Attempt to not alias on autoloading non qualified namespace call

OpCache doesn't work properly as the local function gets bound to a global one.

Author: Girgias

Zend/Optimizer/dfa_pass.c

@@ -395,14 +395,19 @@ int zend_dfa_optimize_calls(zend_op_array *op_array, zend_ssa *ssa)
 
 		do {
 			if (call_info->caller_call_opline
-			 && call_info->caller_call_opline->opcode == ZEND_DO_ICALL
-			 && call_info->callee_func
-			 && zend_string_equals_literal(call_info->callee_func->common.function_name, "in_array")
-			 && (call_info->caller_init_opline->extended_value == 2
-			  || (call_info->caller_init_opline->extended_value == 3
-			   && (call_info->caller_call_opline - 1)->opcode == ZEND_SEND_VAL
-			   && (call_info->caller_call_opline - 1)->op1_type == IS_CONST))) {
-
+				&& call_info->caller_call_opline->opcode == ZEND_DO_ICALL
+				&& call_info->callee_func
+				&& call_info->callee_func->common.function_name /* Ignore fake "pass" function */
+				&& zend_string_equals_literal(call_info->callee_func->common.function_name, "in_array")
+				&& (
+					call_info->caller_init_opline->extended_value == 2
+					|| (
+						call_info->caller_init_opline->extended_value == 3
+						&& (call_info->caller_call_opline - 1)->opcode == ZEND_SEND_VAL
+						&& (call_info->caller_call_opline - 1)->op1_type == IS_CONST
+					)
+				)
+			) {
 				zend_op *send_array;
 				zend_op *send_needly;
 				bool strict = 0;

Zend/Optimizer/zend_optimizer.c

@@ -854,7 +854,13 @@ zend_function *zend_optimizer_get_called_func(
 					return func;
 				} else if ((func = zend_hash_find_ptr(EG(function_table), Z_STR_P(function_name))) != NULL) {
 					if (func->type == ZEND_INTERNAL_FUNCTION) {
-						return func;
+						/* For ZEND_INIT_NS_FCALL_BY_NAME, the function may be the "fake" pass function
+						 * to indicate that the global function should be used instead */
+						if (UNEXPECTED(func == (zend_function *) &zend_pass_function)) {
+							return NULL;
+						} else {
+							return func;
+						}
 					} else if (func->type == ZEND_USER_FUNCTION &&
 					           func->op_array.filename &&
 					           func->op_array.filename == op_array->filename) {

Zend/tests/autoloading/function/dynamic_local_function_pinned-to_global.phpt

@@ -0,0 +1,21 @@
+--TEST--
+Local function which falls back to global is NOT aliased to the global one, dynamic string
+--FILE--
+<?php
+
+namespace Foo {
+     var_dump(strlen('hello')); // triggers name pinning
+}
+namespace Bar {
+    $v = 'Foo\strlen';
+    var_dump($v('hello'));
+}
+
+?>
+--EXPECTF--
+int(5)
+
+Fatal error: Uncaught Error: Call to undefined function Foo\strlen() in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d

Zend/tests/autoloading/function/global_fallback_doesnt_repeat_autoloading_file1.inc

@@ -1,8 +1,12 @@
 <?php
 namespace bar;
 
+echo "First file START\n";
+
 foo();
 
 for ($i = 0; $i < 3; $i += 1) {
     foo();
 }
+
+echo "First file END\n";

Zend/tests/autoloading/function/global_fallback_doesnt_repeat_autoloading_file2.inc

@@ -2,4 +2,8 @@
 
 namespace bar;
 
+echo "Second file START\n";
+
 foo();
+
+echo "Second file END\n";

Zend/tests/autoloading/function/global_fallback_doesnt_repeat_autoloading_seperate_files_inclusion.phpt

@@ -18,9 +18,13 @@ include __DIR__ . DIRECTORY_SEPARATOR . 'global_fallback_doesnt_repeat_autoloadi
 
 ?>
 --EXPECT--
+First file START
 function loader called with bar\foo
 I am foo in global namespace.
 I am foo in global namespace.
 I am foo in global namespace.
 I am foo in global namespace.
+First file END
+Second file START
 I am foo in global namespace.
+Second file END

Zend/tests/autoloading/function/local_function_defined_after_pinned_to_global.phpt

@@ -0,0 +1,24 @@
+--TEST--
+Local function must be able to be defined after it got pinned to the global one
+--XFAIL--
+Currently fails under opcache as strlen() gets bound to the global function
+--FILE--
+<?php
+
+namespace Foo;
+
+var_dump(strlen('hello')); // triggers name pinning
+if (!function_exists('Foo\strlen') ) {
+    function strlen(string $s) {
+        return 42;
+    }
+   var_dump(\Foo\strlen('hello'));
+   var_dump(strlen('hello'));
+}
+
+
+?>
+--EXPECT--
+int(5)
+int(42)
+int(42)

Zend/tests/autoloading/function/local_function_pinned-to_global.phpt

@@ -1,13 +1,8 @@
 --TEST--
-Local function which falls back to global is aliased to the global one
+Local function which falls back to global is NOT aliased to the global one, function_exists
 --FILE--
 <?php
 
-namespace Bar {
-    if ( function_exists('Foo\strlen') ) {
-        var_dump(\Foo\strlen('hello'));
-    }
-}
 namespace Foo {
      var_dump(strlen('hello')); // triggers name pinning
 }
@@ -21,5 +16,3 @@ namespace Bar {
 ?>
 --EXPECT--
 int(5)
-\Foo\strlen() was bound to global \strlen()
-int(5)

Zend/zend_builtin_functions.c

@@ -1040,8 +1040,8 @@ ZEND_FUNCTION(function_exists)
 {
 	zend_string *name;
 	bool autoload = true;
-	bool exists;
 	zend_string *lcname;
+	zend_function *fbc;
 
 	ZEND_PARSE_PARAMETERS_START(1, 2)
 		Z_PARAM_STR(name)
@@ -1058,14 +1058,18 @@ ZEND_FUNCTION(function_exists)
 			lcname = zend_string_tolower(name);
 		}
 
-		exists = zend_hash_exists(EG(function_table), lcname);
+		fbc = (zend_function*) zend_hash_find_ptr(EG(function_table), lcname);
 		zend_string_release_ex(lcname, 0);
 	} else {
-		zend_function *fbc = zend_lookup_function(name);
-		exists = fbc;
+		fbc = zend_lookup_function(name);
 	}
 
-	RETURN_BOOL(exists);
+	/* If the function was marked as using the global function, indicate it doesn't exist */
+	if (!fbc || fbc == (zend_function *) &zend_pass_function) {
+		RETURN_FALSE;
+	}
+
+	RETURN_TRUE;
 }
 /* }}} */
 

Zend/zend_compile.c

@@ -1193,6 +1193,20 @@ ZEND_API zend_result do_bind_function(zend_function *func, zval *lcname) /* {{{
 {
 	zend_function *added_func = zend_hash_add_ptr(EG(function_table), Z_STR_P(lcname), func);
 	if (UNEXPECTED(!added_func)) {
+		/* If a function name was marked as using the global name, properly declare the namespaced function */
+		zend_function *old_func = zend_hash_find_ptr(EG(function_table), Z_STR_P(lcname));
+		if (old_func == (zend_function *) &zend_pass_function) {
+			zend_hash_update_ptr(EG(function_table), Z_STR_P(lcname), func);
+			if (func->op_array.refcount) {
+				++*func->op_array.refcount;
+			}
+			if (func->common.function_name) {
+				zend_string_addref(func->common.function_name);
+			}
+			zend_observer_function_declared_notify(&func->op_array, Z_STR_P(lcname));
+			return SUCCESS;
+		}
+
 		do_bind_function_error(Z_STR_P(lcname), &func->op_array, 0);
 		return FAILURE;
 	}
@@ -1203,7 +1217,9 @@ ZEND_API zend_result do_bind_function(zend_function *func, zval *lcname) /* {{{
 	if (func->common.function_name) {
 		zend_string_addref(func->common.function_name);
 	}
-	zend_observer_function_declared_notify(&func->op_array, Z_STR_P(lcname));
+	if (EXPECTED(func != (zend_function *) &zend_pass_function)) {
+		zend_observer_function_declared_notify(&func->op_array, Z_STR_P(lcname));
+	}
 	return SUCCESS;
 }
 /* }}} */

Zend/zend_execute.c

@@ -4694,7 +4694,10 @@ static zend_never_inline zend_execute_data *zend_init_dynamic_call_string(zend_s
 			init_func_run_time_cache(&fbc->op_array);
 		}
 	} else {
-		if (UNEXPECTED((fbc = zend_lookup_function(function)) == NULL)) {
+		if (UNEXPECTED(
+			((fbc = zend_lookup_function(function)) == NULL)
+			|| (fbc == (zend_function *) &zend_pass_function)
+		)) {
 			zend_throw_error(NULL, "Call to undefined function %s()", ZSTR_VAL(function));
 			return NULL;
 		}

Zend/zend_opcode.c

@@ -156,6 +156,9 @@ ZEND_API void zend_function_dtor(zval *zv)
 		ZEND_ASSERT(function->common.function_name);
 		destroy_op_array(&function->op_array);
 		/* op_arrays are allocated on arena, so we don't have to free them */
+	} else if (UNEXPECTED(function == (zend_function *) &zend_pass_function)) {
+		/* Ignore fake pass function */
+		return;
 	} else {
 		ZEND_ASSERT(function->type == ZEND_INTERNAL_FUNCTION);
 		ZEND_ASSERT(function->common.function_name);

Zend/zend_vm_def.h

@@ -3770,6 +3770,8 @@ ZEND_VM_HOT_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST, NUM|CACHE_SLOT)
 		}
 		CACHE_PTR(opline->result.num, fbc);
 	}
+
+	ZEND_ASSERT(fbc != (zend_function*)&zend_pass_function);
 	call = _zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION,
 		fbc, opline->extended_value, NULL);
 	call->prev_execute_data = EX(call);
@@ -3885,6 +3887,7 @@ ZEND_VM_HANDLER(118, ZEND_INIT_USER_CALL, CONST, CONST|TMPVAR|CV, NUM)
 		HANDLE_EXCEPTION();
 	}
 
+	ZEND_ASSERT(func != (zend_function*)&zend_pass_function);
 	call = zend_vm_stack_push_call_frame(call_info,
 		func, opline->extended_value, object_or_called_scope);
 	call->prev_execute_data = EX(call);
@@ -3917,18 +3920,27 @@ ZEND_VM_HOT_HANDLER(69, ZEND_INIT_NS_FCALL_BY_NAME, ANY, CONST, NUM|CACHE_SLOT)
 				}
 				ZEND_VM_DISPATCH_TO_HELPER(zend_undefined_function_helper);
 			}
-			/* We bind the unqualified name to the global function
+			/* We bind the unqualified name to the internal "zend_pass_function" for it to indicate that it
+			 * should use the global function.
 			 * Use the lowercase name of the function stored in the first cache slot as
 			 * function names are case insensitive */
 			else {
 				zval tmp;
 				ZVAL_STR(&tmp, Z_STR_P(function_name+1));
-				do_bind_function(fbc, &tmp);
+				do_bind_function((zend_function *) &zend_pass_function, &tmp);
 			}
+		} else if (fbc == (zend_function *) &zend_pass_function) {
+			/* Unqualified call was marked as using the global function
+			 * Thus we need to replace the pass function with the actual function.
+			 * Use the lowercase name of the function without tha namespace which is stored in the second cache slot */
+			fbc = (zend_function *) zend_hash_find_ptr(EG(function_table), Z_STR_P(function_name+2));
+			ZEND_ASSERT(fbc);
 		}
 		if (EXPECTED(fbc->type == ZEND_USER_FUNCTION) && UNEXPECTED(!RUN_TIME_CACHE(&fbc->op_array))) {
 			init_func_run_time_cache(&fbc->op_array);
 		}
+
+		ZEND_ASSERT(fbc != (zend_function*)&zend_pass_function);
 		CACHE_PTR(opline->result.num, fbc);
 	}
 
@@ -3958,6 +3970,7 @@ ZEND_VM_HOT_HANDLER(61, ZEND_INIT_FCALL, NUM, CONST, NUM|CACHE_SLOT)
 		CACHE_PTR(opline->result.num, fbc);
 	}
 
+	ZEND_ASSERT(fbc != (zend_function*)&zend_pass_function);
 	call = _zend_vm_stack_push_call_frame_ex(
 		opline->op1.num, ZEND_CALL_NESTED_FUNCTION,
 		fbc, opline->extended_value, NULL);