Newer
Older
for (list<int>::iterator ChildIter = this->DomTree.at(HeadBlockNum).second.begin();
ChildIter != this->DomTree.at(HeadBlockNum).second.end();
++ChildIter) {
int ChildBlockNum = (*ChildIter);
if (this->DoesBlockDominateBlock(ChildBlockNum, TailBlockNum)) { // recurse depth-first
FoundIt = true;
break;
}
}
return FoundIt;
}
} // end of SMPFunction::DoesBlockDominateBlock()
// Is block (with block # BlockNum) inside any loop?
bool SMPFunction::IsBlockInAnyLoop(int BlockNum) {
bool FoundInsideLoop = this->FuncLoopsByBlock.at((size_t)BlockNum).IsAnyBitSet();
return FoundInsideLoop;
} // end of SMPFunction::IsBlockInAnyLoop()
// Is block (with block # BlockNum) inside loop # LoopNum?
bool SMPFunction::IsBlockInLoop(int BlockNum, size_t LoopNum) {
return ((LoopNum < this->LoopCount) && (this->FuncLoopsByBlock.at((size_t) BlockNum).GetBit(LoopNum)));
} // end of SMPFunction::IsBlockInLoop()
// build list of loop numbers that BlockNum is part of.
void SMPFunction::BuildLoopList(int BlockNum, list<size_t> &LoopList) {
size_t LoopIndex;
for (LoopIndex = 0; LoopIndex < this->LoopCount; ++LoopIndex) {
if (this->FuncLoopsByBlock.at((size_t) BlockNum).GetBit(LoopIndex)) {
LoopList.push_back(LoopIndex);
}
}
return;
} // end of SMPFunction::BuildLoopList()
// Helper for SSA subscript renumbering: return the next SSA number for the global name
// and increment the SSACounter to prepare the next number. Push the returned number onto
// the SSAStack for the global name.
int SMPFunction::SSANewNumber(size_t GlobNameIndex) {
int Subscript = this->SSACounter.at(GlobNameIndex);
++(this->SSACounter[GlobNameIndex]);
this->SSAStack[GlobNameIndex].push_back(Subscript);
return Subscript;
} // end of SMPFunction::SSANewNumber()
// Main helper for SSA subscript renumbering. Renumber within block throughout its phi
// functions, then its DEFs and USEs, then its phi successors. Recurse then on all
// successors in the dominator tree.
void SMPFunction::SSARename(int BlockNumber) {
assert(0 <= BlockNumber);
assert(BlockNumber < this->BlockCount);
SMPBasicBlock *CurrBlock = this->RPOBlocks.at((size_t) BlockNumber);
bool DumpFlag = false;
#if SMP_DEBUG_DATAFLOW_VERBOSE
DumpFlag |= (0 == strcmp("main", this->GetFuncName()));
DumpFlag |= (0 == strcmp("dohanoi", this->GetFuncName()));
DumpFlag |= (0 == strcmp("uw_frame_state_for", this->GetFuncName()));
DumpFlag |= (0 == strcmp("_IO_sputbackc", this->GetFuncName()));
clc5q
committed
if (DumpFlag) SMP_msg("Entered SSARename for block number %d\n", BlockNumber);
// For each phi function at the top of the block, rename the DEF of the phi function
// using SSANewNumber() on the global name index.
set<SMPPhiFunction, LessPhi>::iterator CurrPhi;
list<SMPPhiFunction> TempPhiList;
int GlobalNameIndex;
for (CurrPhi = CurrBlock->GetFirstPhi(); CurrPhi != CurrBlock->GetLastPhi(); ++CurrPhi) {
op_t PhiDefOp = CurrPhi->GetAnyOp();
GlobalNameIndex = CurrPhi->GetIndex();
assert(0 <= GlobalNameIndex);
int NewSSANum = this->SSANewNumber((size_t) GlobalNameIndex);
// Cannot change the C++ STL set item directly, as sets might become unordered.
SMPPhiFunction TempPhi = (*CurrPhi);
TempPhi.SetSSADef(NewSSANum);
TempPhiList.push_back(TempPhi);
if (o_reg == PhiDefOp.type) {
if (DumpFlag && PhiDefOp.is_reg(R_ax)) {
clc5q
committed
SMP_msg("New EAX Phi Def SSANum: %d Block %d\n", NewSSANum, BlockNumber);
}
// Map the final SSA number to the block number.
int DefHashValue = HashGlobalNameAndSSA(PhiDefOp, NewSSANum);
pair<int, ea_t> DefMapEntry(DefHashValue, CurrBlock->GetNumber());
pair<map<int, ea_t>::iterator, bool> MapReturnValue;
MapReturnValue = this->GlobalDefAddrBySSA.insert(DefMapEntry);
assert(MapReturnValue.second);
}
}
// Go back through the Phi function set and replace the items that need to be updated.
list<SMPPhiFunction>::iterator TempIter;
for (TempIter = TempPhiList.begin(); TempIter != TempPhiList.end(); ++TempIter) {
// Use the op_t from the first phi use, because they are all the same.
bool Erased = CurrBlock->ErasePhi(TempIter->GetPhiRef(0).GetOp());
assert(Erased);
// Now we can add back the phi function that had the DEF SSA number changed.
bool Added = CurrBlock->AddPhi(*TempIter);
assert(Added);
}
TempPhiList.clear();
clc5q
committed
if (DumpFlag) SMP_msg("Processed phi functions at top.\n");
// For each instruction in the block, rename all global USEs and then all global DEFs.
list<SMPInstr *>::iterator InstIter;
SMPInstr *CurrInst;
for (InstIter = CurrBlock->GetFirstInstr(); InstIter != CurrBlock->GetLastInstr(); ++InstIter) {
set<DefOrUse, LessDefUse>::iterator CurrUse = CurrInst->GetFirstUse();
ea_t InstAddr = CurrInst->GetAddr(); // for debugging break points
while (CurrUse != CurrInst->GetLastUse()) {
// See if Use is a global name.
op_t UseOp = CurrUse->GetOp();
set<op_t, LessOp>::iterator GlobIter = this->GlobalNames.find(UseOp);
if (GlobIter != this->GlobalNames.end()) { // found it
unsigned int GlobIndex = ExtractGlobalIndex(*GlobIter);
if (GlobIndex > this->SSAStack.size()) {
// Get some debug info out to the log file before we crash.
clc5q
committed
SMP_msg("Bad GlobIndex: %d at %x in %s\n", GlobIndex, InstAddr, this->GetFuncName());
exit(EXIT_FAILURE);
}
// Set the SSA number for this use to the top of stack SSA # (back())
int NewSSANum;
if (this->SSAStack.at(GlobIndex).empty()) {
// No top of stack entry to read.
#if SMP_DEBUG_UNINITIALIZED_SSA_NAMES
if (!CurrInst->MDIsPopInstr() && (o_reg == UseOp.type)) {
// POP uses the stack offset and generates spurious
// uninitialized variable messages for [esp+0].
clc5q
committed
SMP_msg("WARNING: function %s : Use of uninitialized variable: ",
this->GetFuncName());
clc5q
committed
SMP_msg(" Variable: ");
PrintListOperand(*GlobIter);
clc5q
committed
SMP_msg(" Block number: %d Address: %x Instruction: %s\n", BlockNumber,
CurrInst->GetAddr(), CurrInst->GetDisasm());
}
#endif
NewSSANum = SMP_SSA_UNINIT;
}
else {
NewSSANum = this->SSAStack.at(GlobIndex).back();
}
CurrUse = CurrInst->SetUseSSA(UseOp, NewSSANum);
if (DumpFlag && (o_reg == UseOp.type) && UseOp.is_reg(R_ax)) {
clc5q
committed
SMP_msg("New EAX Use SSANum: %d at %x\n", NewSSANum, CurrInst->GetAddr());
} // end for all USEs
set<DefOrUse, LessDefUse>::iterator CurrDef = CurrInst->GetFirstDef();
while (CurrDef != CurrInst->GetLastDef()) {
// See if Def is a global name.
op_t DefOp = CurrDef->GetOp();
set<op_t, LessOp>::iterator GlobIter = this->GlobalNames.find(DefOp);
if (GlobIter != this->GlobalNames.end()) { // found it
unsigned int GlobIndex = ExtractGlobalIndex(*GlobIter);
// Set the SSA number for this DEF to the SSANewNumber top of stack
int NewSSANum = this->SSANewNumber(GlobIndex);
CurrDef = CurrInst->SetDefSSA(DefOp, NewSSANum);
if (o_reg == DefOp.type) {
clc5q
committed
ea_t DefAddr = InstAddr;
if (DumpFlag && DefOp.is_reg(R_ax)) {
clc5q
committed
SMP_msg("New EAX Def SSANum: %d at %x\n", NewSSANum, DefAddr);
}
// Map the final SSA number to the DEF address.
int DefHashValue = HashGlobalNameAndSSA(DefOp, NewSSANum);
pair<int, ea_t> DefMapEntry(DefHashValue, DefAddr);
pair<map<int, ea_t>::iterator, bool> MapReturnValue;
MapReturnValue = this->GlobalDefAddrBySSA.insert(DefMapEntry);
assert(MapReturnValue.second);
}
} // end for all DEFs
} // end for all instructions
clc5q
committed
if (DumpFlag) SMP_msg("Processed all instructions.\n");
// For all control flow graph (not dominator tree) successors, fill in the current
// (outgoing) SSA number in the corresponding USE slot in the phi function, for all
// global names appearing in phi functions.
list<SMPBasicBlock *>::iterator SuccIter;
for (SuccIter = CurrBlock->GetFirstSucc(); SuccIter != CurrBlock->GetLastSucc(); ++SuccIter) {
// What position in the Preds list of this successor is CurrBlock?
int ListPos = (*SuccIter)->GetPredPosition(BlockNumber);
assert(0 <= ListPos);
// Go through all phi functions in this successor. At ListPos position in the
// incoming arguments for that phi function, set the SSA number to the SSA number
// in the top of stack entry for the global name associated with that phi function.
set<SMPPhiFunction, LessPhi>::iterator CurrPhi;
for (CurrPhi = (*SuccIter)->GetFirstPhi(); CurrPhi != (*SuccIter)->GetLastPhi(); ++CurrPhi) {
int GlobIndex = CurrPhi->GetIndex();
int CurrSSA;
if (this->SSAStack.at(GlobIndex).empty()) {
// No top of stack entry to read.
#if SMP_DEBUG_UNINITIALIZED_SSA_NAMES
clc5q
committed
SMP_msg("WARNING: function %s : Path to use of uninitialized variable: ",
this->GetFuncName());
clc5q
committed
SMP_msg(" Variable: ");
PrintListOperand(CurrPhi->GetAnyOp());
clc5q
committed
SMP_msg(" Block number: %d Successor block number: %d\n", BlockNumber,
(*SuccIter)->GetNumber());
#endif
CurrSSA = SMP_SSA_UNINIT;
}
else {
CurrSSA = this->SSAStack.at(GlobIndex).back(); // fetch from top of stack
}
SMPPhiFunction TempPhi = (*CurrPhi);
TempPhi.SetSSARef(ListPos, CurrSSA);
TempPhiList.push_back(TempPhi);
if (DumpFlag && (BlockNumber >= 3) && (BlockNumber <= 4)) {
clc5q
committed
SMP_msg("BlockNumber: %d ListPos: %d\n", BlockNumber, ListPos);
}
} // end for all phi functions in successor
// Go back through the Phi function set and replace the items that need to be updated.
for (TempIter = TempPhiList.begin(); TempIter != TempPhiList.end(); ++TempIter) {
if (DumpFlag && (BlockNumber >= 3) && (BlockNumber <= 4)) {
clc5q
committed
SMP_msg("Special before phi dump:\n");
set<SMPPhiFunction, LessPhi>::iterator FoundPhi;
FoundPhi = (*SuccIter)->FindPhi(TempIter->GetAnyOp());
FoundPhi->Dump();
}
// Use the op_t from the first phi use, because they are all the same.
bool Erased = (*SuccIter)->ErasePhi(TempIter->GetPhiRef(0).GetOp());
assert(Erased);
// Now we can add back the phi function that had one SSA number changed.
bool Added = (*SuccIter)->AddPhi(*TempIter);
assert(Added);
if (DumpFlag && (BlockNumber >= 3) && (BlockNumber <= 4)) {
clc5q
committed
SMP_msg("Special after phi dump:\n");
set<SMPPhiFunction, LessPhi>::iterator FoundPhi;
FoundPhi = (*SuccIter)->FindPhi(TempIter->GetAnyOp());
FoundPhi->Dump();
}
}
TempPhiList.clear();
} // end for all successors of CurrBlock
clc5q
committed
if (DumpFlag) SMP_msg("Processed successor phi functions.\n");
// For each successor in the dominator tree, recurse.
list<int>::iterator ChildIter;
for (ChildIter = this->DomTree[BlockNumber].second.begin();
ChildIter != this->DomTree[BlockNumber].second.end();
++ChildIter) {
this->SSARename(*ChildIter);
}
clc5q
committed
if (DumpFlag) SMP_msg("Finished recursion.\n");
// Pop off all SSAStack entries pushed during this block. I.e. for each global name,
// pop its SSAStack once per DEF and once per phi function in this block.
for (CurrPhi = CurrBlock->GetFirstPhi(); CurrPhi != CurrBlock->GetLastPhi(); ++CurrPhi) {
GlobalNameIndex = CurrPhi->GetIndex();
this->SSAStack.at((size_t) GlobalNameIndex).pop_back();
}
clc5q
committed
if (DumpFlag) SMP_msg("Popped off entries due to phi functions.\n");
for (InstIter = CurrBlock->GetFirstInstr(); InstIter != CurrBlock->GetLastInstr(); ++InstIter) {
set<DefOrUse, LessDefUse>::iterator CurrDef;
for (CurrDef = CurrInst->GetFirstDef(); CurrDef != CurrInst->GetLastDef(); ++CurrDef) {
// See if DEF is a global name.
set<op_t, LessOp>::iterator GlobIter = this->GlobalNames.find(CurrDef->GetOp());
if (GlobIter != this->GlobalNames.end()) { // found it
unsigned int GlobIndex = ExtractGlobalIndex(*GlobIter);
this->SSAStack.at((size_t) GlobIndex).pop_back();
}
} // end for all DEFs
} // end for all instructions
if (DumpFlag) {
clc5q
committed
SMP_msg("Popped off entries due to instructions.\n");
return;
} // end of SMPFunction::SSARename()
// Main driver of SSA subscript renumbering.
void SMPFunction::SSARenumber(void) {
bool DumpFlag = false;
DumpFlag |= (0 == strcmp("_IO_sputbackc", this->GetFuncName()));
#endif
if (0 >= this->GlobalNames.size())
return; // no names to renumber
// Initialize stacks and counters of SSA numbers.
size_t GlobIndex;
assert(0 == this->SSACounter.size());
for (GlobIndex = 0; GlobIndex < this->GlobalNames.size(); ++GlobIndex) {
list<int> DummyList;
this->SSACounter.push_back(0);
this->SSAStack.push_back(DummyList);
}
// Recurse through the dominator tree starting with node 0.
this->SSARename(0);
if (DumpFlag)
this->Dump();
} // end of SMPFunction::SSARenumber()
// Emit debugging output for analyzing time spent in InferTypes() ?
#define SMP_ANALYZE_INFER_TYPES_TIME 0
// Main driver for the type inference system.
void SMPFunction::InferTypes(bool FirstIter) {
// The type inference system is an iteration over four analysis steps, until
// a fixed point is reached:
// 1) Within an instruction, set types of operators based on the operator type,
// the operand types, and the instruction type category, and propagate the
// type of the SMP_ASSIGN operator to its DEF.
// 2) Propagate the type of a DEF along its SSA chain to all USEs of that SSA name.
// 3) If all USEs of an SSA name have the same type, but the DEF has no type,
// 4) If all references to a memory location have the same type, mark that memory
// location as having that type, if no aliasing occurs.
//
// The type inference system will mark DEFs and USEs in each instruction's DEF and USE
clc5q
committed
// sets with an inferred type. This inference on USEs is not conclusive for other USEs
// outside of that instruction. For example, a pointer could be read in from memory
// and used as a pointer, then hashed using an arithmetic operation. If the arithmetic
// operation always treats its source operands as NUMERIC and produces a NUMERIC
// result, e.g. SMP_BITWISE_XOR, then the USE of that pointer is NUMERIC within
// this xor instruction. If the DEF at the beginning of the SSA chain for the pointer
// is eventually marked as POINTER, then all USEs in the chain will be marked POINTER
// as well (see step 2 above). This inconsistency along the USE chain is perfectly
// acceptable in our type system. It is important to mark the USEs according to how
// we observe them being used, because consistent USEs will propagate back up to
// the DEF in step 3 above.
bool changed;
#if SMP_ANALYZE_INFER_TYPES_TIME
bool DebugFlag2 = false;
DebugFlag2 |= (0 == strcmp("Option", this->GetFuncName()));
long NewChangeCount;
long IterationCount = 0;
#endif
#if SMP_DEBUG_TYPE_INFERENCE
clc5q
committed
bool DebugFlag = false;
DebugFlag |= (0 == strcmp("__libc_csu_init", this->GetFuncName()));
list<SMPInstr *>::iterator InstIter;
SMPInstr *CurrInst;
set<DefOrUse, LessDefUse>::iterator CurrDef;
set<DefOrUse, LessDefUse>::iterator NextDef;
list<SMPBasicBlock *>::iterator BlockIter;
SMPBasicBlock *CurrBlock;
clc5q
committed
#if SMP_DEBUG_TYPE_INFERENCE
if (DebugFlag) {
this->Dump();
}
clc5q
committed
#endif
// One time only: Set the types of immediate values, flags register, stack and frame
// pointers, and floating point registers.
if (FirstIter) {
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
CurrInst = (*InstIter);
clc5q
committed
#if SMP_DEBUG_TYPE_INFERENCE
if (DebugFlag) {
clc5q
committed
SMP_msg("SetImmedTypes for inst at %x: %s\n", CurrInst->GetAddr(), CurrInst->GetDisasm());
clc5q
committed
#endif
CurrInst->SetImmedTypes(this->UseFP);
// Infer signedness, bit width, and other info from the nature of the instruction
// (e.g. loads from stack locations whose signedness has been inferred earlier
// in FindOutGoingArgSize(), or inherently signed arithmetic opcodes like signed
// or unsigned multiplies and divides).
CurrInst->MDSetWidthSignInfo(this->UseFP);
}
// Check for signedness inferences from conditional branches at the end of blocks.
for (BlockIter = this->Blocks.begin(); BlockIter != this->Blocks.end(); ++BlockIter) {
CurrBlock = (*BlockIter);
CurrBlock->MarkBranchSignedness();
clc5q
committed
// Find counter variables (e.g. init to zero or small constant, then just add or subtract small
// constant values. These cannot be POINTER and can be marked as NUMERIC.
this->FindCounterVariables();
// Iterate until no more changes: set types in DEF and USE lists based on RTL
// operators and the instruction category, SSA DEF-USE chains, etc.
#if SMP_ANALYZE_INFER_TYPES_TIME
if (DebugFlag2)
++IterationCount;
#endif
clc5q
committed
#if 0
do {
clc5q
committed
#endif
changed = false;
#if SMP_ANALYZE_INFER_TYPES_TIME
if (DebugFlag2)
NewChangeCount = 0;
#endif
// Step one: Infer types within instructions, context free.
// Step two, propagating DEF types to all USEs, happens within step one
// whenever a DEF type is set for the first time.
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
CurrInst = (*InstIter);
clc5q
committed
#if SMP_DEBUG_TYPE_INFERENCE
clc5q
committed
if (DebugFlag) SMP_msg("Inferring types for %s\n", CurrInst->GetDisasm());
clc5q
committed
#endif
NewChange = CurrInst->InferTypes();
changed = (changed || NewChange);
#if SMP_ANALYZE_INFER_TYPES_TIME
clc5q
committed
if (DebugFlag2 && NewChange) {
ea_t InstAddr = CurrInst->GetAddr();
clc5q
committed
}
#endif
}
#if SMP_ANALYZE_INFER_TYPES_TIME
if (DebugFlag2) {
clc5q
committed
SMP_msg(" InferTypes iteration: %ld NewChangeCount: %ld \n", IterationCount, NewChangeCount);
}
clc5q
committed
#if 0
} while (changed);
clc5q
committed
#endif
#if SMP_DEBUG_TYPE_INFERENCE
clc5q
committed
if (DebugFlag) SMP_msg("Finished type inference steps 1 and 2.\n");
clc5q
committed
#endif
// Step three: If all USEs of an SSA name have the same type, but the DEF has no
// type, then infer that the DEF must have the same type.
this->TypedDefs = 0;
this->UntypedDefs = 0;
clc5q
committed
this->TypedPhiDefs = 0;
this->UntypedPhiDefs = 0;
clc5q
committed
// This step of the type inference might converge faster if we used a reverse iterator
// to go through the instructions, because we could infer a DEF, propagate it to
// the right hand side by making SMPInstr::InferOperatorType() public and calling it
// on the SMP_ASSIGN operator after we set the type of the left hand side (DEF). Any
// additional DEF inferences would be triggered mostly in the upwards direction by
// setting the type of one or more USEs in the current instruction. How much time gain
// could be achieved by doing this sequence is questionable. !!!!****!!!!****
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
CurrInst = (*InstIter);
// Find any DEF that still has type UNINIT.
CurrDef = CurrInst->GetFirstDef();
while (CurrDef != CurrInst->GetLastDef()) {
// Set erase() and insert() are needed to change types of DEFs, so
// get hold of the next iterator value now.
NextDef = CurrDef;
++NextDef;
NewChange = false;
if (UNINIT != CurrDef->GetType()) {
++(this->TypedDefs);
}
else {
bool MemDef = (DefOp.type != o_reg);
bool AliasedMemWrite = (MemDef && CurrDef->HasIndirectWrite());
++(this->UntypedDefs);
if (MDIsIndirectMemoryOpnd(DefOp, this->UseFP) // relax this?
#if 0
#endif
|| AliasedMemWrite) {
// Don't want to infer along DEF-USE chains for indirect
// memory accesses until we have alias analysis.
++CurrDef;
continue;
}
ea_t DefAddr = CurrInst->GetAddr();
// Call inference method based on whether it is a block-local
// name or a global name.
CurrBlock = CurrInst->GetBlock();
if (CurrBlock->IsLocalName(DefOp)) {
NameIter = CurrBlock->FindLocalName(DefOp);
assert(CurrBlock->GetLastLocalName() != NameIter);
unsigned int LocIndex = ExtractGlobalIndex(*NameIter);
NewChange = CurrBlock->InferLocalDefType(DefOp, LocIndex, DefAddr);
if (NewChange) {
--(this->UntypedDefs);
++(this->TypedDefs);
}
changed = (changed || NewChange);
}
else {
// global name
bool CallInst = ((CALL == CurrInst->GetDataFlowType())
|| (INDIR_CALL == CurrInst->GetDataFlowType()));
int DefSSANum = CurrDef->GetSSANum();
SMPOperandType DefType = UNINIT;
DefType = this->InferGlobalDefType(DefOp,
DefSSANum, CurrBlock, CallInst, DefAddr);
if (IsNotEqType(UNINIT, DefType)) {
CurrDef = CurrInst->SetDefType(DefOp, DefType);
--(this->UntypedDefs);
++(this->TypedDefs);
// If we have one or more USEs of type POINTER and the
// other USEs are UNINIT, then InferGlobalDefType() will
// infer that it is a POINTER. We want to propagate POINTER
// to all the USEs now.
if (IsDataPtr(DefType)) {
clc5q
committed
this->ResetProcessedBlocks();
CurrInst->GetBlock()->PropagateGlobalDefType(DefOp, DefType, DefSSANum, IsMemOperand(DefOp));
}
} // end if local name ... else ...
} // end if (UNINIT != CurrDef->GetType()) .. else ...
CurrDef = NextDef;
} // end while all DEFs in the DEF set
} // end for all instructions
clc5q
committed
#if SMP_DEBUG_TYPE_INFERENCE
clc5q
committed
if (DebugFlag) SMP_msg("Finished type inference step 3.\n");
clc5q
committed
for (BlockIter = this->Blocks.begin(); BlockIter != this->Blocks.end(); ++BlockIter) {
CurrBlock = (*BlockIter);
clc5q
committed
changed |= CurrBlock->InferAllPhiDefTypes();
clc5q
committed
#if SMP_DEBUG_TYPE_INFERENCE
clc5q
committed
if (DebugFlag) SMP_msg("Finished unconditional phi type inference.\n");
clc5q
committed
#endif
#if SMP_CONDITIONAL_TYPE_PROPAGATION
if (!changed) { // Try conditional type propagation
changed |= this->ConditionalTypePropagation();
clc5q
committed
#if SMP_DEBUG_TYPE_INFERENCE
if (DebugFlag) {
clc5q
committed
SMP_msg("changed = %d after conditional type propagation.\n", changed);
clc5q
committed
}
#endif
}
#endif
// With type inference finished, infer signedness from the types, e.g.
// POINTER and CODEPOINTER types must be UNSIGNED.
if (FirstIter) { // Don't want profiler-dependent signedness in the system yet.
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
(*InstIter)->InferSignednessFromSMPTypes(this->UsesFramePointer());
}
}
// Record the meet of all register types that reach RETURN instructions.
this->MDFindReturnTypes();
return;
} // end of SMPFunction::InferTypes()
// determine signedness and width info for all operands
void SMPFunction::InferFGInfo(void) {
bool changed, NewChange;
unsigned short IterCount = 0;
list<SMPInstr *>::iterator InstIter;
list<SMPBasicBlock *>::iterator BlockIter;
SMPBasicBlock *CurrBlock;
do {
changed = false;
++IterCount;
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
SMPInstr *CurrInst = (*InstIter);
NewChange = CurrInst->InferFGInfo(IterCount);
changed = (changed || NewChange);
}
if (changed) {
for (BlockIter = this->Blocks.begin(); BlockIter != this->Blocks.end(); ++BlockIter) {
CurrBlock = (*BlockIter);
CurrBlock->PropagatePhiFGInfo();
}
}
#if STARS_AGGRESSIVE_SIGNEDNESS_PROPAGATION
if (!changed) {
changed = this->PropagateSignedness();
}
#endif
} while (changed);
return;
} // end of SMPFunction::InferFGInfo()
// Apply the profiler information to this function once we've inferred everything we can about it.
void SMPFunction::ApplyProfilerInformation(ProfilerInformation* pi)
{
assert(pi);
// If no profiler annotations are available, save time.
if (0 == pi->GetProfilerAnnotationCount())
return;
SetIsSpeculative(true);
list<SMPInstr *>::iterator InstIter;
set<DefOrUse, LessDefUse>::iterator CurrDef, NextDef;
bool DebugFlag = false;
DebugFlag |= (0 == strcmp("dohanoi", this->GetFuncName()));
#endif
// for each instruction in this function
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
SMPInstr *CurrInst = (*InstIter);
// lookup whether a load at this instruction was profiled as always numeric
InstructionInformation* ii = pi->GetInfo(CurrInst->GetAddr());
clc5q
committed
SMP_msg("Found instruction information for %x\n", CurrInst->GetAddr());
if (ii && ii->isNumeric()) {
#if SMP_DEBUG_PROFILED_TYPE_INFERENCE
clc5q
committed
SMP_msg("Found instruction information for %x and it's numeric!\n", CurrInst->GetAddr());
CurrInst->UpdateMemLoadTypes((SMPOperandType)(NUMERIC|PROF_BASE));
}
// lookup whether this instruction has been profiled as an indirect call
set<ea_t> indirect_call_targets = pi->GetIndirectCallTargets(CurrInst->GetAddr());
for (set<ea_t>::iterator ict_iter = indirect_call_targets.begin();
ict_iter != indirect_call_targets.end();
++ict_iter)
ea_t target = *ict_iter;
if (vector_exists(target, IndirectCallTargets))
IndirectCallTargets.push_back(target);
if (vector_exists(target, AllCallTargets))
AllCallTargets.push_back(target);
}
return;
} // end of SMPFunction::ApplyProfilerInformation
clc5q
committed
// For the UNINIT type DEF DefOp, see if all its USEs have a single type.
// If so, set the DEF to that type and return type,
clc5q
committed
// If DefAddr == BADADDR, then the DEF is in a Phi function, not an instruction.
SMPOperandType SMPFunction::InferGlobalDefType(op_t DefOp, int SSANum, SMPBasicBlock *DefBlock, bool CallInst, ea_t DefAddr) {
bool DebugFlag = false;
bool FoundNumeric = false;
bool FoundPointer = false;
bool FoundUnknown = false;
bool FoundUninit = false;
clc5q
committed
bool FoundDEF;
bool DefEscapes = true;
#if SMP_DEBUG_TYPE_INFERENCE
DebugFlag |= (0 == strcmp("mem_init", this->GetFuncName()));
clc5q
committed
SMP_msg("InferGlobalDefType for SSANum %d of ", SSANum);
clc5q
committed
SMP_msg("\n");
list<SMPInstr *>::iterator InstIter;
clc5q
committed
set<DefOrUse, LessDefUse>::iterator CurrUse, CurrDef;
// Go through all instructions in the block and find the instructions
// that have USEs of DefOp with SSANum. If all USEs in the chain have
// a single type (other than UNINIT), change the DEF type to match the
// USE type and set changed to true.
SMPOperandType UseType = UNINIT;
SMPOperandType PtrType = UNINIT;
clc5q
committed
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
if (BADADDR == DefAddr) { // DEF is in a Phi function
FoundDEF = true;
}
else { // DEF is in an instruction
FoundDEF = false; // need to see the DefAddr first
}
for (InstIter = DefBlock->GetFirstInstr(); InstIter != DefBlock->GetLastInstr(); ++InstIter) {
SMPInstr *CurrInst = (*InstIter);
if ((!FoundDEF) && (DefAddr == CurrInst->GetAddr())) {
FoundDEF = true;
}
else if (FoundDEF) {
CurrDef = CurrInst->FindDef(DefOp);
if (CurrDef != CurrInst->GetLastDef()) {
// Found re-DEF of DefOp.
DefEscapes = false;
}
}
CurrUse = CurrInst->FindUse(DefOp);
if (CurrUse != CurrInst->GetLastUse()) { // found a USE of DefOp
if (CurrUse->GetSSANum() == SSANum) { // matched SSA number
UseType = CurrUse->GetType();
FoundNumeric |= (IsNumeric(UseType));
FoundUnknown |= (IsUnknown(UseType));
FoundUninit |= (IsEqType(UNINIT, UseType));
if (IsDataPtr(UseType)) {
if (FoundPointer) {
if (IsNotEqType(PtrType, UseType)) {
clc5q
committed
SMP_msg("WARNING: Differing ptr types in global chain:");
SMP_msg(" Prev: %d Current: %d %s\n", PtrType, UseType,
clc5q
committed
CurrInst->GetDisasm());
clc5q
committed
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
else {
FoundPointer = true;
PtrType = UseType;
}
}
} // end if matched SSA #
} // end if found a USE of DefOp
} // end for all instructions
if (DefEscapes) { // did not find re-def
DefEscapes = DefBlock->IsLiveOut(DefOp);
}
if (DefEscapes) { // Need to recurse into successor blocks
list<SMPBasicBlock *>::iterator SuccIter;
ea_t TempAddr;
this->ResetProcessedBlocks(); // set up recursion
for (SuccIter = DefBlock->GetFirstSucc(); SuccIter != DefBlock->GetLastSucc(); ++SuccIter) {
SMPBasicBlock *CurrBlock = (*SuccIter);
set<SMPPhiFunction, LessPhi>::iterator PhiIter = CurrBlock->FindPhi(DefOp);
TempAddr = DefAddr;
if (PhiIter != CurrBlock->GetLastPhi()) {
TempAddr = BADADDR; // signals that DefOp will get re-DEFed in a Phi function.
}
else if (BADADDR == TempAddr) { // was BADADDR coming in to this function
// We don't want to pass BADADDR down the recursion chain, because it will be interpreted
// by each successor block to mean that DefOp was a Phi USE that got re-DEFed in a Phi function
// within itself. Pass the dummy address that indicates LiveIn to the block.
TempAddr = CurrBlock->GetFirstAddr() - 1;
clc5q
committed
// Should we screen the recursive call below using CurrBlock->IsLiveIn(DefOp) for speed? !!!!****!!!!
CurrBlock->InferGlobalDefType(DefOp, SSANum, TempAddr, FoundNumeric, FoundPointer, FoundUnknown, FoundUninit, PtrType);
clc5q
committed
// Do we have a consistent type?
// If we see any definite POINTER uses, we must set the DEF
// to type POINTER or a refinement of it.
if (FoundPointer)
UseType = PtrType;
else if (FoundNumeric && !FoundUninit && !FoundUnknown)
UseType = NUMERIC;
else
return UNINIT; // no POINTER, but no consistent type
assert(UNINIT != UseType);
clc5q
committed
if (DebugFlag) SMP_msg("Inferring global DEF of type %d\n", UseType);
clc5q
committed
clc5q
committed
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
// Mark NUMERIC (and propagate) any DEF that starts at small immed. value and gets only small inc/dec operations.
void SMPFunction::FindCounterVariables(void) {
// We define a counter variable as one that starts out as a small immediate value and then is only updated
// via small additions and subtractions. This cannot produce a POINTER, so it must be NUMERIC. This routine
// helps get the NUMERIC inference past the phi function barrier, e.g.:
//
// mov eax,0 ; might be NULL POINTER or might be NUMERIC
// eax2 := phi(eax1, eax0) ; still don't know type
// label1: ; top of loop
// :
// add eax,4 ; increment induction variable; eax1 := eax0 + 4
// cmp eax,looplimit
// jl label1
//
// Viewed in isolation, adding 4 to EAX could be a pointer operation or a numeric operation, and
// the same is true for initializing to zero. Viewed together, these statements obviously cannot be
// producing a POINTER value, as 0,4,8, etc. are not a sequence of POINTER values.
list<SMPInstr *>::iterator InstIter;
for (InstIter = this->Instrs.begin(); InstIter != this->Instrs.end(); ++InstIter) {
SMPInstr *CurrInst = (*InstIter);
bool ValueFound;
uval_t ConstValue;
if (CurrInst->MDIsSimpleAssignment(ValueFound, ConstValue)) {
if (ValueFound && (0 == ConstValue)) {
// Start small: Find init to zero, then track it. Init to small values after we test.
set<DefOrUse, LessDefUse>::iterator DefIter = CurrInst->GetFirstNonFlagsDef();
if (DefIter == CurrInst->GetLastDef()) {
// Must have been a simple assignment to a flag, e.g. clc (clear the carry flag).
continue;
}
op_t DefOp = DefIter->GetOp();
if (o_reg == DefOp.type) {
list<pair<int, ea_t> > CounterSSANums; // SSA numbers that are definitely counters for DefOp
int DefSSANum = DefIter->GetSSANum();
ea_t DefAddr = CurrInst->GetAddr();
pair<int, ea_t> ListItem(DefSSANum, DefAddr);
CounterSSANums.push_back(ListItem);
SMPBasicBlock *CurrBlock = CurrInst->GetBlock();
int BlockNum = CurrBlock->GetNumber();
bool LocalName = CurrBlock->IsLocalName(DefOp);
if (this->CounterVarHelper(DefOp, DefSSANum, BlockNum, LocalName, CounterSSANums)) {
while (!CounterSSANums.empty()) {
int CurrSSANum = CounterSSANums.front().first;
ea_t CurrDefAddr = CounterSSANums.front().second;
bool Propagated;
if (LocalName) {
Propagated = CurrBlock->PropagateLocalDefType(DefOp, NUMERIC, CurrDefAddr, CurrSSANum, false);
}
else {
this->ResetProcessedBlocks();
Propagated = CurrBlock->PropagateGlobalDefType(DefOp, NUMERIC, CurrSSANum, false);
}
CounterSSANums.pop_front();
}
}
} // end if o_reg type
} // end if const value of 0
} // end if simple assignment
} // end for all instructions
return;
} // end of SMPFunction::FindCounterVariables()
// recursive helper for FindCounterVariables()
// Return true if we added to the DefSSANums list.
bool SMPFunction::CounterVarHelper(op_t DefOp, int DefSSANum, int BlockNum, bool LocalName, list<pair<int, ea_t> > CounterSSANums) {
bool ListExpanded = false;
size_t IncomingListSize = CounterSSANums.size();
set<int> NonEscapingRegisterHashes;
clc5q
committed
// First, examine the Phi list to find uses of DefOp/DefSSANum.
// Next, examine instructions to find uses of DefOp/DefSSANum. They must be counter operations if DefOp is re-defed.
// As a first cut, we will just find the following pattern:
// 1. Counter-style DEF reaches the end of the current block.
// 2. Successor block is a single-block loop with counter DEF appearing as a USE in a phi function.
// 3. Within the single-block loop, Phi DEF is used in a counter-style operation, with new DEF becoming a Phi USE at top of block.
// We will expand this to loops that are not in a single block later.
SMPBasicBlock *CurrBlock = this->GetBlockByNum((size_t) BlockNum);
assert(NULL != CurrBlock);
ea_t DefAddr = CounterSSANums.front().second;
if (CurrBlock->DoesDefReachBlockEnd(DefAddr, DefOp, DefSSANum, NonEscapingRegisterHashes)) {
NonEscapingRegisterHashes.clear(); // Not memoizing for this use of DoesDefReachBlockEnd()
clc5q
committed
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
bool LoopSuccFound = false;
list<SMPBasicBlock *>::iterator SuccIter;
SMPBasicBlock *SuccBlock;
int PhiDefSSANum;
set<SMPPhiFunction, LessPhi>::iterator PhiIter;
for (SuccIter = CurrBlock->GetFirstSucc(); SuccIter != CurrBlock->GetLastSucc(); ++SuccIter) {
SuccBlock = (*SuccIter);
if (SuccBlock->IsSelfLoop()) {
PhiIter = SuccBlock->FindPhi(DefOp);
if (PhiIter != SuccBlock->GetLastPhi()) { // Found a Phi function that could match
size_t PhiSize = PhiIter->GetPhiListSize();
for (size_t index = 0; index < PhiSize; ++index) {
int PhiUseSSANum = PhiIter->GetUseSSANum(index);
if (PhiUseSSANum == DefSSANum) {
// Our DEF is a USE in the phi function at the top of SuccBlock. Success.
PhiDefSSANum = PhiIter->GetDefSSANum();
LoopSuccFound = true;
break;
}
}
}
if (LoopSuccFound) {
break;
}
}
}
if (LoopSuccFound) {
// SuccBlock points to a one-block loop with PhiIter pointing to a phi function that has
// DefOp/DefSSANum as a phi use, and DefOp/PhiDefSSANum as its phi def. Are the uses of
// DefOp/PhiDefSSANum within SuccBlock merely counter redefinitions?
list<SMPInstr *>::iterator InstIter;
for (InstIter = SuccBlock->GetFirstInstr(); InstIter != SuccBlock->GetLastInstr(); ++InstIter) {
set<DefOrUse, LessDefUse>::iterator DefIter, UseIter;
SMPInstr *CurrInst = (*InstIter);
DefIter = CurrInst->FindDef(DefOp);
if (DefIter != CurrInst->GetLastDef()) {
// Found a redefinition of DefOp. Is it just a counter operation that redefines DefOp?
if (CurrInst->IsCounterOperation()) {
// We will add the new DEF SSA # to the list of counter SSAs.
pair<int, ea_t> CounterPair(DefIter->GetSSANum(), CurrInst->GetAddr());
CounterSSANums.push_back(CounterPair);
// We don't need to push the PhiDefSSANum discovered earlier, because if
// it follows the simple pattern of only using two counter DEFs as its USEs,
// one from before the loop and one from within the loop, then both of its USEs
// will get set to NUMERIC and propagation will occur naturally. If it does not
// fit this simple pattern, we don't want to force it to be NUMERIC yet.
}
else {
// Problem: we redefined DefOp with a non-counter operation. We want to terminate
// the chain of detection of counter variables.
break;
}
}
else {
UseIter = CurrInst->FindUse(DefOp);
if (UseIter != CurrInst->GetLastUse()) {
// Found USE of DefOp. See if it is a POINTER use, which would
// invalidate the hypothesis that DefOp is a counter.
SMPOperandType UseType = UseIter->GetType();
if (IsDataPtr(UseType) || IsEqType(UseType, CODEPTR)) {
// Any apparent counter operations so far have really been pointer arithmetic.
// We need to restore the list to its incoming state.
while (IncomingListSize < CounterSSANums.size()) {
CounterSSANums.pop_back();
}
break; // terminate search
}
}
}
} // end for all insts in SuccBlock
} // end if LoopSuccFound
} // end if original pre-loop DEF reaches the end of its block
ListExpanded = (CounterSSANums.size() > IncomingListSize);
return ListExpanded;
} // end of SMPFunction::CounterVarHelper()
#define SMP_SIMPLE_CONDITIONAL_TYPE_PROPAGATION 1
#if SMP_SIMPLE_CONDITIONAL_TYPE_PROPAGATION
// The simple form of conditional type propagation observes that we
// simply need to apply the meet operator over Phi function USEs and
// then propagate any DEF type changes using PropagateGlobalDefType().
// The outermost iteration over all type inference methods in InferTypes()
// will take care of all the propagation that is handled by the work list
// processing in the textbook algorithm.
// Iteration convergence might be slower in the simple approach, but the code
// is much simpler to debug.
bool SMPFunction::ConditionalTypePropagation(void) {
bool changed = false;
SMPBasicBlock *CurrBlock;
vector<SMPBasicBlock *>::iterator CurrRPO;
set<SMPPhiFunction, LessPhi>::iterator CurrPhi;
for (CurrRPO = this->RPOBlocks.begin(); CurrRPO != this->RPOBlocks.end(); ++CurrRPO) {
CurrBlock = *CurrRPO;
SMPOperandType MeetType;
for (CurrPhi = CurrBlock->GetFirstPhi(); CurrPhi != CurrBlock->GetLastPhi(); ++CurrPhi) {
MeetType = CurrPhi->ConditionalMeetType();
// Here we use a straight equality test, not our macros,
// because we consider it a change if the MeetType is
// profiler derived and the DEFType is not.
if (MeetType == CurrPhi->GetDefType())
continue;
// Change the DEF type to the MeetType and propagate.
op_t DefOp = CurrPhi->GetAnyOp();
bool IsMemOp = (o_reg != DefOp.type);
CurrPhi = CurrBlock->SetPhiDefType(DefOp, MeetType);
changed = true;
this->ResetProcessedBlocks();
changed |= CurrBlock->PropagateGlobalDefType(DefOp,
MeetType, CurrPhi->GetDefSSANum(), IsMemOp);
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
} // end for all phi functions in the current block
} // end for all blocks
return changed;
} // end of SMPFunction::ConditionalTypePropagation()
#else // not SMP_SIMPLE_CONDITIONAL_TYPE_PROPAGATION
// Apply the SCC (Sparse Conditional Constant) propagation algorithm to
// propagate types starting from unresolved Phi DEFs.
bool SMPFunction::ConditionalTypePropagation(void) {
bool changed = false;
// Collections of Phi functions and instructions that have a DEF
// with type UNINIT for the current global name.
map<int, set<SMPPhiFunction, LessPhi>::iterator> UninitDEFPhis;
vector<list<SMPInstr>::iterator> UninitDEFInsts;
// Work lists of Phi functions and instructions that need to be processed
// according to the SCC algorithm.
list<map<int, set<SMPPhiFunction, LessPhi>::iterator>::iterator> PhiWorkList;
list<vector<list<SMPInstr>::iterator>::iterator> InstWorkList;
// Iterate through all global names that are either (1) registers
// or (2) stack locations in SAFE functions.
set<op_t, LessOp>::iterator CurrGlob;
for (CurrGlob = this->GetFirstGlobalName(); CurrGlob != this->GetLastGlobalName(); ++CurrGlob) {
op_t GlobalOp = *CurrGlob;
list<SMPBasicBlock>::iterator CurrBlock;
vector<list<SMPBasicBlock>::iterator>::iterator CurrRPO;
if (MDIsIndirectMemoryOpnd(GlobalOp, this->UseFP))
continue; // need alias analysis to process indirect accesses
if ((GlobalOp.type != o_reg)
&& (!((this->GetReturnAddressStatus() == FUNC_SAFE) && MDIsStackAccessOpnd(GlobalOp, this->UseFP))))
continue; // not register, not safe stack access
// Set up a map (indexed by SSANum) of iterators to Phi functions
// for the current global name that have UNINIT as the Phi DEF type.
UninitDEFPhis.clear();
UninitDEFInsts.clear();
for (CurrRPO = this->RPOBlocks.begin(); CurrRPO != this->RPOBlocks.end(); ++CurrRPO) {
CurrBlock = *CurrRPO;
set<SMPPhiFunction, LessPhi>::iterator CurrPhi;
CurrPhi = CurrBlock->FindPhi(GlobalOp);