Gather knowledge about the state during control flow analysis.

10 years ago · 1f149925bc
7 changed files with 192 additions and 35 deletions
--- a/libevmasm/Assembly.cpp
+++ b/libevmasm/Assembly.cpp
@ -314,6 +314,10 @@ Assembly& Assembly::optimise(bool _enable)
 		copt << toString(*this);
 		count = 0;
 		//@todo CFG interface should be a generator, that returns an item and a pointer to a
 		// knownstate, which has to replace the current state if it is not null.
 		// Feed these items to the CSE, but also store them and replace the stored version
 		// if the items generated by the CSE are shorter. (or even use less gas?)
 		copt << "Performing control flow analysis...";
 		{
 			ControlFlowGraph cfg(m_items);
@ -329,7 +333,8 @@ Assembly& Assembly::optimise(bool _enable)
 		copt << "Performing common subexpression elimination...";
 		for (auto iter = m_items.begin(); iter != m_items.end();)
 		{
-			KnownState state;
+			//@todo use only a single state / expression classes instance.
 			KnownState state(make_shared<ExpressionClasses>());
 			CommonSubexpressionEliminator eliminator(state);
 			auto orig = iter;
 			iter = eliminator.feedItems(iter, m_items.end());
--- a/libevmasm/ControlFlowGraph.cpp
+++ b/libevmasm/ControlFlowGraph.cpp
@ -23,9 +23,11 @@
 #include <libevmasm/ControlFlowGraph.h>
 #include <map>
 #include <memory>
 #include <libevmasm/Exceptions.h>
 #include <libevmasm/AssemblyItem.h>
 #include <libevmasm/SemanticInformation.h>
 #include <libevmasm/KnownState.h>
 using namespace std;
 using namespace dev;
@ -46,6 +48,7 @@ AssemblyItems ControlFlowGraph::optimisedItems()
 	resolveNextLinks();
 	removeUnusedBlocks();
 	setPrevLinks();
 	gatherKnowledge();
 	return rebuildCode();
 }
@ -209,6 +212,77 @@ void ControlFlowGraph::setPrevLinks()
 	}
 }
 void ControlFlowGraph::gatherKnowledge()
 {
 	// @todo actually we know that memory is filled with zeros at the beginning,
 	// we could make use of that.
 	shared_ptr<KnownState> emptyState = make_shared<KnownState>();
 	ExpressionClasses& expr = emptyState->expressionClasses();
 	bool unknownJumpEncountered = false;
 	vector<pair<BlockId, shared_ptr<KnownState>>> workQueue({make_pair(BlockId::initial(), emptyState->copy())});
 	while (!workQueue.empty())
 	{
 		//@todo we might have to do something like incrementing the sequence number for each JUMPDEST
 		assertThrow(!!workQueue.back().first, OptimizerException, "");
 		BasicBlock& block = m_blocks.at(workQueue.back().first);
 		shared_ptr<KnownState> state = workQueue.back().second;
 		workQueue.pop_back();
 		if (block.startState)
 		{
 			state->reduceToCommonKnowledge(*block.startState);
 			if (*state == *block.startState)
 				continue;
 		}
 		block.startState = state->copy();
 		//@todo we might know the return address for the first pass, but not anymore for the second,
 		// -> store knowledge about tags as a union.
 		// Feed all items except for the final jump yet because it will erase the target tag.
 		unsigned pc = block.begin;
 		while (pc < block.end && !SemanticInformation::altersControlFlow(m_items.at(pc)))
 			state->feedItem(m_items.at(pc++));
 		if (
 			block.endType == BasicBlock::EndType::JUMP ||
 			block.endType == BasicBlock::EndType::JUMPI
 		)
 		{
 			assertThrow(block.begin <= pc && pc == block.end - 1, OptimizerException, "");
 			//@todo in the case of JUMPI, add knowledge about the condition to the state
 			// (for both values of the condition)
 			BlockId nextBlock = expressionClassToBlockId(
 				state->stackElement(state->stackHeight(), SourceLocation()),
 				expr
 			);
 			state->feedItem(m_items.at(pc++));
 			if (nextBlock)
 				workQueue.push_back(make_pair(nextBlock, state->copy()));
 			else if (!unknownJumpEncountered)
 			{
 				// We do not know where this jump goes, so we have to reset the states of all
 				// JUMPDESTs.
 				unknownJumpEncountered = true;
 				for (auto const& it: m_blocks)
 					if (it.second.begin < it.second.end && m_items[it.second.begin].type() == Tag)
 						workQueue.push_back(make_pair(it.first, emptyState->copy()));
 			}
 		}
 		else if (block.begin <= pc && pc < block.end)
 			state->feedItem(m_items.at(pc++));
 		assertThrow(block.end <= block.begin || pc == block.end, OptimizerException, "");
 		block.endState = state;
 		if (
 			block.endType == BasicBlock::EndType::HANDOVER ||
 			block.endType == BasicBlock::EndType::JUMPI
 		)
 			workQueue.push_back(make_pair(block.next, state->copy()));
 	}
 }
 AssemblyItems ControlFlowGraph::rebuildCode()
 {
 	map<BlockId, unsigned> pushes;
@ -233,7 +307,7 @@ AssemblyItems ControlFlowGraph::rebuildCode()
 			blockId = m_blocks.at(blockId).prev;
 		for (; blockId; blockId = m_blocks.at(blockId).next)
 		{
-			BasicBlock const& block = m_blocks.at(blockId);
+			BasicBlock& block = m_blocks.at(blockId);
 			blocksToAdd.erase(blockId);
 			blocksAdded.insert(blockId);
@ -243,7 +317,10 @@ AssemblyItems ControlFlowGraph::rebuildCode()
 				continue;
 			// If block starts with unused tag, skip it.
 			if (previousHandedOver && !pushes[blockId] && begin->type() == Tag)
 			{
 				++begin;
 				++block.begin;
 			}
 			previousHandedOver = (block.endType == BasicBlock::EndType::HANDOVER);
 			copy(begin, end, back_inserter(code));
 		}
@ -252,6 +329,18 @@ AssemblyItems ControlFlowGraph::rebuildCode()
 	return code;
 }
 BlockId ControlFlowGraph::expressionClassToBlockId(
 	ExpressionClasses::Id _id,
 	ExpressionClasses& _exprClasses
 )
 {
 	ExpressionClasses::Expression expr = _exprClasses.representative(_id);
 	if (expr.item && expr.item->type() == PushTag)
 		return BlockId(expr.item->data());
 	else
 		return BlockId::invalid();
 }
 BlockId ControlFlowGraph::generateNewId()
 {
 	BlockId id = BlockId(++m_lastUsedId);
--- a/libevmasm/ControlFlowGraph.h
+++ b/libevmasm/ControlFlowGraph.h
@ -24,16 +24,17 @@
 #pragma once
 #include <vector>
 #include <memory>
 #include <libdevcore/Common.h>
 #include <libdevcore/Assertions.h>
 #include <libevmasm/ExpressionClasses.h>
 namespace dev
 {
 namespace eth
 {
-class AssemblyItem;
+class KnownState;
 using AssemblyItems = std::vector<AssemblyItem>;
 /**
 * Identifier for a block, coincides with the tag number of an AssemblyItem but adds a special
@ -69,14 +70,20 @@ struct BasicBlock
 	unsigned end = 0;
 	/// Tags pushed inside this block, with multiplicity.
 	std::vector<BlockId> pushedTags;
-	/// ID of the block that always follows this one (either JUMP or flow into new block),
+	/// ID of the block that always follows this one (either non-branching part of JUMPI or flow
-	/// or BlockId::invalid() otherwise
+	/// into new block), or BlockId::invalid() otherwise
 	BlockId next = BlockId::invalid();
-	/// ID of the block that has to precede this one.
+	/// ID of the block that has to precede this one (because control flows into it).
 	BlockId prev = BlockId::invalid();
 	enum class EndType { JUMP, JUMPI, STOP, HANDOVER };
 	EndType endType = EndType::HANDOVER;
 	/// Knowledge about the state when this block is entered. Intersection of all possible ways
 	/// to enter this block.
 	std::shared_ptr<KnownState> startState;
 	/// Knowledge about the state at the end of this block.
 	std::shared_ptr<KnownState> endState;
 };
 class ControlFlowGraph
@ -93,9 +100,14 @@ private:
 	void splitBlocks();
 	void resolveNextLinks();
 	void removeUnusedBlocks();
 	void gatherKnowledge();
 	void setPrevLinks();
 	AssemblyItems rebuildCode();
 	/// @returns the corresponding BlockId if _id is a pushed jump tag,
 	/// and an invalid BlockId otherwise.
 	BlockId expressionClassToBlockId(ExpressionClasses::Id _id, ExpressionClasses& _exprClasses);
 	BlockId generateNewId();
 	unsigned m_lastUsedId = 0;
--- a/libevmasm/KnownState.cpp
+++ b/libevmasm/KnownState.cpp
@ -30,16 +30,18 @@ using namespace std;
 using namespace dev;
 using namespace dev::eth;
-ostream& KnownState::stream(
+ostream& KnownState::stream(ostream& _out) const
 	ostream& _out,
 	map<int, Id> _initialStack,
 	map<int, Id> _targetStack
 ) const
 {
 	auto streamExpressionClass = [this](ostream& _out, Id _id)
 	{
 		auto const& expr = m_expressionClasses->representative(_id);
-		_out << "  " << dec << _id << ": " << *expr.item;
+		_out << "  " << dec << _id << ": ";
 		if (!expr.item)
 			_out << " no item";
 		else if (expr.item->type() == UndefinedItem)
 			_out << " unknown " << int(expr.item->data());
 		else
 			_out << *expr.item;
 		if (expr.sequenceNumber)
 			_out << "@" << dec << expr.sequenceNumber;
 		_out << "(";
@ -48,22 +50,32 @@ ostream& KnownState::stream(
 		_out << ")" << endl;
 	};
-	_out << "Optimizer analysis:" << endl;
+	_out << "=== State ===" << endl;
-	_out << "Final stack height: " << dec << m_stackHeight << endl;
+	_out << "Stack height: " << dec << m_stackHeight << endl;
 	_out << "Equivalence classes: " << endl;
 	for (Id eqClass = 0; eqClass < m_expressionClasses->size(); ++eqClass)
 		streamExpressionClass(_out, eqClass);
-	_out << "Initial stack: " << endl;
+	_out << "Stack: " << endl;
-	for (auto const& it: _initialStack)
+	for (auto const& it: m_stackElements)
 	{
 		_out << "  " << dec << it.first << ": ";
 		streamExpressionClass(_out, it.second);
 	}
-	_out << "Target stack: " << endl;
+	_out << "Storage: " << endl;
-	for (auto const& it: _targetStack)
+	for (auto const& it: m_storageContent)
 	{
-		_out << "  " << dec << it.first << ": ";
+		_out << "  ";
 		streamExpressionClass(_out, it.first);
 		_out << ": ";
 		streamExpressionClass(_out, it.second);
 	}
 	_out << "Memory: " << endl;
 	for (auto const& it: m_memoryContent)
 	{
 		_out << "  ";
 		streamExpressionClass(_out, it.first);
 		_out << ": ";
 		streamExpressionClass(_out, it.second);
 	}
@ -73,7 +85,11 @@ ostream& KnownState::stream(
 KnownState::StoreOperation KnownState::feedItem(AssemblyItem const& _item, bool _copyItem)
 {
 	StoreOperation op;
-	if (_item.type() != Operation)
+	if (_item.type() == Tag)
 	{
 		// can be ignored
 	}
 	else if (_item.type() != Operation)
 	{
 		assertThrow(_item.deposit() == 1, InvalidDeposit, "");
 		setStackElement(++m_stackHeight, m_expressionClasses->find(_item, {}, _copyItem));
@ -127,17 +143,40 @@ KnownState::StoreOperation KnownState::feedItem(AssemblyItem const& _item, bool
 					resetMemory();
 				if (SemanticInformation::invalidatesStorage(_item.instruction()))
 					resetStorage();
-				setStackElement(
+				assertThrow(info.ret <= 1, InvalidDeposit, "");
-					m_stackHeight + _item.deposit(),
+				if (info.ret == 1)
-					m_expressionClasses->find(_item, arguments, _copyItem)
+					setStackElement(
-				);
+						m_stackHeight + _item.deposit(),
 						m_expressionClasses->find(_item, arguments, _copyItem)
 					);
 			}
 		}
 		for (int p = m_stackHeight; p > m_stackHeight + _item.deposit(); --p)
 			m_stackElements.erase(p);
 		m_stackHeight += _item.deposit();
 	}
 	return op;
 }
 void KnownState::reduceToCommonKnowledge(KnownState const& /*_other*/)
 {
 	//@todo
 	*this = KnownState(m_expressionClasses);
 }
 bool KnownState::operator==(const KnownState& _other) const
 {
 	//@todo
 	return (
 		m_stackElements.empty() &&
 		_other.m_stackElements.empty() &&
 		m_storageContent.empty() &&
 		_other.m_storageContent.empty() &&
 		m_memoryContent.empty() &&
 		_other.m_memoryContent.empty()
 	);
 }
 ExpressionClasses::Id KnownState::stackElement(int _stackHeight, SourceLocation const& _location)
 {
 	if (m_stackElements.count(_stackHeight))
--- a/libevmasm/KnownState.h
+++ b/libevmasm/KnownState.h
@ -27,6 +27,7 @@
 #include <map>
 #include <set>
 #include <tuple>
 #include <memory>
 #include <ostream>
 #include <libdevcore/CommonIO.h>
 #include <libdevcore/Exceptions.h>
@ -70,14 +71,14 @@ public:
 		Id expression;
 	};
-	KnownState(): m_expressionClasses(std::make_shared<ExpressionClasses>()) {}
+	explicit KnownState(
 		std::shared_ptr<ExpressionClasses> _expressionClasses = std::make_shared<ExpressionClasses>()
 	): m_expressionClasses(_expressionClasses)
 	{
 	}
 	/// Streams debugging information to @a _out.
-	std::ostream& stream(
+	std::ostream& stream(std::ostream& _out) const;
 		std::ostream& _out,
 		std::map<int, Id> _initialStack = std::map<int, Id>(),
 		std::map<int, Id> _targetStack = std::map<int, Id>()
 	) const;
 	/// Feeds the item into the system for analysis.
 	/// @returns a possible store operation
@ -92,6 +93,20 @@ public:
 	/// Resets any knowledge.
 	void reset() { resetStorage(); resetMemory(); resetStack(); }
 	/// Manually increments the storage and memory sequence number.
 	void incrementSequenceNumber() { m_sequenceNumber += 2; }
 	/// Replaces the state by the intersection with _other, i.e. only equal knowledge is retained.
 	/// If the stack heighht is different, the smaller one is used and the stack is compared
 	/// relatively.
 	void reduceToCommonKnowledge(KnownState const& _other);
 	/// @returns a shared pointer to a copy of this state.
 	std::shared_ptr<KnownState> copy() const { return std::make_shared<KnownState>(*this); }
 	/// @returns true if the knowledge about the state of both objects is (known to be) equal.
 	bool operator==(KnownState const& _other) const;
 	///@todo the sequence numbers in two copies of this class should never be the same.
 	/// might be doable using two-dimensional sequence numbers, where the first value is incremented
 	/// for each copy
@ -99,8 +114,7 @@ public:
 	/// Retrieves the current equivalence class fo the given stack element (or generates a new
 	/// one if it does not exist yet).
 	Id stackElement(int _stackHeight, SourceLocation const& _location);
-	/// @returns the equivalence class id of the special initial stack element at the given height
+	/// @returns the equivalence class id of the special initial stack element at the given height.
 	/// (must not be positive).
 	Id initialStackElement(int _stackHeight, SourceLocation const& _location);
 	int stackHeight() const { return m_stackHeight; }
--- a/libevmasm/SemanticInformation.cpp
+++ b/libevmasm/SemanticInformation.cpp
@ -128,7 +128,6 @@ bool SemanticInformation::isDeterministic(AssemblyItem const& _item)
 {
 	if (_item.type() != Operation)
 		return true;
 	assertThrow(!altersControlFlow(_item), OptimizerException, "");
 	switch (_item.instruction())
 	{
--- a/libevmasm/SemanticInformation.h
+++ b/libevmasm/SemanticInformation.h
@ -48,7 +48,6 @@ struct SemanticInformation
 	static bool altersControlFlow(AssemblyItem const& _item);
 	/// @returns false if the value put on the stack by _item depends on anything else than
 	/// the information in the current block header, memory, storage or stack.
 	/// @note should not be called for instructions that alter the control flow.
 	static bool isDeterministic(AssemblyItem const& _item);
 	/// @returns true if the given instruction modifies memory.
 	static bool invalidatesMemory(Instruction _instruction);