mirror of
https://github.com/php/php-src.git
synced 2026-04-23 16:08:35 +02:00
Stanislav Malyshev
75d7666968
* PHP-7.0.10: Fix bug #72749: wddx_deserialize allows illegal memory access Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF fix tests Fix bug#72697 - select_colors write out-of-bounds Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation Fix bug #72730 - imagegammacorrect allows arbitrary write access Fix bug #72750: wddx_deserialize null dereference Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack fix tests add missing skipif section Fix for bug #72790 and bug #72799 Fix bug #72837 - integer overflow in bzdecompress caused heap corruption Fix bug #72742 - memory allocator fails to realloc small block to large one Use size_t for path length Check for string overflow Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else Fix bug #72674 - check both curl_escape and curl_unescape
ZEND_VM
=======
ZEND_VM architecture allows specializing opcode handlers according to op_type
fields and using different execution methods (call threading, switch threading
and direct threading). As a result ZE2 got more than 20% speedup on raw PHP
code execution (with specialized executor and direct threading execution
method). As in most PHP applications raw execution speed isn't the limiting
factor but system calls and database calls are, your mileage with this patch
will vary.
Most parts of the old zend_execute.c go into zend_vm_def.h. Here you can
find opcode handlers and helpers. The typical opcode handler template looks
like this:
ZEND_VM_HANDLER(<OPCODE-NUMBER>, <OPCODE>, <OP1_TYPES>, <OP2_TYPES>)
{
<HANDLER'S CODE>
}
<OPCODE-NUMBER> is a opcode number (0, 1, ...)
<OPCODE> is an opcode name (ZEN_NOP, ZEND_ADD, :)
<OP1_TYPES> & <OP2_TYPES> are masks for allowed operand op_types. Specializer
will generate code only for defined combination of types. You can use any
combination of the following op_types UNUSED, CONST, VAR, TMP and CV also
you can use ANY mask to disable specialization according operand's op_type.
<HANDLER'S CODE> is a handler's code itself. For most handlers it stills the
same as in old zend_execute.c, but now it uses macros to access opcode operands
and some internal executor data.
You can see the conformity of new macros to old code in the following list:
EXECUTE_DATA
execute_data
ZEND_VM_DISPATCH_TO_HANDLER(<OP>)
return <OP>_helper(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU)
ZEND_VM_DISPATCH_TO_HELPER(<NAME>)
return <NAME>(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU)
ZEND_VM_DISPATCH_TO_HELPER_EX(<NAME>,<PARAM>,<VAL>)
return <NAME>(<VAL>, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU)
ZEND_VM_CONTINUE()
return 0
ZEND_VM_NEXT_OPCODE()
NEXT_OPCODE()
ZEND_VM_SET_OPCODE(<TARGET>
SET_OPCODE(<TARGET>
ZEND_VM_INC_OPCODE()
INC_OPCOD()
ZEND_VM_RETURN_FROM_EXECUTE_LOOP()
RETURN_FROM_EXECUTE_LOOP()
ZEND_VM_C_LABEL(<LABEL>):
<LABEL>:
ZEND_VM_C_GOTO(<LABEL>)
goto <LABEL>
OP<X>_TYPE
opline->op<X>.op_type
GET_OP<X>_ZVAL_PTR(<TYPE>)
get_zval_ptr(&opline->op<X>, EX(Ts), &free_op<X>, <TYPE>)
GET_OP<X>_ZVAL_PTR_PTR(<TYPE>)
get_zval_ptr_ptr(&opline->op<X>, EX(Ts), &free_op<X>, <TYPE>)
GET_OP<X>_OBJ_ZVAL_PTR(<TYPE>)
get_obj_zval_ptr(&opline->op<X>, EX(Ts), &free_op<X>, <TYPE>)
GET_OP<X>_OBJ_ZVAL_PTR_PTR(<TYPE>)
get_obj_zval_ptr_ptr(&opline->op<X>, EX(Ts), &free_op<X>, <TYPE>)
IS_OP<X>_TMP_FREE()
IS_TMP_FREE(free_op<X>)
FREE_OP<X>()
FREE_OP(free_op<X>)
FREE_OP<X>_IF_VAR()
FREE_VAR(free_op<X>)
FREE_OP<X>_VAR_PTR()
FREE_VAR_PTR(free_op<X>)
Executor's helpers can be defined without parameters or with one parameter.
This is done with the following constructs:
ZEND_VM_HELPER(<HELPER-NAME>, <OP1_TYPES>, <OP2_TYPES>)
{
<HELPER'S CODE>
}
ZEND_VM_HELPER_EX(<HELPER-NAME>, <OP1_TYPES>, <OP2_TYPES>, <PARAM_SPEC>)
{
<HELPER'S CODE>
}
Executor's code is generated by PHP script zend_vm_gen.php it uses zend_vm_def.h
and zend_vm_execute.skl as input and produces zend_vm_opcodes.h and
zend_vm_execute.h. The first file is a list of opcode definitions. It is
included from zend_compile.h. The second one is an executor code itself. It is
included from zend_execute.c.
zend_vm_gen.php can produce different kind of executors. You can select
different opcode threading model using --with-vm-kind=CALL|SWITCH|GOTO. You can
disable opcode specialization using --without-specializer. You can include or
exclude old executor together with specialized one using --without-old-executor.
At last you can debug executor using original zend_vm_def.h or generated file
zend_vm_execute.h. Debugging with original file requires --with-lines
option. By default ZE2 uses the following command to generate executor:
$ php zend_vm_gen.php --with-vm-kind=CALL
Zend Engine II currently includes two executors during the build process, one
is the specialized version and the other is the old one non-specialized with
function handlers. By default Zend Engine II uses the specialized one but you
can switch to the old executor at runtime by calling zend_vm_use_old_executor().