Fix live-range calculation for FREE_RANGE

Author: iluuu1994

Zend/Optimizer/zend_optimizer.c

@@ -791,6 +791,11 @@ void zend_optimizer_shift_jump(zend_op_array *op_array, zend_op *opline, uint32_
 			opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)]);
 			break;
 		}
+		case ZEND_FREE_RANGE: {
+			opline->op1.num -= shiftlist[opline->op1.num];
+			opline->op2.num -= shiftlist[opline->op2.num];
+			break;
+		}
 	}
 }
 

Zend/tests/match/bugs/001.phpt

@@ -6,7 +6,14 @@ WIP
 function test() {
     foreach ([1, 2, 3] as $value) {
         $x = match (1) {
-            1 => { return 42; },
+            1 => {
+                $y = match (1) {
+                    1 => {
+                        return 42;
+                    },
+                };
+                return 42;
+            },
         };
         var_dump($value);
     }

Zend/tests/match/bugs/011.phpt

@@ -3,13 +3,14 @@ WIP
 --FILE--
 <?php
 
+namespace Test;
+
 function test() {
-    do {
-        $foo = 'Hello';
-        $bar = 'world';
-        var_dump("$foo ${null ?? { 'bar' }}");
-        var_dump("$foo ${null ?? { break; 'bar' }}");
-    } while (0);
+    $foo = 'Hello';
+    $bar = 'world';
+    var_dump("$foo ${null ?? { 'bar' }}");
+    var_dump("$foo ${null ?? { return; 'bar' }}");
+    str_repeat('a', 10) . (null ?? { return; 'bar' });
 }
 
 test();
@@ -18,5 +19,7 @@ test();
 --EXPECTF--
 Deprecated: Using ${expr} (variable variables) in strings is deprecated, use {${expr}} instead in %s on line %d
 
+Deprecated: Using ${expr} (variable variables) in strings is deprecated, use {${expr}} instead in %s on line %d
+
 Deprecated: Using ${expr} (variable variables) in strings is deprecated, use {${expr}} instead in %s on line %d
 string(11) "Hello world"

Zend/zend_compile.c

@@ -62,9 +62,16 @@
 typedef struct _zend_loop_var {
 	uint8_t opcode;
 	uint8_t var_type;
-	uint32_t   var_num;
-	uint32_t   try_catch_offset;
-	uint32_t   opcode_start;
+	union {
+		struct {
+			uint32_t var_num;
+			uint32_t try_catch_offset;
+		};
+		struct {
+			uint32_t range_start;
+			uint32_t range_end;
+		};
+	};
 } zend_loop_var;
 
 static inline uint32_t zend_alloc_cache_slots(unsigned count) {
@@ -345,6 +352,8 @@ void zend_oparray_context_begin(zend_oparray_context *prev_context, zend_op_arra
 	CG(context).in_jmp_frameless_branch = false;
 	CG(context).active_property_info_name = NULL;
 	CG(context).active_property_hook_kind = (zend_property_hook_kind)-1;
+	CG(context).in_block_expr = false;
+	CG(context).stmt_start = (uint32_t)-1;
 }
 /* }}} */
 
@@ -721,10 +730,8 @@ static inline void zend_begin_loop(
 	brk_cont_element->parent = parent;
 	brk_cont_element->kind = kind;
 
-	uint32_t start = get_next_op_number();
-	info.opcode_start = start;
-
 	if (loop_var && (loop_var->op_type & (IS_VAR|IS_TMP_VAR))) {
+		uint32_t start = get_next_op_number();
 
 		info.opcode = free_opcode;
 		info.var_type = loop_var->op_type;
@@ -5612,27 +5619,22 @@ static bool zend_handle_loops_and_finally_ex(zend_long depth, znode *return_valu
 				SET_NODE(opline->op2, return_value);
 			}
 			opline->op1.num = loop_var->try_catch_offset;
-			if (free_range_opnum != (uint32_t)-1) {
-				zend_op *opline = &CG(active_op_array)->opcodes[free_range_opnum];
-				opline->op1.num = loop_var->opcode_start;
-				free_range_opnum = (uint32_t)-1;
-			}
 		} else if (loop_var->opcode == ZEND_DISCARD_EXCEPTION) {
 			zend_op *opline = get_next_op();
 			opline->opcode = ZEND_DISCARD_EXCEPTION;
 			opline->op1_type = IS_TMP_VAR;
 			opline->op1.var = loop_var->var_num;
 		} else if (loop_var->opcode == ZEND_RETURN) {
 			/* Stack separator */
-			if (free_range_opnum != (uint32_t)-1) {
-				zend_op *opline = &CG(active_op_array)->opcodes[free_range_opnum];
-				opline->op1.num = 0;
-			}
 			break;
 		} else {
 			if (free_range_opnum != (uint32_t)-1) {
 				zend_op *opline = &CG(active_op_array)->opcodes[free_range_opnum];
-				opline->op1.num = loop_var->opcode_start + 1;
+				uint32_t new_start = loop_var->range_start + (loop_var->opcode != ZEND_NOP ? 1 : 0);
+				/* We only want to shorten the life-time of ranges, but not extend them. */
+				if (opline->op1.num < new_start) {
+					opline->op1.num = new_start;
+				}
 				free_range_opnum = (uint32_t)-1;
 			}
 			/* ZEND_FREE_RANGE does not decrease depth. */
@@ -5648,7 +5650,8 @@ static bool zend_handle_loops_and_finally_ex(zend_long depth, znode *return_valu
 				opline->extended_value = ZEND_FREE_ON_RETURN;
 				if (loop_var->opcode == ZEND_FREE_RANGE) {
 					free_range_opnum = get_next_op_number() - 1;
-					opline->op2.var = loop_var->opcode_start;
+					opline->op1.var = loop_var->range_start;
+					opline->op2.var = loop_var->range_end;
 				}
 			}
 		}
@@ -6452,8 +6455,8 @@ static void zend_compile_block_expr(znode *result, zend_ast *ast, bool omit_free
 		zend_loop_var info = {0};
 		info.opcode = ZEND_FREE_RANGE;
 		info.var_type = IS_UNUSED;
-		info.var_num = (uint32_t)-1;
-		info.opcode_start = get_next_op_number();
+		info.range_start = CG(context).stmt_start;
+		info.range_end = get_next_op_number();
 		zend_stack_push(&CG(loop_var_stack), &info);
 	}
 	zend_compile_stmt_list(ast->child[0]);
@@ -6490,8 +6493,8 @@ static void zend_compile_match(znode *result, zend_ast *ast)
 		zend_loop_var info = {0};
 		info.opcode = ZEND_FREE_RANGE;
 		info.var_type = IS_UNUSED;
-		info.var_num = (uint32_t)-1;
-		info.opcode_start = start_opnum;
+		info.range_start = CG(context).stmt_start;
+		info.range_end = start_opnum;
 		zend_stack_push(&CG(loop_var_stack), &info);
 	}
 
@@ -6719,7 +6722,6 @@ static void zend_compile_try(zend_ast *ast) /* {{{ */
 	}
 
 	try_catch_offset = zend_add_try_element(get_next_op_number());
-	uint32_t try_opnum = get_next_op_number();
 
 	if (finally_ast) {
 		zend_loop_var fast_call;
@@ -6733,7 +6735,6 @@ static void zend_compile_try(zend_ast *ast) /* {{{ */
 		fast_call.var_type = IS_TMP_VAR;
 		fast_call.var_num = CG(context).fast_call_var;
 		fast_call.try_catch_offset = try_catch_offset;
-		fast_call.opcode_start = try_opnum;
 		zend_stack_push(&CG(loop_var_stack), &fast_call);
 	}
 
@@ -11460,6 +11461,9 @@ static void zend_compile_stmt(zend_ast *ast) /* {{{ */
 		zend_do_extended_stmt();
 	}
 
+	uint32_t prev_stmt_start = CG(context).stmt_start;
+	CG(context).stmt_start = get_next_op_number();
+
 	switch (ast->kind) {
 		case ZEND_AST_STMT_LIST:
 			zend_compile_stmt_list(ast);
@@ -11555,7 +11559,7 @@ static void zend_compile_stmt(zend_ast *ast) /* {{{ */
 			break;
 		case ZEND_AST_BLOCK_EXPR:
 			zend_compile_block_expr(NULL, ast, /* omit_free_range */ false);
-			return;
+			break;
 		default:
 		{
 			znode result;
@@ -11564,6 +11568,8 @@ static void zend_compile_stmt(zend_ast *ast) /* {{{ */
 		}
 	}
 
+	CG(context).stmt_start = prev_stmt_start;
+
 	if (FC(declarables).ticks && !zend_is_unticked_stmt(ast)) {
 		zend_emit_tick();
 	}

Zend/zend_compile.h

@@ -213,6 +213,7 @@ typedef struct _zend_oparray_context {
 	zend_property_hook_kind active_property_hook_kind;
 	bool       in_jmp_frameless_branch;
 	bool       in_block_expr;
+	uint32_t   stmt_start;
 } zend_oparray_context;
 
 /* Class, property and method flags                  class|meth.|prop.|const*/

Zend/zend_opcode.c

@@ -926,6 +926,51 @@ static void swap_live_range(zend_live_range *a, zend_live_range *b) {
 	b->end = tmp;
 }
 
+static void remove_dead_free_ranges(zend_op_array *op_array, zend_stack *stack, uint32_t opnum)
+{
+	while (!zend_stack_is_empty(stack)) {
+		uint32_t top_num = *(uint32_t*)zend_stack_top(stack);
+		zend_op *top = &op_array->opcodes[top_num];
+		/* We're past the range's start. */
+		if (opnum < top->op1.num) {
+			zend_stack_del_top(stack);
+		} else {
+			break;
+		}
+	}
+}
+
+static void append_free_range(zend_op_array *op_array, zend_stack *stack, zend_op *opline, uint32_t opnum)
+{
+	uint32_t i = zend_stack_count(stack);
+	uint32_t *existing_num = zend_stack_top(stack);
+	while (i-- != 0) {
+		zend_op *existing = &op_array->opcodes[*existing_num];
+		if (existing->op1.num <= opline->op1.num && existing->op2.num >= opline->op2.num) {
+			return;
+		} else if (existing->op1.num >= opline->op1.num && existing->op2.num <= opline->op2.num) {
+			*existing_num = opnum;
+			return;
+		}
+		existing_num--;
+	}
+	zend_stack_push(stack, &opnum);
+}
+
+static uint32_t find_free_range(zend_op_array *op_array, zend_stack *stack, uint32_t opnum)
+{
+	uint32_t i = zend_stack_count(stack);
+	uint32_t *num = zend_stack_top(stack);
+	while (i-- != 0) {
+		zend_op *op = &op_array->opcodes[*num];
+		if (op->op1.num <= opnum && op->op2.num > opnum) {
+			return *num;
+		}
+		num--;
+	}
+	return (uint32_t)-1;
+}
+
 static void zend_calc_live_ranges(
 		zend_op_array *op_array, zend_needs_live_range_cb needs_live_range) {
 	uint32_t opnum = op_array->last;
@@ -935,11 +980,19 @@ static void zend_calc_live_ranges(
 	uint32_t *last_use = do_alloca(sizeof(uint32_t) * op_array->T, use_heap);
 	memset(last_use, -1, sizeof(uint32_t) * op_array->T);
 
+	zend_stack free_range_stack;
+	zend_stack_init(&free_range_stack, sizeof(uint32_t));
+
 	ZEND_ASSERT(!op_array->live_range);
 	while (opnum > 0) {
 		opnum--;
 		opline--;
 
+		if (UNEXPECTED(opline->opcode == ZEND_FREE_RANGE)) {
+			remove_dead_free_ranges(op_array, &free_range_stack, opnum);
+			append_free_range(op_array, &free_range_stack, opline, opnum);
+		}
+
 		if ((opline->result_type & (IS_TMP_VAR|IS_VAR)) && !is_fake_def(opline)) {
 			uint32_t var_num = EX_VAR_TO_NUM(opline->result.var) - var_offset;
 			/* Defs without uses can occur for two reasons: Either because the result is
@@ -948,6 +1001,7 @@ static void zend_calc_live_ranges(
 			 * which case the last one starts the live range. As such, we can simply ignore
 			 * missing uses here. */
 			if (EXPECTED(last_use[var_num] != (uint32_t) -1)) {
+found:
 				/* Skip trivial live-range */
 				if (opnum + 1 != last_use[var_num]) {
 					uint32_t num;
@@ -963,6 +1017,11 @@ static void zend_calc_live_ranges(
 					emit_live_range(op_array, var_num, num, last_use[var_num], needs_live_range);
 				}
 				last_use[var_num] = (uint32_t) -1;
+			} else {
+				last_use[var_num] = find_free_range(op_array, &free_range_stack, opnum);
+				if (last_use[var_num] != (uint32_t) -1) {
+					goto found;
+				}
 			}
 		}
 
@@ -1024,6 +1083,7 @@ static void zend_calc_live_ranges(
 	}
 
 	free_alloca(last_use, use_heap);
+	zend_stack_destroy(&free_range_stack);
 }
 
 ZEND_API void zend_recalc_live_ranges(