. PHP Hash表

. PHP数组定义

. PHP变量实现

. PHP常量实现

. 键(key): 用于操作数据的标示，例如PHP数组中的索引，或者字符串键等等

. 槽(slot/bucket): 哈希表中用于保存数据的一个单元，也就是数据真正存放的容器

. 哈希函数(hash function): 将key映射(map)到数据应该存放的slot所在位置的函数

. 哈希冲突(hash collision): 哈希函数将两个不同的key映射到同一个索引的情况 

h(key) -> index

开源算法和哈希实现的确定性以及可预测性， 这样攻击者才可以利用特殊构造的key来进行攻击。要解决这个问题的方法则是让攻击者无法轻易构造 能够进行攻击的key序列 

装载因子是哈希表保存的元素数量和哈希表容量的比

. 通常采用链接法解决冲突的哈希表的装载，因子最好不要大于1(等于1意味着Hash表已经存满了，接下来开始保存的键值都会导致冲突发生即链表增长，而链表的效率是低于Hash表的)

. 而采用开放寻址法的哈希表最好不要大于0. 

. 实现哈希函数

. 冲突的解决

. 操作接口的实现

#ifndef _HASH_TABLE_H_

#define _HASH_TABLE_H_ 1

typedef struct _Bucket

{

    char *key;

    void *value;

    struct _Bucket *next;

} Bucket;

typedef struct _HashTable

{

    int size;    //HashTable size/lines

    int elem_num;    //total elements count

    Bucket** buckets;

} HashTable;

#endif

//hashtable.c

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include "hashtable.h"

int hash_str(char *key); 

int hash_str(char *key)

{

    int hash = ;

    char *cur = key;

    while(*cur != '\0')

    {

        hash += *cur;

        ++cur;

    }

    return hash;

}

//hashtable.h

#define HASH_INDEX(ht, key) (hash_str((key)) % (ht)->size)

int hash_init(HashTable *ht);                               // 初始化哈希表

int hash_lookup(HashTable *ht, char *key, void **result);   // 根据key查找内容

int hash_insert(HashTable *ht, char *key, void *value);     // 将内容插入到哈希表中

int hash_remove(HashTable *ht, char *key);                  // 删除key所指向的内容

int hash_destroy(HashTable *ht);

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include "hashtable.h"

static void resize_hash_table_if_needed(HashTable *ht);

static int hash_str(char *key);

int hash_init(HashTable *ht)

{

    ht->size         = HASH_TABLE_INIT_SIZE;

    ht->elem_num     = ;

    ht->buckets        = (Bucket **)calloc(ht->size, sizeof(Bucket *));

    if(ht->buckets == NULL) return FAILED;

    LOG_MSG("[init]\tsize: %i\n", ht->size);

    return SUCCESS;

}

int hash_lookup(HashTable *ht, char *key, void **result)

{

    int index = HASH_INDEX(ht, key);

    Bucket *bucket = ht->buckets[index];

    if(bucket == NULL) goto failed;

    while(bucket)

    {

        if(strcmp(bucket->key, key) == )

        {

            LOG_MSG("[lookup]\t found %s\tindex:%i value: %p\n",

                key, index, bucket->value);

            *result = bucket->value;    

            return SUCCESS;

        }

        bucket = bucket->next;

    }

failed:

    LOG_MSG("[lookup]\t key:%s\tfailed\t\n", key);

    return FAILED;

}

int hash_insert(HashTable *ht, char *key, void *value)

{

    // check if we need to resize the hashtable

    resize_hash_table_if_needed(ht);

    int index = HASH_INDEX(ht, key);

    Bucket *org_bucket = ht->buckets[index];

    Bucket *tmp_bucket = org_bucket;

    // check if the key exits already

    while(tmp_bucket)

    {

        if(strcmp(key, tmp_bucket->key) == )

        {

            LOG_MSG("[update]\tkey: %s\n", key);

            tmp_bucket->value = value;

            return SUCCESS;

        }

        tmp_bucket = tmp_bucket->next;

    }

    Bucket *bucket = (Bucket *)malloc(sizeof(Bucket));

    bucket->key      = key;

    bucket->value = value;

    bucket->next  = NULL;

    ht->elem_num += ;

    if(org_bucket != NULL)

    {

        LOG_MSG("[collision]\tindex:%d key:%s\n", index, key);

        bucket->next = org_bucket;

    }

    ht->buckets[index]= bucket;

    LOG_MSG("[insert]\tindex:%d key:%s\tht(num:%d)\n",

        index, key, ht->elem_num);

    return SUCCESS;

}

int hash_remove(HashTable *ht, char *key)

{

    int index = HASH_INDEX(ht, key);

    Bucket *bucket  = ht->buckets[index];

    Bucket *prev    = NULL;

    if(bucket == NULL) return FAILED;

    // find the right bucket from the link list

    while(bucket)

    {

        if(strcmp(bucket->key, key) == )

        {

            LOG_MSG("[remove]\tkey:(%s) index: %d\n", key, index);

            if(prev == NULL)

            {

                ht->buckets[index] = bucket->next;

            }

            else

            {

                prev->next = bucket->next;

            }

            free(bucket);

            return SUCCESS;

        }

        prev   = bucket;

        bucket = bucket->next;

    }

    LOG_MSG("[remove]\t key:%s not found remove \tfailed\t\n", key);

    return FAILED;

}

int hash_destroy(HashTable *ht)

{

    int i;

    Bucket *cur = NULL;

    Bucket *tmp = NULL;

    for(i=; i < ht->size; ++i)

    {

        cur = ht->buckets[i];

        while(cur)

        {

            tmp = cur;

            cur = cur->next;

            free(tmp);

        }

    }

    free(ht->buckets);

    return SUCCESS;

}

static int hash_str(char *key)

{

    int hash = ;

    char *cur = key;

    while(*cur != '\0')

    {

        hash +=    *cur;

        ++cur;

    }

    return hash;

}

static int hash_resize(HashTable *ht)

{

    // double the size

    int org_size = ht->size;

    ht->size = ht->size * ;

    ht->elem_num = ;

    LOG_MSG("[resize]\torg size: %i\tnew size: %i\n", org_size, ht->size);

    Bucket **buckets = (Bucket **)calloc(ht->size, sizeof(Bucket **));

    Bucket **org_buckets = ht->buckets;

    ht->buckets = buckets;

    int i = ;

    for(i=; i < org_size; ++i)

    {

        Bucket *cur = org_buckets[i];

        Bucket *tmp;

        while(cur)

        {

            // rehash: insert again

            hash_insert(ht, cur->key, cur->value);

            // free the org bucket, but not the element

            tmp = cur;

            cur = cur->next;

            free(tmp);

        }

    }

    free(org_buckets);

    LOG_MSG("[resize] done\n");

    return SUCCESS;

}

// if the elem_num is almost as large as the capacity of the hashtable

// we need to resize the hashtable to contain enough elements

static void resize_hash_table_if_needed(HashTable *ht)

{

    if(ht->size - ht->elem_num < )

    {

        hash_resize(ht);

    }

}

#ifndef _HASH_TABLE_H_

#define _HASH_TABLE_H_ 1

#define HASH_TABLE_INIT_SIZE 6

#define HASH_INDEX(ht, key) (hash_str((key)) % (ht)->size)

#if defined(DEBUG)

#  define LOG_MSG printf

#else

#  define LOG_MSG(...)

#endif

#define SUCCESS 0

#define FAILED -1

typedef struct _Bucket

{

    char *key;

    void *value;

    struct _Bucket *next;

} Bucket;

typedef struct _HashTable

{

    int size;        // 哈希表的大小

    int elem_num;    // 已经保存元素的个数

    Bucket **buckets;

} HashTable;

int hash_init(HashTable *ht);

int hash_lookup(HashTable *ht, char *key, void **result);

int hash_insert(HashTable *ht, char *key, void *value);

int hash_remove(HashTable *ht, char *key);

int hash_destroy(HashTable *ht);

#endif

#include <stdio.h>

#include <stdlib.h>

#include <assert.h>

#include <string.h>

#include "hashtable.h"

#define TEST(tcase) printf(">>> [START CASE] " tcase "<<<\n")

#define PASS(tcase) printf(">>> [PASSED] " tcase " <<<\n")

int main(int argc, char **argv)

{

    HashTable *ht = (HashTable *)malloc(sizeof(HashTable));

    int result = hash_init(ht);

    assert(result == SUCCESS);

    /* Data */

    int  int1 = ;

    int  int2 = ;

    char str1[] = "Hello TIPI";

    char str2[] = "Value";

    /* to find data container */

    int *j = NULL;

    char *find_str = NULL;

    /* Test Key insert */

    TEST("Key insert");

    hash_insert(ht, "KeyInt", &int1);

    hash_insert(ht, "asdfKeyStrass", str1);

    hash_insert(ht, "K13eyStras", str1);

    hash_insert(ht, "KeyStr5", str1);

    hash_insert(ht, "KeyStr", str1);

    PASS("Key insert");

    /* Test key lookup */

    TEST("Key lookup");

    hash_lookup(ht, "KeyInt", (void **)&j);

    hash_lookup(ht, "KeyStr", (void **)&find_str);

    assert(strcmp(find_str, str1) == );

    assert(*j = int1);

    PASS("Key lookup");

    /* Test Key update */

    TEST("Test key update");

    hash_insert(ht, "KeyInt", &int2);

    hash_lookup(ht, "KeyInt", (void **)&j);

    assert(*j = int2);

    PASS("Test key update");

    TEST(">>>     Test key not found        <<< ");

    result = hash_lookup(ht, "non-exits-key", (void **)&j);

    assert(result == FAILED);

    PASS("non-exist-key lookup");

    TEST("Test key not found after remove");

    char strMyKey[] = "My-Key-Value";

    find_str = NULL;

    hash_insert(ht, "My-Key", &strMyKey);

    result = hash_remove(ht, "My-Key");

    assert(result == SUCCESS);

    result = hash_lookup(ht, "My-Key", (void **)&find_str);

    assert(find_str == NULL);

    assert(result == FAILED);

    PASS("Test key not found after remove");

    PASS(">>>     Test key not found        <<< ");

    TEST("Add many elements and make hashtable rehash");

    hash_insert(ht, "a1", &int2);

    hash_insert(ht, "a2", &int1);

    hash_insert(ht, "a3", &int1);

    hash_insert(ht, "a4", &int1);

    hash_insert(ht, "a5", &int1);

    hash_insert(ht, "a6", &int1);

    hash_insert(ht, "a7", &int1);

    hash_insert(ht, "a8", str2);

    hash_insert(ht, "a9", &int1);

    hash_insert(ht, "a10", &int1);

    hash_insert(ht, "a11", &int1);

    hash_insert(ht, "a12", &int1);

    hash_insert(ht, "a13", &int1);

    hash_insert(ht, "a14", &int1);

    hash_insert(ht, "a15", &int1);

    hash_insert(ht, "a16", &int1);

    hash_insert(ht, "a17", &int1);

    hash_insert(ht, "a18", &int1);

    hash_insert(ht, "a19", &int1);

    hash_insert(ht, "a20", &int1);

    hash_insert(ht, "a21", &int1);

    hash_insert(ht, "a22", &int1);

    hash_insert(ht, "a23", &int1);

    hash_insert(ht, "a24", &int1);

    hash_insert(ht, "a24", &int1);

    hash_insert(ht, "a24", &int1);

    hash_insert(ht, "a25", &int1);

    hash_insert(ht, "a26", &int1);

    hash_insert(ht, "a27", &int1);

    hash_insert(ht, "a28", &int1);

    hash_insert(ht, "a29", &int1);

    hash_insert(ht, "a30", &int1);

    hash_insert(ht, "a31", &int1);

    hash_insert(ht, "a32", &int1);

    hash_insert(ht, "a33", &int1);

    hash_lookup(ht, "a23", (void **)&j);

    assert(*j = int1);

    hash_lookup(ht, "a30", (void **)&j);

    assert(*j = int1);

    PASS("Add many elements and make hashtable rehash");

    hash_destroy(ht);

    free(ht);

    printf("Woohoo, It looks like HashTable works properly\n");

    return ;

}

gcc -g -Wall -DDEBUG -o a.out main.c hashtable.c

typedef struct bucket

{

    ulong h;                        /* Used for numeric indexing */

    uint nKeyLength;                //key长度

    void *pData;                    //指向 Bucke保存的数据 指针

    void *pDataPtr;                    //指针数据

    struct bucket *pListNext;        //下一个元素指针

    struct bucket *pListLast;        //上一个元素指针

    struct bucket *pNext;

    struct bucket *pLast;

    const char *arKey;

} Bucket;

typedef struct _hashtable

{

    uint nTableSize;            //HashTable的大小

    uint nTableMask;            //等于nTableSize-1

    uint nNumOfElements;        //对象个数

    ulong nNextFreeElement;        //指向下一个空元素位置 nTableSize+1

    Bucket *pInternalPointer;    /* Used for element traversal 保存当前遍历的指针 */

    Bucket *pListHead;            //头元素指针

    Bucket *pListTail;            //尾元素指针

    Bucket **arBuckets;            //存储hash数组数据

    dtor_func_t pDestructor;    //类似于析构函数

    zend_bool persistent;        //用哪种方法分配内存空间 PHP统一管理内存还是用普通的malloc

    unsigned char nApplyCount;    //当前hash bucket被访问的次数,是否遍历过数据,防止无限递归循环

    zend_bool bApplyProtection;

#if ZEND_DEBUG

    int inconsistent;

#endif

} H

http://www.imsiren.com/archives/6

http://www.php-internals.com/book/?p=chapt03/03-01-01-hashtable

https://github.com/reeze/tipi/tree/master/book/sample/chapt03/03-01-01-hashtable 

. 真正的数组

. 列表(向量)

. 散列表(是映射的一种实现)

. 字典

. 集合

. 栈

. 队列以及更多可能性

<?php

    $array = array();

    $array["key"] = "values";

?>

static int ZEND_FASTCALL  ZEND_INIT_ARRAY_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)

{

    USE_OPLINE

    array_init(&EX_T(opline->result.var).tmp_var);

    if (IS_CV == IS_UNUSED) {

        ZEND_VM_NEXT_OPCODE();

#if 0 || IS_CV != IS_UNUSED

    } else {

        return ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);

#endif

    }

}

ZEND_API int _array_init(zval *arg, uint size ZEND_FILE_LINE_DC) /* {{{ */

{

    ALLOC_HASHTABLE_REL(Z_ARRVAL_P(arg));

    _zend_hash_init(Z_ARRVAL_P(arg), size, ZVAL_PTR_DTOR, 0 ZEND_FILE_LINE_RELAY_CC);

    Z_TYPE_P(arg) = IS_ARRAY;

    return SUCCESS;

}

ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC)

{

    uint i = 3;

    SET_INCONSISTENT(HT_OK);

    if (nSize >= 0x80000000) {

        /* prevent overflow */

        //HASH表大小大于0x80000000则初始化为0x80000000

        ht->nTableSize = 0x80000000;

    } else {

        while ((1U << i) < nSize) {

            i++;

        }

        //申请的数组Size空间调整为2的n次方，这样有利于内存对齐，i=3,nTableSize最小值为8

        ht->nTableSize = 1 << i;

    }

    ht->nTableMask = 0;    /* 0 means that ht->arBuckets is uninitialized */

    ht->pDestructor = pDestructor;    //一个函数指针,当HashTable发生增,删,改时调用

    ht->arBuckets = (Bucket**)&uninitialized_bucket;

    ht->pListHead = NULL;

    ht->pListTail = NULL;

    ht->nNumOfElements = 0;

    ht->nNextFreeElement = 0;

    ht->pInternalPointer = NULL;

    ht->persistent = persistent;    //如果persisient为TRUE，则使用操作系统本身的内存分配函数为Bucket分配内存，否则使用PHP的内存分配函数

    ht->nApplyCount = 0;

    ht->bApplyProtection = 1;

    return SUCCESS;

}

ZEND_API int _zend_hash_init_ex(HashTable *ht, uint nSize, dtor_func_t pDestructor, zend_bool persistent, zend_bool bApplyProtection ZEND_FILE_LINE_DC)

{

    int retval = _zend_hash_init(ht, nSize, pDestructor, persistent ZEND_FILE_LINE_CC);

    ht->bApplyProtection = bApplyProtection;

    return retval;

}

<?php

    $patterns = array();

    $patterns[] = '!quick!e';

    $patterns[''] = '{brown}';

    $patterns['string'] = 'littlehann';

    echo $patterns[];

    echo $patterns''];

    echo $patterns['string'];

    foreach($patterns as $Item){

        echo $Item;

    }

ZEND_API int _zend_hash_index_update_or_next_insert(HashTable *ht, ulong h, void *pData, uint nDataSize, void **pDest, int flag ZEND_FILE_LINE_DC)

{

    uint nIndex;

    Bucket *p;

#ifdef ZEND_SIGNALS

    TSRMLS_FETCH();

#endif

    IS_CONSISTENT(ht);

    CHECK_INIT(ht);

    if (flag & HASH_NEXT_INSERT) {

        h = ht->nNextFreeElement;

    }

    //生成hash值，通过与nTableMask执行与操作，获取在arBuckets数组中的Bucket位置

    nIndex = h & ht->nTableMask;

    p = ht->arBuckets[nIndex];

    //如果Bucket中已经存在元素，则遍历整个Bucket链表(HASH很可能冲突)，查找是否存在相同的key值元素，如果有并且是update调用，则执行update数据操作

    while (p != NULL) {

        if ((p->nKeyLength == ) && (p->h == h)) {

            if (flag & HASH_NEXT_INSERT || flag & HASH_ADD) {

                return FAILURE;

            }

            ZEND_ASSERT(p->pData != pData);

            HANDLE_BLOCK_INTERRUPTIONS();

            if (ht->pDestructor) {

                ht->pDestructor(p->pData);

            }

            UPDATE_DATA(ht, p, pData, nDataSize);

            HANDLE_UNBLOCK_INTERRUPTIONS();

            if (pDest) {

                *pDest = p->pData;

            }

            return SUCCESS;

        }

        p = p->pNext;

    }

    //当前数组中没有该键，创建新的Bucket元素，初始化数据

    p = (Bucket *) pemalloc_rel(sizeof(Bucket), ht->persistent);

    p->arKey = NULL;

    p->nKeyLength = ; /* Numeric indices are marked by making the nKeyLength == 0 */

    p->h = h;

    INIT_DATA(ht, p, pData, nDataSize);

    if (pDest) {

        *pDest = p->pData;

    }

    //将新元素添加到当前hash值对应的Bucket链表的最前面(CONNECT_TO_BUCKET_DLLIST)，即放在第一个的位置

    CONNECT_TO_BUCKET_DLLIST(p, ht->arBuckets[nIndex]);

    HANDLE_BLOCK_INTERRUPTIONS();

    ht->arBuckets[nIndex] = p;

    //将新的Bucket元素添加到数组的链接表的最后面(CONNECT_TO_GLOBAL_DLLIST)，即队列的FIFO

    CONNECT_TO_GLOBAL_DLLIST(p, ht);

    HANDLE_UNBLOCK_INTERRUPTIONS();

    //PHP中可以不指定索引值向数组中添加元素，这时将默认使用数字作为索引，和C语言中的枚举类似

    //当不指定索引时，新插入的元素的索引由nNextFreeElement字段决定了

    //如果数组中存在了数字key，则会默认使用最新使用的key + 1，例如上例中已经存在了10作为key的元素，这样新插入的默认索引就为11

    if ((long)h >= (long)ht->nNextFreeElement) {

        ht->nNextFreeElement = h < LONG_MAX ? h +  : LONG_MAX;

    }

    ht->nNumOfElements++;

    //当HASH表到达当前上限时(2次方对齐的上限)，进行扩容，并且将所有元素键重新进行哈希并进行索引映射

    ZEND_HASH_IF_FULL_DO_RESIZE(ht);

    return SUCCESS;

}

ZEND_API int _zend_hash_add_or_update(HashTable *ht, const char *arKey, uint nKeyLength, void *pData, uint nDataSize, void **pDest, int flag ZEND_FILE_LINE_DC)

{

    ulong h;

    uint nIndex;

    Bucket *p;

#ifdef ZEND_SIGNALS

    TSRMLS_FETCH();

#endif

    IS_CONSISTENT(ht);

    ZEND_ASSERT(nKeyLength != );

    CHECK_INIT(ht);

    //调用zend_inline_hash_func将字符串key，尝试转化为int值

    //后续的代码逻辑和int型的array操作一致

    h = zend_inline_hash_func(arKey, nKeyLength);

    nIndex = h & ht->nTableMask;

static inline ulong zend_inline_hash_func(const char *arKey, uint nKeyLength)

{

    register ulong hash = ;

    /* variant with the hash unrolled eight times */

    for (; nKeyLength >= ; nKeyLength -= ) {

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

        hash = ((hash << ) + hash) + *arKey++;

    }

    switch (nKeyLength) {

        case : hash = ((hash << ) + hash) + *arKey++; /* fallthrough... */

        case : hash = ((hash << ) + hash) + *arKey++; /* fallthrough... */

        case : hash = ((hash << ) + hash) + *arKey++; /* fallthrough... */

        case : hash = ((hash << ) + hash) + *arKey++; /* fallthrough... */

        case : hash = ((hash << ) + hash) + *arKey++; /* fallthrough... */

        case : hash = ((hash << ) + hash) + *arKey++; /* fallthrough... */

        case : hash = ((hash << ) + hash) + *arKey++; break;

        case : break;

EMPTY_SWITCH_DEFAULT_CASE()

    }

    return hash;

}

http://www.kancloud.cn/kancloud/php-internals/42760

http://blog.csdn.net/a600423444/article/details/8850617

http://www.imsiren.com/archives/250

//初始化PHP数组

array_init(zval *arg);

array_init_size(zval *arg, uint size);

//关联数组赋值的操作函数，等同于$array[$stringKey] = $value;

add_assoc_null(zval *aval, char *key);

add_assoc_bool(zval *aval, char *key, zend_bool bval);

add_assoc_long(zval *aval, char *key, long lval);

add_assoc_double(zval *aval, char *key, double dval);

add_assoc_string(zval *aval, char *key, char *strval, int dup);

add_assoc_stringl(zval *aval, char *key,char *strval, uint strlen, int dup);

add_assoc_zval(zval *aval, char *key, zval *value);

//上述函数均为宏函数，都是对add_assoc_*_ex函数的封装

//数字索引数组赋值的操作函数，等效于$array[$numKey] = $value;

ZEND_API int add_index_long(zval *arg, ulong idx, long n);

ZEND_API int add_index_null(zval *arg, ulong idx);

ZEND_API int add_index_bool(zval *arg, ulong idx, int b);

ZEND_API int add_index_resource(zval *arg, ulong idx, int r);

ZEND_API int add_index_double(zval *arg, ulong idx, double d);

ZEND_API int add_index_string(zval *arg, ulong idx, const char *str, int duplicate);

ZEND_API int add_index_stringl(zval *arg, ulong idx, const char *str, uint length, int duplicate);

ZEND_API int add_index_zval(zval *arg, ulong index, zval *value);

//使用内置数字索引的数组赋值的操作函数，等效于$array[] = $value;

ZEND_API int add_next_index_long(zval *arg, long n);

ZEND_API int add_next_index_null(zval *arg);

ZEND_API int add_next_index_bool(zval *arg, int b);

ZEND_API int add_next_index_resource(zval *arg, int r);

ZEND_API int add_next_index_double(zval *arg, double d);

ZEND_API int add_next_index_string(zval *arg, const char *str, int duplicate);

ZEND_API int add_next_index_stringl(zval *arg, const char *str, uint length, int duplicate);

ZEND_API int add_next_index_zval(zval *arg, zval *value);

//数组元素赋值并返回，等效于{ $array[$key] = $value; return $value; }

ZEND_API int add_get_assoc_string_ex(zval *arg, const char *key, uint key_len, const char *str, void **dest, int duplicate);

ZEND_API int add_get_assoc_stringl_ex(zval *arg, const char *key, uint key_len, const char *str, uint length, void **dest, int duplicate);

#define add_get_assoc_string(__arg, __key, __str, __dest, __duplicate) add_get_assoc_string_ex(__arg, __key, strlen(__key)+1, __str, __dest, __duplicate)

#define add_get_assoc_stringl(__arg, __key, __str, __length, __dest, __duplicate) add_get_assoc_stringl_ex(__arg, __key, strlen(__key)+1, __str, __length, __dest, __duplicate)

ZEND_API int add_get_index_long(zval *arg, ulong idx, long l, void **dest);

ZEND_API int add_get_index_double(zval *arg, ulong idx, double d, void **dest);

ZEND_API int add_get_index_string(zval *arg, ulong idx, const char *str, void **dest, int duplicate);

ZEND_API int add_get_index_stringl(zval *arg, ulong idx, const char *str, uint length, void **dest, int duplicate);

T_FOREACH '(' variable T_AS

        { zend_do_foreach_begin(&$, &$, &$, &$,  TSRMLS_CC); }

        foreach_variable foreach_optional_arg ')' { zend_do_foreach_cont(&$, &$, &$, &$, &$ TSRMLS_CC); }

        foreach_statement { zend_do_foreach_end(&$, &$ TSRMLS_CC); }

    |    T_FOREACH '(' expr_without_variable T_AS

        { zend_do_foreach_begin(&$, &$, &$, &$,  TSRMLS_CC); }

        foreach_variable foreach_optional_arg ')' { zend_do_foreach_cont(&$, &$, &$, &$, &$ TSRMLS_CC); }

        foreach_statement { zend_do_foreach_end(&$, &$ TSRMLS_CC); }

zend_do_foreach_begin

zend_do_foreach_cont

zend_do_foreach_end

void zend_do_foreach_begin(znode *foreach_token, znode *open_brackets_token, znode *array, znode *as_token, int variable TSRMLS_DC) /* {{{ */

{

    zend_op *opline;

    zend_bool is_variable;

    zend_op dummy_opline;

    if (variable) {

        if (zend_is_function_or_method_call(array)) {

            is_variable = ;

        } else {

            is_variable = ;

        }

        /* save the location of FETCH_W instruction(s) */

        open_brackets_token->u.op.opline_num = get_next_op_number(CG(active_op_array));

        zend_do_end_variable_parse(array, BP_VAR_W,  TSRMLS_CC);

        if (zend_is_function_or_method_call(array)) {

            opline = get_next_op(CG(active_op_array) TSRMLS_CC);

            opline->opcode = ZEND_SEPARATE;

            SET_NODE(opline->op1, array);

            SET_UNUSED(opline->op2);

            opline->result_type = IS_VAR;

            opline->result.var = opline->op1.var;

        }

    } else {

        is_variable = ;

        open_brackets_token->u.op.opline_num = get_next_op_number(CG(active_op_array));

    }

    /* save the location of FE_RESET */

    //记录当前的opline行数（为以后跳转而记录）1

    foreach_token->u.op.opline_num = get_next_op_number(CG(active_op_array));

    opline = get_next_op(CG(active_op_array) TSRMLS_CC);

    /* Preform array reset */

    //对数组进行RESET(将内部指针指向第一个元素)

    opline->opcode = ZEND_FE_RESET;

    opline->result_type = IS_VAR;

    //获取临时变量($val)

    opline->result.var = get_temporary_variable(CG(active_op_array));

    SET_NODE(opline->op1, array);

    SET_UNUSED(opline->op2);

    opline->extended_value = is_variable ? ZEND_FE_RESET_VARIABLE : ;

    COPY_NODE(dummy_opline.result, opline->result);

    zend_stack_push(&CG(foreach_copy_stack), (void *) &dummy_opline, sizeof(zend_op));

    /* save the location of FE_FETCH */

    as_token->u.op.opline_num = get_next_op_number(CG(active_op_array));

    //设置获取变量的OPCODE FE_FETCH，结果存第3步的临时变量

    opline = get_next_op(CG(active_op_array) TSRMLS_CC);

    opline->opcode = ZEND_FE_FETCH;

    opline->result_type = IS_VAR;

    opline->result.var = get_temporary_variable(CG(active_op_array));

    COPY_NODE(opline->op1, dummy_opline.result);

    opline->extended_value = ;

    SET_UNUSED(opline->op2);

    //记录获取变量的OPCODES的行数

    opline = get_next_op(CG(active_op_array) TSRMLS_CC);

    opline->opcode = ZEND_OP_DATA;

    SET_UNUSED(opline->op1);

    SET_UNUSED(opline->op2);

    SET_UNUSED(opline->result);

}

/* }}} */

void zend_do_foreach_cont(znode *foreach_token, const znode *open_brackets_token, const znode *as_token, znode *value, znode *key TSRMLS_DC) /* {{{ */

{

    zend_op *opline;

    znode dummy, value_node;

    zend_bool assign_by_ref=;

    opline = &CG(active_op_array)->opcodes[as_token->u.op.opline_num];

    if (key->op_type != IS_UNUSED) {

        znode *tmp;

        /* switch between the key and value... */

        tmp = key;

        key = value;

        value = tmp;

        /* Mark extended_value in case both key and value are being used */

        opline->extended_value |= ZEND_FE_FETCH_WITH_KEY;

    }

    if ((key->op_type != IS_UNUSED)) {

        if (key->EA & ZEND_PARSED_REFERENCE_VARIABLE) {

            zend_error_noreturn(E_COMPILE_ERROR, "Key element cannot be a reference");

        }

        if (key->EA & ZEND_PARSED_LIST_EXPR) {

            zend_error_noreturn(E_COMPILE_ERROR, "Cannot use list as key element");

        }

    }

    //根据foreach_variable的u.EA.type来判断是否引用

    if (value->EA & ZEND_PARSED_REFERENCE_VARIABLE) {

        assign_by_ref = ;

        /* Mark extended_value for assign-by-reference */

        opline->extended_value |= ZEND_FE_FETCH_BYREF;

        CG(active_op_array)->opcodes[foreach_token->u.op.opline_num].extended_value |= ZEND_FE_RESET_REFERENCE;

    } else {

        //根据是否引用来调整zend_do_foreach_begin中生成的FE_FETCH方式

        zend_op *fetch = &CG(active_op_array)->opcodes[foreach_token->u.op.opline_num];

        zend_op    *end = &CG(active_op_array)->opcodes[open_brackets_token->u.op.opline_num];

        /* Change "write context" into "read context" */

        fetch->extended_value = ;  /* reset ZEND_FE_RESET_VARIABLE */

        while (fetch != end) {

            --fetch;

            if (fetch->opcode == ZEND_FETCH_DIM_W && fetch->op2_type == IS_UNUSED) {

                zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");

            }

            if (fetch->opcode == ZEND_SEPARATE) {

                MAKE_NOP(fetch);

            } else {

                fetch->opcode -= ; /* FETCH_W -> FETCH_R */

            }

        }

    }

    //根据zend_do_foreach_begin中记录的取变量的OPCODES的行数

    GET_NODE(&value_node, opline->result);

    //获取HashTable的头指针

    if (value->EA & ZEND_PARSED_LIST_EXPR) {

        if (!CG(list_llist).head) {

            zend_error_noreturn(E_COMPILE_ERROR, "Cannot use empty list");

        }

        //遍历HashTable双链表

        zend_do_list_end(&dummy, &value_node TSRMLS_CC);

        zend_do_free(&dummy TSRMLS_CC);

    } else {

        if (assign_by_ref) {

            zend_do_end_variable_parse(value, BP_VAR_W,  TSRMLS_CC);

            /* Mark FE_FETCH as IS_VAR as it holds the data directly as a value */

            zend_do_assign_ref(NULL, value, &value_node TSRMLS_CC);

        } else {

            zend_do_assign(&dummy, value, &value_node TSRMLS_CC);

            zend_do_free(&dummy TSRMLS_CC);

        }

    }

    if (key->op_type != IS_UNUSED) {

        znode key_node;

        opline = &CG(active_op_array)->opcodes[as_token->u.op.opline_num+];

        opline->result_type = IS_TMP_VAR;

        opline->result.opline_num = get_temporary_variable(CG(active_op_array));

        GET_NODE(&key_node, opline->result);

        zend_do_assign(&dummy, key, &key_node TSRMLS_CC);

        zend_do_free(&dummy TSRMLS_CC);

    }

    //循环的主要逻辑

    do_begin_loop(TSRMLS_C);

    INC_BPC(CG(active_op_array));

}

/* }}} */

void zend_do_foreach_end(const znode *foreach_token, const znode *as_token TSRMLS_DC) /* {{{ */

{

    zend_op *container_ptr;

    zend_op *opline = get_next_op(CG(active_op_array) TSRMLS_CC);

    //根据zend_do_foreach_begin中记录的行数信息，设置ZEND_JMP OPCODES，准备跳回foreach的开始处继续循环

    opline->opcode = ZEND_JMP;

    //根据当前行数，设置循环体下一条opline, 用以跳出循环

    opline->op1.opline_num = as_token->u.op.opline_num;

    SET_UNUSED(opline->op1);

    SET_UNUSED(opline->op2);

    CG(active_op_array)->opcodes[foreach_token->u.op.opline_num].op2.opline_num = get_next_op_number(CG(active_op_array)); /* FE_RESET */

    CG(active_op_array)->opcodes[as_token->u.op.opline_num].op2.opline_num = get_next_op_number(CG(active_op_array)); /* FE_FETCH */

    // 结束循环(处理循环内循环:do_end_loop)

    do_end_loop(as_token->u.op.opline_num,  TSRMLS_CC);

    //清理临时变量

    zend_stack_top(&CG(foreach_copy_stack), (void **) &container_ptr);

    generate_free_foreach_copy(container_ptr TSRMLS_CC);

    zend_stack_del_top(&CG(foreach_copy_stack));

    DEC_BPC(CG(active_op_array));

}

/* }}} */

<?php

    $arr[] = 'littlehann';

    $arr[]  = ;

    $arr[]  = ;

    foreach ($arr as $key => $val) {

        var_dump($val);

    }

http://thiniki.sinaapp.com/?p=155

http://www.imsiren.com/archives/250

http://www.cnblogs.com/ohmygirl/p/internal-4.html

http://weizhifeng.net/write-php-extension-part2-1.html

http://blog.csdn.net/a600423444/article/details/7073854

http://www.laruence.com/2008/11/20/630.html

http://www.laruence.com/2009/08/23/1065.html

. 名称: 变量的标示符

    ) 变量命名上，PHP继承了Perl的语法风格，变量以美元符号开始，后面跟变量名。一个有效的变量名由字母或者下划线开头，后面跟上任意数量的字母，数字，或者下划线

    ) PHP同时还支持复合变量，也就是类似$$a的变量，它会进行两次的解释。这给PHP带来了非常灵活的动态特性

    ) PHP中组成变量名的字母可以是英文字母 a-z，A-Z

    ) 变量名还可以是 ASCII 字符从  到 (0x7f-0xff)，这给一些恶意脚本进行代码加密提供的语言基础

    ) 变量名是区分大小写的

. 类型: 变量的类型

    ) 在很多静态语言中，变量在定义时就指定了，在程序运行过程中都不允许进行变更

    ) 但是PHP属于弱类型语言，可以随便赋予它任何类型的值

. 值内容

    ) 标示所代表的具体内容

. 强类型语言是一旦某个变量被申明为某个类型的变量，则在程序运行过程中，该不能将该变量的类型以外的值赋予给它(当然并不完全如此，这可能会涉及到类型的转换)，C/C++/Java等语言就属于这类

. PHP及Ruby，JavaScript等脚本语言属于弱类型语言: 一个变量可以表示任意的数据类型。PHP之所以成为一个简单而强大的语言，很大一部分的原因是它拥有弱类型的变量。 但是有些时候这也是一把双刃剑，使用不当也会带来一些问题。就像仪器一样，越是功能强大， 出现错误的可能性也就越大 

//在Zend/zend.h文件里

struct _zval_struct

{

    /* Variable information */

    zvalue_value value;        /* value 变量的值 */

    zend_uint refcount__gc;    //表示引用计数

    zend_uchar type;        /* active type 变量当前的数据类型 */

    zend_uchar is_ref__gc;    //表示是否为引用

};

typedef struct _zval_struct zval;

//在Zend/zend_types.h里定义的：

typedef unsigned int zend_uint;

typedef unsigned char zend_uchar;

typedef union _zvalue_value

{

    long lval;                    /* long value */

    double dval;                /* double value */

    struct

    {

        char *val;

        int len;

    } str;

    HashTable *ht;                /* hash table value */

    zend_object_value obj;

    zend_ast *ast;

} zvalue_value;

. IS_NULL

    ) 第一次使用的变量如果没有初始化过，则会自动的被赋予这个常量，当然我们也可以在PHP语言中通过null这个常量来给予变量null类型的值

    ) 这个类型的值只有一个，就是NULL，它和0与false是不同的

. IS_BOOL

    ) 布尔类型的变量有两个值，true或者false。在PHP语言中

    ) while、if等语句会自动的把表达式的值转成这个类型的

. IS_LONG

    ) PHP语言中的整型，在内核中是通过所在操作系统的signed long数据类型来表示的。 在最常见的32位操作系统中，它可以存储从- ~ +2147483647范围内的任一整数，因为使用了signed long来作为载体，所以这也就解释了为什么PHP语言中的整型数据都是带符号的了

    ) 如果PHP语言中的整型变量超出最大值或者最小值，它并不会直接溢出， 而是会被内核转换成IS_DOUBLE类型的值然后再参与计算。 再者，。 ```c $a=; $a++; echo $a;//会正确的输出 2147483648

. IS_DOUBLE

    ) PHP中的浮点数据是通过C语言中的signed double型变量来存储的，这最终取决与所在操作系统的浮点型实现，计算机是无法精准的表示浮点数的，而是采用了科学计数法来保存某个精度的浮点数。 用科学计数法，计算机只用8位便可以保存2.225x10^(-) ~ .798x10^308之间的浮点数

    ) 用计算机来处理浮点数会存在问题，十进制的0.5转成二进制是0.， .8转换后是0.....。 但是当我们从二进制转换回来的时候，往往会发现并不能得到0.。 我们用1除以3这个例子来解释这个现象：/=0.3333333333.....，它是一个无限循环小数， 但是计算机可能只能精确存储到0.，当我们再乘以三时， 其实计算机计算的数是0.*=0.999999，而不是我们平时数学中所期盼的1..

. IS_STRING

    ) PHP中最常用的数据类型: 字符串，在内存中的存储和C差不多， 就是一块能够放下这个变量所有字符的内存，并且在这个变量的zval实现里会保存着指向这块内存的指针

    ) 与C不同的是，PHP内核还同时在zval结构里保存着这个字符串的实际长度， 这个设计使PHP可以在字符串中嵌入"\0"字符，也使PHP的字符串是二进制安全的，可以安全的存储二进制数据

    ) 内核只会为字符串申请它长度+1的内存， 最后一个字节存储的是'\0'字符，所以在不需要二进制安全操作的时候， 我们可以像通常C语言的方式那样来使用它

. IS_ARRAY

    ) 数组是一个非常特殊的数据类型，它唯一的功能就是聚集别的变量

    ) 在C语言中，一个数组只能承载一种类型的数据，而PHP语言中的数组则灵活的多，它可以承载任意类型的数据，这一切都是HashTable的功劳，每个HashTable中的元素都有两部分组成: 索引与值，每个元素的值都是一个独立的zval(确切的说应该是指向某个zval的指针)，正是因为这种架构设计，使得PHP可以在数组中以任意方式存储任意类型的变量

. IS_OBJECT

    ) 和数组一样，对象也是用来存储复合数据的，但是与数组不同的是，对象还需要保存以下信息: 方法、访问权限、类常量以及其它的处理逻辑

    ) 相对与zend engine V1，V2中的对象实现已经被彻底修改，所以我们PHP扩展开发者如果需要自己的扩展支持面向对象的工作方式， 则应该对PHP5和PHP4分别对待

. IS_RESOURCE

    ) 有一些数据的内容可能无法直接呈现给PHP用户的，比如与某台mysql服务器的链接，或者直接呈现出来也没有什么意义

    ) 但用户还需要这类数据，因此PHP中提供了一种名为Resource(资源)的数据类型 

/* {{{ proto string gettype(mixed var)

   Returns the type of the variable */

PHP_FUNCTION(gettype)

{

    ////arg间接指向调用gettype函数时所传递的参数。是一个zval**结构

    zval **arg;

    ////这个if的操作主要是让arg指向参数

    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z", &arg) == FAILURE) {

        return;

    }

    //调用Z_TYPE_PP宏来获取arg指向zval的类型。

    //然后是一个switch结构，RETVAL_STRING宏代表这gettype函数返回的字符串类型的值

    switch (Z_TYPE_PP(arg)) {

        case IS_NULL:

            RETVAL_STRING("NULL", );

            break;

        case IS_BOOL:

            RETVAL_STRING("boolean", );

            break;

        case IS_LONG:

            RETVAL_STRING("integer", );

            break;

        case IS_DOUBLE:

            RETVAL_STRING("double", );

            break;

        case IS_STRING:

            RETVAL_STRING("string", );

            break;

        case IS_ARRAY:

            RETVAL_STRING("array", );

            break;

        case IS_OBJECT:

            RETVAL_STRING("object", );

        /*

           {

           char *result;

           int res_len;

           res_len = sizeof("object of type ")-1 + Z_OBJCE_P(arg)->name_length;

           spprintf(&result, 0, "object of type %s", Z_OBJCE_P(arg)->name);

           RETVAL_STRINGL(result, res_len, 0);

           }

         */

            break;

        case IS_RESOURCE:

            {

                const char *type_name = zend_rsrc_list_get_rsrc_type(Z_LVAL_PP(arg) TSRMLS_CC);

                if (type_name) {

                    RETVAL_STRING("resource", );

                    break;

                }

            }

        default:

            RETVAL_STRING("unknown type", );

    }

}

/* }}} */

#define Z_TYPE(zval)        (zval).type

#define Z_TYPE_P(zval_p)    Z_TYPE(*zval_p)

#define Z_TYPE_PP(zval_pp)  Z_TYPE(**zval_pp)

void display_value(zval zv,zval *zv_p,zval **zv_pp)

{

    if( Z_TYPE(zv) == IS_NULL )

    {

        php_printf("类型是 IS_NULL!\n");

    }

    if( Z_TYPE_P(zv_p) == IS_LONG )

    {

        php_printf("类型是 IS_LONG，值是：%ld" , Z_LVAL_P(zv_p));

    }

    if(Z_TYPE_PP(zv_pp) == IS_DOUBLE )

    {

        php_printf("类型是 IS_DOUBLE,值是：%f" , Z_DVAL_PP(zv_pp) );

    }

}

. MAKE_STD_ZVAL(pzv): 这个宏会用内核的方式来申请一块内存并将其地址付给pzv，并初始化它的refcount和is_ref两个属性，它不但会自动的处理内存不足问题，还会在内存中选个最优的位置来申请

. ALLOC_INIT_ZVAL(): 这个宏函数也是用来申请内存的， 和MAKE_STD_ZVAL宏唯一的不同便是它会将pzv所指的zval的类型设置为IS_NULL;

. ZVAL_NULL(pvz);

. ZVAL_BOOL(pzv, b);

. ZVAL_TRUE(pzv);

. ZVAL_FALSE(pzv);

. ZVAL_LONG(pzv, l);

. ZVAL_DOUBLE(pzv, d);

. ZVAL_STRINGL(pzv,str,len,dup);

dup参数的意思其实很简单，它指明了该字符串是否需要被复制

    ) 值为  将先申请一块新内存并赋值该字符串，然后把新内存的地址复制给pzv

    ) 值为  时则是直接把str的地址赋值给zval 

. ZVAL_STRING(pzv, str, dup);

ZVAL_STRING相比于ZVAL_STRINGL的区别在于ZVAL_STRING使用strlen()计算字符串长度，它不是二进制安全的，二进制安全的做法是显式使用len字段标明该字符串期望的处理长度

. ZVAL_RESOURCE(pzv, res);

PHP中的资源类型的值其实就是一个整数，所以ZVAL_RESOURCE和ZVAL_LONG的工作差不多，只不过它会把zval的类型设置为 IS_RESOURCE

struct _zend_executor_globals

{

    ...

    //symbol_table元素可以通过EG宏来访问，它代表着PHP的全局变量，如$GLOBALS，其实从根本上来讲，$GLOBALS是EG(symbol_table)的一层封装

    HashTable symbol_table;

    //active_symbol_table元素也可以通过EG(active_symbol_table)的方法来访问，它代表的是处于当前作用域的变量符号表

    HashTable *active_symbol_table;

    ...

}; 

<?php

    $foo = 'bar';

?>

. 创建一个zval结构，并设置其类型

. 设置值为'bar'

. 将其加入当前作用域的符号表，只有这样用户才能在PHP里使用这个变量 

{

    //声明一个zval指针，并申请一块内存

    zval *fooval;

    MAKE_STD_ZVAL(fooval);

    //通过ZVAL_STRING宏将值设置为'bar'

    ZVAL_STRING(fooval, "bar", );

    //将这个zval加入到当前的符号表里去，并将其label定义成foo，这样用户就可以在代码里通过$foo来使用它了

    ZEND_SET_SYMBOL( EG(active_symbol_table) ,  "foo" , fooval);

} 

/* Returns SUCCESS if found and FAILURE if not. The pointer to the

 * data is returned in pData. The reason is that there's no reason

 * someone using the hash table might not want to have NULL data

 */

ZEND_API int zend_hash_find(const HashTable *ht, const char *arKey, uint nKeyLength, void **pData)

{

    ulong h;

    uint nIndex;

    Bucket *p;

    IS_CONSISTENT(ht);

    h = zend_inline_hash_func(arKey, nKeyLength);

    nIndex = h & ht->nTableMask;

    p = ht->arBuckets[nIndex];

    while (p != NULL) {

        if (p->arKey == arKey ||

            ((p->h == h) && (p->nKeyLength == nKeyLength) && !memcmp(p->arKey, arKey, nKeyLength))) {

                *pData = p->pData;

                return SUCCESS;

        }

        p = p->pNext;

    }

    return FAILURE;

}

ZEND_API void _convert_to_cstring(zval *op ZEND_FILE_LINE_DC);

ZEND_API void _convert_to_string(zval *op ZEND_FILE_LINE_DC);

ZEND_API void convert_to_long(zval *op);

ZEND_API void convert_to_double(zval *op);

ZEND_API void convert_to_long_base(zval *op, int base);

ZEND_API void convert_to_null(zval *op);

ZEND_API void convert_to_boolean(zval *op);

ZEND_API void convert_to_array(zval *op);

ZEND_API void convert_to_object(zval *op);

#define convert_to_cstring(op) if ((op)->type != IS_STRING) { _convert_to_cstring((op) ZEND_FILE_LINE_CC); }

#define convert_to_string(op) if ((op)->type != IS_STRING) { _convert_to_string((op) ZEND_FILE_LINE_CC); }

\php-5.6.\Zend\zend.c

zend_register_auto_global("GLOBALS", sizeof("GLOBALS") - , , php_auto_globals_create_globals TSRMLS_CC);

static zend_bool php_auto_globals_create_globals(const char *name, uint name_len TSRMLS_DC) /* {{{ */

{

    zval *globals;

    ALLOC_ZVAL(globals);

    Z_SET_REFCOUNT_P(globals, );

    Z_SET_ISREF_P(globals);

    Z_TYPE_P(globals) = IS_ARRAY;

    Z_ARRVAL_P(globals) = &EG(symbol_table);

    zend_hash_update(&EG(symbol_table), name, name_len + , &globals, sizeof(zval *), NULL);

    return ;

}

/* }}} */

[main() -> php_request_startup() -> zend_activate() -> init_executor() ]

..

zend_hash_init(&EG(symbol_table), , NULL, ZVAL_PTR_DTOR, );

[main() -> php_cli_startup() -> php_module_startup() -> php_startup_auto_globals(TSRMLS_C) ]

void php_startup_auto_globals(TSRMLS_D)

{

    zend_register_auto_global(ZEND_STRL("_GET"), , php_auto_globals_create_get TSRMLS_CC);

    zend_register_auto_global(ZEND_STRL("_POST"), , php_auto_globals_create_post TSRMLS_CC);

    zend_register_auto_global(ZEND_STRL("_COOKIE"), , php_auto_globals_create_cookie TSRMLS_CC);

    zend_register_auto_global(ZEND_STRL("_SERVER"), PG(auto_globals_jit), php_auto_globals_create_server TSRMLS_CC);

    zend_register_auto_global(ZEND_STRL("_ENV"), PG(auto_globals_jit), php_auto_globals_create_env TSRMLS_CC);

    zend_register_auto_global(ZEND_STRL("_REQUEST"), PG(auto_globals_jit), php_auto_globals_create_request TSRMLS_CC);

    zend_register_auto_global(ZEND_STRL("_FILES"), , php_auto_globals_create_files TSRMLS_CC);

}

static zend_bool php_auto_globals_create_post(const char *name, uint name_len TSRMLS_DC)

{

    zval *vars;

    if (

        PG(variables_order)                 &&

        (strchr(PG(variables_order),'P')     ||

        strchr(PG(variables_order),'p'))     &&

        SG(request_info).request_method     &&

        !strcasecmp(SG(request_info).request_method, "POST"))

    {

        //按照PG(variables_order)指定的顺序(在php.ini中指定)，通过调用sapi_module.treat_data处理数据

        sapi_module.treat_data(PARSE_POST, NULL, NULL TSRMLS_CC);

        vars = PG(http_globals)[TRACK_VARS_POST];

    } else {

        ALLOC_ZVAL(vars);

        array_init(vars);

        INIT_PZVAL(vars);

        if (PG(http_globals)[TRACK_VARS_POST]) {

            zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);

        }

        PG(http_globals)[TRACK_VARS_POST] = vars;

    }

    //将POST变量添加到全局符号表中，所以我们能在$GLOBALS中直接访问到POST参数

    zend_hash_update(&EG(symbol_table), name, name_len + , &vars, sizeof(zval *), NULL);

    Z_ADDREF_P(vars);

    return ; /* don't rearm */

}

. 静态全局变量: PHP中的全局变量也可以理解为静态全局变量，因为除非明确unset释放，在程序运行过程中始终存在

. 静态局部变量: 在函数内定义的静态变量，函数在执行时对变量的操作会保持到下一次函数被调用

. 静态成员变量: 这是在类中定义的静态变量，和实例变量相对应，静态成员变量可以在所有实例*享 

<?php

    function t()

    {

        static $i = ;

        $i++;

        echo $i, ' ';

    }

    t();

    t();

    t();

?>

<ST_IN_SCRIPTING>"static" {

    return T_STATIC;

}

|    T_STATIC static_var_list ';'

..

static_var_list:

        static_var_list ',' T_VARIABLE { zend_do_fetch_static_variable(&$, NULL, ZEND_FETCH_STATIC TSRMLS_CC); }

    |    static_var_list ',' T_VARIABLE '=' static_scalar { zend_do_fetch_static_variable(&$, &$, ZEND_FETCH_STATIC TSRMLS_CC); }

    |    T_VARIABLE  { zend_do_fetch_static_variable(&$, NULL, ZEND_FETCH_STATIC TSRMLS_CC); }

    |    T_VARIABLE '=' static_scalar { zend_do_fetch_static_variable(&$, &$, ZEND_FETCH_STATIC TSRMLS_CC); }

;

void zend_do_fetch_static_variable(znode *varname, const znode *static_assignment, int fetch_type TSRMLS_DC) /* {{{ */

{

    zval *tmp;

    zend_op *opline;

    znode lval;

    znode result;

    ALLOC_ZVAL(tmp);

    if (static_assignment) {

        *tmp = static_assignment->u.constant;

    } else {

        INIT_ZVAL(*tmp);

    }

    //在解释成中间代码时，静态变量是存放在CG(active_op_array)->static_variables中的

    if (!CG(active_op_array)->static_variables)

    {

        /* 初始化此时的静态变量存放位置 */

        if (CG(active_op_array)->scope) {

            CG(active_op_array)->scope->ce_flags |= ZEND_HAS_STATIC_IN_METHODS;

        }

        //  将新的静态变量放进来

        ALLOC_HASHTABLE(CG(active_op_array)->static_variables);

        zend_hash_init(CG(active_op_array)->static_variables, , NULL, ZVAL_PTR_DTOR, );

    }

    zend_hash_update(CG(active_op_array)->static_variables, Z_STRVAL(varname->u.constant), Z_STRLEN(varname->u.constant)+, &tmp, sizeof(zval *), NULL);

    if (varname->op_type == IS_CONST) {

        if (Z_TYPE(varname->u.constant) != IS_STRING) {

            convert_to_string(&varname->u.constant);

        }

    }

    opline = get_next_op(CG(active_op_array) TSRMLS_CC);

    opline->opcode = (fetch_type == ZEND_FETCH_LEXICAL) ? ZEND_FETCH_R : ZEND_FETCH_W;        /* the default mode must be Write, since fetch_simple_variable() is used to define function arguments */

    opline->result_type = IS_VAR;

    opline->result.var = get_temporary_variable(CG(active_op_array));

    SET_NODE(opline->op1, varname);

    if (opline->op1_type == IS_CONST) {

        CALCULATE_LITERAL_HASH(opline->op1.constant);

    }

    SET_UNUSED(opline->op2);

    opline->extended_value = ZEND_FETCH_STATIC;

    GET_NODE(&result, opline->result);

    if (varname->op_type == IS_CONST) {

        zval_copy_ctor(&varname->u.constant);

    }

    fetch_simple_variable(&lval, varname,  TSRMLS_CC); /* Relies on the fact that the default fetch is BP_VAR_W */

    if (fetch_type == ZEND_FETCH_LEXICAL) {

        znode dummy;

        zend_do_begin_variable_parse(TSRMLS_C);

        zend_do_assign(&dummy, &lval, &result TSRMLS_CC);

        zend_do_free(&dummy TSRMLS_CC);

    } else {

        //  赋值操作中间代码生成

        zend_do_assign_ref(NULL, &lval, &result TSRMLS_CC);

    }

    CG(active_op_array)->opcodes[CG(active_op_array)->last-].result_type |= EXT_TYPE_UNUSED;

}

/* }}} */

http://www.nowamagic.net/librarys/veda/detail/1409

http://www.nowamagic.net/librarys/veda/detail/1414

http://www.nowamagic.net/librarys/veda/detail/1415

http://www.nowamagic.net/librarys/veda/detail/1420

http://udn.yyuap.com/doc/wiki/project/extending-embedding-php/2.html

http://www.walu.cc/phpbook/2.md

http://www.nowamagic.net/librarys/veda/detail/1326

http://www.nowamagic.net/librarys/veda/detail/1327

http://www.nowamagic.net/librarys/veda/detail/1386

http://www.nowamagic.net/librarys/veda/detail/1387

http://www.nowamagic.net/librarys/veda/detail/1388

http://www.nowamagic.net/librarys/veda/detail/1389

http://www.php-internals.com/book/?p=chapt03/03-03-pre-defined-variable

http://www.nowamagic.net/librarys/veda/detail/1390

http://www.nowamagic.net/librarys/veda/detail/1402

typedef struct _zend_constant

{

    zval value;         /* zval结构，PHP内部变量的存储结构 */

    int flags;          /* 常量的标记如 CONST_PERSISTENT | CONST_CS */

    char *name;         /* 常量名称 */

    uint name_len;

    int module_number;  /* 模块号 */

} zend_constant;

/* {{{ proto bool define(string constant_name, mixed value, boolean case_insensitive=false)

   Define a new constant */

ZEND_FUNCTION(define)

{

    char *name;

    int name_len;

    zval *val;

    zval *val_free = NULL;

    zend_bool non_cs = ;

    int case_sensitive = CONST_CS;

    zend_constant c;

    //接受传入参数，即要定义的常量值

    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sz|b", &name, &name_len, &val, &non_cs) == FAILURE) {

        return;

    }

    if(non_cs) {

        case_sensitive = ;

    }

    /* class constant, check if there is name and make sure class is valid & exists */

    if (zend_memnstr(name, "::", sizeof("::") - , name + name_len)) {

        zend_error(E_WARNING, "Class constants cannot be defined or redefined");

        RETURN_FALSE;

    }

repeat:

    switch (Z_TYPE_P(val)) {

        case IS_LONG:

        case IS_DOUBLE:

        case IS_STRING:

        case IS_BOOL:

        case IS_RESOURCE:

        case IS_NULL:

            break;

        case IS_OBJECT:

            if (!val_free) {

                if (Z_OBJ_HT_P(val)->get) {

                    val_free = val = Z_OBJ_HT_P(val)->get(val TSRMLS_CC);

                    goto repeat;

                } else if (Z_OBJ_HT_P(val)->cast_object) {

                    ALLOC_INIT_ZVAL(val_free);

                    if (Z_OBJ_HT_P(val)->cast_object(val, val_free, IS_STRING TSRMLS_CC) == SUCCESS) {

                        val = val_free;

                        break;

                    }

                }

            }

            /* no break */

        default:

            zend_error(E_WARNING,"Constants may only evaluate to scalar values");

            if (val_free) {

                zval_ptr_dtor(&val_free);

            }

            RETURN_FALSE;

    }

    //将传递的参数传递给新建的zend_constant结构

    c.value = *val;

    zval_copy_ctor(&c.value);

    if (val_free) {

        zval_ptr_dtor(&val_free);

    }

    c.flags = case_sensitive; /* non persistent */

    c.name = str_strndup(name, name_len);

    if(c.name == NULL) {

        RETURN_FALSE;

    }

    c.name_len = name_len+;

    c.module_number = PHP_USER_CONSTANT;

    //将这个结构体注册到常量列表中

    if (zend_register_constant(&c TSRMLS_CC) == SUCCESS) {

        RETURN_TRUE;

    } else {

        RETURN_FALSE;

    }

}

/* }}} */

http://www.nowamagic.net/librarys/veda/detail/1368