Implementation using NO_VAL

Fixup DFG check condition

Re-enable other benches

Tweak

Fix regression

Author: ndossche

Zend/Optimizer/dfa_pass.c

@@ -466,7 +466,10 @@ int zend_dfa_optimize_calls(zend_op_array *op_array, zend_ssa *ssa)
 							int var_num = ssa_op->op1_use;
 							zend_ssa_var *var = ssa->vars + var_num;
 
-							ZEND_ASSERT(ssa_op->op1_def < 0);
+							if (ssa_op->op1_def >= 0) {
+								zend_ssa_replace_op1_def_op1_use(ssa, ssa_op);
+							}
+
 							zend_ssa_unlink_use_chain(ssa, op_num, ssa_op->op1_use);
 							ssa_op->op1_use = -1;
 							ssa_op->op1_use_chain = -1;
@@ -1066,46 +1069,35 @@ static bool zend_dfa_try_to_replace_result(zend_op_array *op_array, zend_ssa *ss
 	return 0;
 }
 
-static bool op_dominates(const zend_op_array *op_array, const zend_ssa *ssa, const zend_op *a, const zend_op *b)
-{
-	uint32_t a_block = ssa->cfg.map[a - op_array->opcodes];
-	uint32_t b_block = ssa->cfg.map[b - op_array->opcodes];
-	if (a_block == b_block) {
-		return a < b;
-	} else {
-		return dominates(ssa->cfg.blocks, a_block, b_block);
-	}
-}
-
-static bool op_dominates_all_uses(const zend_op_array *op_array, const zend_ssa *ssa, int start) {
-	int use;
-	FOREACH_USE(ssa->vars + ssa->ops[start].op1_def, use) {
-		if (!op_dominates(op_array, ssa, op_array->opcodes + start, op_array->opcodes + use)) {
-			return false;
-		}
-	} FOREACH_USE_END();
-	return true;
-}
-
 /* Sets a flag on SEND ops when a copy can be a avoided. */
-static void zend_dfa_optimize_send_copies(zend_op_array *op_array, const zend_ssa *ssa)
+static void zend_dfa_optimize_send_copies(zend_op_array *op_array, zend_ssa *ssa)
 {
-	/* func_get_args() etc could make the optimization observable */
+	/* func_get_args(), indirect accesses and exceptions could make the optimization observable.
+	 * The latter two cases are already tested before applying the DFA pass. */
 	if (ssa->cfg.flags & ZEND_FUNC_VARARG) {
 		return;
 	}
 
 	for (uint32_t i = 0; i < op_array->last; i++) {
-		const zend_op *opline = &op_array->opcodes[i];
+		zend_op *opline = op_array->opcodes + i;
 		if ((opline->opcode != ZEND_SEND_VAR && opline->opcode != ZEND_SEND_VAR_EX) || opline->op2_type != IS_UNUSED || opline->op1_type != IS_CV) {
 			continue;
 		}
 
-		/* NULL must not be visible in backtraces */
-		int ssa_cv = ssa->ops[i].op1_use;
+		zend_ssa_op *ssa_op = ssa->ops + i;
+		int op1_def = ssa_op->op1_def;
+		if (op1_def == -1) {
+			continue;
+		}
+
+		int ssa_cv = ssa_op->op1_use;
+
+#if 0
+		/* Argument move must not be observable in backtraces */
 		if (ssa->vars[ssa_cv].var < op_array->num_args) {
 			continue;
 		}
+#endif
 
 		/* Unsetting a CV is always fine if it gets overwritten afterwards.
 		 * Since type inference often infers very wide types, we are very loose in matching types. */
@@ -1114,25 +1106,11 @@ static void zend_dfa_optimize_send_copies(zend_op_array *op_array, const zend_ss
 			continue;
 		}
 
-		if (opline->opcode == ZEND_SEND_VAR) {
-			/* Check if the call dominates the assignment and the assignment dominates all the future uses of this SSA variable */
-			int next_use = ssa->ops[i].op1_use_chain;
-			if (next_use >= 0
-				&& op_array->opcodes[next_use].opcode == ZEND_ASSIGN
-				&& ssa->ops[next_use].op1_use == ssa_cv
-				&& ssa->ops[next_use].op2_use >= 0
-				&& op_dominates(op_array, ssa, opline, op_array->opcodes + next_use)) {
-				if (op_dominates_all_uses(op_array, ssa, next_use)) {
-					op_array->opcodes[i].extended_value = 1;
-					//fprintf(stderr, "yes optimize 1\n");
-				}
-			}
-		} else /* ZEND_SEND_VAR_EX */ {
-			ZEND_ASSERT(ssa->ops[i].op1_def != -1);
-			if (ssa->vars[ssa->ops[i].op1_def].no_val) {
-				op_array->opcodes[i].extended_value = 1;
-				//fprintf(stderr, "yes optimize 2\n");
-			}
+		zend_ssa_var *ssa_var = ssa->vars + op1_def;
+
+		if (ssa_var->no_val && !ssa_var->alias) {
+			/* Flag will be used by VM type spec handler */
+			opline->extended_value = 1;
 		}
 	}
 }
@@ -1198,6 +1176,9 @@ void zend_dfa_optimize_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx
 		/* Optimization should not be done on main because of globals. */
 		if (op_array->function_name) {
 			zend_dfa_optimize_send_copies(op_array, ssa);
+#if ZEND_DEBUG_DFA
+			ssa_verify_integrity(op_array, ssa, "after optimize send copies");
+#endif
 		}
 
 		for (v = op_array->last_var; v < ssa->vars_count; v++) {

Zend/Optimizer/sccp.c

@@ -98,7 +98,7 @@ typedef struct _sccp_ctx {
 #define MAKE_TOP(zv) (Z_TYPE_INFO_P(zv) = TOP)
 #define MAKE_BOT(zv) (Z_TYPE_INFO_P(zv) = BOT)
 
-static void scp_dump_value(zval *zv) {
+static void scp_dump_value(const zval *zv) {
 	if (IS_TOP(zv)) {
 		fprintf(stderr, " top");
 	} else if (IS_BOT(zv)) {
@@ -1050,6 +1050,12 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 		case ZEND_SEND_VAL:
 		case ZEND_SEND_VAR:
 		{
+			SKIP_IF_TOP(op1);
+
+			if (opline->opcode == ZEND_SEND_VAR) {
+				SET_RESULT(op1, op1);
+			}
+
 			/* If the value of a SEND for an ICALL changes, we need to reconsider the
 			 * ICALL result value. Otherwise we can ignore the opcode. */
 			zend_call_info *call;
@@ -1058,7 +1064,7 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 			}
 
 			call = ctx->call_map[opline - ctx->scdf.op_array->opcodes];
-			if (IS_TOP(op1) || !call || !call->caller_call_opline
+			if (!call || !call->caller_call_opline
 					|| call->caller_call_opline->opcode != ZEND_DO_ICALL) {
 				return;
 			}
@@ -2034,8 +2040,14 @@ static int remove_call(sccp_ctx *ctx, zend_op *opline, zend_ssa_op *ssa_op)
 		&ssa->ops[call->caller_init_opline - op_array->opcodes]);
 
 	for (i = 0; i < call->num_args; i++) {
-		zend_ssa_remove_instr(ssa, call->arg_info[i].opline,
-			&ssa->ops[call->arg_info[i].opline - op_array->opcodes]);
+		zend_op *op = call->arg_info[i].opline;
+		zend_ssa_op *this_ssa_op = &ssa->ops[op - op_array->opcodes];
+
+		if (op->opcode == ZEND_SEND_VAR && this_ssa_op->op1_def >= 0) {
+			zend_ssa_replace_op1_def_op1_use(ssa, this_ssa_op);
+		}
+
+		zend_ssa_remove_instr(ssa, op, this_ssa_op);
 	}
 
 	// TODO: remove call_info completely???
@@ -2188,6 +2200,10 @@ static int try_remove_definition(sccp_ctx *ctx, int var_num, zend_ssa_var *var,
 				return 0;
 			}
 
+			if (opline->opcode == ZEND_SEND_VAR) {
+				return 0;
+			}
+
 			/* Compound assign or incdec -> convert to direct ASSIGN */
 
 			if (!value) {
@@ -2330,6 +2346,9 @@ static int replace_constant_operands(sccp_ctx *ctx) {
 		FOREACH_USE(var, use) {
 			zend_op *opline = &op_array->opcodes[use];
 			zend_ssa_op *ssa_op = &ssa->ops[use];
+			if (opline->opcode == ZEND_SEND_VAR && ssa_op->op1_use == i && ssa_op->op1_def >= 0) {
+				zend_ssa_replace_op1_def_op1_use(ssa, ssa_op);
+			}
 			if (try_replace_op1(ctx, opline, ssa_op, i, value)) {
 				if (opline->opcode == ZEND_NOP) {
 					removed_ops++;

Zend/Optimizer/zend_cfg.c

@@ -761,7 +761,7 @@ ZEND_API void zend_cfg_compute_dominators_tree(const zend_op_array *op_array, ze
 }
 /* }}} */
 
-bool dominates(const zend_basic_block *blocks, int a, int b) /* {{{ */
+static bool dominates(zend_basic_block *blocks, int a, int b) /* {{{ */
 {
 	while (blocks[b].level > blocks[a].level) {
 		b = blocks[b].idom;

Zend/Optimizer/zend_cfg.h

@@ -120,7 +120,6 @@ void zend_cfg_remark_reachable_blocks(const zend_op_array *op_array, zend_cfg *c
 ZEND_API void zend_cfg_build_predecessors(zend_arena **arena, zend_cfg *cfg);
 ZEND_API void zend_cfg_compute_dominators_tree(const zend_op_array *op_array, zend_cfg *cfg);
 ZEND_API void zend_cfg_identify_loops(const zend_op_array *op_array, zend_cfg *cfg);
-bool dominates(const zend_basic_block *blocks, int a, int b);
 
 END_EXTERN_C()
 

Zend/Optimizer/zend_dfg.c

@@ -174,6 +174,10 @@ static zend_always_inline void _zend_dfg_add_use_def_op(const zend_op_array *op_
 			}
 			break;
 		case ZEND_SEND_VAR:
+			if (opline->op1_type == IS_CV && ((build_flags & ZEND_SSA_RC_INFERENCE) || opline->op2_type == IS_UNUSED)) {
+				goto add_op1_def;
+			}
+			break;
 		case ZEND_CAST:
 		case ZEND_QM_ASSIGN:
 		case ZEND_JMP_SET:

Zend/Optimizer/zend_inference.c

@@ -2950,6 +2950,9 @@ static zend_always_inline zend_result _zend_update_type_info(
 				if (t1 & (MAY_BE_RC1|MAY_BE_REF)) {
 					tmp |= MAY_BE_RCN;
 				}
+				if ((t1 & (MAY_BE_ARRAY|MAY_BE_STRING)) && (t1 & MAY_BE_RC1) && !(t1 & (MAY_BE_UNDEF|MAY_BE_REF)) && ssa_vars[ssa_op->op1_def].no_val && !ssa_vars[ssa_op->op1_def].alias) {
+					tmp |= MAY_BE_UNDEF;
+				}
 				UPDATE_SSA_TYPE(tmp, ssa_op->op1_def);
 				COPY_SSA_OBJ_TYPE(ssa_op->op1_use, ssa_op->op1_def);
 			}
@@ -2991,6 +2994,9 @@ static zend_always_inline zend_result _zend_update_type_info(
 		case ZEND_SEND_FUNC_ARG:
 			if (ssa_op->op1_def >= 0) {
 				tmp = (t1 & MAY_BE_UNDEF)|MAY_BE_REF|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_ANY|MAY_BE_ARRAY_KEY_ANY|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_OF_REF;
+				if (opline->opcode == ZEND_SEND_VAR_EX && (t1 & (MAY_BE_ARRAY|MAY_BE_STRING)) && (t1 & MAY_BE_RC1) && !(t1 & (MAY_BE_UNDEF|MAY_BE_REF)) && ssa_vars[ssa_op->op1_def].no_val && !ssa_vars[ssa_op->op1_def].alias) {
+					tmp |= MAY_BE_UNDEF;
+				}
 				UPDATE_SSA_TYPE(tmp, ssa_op->op1_def);
 			}
 			break;

Zend/Optimizer/zend_ssa.c

@@ -18,13 +18,19 @@
 */
 
 #include "zend_compile.h"
-#include "zend_cfg.h"
 #include "zend_dfg.h"
 #include "zend_ssa.h"
 #include "zend_dump.h"
 #include "zend_inference.h"
 #include "Optimizer/zend_optimizer_internal.h"
 
+static bool dominates(const zend_basic_block *blocks, int a, int b) {
+	while (blocks[b].level > blocks[a].level) {
+		b = blocks[b].idom;
+	}
+	return a == b;
+}
+
 static bool will_rejoin(
 		const zend_cfg *cfg, const zend_dfg *dfg, const zend_basic_block *block,
 		int other_successor, int exclude, int var) {
@@ -697,6 +703,10 @@ static zend_always_inline int _zend_ssa_rename_op(const zend_op_array *op_array,
 			}
 			break;
 		case ZEND_SEND_VAR:
+			if (opline->op1_type == IS_CV && ((build_flags & ZEND_SSA_RC_INFERENCE) || opline->op2_type == IS_UNUSED)) {
+				goto add_op1_def;
+			}
+			break;
 		case ZEND_CAST:
 		case ZEND_QM_ASSIGN:
 		case ZEND_JMP_SET:
@@ -1674,3 +1684,13 @@ void zend_ssa_rename_var_uses(zend_ssa *ssa, int old, int new, bool update_types
 	old_var->phi_use_chain = NULL;
 }
 /* }}} */
+
+void zend_ssa_replace_op1_def_op1_use(zend_ssa *ssa, zend_ssa_op *ssa_op)
+{
+	int op1_new = ssa_op->op1_use;
+	ZEND_ASSERT(op1_new >= 0);
+	ZEND_ASSERT(ssa_op->op1_def >= 0);
+	/* zend_ssa_rename_var_uses() clear use_chain & phi_use_chain for us */
+	zend_ssa_rename_var_uses(ssa, ssa_op->op1_def, op1_new, true);
+	zend_ssa_remove_op1_def(ssa, ssa_op);
+}

Zend/Optimizer/zend_ssa.h

@@ -159,6 +159,7 @@ void zend_ssa_remove_uses_of_var(zend_ssa *ssa, int var_num);
 void zend_ssa_remove_block(zend_op_array *op_array, zend_ssa *ssa, int b);
 void zend_ssa_rename_var_uses(zend_ssa *ssa, int old_var, int new_var, bool update_types);
 void zend_ssa_remove_block_from_cfg(zend_ssa *ssa, int b);
+void zend_ssa_replace_op1_def_op1_use(zend_ssa *ssa, zend_ssa_op *ssa_op);
 
 static zend_always_inline void _zend_ssa_remove_def(zend_ssa_var *var)
 {

benchmark/benchmark.php

@@ -13,12 +13,12 @@ function main() {
     global $storeResult;
 
     $data = [];
-    $data['Zend/bench.php'] = runBench(false);
+/*    $data['Zend/bench.php'] = runBench(false);
     $data['Zend/bench.php JIT'] = runBench(true);
     $data['Symfony Demo 2.2.3'] = runSymfonyDemo(false);
-    $data['Symfony Demo 2.2.3 JIT'] = runSymfonyDemo(true);
+    $data['Symfony Demo 2.2.3 JIT'] = runSymfonyDemo(true);*/
     $data['Wordpress 6.2'] = runWordpress(false);
-    $data['Wordpress 6.2 JIT'] = runWordpress(true);
+//    $data['Wordpress 6.2 JIT'] = runWordpress(true);
     $result = json_encode($data, JSON_PRETTY_PRINT) . "\n";
 
     fwrite(STDOUT, $result);
@@ -78,7 +78,7 @@ function runWordpress(bool $jit): array {
 
     // Warmup
     runPhpCommand([$dir . '/index.php'], $dir);
-    return runValgrindPhpCgiCommand([$dir . '/index.php'], cwd: $dir, jit: $jit, warmup: 50, repeat: 50);
+    return runValgrindPhpCgiCommand([$dir . '/index.php'], cwd: $dir, jit: $jit, warmup: 2, repeat: 2);
 }
 
 function runPhpCommand(array $args, ?string $cwd = null): ProcessResult {
@@ -97,11 +97,12 @@ function runValgrindPhpCgiCommand(
         'valgrind',
         '--tool=callgrind',
         '--dump-instr=yes',
-        '--callgrind-out-file=/dev/null',
+        //'--callgrind-out-file=/dev/null',
         '--',
         $phpCgi,
         '-T' . ($warmup ? $warmup . ',' : '') . $repeat,
         '-d max_execution_time=0',
+        '-c', '/run/media/niels/MoreData/php-src',
         '-d opcache.enable=1',
         '-d opcache.jit_buffer_size=' . ($jit ? '128M' : '0'),
         '-d opcache.validate_timestamps=0',

ext/opcache/jit/zend_jit.c

@@ -156,7 +156,7 @@ static int zend_jit_assign_to_variable(dasm_State    **Dst,
                                        zend_jit_addr   res_addr,
                                        bool       check_exception);
 
-bool dominates(const zend_basic_block *blocks, int a, int b) {
+static bool dominates(const zend_basic_block *blocks, int a, int b) {
 	while (blocks[b].level > blocks[a].level) {
 		b = blocks[b].idom;
 	}