ssacfg: add termination path analysis

Author: clonker

libyul/CMakeLists.txt

@@ -76,6 +76,8 @@ add_library(yul
 	backends/evm/ssa/BridgeFinder.h
 	backends/evm/ssa/ControlFlow.cpp
 	backends/evm/ssa/ControlFlow.h
+	backends/evm/ssa/JunkAdmittingBlocksFinder.cpp
+	backends/evm/ssa/JunkAdmittingBlocksFinder.h
 	backends/evm/ssa/LivenessAnalysis.cpp
 	backends/evm/ssa/LivenessAnalysis.h
 	backends/evm/ssa/SSACFGLoopNestingForest.cpp

libyul/backends/evm/ssa/JunkAdmittingBlocksFinder.cpp

@@ -0,0 +1,73 @@
+/*
+	This file is part of solidity.
+
+	solidity is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	solidity is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with solidity.  If not, see <http://www.gnu.org/licenses/>.
+*/
+// SPDX-License-Identifier: GPL-3.0
+
+#include <libyul/backends/evm/ssa/JunkAdmittingBlocksFinder.h>
+
+#include <libyul/backends/evm/ssa/BridgeFinder.h>
+
+namespace solidity::yul::ssa
+{
+
+JunkAdmittingBlocksFinder::JunkAdmittingBlocksFinder(SSACFG const& _cfg, ForwardSSACFGTopologicalSort const& _topologicalSort):
+	m_blockAllowsJunk(_cfg.numBlocks(), false)
+{
+	// special case: only one block here, we mark it as junkable in case it's not a function return
+	if (_topologicalSort.preOrder().size() == 1)
+	{
+		SSACFG::BlockId const id {_topologicalSort.preOrder().front()};
+		m_blockAllowsJunk[id.value] = !_cfg.block(id).isFunctionReturnBlock();
+		return;
+	}
+
+	// Find all bridges, i.e., vertices, which upon removal increase the number of connected components.
+	// Translated to SSA CFGs this means:
+	//   - control flow that enters a bridge vertex never returns to a previously visited block
+	//   - there is no parallel path to a child of the vertex, ie, adding junk is fine in terms of stack balance
+	BridgeFinder const bridgeFinder(_cfg);
+
+	// of the bridge vertices, we have the exclude the ones that can lead to a function return
+	std::vector<SSACFG::BlockId> toVisit;
+	for (auto const blockIndex: _topologicalSort.preOrder())
+	{
+		SSACFG::BlockId const blockId {blockIndex};
+		m_blockAllowsJunk[blockIndex] = bridgeFinder.bridgeVertex(blockId) || _cfg.block(blockId).isTerminationBlock();
+		if (_cfg.block(blockId).isFunctionReturnBlock())
+			toVisit.emplace_back(SSACFG::BlockId{blockIndex});
+	}
+
+	std::vector<uint8_t> visited(_cfg.numBlocks(), false);
+	while (!toVisit.empty())
+	{
+		auto const blockId = toVisit.back();
+		auto const& block = _cfg.block(blockId);
+		toVisit.pop_back();
+
+		m_blockAllowsJunk[blockId.value] = false;
+		visited[blockId.value] = true;
+		for (auto const& entry: block.entries)
+			if (!visited[entry.value])
+				toVisit.emplace_back(entry);
+	}
+}
+
+bool JunkAdmittingBlocksFinder::allowsAdditionOfJunk(SSACFG::BlockId const& _blockId) const
+{
+	return m_blockAllowsJunk[_blockId.value];
+}
+
+}

libyul/backends/evm/ssa/JunkAdmittingBlocksFinder.h

@@ -0,0 +1,46 @@
+/*
+	This file is part of solidity.
+
+	solidity is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	solidity is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with solidity.  If not, see <http://www.gnu.org/licenses/>.
+*/
+// SPDX-License-Identifier: GPL-3.0
+
+#pragma once
+
+#include <libyul/backends/evm/ssa/SSACFGTopologicalSort.h>
+#include <libyul/backends/evm/ssa/SSACFG.h>
+
+#include <cstdint>
+#include <vector>
+
+namespace solidity::yul::ssa
+{
+
+/// Identifies blocks where stack balance constraints can be relaxed.
+/// These are blocks that inevitably terminate down the line (i.e., there is no path to a function return exit) and
+/// which are "bridge vertices". For a bridge, the graph decomposes into `G1` and `G2` with a singular edge `e=(v1->v2)`
+/// between them. Therefore, traversal into `G2` cannot escape back into `G1` and in particular there cannot be a
+/// parallel path into G2 that has relaxed constraints with respect to introducing junk. Consequently, there cannot be
+/// a situation in which a junk-bloated stack has to be unified with a slimmer stack layout stemming from another path
+/// into `G2`.
+class JunkAdmittingBlocksFinder
+{
+public:
+	explicit JunkAdmittingBlocksFinder(SSACFG const& _cfg, ForwardSSACFGTopologicalSort const& _topologicalSort);
+	bool allowsAdditionOfJunk(SSACFG::BlockId const& _blockId) const;
+private:
+	std::vector<std::uint8_t> m_blockAllowsJunk;
+};
+
+}

libyul/backends/evm/ssa/SSACFG.h

@@ -52,17 +52,14 @@ class SSACFG
 	struct BlockId
 	{
 		size_t value = std::numeric_limits<size_t>::max();
-		bool operator<(BlockId const& _rhs) const { return value < _rhs.value; }
-		bool operator==(BlockId const& _rhs) const { return value == _rhs.value; }
-		bool operator!=(BlockId const& _rhs) const { return value != _rhs.value; }
+		auto operator<=>(BlockId const&) const = default;
 	};
 	struct ValueId
 	{
-		size_t value = std::numeric_limits<size_t>::max();
-		bool hasValue() const { return value != std::numeric_limits<size_t>::max(); }
-		bool operator<(ValueId const& _rhs) const { return value < _rhs.value; }
-		bool operator==(ValueId const& _rhs) const { return value == _rhs.value; }
-		bool operator!=(ValueId const& _rhs) const { return value != _rhs.value; }
+		using ValueType = size_t;
+		ValueType value = std::numeric_limits<ValueType>::max();
+		bool hasValue() const { return value != std::numeric_limits<ValueType>::max(); }
+		auto operator<=>(ValueId const&) const = default;
 	};
 
 	struct BuiltinCall
@@ -93,26 +90,26 @@ class SSACFG
 		struct MainExit {};
 		struct ConditionalJump
 		{
-			langutil::DebugData::ConstPtr debugData;
+			langutil::DebugData::ConstPtr debugData{};
 			ValueId condition;
 			BlockId nonZero;
 			BlockId zero;
 		};
 		struct Jump
 		{
-			langutil::DebugData::ConstPtr debugData;
+			langutil::DebugData::ConstPtr debugData{};
 			BlockId target;
 		};
 		struct JumpTable
 		{
-			langutil::DebugData::ConstPtr debugData;
+			langutil::DebugData::ConstPtr debugData{};
 			ValueId value;
 			std::map<u256, BlockId> cases;
 			BlockId defaultCase;
 		};
 		struct FunctionReturn
 		{
-			langutil::DebugData::ConstPtr debugData;
+			langutil::DebugData::ConstPtr debugData{};
 			std::vector<ValueId> returnValues;
 		};
 		struct Terminated {};
@@ -138,6 +135,26 @@ class SSACFG
 				_callable(jumpTable->defaultCase);
 			}
 		}
+
+		bool isMainExitBlock() const
+		{
+			return std::holds_alternative<MainExit>(exit);
+		}
+
+		bool isTerminationBlock() const
+		{
+			return std::holds_alternative<Terminated>(exit);
+		}
+
+		bool isFunctionReturnBlock() const
+		{
+			return std::holds_alternative<FunctionReturn>(exit);
+		}
+
+		bool isJumpBlock() const
+		{
+			return std::holds_alternative<Jump>(exit);
+		}
 	};
 	BlockId makeBlock(langutil::DebugData::ConstPtr _debugData)
 	{
@@ -148,6 +165,7 @@ class SSACFG
 	BasicBlock& block(BlockId _id) { return m_blocks.at(_id.value); }
 	BasicBlock const& block(BlockId _id) const { return m_blocks.at(_id.value); }
 	size_t numBlocks() const { return m_blocks.size(); }
+
 private:
 	std::vector<BasicBlock> m_blocks;
 public:
@@ -170,13 +188,21 @@ class SSACFG
 	{
 		return std::holds_alternative<LiteralValue>(valueInfo(_var));
 	}
+	bool isPhiValue(ValueId const _var) const
+	{
+		return std::holds_alternative<PhiValue>(valueInfo(_var));
+	}
 	ValueInfo& valueInfo(ValueId const _var)
 	{
 		return m_valueInfos.at(_var.value);
 	}
 	ValueInfo const& valueInfo(ValueId const _var) const
 	{
-		return m_valueInfos.at(_var.value);
+		return valueInfo(_var.value);
+	}
+	ValueInfo const& valueInfo(ValueId::ValueType const _var) const
+	{
+		return m_valueInfos.at(_var);
 	}
 	ValueId newPhi(BlockId const _definingBlock)
 	{