【PHP内核学习】global关键字的解析过程分析
https://github.com/wusuopubupt/phpLib/blob/master/global%E5%85%B3%E9%94%AE%E5%AD%97%E7%9A%84%E8%A7%A3%E6%9E%90%E8%BF%87%E7%A8%8B%E5%88%86%E6%9E%90
|=-----------------------------------------------------------------------=|
|=--------------------=[ global关键字的解析过程分析 ]=-------------------=|
|=-----------------------------------------------------------------------=|
|=--------------------------=[ by d4shman ]=---------------------------=|
|=-----------------------------------------------------------------------=|
|=-------------------------=[ May 8, 2014 ]=---------------------------=|
|=-----------------------------------------------------------------------=|
[目录]
0x01 词法分析
0X02 语法分析
0X03 解释执行
0X04 参考文献
0x01 词法分析
d4shman@gentoo# vi /php-dev/php-5.4.8/Zend/zend_language_scanner.l
找到global:
"global" { return T_GLOBAl;
}
发现返回一个token T_GLOBAL
0X02 语法分析
通过token T_GLOBAL来到zend_language_parser.y找到:
| T_GLOBAL global_var_list ';'
global_var_list:
global_var_list ',' global_var { zend_do_fetch_global_variable(&$3, NULL, ZEND_FETCH_GLOBAL_LOCK TSRMLS_CC); }
| global_var { zend_do_fetch_global_variable(&$1, NULL, ZEND_FETCH_GLOBAL_LOCK TSRMLS_CC); }
;
上面的$3指的是global_val,可以看到,对于全局变量,语法分析器调用的是Zend引擎
的zend_do_fetch_globa_variable函数。此函数的声明在Zend/zend_compile.c
0X03 解释执行
在Zend/zend_compile.c中找到zend_do_fetch_global_variable函数定义:
void zend_do_fetch_global_variable(znode *varname, const znode *static_assignment, int fetch_type TSRMLS_DC)
{
zend_op *opline;
znode lval;
znode result;
/*如果变量类型是常量且不是字符串,则将其转化成字符串类型*/
if (varname->op_type == IS_CONST) {
if (Z_TYPE(varname->u.constant) != IS_STRING) {
convert_to_string(&varname->u.constant);
}
}
opline = get_next_op(CG(active_op_array) TSRMLS_CC); /* CG: compile_global */
opline->opcode = ZEND_FETCH_W; /* 默认的模式必须是Write */
opline->result_type = IS_VAR;
opline->result.var = get_temporary_variable(CG(active_op_array));
SET_NODE(opline->op1, varname);
if (opline->op1_type == IS_CONST) {
CALCULATE_LITERAL_HASH(opline->op1.constant);
}
SET_UNUSED(opline->op2);
opline->extended_value = fetch_type;
GET_NODE(&result, opline->result);
if (varname->op_type == IS_CONST) {
zval_copy_ctor(&varname->u.constant);
}
/* Relies on the fact that the default fetch is BP_VAR_W */
fetch_simple_variable(&lval, varname, 0 TSRMLS_CC);
zend_do_assign_ref(NULL, &lval, &result TSRMLS_CC);
CG(active_op_array)->opcodes[CG(active_op_array)->last-1].result_type |= EXT_TYPE_UNUSED;
}
上面的代码确认了opcode为ZEND_FETCH_W外,还执行了zend_do_assign_ref函数。zend_do_assign_ref函数中
有这么一个关键语句:
opline->opcode = ZEND_ASSIGN_REF;
由此可知,语法分析过程中,实际执行了2个opcode: ZEND_FETCH_W和ZEND_ASSIGN_REF,在zend_vm_opcodes.h
中发现,它们对应的opcode分别是83和39。而计算最后调用的方法是(定义在zend_execute.c:):
zend_opcode_handlers[opcode * 25 + zend_vm_decode[op->op1.op_type] * 5 + zend_vm_decode[op->op2.op_type]];
计算后(///////////我没搞清楚是怎么计算出的//////////),得到调用的函数是:
static int ZEND_FASTCALL ZEND_FETCH_W_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
{
return zend_fetch_var_address_helper_SPEC_CV(BP_VAR_W, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
}
在zend_fetch_var_address_helper_SPEC_CV中调用如下代码获取符号表:
target_symbol_table = zend_get_target_symbol_table(opline, EX(Ts), type, varname TSRMLS_CC);
zend_get_target_symbol_table函数的实现如下(在):
static inline HashTable *zend_get_target_symbol_table(int fetch_type TSRMLS_DC)
{
switch (fetch_type) {
case ZEND_FETCH_LOCAL:
if (!EG(active_symbol_table)) {
zend_rebuild_symbol_table(TSRMLS_C);
}
return EG(active_symbol_table);
break;
case ZEND_FETCH_GLOBAL:
case ZEND_FETCH_GLOBAL_LOCK:
return &EG(symbol_table); /*返回global 变量符号表的地址*/
break;
case ZEND_FETCH_STATIC:
if (!EG(active_op_array)->static_variables) {
ALLOC_HASHTABLE(EG(active_op_array)->static_variables);
zend_hash_init(EG(active_op_array)->static_variables, 2, NULL, ZVAL_PTR_DTOR, 0);
}
return EG(active_op_array)->static_variables;
break;
EMPTY_SWITCH_DEFAULT_CASE()
}
return NULL;
}
通过代码可以看到,当传递过来的fetch_type是ZEND_FETCH_GLOBAL(_LOCK)时,函数使用EG(excutor_global)宏
返回了global变量的符号表地址。
以上就是global变量解析执行的整个过程。
0X04 参考文献
《深入理解PHP内核》