2811 			if (zend_propagate_list_refs(var_ast)) {
2812 				if (!zend_is_variable_or_call(expr_ast)) {
2813 					zend_error_noreturn(E_COMPILE_ERROR,
2814 						"Cannot assign reference to non referencable value");
2815 				}
2816 
2817 				zend_compile_var(&expr_node, expr_ast, BP_VAR_W, 1);
2818 				/* MAKE_REF is usually not necessary for CVs. However, if there are
2819 				 * self-assignments, this forces the RHS to evaluate first. */
2820 				zend_emit_op(&expr_node, ZEND_MAKE_REF, &expr_node, NULL);
2821 			} else {
2822 				if (expr_ast->kind == ZEND_AST_VAR) {
2823 					/* list($a, $b) = $a should evaluate the right $a first */
2824 					znode cv_node;
2825 
2826 					if (zend_try_compile_cv(&cv_node, expr_ast) == FAILURE) {
2827 						zend_compile_simple_var_no_cv(&expr_node, expr_ast, BP_VAR_R, 0);
2828 					} else {
2829 						zend_emit_op_tmp(&expr_node, ZEND_QM_ASSIGN, &cv_node, NULL);
2830 					}
2831 				} else {
2832 					zend_compile_expr(&expr_node, expr_ast);
2833 				}
2834 			}
2835 
2836 			zend_compile_list_assign(result, var_ast, &expr_node, var_ast->attr);
2837 			return;
2838 		EMPTY_SWITCH_DEFAULT_CASE();
2839 	}
2840 }
2841 /* }}} */
2842 
zend_compile_assign_ref(znode *result, zend_ast *ast)2843 void zend_compile_assign_ref(znode *result, zend_ast *ast) /* {{{ */
2844 {
2845 	zend_ast *target_ast = ast->child[0];
2846 	zend_ast *source_ast = ast->child[1];
2847 
2848 	znode target_node, source_node;
2849 	zend_op *opline;
2850 	uint32_t offset, flags;
2851 
2852 	if (is_this_fetch(target_ast)) {
2853 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
2854 	}
2855 	zend_ensure_writable_variable(target_ast);
2856 
2857 	offset = zend_delayed_compile_begin();
2858 	zend_delayed_compile_var(&target_node, target_ast, BP_VAR_W, 1);
2859 	zend_compile_var(&source_node, source_ast, BP_VAR_W, 1);
2860 
2861 	if ((target_ast->kind != ZEND_AST_VAR
2862 	  || target_ast->child[0]->kind != ZEND_AST_ZVAL)
2863 	 && source_node.op_type != IS_CV) {
2864 		/* Both LHS and RHS expressions may modify the same data structure,
2865 		 * and the modification during RHS evaluation may dangle the pointer
2866 		 * to the result of the LHS evaluation.
2867 		 * Use MAKE_REF instruction to replace direct pointer with REFERENCE.
2868 		 * See: Bug #71539
2869 		 */
2870 		zend_emit_op(&source_node, ZEND_MAKE_REF, &source_node, NULL);
2871 	}
2872 
2873 	opline = zend_delayed_compile_end(offset);
2874 
2875 	if (source_node.op_type != IS_VAR && zend_is_call(source_ast)) {
2876 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use result of built-in function in write context");
2877 	}
2878 
2879 	flags = zend_is_call(source_ast) ? ZEND_RETURNS_FUNCTION : 0;
2880 
2881 	if (opline && opline->opcode == ZEND_FETCH_OBJ_W) {
2882 		opline->opcode = ZEND_ASSIGN_OBJ_REF;
2883 		opline->extended_value &= ~ZEND_FETCH_REF;
2884 		opline->extended_value |= flags;
2885 		zend_emit_op_data(&source_node);
2886 		if (result != NULL) {
2887 			*result = target_node;
2888 		}
2889 	} else if (opline && opline->opcode == ZEND_FETCH_STATIC_PROP_W) {
2890 		opline->opcode = ZEND_ASSIGN_STATIC_PROP_REF;
2891