Skip to content

Fix bug #81096: Re-infer ranges if ref type is inferred #7114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Fix bug #81096: Re-infer ranges if ref type is inferred #7114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f2a6064
Fix bug #81096: Re-infer ranges if ref type is inferred
nikic Jun 7, 2021
b79cbf3
Fix memory leak
nikic Jun 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 63 additions & 13 deletions Zend/Optimizer/zend_inference.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1866,11 +1866,18 @@ static uint32_t get_ssa_alias_types(zend_ssa_alias_kind alias) {
__type |= get_ssa_alias_types(__ssa_var->alias); \
} \
} \
if (ssa_var_info[__var].type != __type) { \
if (ssa_var_info[__var].type & ~__type) { \
uint32_t __old_type = ssa_var_info[__var].type; \
if (__old_type != __type) { \
if (__old_type & ~__type) { \
emit_type_narrowing_warning(op_array, ssa, __var); \
return FAILURE; \
} \
if ((__type & MAY_BE_REF) && \
!(__old_type & MAY_BE_REF) && \
pessimize_range(&ssa_var_info[__var]) && \
update_worklist) { \
add_usages(op_array, ssa, range_worklist, __var); \
} \
ssa_var_info[__var].type = __type; \
if (update_worklist) { \
add_usages(op_array, ssa, worklist, __var); \
Expand Down Expand Up @@ -1966,6 +1973,22 @@ static void emit_type_narrowing_warning(const zend_op_array *op_array, zend_ssa
zend_error(E_WARNING, "Narrowing occurred during type inference of %s. Please file a bug report on bugs.php.net", def_op_name);
}

/* If we determine that a variable is a reference, we need to discard range information. */
static bool pessimize_range(zend_ssa_var_info *info) {
if (!info->has_range) {
return false;
}
if (info->range.underflow && info->range.overflow && info->range.min == ZEND_LONG_MIN &&
info->range.max == ZEND_LONG_MAX) {
return false;
}

info->range.underflow = info->range.overflow = true;
info->range.min = ZEND_LONG_MIN;
info->range.max = ZEND_LONG_MAX;
return true;
}

ZEND_API uint32_t zend_array_element_type(uint32_t t1, zend_uchar op_type, int write, int insert)
{
uint32_t tmp = 0;
Expand Down Expand Up @@ -2352,6 +2375,7 @@ static zend_always_inline int _zend_update_type_info(
zend_ssa *ssa,
const zend_script *script,
zend_bitset worklist,
zend_bitset range_worklist,
zend_op *opline,
zend_ssa_op *ssa_op,
const zend_op **ssa_opcodes,
Expand Down Expand Up @@ -3627,7 +3651,7 @@ ZEND_API int zend_update_type_info(
const zend_op **ssa_opcodes,
zend_long optimization_level)
{
return _zend_update_type_info(op_array, ssa, script, NULL, opline, ssa_op, ssa_opcodes, optimization_level, 0);
return _zend_update_type_info(op_array, ssa, script, NULL, NULL, opline, ssa_op, ssa_opcodes, optimization_level, 0);
}

static uint32_t get_class_entry_rank(zend_class_entry *ce) {
Expand Down Expand Up @@ -3676,7 +3700,7 @@ static zend_class_entry *join_class_entries(
return ce1;
}

int zend_infer_types_ex(const zend_op_array *op_array, const zend_script *script, zend_ssa *ssa, zend_bitset worklist, zend_long optimization_level)
int zend_infer_types_ex(const zend_op_array *op_array, const zend_script *script, zend_ssa *ssa, zend_bitset worklist, zend_bitset range_worklist, zend_long optimization_level)
{
zend_basic_block *blocks = ssa->cfg.blocks;
zend_ssa_var *ssa_vars = ssa->vars;
Expand All @@ -3686,8 +3710,28 @@ int zend_infer_types_ex(const zend_op_array *op_array, const zend_script *script
uint32_t tmp, worklist_len = zend_bitset_len(ssa_vars_count);
bool update_worklist = 1;

while (!zend_bitset_empty(worklist, worklist_len)) {
while (true) {
j = zend_bitset_first(range_worklist, worklist_len);
if (j != -1) {
/* Propagate potential range change */
zend_ssa_range range;
zend_bitset_excl(range_worklist, j);
if (zend_inference_calc_range(op_array, ssa, j, /* widening */ true, /* narrowing */ false, &range) == FAILURE) {
return FAILURE;
}
if (zend_inference_widening_meet(&ssa->var_info[j], &range)) {
add_usages(op_array, ssa, range_worklist, j);
add_usages(op_array, ssa, worklist, j);
}
continue;
}

j = zend_bitset_first(worklist, worklist_len);
if (j == -1) {
/* Both range and primary worklist are empty. */
break;
}

zend_bitset_excl(worklist, j);
if (ssa_vars[j].definition_phi) {
zend_ssa_phi *p = ssa_vars[j].definition_phi;
Expand Down Expand Up @@ -3747,7 +3791,7 @@ int zend_infer_types_ex(const zend_op_array *op_array, const zend_script *script
}
} else if (ssa_vars[j].definition >= 0) {
i = ssa_vars[j].definition;
if (_zend_update_type_info(op_array, ssa, script, worklist, op_array->opcodes + i, ssa->ops + i, NULL, optimization_level, 1) == FAILURE) {
if (_zend_update_type_info(op_array, ssa, script, worklist, range_worklist, op_array->opcodes + i, ssa->ops + i, NULL, optimization_level, 1) == FAILURE) {
return FAILURE;
}
}
Expand Down Expand Up @@ -3928,16 +3972,18 @@ static bool can_convert_to_double(
static int zend_type_narrowing(const zend_op_array *op_array, const zend_script *script, zend_ssa *ssa, zend_long optimization_level)
{
uint32_t bitset_len = zend_bitset_len(ssa->vars_count);
zend_bitset visited, worklist;
zend_bitset visited, worklist, range_worklist;
int i, v;
zend_op *opline;
bool narrowed = 0;
ALLOCA_FLAG(use_heap)

visited = ZEND_BITSET_ALLOCA(2 * bitset_len, use_heap);
visited = ZEND_BITSET_ALLOCA(3 * bitset_len, use_heap);
worklist = visited + bitset_len;
range_worklist = worklist + bitset_len;

zend_bitset_clear(worklist, bitset_len);
zend_bitset_clear(range_worklist, bitset_len);

for (v = op_array->last_var; v < ssa->vars_count; v++) {
if ((ssa->var_info[v].type & (MAY_BE_REF | MAY_BE_ANY | MAY_BE_UNDEF)) != MAY_BE_LONG) continue;
Expand Down Expand Up @@ -3969,7 +4015,7 @@ static int zend_type_narrowing(const zend_op_array *op_array, const zend_script
return SUCCESS;
}

if (zend_infer_types_ex(op_array, script, ssa, worklist, optimization_level) != SUCCESS) {
if (zend_infer_types_ex(op_array, script, ssa, worklist, range_worklist, optimization_level) != SUCCESS) {
free_alloca(visited, use_heap);
return FAILURE;
}
Expand Down Expand Up @@ -4245,19 +4291,23 @@ static int zend_infer_types(const zend_op_array *op_array, const zend_script *sc
zend_ssa_var_info *ssa_var_info = ssa->var_info;
int ssa_vars_count = ssa->vars_count;
int j;
zend_bitset worklist;
int worklist_len = zend_bitset_len(ssa_vars_count);
zend_bitset worklist, range_worklist;
ALLOCA_FLAG(use_heap);

worklist = do_alloca(sizeof(zend_ulong) * zend_bitset_len(ssa_vars_count), use_heap);
memset(worklist, 0, sizeof(zend_ulong) * zend_bitset_len(ssa_vars_count));
worklist = do_alloca(sizeof(zend_ulong) * worklist_len * 2, use_heap);
memset(worklist, 0, sizeof(zend_ulong) * worklist_len);

range_worklist = worklist + worklist_len;
memset(range_worklist, 0, sizeof(zend_ulong) * worklist_len);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that memset can also be combined too.


/* Type Inference */
for (j = op_array->last_var; j < ssa_vars_count; j++) {
zend_bitset_incl(worklist, j);
ssa_var_info[j].type = 0;
}

if (zend_infer_types_ex(op_array, script, ssa, worklist, optimization_level) != SUCCESS) {
if (zend_infer_types_ex(op_array, script, ssa, worklist, range_worklist, optimization_level) != SUCCESS) {
free_alloca(worklist, use_heap);
return FAILURE;
}
Expand Down
2 changes: 0 additions & 2 deletions Zend/Optimizer/zend_inference.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,8 +263,6 @@ int zend_inference_narrowing_meet(zend_ssa_var_info *var_info, zend_ssa_range *
int zend_inference_widening_meet(zend_ssa_var_info *var_info, zend_ssa_range *r);
void zend_inference_check_recursive_dependencies(zend_op_array *op_array);

int zend_infer_types_ex(const zend_op_array *op_array, const zend_script *script, zend_ssa *ssa, zend_bitset worklist, zend_long optimization_level);

ZEND_API uint32_t zend_fetch_arg_info_type(
const zend_script *script, zend_arg_info *arg_info, zend_class_entry **pce);
ZEND_API void zend_init_func_return_info(
Expand Down
25 changes: 25 additions & 0 deletions ext/opcache/tests/ref_range_1.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
--TEST--
Range info for references (1)
--FILE--
<?php

function test() {
escape_x($x);
$x = 0;
modify_x();
return (int) $x;
}

function escape_x(&$x) {
$GLOBALS['x'] =& $x;
}

function modify_x() {
$GLOBALS['x']++;
}

var_dump(test());

?>
--EXPECT--
int(1)
25 changes: 25 additions & 0 deletions ext/opcache/tests/ref_range_2.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
--TEST--
Range info for references (2)
--FILE--
<?php

function test() {
escape_x($x);
$x = 0;
modify_x();
return PHP_INT_MAX + (int) $x;
}

function escape_x(&$x) {
$GLOBALS['x'] =& $x;
}

function modify_x() {
$GLOBALS['x']++;
}

var_dump(test());

?>
--EXPECTF--
float(%s)