直接看代码
<?php
echo '1'.print(2)+3,"\n";
不错,就是这么简单,但是很少有人能正确回答
我们执行一下
[root@localhost test]# php -dvld.active=1 test7.php
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = -2
filename: /data/www/test/test7.php
function name: (null)
number of ops: 6
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > ADD ~0 2, 3
1 PRINT ~1 ~0
2 CONCAT ~2 '1', ~1
3 ECHO ~2
4 ECHO '%0A'
3 5 > RETURN 1
branch: # 0; line: 2- 3; sop: 0; eop: 5; out1: -2
path #1: 0,
511
让人很诧异吧
换一种写法
<?php
echo '1',print(2)+3,"\n";
执行结果
[root@localhost test]# php -dvld.active=1 test7.php
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = -2
filename: /data/www/test/test7.php
function name: (null)
number of ops: 6
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > ECHO '1'
1 ADD ~0 2, 3
2 PRINT ~1 ~0
3 ECHO ~1
4 ECHO '%0A'
3 5 > RETURN 1
branch: # 0; line: 2- 3; sop: 0; eop: 5; out1: -2
path #1: 0,
151
再换一种
<?php
echo print(2)+3,"\n";
执行结果
[root@localhost test]# php -dvld.active=1 test7.php
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = -2
filename: /data/www/test/test7.php
function name: (null)
number of ops: 5
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > ADD ~0 2, 3
1 PRINT ~1 ~0
2 ECHO ~1
3 ECHO '%0A'
3 4 > RETURN 1
branch: # 0; line: 2- 3; sop: 0; eop: 4; out1: -2
path #1: 0,
51
代码
<?php
$a=3;
$b=4;
if($a=3 || $b=4)
{
$a++;
$b++;
}
var_dump($a);
var_dump($b);
结果
[root@dev test]# php -dvld.active=1 get.php
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = 3, Position 2 = 5
Branch analysis from position: 3
Jump found. Position 1 = 7, Position 2 = 12
Branch analysis from position: 7
Jump found. Position 1 = 12
Branch analysis from position: 12
Jump found. Position 1 = -2
Branch analysis from position: 12
Branch analysis from position: 5
filename: /data/www/www.erongtu.com/test/get.php
function name: (null)
number of ops: 17
compiled vars: !0 = $a, !1 = $b
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
3 0 E > ASSIGN !0, 3
4 1 ASSIGN !1, 4
6 2 > JMPNZ_EX ~2 3, ->5
3 > ASSIGN $3 !1, 4
4 BOOL ~2 $3
5 > ASSIGN $4 !0, ~2
7 6 > JMPZ $4, ->12
8 7 > POST_INC ~5 !0
8 FREE ~5
9 9 POST_INC ~6 !1
10 FREE ~6
10 11 > JMP ->12
12 12 > SEND_VAR !0
13 DO_FCALL 1 'var_dump'
13 14 SEND_VAR !1
15 DO_FCALL 1 'var_dump'
14 16 > RETURN 1
branch: # 0; line: 3- 6; sop: 0; eop: 2; out1: 3; out2: 5
branch: # 3; line: 6- 6; sop: 3; eop: 4; out1: 5
branch: # 5; line: 6- 7; sop: 5; eop: 6; out1: 7; out2: 12
branch: # 7; line: 8- 10; sop: 7; eop: 11; out1: 12
branch: # 12; line: 12- 14; sop: 12; eop: 16; out1: -2
path #1: 0, 3, 5, 7, 12,
path #2: 0, 3, 5, 12,
path #3: 0, 5, 7, 12,
path #4: 0, 5, 12,
bool(true)
int(5)
未完待续……