/// CleanupAndPrepareModules - Get the specified modules ready for code
/// generator testing.
///
static void CleanupAndPrepareModules(BugDriver &BD, Module *&Test,
Module *Safe) {
// Clean up the modules, removing extra cruft that we don't need anymore...
Test = BD.performFinalCleanups(Test);
// If we are executing the JIT, we have several nasty issues to take care of.
if (!BD.isExecutingJIT()) return;
// First, if the main function is in the Safe module, we must add a stub to
// the Test module to call into it. Thus, we create a new function `main'
// which just calls the old one.
if (Function *oldMain = Safe->getFunction("main"))
if (!oldMain->isDeclaration()) {
// Rename it
oldMain->setName("llvm_bugpoint_old_main");
// Create a NEW `main' function with same type in the test module.
Function *newMain = Function::Create(oldMain->getFunctionType(),
GlobalValue::ExternalLinkage,
"main", Test);
// Create an `oldmain' prototype in the test module, which will
// corresponds to the real main function in the same module.
Function *oldMainProto = Function::Create(oldMain->getFunctionType(),
GlobalValue::ExternalLinkage,
oldMain->getName(), Test);
// Set up and remember the argument list for the main function.
std::vector<Value*> args;
for (Function::arg_iterator
I = newMain->arg_begin(), E = newMain->arg_end(),
OI = oldMain->arg_begin(); I != E; ++I, ++OI) {
I->setName(OI->getName()); // Copy argument names from oldMain
args.push_back(I);
}
// Call the old main function and return its result
BasicBlock *BB = BasicBlock::Create(Safe->getContext(), "entry", newMain);
CallInst *call = CallInst::Create(oldMainProto, args.begin(), args.end(),
"", BB);
// If the type of old function wasn't void, return value of call
ReturnInst::Create(Safe->getContext(), call, BB);
}
// The second nasty issue we must deal with in the JIT is that the Safe
// module cannot directly reference any functions defined in the test
// module. Instead, we use a JIT API call to dynamically resolve the
// symbol.
// Add the resolver to the Safe module.
// Prototype: void *getPointerToNamedFunction(const char* Name)
Constant *resolverFunc =
Safe->getOrInsertFunction("getPointerToNamedFunction",
Type::getInt8PtrTy(Safe->getContext()),
Type::getInt8PtrTy(Safe->getContext()),
(Type *)0);
// Use the function we just added to get addresses of functions we need.
for (Module::iterator F = Safe->begin(), E = Safe->end(); F != E; ++F) {
if (F->isDeclaration() && !F->use_empty() && &*F != resolverFunc &&
!F->isIntrinsic() /* ignore intrinsics */) {
Function *TestFn = Test->getFunction(F->getName());
// Don't forward functions which are external in the test module too.
if (TestFn && !TestFn->isDeclaration()) {
// 1. Add a string constant with its name to the global file
Constant *InitArray = ConstantArray::get(F->getContext(), F->getName());
GlobalVariable *funcName =
new GlobalVariable(*Safe, InitArray->getType(), true /*isConstant*/,
GlobalValue::InternalLinkage, InitArray,
F->getName() + "_name");
// 2. Use `GetElementPtr *funcName, 0, 0' to convert the string to an
// sbyte* so it matches the signature of the resolver function.
// GetElementPtr *funcName, ulong 0, ulong 0
std::vector<Constant*> GEPargs(2,
Constant::getNullValue(Type::getInt32Ty(F->getContext())));
Value *GEP =
ConstantExpr::getGetElementPtr(funcName, &GEPargs[0], 2);
std::vector<Value*> ResolverArgs;
ResolverArgs.push_back(GEP);
// Rewrite uses of F in global initializers, etc. to uses of a wrapper
// function that dynamically resolves the calls to F via our JIT API
if (!F->use_empty()) {
// Create a new global to hold the cached function pointer.
Constant *NullPtr = ConstantPointerNull::get(F->getType());
GlobalVariable *Cache =
new GlobalVariable(*F->getParent(), F->getType(),
false, GlobalValue::InternalLinkage,
NullPtr,F->getName()+".fpcache");
// Construct a new stub function that will re-route calls to F
const FunctionType *FuncTy = F->getFunctionType();
Function *FuncWrapper = Function::Create(FuncTy,
GlobalValue::InternalLinkage,
F->getName() + "_wrapper",
F->getParent());
BasicBlock *EntryBB = BasicBlock::Create(F->getContext(),
"entry", FuncWrapper);
BasicBlock *DoCallBB = BasicBlock::Create(F->getContext(),
"usecache", FuncWrapper);
BasicBlock *LookupBB = BasicBlock::Create(F->getContext(),
"lookupfp", FuncWrapper);
// Check to see if we already looked up the value.
Value *CachedVal = new LoadInst(Cache, "fpcache", EntryBB);
Value *IsNull = new ICmpInst(*EntryBB, ICmpInst::ICMP_EQ, CachedVal,
NullPtr, "isNull");
BranchInst::Create(LookupBB, DoCallBB, IsNull, EntryBB);
// Resolve the call to function F via the JIT API:
//
// call resolver(GetElementPtr...)
CallInst *Resolver =
CallInst::Create(resolverFunc, ResolverArgs.begin(),
ResolverArgs.end(), "resolver", LookupBB);
// Cast the result from the resolver to correctly-typed function.
CastInst *CastedResolver =
new BitCastInst(Resolver,
PointerType::getUnqual(F->getFunctionType()),
"resolverCast", LookupBB);
// Save the value in our cache.
new StoreInst(CastedResolver, Cache, LookupBB);
BranchInst::Create(DoCallBB, LookupBB);
PHINode *FuncPtr = PHINode::Create(NullPtr->getType(),
"fp", DoCallBB);
FuncPtr->addIncoming(CastedResolver, LookupBB);
FuncPtr->addIncoming(CachedVal, EntryBB);
// Save the argument list.
std::vector<Value*> Args;
for (Function::arg_iterator i = FuncWrapper->arg_begin(),
e = FuncWrapper->arg_end(); i != e; ++i)
Args.push_back(i);
// Pass on the arguments to the real function, return its result
if (F->getReturnType()->isVoidTy()) {
CallInst::Create(FuncPtr, Args.begin(), Args.end(), "", DoCallBB);
ReturnInst::Create(F->getContext(), DoCallBB);
} else {
CallInst *Call = CallInst::Create(FuncPtr, Args.begin(), Args.end(),
"retval", DoCallBB);
ReturnInst::Create(F->getContext(),Call, DoCallBB);
}
// Use the wrapper function instead of the old function
F->replaceAllUsesWith(FuncWrapper);
}
}
}
}
if (verifyModule(*Test) || verifyModule(*Safe)) {
errs() << "Bugpoint has a bug, which corrupted a module!!\n";
abort();
}
}
/// ExtractLoops - Given a reduced list of functions that still exposed the bug,
/// check to see if we can extract the loops in the region without obscuring the
/// bug. If so, it reduces the amount of code identified.
///
static bool ExtractLoops(BugDriver &BD,
bool (*TestFn)(BugDriver &, Module *, Module *,
std::string &),
std::vector<Function*> &MiscompiledFunctions,
std::string &Error) {
bool MadeChange = false;
while (1) {
if (BugpointIsInterrupted) return MadeChange;
DenseMap<const Value*, Value*> ValueMap;
Module *ToNotOptimize = CloneModule(BD.getProgram(), ValueMap);
Module *ToOptimize = SplitFunctionsOutOfModule(ToNotOptimize,
MiscompiledFunctions,
ValueMap);
Module *ToOptimizeLoopExtracted = BD.ExtractLoop(ToOptimize);
if (!ToOptimizeLoopExtracted) {
// If the loop extractor crashed or if there were no extractible loops,
// then this chapter of our odyssey is over with.
delete ToNotOptimize;
delete ToOptimize;
return MadeChange;
}
errs() << "Extracted a loop from the breaking portion of the program.\n";
// Bugpoint is intentionally not very trusting of LLVM transformations. In
// particular, we're not going to assume that the loop extractor works, so
// we're going to test the newly loop extracted program to make sure nothing
// has broken. If something broke, then we'll inform the user and stop
// extraction.
AbstractInterpreter *AI = BD.switchToSafeInterpreter();
bool Failure = TestMergedProgram(BD, ToOptimizeLoopExtracted, ToNotOptimize,
false, Error);
if (!Error.empty())
return false;
if (Failure) {
BD.switchToInterpreter(AI);
// Merged program doesn't work anymore!
errs() << " *** ERROR: Loop extraction broke the program. :("
<< " Please report a bug!\n";
errs() << " Continuing on with un-loop-extracted version.\n";
BD.writeProgramToFile(OutputPrefix + "-loop-extract-fail-tno.bc",
ToNotOptimize);
BD.writeProgramToFile(OutputPrefix + "-loop-extract-fail-to.bc",
ToOptimize);
BD.writeProgramToFile(OutputPrefix + "-loop-extract-fail-to-le.bc",
ToOptimizeLoopExtracted);
errs() << "Please submit the "
<< OutputPrefix << "-loop-extract-fail-*.bc files.\n";
delete ToOptimize;
delete ToNotOptimize;
delete ToOptimizeLoopExtracted;
return MadeChange;
}
delete ToOptimize;
BD.switchToInterpreter(AI);
outs() << " Testing after loop extraction:\n";
// Clone modules, the tester function will free them.
Module *TOLEBackup = CloneModule(ToOptimizeLoopExtracted);
Module *TNOBackup = CloneModule(ToNotOptimize);
Failure = TestFn(BD, ToOptimizeLoopExtracted, ToNotOptimize, Error);
if (!Error.empty())
return false;
if (!Failure) {
outs() << "*** Loop extraction masked the problem. Undoing.\n";
// If the program is not still broken, then loop extraction did something
// that masked the error. Stop loop extraction now.
delete TOLEBackup;
delete TNOBackup;
return MadeChange;
}
ToOptimizeLoopExtracted = TOLEBackup;
ToNotOptimize = TNOBackup;
outs() << "*** Loop extraction successful!\n";
std::vector<std::pair<std::string, const FunctionType*> > MisCompFunctions;
for (Module::iterator I = ToOptimizeLoopExtracted->begin(),
E = ToOptimizeLoopExtracted->end(); I != E; ++I)
if (!I->isDeclaration())
MisCompFunctions.push_back(std::make_pair(I->getName(),
I->getFunctionType()));
// Okay, great! Now we know that we extracted a loop and that loop
// extraction both didn't break the program, and didn't mask the problem.
// Replace the current program with the loop extracted version, and try to
// extract another loop.
std::string ErrorMsg;
if (Linker::LinkModules(ToNotOptimize, ToOptimizeLoopExtracted, &ErrorMsg)){
errs() << BD.getToolName() << ": Error linking modules together:"
<< ErrorMsg << '\n';
exit(1);
}
delete ToOptimizeLoopExtracted;
// All of the Function*'s in the MiscompiledFunctions list are in the old
// module. Update this list to include all of the functions in the
// optimized and loop extracted module.
MiscompiledFunctions.clear();
for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) {
Function *NewF = ToNotOptimize->getFunction(MisCompFunctions[i].first);
assert(NewF && "Function not found??");
assert(NewF->getFunctionType() == MisCompFunctions[i].second &&
"found wrong function type?");
MiscompiledFunctions.push_back(NewF);
}
BD.setNewProgram(ToNotOptimize);
MadeChange = true;
}
}
/// ExtractBlocks - Given a reduced list of functions that still expose the bug,
/// extract as many basic blocks from the region as possible without obscuring
/// the bug.
///
static bool ExtractBlocks(BugDriver &BD,
bool (*TestFn)(BugDriver &, Module *, Module *,
std::string &),
std::vector<Function*> &MiscompiledFunctions,
std::string &Error) {
if (BugpointIsInterrupted) return false;
std::vector<BasicBlock*> Blocks;
for (unsigned i = 0, e = MiscompiledFunctions.size(); i != e; ++i)
for (Function::iterator I = MiscompiledFunctions[i]->begin(),
E = MiscompiledFunctions[i]->end(); I != E; ++I)
Blocks.push_back(I);
// Use the list reducer to identify blocks that can be extracted without
// obscuring the bug. The Blocks list will end up containing blocks that must
// be retained from the original program.
unsigned OldSize = Blocks.size();
// Check to see if all blocks are extractible first.
bool Ret = ReduceMiscompiledBlocks(BD, TestFn, MiscompiledFunctions)
.TestFuncs(std::vector<BasicBlock*>(), Error);
if (!Error.empty())
return false;
if (Ret) {
Blocks.clear();
} else {
ReduceMiscompiledBlocks(BD, TestFn,
MiscompiledFunctions).reduceList(Blocks, Error);
if (!Error.empty())
return false;
if (Blocks.size() == OldSize)
return false;
}
DenseMap<const Value*, Value*> ValueMap;
Module *ProgClone = CloneModule(BD.getProgram(), ValueMap);
Module *ToExtract = SplitFunctionsOutOfModule(ProgClone,
MiscompiledFunctions,
ValueMap);
Module *Extracted = BD.ExtractMappedBlocksFromModule(Blocks, ToExtract);
if (Extracted == 0) {
// Weird, extraction should have worked.
errs() << "Nondeterministic problem extracting blocks??\n";
delete ProgClone;
delete ToExtract;
return false;
}
// Otherwise, block extraction succeeded. Link the two program fragments back
// together.
delete ToExtract;
std::vector<std::pair<std::string, const FunctionType*> > MisCompFunctions;
for (Module::iterator I = Extracted->begin(), E = Extracted->end();
I != E; ++I)
if (!I->isDeclaration())
MisCompFunctions.push_back(std::make_pair(I->getName(),
I->getFunctionType()));
std::string ErrorMsg;
if (Linker::LinkModules(ProgClone, Extracted, &ErrorMsg)) {
errs() << BD.getToolName() << ": Error linking modules together:"
<< ErrorMsg << '\n';
exit(1);
}
delete Extracted;
// Set the new program and delete the old one.
BD.setNewProgram(ProgClone);
// Update the list of miscompiled functions.
MiscompiledFunctions.clear();
for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) {
Function *NewF = ProgClone->getFunction(MisCompFunctions[i].first);
assert(NewF && "Function not found??");
assert(NewF->getFunctionType() == MisCompFunctions[i].second &&
"Function has wrong type??");
MiscompiledFunctions.push_back(NewF);
}
return true;
}
/*!
* This method identify which is value sym and which is object sym
*/
void SymbolTableInfo::buildMemModel(llvm::Module& module) {
analysisUtil::increaseStackSize();
prePassSchedule(module);
mod = &module;
maxFieldLimit = maxFieldNumLimit;
// Object #0 is black hole the object that may point to any object
assert(totalSymNum == BlackHole && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum++, BlackHole));
createBlkOrConstantObj(BlackHole);
// Object #1 always represents the constant
assert(totalSymNum == ConstantObj && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum++, ConstantObj));
createBlkOrConstantObj(ConstantObj);
// Pointer #2 always represents the pointer points-to black hole.
assert(totalSymNum == BlkPtr && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum++, BlkPtr));
// Pointer #3 always represents the null pointer.
assert(totalSymNum == NullPtr && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum, NullPtr));
// Add symbols for all the globals .
for (Module::global_iterator I = module.global_begin(), E =
module.global_end(); I != E; ++I) {
collectSym(&*I);
}
// Add symbols for all the global aliases
for (Module::alias_iterator I = module.alias_begin(), E =
module.alias_end(); I != E; I++) {
collectSym(&*I);
}
// Add symbols for all of the functions and the instructions in them.
for (Module::iterator F = module.begin(), E = module.end(); F != E; ++F) {
collectSym(&*F);
collectRet(&*F);
if (F->getFunctionType()->isVarArg())
collectVararg(&*F);
// Add symbols for all formal parameters.
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end();
I != E; ++I) {
collectSym(&*I);
}
// collect and create symbols inside the function body
for (inst_iterator II = inst_begin(&*F), E = inst_end(&*F); II != E; ++II) {
const Instruction *inst = &*II;
collectSym(inst);
// initialization for some special instructions
//{@
if (const StoreInst *st = dyn_cast<StoreInst>(inst)) {
collectSym(st->getPointerOperand());
collectSym(st->getValueOperand());
}
else if (const LoadInst *ld = dyn_cast<LoadInst>(inst)) {
collectSym(ld->getPointerOperand());
}
else if (const PHINode *phi = dyn_cast<PHINode>(inst)) {
for (u32_t i = 0; i < phi->getNumIncomingValues(); ++i) {
collectSym(phi->getIncomingValue(i));
}
}
else if (const GetElementPtrInst *gep = dyn_cast<GetElementPtrInst>(
inst)) {
collectSym(gep->getPointerOperand());
}
else if (const SelectInst *sel = dyn_cast<SelectInst>(inst)) {
collectSym(sel->getTrueValue());
collectSym(sel->getFalseValue());
}
else if (const CastInst *cast = dyn_cast<CastInst>(inst)) {
collectSym(cast->getOperand(0));
}
else if (const ReturnInst *ret = dyn_cast<ReturnInst>(inst)) {
if(ret->getReturnValue())
collectSym(ret->getReturnValue());
}
else if (isCallSite(inst) && isInstrinsicDbgInst(inst)==false) {
CallSite cs = analysisUtil::getLLVMCallSite(inst);
callSiteSet.insert(cs);
for (CallSite::arg_iterator it = cs.arg_begin();
it != cs.arg_end(); ++it) {
collectSym(*it);
}
// Calls to inline asm need to be added as well because the callee isn't
// referenced anywhere else.
const Value *Callee = cs.getCalledValue();
collectSym(Callee);
//TODO handle inlineAsm
///if (isa<InlineAsm>(Callee))
}
//@}
}
}
}