My question is about HashTable:
The PHP VERSION debugged is PHP-7.0.12, I couldn't find out where the zval's str member is updated within the macro "ZVAL_COPY_VALUE(z, v)" when I add one new string, however it indeed updated successfully by GDB tracing the macro context, that is to say, the zval's str member within the Bucket struct indeed had got the string address.
Expand the macro then finally get the code as follow:
zval *_z1 = z;
const zval *_z2 = v;
zend_refcounted *_gc = (*_z2).value.counted
uint32_t _t = (*_z2).u1.type_info;
uint32_t _w2 = _z2->value.ww.w2;
(*_z1).value.counted = _gc;
_z1->value.ww.w2 = _w2;
(*_z1).u1.type_info = _t;
zend_value is a union type, which means that all members share the same starting address. Copying both value.counted and value.ww.w2 copies the whole zend_value structure. It does not matter which of the members is actually in use at the time.