What does the PHP kernel do when a variable changes?

Home

Backend Development

PHP Tutorial

What does the PHP kernel do when a variable changes? _PHP Tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 12, 2016 am 09:08 AM

php kernelphp variables

What does the PHP kernel do when a variable changes?

Introduction

The content comes from "Extending and Embedding PHP" - Chapter 3 - Memory Management, plus my own understanding, to make a translation of the reference counting of variables in PHP, copy-on-write, change-on-write, copy-on-write and change ".

zval

Before reading the following content, first have an understanding of the zval structure

<code class="hljs thrift" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;"><span class="hljs-keyword" style="color: rgb(0, 0, 255);">typedef</span> <span class="hljs-class"><span class="hljs-keyword" style="color: rgb(0, 0, 255);">struct</span> _<span class="hljs-title" style="color: rgb(163, 21, 21);">zval_struct</span> </span>{
    zvalue_value value;
    zend_uint refcount;
    zend_uchar type;
    zend_uchar is_ref;
} zval;</code>

There are 4 elements in the zval structure. value is a union used to actually store the value of zval. refcount is used to count how many variables the zval is used. type represents the data type stored in zval. is_ref is used To mark whether the zval is referenced.

Reference Count

<code class="hljs xml" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;"><span class="php"><span class="hljs-preprocessor" style="color: rgb(43, 145, 175);"><?php </span>
    <span class="hljs-variable">$a</span> = <span class="hljs-string" style="color: rgb(163, 21, 21);">'Hello World'</span>;
    <span class="hljs-variable">$b</span> = <span class="hljs-variable">$a</span>;
    <span class="hljs-keyword" style="color: rgb(0, 0, 255);">unset</span>(<span class="hljs-variable">$a</span>);
<span class="hljs-preprocessor" style="color: rgb(43, 145, 175);">?></span></span></span></code>

Let’s analyze the above code together:

$a = 'Hello World';First this code is executed, the kernel creates a variable and allocates 12 bytes of memory to store the string 'Hello World' and the NULL at the end.

$b = $a;Then execute this code. What happens in the kernel when executing this sentence?

Add 1 to the refcount in the zval pointed to by $a.

points the variable $b to the zval pointed to by $a.
This is probably the case in the kernel, where active_symbol_table is the current variable symbol table

<code class="hljs clojure" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;">    <span class="hljs-collection">{
        zval *helloval;
        MAKE_STD_ZVAL<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">helloval</span>)</span><span class="hljs-comment" style="color: green;">;</span>
        ZVAL_STRING<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">helloval</span>, <span class="hljs-string" style="color: rgb(163, 21, 21);">"Hello World"</span>, <span class="hljs-number">1</span>)</span><span class="hljs-comment" style="color: green;">;</span>
        zend_hash_add<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">EG</span><span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">active_symbol_table</span>)</span>, <span class="hljs-string" style="color: rgb(163, 21, 21);">"a"</span>, sizeof<span class="hljs-list">(<span class="hljs-string" style="color: rgb(163, 21, 21);">"a"</span>)</span>,
                                            &helloval, sizeof<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">zval*</span>)</span>, NULL)</span><span class="hljs-comment" style="color: green;">;</span>
        ZVAL_ADDREF<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">helloval</span>)</span><span class="hljs-comment" style="color: green;">;</span>
        zend_hash_add<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">EG</span><span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">active_symbol_table</span>)</span>, <span class="hljs-string" style="color: rgb(163, 21, 21);">"b"</span>, sizeof<span class="hljs-list">(<span class="hljs-string" style="color: rgb(163, 21, 21);">"b"</span>)</span>,
                                            &helloval, sizeof<span class="hljs-list">(<span class="hljs-keyword" style="color: rgb(0, 0, 255);">zval*</span>)</span>, NULL)</span><span class="hljs-comment" style="color: green;">;</span>
    }</span></code>

unset($a);After this code is executed, the kernel will 🎜>YesshouldzvalknotConstructionBody中 ofr efcountCountCountMinusOne，b还和原来一样

写时复制

<code class="hljs xml" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;"><span class="php"><span class="hljs-preprocessor" style="color: rgb(43, 145, 175);"><?php </span>
    <span class="hljs-variable">$a</span> = <span class="hljs-number">1</span>;
    <span class="hljs-variable">$b</span> = <span class="hljs-variable">$a</span>;
    <span class="hljs-variable">$b</span> += <span class="hljs-number">5</span>;
<span class="hljs-preprocessor" style="color: rgb(43, 145, 175);">?></span></span></span></code>

上面这段代码执行完之后，一般肯定希望$a=1,$b=6,但是如果像引用计数那样，$a和$b指向相同的zval，修改$b之后$a不是也变了？
这个具体是怎么实现的呢，我们一起来看下：

$a = 1;The kernel creates a zval and allocates 4 bytes to store the number 1.
$b = $a; This step is the same as the second step in reference counting. Point $b to the same zval as $a, and add 1 to the reference count value refcount in the zval.

$b = 5;The key is this step. What happens in this step? How to ensure that the modification will not affect $a.

其实Zend内核在改变zval之前都会去进行get_var_and_separete操作，如果recfount>1,就需要分离就创建新的zval返回，否则直接返回变量所指向的zval，下面看看如何分离产生新的zval。
复制一个和$b所指向zval一样的zval。
将$b所指向的zval中的refcount计数减1。
初始化生成的新zval，设置refcount=1，is_ref=0。
让$b指向新生成的zval。

对新生成的zval进行操作，这就是写时复制。
下面看看内核中分离时的主要代码：

<code class="hljs lasso" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;">    zval <span class="hljs-subst">*</span>get_var_and_separate(char <span class="hljs-subst">*</span>varname, int varname_len TSRMLS_DC)
    {
        zval <span class="hljs-subst">**</span>varval, <span class="hljs-subst">*</span>varcopy;
        <span class="hljs-keyword" style="color: rgb(0, 0, 255);">if</span> (zend_hash_find(EG(active_symbol_table),
                        varname, varname_len <span class="hljs-subst">+</span> <span class="hljs-number">1</span>, (<span class="hljs-literal">void</span><span class="hljs-subst">**</span>)<span class="hljs-subst">&</span>varval) <span class="hljs-subst">==</span> FAILURE) {
        <span class="hljs-comment" style="color: green;">/* Variable doesn't actually exist  fail out */</span>
        <span class="hljs-keyword" style="color: rgb(0, 0, 255);">return</span> <span class="hljs-built_in" style="color: rgb(0, 0, 255);">NULL</span>;
    }
    <span class="hljs-keyword" style="color: rgb(0, 0, 255);">if</span> ((<span class="hljs-subst">*</span>varval)<span class="hljs-subst">-></span>is_ref <span class="hljs-subst">||</span> (<span class="hljs-subst">*</span>varval)<span class="hljs-subst">-></span>refcount <span class="hljs-subst"> <span class="hljs-number">2</span>) {
        <span class="hljs-comment" style="color: green;">/* varname is the only actual reference,
        * or it's a full reference to other variables
        * either way: no separating to be done
        */</span>
        <span class="hljs-keyword" style="color: rgb(0, 0, 255);">return</span> <span class="hljs-subst">*</span>varval;
    }
    <span class="hljs-comment" style="color: green;">/* Otherwise, make a copy of the zval* value */</span>
    MAKE_STD_ZVAL(varcopy);
    varcopy <span class="hljs-subst">=</span> <span class="hljs-subst">*</span>varval;
    <span class="hljs-comment" style="color: green;">/* Duplicate any allocated structures within the zval* */</span>
    zval_copy_ctor(varcopy);

    <span class="hljs-comment" style="color: green;">/* Remove the old version of varname
    * This will decrease the refcount of varval in the process
    */</span>
    zend_hash_del(EG(active_symbol_table), varname, varname_len <span class="hljs-subst">+</span> <span class="hljs-number">1</span>);

    <span class="hljs-comment" style="color: green;">/* Initialize the reference count of the
    * newly created value and attach it to
    * the varname variable
    */</span>
    varcopy<span class="hljs-subst">-></span>refcount <span class="hljs-subst">=</span> <span class="hljs-number">1</span>;
    varcopy<span class="hljs-subst">-></span>is_ref <span class="hljs-subst">=</span> <span class="hljs-number">0</span>;
    zend_hash_add(EG(active_symbol_table), varname, varname_len <span class="hljs-subst">+</span> <span class="hljs-number">1</span>,
                                            <span class="hljs-subst">&</span>varcopy, sizeof(zval<span class="hljs-subst">*</span>), <span class="hljs-built_in" style="color: rgb(0, 0, 255);">NULL</span>);
    <span class="hljs-comment" style="color: green;">/* Return the new zval* */</span>
    <span class="hljs-keyword" style="color: rgb(0, 0, 255);">return</span> varcopy;
    }</span></code>

写时改变

<code class="hljs xml" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;"><span class="php"><span class="hljs-preprocessor" style="color: rgb(43, 145, 175);"><?php </span>
    <span class="hljs-variable">$a</span> = <span class="hljs-number">1</span>;
    <span class="hljs-variable">$b</span> = &<span class="hljs-variable">$a</span>;
    <span class="hljs-variable">$b</span> += <span class="hljs-number">5</span>;
<span class="hljs-preprocessor" style="color: rgb(43, 145, 175);">?></span></span></span></code>

上面这段代码执行完之后一般希望是：$a == $b == 6。这个又是怎么实现的呢？

$a = 1;This step is the same as the first step in copy-on-write.
$b = &$a;In this step, the kernel will point $b to the zval pointed to by $a, increase the refcount in the zval by 1, and set the is_ref in the zval to 1.
$b = 5;This step is the same as the third step in copy-on-write, but what happens in the kernel is different.
- kernel sees that $b has changed, it will also execute the get_var_and_separate function to see if separation is needed.
- If (*varval)->is_ref is used, it will directly return the zval pointed to by $b without separating and generating a new zval, regardless of whether the refcount of zval is >1.
- At this time, if you modify the $b value, the value of $a will also change, because they point to the same zval.

The problem of separation

Now that you are smart, you may have seen something wrong. What if a zval structure has both a refcount count and an is_ref reference?

<code class="hljs xml" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;"><span class="php"><span class="hljs-preprocessor" style="color: rgb(43, 145, 175);"><?php </span>
    <span class="hljs-variable">$a</span> = <span class="hljs-number">1</span>;
    <span class="hljs-variable">$b</span> = <span class="hljs-variable">$a</span>;
    <span class="hljs-variable">$c</span> = &<span class="hljs-variable">$a</span>;
<span class="hljs-preprocessor" style="color: rgb(43, 145, 175);">?></span></span></span></code>

如果出现上面这种情况的时候，如果$a、$b、$c指向同一个zval结构体，进行改变的时候Zend到底去听谁的？其实这个地方不会指向同一个zval了。
如果对一个is_ref = 0 && refcount >1的zval进行写时改变这种赋值形式(就是引用赋值)的时候，Zend会将等号右边的变量分离出来一个新的zval，
对这个zval进行初始化，对之前的zval的refcount进行减1操作，让等号左边的变量指向这个新的zval，refcount进行加1操作，is_ref=1。看看下面这张图片

What does the PHP kernel do when a variable changes? _PHP Tutorial

<code class="hljs xml" style="font-family: 'Courier New', sans-serif !important; line-height: 1.5 !important; font-size: 12px !important; background-color: rgb(245, 245, 245) !important; border: 1px solid rgb(204, 204, 204) !important; padding: 5px !important; border-top-left-radius: 3px !important; border-top-right-radius: 3px !important; border-bottom-right-radius: 3px !important; border-bottom-left-radius: 3px !important; display: block; overflow-x: auto; color: rgb(0, 0, 0); background-position: initial initial; background-repeat: initial initial;"><span class="php"><span class="hljs-preprocessor" style="color: rgb(43, 145, 175);"><?php </span>
    <span class="hljs-variable">$a</span> = <span class="hljs-number">1</span>;
    <span class="hljs-variable">$b</span> = &<span class="hljs-variable">$a</span>;
    <span class="hljs-variable">$c</span> = <span class="hljs-variable">$a</span>;
<span class="hljs-preprocessor" style="color: rgb(43, 145, 175);">?></span></span></span></code>

上面这又是另外一种情况，在is_ref = 1的情况下，试图单纯的进行refcount+1操作的时候会分离出来一个新的zval给等号左边的变量，并初始化他，看看下面这张图片

What does the PHP kernel do when a variable changes? _PHP Tutorial

参考文献

1.《Extending and Embedding PHP》- Chaper 3 - Memory Management.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Notice: Undefined variable:解决方法Jun 25, 2023 pm 04:18 PM

在PHP开发中，我们经常会遇到PHPNotice:Undefinedvariable的错误提示。这个错误提示表示我们在代码中使用了一个未定义的变量。虽然这个错误提示不会导致代码崩溃，但是它会影响代码的可读性和可维护性。下面，本文将为大家介绍一些解决这个错误的方法。1.在开发过程中使用error_reporting(E_ALL)函数在PHP开发中，我们可

PHP Notice: Undefined variable: arr in的解决方法Jun 22, 2023 am 10:21 AM

PHPNotice:Undefinedvariable:arrin的解决方法在PHP编程中，我们经常会遇到“Notice:Undefinedvariable”这个错误提示。这个错误提示一般是因为访问了未定义的变量或者变量未被初始化导致的。对于这个问题，我们需要及时找到问题并解决。在本文中，我们将重点讨论PHPNotice:Undefin

如何在PHP中使用数字变量Sep 13, 2023 pm 12:46 PM

如何在PHP中使用数字变量在PHP中，数字变量是一种无需声明而直接使用的变量类型。可以使用数字变量进行数学计算、数据比较和其他数值操作。本文将介绍如何在PHP中使用数字变量，并提供具体的代码示例。定义数字变量在PHP中，定义数字变量非常简单，只需直接给变量赋予一个数字即可。下面是一个例子：$number=10;在上面的代码中，我们定义了一个名为$numb

PHP Notice: Undefined variable: sql的解决方法Jun 23, 2023 am 08:51 AM

在开发PHP应用程序时，如果遇到了"Undefinedvariable:sql"的提示，这通常意味着您正在引用一个未定义的变量。这可能是由于许多原因引起的，例如变量名称拼写错误、作用域问题或代码中的语法错误等。在本篇文章中，我们将探讨这个问题的各种原因，并提供一些解决这个问题的方法。1.变量名称拼写错误在您的PHP代码中，如果变量名称不正确或拼写错误，系

如何通过引用传递PHP变量Aug 26, 2023 am 09:01 AM

在PHP中，您可以使用和号（&）符号将变量按引用而不是按值传递。这样可以在函数或方法内修改原始变量。主要有两种方式可以通过引用传递PHP变量：使用ampersand符号在函数/方法声明中使用和符号将变量传递给函数/方法时在函数/方法声明中使用和号在PHP中，您可以使用函数/方法声明中的和号符号（&）通过引用传递变量。以下是更新的解释：要通过在函数/方法声明中使用&符号来传递引用变量，您需要在函数/方法定义中在参数名称之前包含&符号。这表示参数应该通过引用传递，允许

PHP Notice: Undefined variable: result的解决方法Jun 22, 2023 pm 01:32 PM

PHPNotice:Undefinedvariable:result是指在PHP程序中调用了一个未定义的变量result，这会导致程序产生Notice级别的警告。这种情况一般是由于程序员在编写PHP代码时未正确定义变量或者变量的作用域造成的。如果不及时解决，这种Notice级别的警告可能会导致程序的运行出现问题。那么，如何解决PHPNotice:

PHP7底层开发原理入门指南：从零开始学习PHP内核的奥秘Sep 08, 2023 pm 04:34 PM

PHP7底层开发原理入门指南：从零开始学习PHP内核的奥秘引言:随着互联网的迅猛发展，PHP作为一种流行的服务器端脚本语言，具备了广泛的应用场景。然而，很多人对于PHP的内部原理和工作原理却知之甚少。对于想要深入了解PHP内核的开发者来说，本文将提供一个入门指南，帮助他们从零开始学习PHP内核的奥秘。一、PHP内核的基本概念PHP的编译过程在PHP的编译过程

PHP7底层开发原理详细介绍：了解PHP内核架构和组件的关系Sep 08, 2023 am 10:51 AM

PHP7底层开发原理详细介绍：了解PHP内核架构和组件的关系PHP是一种广泛使用的服务器端脚本语言，它可以嵌入到HTML中，用于开发动态网页。PHP的优势在于它简单易学，且与多种数据库集成得很好。对于很多开发者来说，他们都希望深入了解PHP底层的开发原理，以便更好地利用PHP提供的强大功能。本文将详细介绍PHP7底层开发原理，帮助读者深入理解PHP的内核架构

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Repo: How To Revive Teammates

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks agoByDDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks agoByDDD

Hot Tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

Atom editor mac version download

The most popular open source editor

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Hot Topics

Where is the login entrance for gmail email?

7366

1628

1353

1266

1214