1 //===- ExtractFunction.cpp - Extract a function from Program --------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file implements several methods that are used to extract functions,
10 // loops, or portions of a module from the rest of the module.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "BugDriver.h"
15 #include "llvm/IR/Constants.h"
16 #include "llvm/IR/DataLayout.h"
17 #include "llvm/IR/DerivedTypes.h"
18 #include "llvm/IR/LLVMContext.h"
19 #include "llvm/IR/LegacyPassManager.h"
20 #include "llvm/IR/Module.h"
21 #include "llvm/IR/Verifier.h"
22 #include "llvm/Pass.h"
23 #include "llvm/Support/CommandLine.h"
24 #include "llvm/Support/Debug.h"
25 #include "llvm/Support/FileUtilities.h"
26 #include "llvm/Support/Path.h"
27 #include "llvm/Support/Signals.h"
28 #include "llvm/Support/ToolOutputFile.h"
29 #include "llvm/Transforms/IPO.h"
30 #include "llvm/Transforms/Scalar.h"
31 #include "llvm/Transforms/Utils/Cloning.h"
32 #include "llvm/Transforms/Utils/CodeExtractor.h"
33 #include <set>
34 using namespace llvm;
35
36 #define DEBUG_TYPE "bugpoint"
37
38 namespace llvm {
39 bool DisableSimplifyCFG = false;
40 extern cl::opt<std::string> OutputPrefix;
41 } // End llvm namespace
42
43 namespace {
44 cl::opt<bool> NoDCE("disable-dce",
45 cl::desc("Do not use the -dce pass to reduce testcases"));
46 cl::opt<bool, true>
47 NoSCFG("disable-simplifycfg", cl::location(DisableSimplifyCFG),
48 cl::desc("Do not use the -simplifycfg pass to reduce testcases"));
49
globalInitUsesExternalBA(GlobalVariable * GV)50 Function *globalInitUsesExternalBA(GlobalVariable *GV) {
51 if (!GV->hasInitializer())
52 return nullptr;
53
54 Constant *I = GV->getInitializer();
55
56 // walk the values used by the initializer
57 // (and recurse into things like ConstantExpr)
58 std::vector<Constant *> Todo;
59 std::set<Constant *> Done;
60 Todo.push_back(I);
61
62 while (!Todo.empty()) {
63 Constant *V = Todo.back();
64 Todo.pop_back();
65 Done.insert(V);
66
67 if (BlockAddress *BA = dyn_cast<BlockAddress>(V)) {
68 Function *F = BA->getFunction();
69 if (F->isDeclaration())
70 return F;
71 }
72
73 for (User::op_iterator i = V->op_begin(), e = V->op_end(); i != e; ++i) {
74 Constant *C = dyn_cast<Constant>(*i);
75 if (C && !isa<GlobalValue>(C) && !Done.count(C))
76 Todo.push_back(C);
77 }
78 }
79 return nullptr;
80 }
81 } // end anonymous namespace
82
83 std::unique_ptr<Module>
deleteInstructionFromProgram(const Instruction * I,unsigned Simplification)84 BugDriver::deleteInstructionFromProgram(const Instruction *I,
85 unsigned Simplification) {
86 // FIXME, use vmap?
87 std::unique_ptr<Module> Clone = CloneModule(*Program);
88
89 const BasicBlock *PBB = I->getParent();
90 const Function *PF = PBB->getParent();
91
92 Module::iterator RFI = Clone->begin(); // Get iterator to corresponding fn
93 std::advance(
94 RFI, std::distance(PF->getParent()->begin(), Module::const_iterator(PF)));
95
96 Function::iterator RBI = RFI->begin(); // Get iterator to corresponding BB
97 std::advance(RBI, std::distance(PF->begin(), Function::const_iterator(PBB)));
98
99 BasicBlock::iterator RI = RBI->begin(); // Get iterator to corresponding inst
100 std::advance(RI, std::distance(PBB->begin(), BasicBlock::const_iterator(I)));
101 Instruction *TheInst = &*RI; // Got the corresponding instruction!
102
103 // If this instruction produces a value, replace any users with null values
104 if (!TheInst->getType()->isVoidTy())
105 TheInst->replaceAllUsesWith(Constant::getNullValue(TheInst->getType()));
106
107 // Remove the instruction from the program.
108 TheInst->eraseFromParent();
109
110 // Spiff up the output a little bit.
111 std::vector<std::string> Passes;
112
113 /// Can we get rid of the -disable-* options?
114 if (Simplification > 1 && !NoDCE)
115 Passes.push_back("dce");
116 if (Simplification && !DisableSimplifyCFG)
117 Passes.push_back("simplifycfg"); // Delete dead control flow
118
119 Passes.push_back("verify");
120 std::unique_ptr<Module> New = runPassesOn(Clone.get(), Passes);
121 if (!New) {
122 errs() << "Instruction removal failed. Sorry. :( Please report a bug!\n";
123 exit(1);
124 }
125 return New;
126 }
127
128 std::unique_ptr<Module>
performFinalCleanups(std::unique_ptr<Module> M,bool MayModifySemantics)129 BugDriver::performFinalCleanups(std::unique_ptr<Module> M,
130 bool MayModifySemantics) {
131 // Make all functions external, so GlobalDCE doesn't delete them...
132 for (Module::iterator I = M->begin(), E = M->end(); I != E; ++I)
133 I->setLinkage(GlobalValue::ExternalLinkage);
134
135 std::vector<std::string> CleanupPasses;
136
137 if (MayModifySemantics)
138 CleanupPasses.push_back("deadarghaX0r");
139 else
140 CleanupPasses.push_back("deadargelim");
141
142 std::unique_ptr<Module> New = runPassesOn(M.get(), CleanupPasses);
143 if (!New) {
144 errs() << "Final cleanups failed. Sorry. :( Please report a bug!\n";
145 return nullptr;
146 }
147 return New;
148 }
149
extractLoop(Module * M)150 std::unique_ptr<Module> BugDriver::extractLoop(Module *M) {
151 std::vector<std::string> LoopExtractPasses;
152 LoopExtractPasses.push_back("loop-extract-single");
153
154 std::unique_ptr<Module> NewM = runPassesOn(M, LoopExtractPasses);
155 if (!NewM) {
156 outs() << "*** Loop extraction failed: ";
157 EmitProgressBitcode(*M, "loopextraction", true);
158 outs() << "*** Sorry. :( Please report a bug!\n";
159 return nullptr;
160 }
161
162 // Check to see if we created any new functions. If not, no loops were
163 // extracted and we should return null. Limit the number of loops we extract
164 // to avoid taking forever.
165 static unsigned NumExtracted = 32;
166 if (M->size() == NewM->size() || --NumExtracted == 0) {
167 return nullptr;
168 } else {
169 assert(M->size() < NewM->size() && "Loop extract removed functions?");
170 Module::iterator MI = NewM->begin();
171 for (unsigned i = 0, e = M->size(); i != e; ++i)
172 ++MI;
173 }
174
175 return NewM;
176 }
177
eliminateAliases(GlobalValue * GV)178 static void eliminateAliases(GlobalValue *GV) {
179 // First, check whether a GlobalAlias references this definition.
180 // GlobalAlias MAY NOT reference declarations.
181 for (;;) {
182 // 1. Find aliases
183 SmallVector<GlobalAlias *, 1> aliases;
184 Module *M = GV->getParent();
185 for (Module::alias_iterator I = M->alias_begin(), E = M->alias_end();
186 I != E; ++I)
187 if (I->getAliasee()->stripPointerCasts() == GV)
188 aliases.push_back(&*I);
189 if (aliases.empty())
190 break;
191 // 2. Resolve aliases
192 for (unsigned i = 0, e = aliases.size(); i < e; ++i) {
193 aliases[i]->replaceAllUsesWith(aliases[i]->getAliasee());
194 aliases[i]->eraseFromParent();
195 }
196 // 3. Repeat until no more aliases found; there might
197 // be an alias to an alias...
198 }
199 }
200
201 //
202 // DeleteGlobalInitializer - "Remove" the global variable by deleting its
203 // initializer,
204 // making it external.
205 //
DeleteGlobalInitializer(GlobalVariable * GV)206 void llvm::DeleteGlobalInitializer(GlobalVariable *GV) {
207 eliminateAliases(GV);
208 GV->setInitializer(nullptr);
209 GV->setComdat(nullptr);
210 }
211
212 // DeleteFunctionBody - "Remove" the function by deleting all of its basic
213 // blocks, making it external.
214 //
DeleteFunctionBody(Function * F)215 void llvm::DeleteFunctionBody(Function *F) {
216 eliminateAliases(F);
217 // Function declarations can't have comdats.
218 F->setComdat(nullptr);
219
220 // delete the body of the function...
221 F->deleteBody();
222 assert(F->isDeclaration() && "This didn't make the function external!");
223 }
224
225 /// GetTorInit - Given a list of entries for static ctors/dtors, return them
226 /// as a constant array.
GetTorInit(std::vector<std::pair<Function *,int>> & TorList)227 static Constant *GetTorInit(std::vector<std::pair<Function *, int>> &TorList) {
228 assert(!TorList.empty() && "Don't create empty tor list!");
229 std::vector<Constant *> ArrayElts;
230 Type *Int32Ty = Type::getInt32Ty(TorList[0].first->getContext());
231
232 StructType *STy = StructType::get(Int32Ty, TorList[0].first->getType());
233 for (unsigned i = 0, e = TorList.size(); i != e; ++i) {
234 Constant *Elts[] = {ConstantInt::get(Int32Ty, TorList[i].second),
235 TorList[i].first};
236 ArrayElts.push_back(ConstantStruct::get(STy, Elts));
237 }
238 return ConstantArray::get(
239 ArrayType::get(ArrayElts[0]->getType(), ArrayElts.size()), ArrayElts);
240 }
241
242 /// SplitStaticCtorDtor - A module was recently split into two parts, M1/M2, and
243 /// M1 has all of the global variables. If M2 contains any functions that are
244 /// static ctors/dtors, we need to add an llvm.global_[cd]tors global to M2, and
245 /// prune appropriate entries out of M1s list.
SplitStaticCtorDtor(const char * GlobalName,Module * M1,Module * M2,ValueToValueMapTy & VMap)246 static void SplitStaticCtorDtor(const char *GlobalName, Module *M1, Module *M2,
247 ValueToValueMapTy &VMap) {
248 GlobalVariable *GV = M1->getNamedGlobal(GlobalName);
249 if (!GV || GV->isDeclaration() || GV->hasLocalLinkage() || !GV->use_empty())
250 return;
251
252 std::vector<std::pair<Function *, int>> M1Tors, M2Tors;
253 ConstantArray *InitList = dyn_cast<ConstantArray>(GV->getInitializer());
254 if (!InitList)
255 return;
256
257 for (unsigned i = 0, e = InitList->getNumOperands(); i != e; ++i) {
258 if (ConstantStruct *CS =
259 dyn_cast<ConstantStruct>(InitList->getOperand(i))) {
260 if (CS->getNumOperands() != 2)
261 return; // Not array of 2-element structs.
262
263 if (CS->getOperand(1)->isNullValue())
264 break; // Found a null terminator, stop here.
265
266 ConstantInt *CI = dyn_cast<ConstantInt>(CS->getOperand(0));
267 int Priority = CI ? CI->getSExtValue() : 0;
268
269 Constant *FP = CS->getOperand(1);
270 if (ConstantExpr *CE = dyn_cast<ConstantExpr>(FP))
271 if (CE->isCast())
272 FP = CE->getOperand(0);
273 if (Function *F = dyn_cast<Function>(FP)) {
274 if (!F->isDeclaration())
275 M1Tors.push_back(std::make_pair(F, Priority));
276 else {
277 // Map to M2's version of the function.
278 F = cast<Function>(VMap[F]);
279 M2Tors.push_back(std::make_pair(F, Priority));
280 }
281 }
282 }
283 }
284
285 GV->eraseFromParent();
286 if (!M1Tors.empty()) {
287 Constant *M1Init = GetTorInit(M1Tors);
288 new GlobalVariable(*M1, M1Init->getType(), false,
289 GlobalValue::AppendingLinkage, M1Init, GlobalName);
290 }
291
292 GV = M2->getNamedGlobal(GlobalName);
293 assert(GV && "Not a clone of M1?");
294 assert(GV->use_empty() && "llvm.ctors shouldn't have uses!");
295
296 GV->eraseFromParent();
297 if (!M2Tors.empty()) {
298 Constant *M2Init = GetTorInit(M2Tors);
299 new GlobalVariable(*M2, M2Init->getType(), false,
300 GlobalValue::AppendingLinkage, M2Init, GlobalName);
301 }
302 }
303
304 std::unique_ptr<Module>
SplitFunctionsOutOfModule(Module * M,const std::vector<Function * > & F,ValueToValueMapTy & VMap)305 llvm::SplitFunctionsOutOfModule(Module *M, const std::vector<Function *> &F,
306 ValueToValueMapTy &VMap) {
307 // Make sure functions & globals are all external so that linkage
308 // between the two modules will work.
309 for (Module::iterator I = M->begin(), E = M->end(); I != E; ++I)
310 I->setLinkage(GlobalValue::ExternalLinkage);
311 for (Module::global_iterator I = M->global_begin(), E = M->global_end();
312 I != E; ++I) {
313 if (I->hasName() && I->getName()[0] == '\01')
314 I->setName(I->getName().substr(1));
315 I->setLinkage(GlobalValue::ExternalLinkage);
316 }
317
318 ValueToValueMapTy NewVMap;
319 std::unique_ptr<Module> New = CloneModule(*M, NewVMap);
320
321 // Remove the Test functions from the Safe module
322 std::set<Function *> TestFunctions;
323 for (unsigned i = 0, e = F.size(); i != e; ++i) {
324 Function *TNOF = cast<Function>(VMap[F[i]]);
325 LLVM_DEBUG(errs() << "Removing function ");
326 LLVM_DEBUG(TNOF->printAsOperand(errs(), false));
327 LLVM_DEBUG(errs() << "\n");
328 TestFunctions.insert(cast<Function>(NewVMap[TNOF]));
329 DeleteFunctionBody(TNOF); // Function is now external in this module!
330 }
331
332 // Remove the Safe functions from the Test module
333 for (Function &I : *New)
334 if (!TestFunctions.count(&I))
335 DeleteFunctionBody(&I);
336
337 // Try to split the global initializers evenly
338 for (GlobalVariable &I : M->globals()) {
339 GlobalVariable *GV = cast<GlobalVariable>(NewVMap[&I]);
340 if (Function *TestFn = globalInitUsesExternalBA(&I)) {
341 if (Function *SafeFn = globalInitUsesExternalBA(GV)) {
342 errs() << "*** Error: when reducing functions, encountered "
343 "the global '";
344 GV->printAsOperand(errs(), false);
345 errs() << "' with an initializer that references blockaddresses "
346 "from safe function '"
347 << SafeFn->getName() << "' and from test function '"
348 << TestFn->getName() << "'.\n";
349 exit(1);
350 }
351 DeleteGlobalInitializer(&I); // Delete the initializer to make it external
352 } else {
353 // If we keep it in the safe module, then delete it in the test module
354 DeleteGlobalInitializer(GV);
355 }
356 }
357
358 // Make sure that there is a global ctor/dtor array in both halves of the
359 // module if they both have static ctor/dtor functions.
360 SplitStaticCtorDtor("llvm.global_ctors", M, New.get(), NewVMap);
361 SplitStaticCtorDtor("llvm.global_dtors", M, New.get(), NewVMap);
362
363 return New;
364 }
365
366 //===----------------------------------------------------------------------===//
367 // Basic Block Extraction Code
368 //===----------------------------------------------------------------------===//
369
370 std::unique_ptr<Module>
extractMappedBlocksFromModule(const std::vector<BasicBlock * > & BBs,Module * M)371 BugDriver::extractMappedBlocksFromModule(const std::vector<BasicBlock *> &BBs,
372 Module *M) {
373 auto Temp = sys::fs::TempFile::create(OutputPrefix + "-extractblocks%%%%%%%");
374 if (!Temp) {
375 outs() << "*** Basic Block extraction failed!\n";
376 errs() << "Error creating temporary file: " << toString(Temp.takeError())
377 << "\n";
378 EmitProgressBitcode(*M, "basicblockextractfail", true);
379 return nullptr;
380 }
381 DiscardTemp Discard{*Temp};
382
383 // Extract all of the blocks except the ones in BBs.
384 SmallVector<BasicBlock *, 32> BlocksToExtract;
385 for (Function &F : *M)
386 for (BasicBlock &BB : F)
387 // Check if this block is going to be extracted.
388 if (!llvm::is_contained(BBs, &BB))
389 BlocksToExtract.push_back(&BB);
390
391 raw_fd_ostream OS(Temp->FD, /*shouldClose*/ false);
392 for (BasicBlock *BB : BBs) {
393 // If the BB doesn't have a name, give it one so we have something to key
394 // off of.
395 if (!BB->hasName())
396 BB->setName("tmpbb");
397 OS << BB->getParent()->getName() << " " << BB->getName() << "\n";
398 }
399 OS.flush();
400 if (OS.has_error()) {
401 errs() << "Error writing list of blocks to not extract\n";
402 EmitProgressBitcode(*M, "basicblockextractfail", true);
403 OS.clear_error();
404 return nullptr;
405 }
406
407 std::string uniqueFN = "--extract-blocks-file=";
408 uniqueFN += Temp->TmpName;
409
410 std::vector<std::string> PI;
411 PI.push_back("extract-blocks");
412 std::unique_ptr<Module> Ret = runPassesOn(M, PI, {uniqueFN});
413
414 if (!Ret) {
415 outs() << "*** Basic Block extraction failed, please report a bug!\n";
416 EmitProgressBitcode(*M, "basicblockextractfail", true);
417 }
418 return Ret;
419 }
420