When php OPCODE is interpreted by zend, what is really executed?

Question

Let's say I run the following code :

function isLucky() : bool
{
    for ($i = 0; $i < 50; ++$i) {
        try {
            if (!rand(0, 9)) {
                return true;
            };
            throw new Exception();
        } catch (Exception $e) {
        }
    }
}

Some software (Vulcan Logic Dumper) gets me generated opcode:

line     #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   5     0  E >   ASSIGN                                                   !0, 0
         1      > JMP                                                      ->15
   7     2    >   INIT_FCALL                                               'rand'
         3        SEND_VAL                                                 0
         4        SEND_VAL                                                 9
         5        DO_ICALL                                         $3      
         6        BOOL_XOR                                         ~4      $3
         7      > JMPZ                                                     ~4, ->9
   8     8    > > RETURN                                                   
  10     9    >   NEW                                              $5      :20
        10        DO_FCALL                                      0          
        11      > THROW                                         0          $5
        12*       JMP                                                      ->14
  11    13  E > > CATCH                                       last         'Exception'
   5    14    >   PRE_INC                                                  !0
        15    >   IS_SMALLER_OR_EQUAL                              ~8      !0, 50
        16      > JMPNZ                                                    ~8, ->2
  14    17    >   VERIFY_RETURN_TYPE                                       
        18      > RETURN                                                   null

This is nice, but is there a way to get what the system really does ?

Is this zend framework re-interpreting each token ? Where actually are the system calls ? Do each opcode instruction cost the same ?

When I check the generated output of a C++ program with objdump, a program is a list of instructions, and jumps are are made to a memory adress.

A dummy c++ function from a c++ file compiled with -O0 and -c objdump-ed:

0000000000000000 <_Z14dummy_functionb>:
   0:   55                      push   %rbp
   1:   48 89 e5                mov    %rsp,%rbp
   4:   89 f8                   mov    %edi,%eax
   6:   88 45 fc                mov    %al,-0x4(%rbp)
   9:   80 7d fc 00             cmpb   $0x0,-0x4(%rbp)
   d:   74 07                   je     16 <_Z14dummy_functionb+0x16>
   f:   b8 01 00 00 00          mov    $0x1,%eax
  14:   eb 05                   jmp    1b <_Z14dummy_functionb+0x1b>
  16:   b8 00 00 00 00          mov    $0x0,%eax
  1b:   5d                      pop    %rbp
  1c:   c3                      retq

Is that the case with zend's opcode ?

For instance, assuming a simple function :

 > RETURN                                                   
   5     1*       NEW                                              $0      :4
         2*       DO_FCALL                                      0          
         3*       THROW                                         0          $0
   6     4*     > RETURN                                                   null

Will the throw expression ever be read by something ? Or will the jump completely ignore it ?

When php OPCODE is interpreted by zend, what is really executed?

Answers (1)

Related Questions