本文github地址:
https://github.com/wusuopubupt/phplib/blob/master/global%e5%85%b3%e9%94%ae%e5%ad%97%e7%9a%84%e8%a7%a3%e6%9e%90%e8%bf%87%e7%a8%8b%e5%88%86%e6%9e%90
|=-----------------------------------------------------------------------=|
|=--------------------=[ global关键字的解析过程分析 ]=-------------------=|
|=-----------------------------------------------------------------------=|
|=--------------------------=[ by d4shman ]=---------------------------=|
|=-----------------------------------------------------------------------=|
|=-------------------------=[ may 8, 2014 ]=---------------------------=|
|=-----------------------------------------------------------------------=|
[目录]
0x01 词法分析
0x02 语法分析
0x03 解释执行
0x04 参考文献
0x01 词法分析
d4shman@gentoo# vi /php-dev/php-5.4.8/zend/zend_language_scanner.l
找到global:
global {
return t_global;
}
发现返回一个token t_global
0x02 语法分析
通过token t_global来到zend_language_parser.y找到:
| t_global global_var_list ';'
global_var_list:
global_var_list ',' global_var { zend_do_fetch_global_variable(&$3, null, zend_fetch_global_lock tsrmls_cc); }
| global_var { zend_do_fetch_global_variable(&$1, null, zend_fetch_global_lock tsrmls_cc); }
;
上面的$3指的是global_val,可以看到,对于全局变量,语法分析器调用的是zend引擎
的zend_do_fetch_globa_variable函数。此函数的声明在zend/zend_compile.c
0x03 解释执行
在zend/zend_compile.c中找到zend_do_fetch_global_variable函数定义:
void zend_do_fetch_global_variable(znode *varname, const znode *static_assignment, int fetch_type tsrmls_dc)
{
zend_op *opline;
znode lval;
znode result;
/*如果变量类型是常量且不是字符串,则将其转化成字符串类型*/
if (varname->op_type == is_const) {
if (z_type(varname->u.constant) != is_string) {
convert_to_string(&varname->u.constant);
}
}
opline = get_next_op(cg(active_op_array) tsrmls_cc); /* cg: compile_global */
opline->opcode = zend_fetch_w; /* 默认的模式必须是write */
opline->result_type = is_var;
opline->result.var = get_temporary_variable(cg(active_op_array));
set_node(opline->op1, varname);
if (opline->op1_type == is_const) {
calculate_literal_hash(opline->op1.constant);
}
set_unused(opline->op2);
opline->extended_value = fetch_type;
get_node(&result, opline->result);
if (varname->op_type == is_const) {
zval_copy_ctor(&varname->u.constant);
}
/* relies on the fact that the default fetch is bp_var_w */
fetch_simple_variable(&lval, varname, 0 tsrmls_cc);
zend_do_assign_ref(null, &lval, &result tsrmls_cc);
cg(active_op_array)->opcodes[cg(active_op_array)->last-1].result_type |= ext_type_unused;
}
上面的代码确认了opcode为zend_fetch_w外,还执行了zend_do_assign_ref函数。zend_do_assign_ref函数中
有这么一个关键语句:
opline->opcode = zend_assign_ref;
由此可知,语法分析过程中,实际执行了2个opcode: zend_fetch_w和zend_assign_ref,在zend_vm_opcodes.h
中发现,它们对应的opcode分别是83和39。而计算最后调用的方法是(定义在zend_execute.c:):
zend_opcode_handlers[opcode * 25 + zend_vm_decode[op->op1.op_type] * 5 + zend_vm_decode[op->op2.op_type]];
计算后(///////////我没搞清楚是怎么计算出的//////////),得到调用的函数是:
static int zend_fastcall zend_fetch_w_spec_cv_handler(zend_opcode_handler_args)
{
return zend_fetch_var_address_helper_spec_cv(bp_var_w, zend_opcode_handler_args_passthru);
}
在zend_fetch_var_address_helper_spec_cv中调用如下代码获取符号表:
target_symbol_table = zend_get_target_symbol_table(opline, ex(ts), type, varname tsrmls_cc);
zend_get_target_symbol_table函数的实现如下(在):
static inline hashtable *zend_get_target_symbol_table(int fetch_type tsrmls_dc)
{
switch (fetch_type) {
case zend_fetch_local:
if (!eg(active_symbol_table)) {
zend_rebuild_symbol_table(tsrmls_c);
}
return eg(active_symbol_table);
break;
case zend_fetch_global:
case zend_fetch_global_lock:
return &eg(symbol_table); /*返回global 变量符号表的地址*/
break;
case zend_fetch_static:
if (!eg(active_op_array)->static_variables) {
alloc_hashtable(eg(active_op_array)->static_variables);
zend_hash_init(eg(active_op_array)->static_variables, 2, null, zval_ptr_dtor, 0);
}
return eg(active_op_array)->static_variables;
break;
empty_switch_default_case()
}
return null;
}
通过代码可以看到,当传递过来的fetch_type是zend_fetch_global(_lock)时,函数使用eg(excutor_global)宏
返回了global变量的符号表地址。
以上就是global变量解析执行的整个过程。
0x04 参考文献
《深入理解php内核》