File: zend_verify_type_inference.h

package info (click to toggle)
php8.4 8.4.11-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, trixie
  • size: 208,108 kB
  • sloc: ansic: 1,060,628; php: 35,345; sh: 11,866; cpp: 7,201; pascal: 4,913; javascript: 3,091; asm: 2,810; yacc: 2,411; makefile: 689; xml: 446; python: 301; awk: 148
file content (203 lines) | stat: -rw-r--r-- 8,262 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
 
/*
   +----------------------------------------------------------------------+
   | Zend Engine                                                          |
   +----------------------------------------------------------------------+
   | Copyright (c) Zend Technologies Ltd. (http://www.zend.com)           |
   +----------------------------------------------------------------------+
   | This source file is subject to version 2.00 of the Zend license,     |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | http://www.zend.com/license/2_00.txt.                                |
   | If you did not receive a copy of the Zend license and are unable to  |
   | obtain it through the world-wide-web, please send a note to          |
   | license@zend.com so we can mail you a copy immediately.              |
   +----------------------------------------------------------------------+
*/

#include "zend_type_info.h"
#include "zend_compile.h"

#define VM_TRACE_START()
#define VM_TRACE_END()
#define VM_TRACE(op) zend_verify_inference_use(execute_data, OPLINE); \
	{ \
		zend_execute_data *__current_ex = NULL; \
		const zend_op *__current_op = NULL; \
		if (OPLINE->opcode != ZEND_GENERATOR_RETURN) { \
			__current_ex = execute_data; __current_op = OPLINE; \
		}
#define VM_TRACE_OP_END(op) \
		if (__current_ex && __current_op) { \
			zend_verify_inference_def(__current_ex, __current_op); \
		} \
	}

#define ZEND_VERIFY_TYPE_INFERENCE_ERROR(msg, ...) \
	do { \
		fprintf(stderr, "Inference verification failed at %04d %s (" msg ")\n", (int)(opline - EX(func)->op_array.opcodes), operand, __VA_ARGS__); \
		_exit(139); \
	} while (0)

static void zend_verify_type_inference(zval *value, uint32_t type_mask, uint8_t op_type, zend_execute_data *execute_data, const zend_op *opline, const char *operand)
{
	if (type_mask == MAY_BE_CLASS) {
		return;
	}

	if (Z_TYPE_P(value) == IS_INDIRECT) {
		if (!(type_mask & MAY_BE_INDIRECT)) {
			ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_INDIRECT", type_mask);
		}
		value = Z_INDIRECT_P(value);
	}

	/* Verifying RC inference is currently not possible because type information is based on the SSA
	 * built without ZEND_SSA_RC_INFERENCE, which is missing various definitions for RC-modifying
	 * operations. Support could be added by repeating SSA-construction and type inference with the
	 * given flag. */
	// if (Z_REFCOUNTED_P(value)) {
	// 	if (Z_REFCOUNT_P(value) == 1 && !(type_mask & MAY_BE_RC1)) {
	// 		ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_RC1", type_mask);
	// 	}
	// 	if (Z_REFCOUNT_P(value) > 1 && !(type_mask & MAY_BE_RCN)) {
	// 		ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_RCN", type_mask);
	// 	}
	// }

	if (Z_TYPE_P(value) == IS_REFERENCE) {
		if (!(type_mask & MAY_BE_REF)) {
			ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_REF", type_mask);
		}
		value = Z_REFVAL_P(value);
	}

	if (!(type_mask & (1u << Z_TYPE_P(value)))) {
		if (Z_TYPE_P(value) == IS_UNUSED && op_type == IS_VAR && (type_mask & MAY_BE_NULL)) {
			/* FETCH_OBJ_* for typed property may return IS_UNDEF. This is an exception. */
		} else {
			ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing type %d", type_mask, Z_TYPE_P(value));
		}
	}

	if (Z_TYPE_P(value) == IS_ARRAY) {
		HashTable *ht = Z_ARRVAL_P(value);
		uint32_t num_checked = 0;
		zend_string *str;
		zval *val;
		if (HT_IS_INITIALIZED(ht)) {
			if (HT_IS_PACKED(ht) && !MAY_BE_PACKED(type_mask)) {
				ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_ARRAY_PACKED", type_mask);
			}
			if (!HT_IS_PACKED(ht) && !MAY_BE_HASH(type_mask)) {
				ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_ARRAY_HASH", type_mask);
			}
		} else {
			if (!(type_mask & MAY_BE_ARRAY_EMPTY)) {
				ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_ARRAY_EMPTY", type_mask);
			}
		}
		ZEND_HASH_FOREACH_STR_KEY_VAL(ht, str, val) {
			if (str) {
				if (!(type_mask & MAY_BE_ARRAY_KEY_STRING)) {
					ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_ARRAY_KEY_STRING", type_mask);
					break;
				}
			} else {
				if (!(type_mask & MAY_BE_ARRAY_KEY_LONG)) {
					ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing MAY_BE_ARRAY_KEY_LONG", type_mask);
					break;
				}
			}

			uint32_t array_type = 1u << (Z_TYPE_P(val) + MAY_BE_ARRAY_SHIFT);
			if (!(type_mask & array_type)) {
				ZEND_VERIFY_TYPE_INFERENCE_ERROR("mask 0x%x missing array type %d", type_mask, Z_TYPE_P(val));
				break;
			}

			/* Don't check all elements of large arrays. */
			if (++num_checked > 16) {
				break;
			}
		} ZEND_HASH_FOREACH_END();
	}
}

/* Clang reports false positive unused warnings. */
#ifdef __clang__
__attribute__((unused))
#endif
static void zend_verify_inference_use(zend_execute_data *execute_data, const zend_op *opline)
{
	if (opline->op1_use_type
	 && (opline->op1_type & (IS_TMP_VAR|IS_VAR|IS_CV))
	 && opline->opcode != ZEND_ROPE_ADD
	 && opline->opcode != ZEND_ROPE_END) {
		zend_verify_type_inference(EX_VAR(opline->op1.var), opline->op1_use_type, opline->op1_type, execute_data, opline, "op1_use");
	}
	if (opline->op2_use_type
	 && (opline->op2_type & (IS_TMP_VAR|IS_VAR|IS_CV))) {
		zend_verify_type_inference(EX_VAR(opline->op2.var), opline->op2_use_type, opline->op2_type, execute_data, opline, "op2_use");
	}
	if (opline->result_use_type
	 && (opline->result_type & (IS_TMP_VAR|IS_VAR|IS_CV))) {
		zend_verify_type_inference(EX_VAR(opline->result.var), opline->result_use_type, opline->result_type, execute_data, opline, "result_use");
	}
}

/* Clang reports false positive unused warnings. */
#ifdef __clang__
__attribute__((unused))
#endif
static void zend_verify_inference_def(zend_execute_data *execute_data, const zend_op *opline)
{
	if (EG(exception)) {
		return;
	}
	if (opline->op1_def_type
	 && (opline->op1_type & (IS_TMP_VAR|IS_VAR|IS_CV))
	 // array is actually changed by the the following instruction(s)
	 && opline->opcode != ZEND_FETCH_DIM_W
	 && opline->opcode != ZEND_FETCH_DIM_RW
	 && opline->opcode != ZEND_FETCH_DIM_FUNC_ARG
	 && opline->opcode != ZEND_FETCH_LIST_W) {
		zend_verify_type_inference(EX_VAR(opline->op1.var), opline->op1_def_type, opline->op1_type, execute_data, opline, "op1_def");
	}
	if (opline->op2_def_type
	 && (opline->op2_type & (IS_TMP_VAR|IS_VAR|IS_CV))
	 /* ZEND_FE_FETCH_R[W] does not define a result in the last iteration. */
	 && opline->opcode != ZEND_FE_FETCH_R
	 && opline->opcode != ZEND_FE_FETCH_RW) {
		zend_verify_type_inference(EX_VAR(opline->op2.var), opline->op2_def_type, opline->op2_type, execute_data, opline, "op2_def");
	}
	if (opline->result_def_type
	 && (opline->result_type & (IS_TMP_VAR|IS_VAR|IS_CV))
	 && opline->opcode != ZEND_ROPE_INIT
	 && opline->opcode != ZEND_ROPE_ADD
	 /* Some jump opcode handlers don't set result when it's never read. */
	 && opline->opcode != ZEND_JMP_SET
	 && opline->opcode != ZEND_JMP_NULL
	 && opline->opcode != ZEND_COALESCE
	 && opline->opcode != ZEND_ASSERT_CHECK
	 /* Smart branches may not declare result. */
	 && !zend_is_smart_branch(opline)
	 /* User calls only initialize result when returning from the called function. */
	 && opline->opcode != ZEND_DO_FCALL
	 && opline->opcode != ZEND_DO_UCALL
	 && opline->opcode != ZEND_DO_FCALL_BY_NAME
	 /* ZEND_FE_FETCH_R[W] does not define a result in the last iteration. */
	 && opline->opcode != ZEND_FE_FETCH_R
	 && opline->opcode != ZEND_FE_FETCH_RW) {
		zend_verify_type_inference(EX_VAR(opline->result.var), opline->result_def_type, opline->result_type, execute_data, opline, "result_def");

		/* Verify return value in the context of caller. */
		if ((opline->opcode == ZEND_RETURN || opline->opcode == ZEND_RETURN_BY_REF)
		 && execute_data->prev_execute_data
		 && execute_data->prev_execute_data->func
		 && ZEND_USER_CODE(execute_data->prev_execute_data->func->type)) {
			zend_execute_data *prev_execute_data = execute_data->prev_execute_data;
			const zend_op *opline = execute_data->prev_execute_data->opline;
			zend_verify_type_inference(ZEND_CALL_VAR(prev_execute_data, opline->result.var), opline->result_def_type, opline->result_type, prev_execute_data, opline, "result_def");
		}
	}
}