Promote undeclared variables to errors

Author: iluuu1994

Zend/Optimizer/zend_inference.c

@@ -5007,7 +5007,6 @@ ZEND_API bool zend_may_throw_ex(const zend_op *opline, const zend_ssa_op *ssa_op
 		case ZEND_NOP:
 		case ZEND_QM_ASSIGN:
 		case ZEND_JMP:
-		case ZEND_CHECK_VAR:
 		case ZEND_MAKE_REF:
 		case ZEND_BEGIN_SILENCE:
 		case ZEND_END_SILENCE:
@@ -5029,6 +5028,8 @@ ZEND_API bool zend_may_throw_ex(const zend_op *opline, const zend_ssa_op *ssa_op
 		case ZEND_JMP_NULL:
 		case ZEND_JMP_FRAMELESS:
 			return 0;
+		case ZEND_CHECK_VAR:
+			return t1 & MAY_BE_UNDEF;
 		case ZEND_IS_IDENTICAL:
 		case ZEND_IS_NOT_IDENTICAL:
 		case ZEND_CASE_STRICT:

Zend/zend.c

@@ -1807,6 +1807,34 @@ ZEND_API ZEND_COLD void zend_throw_error(zend_class_entry *exception_ce, const c
 }
 /* }}} */
 
+ZEND_API ZEND_COLD void zend_throw_error_unchecked(zend_class_entry *exception_ce, const char *format, ...)
+{
+	va_list va;
+	char *message = NULL;
+
+	if (!exception_ce) {
+		exception_ce = zend_ce_error;
+	}
+
+	/* Marker used to disable exception generation during preloading. */
+	if (EG(exception) == (void*)(uintptr_t)-1) {
+		return;
+	}
+
+	va_start(va, format);
+	zend_vspprintf(&message, 0, format, va);
+
+	//TODO: we can't convert compile-time errors to exceptions yet???
+	if (EG(current_execute_data) && !CG(in_compilation)) {
+		zend_throw_exception(exception_ce, message, 0);
+	} else {
+		zend_error_noreturn(E_ERROR, "%s", message);
+	}
+
+	efree(message);
+	va_end(va);
+}
+
 /* type should be one of the BP_VAR_* constants, only special messages happen for isset/empty and unset */
 ZEND_API ZEND_COLD void zend_illegal_container_offset(const zend_string *container, const zval *offset, int type)
 {

Zend/zend.h

@@ -391,6 +391,7 @@ ZEND_API ZEND_COLD void zend_error_zstr(int type, zend_string *message);
 ZEND_API ZEND_COLD void zend_error_zstr_at(int type, zend_string *filename, uint32_t lineno, zend_string *message);
 
 ZEND_API ZEND_COLD void zend_throw_error(zend_class_entry *exception_ce, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3);
+ZEND_API ZEND_COLD void zend_throw_error_unchecked(zend_class_entry *exception_ce, const char *format, ...);
 ZEND_API ZEND_COLD void zend_type_error(const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 1, 2);
 ZEND_API ZEND_COLD void zend_argument_count_error(const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 1, 2);
 ZEND_API ZEND_COLD void zend_value_error(const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 1, 2);

Zend/zend_compile.c

@@ -2870,7 +2870,7 @@ static void zend_compile_class_ref(znode *result, zend_ast *name_ast, uint32_t f
 }
 /* }}} */
 
-static zend_result zend_try_compile_cv(znode *result, zend_ast *ast) /* {{{ */
+static zend_result zend_try_compile_cv(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
 {
 	zend_ast *name_ast = ast->child[0];
 	if (name_ast->kind == ZEND_AST_ZVAL) {
@@ -2890,6 +2890,11 @@ static zend_result zend_try_compile_cv(znode *result, zend_ast *ast) /* {{{ */
 		result->op_type = IS_CV;
 		result->u.op.var = lookup_cv(name);
 
+		// FIXME: Check whether the CV is guaranteed to be declared
+		if (type == BP_VAR_R || type == BP_VAR_RW) {
+			zend_emit_op(NULL, ZEND_CHECK_VAR, result, NULL);
+		}
+
 		if (UNEXPECTED(Z_TYPE_P(zv) != IS_STRING)) {
 			zend_string_release_ex(name, 0);
 		}
@@ -2994,7 +2999,7 @@ static zend_op *zend_compile_simple_var(znode *result, zend_ast *ast, uint32_t t
 			result->op_type = IS_TMP_VAR;
 		}
 		return opline;
-	} else if (zend_try_compile_cv(result, ast) == FAILURE) {
+	} else if (zend_try_compile_cv(result, ast, type) == FAILURE) {
 		return zend_compile_simple_var_no_cv(result, ast, type, delayed);
 	}
 	return NULL;
@@ -3420,7 +3425,7 @@ static void zend_compile_expr_with_potential_assign_to_self(
 		/* $a[0] = $a should evaluate the right $a first */
 		znode cv_node;
 
-		if (zend_try_compile_cv(&cv_node, expr_ast) == FAILURE) {
+		if (zend_try_compile_cv(&cv_node, expr_ast, BP_VAR_R) == FAILURE) {
 			zend_compile_simple_var_no_cv(expr_node, expr_ast, BP_VAR_R, 0);
 		} else {
 			zend_emit_op_tmp(expr_node, ZEND_QM_ASSIGN, &cv_node, NULL);
@@ -3510,7 +3515,7 @@ static void zend_compile_assign(znode *result, zend_ast *ast) /* {{{ */
 					/* list($a, $b) = $a should evaluate the right $a first */
 					znode cv_node;
 
-					if (zend_try_compile_cv(&cv_node, expr_ast) == FAILURE) {
+					if (zend_try_compile_cv(&cv_node, expr_ast, BP_VAR_R) == FAILURE) {
 						zend_compile_simple_var_no_cv(&expr_node, expr_ast, BP_VAR_R, 0);
 					} else {
 						zend_emit_op_tmp(&expr_node, ZEND_QM_ASSIGN, &cv_node, NULL);
@@ -3825,7 +3830,7 @@ static uint32_t zend_compile_args(
 							opcode = ZEND_SEND_VAR_EX;
 							CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
 							break;
-						} else if (zend_try_compile_cv(&arg_node, arg) == SUCCESS) {
+						} else if (zend_try_compile_cv(&arg_node, arg, BP_VAR_FUNC_ARG) == SUCCESS) {
 							opcode = ZEND_SEND_VAR_EX;
 							break;
 						}
@@ -5423,7 +5428,7 @@ static void zend_compile_global_var(zend_ast *ast) /* {{{ */
 	// TODO(GLOBALS) Forbid "global $GLOBALS"?
 	if (is_this_fetch(var_ast)) {
 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use $this as global variable");
-	} else if (zend_try_compile_cv(&result, var_ast) == SUCCESS) {
+	} else if (zend_try_compile_cv(&result, var_ast, BP_VAR_W) == SUCCESS) {
 		zend_op *opline = zend_emit_op(NULL, ZEND_BIND_GLOBAL, &result, &name_node);
 		opline->extended_value = zend_alloc_cache_slot();
 	} else {
@@ -5549,7 +5554,7 @@ static void zend_compile_unset(zend_ast *ast) /* {{{ */
 		case ZEND_AST_VAR:
 			if (is_this_fetch(var_ast)) {
 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot unset $this");
-			} else if (zend_try_compile_cv(&var_node, var_ast) == SUCCESS) {
+			} else if (zend_try_compile_cv(&var_node, var_ast, BP_VAR_UNSET) == SUCCESS) {
 				opline = zend_emit_op(NULL, ZEND_UNSET_CV, &var_node, NULL);
 			} else {
 				opline = zend_compile_simple_var_no_cv(NULL, var_ast, BP_VAR_UNSET, 0);
@@ -6074,7 +6079,7 @@ static void zend_compile_foreach(zend_ast *ast) /* {{{ */
 	if (is_this_fetch(value_ast)) {
 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
 	} else if (value_ast->kind == ZEND_AST_VAR &&
-		zend_try_compile_cv(&value_node, value_ast) == SUCCESS) {
+		zend_try_compile_cv(&value_node, value_ast, BP_VAR_W) == SUCCESS) {
 		SET_NODE(opline->op2, &value_node);
 	} else {
 		opline->op2_type = IS_VAR;
@@ -10664,7 +10669,7 @@ static void zend_compile_isset_or_empty(znode *result, zend_ast *ast) /* {{{ */
 			if (is_this_fetch(var_ast)) {
 				opline = zend_emit_op(result, ZEND_ISSET_ISEMPTY_THIS, NULL, NULL);
 				CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
-			} else if (zend_try_compile_cv(&var_node, var_ast) == SUCCESS) {
+			} else if (zend_try_compile_cv(&var_node, var_ast, BP_VAR_IS) == SUCCESS) {
 				opline = zend_emit_op(result, ZEND_ISSET_ISEMPTY_CV, &var_node, NULL);
 			} else {
 				opline = zend_compile_simple_var_no_cv(result, var_ast, BP_VAR_IS, 0);

Zend/zend_execute.c

@@ -348,19 +348,15 @@ static zend_always_inline zval *_get_zval_ptr_cv_BP_VAR_R(uint32_t var EXECUTE_D
 {
 	zval *ret = EX_VAR(var);
 
-	if (UNEXPECTED(Z_TYPE_P(ret) == IS_UNDEF)) {
-		return zval_undefined_cv(var EXECUTE_DATA_CC);
-	}
+	ZEND_ASSERT(Z_TYPE_P(ret) != IS_UNDEF);
 	return ret;
 }
 
 static zend_always_inline zval *_get_zval_ptr_cv_deref_BP_VAR_R(uint32_t var EXECUTE_DATA_DC)
 {
 	zval *ret = EX_VAR(var);
 
-	if (UNEXPECTED(Z_TYPE_P(ret) == IS_UNDEF)) {
-		return zval_undefined_cv(var EXECUTE_DATA_CC);
-	}
+	ZEND_ASSERT(Z_TYPE_P(ret) != IS_UNDEF);
 	ZVAL_DEREF(ret);
 	return ret;
 }
@@ -376,11 +372,7 @@ static zend_always_inline zval *_get_zval_ptr_cv_BP_VAR_RW(uint32_t var EXECUTE_
 {
 	zval *ret = EX_VAR(var);
 
-	if (UNEXPECTED(Z_TYPE_P(ret) == IS_UNDEF)) {
-		zval_undefined_cv(var EXECUTE_DATA_CC);
-		ZVAL_NULL(ret);
-		return ret;
-	}
+	ZEND_ASSERT(Z_TYPE_P(ret) != IS_UNDEF);
 	return ret;
 }
 
@@ -2045,6 +2037,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 		/* The string may be destroyed while throwing the notice.
 		 * Temporarily increase the refcount to detect this situation. */
 		GC_ADDREF(s);
+		// FIXME: Still needed?
 		if (UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
 			zval_undefined_cv((opline+1)->op1.var EXECUTE_DATA_CC);
 		}
@@ -3641,6 +3634,7 @@ static zend_never_inline zval* zend_fetch_static_property_address_ex(zend_proper
 			name = Z_STR_P(varname);
 			tmp_name = NULL;
 		} else {
+			// FIXME: Still needed?
 			if (op1_type == IS_CV && UNEXPECTED(Z_TYPE_P(varname) == IS_UNDEF)) {
 				zval_undefined_cv(opline->op1.var EXECUTE_DATA_CC);
 			}

Zend/zend_types.h

@@ -1488,6 +1488,8 @@ static zend_always_inline uint32_t zval_delref_p(zval* pz) {
 #define ZVAL_DEREF(z) do {								\
 		if (UNEXPECTED(Z_ISREF_P(z))) {					\
 			(z) = Z_REFVAL_P(z);						\
+			/* FIXME: Verify this is beneficial. */		\
+			ZEND_ASSERT(Z_TYPE_P(z) != IS_UNDEF && Z_TYPE_P(z) != IS_REFERENCE);	\
 		}												\
 	} while (0)
 

Zend/zend_vm_def.h

@@ -2669,6 +2669,7 @@ ZEND_VM_C_LABEL(try_assign_dim_array):
 		SEPARATE_ARRAY(object_ptr);
 		if (OP2_TYPE == IS_UNUSED) {
 			value = GET_OP_DATA_ZVAL_PTR_UNDEF(BP_VAR_R);
+			// FIXME: Still needed?
 			if (OP_DATA_TYPE == IS_CV && UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
 				HashTable *ht = Z_ARRVAL_P(object_ptr);
 				if (!(GC_FLAGS(ht) & IS_ARRAY_IMMUTABLE)) {
@@ -2742,6 +2743,7 @@ ZEND_VM_C_LABEL(try_assign_dim_array):
 			}
 
 			value = GET_OP_DATA_ZVAL_PTR_UNDEF(BP_VAR_R);
+			// FIXME: Still needed?
 			if (OP_DATA_TYPE == IS_CV && UNEXPECTED(Z_ISUNDEF_P(value))) {
 				value = zval_undefined_cv((opline+1)->op1.var EXECUTE_DATA_CC);
 			} else if (OP_DATA_TYPE & (IS_CV|IS_VAR)) {
@@ -9214,8 +9216,9 @@ ZEND_VM_HANDLER(49, ZEND_CHECK_VAR, CV, UNUSED)
 
 	if (UNEXPECTED(Z_TYPE_INFO_P(op1) == IS_UNDEF)) {
 		SAVE_OPLINE();
-		ZVAL_UNDEFINED_OP1();
-		ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
+		zend_string *cv = CV_DEF_OF(EX_VAR_TO_NUM(opline->op1.var));
+		zend_throw_error_unchecked(NULL, "Undefined variable $%S", cv);
+		HANDLE_EXCEPTION();
 	}
 	ZEND_VM_NEXT_OPCODE();
 }