Week 17

IR/.vscode/settings.json

@@ -0,0 +1,38 @@
+{
+    "cSpell.words": [
+        "addrval",
+        "ALLOC",
+        "ALLOCARRAY",
+        "cgir",
+        "CSSA",
+        "DBGASSERT",
+        "dsts",
+        "elemptr",
+        "FUNCTIONARG",
+        "GETELEMPTR",
+        "insn",
+        "ipos",
+        "jbin",
+        "LOADELEM",
+        "loadimm",
+        "LOADRAW",
+        "loadrawextra",
+        "newbb",
+        "nonvr",
+        "notag",
+        "preds",
+        "printk",
+        "RAWOFF",
+        "repr",
+        "SIZET",
+        "STACKOFF",
+        "stackptr",
+        "STOREELEM",
+        "STORERAW",
+        "struct",
+        "succs",
+        "tdst",
+        "TSSA",
+        "vpos"
+    ]
+}

IR/CMakeLists.txt

@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.20)
 project(bpf_ir)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror -Wstrict-prototypes -Wunused-variable -O3")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror -Wstrict-prototypes -Wenum-compare -Wunused-variable -Wunused-but-set-variable -Wsign-compare -O3")
 
 add_library(bpf_ir STATIC 
     bpf_ir.c
@@ -15,6 +15,7 @@ add_library(bpf_ir STATIC
     passes/cut_bb_pass.c
     aux/prog_check.c
     aux/disasm.c
+    aux/optimization.c
     ir_code_gen.c
     lii.c
 )

IR/Makefile

@@ -1,9 +1,15 @@
+build: format
+	cmake --build build
+
+buildall: genctor
+	cmake --build build
 
 format:
 	./scripts/format.sh
 
-build: format
-	cmake --build build
+genctor:
+	./scripts/gen_insn_ctor.py
+	./scripts/format.sh
 
 kernel: build
 	./scripts/gen_kernel.sh

IR/Readme.md

@@ -19,13 +19,12 @@ One opinion, one benefit of designing the raw constraint from is that our runtim
 - [x] Env
 - [x] If ALU ops (including cond jmp) use 64 bits const, load it to register
 - [x] Switch back for ALU spill
-- [ ] CGIR-I and CGIR-II formalization
 - [ ] Test adding counter & print some result
+- [x] CGIR-I and CGIR-II formalization
 
 ## Bugs
 
-- `loop2`: Loop BB detected
-- `STACK_PTR` Change to R10 insn
+- `erase_insn_cg` Not working in the normalization. Should spilling use `safe` list iterations?
 
 # TODO
 

IR/array.c

@@ -87,6 +87,18 @@ void bpf_ir_array_clone(struct bpf_ir_env *env, struct array *res,
 	memcpy(res->data, arr->data, arr->num_elem * arr->elem_size);
 }
 
+// Merge b into a
+void bpf_ir_array_merge(struct bpf_ir_env *env, struct array *a,
+			struct array *b)
+{
+	struct ir_insn **pos;
+	array_for(pos, (*b))
+	{
+		struct ir_insn *insn = *pos;
+		bpf_ir_array_push_unique(env, a, &insn);
+		CHECK_ERR();
+	}
+}
 void bpf_ir_array_free(struct array *arr)
 {
 	if (arr->data) {

IR/aux/disasm.c

@@ -1,4 +1,4 @@
-#include "linux/bpf_ir.h"
+#include <linux/bpf_ir.h>
 #include <linux/bpf.h>
 
 // #include "disasm.h"

IR/aux/optimization.c

@@ -0,0 +1,82 @@
+#include <linux/bpf_ir.h>
+
+static void remove_no_user_insn(struct bpf_ir_env *env, struct ir_function *fun)
+{
+	// Remove all instructions that have no users, except for void instructions & calls
+
+	struct ir_basic_block **pos;
+	array_for(pos, fun->reachable_bbs)
+	{
+		struct ir_basic_block *bb = *pos;
+		struct ir_insn *insn, *tmp;
+		list_for_each_entry_safe(insn, tmp, &bb->ir_insn_head,
+					 list_ptr) {
+			if (bpf_ir_is_void(insn) || insn->op == IR_INSN_CALL) {
+				continue;
+			}
+			if (insn->users.num_elem == 0) {
+				bpf_ir_erase_insn(env, insn);
+				CHECK_ERR();
+			}
+		}
+	}
+}
+
+static void remove_unused_alloc(struct bpf_ir_env *env, struct ir_function *fun)
+{
+	// Remove all alloc instructions that have no users
+	struct array alloc_insns;
+	INIT_ARRAY(&alloc_insns, struct ir_insn *);
+
+	struct ir_basic_block **pos;
+	array_for(pos, fun->reachable_bbs)
+	{
+		struct ir_basic_block *bb = *pos;
+		struct ir_insn *insn, *tmp;
+		list_for_each_entry_safe(insn, tmp, &bb->ir_insn_head,
+					 list_ptr) {
+			if (insn->op == IR_INSN_ALLOC) {
+				bpf_ir_array_push(env, &alloc_insns, &insn);
+			}
+		}
+	}
+
+	struct ir_insn **pos2;
+	array_for(pos2, alloc_insns)
+	{
+		bool has_load = false;
+		struct ir_insn *insn = *pos2;
+		struct ir_insn **pos3;
+		array_for(pos3, insn->users)
+		{
+			struct ir_insn *user = *pos3;
+			if (user->op == IR_INSN_LOAD) {
+				has_load = true;
+				break;
+			}
+		}
+		if (!has_load) {
+			// Remove all its store
+			array_for(pos3, insn->users)
+			{
+				struct ir_insn *user = *pos3;
+				bpf_ir_erase_insn(env, user);
+				CHECK_ERR();
+			}
+			// Remove itself
+			bpf_ir_erase_insn(env, insn);
+			CHECK_ERR();
+		}
+	}
+
+	bpf_ir_array_free(&alloc_insns);
+}
+
+void bpf_ir_optimize_ir(struct bpf_ir_env *env, struct ir_function *fun)
+{
+	remove_no_user_insn(env, fun);
+	CHECK_ERR();
+
+	remove_unused_alloc(env, fun);
+	CHECK_ERR();
+}

IR/aux/prog_check.c

@@ -44,15 +44,19 @@ static void check_insn(struct bpf_ir_env *env, struct ir_function *fun)
 		struct ir_basic_block *bb = *pos;
 		struct ir_insn *insn;
 		list_for_each_entry(insn, &bb->ir_insn_head, list_ptr) {
-			struct array operands = bpf_ir_get_operands(env, insn);
-			struct ir_value **vpos;
+			if (insn->parent_bb != bb) {
+				print_ir_insn_err(
+					env, insn,
+					"Instruction's parent BB wrong");
+				RAISE_ERROR("Parent BB error");
+			}
 			if (insn->op == IR_INSN_LOADRAW ||
 			    insn->op == IR_INSN_ALLOC ||
-			    insn->op == IR_INSN_JA || insn->op == IR_INSN_PHI) {
+			    insn->op == IR_INSN_JA || insn->op == IR_INSN_PHI ||
+			    insn->op == IR_INSN_ALLOCARRAY) {
 				if (!(insn->value_num == 0)) {
 					print_ir_insn_err(env, insn, NULL);
 					RAISE_ERROR(
-
 						"Instruction should have no value");
 				}
 			}
@@ -62,13 +66,14 @@ static void check_insn(struct bpf_ir_env *env, struct ir_function *fun)
 				if (!(insn->value_num == 1)) {
 					print_ir_insn_err(env, insn, NULL);
 					RAISE_ERROR(
-
 						"Instruction should have 1 values");
 				}
 			}
 
-			if (insn->op == IR_INSN_STORE || (is_alu(insn)) ||
-			    (is_cond_jmp(insn))) {
+			if (insn->op == IR_INSN_STORE ||
+			    (bpf_ir_is_alu(insn)) ||
+			    (bpf_ir_is_cond_jmp(insn)) ||
+			    insn->op == IR_INSN_GETELEMPTR) {
 				if (!(insn->value_num == 2)) {
 					print_ir_insn_err(env, insn, NULL);
 					RAISE_ERROR(
@@ -89,16 +94,28 @@ static void check_insn(struct bpf_ir_env *env, struct ir_function *fun)
 				}
 			}
 
+			if (insn->op == IR_INSN_GETELEMPTR) {
+				if (!(insn->values[1].type == IR_VALUE_INSN &&
+				      insn->values[1].data.insn_d->op ==
+					      IR_INSN_ALLOCARRAY)) {
+					print_ir_insn_err(env, insn, NULL);
+					RAISE_ERROR(
+						"Value should be an allocarray instruction");
+				}
+			}
+
 			// TODO: Check: users of alloc instructions must be STORE/LOAD
 
-			if (is_alu(insn) || is_cond_jmp(insn)) {
+			if (bpf_ir_is_alu(insn) || bpf_ir_is_cond_jmp(insn)) {
 				// Binary ALU
 				if (!bpf_ir_valid_alu_type(insn->alu_op)) {
 					print_ir_insn_err(env, insn, NULL);
 					RAISE_ERROR("Binary ALU type error!");
 				}
 			}
 
+			struct array operands = bpf_ir_get_operands(env, insn);
+			struct ir_value **vpos;
 			if (insn->op == IR_INSN_ALLOC ||
 			    insn->op == IR_INSN_LOADRAW ||
 			    insn->op == IR_INSN_STORERAW) {
@@ -107,6 +124,8 @@ static void check_insn(struct bpf_ir_env *env, struct ir_function *fun)
 					RAISE_ERROR("Invalid VR type");
 				}
 			}
+
+			// Checking operands
 			array_for(vpos, operands)
 			{
 				struct ir_value *val = *vpos;
@@ -115,6 +134,12 @@ static void check_insn(struct bpf_ir_env *env, struct ir_function *fun)
 						    val->const_type)) {
 						print_ir_insn_err(env, insn,
 								  NULL);
+
+						PRINT_LOG(
+							env,
+							"Constant type: %d, operand number: %d\n",
+							val->const_type,
+							operands.num_elem);
 						RAISE_ERROR(
 							"Invalid Constant type");
 					}
@@ -168,6 +193,7 @@ static void check_users(struct bpf_ir_env *env, struct ir_function *fun)
 		struct ir_insn *insn = fun->function_arg[i];
 		check_insn_users_use_insn(env, insn);
 	}
+	check_insn_users_use_insn(env, fun->sp);
 	struct ir_basic_block **pos;
 	array_for(pos, fun->reachable_bbs)
 	{
@@ -237,7 +263,7 @@ static void check_jumping(struct bpf_ir_env *env, struct ir_function *fun)
 		struct ir_insn *insn;
 		int jmp_exists = 0;
 		list_for_each_entry(insn, &bb->ir_insn_head, list_ptr) {
-			if (is_jmp(insn)) {
+			if (bpf_ir_is_jmp(insn)) {
 				jmp_exists = 1;
 				if (!bpf_ir_is_last_insn(insn)) {
 					// Error
@@ -259,7 +285,7 @@ static void check_jumping(struct bpf_ir_env *env, struct ir_function *fun)
 						continue;
 					}
 					// For conditional jumps, both BB1 and BB2 should be successors
-					if (is_cond_jmp(insn)) {
+					if (bpf_ir_is_cond_jmp(insn)) {
 						// Get the two basic blocks that the conditional jump statement jumps to
 						struct ir_basic_block *bb1 =
 							insn->bb1;
@@ -359,7 +385,7 @@ static void bpf_ir_fix_bb_succ(struct ir_function *fun)
 	{
 		struct ir_basic_block *bb = *pos;
 		struct ir_insn *insn = bpf_ir_get_last_insn(bb);
-		if (insn && is_cond_jmp(insn)) {
+		if (insn && bpf_ir_is_cond_jmp(insn)) {
 			// Conditional jmp
 			if (bb->succs.num_elem != 2) {
 				CRITICAL(
@@ -385,11 +411,11 @@ static void add_reach(struct bpf_ir_env *env, struct ir_function *fun,
 	bpf_ir_array_push(env, &fun->reachable_bbs, &bb);
 
 	struct ir_basic_block **succ;
-	u8 i = 0;
+	bool first = false;
 	array_for(succ, bb->succs)
 	{
-		if (i == 0) {
-			i = 1;
+		if (!first && bb->succs.num_elem > 1) {
+			first = true;
 			// Check if visited
 			if ((*succ)->_visited) {
 				RAISE_ERROR("Loop BB detected");