Home > Article > php教程 > PHP Kernel Analysis (7) - Extension

PHP Kernel Analysis (7) - Extension

黄舟Original: 2016-12-19 11:28:571121browse

Abstract: The php version read here is PHP-7.1.0 RC3, and the platform for reading the code is linux. Let's study this extension of reflection. The reflection extension directory exists in: ext/reflection. In fact, the code inside is very simple. One .h file and one .c file. Let's take a look at the .c file first, and we will see a lot...

The php version read here is PHP-7.1.0 RC3, and the platform for reading the code is linux.

Let’s study the reflection extension.

The reflection extension directory exists in: ext/reflection. In fact, the code inside is very simple. One .h file and one .c file.

Let’s take a look at the .c file first, and you will see a lot of macros corresponding to ZEND_METHOD

1    ZEND_METHOD(reflection_function, getReturnType)    
2    {    
3         ...    
4    }

1    #define ZEND_METHOD(classname, name)     ZEND_NAMED_FUNCTION(ZEND_MN(classname##_##name))    
2    #define ZEND_NAMED_FUNCTION(name)          void name(INTERNAL_FUNCTION_PARAMETERS)    
3    #define ZEND_MN(name) zim_##name    
4    #define INTERNAL_FUNCTION_PARAMETERS zend_execute_data *execute_data, zval *return_value

The ## here represents the connection, and the expansion actually means:

void zim_reflection_function_getReturnType(zend_execute_data *execute_data, zval *return_value)

In short, we are using ZEND_METHOD here A function zim_reflection_function_getReturnType is defined, so how is it called here from the execution code?

Okay, so we can’t see the extended call stack here. Then let's use gdb to look at the call stack.

Write a script that uses reflection extension:

  1 <?php
  2
  3 class B
  4 {  
  5     public function test(): B
  6     {  
  7
  8     }  
  9 }
  10
  11 function getB(): B
  12 {
  13
  14 }
  15
  16 $rc = new ReflectionMethod(&#39;B&#39;, &#39;test&#39;);
  17 var_dump((string)$rc->getReturnType(), $rc->getReturnType());
  18
  19 $rc = new ReflectionFunction(&#39;getB&#39;);
  20 var_dump((string)$rc->getReturnType(), $rc->getReturnType());

Use gdb for management. We looked at the extended definition of getReturnType. There is a function reflection_type_factory in the extension code, so we used this for management.

01    (gdb) b reflection_type_factory    
02    
03    (gdb) run -f /home/xiaoju/software/php7/demo/echo.php    
04    
05    (gdb) s    
06    
07    (gdb) bt    
08    #0  reflection_type_factory (fptr=0x7ffff6004210, closure_object=0x0, arg_info=0x7ffff6079048,    
09        object=0x7ffff60140d0) at /home/xiaoju/webroot/php-src/php-src-master/ext/reflection/php_reflection.c:1280    
10    #1  0x0000000000760d23 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (execute_data=0x7ffff6014030)    
11        at /home/xiaoju/webroot/php-src/php-src-master/Zend/zend_vm_execute.h:1097    
12    #2  0x000000000073fc88 in execute_ex (ex=<value optimized="" out="">)    
13        at /home/xiaoju/webroot/php-src/php-src-master/Zend/zend_vm_execute.h:432    
14    #3  0x000000000078b670 in zend_execute (op_array=0x7ffff60782a0, return_value=<value optimized="" out="">)    
15        at /home/xiaoju/webroot/php-src/php-src-master/Zend/zend_vm_execute.h:474    
16    #4  0x00000000006e48a3 in zend_execute_scripts (type=8, retval=0x0, file_count=3)    
17        at /home/xiaoju/webroot/php-src/php-src-master/Zend/zend.c:1464    
18    #5  0x0000000000684870 in php_execute_script (primary_file=0x7fffffffe090)    
19        at /home/xiaoju/webroot/php-src/php-src-master/main/main.c:2541    
20    #6  0x000000000078e9ea in do_cli (argc=3, argv=0xee1bc0)    
21        at /home/xiaoju/webroot/php-src/php-src-master/sapi/cli/php_cli.c:994    
22    #7  0x000000000078f1ea in main (argc=3, argv=0xee1bc0)    
23        at /home/xiaoju/webroot/php-src/php-src-master/sapi/cli/php_cli.c:1387    
24    (gdb)</value></value>

Okay, you can see this context very clearly:

main->do_cli->php_execute_scripts->zend_execute->execute_ex->ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER->reflection_type_factory

For main, do_cli, php_execute_scripts, zend_execute, execute_ex based on the previous main function analysis, we can easily understand the role of each function. In other words, execute_ex is the most important function that actually calls opcode.

Compare the opcode of this script:

01    L1-21 {main}() /home/xiaoju/software/php7/demo/echo.php - 0x7fd6a127f000 + 30 ops    
02    L3    #0     NOP    
03    L11   #1     NOP    
04    L16   #2     NEW                     "ReflectionMethod"                        @1    
05    L16   #3     SEND_VAL_EX             "B"                  1    
06    L16   #4     SEND_VAL_EX             "test"               2    
07    L16   #5     DO_FCALL    
08    L16   #6     ASSIGN                  $rc                  @1    
09    L17   #7     INIT_FCALL              112                  "var_dump"    
10    L17   #8     INIT_METHOD_CALL        $rc                  "getReturnType"    
11    L17   #9     DO_FCALL                                                          @4    
12    L17   #10    CAST                    @4                                        ~5    
13    L17   #11    SEND_VAL                ~5                   1    
14    L17   #12    INIT_METHOD_CALL        $rc                  "getReturnType"    
15    L17   #13    DO_FCALL                                                          @6    
16    L17   #14    SEND_VAR                @6                   2    
17    L17   #15    DO_ICALL    
18    L19   #16    NEW                     "ReflectionFunction"                      @8    
19    L19   #17    SEND_VAL_EX             "getB"               1    
20    L19   #18    DO_FCALL    
21    L19   #19    ASSIGN                  $rc                  @8    
22    L20   #20    INIT_FCALL              112                  "var_dump"    
23    L20   #21    INIT_METHOD_CALL        $rc                  "getReturnType"    
24    L20   #22    DO_FCALL                                                          @11    
25    L20   #23    CAST                    @11                                       ~12    
26    L20   #24    SEND_VAL                ~12                  1    
27    L20   #25    INIT_METHOD_CALL        $rc                  "getReturnType"    
28    L20   #26    DO_FCALL                                                          @13    
29    L20   #27    SEND_VAR                @13                  2    
30    L20   #28    DO_ICALL    
31    L21   #29    RETURN                  1

You can see that the opcode corresponding to $rc->getReturnType() is #9 DO_FCALL

Okay, let’s start from execute_ex, which can be simplified Into:

01    // 最核心的执行opcode的函数    
02    ZEND_API void execute_ex(zend_execute_data *ex)    
03    {    
04         ...    
05         while (1) {    
06              int ret;    
07              if (UNEXPECTED((ret = ((opcode_handler_t)OPLINE->handler)(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU)) != 0)) {    
08                  ...    
09              }    
10    
11         }    
12        ...    
13    }

Each opcode op of the handler here corresponds to a handler. For example, the handler corresponding to DO_FCALL is ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (the same as the stack displayed in bt just now)

The simplified pseudo code is as follows:

01    // DO_FCALL这个opcode对应的处理函数    
02    static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)    
03    {    
04         ...    
05         if (EXPECTED(fbc->type == ZEND_USER_FUNCTION)) {  // 如果是用户定义的函数    
06              ...    
07            zend_execute_ex(call);    
08            ...    
09         } else if (EXPECTED(fbc->type < ZEND_USER_FUNCTION)) { // 如果是内部函数    
10              ...    
11              if (!zend_execute_internal) {    
12                   fbc->internal_function.handler(call, ret);  // 执行这个internal_function所定义的handler函数，这个就是实际的调用方法了，命名为：zim_[class]_function_[function]    
13              } else {    
14                   zend_execute_internal(call, ret);    
15              }    
16            ...    
17    
18         } else { /* ZEND_OVERLOADED_FUNCTION */    
19              ...    
20              if (UNEXPECTED(!zend_do_fcall_overloaded(fbc, call, ret))) {    
21                   HANDLE_EXCEPTION();    
22              }    
23            ...    
24         }    
25    
26    fcall_end:    
27         ...    
28         ZEND_VM_SET_OPCODE(opline + 1);    
29         ZEND_VM_CONTINUE(); // 下一条op    
30    }

Okay As you can see, there is a fbc->internal_function.handler in this function. The function name corresponding to internal_function here is zim_reflection_function_getReturnType, which corresponds to the function defined in our extension module. It can be said that here we have entered the expansion.

The above is the content of PHP kernel analysis (7) - extension. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：PHP kernel analysis (6)-opcodeNext article：PHP kernel analysis (6)-opcode

See more

PHP Kernel Analysis (7) - Extension

Related articles