1 /*
2    +----------------------------------------------------------------------+
3    | Zend Engine                                                          |
4    +----------------------------------------------------------------------+
5    | Copyright (c) Zend Technologies Ltd. (http://www.zend.com)           |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 2.00 of the Zend license,     |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.zend.com/license/2_00.txt.                                |
11    | If you did not receive a copy of the Zend license and are unable to  |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@zend.com so we can mail you a copy immediately.              |
14    +----------------------------------------------------------------------+
15    | Authors: Andi Gutmans <andi@php.net>                                 |
16    |          Zeev Suraski <zeev@php.net>                                 |
17    |          Dmitry Stogov <dmitry@php.net>                              |
18    +----------------------------------------------------------------------+
19 */
20 
21 #ifdef ZEND_WIN32
22 # pragma warning(disable : 4101)
23 # pragma warning(once : 6235)
24 # pragma warning(once : 6237)
25 # pragma warning(once : 6239)
26 # pragma warning(once : 6240)
27 # pragma warning(once : 6285)
28 # pragma warning(once : 6286)
29 # pragma warning(once : 6326)
30 #endif
31 static user_opcode_handler_t zend_user_opcode_handlers[256] = {
32 	(user_opcode_handler_t)NULL,
33 	(user_opcode_handler_t)NULL,
34 	(user_opcode_handler_t)NULL,
35 	(user_opcode_handler_t)NULL,
36 	(user_opcode_handler_t)NULL,
37 	(user_opcode_handler_t)NULL,
38 	(user_opcode_handler_t)NULL,
39 	(user_opcode_handler_t)NULL,
40 	(user_opcode_handler_t)NULL,
41 	(user_opcode_handler_t)NULL,
42 	(user_opcode_handler_t)NULL,
43 	(user_opcode_handler_t)NULL,
44 	(user_opcode_handler_t)NULL,
45 	(user_opcode_handler_t)NULL,
46 	(user_opcode_handler_t)NULL,
47 	(user_opcode_handler_t)NULL,
48 	(user_opcode_handler_t)NULL,
49 	(user_opcode_handler_t)NULL,
50 	(user_opcode_handler_t)NULL,
51 	(user_opcode_handler_t)NULL,
52 	(user_opcode_handler_t)NULL,
53 	(user_opcode_handler_t)NULL,
54 	(user_opcode_handler_t)NULL,
55 	(user_opcode_handler_t)NULL,
56 	(user_opcode_handler_t)NULL,
57 	(user_opcode_handler_t)NULL,
58 	(user_opcode_handler_t)NULL,
59 	(user_opcode_handler_t)NULL,
60 	(user_opcode_handler_t)NULL,
61 	(user_opcode_handler_t)NULL,
62 	(user_opcode_handler_t)NULL,
63 	(user_opcode_handler_t)NULL,
64 	(user_opcode_handler_t)NULL,
65 	(user_opcode_handler_t)NULL,
66 	(user_opcode_handler_t)NULL,
67 	(user_opcode_handler_t)NULL,
68 	(user_opcode_handler_t)NULL,
69 	(user_opcode_handler_t)NULL,
70 	(user_opcode_handler_t)NULL,
71 	(user_opcode_handler_t)NULL,
72 	(user_opcode_handler_t)NULL,
73 	(user_opcode_handler_t)NULL,
74 	(user_opcode_handler_t)NULL,
75 	(user_opcode_handler_t)NULL,
76 	(user_opcode_handler_t)NULL,
77 	(user_opcode_handler_t)NULL,
78 	(user_opcode_handler_t)NULL,
79 	(user_opcode_handler_t)NULL,
80 	(user_opcode_handler_t)NULL,
81 	(user_opcode_handler_t)NULL,
82 	(user_opcode_handler_t)NULL,
83 	(user_opcode_handler_t)NULL,
84 	(user_opcode_handler_t)NULL,
85 	(user_opcode_handler_t)NULL,
86 	(user_opcode_handler_t)NULL,
87 	(user_opcode_handler_t)NULL,
88 	(user_opcode_handler_t)NULL,
89 	(user_opcode_handler_t)NULL,
90 	(user_opcode_handler_t)NULL,
91 	(user_opcode_handler_t)NULL,
92 	(user_opcode_handler_t)NULL,
93 	(user_opcode_handler_t)NULL,
94 	(user_opcode_handler_t)NULL,
95 	(user_opcode_handler_t)NULL,
96 	(user_opcode_handler_t)NULL,
97 	(user_opcode_handler_t)NULL,
98 	(user_opcode_handler_t)NULL,
99 	(user_opcode_handler_t)NULL,
100 	(user_opcode_handler_t)NULL,
101 	(user_opcode_handler_t)NULL,
102 	(user_opcode_handler_t)NULL,
103 	(user_opcode_handler_t)NULL,
104 	(user_opcode_handler_t)NULL,
105 	(user_opcode_handler_t)NULL,
106 	(user_opcode_handler_t)NULL,
107 	(user_opcode_handler_t)NULL,
108 	(user_opcode_handler_t)NULL,
109 	(user_opcode_handler_t)NULL,
110 	(user_opcode_handler_t)NULL,
111 	(user_opcode_handler_t)NULL,
112 	(user_opcode_handler_t)NULL,
113 	(user_opcode_handler_t)NULL,
114 	(user_opcode_handler_t)NULL,
115 	(user_opcode_handler_t)NULL,
116 	(user_opcode_handler_t)NULL,
117 	(user_opcode_handler_t)NULL,
118 	(user_opcode_handler_t)NULL,
119 	(user_opcode_handler_t)NULL,
120 	(user_opcode_handler_t)NULL,
121 	(user_opcode_handler_t)NULL,
122 	(user_opcode_handler_t)NULL,
123 	(user_opcode_handler_t)NULL,
124 	(user_opcode_handler_t)NULL,
125 	(user_opcode_handler_t)NULL,
126 	(user_opcode_handler_t)NULL,
127 	(user_opcode_handler_t)NULL,
128 	(user_opcode_handler_t)NULL,
129 	(user_opcode_handler_t)NULL,
130 	(user_opcode_handler_t)NULL,
131 	(user_opcode_handler_t)NULL,
132 	(user_opcode_handler_t)NULL,
133 	(user_opcode_handler_t)NULL,
134 	(user_opcode_handler_t)NULL,
135 	(user_opcode_handler_t)NULL,
136 	(user_opcode_handler_t)NULL,
137 	(user_opcode_handler_t)NULL,
138 	(user_opcode_handler_t)NULL,
139 	(user_opcode_handler_t)NULL,
140 	(user_opcode_handler_t)NULL,
141 	(user_opcode_handler_t)NULL,
142 	(user_opcode_handler_t)NULL,
143 	(user_opcode_handler_t)NULL,
144 	(user_opcode_handler_t)NULL,
145 	(user_opcode_handler_t)NULL,
146 	(user_opcode_handler_t)NULL,
147 	(user_opcode_handler_t)NULL,
148 	(user_opcode_handler_t)NULL,
149 	(user_opcode_handler_t)NULL,
150 	(user_opcode_handler_t)NULL,
151 	(user_opcode_handler_t)NULL,
152 	(user_opcode_handler_t)NULL,
153 	(user_opcode_handler_t)NULL,
154 	(user_opcode_handler_t)NULL,
155 	(user_opcode_handler_t)NULL,
156 	(user_opcode_handler_t)NULL,
157 	(user_opcode_handler_t)NULL,
158 	(user_opcode_handler_t)NULL,
159 	(user_opcode_handler_t)NULL,
160 	(user_opcode_handler_t)NULL,
161 	(user_opcode_handler_t)NULL,
162 	(user_opcode_handler_t)NULL,
163 	(user_opcode_handler_t)NULL,
164 	(user_opcode_handler_t)NULL,
165 	(user_opcode_handler_t)NULL,
166 	(user_opcode_handler_t)NULL,
167 	(user_opcode_handler_t)NULL,
168 	(user_opcode_handler_t)NULL,
169 	(user_opcode_handler_t)NULL,
170 	(user_opcode_handler_t)NULL,
171 	(user_opcode_handler_t)NULL,
172 	(user_opcode_handler_t)NULL,
173 	(user_opcode_handler_t)NULL,
174 	(user_opcode_handler_t)NULL,
175 	(user_opcode_handler_t)NULL,
176 	(user_opcode_handler_t)NULL,
177 	(user_opcode_handler_t)NULL,
178 	(user_opcode_handler_t)NULL,
179 	(user_opcode_handler_t)NULL,
180 	(user_opcode_handler_t)NULL,
181 	(user_opcode_handler_t)NULL,
182 	(user_opcode_handler_t)NULL,
183 	(user_opcode_handler_t)NULL,
184 	(user_opcode_handler_t)NULL,
185 	(user_opcode_handler_t)NULL,
186 	(user_opcode_handler_t)NULL,
187 	(user_opcode_handler_t)NULL,
188 	(user_opcode_handler_t)NULL,
189 	(user_opcode_handler_t)NULL,
190 	(user_opcode_handler_t)NULL,
191 	(user_opcode_handler_t)NULL,
192 	(user_opcode_handler_t)NULL,
193 	(user_opcode_handler_t)NULL,
194 	(user_opcode_handler_t)NULL,
195 	(user_opcode_handler_t)NULL,
196 	(user_opcode_handler_t)NULL,
197 	(user_opcode_handler_t)NULL,
198 	(user_opcode_handler_t)NULL,
199 	(user_opcode_handler_t)NULL,
200 	(user_opcode_handler_t)NULL,
201 	(user_opcode_handler_t)NULL,
202 	(user_opcode_handler_t)NULL,
203 	(user_opcode_handler_t)NULL,
204 	(user_opcode_handler_t)NULL,
205 	(user_opcode_handler_t)NULL,
206 	(user_opcode_handler_t)NULL,
207 	(user_opcode_handler_t)NULL,
208 	(user_opcode_handler_t)NULL,
209 	(user_opcode_handler_t)NULL,
210 	(user_opcode_handler_t)NULL,
211 	(user_opcode_handler_t)NULL,
212 	(user_opcode_handler_t)NULL,
213 	(user_opcode_handler_t)NULL,
214 	(user_opcode_handler_t)NULL,
215 	(user_opcode_handler_t)NULL,
216 	(user_opcode_handler_t)NULL,
217 	(user_opcode_handler_t)NULL,
218 	(user_opcode_handler_t)NULL,
219 	(user_opcode_handler_t)NULL,
220 	(user_opcode_handler_t)NULL,
221 	(user_opcode_handler_t)NULL,
222 	(user_opcode_handler_t)NULL,
223 	(user_opcode_handler_t)NULL,
224 	(user_opcode_handler_t)NULL,
225 	(user_opcode_handler_t)NULL,
226 	(user_opcode_handler_t)NULL,
227 	(user_opcode_handler_t)NULL,
228 	(user_opcode_handler_t)NULL,
229 	(user_opcode_handler_t)NULL,
230 	(user_opcode_handler_t)NULL,
231 	(user_opcode_handler_t)NULL,
232 	(user_opcode_handler_t)NULL,
233 	(user_opcode_handler_t)NULL,
234 	(user_opcode_handler_t)NULL,
235 	(user_opcode_handler_t)NULL,
236 	(user_opcode_handler_t)NULL,
237 	(user_opcode_handler_t)NULL,
238 	(user_opcode_handler_t)NULL,
239 	(user_opcode_handler_t)NULL,
240 	(user_opcode_handler_t)NULL,
241 	(user_opcode_handler_t)NULL,
242 	(user_opcode_handler_t)NULL,
243 	(user_opcode_handler_t)NULL,
244 	(user_opcode_handler_t)NULL,
245 	(user_opcode_handler_t)NULL,
246 	(user_opcode_handler_t)NULL,
247 	(user_opcode_handler_t)NULL,
248 	(user_opcode_handler_t)NULL,
249 	(user_opcode_handler_t)NULL,
250 	(user_opcode_handler_t)NULL,
251 	(user_opcode_handler_t)NULL,
252 	(user_opcode_handler_t)NULL,
253 	(user_opcode_handler_t)NULL,
254 	(user_opcode_handler_t)NULL,
255 	(user_opcode_handler_t)NULL,
256 	(user_opcode_handler_t)NULL,
257 	(user_opcode_handler_t)NULL,
258 	(user_opcode_handler_t)NULL,
259 	(user_opcode_handler_t)NULL,
260 	(user_opcode_handler_t)NULL,
261 	(user_opcode_handler_t)NULL,
262 	(user_opcode_handler_t)NULL,
263 	(user_opcode_handler_t)NULL,
264 	(user_opcode_handler_t)NULL,
265 	(user_opcode_handler_t)NULL,
266 	(user_opcode_handler_t)NULL,
267 	(user_opcode_handler_t)NULL,
268 	(user_opcode_handler_t)NULL,
269 	(user_opcode_handler_t)NULL,
270 	(user_opcode_handler_t)NULL,
271 	(user_opcode_handler_t)NULL,
272 	(user_opcode_handler_t)NULL,
273 	(user_opcode_handler_t)NULL,
274 	(user_opcode_handler_t)NULL,
275 	(user_opcode_handler_t)NULL,
276 	(user_opcode_handler_t)NULL,
277 	(user_opcode_handler_t)NULL,
278 	(user_opcode_handler_t)NULL,
279 	(user_opcode_handler_t)NULL,
280 	(user_opcode_handler_t)NULL,
281 	(user_opcode_handler_t)NULL,
282 	(user_opcode_handler_t)NULL,
283 	(user_opcode_handler_t)NULL,
284 	(user_opcode_handler_t)NULL,
285 	(user_opcode_handler_t)NULL,
286 	(user_opcode_handler_t)NULL,
287 	(user_opcode_handler_t)NULL
288 };
289 
290 static zend_uchar zend_user_opcodes[256] = {0,
291 	1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,
292 	17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,
293 	33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,
294 	49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,
295 	65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,
296 	81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,
297 	97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,
298 	113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,
299 	129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,
300 	145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,
301 	161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,
302 	177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,
303 	193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,
304 	209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,
305 	225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,
306 	241,242,243,244,245,246,247,248,249,250,251,252,253,254,255
307 };
308 
309 #define SPEC_START_MASK        0x0000ffff
310 #define SPEC_EXTRA_MASK        0xfffc0000
311 #define SPEC_RULE_OP1          0x00010000
312 #define SPEC_RULE_OP2          0x00020000
313 #define SPEC_RULE_OP_DATA      0x00040000
314 #define SPEC_RULE_RETVAL       0x00080000
315 #define SPEC_RULE_QUICK_ARG    0x00100000
316 #define SPEC_RULE_SMART_BRANCH 0x00200000
317 #define SPEC_RULE_COMMUTATIVE  0x00800000
318 #define SPEC_RULE_ISSET        0x01000000
319 
320 static const uint32_t *zend_spec_handlers;
321 static const void * const *zend_opcode_handlers;
322 static int zend_handlers_count;
323 #if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID)
324 static const void * const * zend_opcode_handler_funcs;
325 static zend_op hybrid_halt_op;
326 #endif
327 #if (ZEND_VM_KIND != ZEND_VM_KIND_HYBRID) || !ZEND_VM_SPEC
328 static const void *zend_vm_get_opcode_handler(zend_uchar opcode, const zend_op* op);
329 #endif
330 
331 #if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID)
332 static const void *zend_vm_get_opcode_handler_func(zend_uchar opcode, const zend_op* op);
333 #else
334 # define zend_vm_get_opcode_handler_func zend_vm_get_opcode_handler
335 #endif
336 
337 #ifndef VM_TRACE
338 # define VM_TRACE(op)
339 #endif
340 #ifndef VM_TRACE_START
341 # define VM_TRACE_START()
342 #endif
343 #ifndef VM_TRACE_END
344 # define VM_TRACE_END()
345 #endif
346 #if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID)
347 #define HYBRID_NEXT()     goto *(void**)(OPLINE->handler)
348 #define HYBRID_SWITCH()   HYBRID_NEXT();
349 #define HYBRID_CASE(op)   op ## _LABEL
350 #define HYBRID_BREAK()    HYBRID_NEXT()
351 #define HYBRID_DEFAULT    ZEND_NULL_LABEL
352 #endif
353 
354 #ifdef ZEND_VM_FP_GLOBAL_REG
355 # define ZEND_OPCODE_HANDLER_ARGS void
356 # define ZEND_OPCODE_HANDLER_ARGS_PASSTHRU
357 # define ZEND_OPCODE_HANDLER_ARGS_DC
358 # define ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC
359 #else
360 # define ZEND_OPCODE_HANDLER_ARGS zend_execute_data *execute_data
361 # define ZEND_OPCODE_HANDLER_ARGS_PASSTHRU execute_data
362 # define ZEND_OPCODE_HANDLER_ARGS_DC , ZEND_OPCODE_HANDLER_ARGS
363 # define ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC , ZEND_OPCODE_HANDLER_ARGS_PASSTHRU
364 #endif
365 
366 #if defined(ZEND_VM_FP_GLOBAL_REG) && defined(ZEND_VM_IP_GLOBAL_REG)
367 # define ZEND_OPCODE_HANDLER_RET void
368 # define ZEND_VM_TAIL_CALL(call) call; return
369 # ifdef ZEND_VM_TAIL_CALL_DISPATCH
370 #  define ZEND_VM_CONTINUE()     ((opcode_handler_t)OPLINE->handler)(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); return
371 # else
372 #  define ZEND_VM_CONTINUE()     return
373 # endif
374 # if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID)
375 #  define ZEND_VM_RETURN()        opline = &hybrid_halt_op; return
376 #  define ZEND_VM_HOT             zend_always_inline ZEND_COLD ZEND_OPT_SIZE
377 #  define ZEND_VM_COLD            ZEND_COLD ZEND_OPT_SIZE
378 # else
379 #  define ZEND_VM_RETURN()        opline = NULL; return
380 #  define ZEND_VM_HOT
381 #  define ZEND_VM_COLD            ZEND_COLD ZEND_OPT_SIZE
382 # endif
383 #else
384 # define ZEND_OPCODE_HANDLER_RET int
385 # define ZEND_VM_TAIL_CALL(call) return call
386 # define ZEND_VM_CONTINUE()      return  0
387 # define ZEND_VM_RETURN()        return -1
388 # define ZEND_VM_HOT
389 # define ZEND_VM_COLD            ZEND_COLD ZEND_OPT_SIZE
390 #endif
391 
392 typedef ZEND_OPCODE_HANDLER_RET (ZEND_FASTCALL *opcode_handler_t) (ZEND_OPCODE_HANDLER_ARGS);
393 
394 #undef OPLINE
395 #undef DCL_OPLINE
396 #undef USE_OPLINE
397 #undef LOAD_OPLINE
398 #undef LOAD_OPLINE_EX
399 #undef SAVE_OPLINE
400 #undef SAVE_OPLINE_EX
401 #define DCL_OPLINE
402 #ifdef ZEND_VM_IP_GLOBAL_REG
403 # define OPLINE opline
404 # define USE_OPLINE
405 # define LOAD_OPLINE() opline = EX(opline)
406 # define LOAD_OPLINE_EX()
407 # define LOAD_NEXT_OPLINE() opline = EX(opline) + 1
408 # define SAVE_OPLINE() EX(opline) = opline
409 # define SAVE_OPLINE_EX() SAVE_OPLINE()
410 #else
411 # define OPLINE EX(opline)
412 # define USE_OPLINE const zend_op *opline = EX(opline);
413 # define LOAD_OPLINE()
414 # define LOAD_OPLINE_EX()
415 # define LOAD_NEXT_OPLINE() ZEND_VM_INC_OPCODE()
416 # define SAVE_OPLINE()
417 # define SAVE_OPLINE_EX()
418 #endif
419 #undef HANDLE_EXCEPTION
420 #undef HANDLE_EXCEPTION_LEAVE
421 #define HANDLE_EXCEPTION() LOAD_OPLINE(); ZEND_VM_CONTINUE()
422 #define HANDLE_EXCEPTION_LEAVE() LOAD_OPLINE(); ZEND_VM_LEAVE()
423 #if defined(ZEND_VM_FP_GLOBAL_REG)
424 # define ZEND_VM_ENTER_EX()        ZEND_VM_INTERRUPT_CHECK(); ZEND_VM_CONTINUE()
425 # define ZEND_VM_ENTER()           execute_data = EG(current_execute_data); LOAD_OPLINE(); ZEND_VM_ENTER_EX()
426 # define ZEND_VM_LEAVE()           ZEND_VM_CONTINUE()
427 #elif defined(ZEND_VM_IP_GLOBAL_REG)
428 # define ZEND_VM_ENTER_EX()        return  1
429 # define ZEND_VM_ENTER()           opline = EG(current_execute_data)->opline; ZEND_VM_ENTER_EX()
430 # define ZEND_VM_LEAVE()           return  2
431 #else
432 # define ZEND_VM_ENTER_EX()        return  1
433 # define ZEND_VM_ENTER()           return  1
434 # define ZEND_VM_LEAVE()           return  2
435 #endif
436 #define ZEND_VM_INTERRUPT()      ZEND_VM_TAIL_CALL(zend_interrupt_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
437 #define ZEND_VM_LOOP_INTERRUPT() zend_interrupt_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
438 #define ZEND_VM_DISPATCH(opcode, opline) ZEND_VM_TAIL_CALL(((opcode_handler_t)zend_vm_get_opcode_handler_func(opcode, opline))(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
439 
440 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_interrupt_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS);
441 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NULL_HANDLER(ZEND_OPCODE_HANDLER_ARGS);
442 
zend_add_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)443 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_add_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
444 {
445 	USE_OPLINE
446 
447 	SAVE_OPLINE();
448 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
449 		op_1 = ZVAL_UNDEFINED_OP1();
450 	}
451 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
452 		op_2 = ZVAL_UNDEFINED_OP2();
453 	}
454 	add_function(EX_VAR(opline->result.var), op_1, op_2);
455 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
456 		zval_ptr_dtor_nogc(op_1);
457 	}
458 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
459 		zval_ptr_dtor_nogc(op_2);
460 	}
461 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
462 }
463 
zend_sub_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)464 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_sub_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
465 {
466 	USE_OPLINE
467 
468 	SAVE_OPLINE();
469 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
470 		op_1 = ZVAL_UNDEFINED_OP1();
471 	}
472 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
473 		op_2 = ZVAL_UNDEFINED_OP2();
474 	}
475 	sub_function(EX_VAR(opline->result.var), op_1, op_2);
476 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
477 		zval_ptr_dtor_nogc(op_1);
478 	}
479 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
480 		zval_ptr_dtor_nogc(op_2);
481 	}
482 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
483 }
484 
zend_mul_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)485 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_mul_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
486 {
487 	USE_OPLINE
488 
489 	SAVE_OPLINE();
490 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
491 		op_1 = ZVAL_UNDEFINED_OP1();
492 	}
493 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
494 		op_2 = ZVAL_UNDEFINED_OP2();
495 	}
496 	mul_function(EX_VAR(opline->result.var), op_1, op_2);
497 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
498 		zval_ptr_dtor_nogc(op_1);
499 	}
500 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
501 		zval_ptr_dtor_nogc(op_2);
502 	}
503 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
504 }
505 
zend_mod_by_zero_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)506 static zend_never_inline ZEND_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_mod_by_zero_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
507 {
508 	USE_OPLINE
509 
510 	SAVE_OPLINE();
511 	zend_throw_exception_ex(zend_ce_division_by_zero_error, 0, "Modulo by zero");
512 	ZVAL_UNDEF(EX_VAR(opline->result.var));
513 	HANDLE_EXCEPTION();
514 }
515 
zend_mod_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)516 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_mod_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
517 {
518 	USE_OPLINE
519 
520 	SAVE_OPLINE();
521 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
522 		op_1 = ZVAL_UNDEFINED_OP1();
523 	}
524 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
525 		op_2 = ZVAL_UNDEFINED_OP2();
526 	}
527 	mod_function(EX_VAR(opline->result.var), op_1, op_2);
528 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
529 		zval_ptr_dtor_nogc(op_1);
530 	}
531 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
532 		zval_ptr_dtor_nogc(op_2);
533 	}
534 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
535 }
536 
zend_shift_left_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)537 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_shift_left_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
538 {
539 	USE_OPLINE
540 
541 	SAVE_OPLINE();
542 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
543 		op_1 = ZVAL_UNDEFINED_OP1();
544 	}
545 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
546 		op_2 = ZVAL_UNDEFINED_OP2();
547 	}
548 	shift_left_function(EX_VAR(opline->result.var), op_1, op_2);
549 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
550 		zval_ptr_dtor_nogc(op_1);
551 	}
552 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
553 		zval_ptr_dtor_nogc(op_2);
554 	}
555 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
556 }
557 
zend_shift_right_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)558 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_shift_right_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
559 {
560 	USE_OPLINE
561 
562 	SAVE_OPLINE();
563 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
564 		op_1 = ZVAL_UNDEFINED_OP1();
565 	}
566 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
567 		op_2 = ZVAL_UNDEFINED_OP2();
568 	}
569 	shift_right_function(EX_VAR(opline->result.var), op_1, op_2);
570 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
571 		zval_ptr_dtor_nogc(op_1);
572 	}
573 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
574 		zval_ptr_dtor_nogc(op_2);
575 	}
576 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
577 }
578 
zend_is_equal_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)579 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_is_equal_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
580 {
581 	USE_OPLINE
582 
583 	SAVE_OPLINE();
584 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
585 		op_1 = ZVAL_UNDEFINED_OP1();
586 	}
587 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
588 		op_2 = ZVAL_UNDEFINED_OP2();
589 	}
590 	compare_function(EX_VAR(opline->result.var), op_1, op_2);
591 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
592 		zval_ptr_dtor_nogc(op_1);
593 	}
594 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
595 		zval_ptr_dtor_nogc(op_2);
596 	}
597 	if (UNEXPECTED(EG(exception))) {
598 		HANDLE_EXCEPTION();
599 	}
600 	if (Z_LVAL_P(EX_VAR(opline->result.var)) == 0) {
601 		ZEND_VM_SMART_BRANCH_TRUE();
602 		ZVAL_TRUE(EX_VAR(opline->result.var));
603 		ZEND_VM_NEXT_OPCODE();
604 	} else {
605 		ZEND_VM_SMART_BRANCH_FALSE();
606 		ZVAL_FALSE(EX_VAR(opline->result.var));
607 		ZEND_VM_NEXT_OPCODE();
608 	}
609 }
610 
zend_is_not_equal_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)611 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_is_not_equal_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
612 {
613 	USE_OPLINE
614 
615 	SAVE_OPLINE();
616 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
617 		op_1 = ZVAL_UNDEFINED_OP1();
618 	}
619 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
620 		op_2 = ZVAL_UNDEFINED_OP2();
621 	}
622 	compare_function(EX_VAR(opline->result.var), op_1, op_2);
623 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
624 		zval_ptr_dtor_nogc(op_1);
625 	}
626 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
627 		zval_ptr_dtor_nogc(op_2);
628 	}
629 	if (UNEXPECTED(EG(exception))) {
630 		HANDLE_EXCEPTION();
631 	}
632 	if (Z_LVAL_P(EX_VAR(opline->result.var)) != 0) {
633 		ZEND_VM_SMART_BRANCH_TRUE();
634 		ZVAL_TRUE(EX_VAR(opline->result.var));
635 		ZEND_VM_NEXT_OPCODE();
636 	} else {
637 		ZEND_VM_SMART_BRANCH_FALSE();
638 		ZVAL_FALSE(EX_VAR(opline->result.var));
639 		ZEND_VM_NEXT_OPCODE();
640 	}
641 }
642 
zend_is_smaller_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)643 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_is_smaller_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
644 {
645 	USE_OPLINE
646 
647 	SAVE_OPLINE();
648 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
649 		op_1 = ZVAL_UNDEFINED_OP1();
650 	}
651 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
652 		op_2 = ZVAL_UNDEFINED_OP2();
653 	}
654 	compare_function(EX_VAR(opline->result.var), op_1, op_2);
655 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
656 		zval_ptr_dtor_nogc(op_1);
657 	}
658 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
659 		zval_ptr_dtor_nogc(op_2);
660 	}
661 	if (UNEXPECTED(EG(exception))) {
662 		HANDLE_EXCEPTION();
663 	}
664 	if (Z_LVAL_P(EX_VAR(opline->result.var)) < 0) {
665 		ZEND_VM_SMART_BRANCH_TRUE();
666 		ZVAL_TRUE(EX_VAR(opline->result.var));
667 		ZEND_VM_NEXT_OPCODE();
668 	} else {
669 		ZEND_VM_SMART_BRANCH_FALSE();
670 		ZVAL_FALSE(EX_VAR(opline->result.var));
671 		ZEND_VM_NEXT_OPCODE();
672 	}
673 }
674 
zend_is_smaller_or_equal_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)675 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_is_smaller_or_equal_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
676 {
677 	USE_OPLINE
678 
679 	SAVE_OPLINE();
680 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
681 		op_1 = ZVAL_UNDEFINED_OP1();
682 	}
683 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
684 		op_2 = ZVAL_UNDEFINED_OP2();
685 	}
686 	compare_function(EX_VAR(opline->result.var), op_1, op_2);
687 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
688 		zval_ptr_dtor_nogc(op_1);
689 	}
690 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
691 		zval_ptr_dtor_nogc(op_2);
692 	}
693 	if (UNEXPECTED(EG(exception))) {
694 		HANDLE_EXCEPTION();
695 	}
696 	if (Z_LVAL_P(EX_VAR(opline->result.var)) <= 0) {
697 		ZEND_VM_SMART_BRANCH_TRUE();
698 		ZVAL_TRUE(EX_VAR(opline->result.var));
699 		ZEND_VM_NEXT_OPCODE();
700 	} else {
701 		ZEND_VM_SMART_BRANCH_FALSE();
702 		ZVAL_FALSE(EX_VAR(opline->result.var));
703 		ZEND_VM_NEXT_OPCODE();
704 	}
705 }
706 
zend_bw_or_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)707 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_bw_or_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
708 {
709 	USE_OPLINE
710 
711 	SAVE_OPLINE();
712 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
713 		op_1 = ZVAL_UNDEFINED_OP1();
714 	}
715 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
716 		op_2 = ZVAL_UNDEFINED_OP2();
717 	}
718 	bitwise_or_function(EX_VAR(opline->result.var), op_1, op_2);
719 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
720 		zval_ptr_dtor_nogc(op_1);
721 	}
722 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
723 		zval_ptr_dtor_nogc(op_2);
724 	}
725 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
726 }
727 
zend_bw_and_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)728 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_bw_and_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
729 {
730 	USE_OPLINE
731 
732 	SAVE_OPLINE();
733 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
734 		op_1 = ZVAL_UNDEFINED_OP1();
735 	}
736 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
737 		op_2 = ZVAL_UNDEFINED_OP2();
738 	}
739 	bitwise_and_function(EX_VAR(opline->result.var), op_1, op_2);
740 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
741 		zval_ptr_dtor_nogc(op_1);
742 	}
743 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
744 		zval_ptr_dtor_nogc(op_2);
745 	}
746 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
747 }
748 
zend_bw_xor_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)749 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_bw_xor_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
750 {
751 	USE_OPLINE
752 
753 	SAVE_OPLINE();
754 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
755 		op_1 = ZVAL_UNDEFINED_OP1();
756 	}
757 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
758 		op_2 = ZVAL_UNDEFINED_OP2();
759 	}
760 	bitwise_xor_function(EX_VAR(opline->result.var), op_1, op_2);
761 	if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
762 		zval_ptr_dtor_nogc(op_1);
763 	}
764 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
765 		zval_ptr_dtor_nogc(op_2);
766 	}
767 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
768 }
769 
zend_this_not_in_object_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)770 static zend_never_inline ZEND_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_this_not_in_object_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
771 {
772 	USE_OPLINE
773 
774 	SAVE_OPLINE();
775 	zend_throw_error(NULL, "Using $this when not in object context");
776 	if ((opline+1)->opcode == ZEND_OP_DATA) {
777 		FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
778 	}
779 	FREE_UNFETCHED_OP(opline->op2_type, opline->op2.var);
780 	UNDEF_RESULT();
781 	HANDLE_EXCEPTION();
782 }
783 
zend_undefined_function_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)784 static zend_never_inline ZEND_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_undefined_function_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
785 {
786 	USE_OPLINE
787 	zval *function_name;
788 
789 	SAVE_OPLINE();
790 	function_name = RT_CONSTANT(opline, opline->op2);
791 	zend_throw_error(NULL, "Call to undefined function %s()", Z_STRVAL_P(function_name));
792 	HANDLE_EXCEPTION();
793 }
794 
ZEND_ASSIGN_STATIC_PROP_OP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)795 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_STATIC_PROP_OP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
796 {
797 	/* This helper actually never will receive IS_VAR as second op, and has the same handling for VAR and TMP in the first op, but for interoperability with the other binary_assign_op helpers, it is necessary to "include" it */
798 
799 	USE_OPLINE
800 	zend_free_op free_op_data;
801 	zval *prop, *value;
802 	zend_property_info *prop_info;
803 	zend_reference *ref;
804 
805 	SAVE_OPLINE();
806 
807 	if (UNEXPECTED(zend_fetch_static_property_address(&prop, &prop_info, (opline+1)->extended_value, BP_VAR_RW, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS)) {
808 		ZEND_ASSERT(EG(exception));
809 		UNDEF_RESULT();
810 		FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
811 		HANDLE_EXCEPTION();
812 	}
813 
814 	value = get_op_data_zval_ptr_r((opline+1)->op1_type, (opline+1)->op1, &free_op_data);
815 
816 	do {
817 		if (UNEXPECTED(Z_ISREF_P(prop))) {
818 			ref = Z_REF_P(prop);
819 			prop = Z_REFVAL_P(prop);
820 			if (UNEXPECTED(ZEND_REF_HAS_TYPE_SOURCES(ref))) {
821 				zend_binary_assign_op_typed_ref(ref, value OPLINE_CC EXECUTE_DATA_CC);
822 				break;
823 			}
824 		}
825 
826 		if (UNEXPECTED(prop_info->type)) {
827 			/* special case for typed properties */
828 			zend_binary_assign_op_typed_prop(prop_info, prop, value OPLINE_CC EXECUTE_DATA_CC);
829 		} else {
830 			zend_binary_op(prop, prop, value OPLINE_CC);
831 		}
832 	} while (0);
833 
834 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
835 		ZVAL_COPY(EX_VAR(opline->result.var), prop);
836 	}
837 
838 	FREE_OP(free_op_data);
839 	/* assign_static_prop has two opcodes! */
840 	ZEND_VM_NEXT_OPCODE_EX(1, 2);
841 }
842 
ZEND_PRE_INC_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)843 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
844 {
845 	USE_OPLINE
846 	zval *prop;
847 	zend_property_info *prop_info;
848 
849 	SAVE_OPLINE();
850 
851 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value, BP_VAR_RW, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
852 		UNDEF_RESULT();
853 		HANDLE_EXCEPTION();
854 	}
855 
856 	zend_pre_incdec_property_zval(prop, prop_info->type ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC);
857 
858 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
859 }
860 
861 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CONST|VAR) */
ZEND_POST_INC_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)862 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
863 {
864 	USE_OPLINE
865 	zval *prop;
866 	zend_property_info *prop_info;
867 
868 	SAVE_OPLINE();
869 
870 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value, BP_VAR_RW, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
871 		UNDEF_RESULT();
872 		HANDLE_EXCEPTION();
873 	}
874 
875 	zend_post_incdec_property_zval(prop, prop_info->type ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC);
876 
877 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
878 }
879 
880 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CONST|VAR) */
zend_fetch_static_prop_helper_SPEC(int type ZEND_OPCODE_HANDLER_ARGS_DC)881 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC(int type ZEND_OPCODE_HANDLER_ARGS_DC)
882 {
883 	USE_OPLINE
884 	zval *prop;
885 
886 	SAVE_OPLINE();
887 
888 	if (UNEXPECTED(zend_fetch_static_property_address(&prop, NULL, opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS, type, opline->extended_value & ZEND_FETCH_OBJ_FLAGS OPLINE_CC EXECUTE_DATA_CC) != SUCCESS)) {
889 		ZEND_ASSERT(EG(exception) || (type == BP_VAR_IS));
890 		prop = &EG(uninitialized_zval);
891 	}
892 
893 	if (type == BP_VAR_R || type == BP_VAR_IS) {
894 		ZVAL_COPY_DEREF(EX_VAR(opline->result.var), prop);
895 	} else {
896 		ZVAL_INDIRECT(EX_VAR(opline->result.var), prop);
897 	}
898 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
899 }
900 
901 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CLASS_FETCH|CONST|VAR) */
ZEND_FETCH_STATIC_PROP_R_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)902 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_STATIC_PROP_R_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
903 {
904 	ZEND_VM_TAIL_CALL(zend_fetch_static_prop_helper_SPEC(BP_VAR_R ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC));
905 }
906 
907 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CLASS_FETCH|CONST|VAR) */
ZEND_FETCH_STATIC_PROP_W_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)908 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_STATIC_PROP_W_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
909 {
910 	ZEND_VM_TAIL_CALL(zend_fetch_static_prop_helper_SPEC(BP_VAR_W ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC));
911 }
912 
913 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CLASS_FETCH|CONST|VAR) */
ZEND_FETCH_STATIC_PROP_RW_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)914 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_STATIC_PROP_RW_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
915 {
916 	ZEND_VM_TAIL_CALL(zend_fetch_static_prop_helper_SPEC(BP_VAR_RW ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC));
917 }
918 
919 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CLASS_FETCH|CONST|VAR) */
ZEND_FETCH_STATIC_PROP_FUNC_ARG_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)920 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_STATIC_PROP_FUNC_ARG_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
921 {
922 	int fetch_type =
923 		(UNEXPECTED(ZEND_CALL_INFO(EX(call)) & ZEND_CALL_SEND_ARG_BY_REF)) ?
924 			BP_VAR_W : BP_VAR_R;
925 	ZEND_VM_TAIL_CALL(zend_fetch_static_prop_helper_SPEC(fetch_type ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC));
926 }
927 
928 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CLASS_FETCH|CONST|VAR) */
ZEND_FETCH_STATIC_PROP_UNSET_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)929 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_STATIC_PROP_UNSET_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
930 {
931 	ZEND_VM_TAIL_CALL(zend_fetch_static_prop_helper_SPEC(BP_VAR_UNSET ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC));
932 }
933 
934 /* No specialization for op_types (CONST|TMPVAR|CV, UNUSED|CLASS_FETCH|CONST|VAR) */
ZEND_FETCH_STATIC_PROP_IS_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)935 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_STATIC_PROP_IS_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
936 {
937 	ZEND_VM_TAIL_CALL(zend_fetch_static_prop_helper_SPEC(BP_VAR_IS ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_CC));
938 }
939 
zend_use_tmp_in_write_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)940 static zend_never_inline ZEND_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_use_tmp_in_write_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
941 {
942 	USE_OPLINE
943 
944 	SAVE_OPLINE();
945 	zend_throw_error(NULL, "Cannot use temporary expression in write context");
946 	FREE_UNFETCHED_OP(opline->op2_type, opline->op2.var);
947 	FREE_UNFETCHED_OP(opline->op1_type, opline->op1.var);
948 	ZVAL_UNDEF(EX_VAR(opline->result.var));
949 	HANDLE_EXCEPTION();
950 }
951 
zend_use_undef_in_read_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)952 static zend_never_inline ZEND_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_use_undef_in_read_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
953 {
954 	USE_OPLINE
955 
956 	SAVE_OPLINE();
957 	zend_throw_error(NULL, "Cannot use [] for reading");
958 	FREE_UNFETCHED_OP(opline->op2_type, opline->op2.var);
959 	FREE_UNFETCHED_OP(opline->op1_type, opline->op1.var);
960 	ZVAL_UNDEF(EX_VAR(opline->result.var));
961 	HANDLE_EXCEPTION();
962 }
963 
ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)964 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
965 {
966 	USE_OPLINE
967 
968 	zval *prop, *value;
969 	zend_property_info *prop_info;
970 
971 	SAVE_OPLINE();
972 
973 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value, BP_VAR_W, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
974 
975 		UNDEF_RESULT();
976 		HANDLE_EXCEPTION();
977 	}
978 
979 	value = RT_CONSTANT((opline+1), (opline+1)->op1);
980 
981 	if (UNEXPECTED(prop_info->type)) {
982 		value = zend_assign_to_typed_prop(prop_info, prop, value EXECUTE_DATA_CC);
983 
984 	} else {
985 		value = zend_assign_to_variable(prop, value, IS_CONST, EX_USES_STRICT_TYPES());
986 	}
987 
988 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
989 		ZVAL_COPY(EX_VAR(opline->result.var), value);
990 	}
991 
992 	/* assign_static_prop has two opcodes! */
993 	ZEND_VM_NEXT_OPCODE_EX(1, 2);
994 }
995 
ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)996 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
997 {
998 	USE_OPLINE
999 	zend_free_op free_op_data;
1000 	zval *prop, *value;
1001 	zend_property_info *prop_info;
1002 
1003 	SAVE_OPLINE();
1004 
1005 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value, BP_VAR_W, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
1006 		zval_ptr_dtor_nogc(EX_VAR((opline+1)->op1.var));
1007 		UNDEF_RESULT();
1008 		HANDLE_EXCEPTION();
1009 	}
1010 
1011 	value = _get_zval_ptr_tmp((opline+1)->op1.var, &free_op_data EXECUTE_DATA_CC);
1012 
1013 	if (UNEXPECTED(prop_info->type)) {
1014 		value = zend_assign_to_typed_prop(prop_info, prop, value EXECUTE_DATA_CC);
1015 		zval_ptr_dtor_nogc(free_op_data);
1016 	} else {
1017 		value = zend_assign_to_variable(prop, value, IS_TMP_VAR, EX_USES_STRICT_TYPES());
1018 	}
1019 
1020 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
1021 		ZVAL_COPY(EX_VAR(opline->result.var), value);
1022 	}
1023 
1024 	/* assign_static_prop has two opcodes! */
1025 	ZEND_VM_NEXT_OPCODE_EX(1, 2);
1026 }
1027 
ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1028 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1029 {
1030 	USE_OPLINE
1031 	zend_free_op free_op_data;
1032 	zval *prop, *value;
1033 	zend_property_info *prop_info;
1034 
1035 	SAVE_OPLINE();
1036 
1037 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value, BP_VAR_W, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
1038 		zval_ptr_dtor_nogc(EX_VAR((opline+1)->op1.var));
1039 		UNDEF_RESULT();
1040 		HANDLE_EXCEPTION();
1041 	}
1042 
1043 	value = _get_zval_ptr_var((opline+1)->op1.var, &free_op_data EXECUTE_DATA_CC);
1044 
1045 	if (UNEXPECTED(prop_info->type)) {
1046 		value = zend_assign_to_typed_prop(prop_info, prop, value EXECUTE_DATA_CC);
1047 		zval_ptr_dtor_nogc(free_op_data);
1048 	} else {
1049 		value = zend_assign_to_variable(prop, value, IS_VAR, EX_USES_STRICT_TYPES());
1050 	}
1051 
1052 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
1053 		ZVAL_COPY(EX_VAR(opline->result.var), value);
1054 	}
1055 
1056 	/* assign_static_prop has two opcodes! */
1057 	ZEND_VM_NEXT_OPCODE_EX(1, 2);
1058 }
1059 
ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1060 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_STATIC_PROP_SPEC_OP_DATA_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1061 {
1062 	USE_OPLINE
1063 
1064 	zval *prop, *value;
1065 	zend_property_info *prop_info;
1066 
1067 	SAVE_OPLINE();
1068 
1069 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value, BP_VAR_W, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
1070 
1071 		UNDEF_RESULT();
1072 		HANDLE_EXCEPTION();
1073 	}
1074 
1075 	value = _get_zval_ptr_cv_BP_VAR_R((opline+1)->op1.var EXECUTE_DATA_CC);
1076 
1077 	if (UNEXPECTED(prop_info->type)) {
1078 		value = zend_assign_to_typed_prop(prop_info, prop, value EXECUTE_DATA_CC);
1079 
1080 	} else {
1081 		value = zend_assign_to_variable(prop, value, IS_CV, EX_USES_STRICT_TYPES());
1082 	}
1083 
1084 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
1085 		ZVAL_COPY(EX_VAR(opline->result.var), value);
1086 	}
1087 
1088 	/* assign_static_prop has two opcodes! */
1089 	ZEND_VM_NEXT_OPCODE_EX(1, 2);
1090 }
1091 
ZEND_ASSIGN_STATIC_PROP_REF_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1092 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_STATIC_PROP_REF_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1093 {
1094 	USE_OPLINE
1095 	zend_free_op free_op_data;
1096 	zval *prop, *value_ptr;
1097 	zend_property_info *prop_info;
1098 
1099 	SAVE_OPLINE();
1100 
1101 	if (zend_fetch_static_property_address(&prop, &prop_info, opline->extended_value & ~ZEND_RETURNS_FUNCTION, BP_VAR_W, 0 OPLINE_CC EXECUTE_DATA_CC) != SUCCESS) {
1102 		FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
1103 		UNDEF_RESULT();
1104 		HANDLE_EXCEPTION();
1105 	}
1106 
1107 	value_ptr = get_zval_ptr_ptr((opline+1)->op1_type, (opline+1)->op1, &free_op_data, BP_VAR_W);
1108 
1109 	if ((opline+1)->op1_type == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
1110 		prop = &EG(uninitialized_zval);
1111 	} else if ((opline+1)->op1_type == IS_VAR && (opline->extended_value & ZEND_RETURNS_FUNCTION) && UNEXPECTED(!Z_ISREF_P(value_ptr))) {
1112 		if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(prop, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
1113 			prop = &EG(uninitialized_zval);
1114 		}
1115 	} else if (UNEXPECTED(prop_info->type)) {
1116 		prop = zend_assign_to_typed_property_reference(prop_info, prop, value_ptr EXECUTE_DATA_CC);
1117 	} else {
1118 		zend_assign_to_variable_reference(prop, value_ptr);
1119 	}
1120 
1121 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
1122 		ZVAL_COPY(EX_VAR(opline->result.var), prop);
1123 	}
1124 
1125 	if (free_op_data) {zval_ptr_dtor_nogc(free_op_data);};
1126 	ZEND_VM_NEXT_OPCODE_EX(1, 2);
1127 }
1128 
zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)1129 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
1130 {
1131 	zend_execute_data *old_execute_data;
1132 	uint32_t call_info = EX_CALL_INFO();
1133 	SAVE_OPLINE();
1134 
1135 	if (EXPECTED((call_info & (ZEND_CALL_CODE|ZEND_CALL_TOP|ZEND_CALL_HAS_SYMBOL_TABLE|ZEND_CALL_FREE_EXTRA_ARGS|ZEND_CALL_ALLOCATED)) == 0)) {
1136 		EG(current_execute_data) = EX(prev_execute_data);
1137 		i_free_compiled_variables(execute_data);
1138 
1139 #ifdef ZEND_PREFER_RELOAD
1140 		call_info = EX_CALL_INFO();
1141 #endif
1142 		if (UNEXPECTED(call_info & ZEND_CALL_RELEASE_THIS)) {
1143 			OBJ_RELEASE(Z_OBJ(execute_data->This));
1144 		} else if (UNEXPECTED(call_info & ZEND_CALL_CLOSURE)) {
1145 			OBJ_RELEASE(ZEND_CLOSURE_OBJECT(EX(func)));
1146 		}
1147 		EG(vm_stack_top) = (zval*)execute_data;
1148 		execute_data = EX(prev_execute_data);
1149 
1150 		if (UNEXPECTED(EG(exception) != NULL)) {
1151 			zend_rethrow_exception(execute_data);
1152 			HANDLE_EXCEPTION_LEAVE();
1153 		}
1154 
1155 		LOAD_NEXT_OPLINE();
1156 		ZEND_VM_LEAVE();
1157 	} else if (EXPECTED((call_info & (ZEND_CALL_CODE|ZEND_CALL_TOP)) == 0)) {
1158 		EG(current_execute_data) = EX(prev_execute_data);
1159 		i_free_compiled_variables(execute_data);
1160 
1161 #ifdef ZEND_PREFER_RELOAD
1162 		call_info = EX_CALL_INFO();
1163 #endif
1164 		if (UNEXPECTED(call_info & ZEND_CALL_HAS_SYMBOL_TABLE)) {
1165 			zend_clean_and_cache_symbol_table(EX(symbol_table));
1166 		}
1167 
1168 		/* Free extra args before releasing the closure,
1169 		 * as that may free the op_array. */
1170 		zend_vm_stack_free_extra_args_ex(call_info, execute_data);
1171 
1172 		if (UNEXPECTED(call_info & ZEND_CALL_RELEASE_THIS)) {
1173 			OBJ_RELEASE(Z_OBJ(execute_data->This));
1174 		} else if (UNEXPECTED(call_info & ZEND_CALL_CLOSURE)) {
1175 			OBJ_RELEASE(ZEND_CLOSURE_OBJECT(EX(func)));
1176 		}
1177 
1178 		old_execute_data = execute_data;
1179 		execute_data = EX(prev_execute_data);
1180 		zend_vm_stack_free_call_frame_ex(call_info, old_execute_data);
1181 
1182 		if (UNEXPECTED(EG(exception) != NULL)) {
1183 			zend_rethrow_exception(execute_data);
1184 			HANDLE_EXCEPTION_LEAVE();
1185 		}
1186 
1187 		LOAD_NEXT_OPLINE();
1188 		ZEND_VM_LEAVE();
1189 	} else if (EXPECTED((call_info & ZEND_CALL_TOP) == 0)) {
1190 		zend_detach_symbol_table(execute_data);
1191 		destroy_op_array(&EX(func)->op_array);
1192 		efree_size(EX(func), sizeof(zend_op_array));
1193 #ifdef ZEND_PREFER_RELOAD
1194 		call_info = EX_CALL_INFO();
1195 #endif
1196 		old_execute_data = execute_data;
1197 		execute_data = EG(current_execute_data) = EX(prev_execute_data);
1198 		zend_vm_stack_free_call_frame_ex(call_info, old_execute_data);
1199 
1200 		zend_attach_symbol_table(execute_data);
1201 		if (UNEXPECTED(EG(exception) != NULL)) {
1202 			zend_rethrow_exception(execute_data);
1203 			HANDLE_EXCEPTION_LEAVE();
1204 		}
1205 
1206 		LOAD_NEXT_OPLINE();
1207 		ZEND_VM_LEAVE();
1208 	} else {
1209 		if (EXPECTED((call_info & ZEND_CALL_CODE) == 0)) {
1210 			EG(current_execute_data) = EX(prev_execute_data);
1211 			i_free_compiled_variables(execute_data);
1212 #ifdef ZEND_PREFER_RELOAD
1213 			call_info = EX_CALL_INFO();
1214 #endif
1215 			if (UNEXPECTED(call_info & (ZEND_CALL_HAS_SYMBOL_TABLE|ZEND_CALL_FREE_EXTRA_ARGS))) {
1216 				if (UNEXPECTED(call_info & ZEND_CALL_HAS_SYMBOL_TABLE)) {
1217 					zend_clean_and_cache_symbol_table(EX(symbol_table));
1218 				}
1219 				zend_vm_stack_free_extra_args_ex(call_info, execute_data);
1220 			}
1221 			if (UNEXPECTED(call_info & ZEND_CALL_CLOSURE)) {
1222 				OBJ_RELEASE(ZEND_CLOSURE_OBJECT(EX(func)));
1223 			}
1224 			ZEND_VM_RETURN();
1225 		} else /* if (call_kind == ZEND_CALL_TOP_CODE) */ {
1226 			zend_array *symbol_table = EX(symbol_table);
1227 
1228 			zend_detach_symbol_table(execute_data);
1229 			old_execute_data = EX(prev_execute_data);
1230 			while (old_execute_data) {
1231 				if (old_execute_data->func && (ZEND_CALL_INFO(old_execute_data) & ZEND_CALL_HAS_SYMBOL_TABLE)) {
1232 					if (old_execute_data->symbol_table == symbol_table) {
1233 						zend_attach_symbol_table(old_execute_data);
1234 					}
1235 					break;
1236 				}
1237 				old_execute_data = old_execute_data->prev_execute_data;
1238 			}
1239 			EG(current_execute_data) = EX(prev_execute_data);
1240 			ZEND_VM_RETURN();
1241 		}
1242 	}
1243 }
1244 
ZEND_JMP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1245 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1246 {
1247 	USE_OPLINE
1248 
1249 	ZEND_VM_JMP_EX(OP_JMP_ADDR(opline, opline->op1), 0);
1250 }
1251 
ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1252 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1253 {
1254 	USE_OPLINE
1255 	zend_execute_data *call = EX(call);
1256 	zend_function *fbc = call->func;
1257 	zval *ret;
1258 	zval retval;
1259 
1260 	SAVE_OPLINE();
1261 	EX(call) = call->prev_execute_data;
1262 
1263 	call->prev_execute_data = execute_data;
1264 	EG(current_execute_data) = call;
1265 
1266 	ret = 0 ? EX_VAR(opline->result.var) : &retval;
1267 	ZVAL_NULL(ret);
1268 
1269 	fbc->internal_function.handler(call, ret);
1270 
1271 #if ZEND_DEBUG
1272 	if (!EG(exception) && call->func) {
1273 		ZEND_ASSERT(!(call->func->common.fn_flags & ZEND_ACC_HAS_RETURN_TYPE) ||
1274 			zend_verify_internal_return_type(call->func, ret));
1275 		ZEND_ASSERT((call->func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)
1276 			? Z_ISREF_P(ret) : !Z_ISREF_P(ret));
1277 	}
1278 #endif
1279 
1280 	EG(current_execute_data) = execute_data;
1281 	zend_vm_stack_free_args(call);
1282 	zend_vm_stack_free_call_frame(call);
1283 
1284 	if (!0) {
1285 		i_zval_ptr_dtor(ret);
1286 	}
1287 
1288 	if (UNEXPECTED(EG(exception) != NULL)) {
1289 		zend_rethrow_exception(execute_data);
1290 		HANDLE_EXCEPTION();
1291 	}
1292 
1293 	ZEND_VM_SET_OPCODE(opline + 1);
1294 	ZEND_VM_CONTINUE();
1295 }
1296 
ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1297 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1298 {
1299 	USE_OPLINE
1300 	zend_execute_data *call = EX(call);
1301 	zend_function *fbc = call->func;
1302 	zval *ret;
1303 	zval retval;
1304 
1305 	SAVE_OPLINE();
1306 	EX(call) = call->prev_execute_data;
1307 
1308 	call->prev_execute_data = execute_data;
1309 	EG(current_execute_data) = call;
1310 
1311 	ret = 1 ? EX_VAR(opline->result.var) : &retval;
1312 	ZVAL_NULL(ret);
1313 
1314 	fbc->internal_function.handler(call, ret);
1315 
1316 #if ZEND_DEBUG
1317 	if (!EG(exception) && call->func) {
1318 		ZEND_ASSERT(!(call->func->common.fn_flags & ZEND_ACC_HAS_RETURN_TYPE) ||
1319 			zend_verify_internal_return_type(call->func, ret));
1320 		ZEND_ASSERT((call->func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)
1321 			? Z_ISREF_P(ret) : !Z_ISREF_P(ret));
1322 	}
1323 #endif
1324 
1325 	EG(current_execute_data) = execute_data;
1326 	zend_vm_stack_free_args(call);
1327 	zend_vm_stack_free_call_frame(call);
1328 
1329 	if (!1) {
1330 		i_zval_ptr_dtor(ret);
1331 	}
1332 
1333 	if (UNEXPECTED(EG(exception) != NULL)) {
1334 		zend_rethrow_exception(execute_data);
1335 		HANDLE_EXCEPTION();
1336 	}
1337 
1338 	ZEND_VM_SET_OPCODE(opline + 1);
1339 	ZEND_VM_CONTINUE();
1340 }
1341 
ZEND_DO_UCALL_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1342 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_UCALL_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1343 {
1344 	USE_OPLINE
1345 	zend_execute_data *call = EX(call);
1346 	zend_function *fbc = call->func;
1347 	zval *ret;
1348 
1349 	SAVE_OPLINE();
1350 	EX(call) = call->prev_execute_data;
1351 
1352 	ret = NULL;
1353 	if (0) {
1354 		ret = EX_VAR(opline->result.var);
1355 	}
1356 
1357 	call->prev_execute_data = execute_data;
1358 	execute_data = call;
1359 	i_init_func_execute_data(&fbc->op_array, ret, 0 EXECUTE_DATA_CC);
1360 	LOAD_OPLINE_EX();
1361 
1362 	ZEND_VM_ENTER_EX();
1363 }
1364 
ZEND_DO_UCALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1365 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_UCALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1366 {
1367 	USE_OPLINE
1368 	zend_execute_data *call = EX(call);
1369 	zend_function *fbc = call->func;
1370 	zval *ret;
1371 
1372 	SAVE_OPLINE();
1373 	EX(call) = call->prev_execute_data;
1374 
1375 	ret = NULL;
1376 	if (1) {
1377 		ret = EX_VAR(opline->result.var);
1378 	}
1379 
1380 	call->prev_execute_data = execute_data;
1381 	execute_data = call;
1382 	i_init_func_execute_data(&fbc->op_array, ret, 0 EXECUTE_DATA_CC);
1383 	LOAD_OPLINE_EX();
1384 
1385 	ZEND_VM_ENTER_EX();
1386 }
1387 
ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1388 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1389 {
1390 	USE_OPLINE
1391 	zend_execute_data *call = EX(call);
1392 	zend_function *fbc = call->func;
1393 	zval *ret;
1394 
1395 	SAVE_OPLINE();
1396 	EX(call) = call->prev_execute_data;
1397 
1398 	if (EXPECTED(fbc->type == ZEND_USER_FUNCTION)) {
1399 		ret = NULL;
1400 		if (0) {
1401 			ret = EX_VAR(opline->result.var);
1402 		}
1403 
1404 		call->prev_execute_data = execute_data;
1405 		execute_data = call;
1406 		i_init_func_execute_data(&fbc->op_array, ret, 0 EXECUTE_DATA_CC);
1407 		LOAD_OPLINE_EX();
1408 
1409 		ZEND_VM_ENTER_EX();
1410 	} else {
1411 		zval retval;
1412 		ZEND_ASSERT(fbc->type == ZEND_INTERNAL_FUNCTION);
1413 
1414 		if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_DEPRECATED) != 0)) {
1415 			zend_deprecated_function(fbc);
1416 			if (UNEXPECTED(EG(exception) != NULL)) {
1417 				UNDEF_RESULT();
1418 				if (!0) {
1419 					ret = &retval;
1420 					ZVAL_UNDEF(ret);
1421 				}
1422 				goto fcall_by_name_end;
1423 			}
1424 		}
1425 
1426 		call->prev_execute_data = execute_data;
1427 		EG(current_execute_data) = call;
1428 
1429 		if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_HAS_TYPE_HINTS)
1430 		 && UNEXPECTED(!zend_verify_internal_arg_types(fbc, call))) {
1431 			UNDEF_RESULT();
1432 			if (!0) {
1433 				ret = &retval;
1434 				ZVAL_UNDEF(ret);
1435 			}
1436 			goto fcall_by_name_end;
1437 		}
1438 
1439 		ret = 0 ? EX_VAR(opline->result.var) : &retval;
1440 		ZVAL_NULL(ret);
1441 
1442 		fbc->internal_function.handler(call, ret);
1443 
1444 #if ZEND_DEBUG
1445 		if (!EG(exception) && call->func) {
1446 			ZEND_ASSERT(!(call->func->common.fn_flags & ZEND_ACC_HAS_RETURN_TYPE) ||
1447 				zend_verify_internal_return_type(call->func, ret));
1448 			ZEND_ASSERT((call->func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)
1449 				? Z_ISREF_P(ret) : !Z_ISREF_P(ret));
1450 		}
1451 #endif
1452 
1453 		EG(current_execute_data) = execute_data;
1454 
1455 fcall_by_name_end:
1456 		zend_vm_stack_free_args(call);
1457 		zend_vm_stack_free_call_frame(call);
1458 
1459 		if (!0) {
1460 			i_zval_ptr_dtor(ret);
1461 		}
1462 	}
1463 
1464 	if (UNEXPECTED(EG(exception) != NULL)) {
1465 		zend_rethrow_exception(execute_data);
1466 		HANDLE_EXCEPTION();
1467 	}
1468 	ZEND_VM_SET_OPCODE(opline + 1);
1469 	ZEND_VM_CONTINUE();
1470 }
1471 
ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1472 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1473 {
1474 	USE_OPLINE
1475 	zend_execute_data *call = EX(call);
1476 	zend_function *fbc = call->func;
1477 	zval *ret;
1478 
1479 	SAVE_OPLINE();
1480 	EX(call) = call->prev_execute_data;
1481 
1482 	if (EXPECTED(fbc->type == ZEND_USER_FUNCTION)) {
1483 		ret = NULL;
1484 		if (1) {
1485 			ret = EX_VAR(opline->result.var);
1486 		}
1487 
1488 		call->prev_execute_data = execute_data;
1489 		execute_data = call;
1490 		i_init_func_execute_data(&fbc->op_array, ret, 0 EXECUTE_DATA_CC);
1491 		LOAD_OPLINE_EX();
1492 
1493 		ZEND_VM_ENTER_EX();
1494 	} else {
1495 		zval retval;
1496 		ZEND_ASSERT(fbc->type == ZEND_INTERNAL_FUNCTION);
1497 
1498 		if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_DEPRECATED) != 0)) {
1499 			zend_deprecated_function(fbc);
1500 			if (UNEXPECTED(EG(exception) != NULL)) {
1501 				UNDEF_RESULT();
1502 				if (!1) {
1503 					ret = &retval;
1504 					ZVAL_UNDEF(ret);
1505 				}
1506 				goto fcall_by_name_end;
1507 			}
1508 		}
1509 
1510 		call->prev_execute_data = execute_data;
1511 		EG(current_execute_data) = call;
1512 
1513 		if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_HAS_TYPE_HINTS)
1514 		 && UNEXPECTED(!zend_verify_internal_arg_types(fbc, call))) {
1515 			UNDEF_RESULT();
1516 			if (!1) {
1517 				ret = &retval;
1518 				ZVAL_UNDEF(ret);
1519 			}
1520 			goto fcall_by_name_end;
1521 		}
1522 
1523 		ret = 1 ? EX_VAR(opline->result.var) : &retval;
1524 		ZVAL_NULL(ret);
1525 
1526 		fbc->internal_function.handler(call, ret);
1527 
1528 #if ZEND_DEBUG
1529 		if (!EG(exception) && call->func) {
1530 			ZEND_ASSERT(!(call->func->common.fn_flags & ZEND_ACC_HAS_RETURN_TYPE) ||
1531 				zend_verify_internal_return_type(call->func, ret));
1532 			ZEND_ASSERT((call->func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)
1533 				? Z_ISREF_P(ret) : !Z_ISREF_P(ret));
1534 		}
1535 #endif
1536 
1537 		EG(current_execute_data) = execute_data;
1538 
1539 fcall_by_name_end:
1540 		zend_vm_stack_free_args(call);
1541 		zend_vm_stack_free_call_frame(call);
1542 
1543 		if (!1) {
1544 			i_zval_ptr_dtor(ret);
1545 		}
1546 	}
1547 
1548 	if (UNEXPECTED(EG(exception) != NULL)) {
1549 		zend_rethrow_exception(execute_data);
1550 		HANDLE_EXCEPTION();
1551 	}
1552 	ZEND_VM_SET_OPCODE(opline + 1);
1553 	ZEND_VM_CONTINUE();
1554 }
1555 
ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1556 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1557 {
1558 	USE_OPLINE
1559 	zend_execute_data *call = EX(call);
1560 	zend_function *fbc = call->func;
1561 	zval *ret;
1562 	zval retval;
1563 
1564 	SAVE_OPLINE();
1565 	EX(call) = call->prev_execute_data;
1566 	if (UNEXPECTED((fbc->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_DEPRECATED)) != 0)) {
1567 		if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_ABSTRACT) != 0)) {
1568 			zend_abstract_method(fbc);
1569 fcall_except:
1570 			UNDEF_RESULT();
1571 			if (!0) {
1572 				ret = &retval;
1573 				ZVAL_UNDEF(ret);
1574 			}
1575 			goto fcall_end;
1576 		} else {
1577 			zend_deprecated_function(fbc);
1578 			if (UNEXPECTED(EG(exception) != NULL)) {
1579 				goto fcall_except;
1580 			}
1581 		}
1582 	}
1583 
1584 	if (EXPECTED(fbc->type == ZEND_USER_FUNCTION)) {
1585 		ret = NULL;
1586 		if (0) {
1587 			ret = EX_VAR(opline->result.var);
1588 		}
1589 
1590 		call->prev_execute_data = execute_data;
1591 		execute_data = call;
1592 		i_init_func_execute_data(&fbc->op_array, ret, 1 EXECUTE_DATA_CC);
1593 
1594 		if (EXPECTED(zend_execute_ex == execute_ex)) {
1595 			LOAD_OPLINE_EX();
1596 			ZEND_VM_ENTER_EX();
1597 		} else {
1598 			SAVE_OPLINE_EX();
1599 			execute_data = EX(prev_execute_data);
1600 			LOAD_OPLINE();
1601 			ZEND_ADD_CALL_FLAG(call, ZEND_CALL_TOP);
1602 			zend_execute_ex(call);
1603 		}
1604 	} else if (EXPECTED(fbc->type < ZEND_USER_FUNCTION)) {
1605 		call->prev_execute_data = execute_data;
1606 		EG(current_execute_data) = call;
1607 
1608 		if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_HAS_TYPE_HINTS)
1609 		  && UNEXPECTED(!zend_verify_internal_arg_types(fbc, call))) {
1610 			goto fcall_except;
1611 		}
1612 
1613 		ret = 0 ? EX_VAR(opline->result.var) : &retval;
1614 		ZVAL_NULL(ret);
1615 
1616 		if (!zend_execute_internal) {
1617 			/* saves one function call if zend_execute_internal is not used */
1618 			fbc->internal_function.handler(call, ret);
1619 		} else {
1620 			zend_execute_internal(call, ret);
1621 		}
1622 
1623 #if ZEND_DEBUG
1624 		if (!EG(exception) && call->func) {
1625 			ZEND_ASSERT(!(call->func->common.fn_flags & ZEND_ACC_HAS_RETURN_TYPE) ||
1626 				zend_verify_internal_return_type(call->func, ret));
1627 			ZEND_ASSERT((call->func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)
1628 				? Z_ISREF_P(ret) : !Z_ISREF_P(ret));
1629 		}
1630 #endif
1631 
1632 		EG(current_execute_data) = execute_data;
1633 
1634 fcall_end:
1635 		zend_vm_stack_free_args(call);
1636 		if (!0) {
1637 			i_zval_ptr_dtor(ret);
1638 		}
1639 	} else { /* ZEND_OVERLOADED_FUNCTION */
1640 		ret = 0 ? EX_VAR(opline->result.var) : &retval;
1641 
1642 		call->prev_execute_data = execute_data;
1643 
1644 		if (UNEXPECTED(!zend_do_fcall_overloaded(call, ret))) {
1645 			UNDEF_RESULT();
1646 			HANDLE_EXCEPTION();
1647 		}
1648 
1649 		if (!0) {
1650 			zval_ptr_dtor(ret);
1651 		}
1652 	}
1653 
1654 	if (UNEXPECTED(ZEND_CALL_INFO(call) & ZEND_CALL_RELEASE_THIS)) {
1655 		OBJ_RELEASE(Z_OBJ(call->This));
1656 	}
1657 
1658 	zend_vm_stack_free_call_frame(call);
1659 	if (UNEXPECTED(EG(exception) != NULL)) {
1660 		zend_rethrow_exception(execute_data);
1661 		HANDLE_EXCEPTION();
1662 	}
1663 
1664 	ZEND_VM_SET_OPCODE(opline + 1);
1665 	ZEND_VM_CONTINUE();
1666 }
1667 
ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1668 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1669 {
1670 	USE_OPLINE
1671 	zend_execute_data *call = EX(call);
1672 	zend_function *fbc = call->func;
1673 	zval *ret;
1674 	zval retval;
1675 
1676 	SAVE_OPLINE();
1677 	EX(call) = call->prev_execute_data;
1678 	if (UNEXPECTED((fbc->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_DEPRECATED)) != 0)) {
1679 		if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_ABSTRACT) != 0)) {
1680 			zend_abstract_method(fbc);
1681 fcall_except:
1682 			UNDEF_RESULT();
1683 			if (!1) {
1684 				ret = &retval;
1685 				ZVAL_UNDEF(ret);
1686 			}
1687 			goto fcall_end;
1688 		} else {
1689 			zend_deprecated_function(fbc);
1690 			if (UNEXPECTED(EG(exception) != NULL)) {
1691 				goto fcall_except;
1692 			}
1693 		}
1694 	}
1695 
1696 	if (EXPECTED(fbc->type == ZEND_USER_FUNCTION)) {
1697 		ret = NULL;
1698 		if (1) {
1699 			ret = EX_VAR(opline->result.var);
1700 		}
1701 
1702 		call->prev_execute_data = execute_data;
1703 		execute_data = call;
1704 		i_init_func_execute_data(&fbc->op_array, ret, 1 EXECUTE_DATA_CC);
1705 
1706 		if (EXPECTED(zend_execute_ex == execute_ex)) {
1707 			LOAD_OPLINE_EX();
1708 			ZEND_VM_ENTER_EX();
1709 		} else {
1710 			SAVE_OPLINE_EX();
1711 			execute_data = EX(prev_execute_data);
1712 			LOAD_OPLINE();
1713 			ZEND_ADD_CALL_FLAG(call, ZEND_CALL_TOP);
1714 			zend_execute_ex(call);
1715 		}
1716 	} else if (EXPECTED(fbc->type < ZEND_USER_FUNCTION)) {
1717 		call->prev_execute_data = execute_data;
1718 		EG(current_execute_data) = call;
1719 
1720 		if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_HAS_TYPE_HINTS)
1721 		  && UNEXPECTED(!zend_verify_internal_arg_types(fbc, call))) {
1722 			goto fcall_except;
1723 		}
1724 
1725 		ret = 1 ? EX_VAR(opline->result.var) : &retval;
1726 		ZVAL_NULL(ret);
1727 
1728 		if (!zend_execute_internal) {
1729 			/* saves one function call if zend_execute_internal is not used */
1730 			fbc->internal_function.handler(call, ret);
1731 		} else {
1732 			zend_execute_internal(call, ret);
1733 		}
1734 
1735 #if ZEND_DEBUG
1736 		if (!EG(exception) && call->func) {
1737 			ZEND_ASSERT(!(call->func->common.fn_flags & ZEND_ACC_HAS_RETURN_TYPE) ||
1738 				zend_verify_internal_return_type(call->func, ret));
1739 			ZEND_ASSERT((call->func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)
1740 				? Z_ISREF_P(ret) : !Z_ISREF_P(ret));
1741 		}
1742 #endif
1743 
1744 		EG(current_execute_data) = execute_data;
1745 
1746 fcall_end:
1747 		zend_vm_stack_free_args(call);
1748 		if (!1) {
1749 			i_zval_ptr_dtor(ret);
1750 		}
1751 	} else { /* ZEND_OVERLOADED_FUNCTION */
1752 		ret = 1 ? EX_VAR(opline->result.var) : &retval;
1753 
1754 		call->prev_execute_data = execute_data;
1755 
1756 		if (UNEXPECTED(!zend_do_fcall_overloaded(call, ret))) {
1757 			UNDEF_RESULT();
1758 			HANDLE_EXCEPTION();
1759 		}
1760 
1761 		if (!1) {
1762 			zval_ptr_dtor(ret);
1763 		}
1764 	}
1765 
1766 	if (UNEXPECTED(ZEND_CALL_INFO(call) & ZEND_CALL_RELEASE_THIS)) {
1767 		OBJ_RELEASE(Z_OBJ(call->This));
1768 	}
1769 
1770 	zend_vm_stack_free_call_frame(call);
1771 	if (UNEXPECTED(EG(exception) != NULL)) {
1772 		zend_rethrow_exception(execute_data);
1773 		HANDLE_EXCEPTION();
1774 	}
1775 
1776 	ZEND_VM_SET_OPCODE(opline + 1);
1777 	ZEND_VM_CONTINUE();
1778 }
1779 
ZEND_GENERATOR_CREATE_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1780 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_GENERATOR_CREATE_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1781 {
1782 	zval *return_value = EX(return_value);
1783 
1784 	if (EXPECTED(return_value)) {
1785 		USE_OPLINE
1786 		zend_generator *generator;
1787 		zend_execute_data *gen_execute_data;
1788 		uint32_t num_args, used_stack, call_info;
1789 
1790 		object_init_ex(return_value, zend_ce_generator);
1791 
1792 		/*
1793 		 * Normally the execute_data is allocated on the VM stack (because it does
1794 		 * not actually do any allocation and thus is faster). For generators
1795 		 * though this behavior would be suboptimal, because the (rather large)
1796 		 * structure would have to be copied back and forth every time execution is
1797 		 * suspended or resumed. That's why for generators the execution context
1798 		 * is allocated on heap.
1799 		 */
1800 		num_args = EX_NUM_ARGS();
1801 		if (EXPECTED(num_args <= EX(func)->op_array.num_args)) {
1802 			used_stack = (ZEND_CALL_FRAME_SLOT + EX(func)->op_array.last_var + EX(func)->op_array.T) * sizeof(zval);
1803 			gen_execute_data = (zend_execute_data*)emalloc(used_stack);
1804 			used_stack = (ZEND_CALL_FRAME_SLOT + EX(func)->op_array.last_var) * sizeof(zval);
1805 		} else {
1806 			used_stack = (ZEND_CALL_FRAME_SLOT + num_args + EX(func)->op_array.last_var + EX(func)->op_array.T - EX(func)->op_array.num_args) * sizeof(zval);
1807 			gen_execute_data = (zend_execute_data*)emalloc(used_stack);
1808 		}
1809 		memcpy(gen_execute_data, execute_data, used_stack);
1810 
1811 		/* Save execution context in generator object. */
1812 		generator = (zend_generator *) Z_OBJ_P(EX(return_value));
1813 		generator->execute_data = gen_execute_data;
1814 		generator->frozen_call_stack = NULL;
1815 		generator->execute_fake.opline = NULL;
1816 		generator->execute_fake.func = NULL;
1817 		generator->execute_fake.prev_execute_data = NULL;
1818 		ZVAL_OBJ(&generator->execute_fake.This, (zend_object *) generator);
1819 
1820 		gen_execute_data->opline = opline + 1;
1821 		/* EX(return_value) keeps pointer to zend_object (not a real zval) */
1822 		gen_execute_data->return_value = (zval*)generator;
1823 		call_info = Z_TYPE_INFO(EX(This));
1824 		if ((call_info & Z_TYPE_MASK) == IS_OBJECT
1825 		 && (!(call_info & (ZEND_CALL_CLOSURE|ZEND_CALL_RELEASE_THIS))
1826 			 /* Bug #72523 */
1827 			|| UNEXPECTED(zend_execute_ex != execute_ex))) {
1828 			ZEND_ADD_CALL_FLAG_EX(call_info, ZEND_CALL_RELEASE_THIS);
1829 			Z_ADDREF(gen_execute_data->This);
1830 		}
1831 		ZEND_ADD_CALL_FLAG_EX(call_info, (ZEND_CALL_TOP_FUNCTION | ZEND_CALL_ALLOCATED | ZEND_CALL_GENERATOR));
1832 		Z_TYPE_INFO(gen_execute_data->This) = call_info;
1833 		gen_execute_data->prev_execute_data = NULL;
1834 
1835 		call_info = EX_CALL_INFO();
1836 		EG(current_execute_data) = EX(prev_execute_data);
1837 		if (EXPECTED(!(call_info & (ZEND_CALL_TOP|ZEND_CALL_ALLOCATED)))) {
1838 			EG(vm_stack_top) = (zval*)execute_data;
1839 			execute_data = EX(prev_execute_data);
1840 			LOAD_NEXT_OPLINE();
1841 			ZEND_VM_LEAVE();
1842 		} else if (EXPECTED(!(call_info & ZEND_CALL_TOP))) {
1843 			zend_execute_data *old_execute_data = execute_data;
1844 			execute_data = EX(prev_execute_data);
1845 			zend_vm_stack_free_call_frame_ex(call_info, old_execute_data);
1846 			LOAD_NEXT_OPLINE();
1847 			ZEND_VM_LEAVE();
1848 		} else {
1849 			ZEND_VM_RETURN();
1850 		}
1851 	} else {
1852 		ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
1853 	}
1854 }
1855 
zend_cannot_pass_by_ref_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)1856 static zend_never_inline ZEND_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_cannot_pass_by_ref_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
1857 {
1858 	USE_OPLINE
1859 	zval *arg;
1860 	uint32_t arg_num = opline->op2.num;
1861 
1862 	SAVE_OPLINE();
1863 	zend_throw_error(NULL, "Cannot pass parameter %d by reference", arg_num);
1864 	FREE_UNFETCHED_OP(opline->op1_type, opline->op1.var);
1865 	arg = ZEND_CALL_VAR(EX(call), opline->result.var);
1866 	ZVAL_UNDEF(arg);
1867 	HANDLE_EXCEPTION();
1868 }
1869 
ZEND_SEND_UNPACK_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)1870 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_SEND_UNPACK_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
1871 {
1872 	USE_OPLINE
1873 	zend_free_op free_op1;
1874 	zval *args;
1875 	int arg_num;
1876 
1877 	SAVE_OPLINE();
1878 	args = get_zval_ptr_undef(opline->op1_type, opline->op1, &free_op1, BP_VAR_R);
1879 	arg_num = ZEND_CALL_NUM_ARGS(EX(call)) + 1;
1880 
1881 send_again:
1882 	if (EXPECTED(Z_TYPE_P(args) == IS_ARRAY)) {
1883 		HashTable *ht = Z_ARRVAL_P(args);
1884 		zval *arg, *top;
1885 		zend_string *name;
1886 
1887 		zend_vm_stack_extend_call_frame(&EX(call), arg_num - 1, zend_hash_num_elements(ht));
1888 
1889 		if ((opline->op1_type & (IS_VAR|IS_CV)) && Z_REFCOUNT_P(args) > 1) {
1890 			uint32_t i;
1891 			int separate = 0;
1892 
1893 			/* check if any of arguments are going to be passed by reference */
1894 			for (i = 0; i < zend_hash_num_elements(ht); i++) {
1895 				if (ARG_SHOULD_BE_SENT_BY_REF(EX(call)->func, arg_num + i)) {
1896 					separate = 1;
1897 					break;
1898 				}
1899 			}
1900 			if (separate) {
1901 				SEPARATE_ARRAY(args);
1902 				ht = Z_ARRVAL_P(args);
1903 			}
1904 		}
1905 
1906 		ZEND_HASH_FOREACH_STR_KEY_VAL(ht, name, arg) {
1907 			if (name) {
1908 				zend_throw_error(NULL, "Cannot unpack array with string keys");
1909 				FREE_OP(free_op1);
1910 				HANDLE_EXCEPTION();
1911 			}
1912 
1913 			top = ZEND_CALL_ARG(EX(call), arg_num);
1914 			if (ARG_SHOULD_BE_SENT_BY_REF(EX(call)->func, arg_num)) {
1915 				if (Z_ISREF_P(arg)) {
1916 					Z_ADDREF_P(arg);
1917 					ZVAL_REF(top, Z_REF_P(arg));
1918 				} else if (opline->op1_type & (IS_VAR|IS_CV)) {
1919 					/* array is already separated above */
1920 					ZVAL_MAKE_REF_EX(arg, 2);
1921 					ZVAL_REF(top, Z_REF_P(arg));
1922 				} else {
1923 					Z_TRY_ADDREF_P(arg);
1924 					ZVAL_NEW_REF(top, arg);
1925 				}
1926 			} else {
1927 				ZVAL_COPY_DEREF(top, arg);
1928 			}
1929 
1930 			ZEND_CALL_NUM_ARGS(EX(call))++;
1931 			arg_num++;
1932 		} ZEND_HASH_FOREACH_END();
1933 
1934 	} else if (EXPECTED(Z_TYPE_P(args) == IS_OBJECT)) {
1935 		zend_class_entry *ce = Z_OBJCE_P(args);
1936 		zend_object_iterator *iter;
1937 
1938 		if (!ce || !ce->get_iterator) {
1939 			zend_error(E_WARNING, "Only arrays and Traversables can be unpacked");
1940 		} else {
1941 
1942 			iter = ce->get_iterator(ce, args, 0);
1943 			if (UNEXPECTED(!iter)) {
1944 				FREE_OP(free_op1);
1945 				if (!EG(exception)) {
1946 					zend_throw_exception_ex(
1947 						NULL, 0, "Object of type %s did not create an Iterator", ZSTR_VAL(ce->name)
1948 					);
1949 				}
1950 				HANDLE_EXCEPTION();
1951 			}
1952 
1953 			if (iter->funcs->rewind) {
1954 				iter->funcs->rewind(iter);
1955 			}
1956 
1957 			for (; iter->funcs->valid(iter) == SUCCESS; ++arg_num) {
1958 				zval *arg, *top;
1959 
1960 				if (UNEXPECTED(EG(exception) != NULL)) {
1961 					break;
1962 				}
1963 
1964 				arg = iter->funcs->get_current_data(iter);
1965 				if (UNEXPECTED(EG(exception) != NULL)) {
1966 					break;
1967 				}
1968 
1969 				if (iter->funcs->get_current_key) {
1970 					zval key;
1971 					iter->funcs->get_current_key(iter, &key);
1972 					if (UNEXPECTED(EG(exception) != NULL)) {
1973 						break;
1974 					}
1975 
1976 					if (UNEXPECTED(Z_TYPE(key) != IS_LONG)) {
1977 						zend_throw_error(NULL,
1978 							(Z_TYPE(key) == IS_STRING) ?
1979 								"Cannot unpack Traversable with string keys" :
1980 								"Cannot unpack Traversable with non-integer keys");
1981 						zval_ptr_dtor(&key);
1982 						break;
1983 					}
1984 				}
1985 
1986 				if (ARG_MUST_BE_SENT_BY_REF(EX(call)->func, arg_num)) {
1987 					zend_error(
1988 						E_WARNING, "Cannot pass by-reference argument %d of %s%s%s()"
1989 						" by unpacking a Traversable, passing by-value instead", arg_num,
1990 						EX(call)->func->common.scope ? ZSTR_VAL(EX(call)->func->common.scope->name) : "",
1991 						EX(call)->func->common.scope ? "::" : "",
1992 						ZSTR_VAL(EX(call)->func->common.function_name)
1993 					);
1994 				}
1995 
1996 				ZVAL_DEREF(arg);
1997 				Z_TRY_ADDREF_P(arg);
1998 
1999 				zend_vm_stack_extend_call_frame(&EX(call), arg_num - 1, 1);
2000 				top = ZEND_CALL_ARG(EX(call), arg_num);
2001 				ZVAL_COPY_VALUE(top, arg);
2002 				ZEND_CALL_NUM_ARGS(EX(call))++;
2003 
2004 				iter->funcs->move_forward(iter);
2005 			}
2006 
2007 			zend_iterator_dtor(iter);
2008 		}
2009 	} else if (EXPECTED(Z_ISREF_P(args))) {
2010 		args = Z_REFVAL_P(args);
2011 		goto send_again;
2012 	} else {
2013 		if (opline->op1_type == IS_CV && UNEXPECTED(Z_TYPE_P(args) == IS_UNDEF)) {
2014 			ZVAL_UNDEFINED_OP1();
2015 		}
2016 		zend_error(E_WARNING, "Only arrays and Traversables can be unpacked");
2017 	}
2018 
2019 	FREE_OP(free_op1);
2020 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2021 }
2022 
ZEND_SEND_ARRAY_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2023 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_SEND_ARRAY_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2024 {
2025 	USE_OPLINE
2026 	zend_free_op free_op1;
2027 	zval *args;
2028 
2029 	SAVE_OPLINE();
2030 	args = get_zval_ptr(opline->op1_type, opline->op1, &free_op1, BP_VAR_R);
2031 
2032 	if (UNEXPECTED(Z_TYPE_P(args) != IS_ARRAY)) {
2033 		if ((opline->op1_type & (IS_VAR|IS_CV)) && Z_ISREF_P(args)) {
2034 			args = Z_REFVAL_P(args);
2035 			if (EXPECTED(Z_TYPE_P(args) == IS_ARRAY)) {
2036 				goto send_array;
2037 			}
2038 		}
2039 		zend_internal_type_error(EX_USES_STRICT_TYPES(), "call_user_func_array() expects parameter 2 to be array, %s given", zend_get_type_by_const(Z_TYPE_P(args)));
2040 		if (ZEND_CALL_INFO(EX(call)) & ZEND_CALL_CLOSURE) {
2041 			OBJ_RELEASE(ZEND_CLOSURE_OBJECT(EX(call)->func));
2042 		} else if (ZEND_CALL_INFO(EX(call)) & ZEND_CALL_RELEASE_THIS) {
2043 			OBJ_RELEASE(Z_OBJ(EX(call)->This));
2044 		}
2045 		EX(call)->func = (zend_function*)&zend_pass_function;
2046 		Z_OBJ(EX(call)->This) = NULL;
2047 		ZEND_CALL_INFO(EX(call)) &= ~(ZEND_CALL_RELEASE_THIS | ZEND_CALL_HAS_THIS);
2048 		FREE_UNFETCHED_OP(opline->op2_type, opline->op2.var);
2049 	} else {
2050 		uint32_t arg_num;
2051 		HashTable *ht;
2052 		zval *arg, *param;
2053 
2054 
2055 send_array:
2056 		ht = Z_ARRVAL_P(args);
2057 		if (opline->op2_type != IS_UNUSED) {
2058 			zend_free_op free_op2;
2059 			zval *op2 = get_zval_ptr(opline->op2_type, opline->op2, &free_op2, BP_VAR_R);
2060 			uint32_t skip = opline->extended_value;
2061 			uint32_t count = zend_hash_num_elements(ht);
2062 			zend_long len = zval_get_long(op2);
2063 
2064 			if (len < 0) {
2065 				len += (zend_long)(count - skip);
2066 			}
2067 			if (skip < count && len > 0) {
2068 				if (len > (zend_long)(count - skip)) {
2069 					len = (zend_long)(count - skip);
2070 				}
2071 				zend_vm_stack_extend_call_frame(&EX(call), 0, len);
2072 				arg_num = 1;
2073 				param = ZEND_CALL_ARG(EX(call), 1);
2074 				ZEND_HASH_FOREACH_VAL(ht, arg) {
2075 					zend_bool must_wrap = 0;
2076 					if (skip > 0) {
2077 						skip--;
2078 						continue;
2079 					} else if ((zend_long)(arg_num - 1) >= len) {
2080 						break;
2081 					} else if (ARG_SHOULD_BE_SENT_BY_REF(EX(call)->func, arg_num)) {
2082 						if (UNEXPECTED(!Z_ISREF_P(arg))) {
2083 							if (!ARG_MAY_BE_SENT_BY_REF(EX(call)->func, arg_num)) {
2084 								/* By-value send is not allowed -- emit a warning,
2085 								 * but still perform the call. */
2086 								zend_param_must_be_ref(EX(call)->func, arg_num);
2087 								must_wrap = 1;
2088 							}
2089 						}
2090 					} else {
2091 						if (Z_ISREF_P(arg) &&
2092 						    !(EX(call)->func->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE)) {
2093 							/* don't separate references for __call */
2094 							arg = Z_REFVAL_P(arg);
2095 						}
2096 					}
2097 					if (EXPECTED(!must_wrap)) {
2098 						ZVAL_COPY(param, arg);
2099 					} else {
2100 						Z_TRY_ADDREF_P(arg);
2101 						ZVAL_NEW_REF(param, arg);
2102 					}
2103 					ZEND_CALL_NUM_ARGS(EX(call))++;
2104 					arg_num++;
2105 					param++;
2106 				} ZEND_HASH_FOREACH_END();
2107 			}
2108 			FREE_OP(free_op2);
2109 		} else {
2110 			zend_vm_stack_extend_call_frame(&EX(call), 0, zend_hash_num_elements(ht));
2111 			arg_num = 1;
2112 			param = ZEND_CALL_ARG(EX(call), 1);
2113 			ZEND_HASH_FOREACH_VAL(ht, arg) {
2114 				zend_bool must_wrap = 0;
2115 				if (ARG_SHOULD_BE_SENT_BY_REF(EX(call)->func, arg_num)) {
2116 					if (UNEXPECTED(!Z_ISREF_P(arg))) {
2117 						if (!ARG_MAY_BE_SENT_BY_REF(EX(call)->func, arg_num)) {
2118 							/* By-value send is not allowed -- emit a warning,
2119 							 * but still perform the call. */
2120 							zend_param_must_be_ref(EX(call)->func, arg_num);
2121 							must_wrap = 1;
2122 						}
2123 					}
2124 				} else {
2125 					if (Z_ISREF_P(arg) &&
2126 					    !(EX(call)->func->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE)) {
2127 						/* don't separate references for __call */
2128 						arg = Z_REFVAL_P(arg);
2129 					}
2130 				}
2131 				if (EXPECTED(!must_wrap)) {
2132 					ZVAL_COPY(param, arg);
2133 				} else {
2134 					Z_TRY_ADDREF_P(arg);
2135 					ZVAL_NEW_REF(param, arg);
2136 				}
2137 				ZEND_CALL_NUM_ARGS(EX(call))++;
2138 				arg_num++;
2139 				param++;
2140 			} ZEND_HASH_FOREACH_END();
2141 		}
2142 	}
2143 	FREE_OP(free_op1);
2144 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2145 }
2146 
zend_case_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)2147 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_case_helper_SPEC(zval *op_1, zval *op_2 ZEND_OPCODE_HANDLER_ARGS_DC)
2148 {
2149 	USE_OPLINE
2150 
2151 	SAVE_OPLINE();
2152 	if (UNEXPECTED(Z_TYPE_INFO_P(op_1) == IS_UNDEF)) {
2153 		op_1 = ZVAL_UNDEFINED_OP1();
2154 	}
2155 	if (UNEXPECTED(Z_TYPE_INFO_P(op_2) == IS_UNDEF)) {
2156 		op_2 = ZVAL_UNDEFINED_OP2();
2157 	}
2158 	compare_function(EX_VAR(opline->result.var), op_1, op_2);
2159 	if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
2160 		zval_ptr_dtor_nogc(op_2);
2161 	}
2162 	if (UNEXPECTED(EG(exception))) {
2163 		HANDLE_EXCEPTION();
2164 	}
2165 	if (Z_LVAL_P(EX_VAR(opline->result.var)) == 0) {
2166 		ZEND_VM_SMART_BRANCH_TRUE();
2167 		ZVAL_TRUE(EX_VAR(opline->result.var));
2168 		ZEND_VM_NEXT_OPCODE();
2169 	} else {
2170 		ZEND_VM_SMART_BRANCH_FALSE();
2171 		ZVAL_FALSE(EX_VAR(opline->result.var));
2172 		ZEND_VM_NEXT_OPCODE();
2173 	}
2174 }
2175 
ZEND_ADD_ARRAY_UNPACK_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2176 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_UNPACK_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2177 {
2178 	USE_OPLINE
2179 	zend_free_op free_op1;
2180 	zval *op1;
2181 
2182 	SAVE_OPLINE();
2183 	op1 = get_zval_ptr(opline->op1_type, opline->op1, &free_op1, BP_VAR_R);
2184 
2185 add_unpack_again:
2186 	if (EXPECTED(Z_TYPE_P(op1) == IS_ARRAY)) {
2187 		HashTable *ht = Z_ARRVAL_P(op1);
2188 		zval *val;
2189 		zend_string *key;
2190 
2191 		ZEND_HASH_FOREACH_STR_KEY_VAL(ht, key, val) {
2192 			if (key) {
2193 				zend_throw_error(NULL, "Cannot unpack array with string keys");
2194 				FREE_OP(free_op1);
2195 				HANDLE_EXCEPTION();
2196 			} else {
2197 				if (Z_ISREF_P(val) && Z_REFCOUNT_P(val) == 1) {
2198 					val = Z_REFVAL_P(val);
2199 				}
2200 				Z_TRY_ADDREF_P(val);
2201 				if (!zend_hash_next_index_insert(Z_ARRVAL_P(EX_VAR(opline->result.var)), val)) {
2202 					zend_cannot_add_element();
2203 					zval_ptr_dtor_nogc(val);
2204 					break;
2205 				}
2206 			}
2207 		} ZEND_HASH_FOREACH_END();
2208 	} else if (EXPECTED(Z_TYPE_P(op1) == IS_OBJECT)) {
2209 		zend_class_entry *ce = Z_OBJCE_P(op1);
2210 		zend_object_iterator *iter;
2211 
2212 		if (!ce || !ce->get_iterator) {
2213 			zend_throw_error(NULL, "Only arrays and Traversables can be unpacked");
2214 		} else {
2215 			iter = ce->get_iterator(ce, op1, 0);
2216 			if (UNEXPECTED(!iter)) {
2217 				FREE_OP(free_op1);
2218 				if (!EG(exception)) {
2219 					zend_throw_exception_ex(
2220 						NULL, 0, "Object of type %s did not create an Iterator", ZSTR_VAL(ce->name)
2221 					);
2222 				}
2223 				HANDLE_EXCEPTION();
2224 			}
2225 
2226 			if (iter->funcs->rewind) {
2227 				iter->funcs->rewind(iter);
2228 			}
2229 
2230 			for (; iter->funcs->valid(iter) == SUCCESS; ) {
2231 				zval *val;
2232 
2233 				if (UNEXPECTED(EG(exception) != NULL)) {
2234 					break;
2235 				}
2236 
2237 				val = iter->funcs->get_current_data(iter);
2238 				if (UNEXPECTED(EG(exception) != NULL)) {
2239 					break;
2240 				}
2241 
2242 				if (iter->funcs->get_current_key) {
2243 					zval key;
2244 					iter->funcs->get_current_key(iter, &key);
2245 					if (UNEXPECTED(EG(exception) != NULL)) {
2246 						break;
2247 					}
2248 
2249 					if (UNEXPECTED(Z_TYPE(key) != IS_LONG)) {
2250 						zend_throw_error(NULL,
2251 							(Z_TYPE(key) == IS_STRING) ?
2252 								"Cannot unpack Traversable with string keys" :
2253 								"Cannot unpack Traversable with non-integer keys");
2254 						zval_ptr_dtor(&key);
2255 						break;
2256 					}
2257 				}
2258 
2259 				ZVAL_DEREF(val);
2260 				Z_TRY_ADDREF_P(val);
2261 
2262 				if (!zend_hash_next_index_insert(Z_ARRVAL_P(EX_VAR(opline->result.var)), val)) {
2263 					zend_cannot_add_element();
2264 					zval_ptr_dtor_nogc(val);
2265 				}
2266 
2267 				iter->funcs->move_forward(iter);
2268 			}
2269 
2270 			zend_iterator_dtor(iter);
2271 		}
2272 	} else if (EXPECTED(Z_ISREF_P(op1))) {
2273 		op1 = Z_REFVAL_P(op1);
2274 		goto add_unpack_again;
2275 	} else {
2276 		zend_throw_error(NULL, "Only arrays and Traversables can be unpacked");
2277 	}
2278 
2279 	FREE_OP(free_op1);
2280 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2281 }
2282 
ZEND_UNSET_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2283 static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2284 {
2285 	USE_OPLINE
2286 	zval *varname;
2287 	zend_string *name, *tmp_name = NULL;
2288 	zend_class_entry *ce;
2289 	zend_free_op free_op1;
2290 
2291 	SAVE_OPLINE();
2292 
2293 	if (opline->op2_type == IS_CONST) {
2294 		ce = CACHED_PTR(opline->extended_value);
2295 		if (UNEXPECTED(ce == NULL)) {
2296 			ce = zend_fetch_class_by_name(Z_STR_P(RT_CONSTANT(opline, opline->op2)), Z_STR_P(RT_CONSTANT(opline, opline->op2) + 1), ZEND_FETCH_CLASS_DEFAULT | ZEND_FETCH_CLASS_EXCEPTION);
2297 			if (UNEXPECTED(ce == NULL)) {
2298 				ZEND_ASSERT(EG(exception));
2299 				FREE_UNFETCHED_OP(opline->op1_type, opline->op1.var);
2300 				HANDLE_EXCEPTION();
2301 			}
2302 			/*CACHE_PTR(opline->extended_value, ce);*/
2303 		}
2304 	} else if (opline->op2_type == IS_UNUSED) {
2305 		ce = zend_fetch_class(NULL, opline->op2.num);
2306 		if (UNEXPECTED(ce == NULL)) {
2307 			ZEND_ASSERT(EG(exception));
2308 			FREE_UNFETCHED_OP(opline->op1_type, opline->op1.var);
2309 			HANDLE_EXCEPTION();
2310 		}
2311 	} else {
2312 		ce = Z_CE_P(EX_VAR(opline->op2.var));
2313 	}
2314 
2315 	varname = get_zval_ptr_undef(opline->op1_type, opline->op1, &free_op1, BP_VAR_R);
2316 	if (opline->op1_type == IS_CONST) {
2317 		name = Z_STR_P(varname);
2318 	} else if (EXPECTED(Z_TYPE_P(varname) == IS_STRING)) {
2319 		name = Z_STR_P(varname);
2320 	} else {
2321 		if (opline->op1_type == IS_CV && UNEXPECTED(Z_TYPE_P(varname) == IS_UNDEF)) {
2322 			varname = ZVAL_UNDEFINED_OP1();
2323 		}
2324 		name = zval_get_tmp_string(varname, &tmp_name);
2325 	}
2326 
2327 	zend_std_unset_static_property(ce, name);
2328 
2329 	zend_tmp_string_release(tmp_name);
2330 	FREE_OP(free_op1);
2331 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2332 }
2333 
ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2334 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2335 {
2336 	USE_OPLINE
2337 	zval *value;
2338 	int result;
2339 
2340 	SAVE_OPLINE();
2341 
2342 	result = zend_fetch_static_property_address(&value, NULL, opline->extended_value & ~ZEND_ISEMPTY, BP_VAR_IS, 0 OPLINE_CC EXECUTE_DATA_CC);
2343 
2344 	if (!(opline->extended_value & ZEND_ISEMPTY)) {
2345 		result = result == SUCCESS && Z_TYPE_P(value) > IS_NULL &&
2346 		    (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL);
2347 	} else {
2348 		result = result != SUCCESS || !i_zend_is_true(value);
2349 	}
2350 
2351 	ZEND_VM_SMART_BRANCH(result, 1);
2352 	ZVAL_BOOL(EX_VAR(opline->result.var), result);
2353 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2354 }
2355 
ZEND_EXIT_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2356 static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_EXIT_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2357 {
2358 	USE_OPLINE
2359 
2360 	SAVE_OPLINE();
2361 	if (opline->op1_type != IS_UNUSED) {
2362 		zend_free_op free_op1;
2363 		zval *ptr = get_zval_ptr(opline->op1_type, opline->op1, &free_op1, BP_VAR_R);
2364 
2365 		do {
2366 			if (Z_TYPE_P(ptr) == IS_LONG) {
2367 				EG(exit_status) = Z_LVAL_P(ptr);
2368 			} else {
2369 				if ((opline->op1_type & (IS_VAR|IS_CV)) && Z_ISREF_P(ptr)) {
2370 					ptr = Z_REFVAL_P(ptr);
2371 					if (Z_TYPE_P(ptr) == IS_LONG) {
2372 						EG(exit_status) = Z_LVAL_P(ptr);
2373 						break;
2374 					}
2375 				}
2376 				zend_print_zval(ptr, 0);
2377 			}
2378 		} while (0);
2379 		FREE_OP(free_op1);
2380 	}
2381 	zend_bailout();
2382 	ZEND_VM_NEXT_OPCODE(); /* Never reached */
2383 }
2384 
ZEND_BEGIN_SILENCE_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2385 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_BEGIN_SILENCE_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2386 {
2387 	USE_OPLINE
2388 
2389 	ZVAL_LONG(EX_VAR(opline->result.var), EG(error_reporting));
2390 
2391 	if (EG(error_reporting)) {
2392 		do {
2393 			EG(error_reporting) = 0;
2394 			if (!EG(error_reporting_ini_entry)) {
2395 				zval *zv = zend_hash_find_ex(EG(ini_directives), ZSTR_KNOWN(ZEND_STR_ERROR_REPORTING), 1);
2396 				if (zv) {
2397 					EG(error_reporting_ini_entry) = (zend_ini_entry *)Z_PTR_P(zv);
2398 				} else {
2399 					break;
2400 				}
2401 			}
2402 			if (!EG(error_reporting_ini_entry)->modified) {
2403 				if (!EG(modified_ini_directives)) {
2404 					ALLOC_HASHTABLE(EG(modified_ini_directives));
2405 					zend_hash_init(EG(modified_ini_directives), 8, NULL, NULL, 0);
2406 				}
2407 				if (EXPECTED(zend_hash_add_ptr(EG(modified_ini_directives), ZSTR_KNOWN(ZEND_STR_ERROR_REPORTING), EG(error_reporting_ini_entry)) != NULL)) {
2408 					EG(error_reporting_ini_entry)->orig_value = EG(error_reporting_ini_entry)->value;
2409 					EG(error_reporting_ini_entry)->orig_modifiable = EG(error_reporting_ini_entry)->modifiable;
2410 					EG(error_reporting_ini_entry)->modified = 1;
2411 				}
2412 			}
2413 		} while (0);
2414 	}
2415 	ZEND_VM_NEXT_OPCODE();
2416 }
2417 
ZEND_EXT_STMT_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2418 static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_EXT_STMT_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2419 {
2420 	USE_OPLINE
2421 
2422 	if (!EG(no_extensions)) {
2423 		SAVE_OPLINE();
2424 		zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_statement_handler, execute_data);
2425 		ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2426 	}
2427 	ZEND_VM_NEXT_OPCODE();
2428 }
2429 
ZEND_EXT_FCALL_BEGIN_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2430 static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_EXT_FCALL_BEGIN_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2431 {
2432 	USE_OPLINE
2433 
2434 	if (!EG(no_extensions)) {
2435 		SAVE_OPLINE();
2436 		zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_fcall_begin_handler, execute_data);
2437 		ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2438 	}
2439 	ZEND_VM_NEXT_OPCODE();
2440 }
2441 
ZEND_EXT_FCALL_END_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2442 static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_EXT_FCALL_END_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2443 {
2444 	USE_OPLINE
2445 
2446 	if (!EG(no_extensions)) {
2447 		SAVE_OPLINE();
2448 		zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_fcall_end_handler, execute_data);
2449 		ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2450 	}
2451 	ZEND_VM_NEXT_OPCODE();
2452 }
2453 
ZEND_DECLARE_ANON_CLASS_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2454 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DECLARE_ANON_CLASS_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2455 {
2456 	zval *zv;
2457 	zend_class_entry *ce;
2458 	USE_OPLINE
2459 
2460 	ce = CACHED_PTR(opline->extended_value);
2461 	if (UNEXPECTED(ce == NULL)) {
2462 		zend_string *rtd_key = Z_STR_P(RT_CONSTANT(opline, opline->op1));
2463 		zv = zend_hash_find_ex(EG(class_table), rtd_key, 1);
2464 		if (UNEXPECTED(zv == NULL)) {
2465 			SAVE_OPLINE();
2466 			do {
2467 				ZEND_ASSERT(EX(func)->op_array.fn_flags & ZEND_ACC_PRELOADED);
2468 				if (zend_preload_autoload
2469 				  && zend_preload_autoload(EX(func)->op_array.filename) == SUCCESS) {
2470 					zv = zend_hash_find_ex(EG(class_table), rtd_key, 1);
2471 					if (EXPECTED(zv != NULL)) {
2472 						break;
2473 					}
2474 				}
2475 				zend_error_noreturn(E_ERROR, "Anonymous class wasn't preloaded");
2476 			} while (0);
2477 		}
2478 		ZEND_ASSERT(zv != NULL);
2479 		ce = Z_CE_P(zv);
2480 		if (!(ce->ce_flags & ZEND_ACC_LINKED)) {
2481 			SAVE_OPLINE();
2482 			if (zend_do_link_class(ce, (opline->op2_type == IS_CONST) ? Z_STR_P(RT_CONSTANT(opline, opline->op2)) : NULL) == FAILURE) {
2483 				HANDLE_EXCEPTION();
2484 			}
2485 		}
2486 		CACHE_PTR(opline->extended_value, ce);
2487 	}
2488 	Z_CE_P(EX_VAR(opline->result.var)) = ce;
2489 	ZEND_VM_NEXT_OPCODE();
2490 }
2491 
ZEND_DECLARE_FUNCTION_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2492 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DECLARE_FUNCTION_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2493 {
2494 	USE_OPLINE
2495 
2496 	SAVE_OPLINE();
2497 	do_bind_function(RT_CONSTANT(opline, opline->op1));
2498 	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2499 }
2500 
ZEND_TICKS_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2501 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_TICKS_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2502 {
2503 	USE_OPLINE
2504 
2505 	if ((uint32_t)++EG(ticks_count) >= opline->extended_value) {
2506 		EG(ticks_count) = 0;
2507 		if (zend_ticks_function) {
2508 			SAVE_OPLINE();
2509 			zend_ticks_function(opline->extended_value);
2510 			ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
2511 		}
2512 	}
2513 	ZEND_VM_NEXT_OPCODE();
2514 }
2515 
ZEND_EXT_NOP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2516 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_EXT_NOP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2517 {
2518 	USE_OPLINE
2519 
2520 	ZEND_VM_NEXT_OPCODE();
2521 }
2522 
ZEND_NOP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2523 static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NOP_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2524 {
2525 	USE_OPLINE
2526 
2527 	ZEND_VM_NEXT_OPCODE();
2528 }
2529 
zend_dispatch_try_catch_finally_helper_SPEC(uint32_t try_catch_offset, uint32_t op_num ZEND_OPCODE_HANDLER_ARGS_DC)2530 static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_dispatch_try_catch_finally_helper_SPEC(uint32_t try_catch_offset, uint32_t op_num ZEND_OPCODE_HANDLER_ARGS_DC)
2531 {
2532 	/* May be NULL during generator closing (only finally blocks are executed) */
2533 	zend_object *ex = EG(exception);
2534 
2535 	/* Walk try/catch/finally structures upwards, performing the necessary actions */
2536 	while (try_catch_offset != (uint32_t) -1) {
2537 		zend_try_catch_element *try_catch =
2538 			&EX(func)->op_array.try_catch_array[try_catch_offset];
2539 
2540 		if (op_num < try_catch->catch_op && ex) {
2541 			/* Go to catch block */
2542 			cleanup_live_vars(execute_data, op_num, try_catch->catch_op);
2543 			ZEND_VM_JMP_EX(&EX(func)->op_array.opcodes[try_catch->catch_op], 0);
2544 
2545 		} else if (op_num < try_catch->finally_op) {
2546 			/* Go to finally block */
2547 			zval *fast_call = EX_VAR(EX(func)->op_array.opcodes[try_catch->finally_end].op1.var);
2548 			cleanup_live_vars(execute_data, op_num, try_catch->finally_op);
2549 			Z_OBJ_P(fast_call) = EG(exception);
2550 			EG(exception) = NULL;
2551 			Z_OPLINE_NUM_P(fast_call) = (uint32_t)-1;
2552 			ZEND_VM_JMP_EX(&EX(func)->op_array.opcodes[try_catch->finally_op], 0);
2553 
2554 		} else if (op_num < try_catch->finally_end) {
2555 			zval *fast_call = EX_VAR(EX(func)->op_array.opcodes[try_catch->finally_end].op1.var);
2556 
2557 			/* cleanup incomplete RETURN statement */
2558 			if (Z_OPLINE_NUM_P(fast_call) != (uint32_t)-1
2559 			 && (EX(func)->op_array.opcodes[Z_OPLINE_NUM_P(fast_call)].op2_type & (IS_TMP_VAR | IS_VAR))) {
2560 				zval *return_value = EX_VAR(EX(func)->op_array.opcodes[Z_OPLINE_NUM_P(fast_call)].op2.var);
2561 
2562 				zval_ptr_dtor(return_value);
2563 			}
2564 
2565 			/* Chain potential exception from wrapping finally block */
2566 			if (Z_OBJ_P(fast_call)) {
2567 				if (ex) {
2568 					zend_exception_set_previous(ex, Z_OBJ_P(fast_call));
2569 				} else {
2570 					EG(exception) = Z_OBJ_P(fast_call);
2571 				}
2572 				ex = Z_OBJ_P(fast_call);
2573 			}
2574 		}
2575 
2576 		try_catch_offset--;
2577 	}
2578 
2579 	/* Uncaught exception */
2580 	cleanup_live_vars(execute_data, op_num, 0);
2581 	if (UNEXPECTED((EX_CALL_INFO() & ZEND_CALL_GENERATOR) != 0)) {
2582 		zend_generator *generator = zend_get_running_generator(EXECUTE_DATA_C);
2583 		zend_generator_close(generator, 1);
2584 		ZEND_VM_RETURN();
2585 	} else {
2586 		/* We didn't execute RETURN, and have to initialize return_value */
2587 		if (EX(return_value)) {
2588 			ZVAL_UNDEF(EX(return_value));
2589 		}
2590 		ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
2591 	}
2592 }
2593 
ZEND_HANDLE_EXCEPTION_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)2594 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_HANDLE_EXCEPTION_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
2595 {
2596 	const zend_op *throw_op = EG(opline_before_exception);
2597 	uint32_t throw_op_num = throw_op - EX(func)->op_array.opcodes;
2598 	int i, current_try_catch_offset = -1;
2599 
2600 	if ((throw_op->opcode == ZEND_FREE || throw_op->opcode == ZEND_FE_FREE)
2601 		&& throw_op->extended_value & ZEND_FREE_ON_RETURN) {
2602 		/* exceptions thrown because of loop var destruction on return/break/...
2603 		 * are logically thrown at the end of the foreach loop, so adjust the
2604 		 * throw_op_num.
2605 		 */
2606 		const zend_live_range *range = find_live_range(
2607 			&EX(func)->op_array, throw_op_num, throw_op->op1.var);
2608 		throw_op_num = range->end;
2609 	}
2610 
2611 	/* Find the innermost try/catch/finally the exception was thrown in */
2612 	for (i = 0; i < EX(func)->op_array.last_try_catch; i++) {
2613 		zend_try_catch_element *try_catch = &EX(func)->op_array.try_catch_array[i];
2614 		if (try_catch->try_op >