本文github地址:
|=-----------------------------------------------------------------------=||=--------------------=[ global关键字的解析过程分析 ]=-------------------=||=-----------------------------------------------------------------------=||=--------------------------=[ by d4shman ]=---------------------------=||=-----------------------------------------------------------------------=||=-------------------------=[ May 8, 2014 ]=---------------------------=||=-----------------------------------------------------------------------=|[目录]0x01 词法分析0X02 语法分析0X03 解释执行0X04 参考文献0x01 词法分析d4shman@gentoo# vi /php-dev/php-5.4.8/Zend/zend_language_scanner.l找到global:<ST_IN_SCRIPTING>"global" {return T_GLOBAl;}发现返回一个token T_GLOBAL0X02 语法分析通过token T_GLOBAL来到zend_language_parser.y找到:| T_GLOBAL global_var_list ‘;‘global_var_list:global_var_list ‘,‘ global_var { zend_do_fetch_global_variable(&$3, NULL, ZEND_FETCH_GLOBAL_LOCK TSRMLS_CC); }| global_var { zend_do_fetch_global_variable(&$1, NULL, ZEND_FETCH_GLOBAL_LOCK TSRMLS_CC); };上面的$3指的是global_val,可以看到,对于全局变量,语法分析器调用的是Zend引擎的zend_do_fetch_globa_variable函数。此函数的声明在Zend/zend_compile.c0X03 解释执行在Zend/zend_compile.c中找到zend_do_fetch_global_variable函数定义:void zend_do_fetch_global_variable(znode *varname, const znode *static_assignment, int fetch_type TSRMLS_DC){zend_op *opline;znode lval;znode result;/*如果变量类型是常量且不是字符串,则将其转化成字符串类型*/if (varname->op_type == IS_CONST) {if (Z_TYPE(varname->u.constant) != IS_STRING) {convert_to_string(&varname->u.constant);}}opline = get_next_op(CG(active_op_array) TSRMLS_CC); /* CG: compile_global */opline->opcode = ZEND_FETCH_W; /* 默认的模式必须是Write */opline->result_type = IS_VAR;opline->result.var = get_temporary_variable(CG(active_op_array));SET_NODE(opline->op1, varname);if (opline->op1_type == IS_CONST) {CALCULATE_LITERAL_HASH(opline->op1.constant);}SET_UNUSED(opline->op2);opline->extended_value = fetch_type;GET_NODE(&result, opline->result);if (varname->op_type == IS_CONST) {zval_copy_ctor(&varname->u.constant);}/* Relies on the fact that the default fetch is BP_VAR_W */fetch_simple_variable(&lval, varname, 0 TSRMLS_CC);zend_do_assign_ref(NULL, &lval, &result TSRMLS_CC);CG(active_op_array)->opcodes[CG(active_op_array)->last-1].result_type |= EXT_TYPE_UNUSED;}上面的代码确认了opcode为ZEND_FETCH_W外,还执行了zend_do_assign_ref函数。zend_do_assign_ref函数中有这么一个关键语句:opline->opcode = ZEND_ASSIGN_REF;由此可知,语法分析过程中,实际执行了2个opcode: ZEND_FETCH_W和ZEND_ASSIGN_REF,在zend_vm_opcodes.h中发现,它们对应的opcode分别是83和39。而计算最后调用的方法是(定义在zend_execute.c:):zend_opcode_handlers[opcode * 25 + zend_vm_decode[op->op1.op_type] * 5 + zend_vm_decode[op->op2.op_type]];计算后(///////////我没搞清楚是怎么计算出的//////////),得到调用的函数是:static int ZEND_FASTCALL ZEND_FETCH_W_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS){return zend_fetch_var_address_helper_SPEC_CV(BP_VAR_W, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);}在zend_fetch_var_address_helper_SPEC_CV中调用如下代码获取符号表:target_symbol_table = zend_get_target_symbol_table(opline, EX(Ts), type, varname TSRMLS_CC);zend_get_target_symbol_table函数的实现如下(在):static inline HashTable *zend_get_target_symbol_table(int fetch_type TSRMLS_DC){switch (fetch_type) {case ZEND_FETCH_LOCAL:if (!EG(active_symbol_table)) {zend_rebuild_symbol_table(TSRMLS_C);}return EG(active_symbol_table);break;case ZEND_FETCH_GLOBAL:case ZEND_FETCH_GLOBAL_LOCK:return &EG(symbol_table); /*返回global 变量符号表的地址*/break;case ZEND_FETCH_STATIC:if (!EG(active_op_array)->static_variables) {ALLOC_HASHTABLE(EG(active_op_array)->static_variables);zend_hash_init(EG(active_op_array)->static_variables, 2, NULL, ZVAL_PTR_DTOR, 0);}return EG(active_op_array)->static_variables;break;EMPTY_SWITCH_DEFAULT_CASE()}return NULL;}通过代码可以看到,当传递过来的fetch_type是ZEND_FETCH_GLOBAL(_LOCK)时,函数使用EG(excutor_global)宏返回了global变量的符号表地址。以上就是global变量解析执行的整个过程。0X04 参考文献《深入理解PHP内核》