If Apache or a similar SAPI receives a signal during PHP processing
it calls zend_shutdown() without calling shutdown_executor().
#65463: If a module like Gearman or Memcached is loaded,
in the unfixed version it is unloaded by zend_destroy_modules() before the
CG(CLASS_TABLE) is destructed. When CG(CLASS_TABLE) is destructed,
any pointers to methods (specifically around destruction) in the unloaded
module's .so are now dangling and the process segfaults.
#66036: Any subclasses of an internal class like ArrayObject need
to be destructed in order: subclass first and then the internal class. In the
unfixed version zend_shutdown() clears the CG(CLASS_TABLE) from the head
of the list onwards, so internal classes are destructed first and user-defined
classes last. Internal classes are alloc/deallocated with malloc/free while
user-defined classes with emalloc/efree. If there's shared data between them
then efree() could be called instead of free() leading to a seg-fault.
This implements the original functionality of php_splice, but
as an in-place operation, thus avoiding copying the HT.
This is much faster (~10x) if the splice removes a small portion
of the array and doesn't insert many elements.
The implementation differs from the original in array.c in that it
rehashes the hashtable in the same loop. This is approximately two
times faster (not counting the rare case of a purely associative
array).
The interruption handling was normalized to wrap the entire deletion
operation (instead of leaving out the destructor call and/or the
deallocation) per the recommendation of somebody (don't remember who)
familiar with zend signals.
There is an always-inlined variant of the function for use in
the main deletion function, to ensure there is no performance
impact.
Also remove lies in the comment above the function. apply_deleter
is not safe against modification, if the modification involves
removing the next bucket.
Also modified the implementation of zend_hash_graceful_destroy()
to be fully graceful (the reverse variant already was).
This commit disallows the use of trailing positional arguments
after argument unpacking was used. The following calls are no
longer valid:
fn(...$array, $var);
fn(...$array1, $var, ...$array2);
However, all of the following continue to be valid:
fn($var, ...$array);
fn(...$array1, ...$array2);
fn($var, ...$array1, ...$array2);
The reason behind this change is a stack allocation issue pointed
out by Dmitry: As of PHP 5.5 the stack necessary for pushing
arguments is precomputed and preallocated, as such the individual
SEND opcodes no longer verify that there is enough stack space.
The unpacked arguments will occupy some of that preallocated
space and as such following positional arguments could write past
a stack page boundary.
An alternative resolution for this issue is to ensure that there
is enough space for the remaining arguments in the UNPACK opcode.
However making this allocation precise (rather than using a
conversative over-estimate) would require some effort. Given that
this particular aspect of the feature wasn't very popular in the
first place, it doesn't seem worth the effort.
Instead of storing the argument number in the znode of the parameter
list, store it in fcall->arg_num. This mainly cleans up the parameter
parsing code, which previously had to duplicate all rules (this
becomes more excessive as more features are added, e.g. named params
would already require a minimum of 14 rules...)
Instead of directly pushing the zend_function* onto the
function_call_stack, push this structure. This allows us to store
additional data on this stack.
Fixed recognition of the operator
Added opcode, still doing multiply instead of pow()
opcode now always returns int(42)
The right answer, but always a float
Yanked code from pow() implementation.
Should not handle negative long as exponent ourselves
Added test cases from pow()
Moved precedence higher than '~'
Added GMP operator overloading
Added ZEND_ASSIGN_POW (**=) operator.
Added pow() as a language construct.
Adjusted test cases for changed precedence.
Reduced pow() to shell function around ZEND_API pow_function()
Reduced test case to only contain edge cases
Added overloading test case
Moved unary minus above T_POW
Revert "Added pow() as a language construct."
Bad bad bad idea.
This reverts commit f60b98cf7a8371233d800a6faa286ddba4432d02.
Reverted unary minus behaviour due to previous revert.
Convert arrays to int(0)
Exponent with array as a base becomes int(0)
Rebase against master
Fixed tokenizer test case
If multiple unpacks were used (or mixed with normal arguments)
parts of the arguments could land on different stack pages. If
this occurs the arguments will now be copied to a new stack page.
The code used to do this is copied verbatim from the PHP 5.4 branch
and only modified to reduce the amount of inlined code.
Visual Studio 2012 includes sanity checks for C++11 features, see
http://msdn.microsoft.com/en-us/library/vstudio/bb531344(v=vs.110).aspx
To fix the 'inline' keyword redefinition for C++ in debug mode, the
new macros ZEND_WIN32_KEEP_INLINE is introduced, ZEND_WIN32_FORCE_INLINE is
automatically appended in release mode.
Visual Studio 2012 includes sanity checks for C++11 features, see
http://msdn.microsoft.com/en-us/library/vstudio/bb531344(v=vs.110).aspx
To fix the 'inline' keyword redefinition for C++ in debug mode, the
new macros ZEND_WIN32_KEEP_INLINE is introduced, ZEND_WIN32_FORCE_INLINE is
automatically appended in release mode.