| blob | 2f963ab42544463d8edcadca8ecce266c5289baa |
1 /*
2 +----------------------------------------------------------------------+
3 | HipHop for PHP |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 2010-2014 Facebook, Inc. (http://www.facebook.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 */
27 #include <folly/Optional.h>
33 //////////////////////////////////////////////////////////////////////
50 };
51 }
53 }
60 };
61 }
63 }
70 };
71 }
73 }
79 };
80 }
82 }
89 };
90 }
92 }
94 }
97 }();
102 /*
103 * None of the above worked, so try to make the smallest union we can based
104 * on the pointer type.
105 */
114 }
116 // Return an AliasClass containing all locations pointed to by any PtrToGen
117 // sources to an instruction.
123 }
124 }
126 }
128 // Return an AliasClass representing a range of the eval stack that contains
129 // everything below a logical depth.
132 }
134 /*
135 * Modify a GeneralEffects to take potential VM re-entry into account. This
136 * affects may-load, may-store, and kills information for the instruction. The
137 * GeneralEffects should already contain AHeapAny in both loads and stores if
138 * it affects those locations for reasons other than re-entry, but does not
139 * need to if it doesn't.
140 *
141 * For loads, we need to take into account EnableArgsInBacktraces: if this flag
142 * is on, any instruction that could re-enter could call debug_backtrace, which
143 * could read the argument locals of any activation record in the callstack.
144 * We don't try to limit the load effects to argument locals here, though, and
145 * just union in all the locals.
146 *
147 * For kills, locations on the eval stack below the re-entry depth should all
148 * be added.
149 *
150 * Important note: because of the `kills' set modifications, an instruction may
151 * not report that it can re-enter if it actually can't. The reason this can
152 * go wrong is that if the instruction was in an inlined function, if we've
153 * removed the DefInlineFP its spOff will not be meaningful (unless it's a
154 * DecRef instruction, which we explicitly adjust in dce.cpp). In this case
155 * the `kills' set will refer to the wrong stack locations. In general this
156 * means instructions that can re-enter must have catch traces---but a few
157 * other instructions are exceptions, either since they are not allowed in
158 * inlined functions or because they take the (possibly-inlined) FramePtr as a
159 * source.
160 */
165 ReleaseVVAndSkip,
166 CIterFree,
167 MIterFree,
168 MIterNext,
169 MIterNextK,
170 IterFree,
171 ABCUnblock,
172 GenericRetDecRefs);
174 may_reenter_is_ok,
176 inst
177 );
179 /*
180 * We want to union `killed_stack' into whatever else the instruction already
181 * said it must kill, but if we end up with an unrepresentable AliasClass we
182 * can't return a set that's too big (the `kills' set is unlike the other
183 * AliasClasses in GeneralEffects in that means it kills /everything/ in the
184 * set, since it's must-information).
185 *
186 * If we can't represent the union, just take the stack, in part because we
187 * have some debugging asserts about this right now---but also nothing
188 * actually uses may_reenter with a non-AEmpty kills at the time of this
189 * writing anyway.
190 */
201 new_kills
202 };
203 }
205 /*
206 * Modify a GeneralEffects for instructions that could call the user
207 * error handler for the current frame (ie something that can raise
208 * a warning/notice/error, or a builtin call), because the error
209 * handler gets a context array which contains all the locals.
210 */
213 inst,
215 );
216 }
218 //////////////////////////////////////////////////////////////////////
222 }
225 AliasClass stores,
226 AliasClass kill) {
228 }
231 AliasClass stores,
232 AliasClass move) {
235 }
237 //////////////////////////////////////////////////////////////////////
239 /*
240 * Helper for iterator instructions. They all affect some locals, but are
241 * otherwise the same.
242 *
243 * N.B. Currently the memory for frame iterator slots is not part of the
244 * AliasClass lattice, since we never really manipulate them from the TC yet,
245 * so we don't report the effect these instructions have on it.
246 */
249 AliasClass locals) {
255 inst,
259 AMIStateAny
260 )
261 );
262 }
264 /*
265 * Construct effects for InterpOne, using the information in its extra data.
266 *
267 * We always consider an InterpOne as potentially doing anything to the heap,
268 * potentially re-entering, potentially raising warnings in the current frame,
269 * potentially reading any locals, and potentially reading/writing any stack
270 * location that isn't below the bottom of the stack.
271 *
272 * The extra data for the InterpOne comes with some additional information
273 * about which local(s) it may modify, which is all we try to be more precise
274 * about right now.
275 */
285 }
286 }
288 }
290 //////////////////////////////////////////////////////////////////////
295 //////////////////////////////////////////////////////////////////////
296 // Region exits
298 // These exits don't leave the current php function, and could head to code
299 // that could read or write anything as far as we know (including frame
300 // locals).
303 AUnknown,
306 };
309 AUnknown,
313 };
316 AUnknown,
320 };
325 //////////////////////////////////////////////////////////////////////
326 // Unusual instructions
328 /*
329 * The ReturnHook sets up the ActRec so the unwinder knows everything is
330 * already released (i.e. it calls ar->setLocalsDecRefd()).
331 *
332 * The eval stack is also dead at this point (the return value is passed to
333 * ReturnHook as src(1), and the ReturnHook may not access the stack).
334 */
336 // Note, this instruction can re-enter, but doesn't need the may_reenter()
337 // treatmeant because of the special kill semantics for locals and stack.
341 );
343 // The suspend hooks can load anything (re-entering the VM), but can't write
344 // to frame locals.
347 // TODO: may-load here probably doesn't need to include AFrameAny normally.
351 /*
352 * If we're returning from a function, it's ReturnEffects. The RetCtrl
353 * opcode also suspends resumables, which we model as having any possible
354 * effects.
355 *
356 * Note that marking AFrameAny as dead isn't quite right, because that
357 * ought to mean that the preceding StRetVal is dead; but memory effects
358 * ignores StRetVal so the AFrameAny is fine.
359 */
362 // Suspending can go anywhere, and doesn't even kill locals.
364 }
367 };
372 AMIStateAny
373 };
376 /*
377 * The may-store information here is AUnknown: even though we know it
378 * doesn't really "store" to the frame locals, the values that used to be
379 * there are no longer available because they are DecRef'd, which we are
380 * required to report as may-store information to make it visible to
381 * reference count optimizations. It's conceptually the same as if it was
382 * storing an Uninit over each of the locals, but the stores of uninits
383 * would be dead so we're not actually doing that.
384 */
390 AUnknown,
392 AMIStateAny
393 };
395 /*
396 * DefInlineFP has some special treatment here.
397 *
398 * It's logically `publishing' a pointer to a pre-live ActRec, making it
399 * live. It doesn't actually load from this ActRec, but after it's done this
400 * the set of things that can load from it is large enough that the easiest
401 * way to model this is to consider it as a load on behalf of `publishing'
402 * the ActRec. Once it's published, it's a live activation record, and
403 * doesn't get written to as if it were a stack slot anymore (we've
404 * effectively converted AStack locations into a frame until the
405 * InlineReturn).
406 *
407 * TODO(#3634984): Additionally, DefInlineFP is marking may-load on all the
408 * locals of the outer frame. This is probably not necessary anymore, but we
409 * added it originally because a store sinking prototype needed to know it
410 * can't push StLocs past a DefInlineFP, because of reserved registers.
411 * Right now it's just here because we need to think about and test it before
412 * removing that set.
413 */
417 /*
418 * Note that although DefInlineFP is going to store some things into the
419 * memory for the new frame (m_soff, etc), it's as part of converting it
420 * from a pre-live frame to a live frame. We don't need to report those
421 * effects on memory because they are logically to a 'different location
422 * class' (i.e. an activation record for the callee) than the AStack
423 * locations that represented the pre-live ActRec, even though they are at
424 * the same physical addresses in memory.
425 */
426 AEmpty
427 );
436 AUnknown,
438 };
443 // NB: on the failure path, these C++ helpers do a fixup and read frame
444 // locals before they throw. They can also invoke the user error handler and
445 // go do whatever they want to non-frame locations.
446 //
447 // TODO(#5372569): if we combine dv inits into the same regions we could
448 // possibly avoid storing KindOfUninits if we modify this.
453 // However the following ones can't read locals from our frame on the way
454 // out, except as a side effect of raising a warning.
463 AMIStateAny,
464 // The AStackAny on this is more conservative than it could be; see Call
465 // and CallBuiltin.
466 AStackAny
467 };
472 {
476 // kill
478 // We might side-exit inside the callee, and interpret a return. So we
479 // can read anything anywhere on the eval stack above the call's entry
480 // depth here.
481 AStackAny
482 };
483 }
486 {
495 }
496 }
497 }
499 }();
503 }
505 // Resumable suspension takes everything from the frame and moves it into the
506 // heap.
512 // This re-enters to call extension-defined instance constructors.
524 //////////////////////////////////////////////////////////////////////
525 // Iterator instructions
531 inst,
534 );
539 inst,
542 );
547 {
551 }
556 {
560 }
562 //////////////////////////////////////////////////////////////////////
563 // Instructions that explicitly manipulate locals
569 };
572 {
578 }
580 }
587 // Note: LdLocPseudoMain is both a guard and a load, so it must not be a
588 // PureLoad.
591 AEmpty
592 );
595 // This can store to globals or locals, but we don't have globals supported
596 // in AliasClass yet.
602 //////////////////////////////////////////////////////////////////////
603 // Pointer-based loads and stores
610 // TODO(#5962341): These take non-constant offset arguments, and are
611 // currently only used for collections and class property inits, so we aren't
612 // hooked up yet.
619 };
624 : AUnknown
625 };
628 {
631 }
644 //////////////////////////////////////////////////////////////////////
645 // Object/Ref loads/stores
657 //////////////////////////////////////////////////////////////////////
658 // Array loads and stores
664 };
671 {
677 };
679 }
682 {
683 // NewStructArray is reading elements from the stack, but writes to a
684 // completely new array, so we can treat the store set as empty.
690 };
692 }
703 //////////////////////////////////////////////////////////////////////
704 // Member instructions
706 /*
707 * Various minstr opcodes that take a PtrToGen in src 0, which may or may not
708 * point to a frame local or the evaluation stack. These instructions can
709 * all re-enter the VM and access arbitrary heap locations, and some of them
710 * take pointers to MinstrState locations, which they may both load and store
711 * from if present.
712 */
732 // Right now we generally can't limit any of these better than general
733 // re-entry rules, since they can raise warnings and re-enter.
738 ));
740 /*
741 * These minstr opcodes either take a PtrToGen or an Obj as the base. The
742 * pointer may point at frame locals or the stack. These instructions can
743 * all re-enter the VM and access arbitrary non-frame/stack locations, as
744 * well.
745 */
762 ));
764 /*
765 * Collection accessors can read from their inner array buffer, but stores
766 * COW and behave as if they only affect collection memory locations. We
767 * don't track those, so it's returning AEmpty for now.
768 */
779 //////////////////////////////////////////////////////////////////////
780 // Instructions that allocate new objects, without reading any other memory
781 // at all, so any effects they have on some types of memory locations we
782 // track are isolated from anything else we care about.
798 // AllocObj re-enters to call constructors, but if it weren't for that we
799 // could ignore its loads and stores since it's a new object.
802 //////////////////////////////////////////////////////////////////////
803 // Instructions that explicitly manipulate the stack.
808 };
814 };
817 {
820 AStack {
822 // SpillFrame's spOffset is to the bottom of where it will store the
823 // ActRec, but AliasClass needs an offset to the highest cell it will
824 // store.
826 kNumActRecCells
827 },
828 AStack {
830 // The context is in the highest slot.
832 1
833 }
834 };
835 }
840 AEmpty
841 );
845 // The following may re-enter, and also deal with a stack slot.
847 {
850 };
852 }
854 {
858 };
860 }
864 {
868 }
870 }
873 // This instruction is essentially a PureLoad, but we don't handle non-TV's
874 // in PureLoad so we have to treat it as may_load_store. We also treat it
875 // as loading an entire ActRec-sized part of the stack, although it only
876 // loads the slot containing the Func.
878 AStack {
882 },
883 AEmpty
884 );
886 //////////////////////////////////////////////////////////////////////
887 // Instructions that never do anything to memory
975 //////////////////////////////////////////////////////////////////////
976 // Instructions that technically do some things w/ memory, but not in any way
977 // we currently care about. They however don't return IrrelevantEffects
978 // because we assume (in refcount-opts) that IrrelevantEffects instructions
979 // can't even inspect Countable reference count fields, and several of these
980 // can. All GeneralEffects instructions are assumed to possibly do so.
1113 // Some that touch memory we might care about later, but currently don't:
1128 //////////////////////////////////////////////////////////////////////
1129 // Instructions that can re-enter the VM and touch most heap things. They
1130 // also may generally write to the eval stack below an offset (see
1131 // alias-class.h above AStack for more).
1134 {
1136 // It could decref the inner ref.
1139 // Need to add maybeRef to the `store' set. See comments about
1140 // `GeneralEffects' in memory-effects.h.
1143 // Could re-enter to run a destructor.
1145 }
1147 }
1153 /*
1154 * Note that these instructions make stores to a pre-live actrec on the
1155 * eval stack.
1156 *
1157 * It is probably safe for these instructions to have may-load only from
1158 * the portion of the evaluation stack below the actrec they are
1159 * manipulating, but since there's always going to be either a Call or a
1160 * region exit following it it doesn't help us eliminate anything for now,
1161 * so we just pretend it can read/write anything on the stack.
1162 */
1166 {
1171 };
1173 }
1258 // These two instructions don't touch memory we track, except that they may
1259 // re-enter to construct php Exception objects. During this re-entry anything
1260 // can happen (e.g. a surprise flag check could cause a php signal handler to
1261 // run arbitrary code).
1266 //////////////////////////////////////////////////////////////////////
1267 // The following instructions are used for debugging memory optimizations, so
1268 // this analyzer should pretend they don't exist.
1275 //////////////////////////////////////////////////////////////////////
1277 }
1280 }
1282 //////////////////////////////////////////////////////////////////////
1287 };
1292 "Non frame pointer in memory effects"
1293 );
1294 };
1299 "Non obj pointer in memory effects"
1300 );
1301 };
1306 };
1309 me,
1316 // Locations may-moved always should also count as may-loads.
1320 // Any instruction that can raise an error can run a user error handler
1321 // and have arbitrary effects on the heap.
1324 /*
1325 * They also ought to kill /something/ on the stack, because of
1326 * possible re-entry. It's not incorrect to leave things out of the
1327 * kills set, but this assertion is here because we shouldn't do it on
1328 * purpose, so this is here until we have a reason not to assert it.
1329 *
1330 * The mayRaiseError instructions should all be going through
1331 * may_reenter right now, which will kill the stack below the re-entry
1332 * depth.
1333 */
1335 }
1336 },
1347 );
1350 }
1352 //////////////////////////////////////////////////////////////////////
1354 }
1360 }
1362 //////////////////////////////////////////////////////////////////////
1367 me,
1374 };
1375 },
1378 },
1381 },
1384 },
1387 },
1393 };
1394 },
1397 },
1400 );
1401 }
1403 //////////////////////////////////////////////////////////////////////
1408 effects,
1415 );
1416 },
1419 },
1422 },
1425 },
1431 );
1432 }
1434 //////////////////////////////////////////////////////////////////////
1441 };
1442 }
1444 //////////////////////////////////////////////////////////////////////
1446 }}