1 //===- ExtractFunction.cpp - Extract a function from Program --------------===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file implements several methods that are used to extract functions,
11 // loops, or portions of a module from the rest of the module.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "BugDriver.h"
16 #include "llvm/IR/Constants.h"
17 #include "llvm/IR/DataLayout.h"
18 #include "llvm/IR/DerivedTypes.h"
19 #include "llvm/IR/LLVMContext.h"
20 #include "llvm/IR/LegacyPassManager.h"
21 #include "llvm/IR/Module.h"
22 #include "llvm/IR/Verifier.h"
23 #include "llvm/Pass.h"
24 #include "llvm/Support/CommandLine.h"
25 #include "llvm/Support/Debug.h"
26 #include "llvm/Support/FileUtilities.h"
27 #include "llvm/Support/Path.h"
28 #include "llvm/Support/Signals.h"
29 #include "llvm/Support/ToolOutputFile.h"
30 #include "llvm/Transforms/IPO.h"
31 #include "llvm/Transforms/Scalar.h"
32 #include "llvm/Transforms/Utils/Cloning.h"
33 #include "llvm/Transforms/Utils/CodeExtractor.h"
34 #include <set>
35 using namespace llvm;
36 
37 #define DEBUG_TYPE "bugpoint"
38 
39 namespace llvm {
40   bool DisableSimplifyCFG = false;
41   extern cl::opt<std::string> OutputPrefix;
42 } // End llvm namespace
43 
44 namespace {
45   cl::opt<bool>
46   NoDCE ("disable-dce",
47          cl::desc("Do not use the -dce pass to reduce testcases"));
48   cl::opt<bool, true>
49   NoSCFG("disable-simplifycfg", cl::location(DisableSimplifyCFG),
50          cl::desc("Do not use the -simplifycfg pass to reduce testcases"));
51 
globalInitUsesExternalBA(GlobalVariable * GV)52   Function* globalInitUsesExternalBA(GlobalVariable* GV) {
53     if (!GV->hasInitializer())
54       return nullptr;
55 
56     Constant *I = GV->getInitializer();
57 
58     // walk the values used by the initializer
59     // (and recurse into things like ConstantExpr)
60     std::vector<Constant*> Todo;
61     std::set<Constant*> Done;
62     Todo.push_back(I);
63 
64     while (!Todo.empty()) {
65       Constant* V = Todo.back();
66       Todo.pop_back();
67       Done.insert(V);
68 
69       if (BlockAddress *BA = dyn_cast<BlockAddress>(V)) {
70         Function *F = BA->getFunction();
71         if (F->isDeclaration())
72           return F;
73       }
74 
75       for (User::op_iterator i = V->op_begin(), e = V->op_end(); i != e; ++i) {
76         Constant *C = dyn_cast<Constant>(*i);
77         if (C && !isa<GlobalValue>(C) && !Done.count(C))
78           Todo.push_back(C);
79       }
80     }
81     return nullptr;
82   }
83 }  // end anonymous namespace
84 
85 std::unique_ptr<Module>
deleteInstructionFromProgram(const Instruction * I,unsigned Simplification)86 BugDriver::deleteInstructionFromProgram(const Instruction *I,
87                                         unsigned Simplification) {
88   // FIXME, use vmap?
89   Module *Clone = CloneModule(Program).release();
90 
91   const BasicBlock *PBB = I->getParent();
92   const Function *PF = PBB->getParent();
93 
94   Module::iterator RFI = Clone->begin(); // Get iterator to corresponding fn
95   std::advance(RFI, std::distance(PF->getParent()->begin(),
96                                   Module::const_iterator(PF)));
97 
98   Function::iterator RBI = RFI->begin();  // Get iterator to corresponding BB
99   std::advance(RBI, std::distance(PF->begin(), Function::const_iterator(PBB)));
100 
101   BasicBlock::iterator RI = RBI->begin(); // Get iterator to corresponding inst
102   std::advance(RI, std::distance(PBB->begin(), BasicBlock::const_iterator(I)));
103   Instruction *TheInst = &*RI; // Got the corresponding instruction!
104 
105   // If this instruction produces a value, replace any users with null values
106   if (!TheInst->getType()->isVoidTy())
107     TheInst->replaceAllUsesWith(Constant::getNullValue(TheInst->getType()));
108 
109   // Remove the instruction from the program.
110   TheInst->getParent()->getInstList().erase(TheInst);
111 
112   // Spiff up the output a little bit.
113   std::vector<std::string> Passes;
114 
115   /// Can we get rid of the -disable-* options?
116   if (Simplification > 1 && !NoDCE)
117     Passes.push_back("dce");
118   if (Simplification && !DisableSimplifyCFG)
119     Passes.push_back("simplifycfg");      // Delete dead control flow
120 
121   Passes.push_back("verify");
122   std::unique_ptr<Module> New = runPassesOn(Clone, Passes);
123   delete Clone;
124   if (!New) {
125     errs() << "Instruction removal failed.  Sorry. :(  Please report a bug!\n";
126     exit(1);
127   }
128   return New;
129 }
130 
131 std::unique_ptr<Module>
performFinalCleanups(Module * M,bool MayModifySemantics)132 BugDriver::performFinalCleanups(Module *M, bool MayModifySemantics) {
133   // Make all functions external, so GlobalDCE doesn't delete them...
134   for (Module::iterator I = M->begin(), E = M->end(); I != E; ++I)
135     I->setLinkage(GlobalValue::ExternalLinkage);
136 
137   std::vector<std::string> CleanupPasses;
138   CleanupPasses.push_back("globaldce");
139 
140   if (MayModifySemantics)
141     CleanupPasses.push_back("deadarghaX0r");
142   else
143     CleanupPasses.push_back("deadargelim");
144 
145   std::unique_ptr<Module> New = runPassesOn(M, CleanupPasses);
146   if (!New) {
147     errs() << "Final cleanups failed.  Sorry. :(  Please report a bug!\n";
148     return nullptr;
149   }
150   delete M;
151   return New;
152 }
153 
extractLoop(Module * M)154 std::unique_ptr<Module> BugDriver::extractLoop(Module *M) {
155   std::vector<std::string> LoopExtractPasses;
156   LoopExtractPasses.push_back("loop-extract-single");
157 
158   std::unique_ptr<Module> NewM = runPassesOn(M, LoopExtractPasses);
159   if (!NewM) {
160     outs() << "*** Loop extraction failed: ";
161     EmitProgressBitcode(M, "loopextraction", true);
162     outs() << "*** Sorry. :(  Please report a bug!\n";
163     return nullptr;
164   }
165 
166   // Check to see if we created any new functions.  If not, no loops were
167   // extracted and we should return null.  Limit the number of loops we extract
168   // to avoid taking forever.
169   static unsigned NumExtracted = 32;
170   if (M->size() == NewM->size() || --NumExtracted == 0) {
171     return nullptr;
172   } else {
173     assert(M->size() < NewM->size() && "Loop extract removed functions?");
174     Module::iterator MI = NewM->begin();
175     for (unsigned i = 0, e = M->size(); i != e; ++i)
176       ++MI;
177   }
178 
179   return NewM;
180 }
181 
eliminateAliases(GlobalValue * GV)182 static void eliminateAliases(GlobalValue *GV) {
183   // First, check whether a GlobalAlias references this definition.
184   // GlobalAlias MAY NOT reference declarations.
185   for (;;) {
186     // 1. Find aliases
187     SmallVector<GlobalAlias*,1> aliases;
188     Module *M = GV->getParent();
189     for (Module::alias_iterator I=M->alias_begin(), E=M->alias_end(); I!=E; ++I)
190       if (I->getAliasee()->stripPointerCasts() == GV)
191         aliases.push_back(&*I);
192     if (aliases.empty())
193       break;
194     // 2. Resolve aliases
195     for (unsigned i=0, e=aliases.size(); i<e; ++i) {
196       aliases[i]->replaceAllUsesWith(aliases[i]->getAliasee());
197       aliases[i]->eraseFromParent();
198     }
199     // 3. Repeat until no more aliases found; there might
200     // be an alias to an alias...
201   }
202 }
203 
204 //
205 // DeleteGlobalInitializer - "Remove" the global variable by deleting its initializer,
206 // making it external.
207 //
DeleteGlobalInitializer(GlobalVariable * GV)208 void llvm::DeleteGlobalInitializer(GlobalVariable *GV) {
209   eliminateAliases(GV);
210   GV->setInitializer(nullptr);
211 }
212 
213 // DeleteFunctionBody - "Remove" the function by deleting all of its basic
214 // blocks, making it external.
215 //
DeleteFunctionBody(Function * F)216 void llvm::DeleteFunctionBody(Function *F) {
217   eliminateAliases(F);
218   // Function declarations can't have comdats.
219   F->setComdat(nullptr);
220 
221   // delete the body of the function...
222   F->deleteBody();
223   assert(F->isDeclaration() && "This didn't make the function external!");
224 }
225 
226 /// GetTorInit - Given a list of entries for static ctors/dtors, return them
227 /// as a constant array.
GetTorInit(std::vector<std::pair<Function *,int>> & TorList)228 static Constant *GetTorInit(std::vector<std::pair<Function*, int> > &TorList) {
229   assert(!TorList.empty() && "Don't create empty tor list!");
230   std::vector<Constant*> ArrayElts;
231   Type *Int32Ty = Type::getInt32Ty(TorList[0].first->getContext());
232 
233   StructType *STy =
234       StructType::get(Int32Ty, TorList[0].first->getType(), nullptr);
235   for (unsigned i = 0, e = TorList.size(); i != e; ++i) {
236     Constant *Elts[] = {
237       ConstantInt::get(Int32Ty, TorList[i].second),
238       TorList[i].first
239     };
240     ArrayElts.push_back(ConstantStruct::get(STy, Elts));
241   }
242   return ConstantArray::get(ArrayType::get(ArrayElts[0]->getType(),
243                                            ArrayElts.size()),
244                             ArrayElts);
245 }
246 
247 /// SplitStaticCtorDtor - A module was recently split into two parts, M1/M2, and
248 /// M1 has all of the global variables.  If M2 contains any functions that are
249 /// static ctors/dtors, we need to add an llvm.global_[cd]tors global to M2, and
250 /// prune appropriate entries out of M1s list.
SplitStaticCtorDtor(const char * GlobalName,Module * M1,Module * M2,ValueToValueMapTy & VMap)251 static void SplitStaticCtorDtor(const char *GlobalName, Module *M1, Module *M2,
252                                 ValueToValueMapTy &VMap) {
253   GlobalVariable *GV = M1->getNamedGlobal(GlobalName);
254   if (!GV || GV->isDeclaration() || GV->hasLocalLinkage() ||
255       !GV->use_empty()) return;
256 
257   std::vector<std::pair<Function*, int> > M1Tors, M2Tors;
258   ConstantArray *InitList = dyn_cast<ConstantArray>(GV->getInitializer());
259   if (!InitList) return;
260 
261   for (unsigned i = 0, e = InitList->getNumOperands(); i != e; ++i) {
262     if (ConstantStruct *CS = dyn_cast<ConstantStruct>(InitList->getOperand(i))){
263       if (CS->getNumOperands() != 2) return;  // Not array of 2-element structs.
264 
265       if (CS->getOperand(1)->isNullValue())
266         break;  // Found a null terminator, stop here.
267 
268       ConstantInt *CI = dyn_cast<ConstantInt>(CS->getOperand(0));
269       int Priority = CI ? CI->getSExtValue() : 0;
270 
271       Constant *FP = CS->getOperand(1);
272       if (ConstantExpr *CE = dyn_cast<ConstantExpr>(FP))
273         if (CE->isCast())
274           FP = CE->getOperand(0);
275       if (Function *F = dyn_cast<Function>(FP)) {
276         if (!F->isDeclaration())
277           M1Tors.push_back(std::make_pair(F, Priority));
278         else {
279           // Map to M2's version of the function.
280           F = cast<Function>(VMap[F]);
281           M2Tors.push_back(std::make_pair(F, Priority));
282         }
283       }
284     }
285   }
286 
287   GV->eraseFromParent();
288   if (!M1Tors.empty()) {
289     Constant *M1Init = GetTorInit(M1Tors);
290     new GlobalVariable(*M1, M1Init->getType(), false,
291                        GlobalValue::AppendingLinkage,
292                        M1Init, GlobalName);
293   }
294 
295   GV = M2->getNamedGlobal(GlobalName);
296   assert(GV && "Not a clone of M1?");
297   assert(GV->use_empty() && "llvm.ctors shouldn't have uses!");
298 
299   GV->eraseFromParent();
300   if (!M2Tors.empty()) {
301     Constant *M2Init = GetTorInit(M2Tors);
302     new GlobalVariable(*M2, M2Init->getType(), false,
303                        GlobalValue::AppendingLinkage,
304                        M2Init, GlobalName);
305   }
306 }
307 
308 std::unique_ptr<Module>
SplitFunctionsOutOfModule(Module * M,const std::vector<Function * > & F,ValueToValueMapTy & VMap)309 llvm::SplitFunctionsOutOfModule(Module *M, const std::vector<Function *> &F,
310                                 ValueToValueMapTy &VMap) {
311   // Make sure functions & globals are all external so that linkage
312   // between the two modules will work.
313   for (Module::iterator I = M->begin(), E = M->end(); I != E; ++I)
314     I->setLinkage(GlobalValue::ExternalLinkage);
315   for (Module::global_iterator I = M->global_begin(), E = M->global_end();
316        I != E; ++I) {
317     if (I->hasName() && I->getName()[0] == '\01')
318       I->setName(I->getName().substr(1));
319     I->setLinkage(GlobalValue::ExternalLinkage);
320   }
321 
322   ValueToValueMapTy NewVMap;
323   std::unique_ptr<Module> New = CloneModule(M, NewVMap);
324 
325   // Remove the Test functions from the Safe module
326   std::set<Function *> TestFunctions;
327   for (unsigned i = 0, e = F.size(); i != e; ++i) {
328     Function *TNOF = cast<Function>(VMap[F[i]]);
329     DEBUG(errs() << "Removing function ");
330     DEBUG(TNOF->printAsOperand(errs(), false));
331     DEBUG(errs() << "\n");
332     TestFunctions.insert(cast<Function>(NewVMap[TNOF]));
333     DeleteFunctionBody(TNOF);       // Function is now external in this module!
334   }
335 
336 
337   // Remove the Safe functions from the Test module
338   for (Function &I : *New)
339     if (!TestFunctions.count(&I))
340       DeleteFunctionBody(&I);
341 
342   // Try to split the global initializers evenly
343   for (GlobalVariable &I : M->globals()) {
344     GlobalVariable *GV = cast<GlobalVariable>(NewVMap[&I]);
345     if (Function *TestFn = globalInitUsesExternalBA(&I)) {
346       if (Function *SafeFn = globalInitUsesExternalBA(GV)) {
347         errs() << "*** Error: when reducing functions, encountered "
348                   "the global '";
349         GV->printAsOperand(errs(), false);
350         errs() << "' with an initializer that references blockaddresses "
351                   "from safe function '" << SafeFn->getName()
352                << "' and from test function '" << TestFn->getName() << "'.\n";
353         exit(1);
354       }
355       DeleteGlobalInitializer(&I); // Delete the initializer to make it external
356     } else {
357       // If we keep it in the safe module, then delete it in the test module
358       DeleteGlobalInitializer(GV);
359     }
360   }
361 
362   // Make sure that there is a global ctor/dtor array in both halves of the
363   // module if they both have static ctor/dtor functions.
364   SplitStaticCtorDtor("llvm.global_ctors", M, New.get(), NewVMap);
365   SplitStaticCtorDtor("llvm.global_dtors", M, New.get(), NewVMap);
366 
367   return New;
368 }
369 
370 //===----------------------------------------------------------------------===//
371 // Basic Block Extraction Code
372 //===----------------------------------------------------------------------===//
373 
374 std::unique_ptr<Module>
extractMappedBlocksFromModule(const std::vector<BasicBlock * > & BBs,Module * M)375 BugDriver::extractMappedBlocksFromModule(const std::vector<BasicBlock *> &BBs,
376                                          Module *M) {
377   SmallString<128> Filename;
378   int FD;
379   std::error_code EC = sys::fs::createUniqueFile(
380       OutputPrefix + "-extractblocks%%%%%%%", FD, Filename);
381   if (EC) {
382     outs() << "*** Basic Block extraction failed!\n";
383     errs() << "Error creating temporary file: " << EC.message() << "\n";
384     EmitProgressBitcode(M, "basicblockextractfail", true);
385     return nullptr;
386   }
387   sys::RemoveFileOnSignal(Filename);
388 
389   tool_output_file BlocksToNotExtractFile(Filename.c_str(), FD);
390   for (std::vector<BasicBlock*>::const_iterator I = BBs.begin(), E = BBs.end();
391        I != E; ++I) {
392     BasicBlock *BB = *I;
393     // If the BB doesn't have a name, give it one so we have something to key
394     // off of.
395     if (!BB->hasName()) BB->setName("tmpbb");
396     BlocksToNotExtractFile.os() << BB->getParent()->getName() << " "
397                                 << BB->getName() << "\n";
398   }
399   BlocksToNotExtractFile.os().close();
400   if (BlocksToNotExtractFile.os().has_error()) {
401     errs() << "Error writing list of blocks to not extract\n";
402     EmitProgressBitcode(M, "basicblockextractfail", true);
403     BlocksToNotExtractFile.os().clear_error();
404     return nullptr;
405   }
406   BlocksToNotExtractFile.keep();
407 
408   std::string uniqueFN = "--extract-blocks-file=";
409   uniqueFN += Filename.str();
410   const char *ExtraArg = uniqueFN.c_str();
411 
412   std::vector<std::string> PI;
413   PI.push_back("extract-blocks");
414   std::unique_ptr<Module> Ret = runPassesOn(M, PI, 1, &ExtraArg);
415 
416   sys::fs::remove(Filename.c_str());
417 
418   if (!Ret) {
419     outs() << "*** Basic Block extraction failed, please report a bug!\n";
420     EmitProgressBitcode(M, "basicblockextractfail", true);
421   }
422   return Ret;
423 }
424