Need help understanding a C function in the PHP codebase

sneakyimp

I figure this is a long shot but I figured I'd ask.

I have been meaning to finish my AMF3 serializer extension for PHP for years now and have never had time to sort out one last feature, namely how to determine if two variables refer to the same object or array -- this is necessary to recognize looping data structures and also to to reduce the size of the serialized object. I was planning to maintain an array of pointers to track previously serialized arrays and objects but was discouraged from my approach. I posted a question to PECL-DEV:
http://news.php.net/php.pecl.dev/8818

Johannes Schluter responded, suggesting that I use a function php_add_var_hash()
http://news.php.net/php.pecl.dev/8820

I tried to get more info from him and also pointed out that php serialization doesn't work properly in certain circumstances:
http://news.php.net/php.pecl.dev/8839

He responded but did not fully address my question or the bug that I had pointed out:
http://news.php.net/php.pecl.dev/8856

Anyways, the question I have here is "can anyone help me understand what php_add_var_hash() actually is doing? It appears it is taking three parameters, but there is no documentation about what they actually are for. As I understand from Johannes' posts, the point of this function is to maintain an array of previously encountered objects and some hash to identify them for the purpose of tracking previously serialized objects. I'd greatly appreciate it if anyone can help me understand what this function is doing. Between the macros, function calls, and lack of comments, I'm finding it very difficult to understand.

bradgrafelman

Just glanced through the code (and I can see what you mean about getting lost), it appears to be using the memory address of a variable as a method to track variables. It seems like it's using this address as a unique key for the hash table and the data is just the number of elements in the hash table plus one (which is likely meaningless...?).

It also has an optional third parameter that is used as a pointer to an output variable that will hold the data stored in the hash table if you try to add a duplicate hash (e.g. you first add a variable but then tried to add what turns out to be a reference back to that same variable), returning FAILURE if this is the case. If you don't pass this third parameter, it will update that (seemingly meaningless...?) counter-like value stored in the hash table for the existing hash and then return SUCCESS.

sneakyimp

Thank you so so so much BG!

bradgrafelman;11043669 wrote:
Just glanced through the code (and I can see what you mean about getting lost)

Am I right? I've never seen any code use this many macros. Macros that point to macros that point to macros. May I inquire how you ended up figuring out what it does? Are you using some fancy IDE or perhaps a compiler command that will render code with macros fully replaced? I'm hoping to learn to fish, not just ask for fish handouts if you know what I mean.

bradgrafelman;11043669 wrote:
it appears to be using the memory address of a variable as a method to track variables.

Excellent! This is precisely what I was planning to do, although my approach was a LOT simpler. If I encountered an array or object while serializing, I would check to see if its memory address (a unique id, no?) existed in an array that I was keeping. If this memory address did NOT exist in the array, I would add it. I was brusquely informed that my approach was inadequate.

bradgrafelman;11043669 wrote:
It seems like it's using this address as a unique key for the hash table

By 'hash table', I'm guessing you mean the HashTable object pointed to by the parameter var_hash, which is a pointer to a HashTable. (I'm talking myself through this in an attempt to revive long-dormant C-programming skills, please let me know if I get something wrong).

As for 'using this address as a unique key', the situation is actually a bit more complicated, doesn't it? The comment suggests that one also needs the the 'object handle' (does he mean the zval pointer var?) and the "class entry" (?? no idea what this really means ??). Here's the comment to which I refer:

crazy php code wrote:
/ relies on "(long)" being a perfect hash function for data pointers,
however the actual identity of an object has had to be determined
by its object handle and the class entry since 5.0. /

At any rate, it seems clear enough to me that if the zval pointer var is pointing to an PHP object (as opposed to an string or array or scalar value) then it would construct a different p than it would construct otherwise. The particulars look pretty confusing, especially this line:

*(--p) = 'O';

Unless I'm mistaken, it is simply decrementing some memory location, p, to contain the letter O but the pointer manipulation is really confusing -- I'm wondering if p points to the beginning of a char array or the end?. Also, the relation between id and p len is a mystery to me.

bradgrafelman;11043669 wrote:
and the data is just the number of elements in the hash table plus one (which is likely meaningless...?).

I'm not sure what this means? From what I can tell, this code

       var_no = zend_hash_num_elements(var_hash) + 1;
       zend_hash_add(var_hash, p, len, &var_no, sizeof(var_no), NULL);

will add an element to the supplied has table, var_hash with the key stored at p with length len. The variable stored is the address of var_no which just contains the (number of elements in var_hash)+1. I think I might know what you mean now...it's the hash key (i.e., pthat is important and not what we store there. This would make sense if we are always trying to determine if an object/array/data has been encountered before without actually storing a lot of information. Seems to me a bit like a misappropriation of HashTable functionality in PHP, probably to avoid reinventing the wheel.

bradgrafelman;11043669 wrote:
It also has an optional third parameter that is used as a pointer to an output variable that will hold the data stored in the hash table if you try to add a duplicate hash (e.g. you first add a variable but then tried to add what turns out to be a reference back to that same variable), returning FAILURE if this is the case. If you don't pass this third parameter, it will update that (seemingly meaningless...?) counter-like value stored in the hash table for the existing hash and then return SUCCESS.

Seems to me that a non-empty var_old variable MUST be supplied for this function to even bother searching var_hash for the supplied var value. I suppose I'll need to look at php_var_serialize_intern to see how this function gets used. 😕

bradgrafelman

sneakyimp;11043671 wrote:
May I inquire how you ended up figuring out what it does? Are you using some fancy IDE or perhaps a compiler command that will render code with macros fully replaced? I'm hoping to learn to fish, not just ask for fish handouts if you know what I mean.

I just used the web-based source browser you linked to.

The sad truth is: I followed the macro chain because I'm not only used to seeing it at work... I'm used to contributing to it. 🙂 (Seriously, if I didn't value my job and/or the NDA contract, I'd post some of the C macros we've got floating around; you know it's bad when your lint program barfs and throws up a warning that simply states "too many lines in macro" or something to that effect. To it's point, some of those macros do span >= 10 lines and take >= 4 arguments...)

sneakyimp;11043671 wrote:
If I encountered an array or object while serializing, I would check to see if its memory address (a unique id, no?) existed in an array that I was keeping. If this memory address did NOT exist in the array, I would add it. I was brusquely informed that my approach was inadequate.

Again, I'm not sure I fully understand the code you linked to, so I'm not sure how to judge if your approach is inadequate or not. It does seem that objects have to be handled specially, though.

sneakyimp;11043671 wrote:
By 'hash table', I'm guessing you mean the HashTable object pointed to by the parameter var_hash, which is a pointer to a HashTable. (I'm talking myself through this in an attempt to revive long-dormant C-programming skills, please let me know if I get something wrong).

Yes. (Similar concept to arrays or strings; without some extremely inefficient memcpy()'s, you're not really passing those things around - you're going to pass a single pointer to the start of them and let the called function access them in memory directly - hopefully sanely, too.)

sneakyimp;11043671 wrote:
As for 'using this address as a unique key', the situation is actually a bit more complicated, doesn't it? The comment suggests that one also needs the the 'object handle' (does he mean the zval pointer var?) and the "class entry" (?? no idea what this really means ??).

Well right, that's the special handling for vars that are 1) objects, and 2) have this "get_class_entry" object handler pointer set to something non-zero (e.g. it's not a NULL function pointer). If that is the case, however, there is some really nifty and mysterious crap going on to determine the actual "memory address" to use for the given object.

If that's not the case, though, then yes, it is that simple - you just use "(long) var" which is basically just the memory address of the variable (e.g. the value of the pointer passed in as the second parameter).

sneakyimp;11043671 wrote:
At any rate, it seems clear enough to me that if the zval pointer var is pointing to an PHP object (as opposed to an string or array or scalar value) then it would construct a different p than it would construct otherwise. The particulars look pretty confusing, especially this line:
*(--p) = 'O';
Unless I'm mistaken, it is simply decrementing some memory location, p, to contain the letter O but the pointer manipulation is really confusing -- I'm wondering if p points to the beginning of a char array or the end?.

It will eventually point to the beginning of the char array populated with data... however, the smart_str_print_*() functions start filling the given buffer from the end (see smart_str_print_unsigned4() on line 122 of php_smart_str.h). So if you do the math, you'll (hopefully!) find that it will start on the right of id[32] and consume all but id[0] and be left pointing at the "beginning", which is id[1]. Thus, *(--p) is safely prepending a value at the id[0] location.

EDIT: It's late and I'm tired and sick (and any other excuse you can think of, though the previous three are actually facts), so I didn't check to see if it always consumed up till id[1]. Even if it didn't, the code is written in a way that would handle this. Basically, the smart_str_print_*() functions fill a buffer with a right-justified string of text. So if a buffer is length n, and the function uses m characters of the buffer, your string is located at [id[n-m+1]..id[n-1]] (the -1's get thrown in because C uses 0-indexed arrays and the rest of the world is for whatever reason defined "counting numbers" as whole numbers sans zero; what a silly world we live in).

sneakyimp;11043671 wrote:
Also, the relation between id and p len is a mystery to me.

id[32] is an array of 32 chars allocated on the stack. (So, id itself is just a pointer to the beginning of this allocatoin.)
p is a pointer to a char array.
len is the length of the string used.

If the last one is unclear, grab a piece of paper and draw a box with 32 compartments. This is your memory allocated by id[32]. id points to the first bucket, sizeof(id) - 1 points to the last bucket, and p points to the last bucket that was used by smart_str_print_long() (which, if you recall from above, started from the last bucket).

sneakyimp;11043671 wrote:
The variable stored is the address of var_no which just contains the (number of elements in var_hash)+1.

Not quite; note that the 4th parameter of the zend_hash_add() macro is a 'p' in front. Since it appears Hungarian notation was used, we can presume that the called function is expecting a pointer to the data, not the actual data it self. Thus, the data that's being stored is the data that can be found at the address of the var_no variable (which, more plainly said, is the value of var_no).

I walked the chain just to verify, and sure enough... you eventually land in - you guessed it, another macro! - INIT_DATA(), which does a memcpy() with pData as the second parameter (source memory address).

sneakyimp;11043671 wrote:
Seems to me that a non-empty var_old variable MUST be supplied for this function to even bother searching var_hash for the supplied var value.

Yes, if you want to handle the case where the variable is already in the hash table, you'd supply that parameter and check for failure. Otherwise, the code will hit zend_hash_add() which is a macro (groaning yet again, are we?) for a function called zend_hash_addor_update/b (emphasis mine). Based on the name (I'll leave it to the reader as an exercise to verify - take that, you worthless math textbooks...), you can assume that the condition where a variable's address was already contained in the hash table will be handled gracefully (namely, by updating its previously stored meaningless(?) value of the number of hashes in the table with a new equally meaningless(?) computed value).

sneakyimp

bradgrafelman;11043673 wrote:
I just used the web-based source browser you linked to.

The sad truth is: I followed the macro chain because I'm not only used to seeing it at work... I'm used to contributing to it. 🙂

Ohhh now I get it. You're part of the problem! Shame on you! But no really I understand that C is a different language entirely. What with compilers and linkers and memory allocation and all that.

Sorry you are not feeling well and THANK YOU for the clarifications. I hope you might generously answer a few more...

Am I correct in thinking that php_add_var_hash will return SUCCESS in most cases and will only return FAILURE if you pass in a var_old variable that already exists in the hash table? In other words, php_add_var_hash will say "sorry bro FAILURE" if the hash of var_old already exists as a key in var_hash?

bradgrafelman;11043673 wrote:
Not quite; note that the 4th parameter of the zend_hash_add() macro is a 'p' in front. Since it appears Hungarian notation was used, we can presume that the called function is expecting a pointer to the data, not the actual data it self. Thus, the data that's being stored is the data that can be found at the address of the var_no variable (which, more plainly said, is the value of var_no).

Can we agree that var_no is not especially valuable data and that the hashes are the real story? Or are the values in var_hash interesting? I'm guessing that it looks something like a "reversed" array of some kind...sort of like an associative array with var hashes as keys and ulongs as values. Something like:

$var_hash = array(
  "abcdef1234567890abedef" => 1,
  "1324abdeadbeef1343adfa" => 2,
  "234343482428348234aadb" => 3,
  "aabeababaedeadbeefdea3" => 4,
  "afafssadfsadfsadfasdsa" => 5
);

bradgrafelman;11043673 wrote:
Yes, if you want to handle the case where the variable is already in the hash table, you'd supply that parameter and check for failure. Otherwise, the code will hit zend_hash_add() which is a macro (groaning yet again, are we?) for a function called zend_hash_addor_update/b (emphasis mine). Based on the name (I'll leave it to the reader as an exercise to verify - take that, you worthless math textbooks...), you can assume that the condition where a variable's address was already contained in the hash table will be handled gracefully (namely, by updating its previously stored meaningless(?) value of the number of hashes in the table with a new equally meaningless(?) computed value).

Thanks for this clarification. Very helpful. I forgot how tough C is with the pointers and stuff.

Last (perhaps most important) question: Any suggestions on how I can work on my tiny PECL extension and get it to run in a debugger so I step through the code line by line and inspect values, etc.? I expect this would be a lot easier to understand if I could get a peek at what's inside. I did manage at one point to get PHP compiled with debug symbols (i.e., with --enable-debug flag) and I was able to run my PECL code as an extension rather than compiling into PHP and recompiling every time I changed it. I was using gdb, however. I am really hoping to get everything editing/compiling/running/debugging in a nice IDE like Eclipse CDT.

bradgrafelman

sneakyimp;11043675 wrote:
Am I correct in thinking that php_add_var_hash will return SUCCESS in most cases and will only return FAILURE if you pass in a var_old variable that already exists in the hash table?

If var_old is NULL (which apparently they assume to equate to 0... which is not guaranteed by the C standard - shame, shame!), then the function will always return SUCCESS. If var_old is non-NULL and the "var" hash key is already in the table, then the memory var_old points to is filled with the previous value stored in the hash table at the "var" key. Then, it replaces that value stored in the table with the latest computed value

sneakyimp;11043675 wrote:
In other words, php_add_var_hash will say "sorry bro FAILURE" if the hash of var_old already exists as a key in var_hash?

Not quite - see above.

sneakyimp;11043675 wrote:
Can we agree that var_no is not especially valuable data and that the hashes are the real story? Or are the values in var_hash interesting? I'm guessing that it looks something like a "reversed" array of some kind...sort of like an associative array with var hashes as keys and ulongs as values. Something like:
$var_hash = array(
  "abcdef1234567890abedef" => 1,
  "1324abdeadbeef1343adfa" => 2,
  "234343482428348234aadb" => 3,
  "aabeababaedeadbeefdea3" => 4,
  "afafssadfsadfsadfasdsa" => 5
);

I would agree with the above, but again - I'm not 100% confident I understand how this function fits into the grander scheme that is the PHP engine.

sneakyimp;11043675 wrote:
Last (perhaps most important) question: Any suggestions on how I can work on my tiny PECL extension and get it to run in a debugger so I step through the code line by line and inspect values, etc.?

'Fraid I can't help you there. What little PHP compilation I've ever done has been on Ubuntu or Cygwin, and I've never compiled it with the aim of debugging it.

Are you compiling on Windows? Seems like they should have some sort of ability to provide or generate a VS solution for easy debugging. I say that having never gone looking for that ability, though, so YMMV.

sneakyimp

Thanks a million (again) for clarifications. They really really help. This one function is used by the function [man]serialize[/man] to help it recognize when it has already serialized an array or object -- this is important when trying to serialize looping or self-referential data structures -- like an array that has itself as a member somewhere.

I'm compiling and coding on Ubuntu. I have managed, through a long and arduous process, to get Eclipse CDT to step through my code, but I still must configure/make manually in a terminal window. I wish there were some way to set up my Eclipse CDT project (which includes all the source in the entire PHP project to re-build my extension (and ONLY my extension) when I make changes to it.