Analyse Case 01-白红宇

Analyse Case 01

阅读量：7023 次

发布时间：2019-06-28

本文共 11800 字，大约阅读时间需要 39 分钟。

PHP Source Code


    foo();        }}class C extends A{        public function foo()        {                echo 'C foo()' . PHP_EOL;        }}$c = new C();$c->test();

opcode

Finding entry pointsBranch analysis from position: 0Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  (null)number of ops:  9compiled vars:  !0 = $cline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------   2     0  E >   NOP                                                        15     1        NOP                                                               2        NOP                                                        23     3        NEW                                              $4      :-4         4        DO_FCALL                                      0                   5        ASSIGN                                                   !0, $4  24     6        INIT_METHOD_CALL                                         !0, 'test'         7        DO_FCALL                                      0            25     8      > RETURN                                                   1Class A:Function foo:Finding entry pointsBranch analysis from position: 0Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  foonumber of ops:  2compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------   6     0  E >   ECHO                                                     'A+foo%28%29%0A'   7     1      > RETURN                                                   nullEnd of function fooFunction test:Finding entry pointsBranch analysis from position: 0Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  testnumber of ops:  3compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------  11     0  E >   INIT_METHOD_CALL                                         'foo'         1        DO_FCALL                                      0            12     2      > RETURN                                                   nullEnd of function testEnd of class A.Class C:Function foo:Finding entry pointsBranch analysis from position: 0Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  foonumber of ops:  2compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------  19     0  E >   ECHO                                                     'C+foo%28%29%0A'  20     1      > RETURN                                                   nullEnd of function fooFunction test:Finding entry pointsBranch analysis from position: 0Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  testnumber of ops:  3compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------  11     0  E >   INIT_METHOD_CALL                                         'foo'         1        DO_FCALL                                      0            12     2      > RETURN                                                   nullEnd of function testEnd of class C.

Finding entry pointsBranch analysis from position: 0Add 0Add 1Add 2Add 3Add 4Add 5Add 6Add 7Add 8Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  (null)number of ops:  9compiled vars:  !0 = $cline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------   2     0  E >   NOP                                                        15     1        NOP                                                               2        NOP                                                        23     3        NEW                                               RES[  IS_VAR $4 ]       OP1[ :-4 ]         4        DO_FCALL                                      0   RES[  ]         OP1[  IS_UNUSED  ]         5        ASSIGN                                            RES[  ]         OP1[  IS_CV !0 ] OP2[ ,  IS_VAR $4 ]  24     6        INIT_METHOD_CALL                                  RES[  IS_UNUSED  ]         OP1[  IS_CV !0 ] OP2[ ,  IS_CONST (4) 'test' ]         7        DO_FCALL                                      0   RES[  ]         OP1[  IS_UNUSED  ]  25     8      > RETURN                                                    OP1[  IS_CONST (6) 1 ]branch: #  0; line:     2-   25; sop:     0; eop:     8; out1:  -2path #1: 0, Class A:Function foo:Finding entry pointsBranch analysis from position: 0Add 0Add 1Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  foonumber of ops:  2compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------   6     0  E >   ECHO                                                      OP1[  IS_CONST (0) 'A+foo%28%29%0A' ]   7     1      > RETURN                                                    OP1[  IS_CONST (1) null ]branch: #  0; line:     6-    7; sop:     0; eop:     1; out1:  -2path #1: 0, End of function fooFunction test:Finding entry pointsBranch analysis from position: 0Add 0Add 1Add 2Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  testnumber of ops:  3compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------  11     0  E >   INIT_METHOD_CALL                                  RES[  IS_UNUSED  ]         OP1[  IS_UNUSED  ] OP2[  IS_CONST (0) 'foo' ]         1        DO_FCALL                                      0   RES[  ]         OP1[  IS_UNUSED  ]  12     2      > RETURN                                                    OP1[  IS_CONST (2) null ]branch: #  0; line:    11-   12; sop:     0; eop:     2; out1:  -2path #1: 0, End of function testEnd of class A.Class C:Function foo:Finding entry pointsBranch analysis from position: 0Add 0Add 1Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  foonumber of ops:  2compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------  19     0  E >   ECHO                                                      OP1[  IS_CONST (0) 'C+foo%28%29%0A' ]  20     1      > RETURN                                                    OP1[  IS_CONST (1) null ]branch: #  0; line:    19-   20; sop:     0; eop:     1; out1:  -2path #1: 0, End of function fooFunction test:Finding entry pointsBranch analysis from position: 0Add 0Add 1Add 2Jump found. (Code = 62) Position 1 = -2filename:       /home/minsec/php_demo/a.phpfunction name:  testnumber of ops:  3compiled vars:  noneline     #* E I O op                           fetch          ext  return  operands-------------------------------------------------------------------------------------  11     0  E >   INIT_METHOD_CALL                                  RES[  IS_UNUSED  ]         OP1[  IS_UNUSED  ] OP2[  IS_CONST (0) 'foo' ]         1        DO_FCALL                                      0   RES[  ]         OP1[  IS_UNUSED  ]  12     2      > RETURN                                                    OP1[  IS_CONST (2) null ]branch: #  0; line:    11-   12; sop:     0; eop:     2; out1:  -2path #1: 0, End of function testEnd of class C.A foo()

static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS){	USE_OPLINE	zval *function_name;	zval *object;	zend_function *fbc;	zend_class_entry *called_scope;	zend_object *obj;	zend_execute_data *call;	uint32_t call_info;	SAVE_OPLINE();	object = _get_zval_ptr_cv_undef(opline->op1.var EXECUTE_DATA_CC);	if (IS_CV == IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) == IS_UNDEF)) {		ZEND_VM_TAIL_CALL(zend_this_not_in_object_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));	}	function_name = EX_CONSTANT(opline->op2);	if (IS_CONST != IS_CONST &&	    UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) {		do {			if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) {				function_name = Z_REFVAL_P(function_name);				if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) {					break;				}			} else if (IS_CONST == IS_CV && UNEXPECTED(Z_TYPE_P(function_name) == IS_UNDEF)) {				GET_OP2_UNDEF_CV(function_name, BP_VAR_R);				if (UNEXPECTED(EG(exception) != NULL)) {					HANDLE_EXCEPTION();				}			}			zend_throw_error(NULL, "Method name must be a string");			HANDLE_EXCEPTION();		} while (0);	}	if (IS_CV != IS_UNUSED) {		do {			if (IS_CV == IS_CONST || UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) {				if ((IS_CV & (IS_VAR|IS_CV)) && EXPECTED(Z_ISREF_P(object))) {					object = Z_REFVAL_P(object);					if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) {						break;					}				}				if (IS_CV == IS_CV && UNEXPECTED(Z_TYPE_P(object) == IS_UNDEF)) {					object = GET_OP1_UNDEF_CV(object, BP_VAR_R);					if (UNEXPECTED(EG(exception) != NULL)) {						HANDLE_EXCEPTION();					}				}				zend_throw_error(NULL, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object)));				HANDLE_EXCEPTION();			}		} while (0);	}	obj = Z_OBJ_P(object);	called_scope = obj->ce;	if (IS_CONST == IS_CONST &&	    EXPECTED(CACHED_PTR(Z_CACHE_SLOT_P(function_name)) == called_scope)) {	    fbc = CACHED_PTR(Z_CACHE_SLOT_P(function_name) + sizeof(void*));	} else {	    zend_object *orig_obj = obj;		if (UNEXPECTED(obj->handlers->get_method == NULL)) {			zend_throw_error(NULL, "Object does not support method calls");			HANDLE_EXCEPTION();		}		/* First, locate the function. */		fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CONST == IS_CONST) ? (EX_CONSTANT(opline->op2) + 1) : NULL));		if (UNEXPECTED(fbc == NULL)) {			if (EXPECTED(!EG(exception))) {				zend_throw_error(NULL, "Call to undefined method %s::%s()", ZSTR_VAL(obj->ce->name), Z_STRVAL_P(function_name));			}			HANDLE_EXCEPTION();		}		if (IS_CONST == IS_CONST &&		    EXPECTED(fbc->type <= ZEND_USER_FUNCTION) &&		    EXPECTED(!(fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_TRAMPOLINE|ZEND_ACC_NEVER_CACHE))) &&		    EXPECTED(obj == orig_obj)) {			CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc);		}		if (EXPECTED(fbc->type == ZEND_USER_FUNCTION) && UNEXPECTED(!fbc->op_array.run_time_cache)) {			init_func_run_time_cache(&fbc->op_array);		}	}	call_info = ZEND_CALL_NESTED_FUNCTION;	if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) {		obj = NULL;	} else if (IS_CV & (IS_VAR|IS_TMP_VAR|IS_CV)) {		/* CV may be changed indirectly (e.g. when it's a reference) */		call_info = ZEND_CALL_NESTED_FUNCTION | ZEND_CALL_RELEASE_THIS;		GC_REFCOUNT(obj)++; /* For $this pointer */	}	if ((IS_CV & (IS_VAR|IS_TMP_VAR)) && UNEXPECTED(EG(exception))) {		HANDLE_EXCEPTION();	}	call = zend_vm_stack_push_call_frame(call_info,		fbc, opline->extended_value, called_scope, obj);	call->prev_execute_data = EX(call);	EX(call) = call;	ZEND_VM_NEXT_OPCODE();}

转载于:https://my.oschina.net/u/877598/blog/1510325

你可能感兴趣的文章

用jquery如何获得服务器控件的aspnet的Id进行操作

《条目十八》避免使用vector<bool>

查看>>

Hadoop_14_MapReduce框架结构及其运行流程

查看>>