Warn about invalid strings in arithmetic

Squashed commit of the following:

commit e05d3b67325d4521418483ed924ac9211a188919
Author: Andrea Faulds <ajf@ajf.me>
Date:   Wed Mar 30 01:43:35 2016 +0100

    UPGRADING and NEWS

commit 6caf1d4585207d1b02fb06a216cd7da1a1f5e12d
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sun Mar 20 21:18:33 2016 +0000

    Fixes

commit 6dadb1b0efe5e2ed071e95a55c806519e61377ac
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sun Feb 14 02:15:01 2016 +0000

    Add test for numeric string errors in assignment

commit bd5f04e8dd576f92a48d25546f4f9a0f57f374de
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sat Feb 13 23:53:05 2016 +0000

    Add test for numeric string errors

commit c72e92f16d512bcae30cc9639c89bcb08d971742
Author: Andrea Faulds <ajf@ajf.me>
Date:   Tue Jan 26 23:28:33 2016 +0000

    Add test for scientific notation in integer operations

commit d94c08852d405b3a7ef6c84d24bf7915c890ce78
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sun Feb 14 01:25:57 2016 +0000

    Disable optimiser evaluation for numeric string errors

commit 30ee954ed13d933e766c68605d683c8ebae3d8ee
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sun Feb 14 01:46:25 2016 +0000

    fixup

commit a6403b79e054c95e2b7345d787f3092b261eed27
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sat Feb 13 22:00:27 2016 +0000

    Do not convert error-causing numeric strings ahead-of-time

commit f9dc35401471ef3035954cb6f171826769297548
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sat Feb 13 19:15:38 2016 +0000

    Disable compile-time evaluation for numeric string errors

commit e05b0cc8496ea082c6db27efd8b8277ef1f785b5
Author: Andrea Faulds <ajf@ajf.me>
Date:   Fri Feb 5 11:42:26 2016 +0000

    Make _zval_get_long_func_noisy function for inlining

commit 84d66321a57e579759109650c8bb7e3d5002854a
Author: Andrea Faulds <ajf@ajf.me>
Date:   Tue Jan 26 23:10:00 2016 +0000

    Update tests

commit 5ac4a0cc4bff282e3a15eaa8ab44b67391881a6d
Author: Andrea Faulds <ajf@ajf.me>
Date:   Tue Jan 26 22:08:19 2016 +0000

    Use is_numeric_string_ex for zval_get_long etc.

commit c21f08848533723331012a62a153de3577731d6a
Author: Andrea Faulds <ajf@ajf.me>
Date:   Thu Jan 7 21:13:04 2016 +0000

    Update tests

commit 63e214cf8160420bfc51c6a2b4ae32f09ad8e8af
Author: Andrea Faulds <ajf@ajf.me>
Date:   Wed Jan 6 00:28:01 2016 +0000

    Warn on non-/bad numeric strings in arithmetic

1 files changed, 44 insertions, 7 deletions

diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 2e1ce9ba44..1401a6e051 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -6237,6 +6237,35 @@ static zend_bool zend_try_ct_eval_magic_const(zval *zv, zend_ast *ast) /* {{{ */
 }
 /* }}} */
 
+ZEND_API zend_bool zend_binary_op_produces_numeric_string_error(uint32_t opcode, zval *op1, zval *op2) /* {{{ */
+{
+	if (!(opcode == ZEND_ADD || opcode == ZEND_SUB || opcode == ZEND_MUL || opcode == ZEND_DIV
+		|| opcode == ZEND_POW || opcode == ZEND_MOD || opcode == ZEND_SL || opcode == ZEND_SR
+		|| opcode == ZEND_BW_OR || opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR)) {
+		return 0;
+	}
+
+	/* While basic arithmetic operators always produce numeric string errors,
+	 * bitwise operators don't produce errors if both operands are strings */
+	if ((opcode == ZEND_BW_OR || opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR)
+		&& Z_TYPE_P(op1) == IS_STRING && Z_TYPE_P(op2) == IS_STRING) {
+		return 0;
+	}
+
+	if (Z_TYPE_P(op1) == IS_STRING
+		&& !is_numeric_string(Z_STRVAL_P(op1), Z_STRLEN_P(op1), NULL, NULL, 0)) {
+		return 1;
+	}
+
+	if (Z_TYPE_P(op2) == IS_STRING
+		&& !is_numeric_string(Z_STRVAL_P(op2), Z_STRLEN_P(op2), NULL, NULL, 0)) {
+		return 1;
+	}
+
+	return 0;
+}
+/* }}} */
+
 static inline zend_bool zend_try_ct_eval_binary_op(zval *result, uint32_t opcode, zval *op1, zval *op2) /* {{{ */
 {
 	binary_op_type fn = get_binary_op(opcode);
@@ -6250,6 +6279,11 @@ static inline zend_bool zend_try_ct_eval_binary_op(zval *result, uint32_t opcode
 		return 0;
 	}
 
+	/* don't evaluate numeric string error-producing operations at compile-time */
+	if (zend_binary_op_produces_numeric_string_error(opcode, op1, op2)) {
+		return 0;
+	}
+
 	fn(result, op1, op2);
 	return 1;
 }
@@ -6262,11 +6296,11 @@ static inline void zend_ct_eval_unary_op(zval *result, uint32_t opcode, zval *op
 }
 /* }}} */
 
-static inline void zend_ct_eval_unary_pm(zval *result, zend_ast_kind kind, zval *op) /* {{{ */
+static inline zend_bool zend_try_ct_eval_unary_pm(zval *result, zend_ast_kind kind, zval *op) /* {{{ */
 {
 	zval left;
 	ZVAL_LONG(&left, (kind == ZEND_AST_UNARY_PLUS) ? 1 : -1);
-	mul_function(result, &left, op);
+	return zend_try_ct_eval_binary_op(result, ZEND_MUL, &left, op);
 }
 /* }}} */
 
@@ -6464,10 +6498,11 @@ void zend_compile_unary_pm(znode *result, zend_ast *ast) /* {{{ */
 	zend_compile_expr(&expr_node, expr_ast);
 
 	if (expr_node.op_type == IS_CONST) {
-		result->op_type = IS_CONST;
-		zend_ct_eval_unary_pm(&result->u.constant, ast->kind, &expr_node.u.constant);
-		zval_ptr_dtor(&expr_node.u.constant);
-		return;
+		if (zend_try_ct_eval_unary_pm(&result->u.constant, ast->kind, &expr_node.u.constant)) {
+			result->op_type = IS_CONST;
+			zval_ptr_dtor(&expr_node.u.constant);
+			return;
+		}
 	}
 
 	lefthand_node.op_type = IS_CONST;
@@ -7802,7 +7837,9 @@ void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
 				return;
 			}
 
-			zend_ct_eval_unary_pm(&result, ast->kind, zend_ast_get_zval(ast->child[0]));
+			if (!zend_try_ct_eval_unary_pm(&result, ast->kind, zend_ast_get_zval(ast->child[0]))) {
+				return;
+			}
 			break;
 		case ZEND_AST_CONDITIONAL:
 		{