/*
This file is part of solidity.
solidity is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
solidity is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with solidity. If not, see .
*/
// SPDX-License-Identifier: GPL-3.0
/**
* Transformation of a Yul AST into a control flow graph.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
using namespace solidity;
using namespace solidity::yul;
using namespace std;
namespace
{
/// Removes edges to blocks that are not reachable.
void cleanUnreachable(CFG& _cfg)
{
// Determine which blocks are reachable from the entry.
util::BreadthFirstSearch reachabilityCheck{{_cfg.entry}};
for (auto const& functionInfo: _cfg.functionInfo | ranges::views::values)
reachabilityCheck.verticesToTraverse.emplace_back(functionInfo.entry);
reachabilityCheck.run([&](CFG::BasicBlock* _node, auto&& _addChild) {
visit(util::GenericVisitor{
[&](CFG::BasicBlock::Jump const& _jump) {
_addChild(_jump.target);
},
[&](CFG::BasicBlock::ConditionalJump const& _jump) {
_addChild(_jump.zero);
_addChild(_jump.nonZero);
},
[](CFG::BasicBlock::FunctionReturn const&) {},
[](CFG::BasicBlock::Terminated const&) {},
[](CFG::BasicBlock::MainExit const&) {}
}, _node->exit);
});
// Remove all entries from unreachable nodes from the graph.
for (CFG::BasicBlock* node: reachabilityCheck.visited)
cxx20::erase_if(node->entries, [&](CFG::BasicBlock* entry) -> bool {
return !reachabilityCheck.visited.count(entry);
});
}
/// Sets the ``recursive`` member to ``true`` for all recursive function calls.
void markRecursiveCalls(CFG& _cfg)
{
map> callsPerBlock;
auto const& findCalls = [&](CFG::BasicBlock* _block)
{
if (auto* calls = util::valueOrNullptr(callsPerBlock, _block))
return *calls;
vector& calls = callsPerBlock[_block];
util::BreadthFirstSearch{{_block}}.run([&](CFG::BasicBlock* _block, auto _addChild) {
for (auto& operation: _block->operations)
if (auto* functionCall = get_if(&operation.operation))
calls.emplace_back(functionCall);
std::visit(util::GenericVisitor{
[&](CFG::BasicBlock::MainExit const&) {},
[&](CFG::BasicBlock::Jump const& _jump)
{
_addChild(_jump.target);
},
[&](CFG::BasicBlock::ConditionalJump const& _conditionalJump)
{
_addChild(_conditionalJump.zero);
_addChild(_conditionalJump.nonZero);
},
[&](CFG::BasicBlock::FunctionReturn const&) {},
[&](CFG::BasicBlock::Terminated const&) {},
}, _block->exit);
});
return calls;
};
for (auto& functionInfo: _cfg.functionInfo | ranges::views::values)
for (CFG::FunctionCall* call: findCalls(functionInfo.entry))
{
util::BreadthFirstSearch breadthFirstSearch{{call}};
breadthFirstSearch.run([&](CFG::FunctionCall* _call, auto _addChild) {
auto& calledFunctionInfo = _cfg.functionInfo.at(&_call->function.get());
if (&calledFunctionInfo == &functionInfo)
{
call->recursive = true;
breadthFirstSearch.abort();
return;
}
for (CFG::FunctionCall* nestedCall: findCalls(_cfg.functionInfo.at(&_call->function.get()).entry))
_addChild(nestedCall);
});
}
}
/// Marks each cut-vertex in the CFG, i.e. each block that begins a disconnected sub-graph of the CFG.
/// Entering such a block means that control flow will never return to a previously visited block.
void markStartsOfSubGraphs(CFG& _cfg)
{
vector entries;
entries.emplace_back(_cfg.entry);
for (auto&& functionInfo: _cfg.functionInfo | ranges::views::values)
entries.emplace_back(functionInfo.entry);
for (auto& entry: entries)
{
/**
* Detect bridges following Algorithm 1 in https://arxiv.org/pdf/2108.07346.pdf
* and mark the bridge targets as starts of sub-graphs.
*/
set visited;
map disc;
map low;
map parent;
size_t time = 0;
auto dfs = [&](CFG::BasicBlock* _u, auto _recurse) -> void {
visited.insert(_u);
disc[_u] = low[_u] = time;
time++;
vector children = _u->entries;
visit(util::GenericVisitor{
[&](CFG::BasicBlock::Jump const& _jump) {
children.emplace_back(_jump.target);
},
[&](CFG::BasicBlock::ConditionalJump const& _jump) {
children.emplace_back(_jump.zero);
children.emplace_back(_jump.nonZero);
},
[&](CFG::BasicBlock::FunctionReturn const&) {},
[&](CFG::BasicBlock::Terminated const&) { _u->isStartOfSubGraph = true; },
[&](CFG::BasicBlock::MainExit const&) { _u->isStartOfSubGraph = true; }
}, _u->exit);
yulAssert(!util::contains(children, _u));
for (CFG::BasicBlock* v: children)
if (!visited.count(v))
{
parent[v] = _u;
_recurse(v, _recurse);
low[_u] = min(low[_u], low[v]);
if (low[v] > disc[_u])
{
// _u <-> v is a cut edge in the undirected graph
bool edgeVtoU = util::contains(_u->entries, v);
bool edgeUtoV = util::contains(v->entries, _u);
if (edgeVtoU && !edgeUtoV)
// Cut edge v -> _u
_u->isStartOfSubGraph = true;
else if (edgeUtoV && !edgeVtoU)
// Cut edge _u -> v
v->isStartOfSubGraph = true;
}
}
else if (v != parent[_u])
low[_u] = min(low[_u], disc[v]);
};
dfs(entry, dfs);
}
}
/// Marks each block that needs to maintain a clean stack. That is each block that has an outgoing
/// path to a function return.
void markNeedsCleanStack(CFG& _cfg)
{
for (auto& functionInfo: _cfg.functionInfo | ranges::views::values)
for (CFG::BasicBlock* exit: functionInfo.exits)
util::BreadthFirstSearch{{exit}}.run([&](CFG::BasicBlock* _block, auto _addChild) {
_block->needsCleanStack = true;
for (CFG::BasicBlock* entry: _block->entries)
_addChild(entry);
});
}
}
std::unique_ptr ControlFlowGraphBuilder::build(
AsmAnalysisInfo const& _analysisInfo,
Dialect const& _dialect,
Block const& _block
)
{
auto result = std::make_unique();
result->entry = &result->makeBlock(debugDataOf(_block));
ControlFlowGraphBuilder builder(*result, _analysisInfo, _dialect);
builder.m_currentBlock = result->entry;
builder(_block);
cleanUnreachable(*result);
markRecursiveCalls(*result);
markStartsOfSubGraphs(*result);
markNeedsCleanStack(*result);
// TODO: It might be worthwhile to run some further simplifications on the graph itself here.
// E.g. if there is a jump to a node that has the jumping node as its only entry, the nodes can be fused, etc.
return result;
}
ControlFlowGraphBuilder::ControlFlowGraphBuilder(
CFG& _graph,
AsmAnalysisInfo const& _analysisInfo,
Dialect const& _dialect
):
m_graph(_graph),
m_info(_analysisInfo),
m_dialect(_dialect)
{
}
StackSlot ControlFlowGraphBuilder::operator()(Literal const& _literal)
{
return LiteralSlot{valueOfLiteral(_literal), _literal.debugData};
}
StackSlot ControlFlowGraphBuilder::operator()(Identifier const& _identifier)
{
return VariableSlot{lookupVariable(_identifier.name), _identifier.debugData};
}
StackSlot ControlFlowGraphBuilder::operator()(Expression const& _expression)
{
return std::visit(*this, _expression);
}
StackSlot ControlFlowGraphBuilder::operator()(FunctionCall const& _call)
{
Stack const& output = visitFunctionCall(_call);
yulAssert(output.size() == 1, "");
return output.front();
}
void ControlFlowGraphBuilder::operator()(VariableDeclaration const& _varDecl)
{
yulAssert(m_currentBlock, "");
auto declaredVariables = _varDecl.variables | ranges::views::transform([&](TypedName const& _var) {
return VariableSlot{lookupVariable(_var.name), _var.debugData};
}) | ranges::to>;
Stack input;
if (_varDecl.value)
input = visitAssignmentRightHandSide(*_varDecl.value, declaredVariables.size());
else
input = Stack(_varDecl.variables.size(), LiteralSlot{0, _varDecl.debugData});
m_currentBlock->operations.emplace_back(CFG::Operation{
std::move(input),
declaredVariables | ranges::to,
CFG::Assignment{_varDecl.debugData, declaredVariables}
});
}
void ControlFlowGraphBuilder::operator()(Assignment const& _assignment)
{
auto assignedVariables = _assignment.variableNames | ranges::views::transform([&](Identifier const& _var) {
return VariableSlot{lookupVariable(_var.name), _var.debugData};
}) | ranges::to>;
yulAssert(m_currentBlock, "");
m_currentBlock->operations.emplace_back(CFG::Operation{
// input
visitAssignmentRightHandSide(*_assignment.value, assignedVariables.size()),
// output
assignedVariables | ranges::to,
// operation
CFG::Assignment{_assignment.debugData, assignedVariables}
});
}
void ControlFlowGraphBuilder::operator()(ExpressionStatement const& _exprStmt)
{
yulAssert(m_currentBlock, "");
std::visit(util::GenericVisitor{
[&](FunctionCall const& _call) {
Stack const& output = visitFunctionCall(_call);
yulAssert(output.empty(), "");
},
[&](auto const&) { yulAssert(false, ""); }
}, _exprStmt.expression);
// TODO: Ideally this would be done on the expression label and for all functions that always revert,
// not only for builtins.
if (auto const* funCall = get_if(&_exprStmt.expression))
if (BuiltinFunction const* builtin = m_dialect.builtin(funCall->functionName.name))
if (builtin->controlFlowSideEffects.terminatesOrReverts())
{
m_currentBlock->exit = CFG::BasicBlock::Terminated{};
m_currentBlock = &m_graph.makeBlock(debugDataOf(*m_currentBlock));
}
}
void ControlFlowGraphBuilder::operator()(Block const& _block)
{
ScopedSaveAndRestore saveScope(m_scope, m_info.scopes.at(&_block).get());
for (auto const& statement: _block.statements)
if (auto const* function = get_if(&statement))
registerFunction(*function);
for (auto const& statement: _block.statements)
std::visit(*this, statement);
}
void ControlFlowGraphBuilder::operator()(If const& _if)
{
auto& ifBranch = m_graph.makeBlock(debugDataOf(_if.body));
auto& afterIf = m_graph.makeBlock(debugDataOf(*m_currentBlock));
makeConditionalJump(debugDataOf(_if), std::visit(*this, *_if.condition), ifBranch, afterIf);
m_currentBlock = &ifBranch;
(*this)(_if.body);
jump(debugDataOf(_if.body), afterIf);
}
void ControlFlowGraphBuilder::operator()(Switch const& _switch)
{
yulAssert(m_currentBlock, "");
shared_ptr preSwitchDebugData = debugDataOf(_switch);
auto ghostVariableId = m_graph.ghostVariables.size();
YulString ghostVariableName("GHOST[" + to_string(ghostVariableId) + "]");
auto& ghostVar = m_graph.ghostVariables.emplace_back(Scope::Variable{""_yulstring, ghostVariableName});
// Artificially generate:
// let :=
VariableSlot ghostVarSlot{ghostVar, debugDataOf(*_switch.expression)};
m_currentBlock->operations.emplace_back(CFG::Operation{
Stack{std::visit(*this, *_switch.expression)},
Stack{ghostVarSlot},
CFG::Assignment{_switch.debugData, {ghostVarSlot}}
});
BuiltinFunction const* equalityBuiltin = m_dialect.equalityFunction({});
yulAssert(equalityBuiltin, "");
// Artificially generate:
// eq(, )
auto makeValueCompare = [&](Case const& _case) {
yul::FunctionCall const& ghostCall = m_graph.ghostCalls.emplace_back(yul::FunctionCall{
debugDataOf(_case),
yul::Identifier{{}, "eq"_yulstring},
{*_case.value, Identifier{{}, ghostVariableName}}
});
CFG::Operation& operation = m_currentBlock->operations.emplace_back(CFG::Operation{
Stack{ghostVarSlot, LiteralSlot{valueOfLiteral(*_case.value), debugDataOf(*_case.value)}},
Stack{TemporarySlot{ghostCall, 0}},
CFG::BuiltinCall{debugDataOf(_case), *equalityBuiltin, ghostCall, 2},
});
return operation.output.front();
};
CFG::BasicBlock& afterSwitch = m_graph.makeBlock(preSwitchDebugData);
yulAssert(!_switch.cases.empty(), "");
for (auto const& switchCase: _switch.cases | ranges::views::drop_last(1))
{
yulAssert(switchCase.value, "");
auto& caseBranch = m_graph.makeBlock(debugDataOf(switchCase.body));
auto& elseBranch = m_graph.makeBlock(debugDataOf(_switch));
makeConditionalJump(debugDataOf(switchCase), makeValueCompare(switchCase), caseBranch, elseBranch);
m_currentBlock = &caseBranch;
(*this)(switchCase.body);
jump(debugDataOf(switchCase.body), afterSwitch);
m_currentBlock = &elseBranch;
}
Case const& switchCase = _switch.cases.back();
if (switchCase.value)
{
CFG::BasicBlock& caseBranch = m_graph.makeBlock(debugDataOf(switchCase.body));
makeConditionalJump(debugDataOf(switchCase), makeValueCompare(switchCase), caseBranch, afterSwitch);
m_currentBlock = &caseBranch;
}
(*this)(switchCase.body);
jump(debugDataOf(switchCase.body), afterSwitch);
}
void ControlFlowGraphBuilder::operator()(ForLoop const& _loop)
{
shared_ptr preLoopDebugData = debugDataOf(_loop);
ScopedSaveAndRestore scopeRestore(m_scope, m_info.scopes.at(&_loop.pre).get());
(*this)(_loop.pre);
std::optional constantCondition;
if (auto const* literalCondition = get_if(_loop.condition.get()))
constantCondition = valueOfLiteral(*literalCondition) != 0;
CFG::BasicBlock& loopCondition = m_graph.makeBlock(debugDataOf(*_loop.condition));
CFG::BasicBlock& loopBody = m_graph.makeBlock(debugDataOf(_loop.body));
CFG::BasicBlock& post = m_graph.makeBlock(debugDataOf(_loop.post));
CFG::BasicBlock& afterLoop = m_graph.makeBlock(preLoopDebugData);
ScopedSaveAndRestore scopedSaveAndRestore(m_forLoopInfo, ForLoopInfo{afterLoop, post});
if (constantCondition.has_value())
{
if (*constantCondition)
{
jump(debugDataOf(_loop.pre), loopBody);
(*this)(_loop.body);
jump(debugDataOf(_loop.body), post);
(*this)(_loop.post);
jump(debugDataOf(_loop.post), loopBody, true);
}
else
jump(debugDataOf(_loop.pre), afterLoop);
}
else
{
jump(debugDataOf(_loop.pre), loopCondition);
makeConditionalJump(debugDataOf(*_loop.condition), std::visit(*this, *_loop.condition), loopBody, afterLoop);
m_currentBlock = &loopBody;
(*this)(_loop.body);
jump(debugDataOf(_loop.body), post);
(*this)(_loop.post);
jump(debugDataOf(_loop.post), loopCondition, true);
}
m_currentBlock = &afterLoop;
}
void ControlFlowGraphBuilder::operator()(Break const& _break)
{
yulAssert(m_forLoopInfo.has_value(), "");
jump(debugDataOf(_break), m_forLoopInfo->afterLoop);
m_currentBlock = &m_graph.makeBlock(debugDataOf(*m_currentBlock));
}
void ControlFlowGraphBuilder::operator()(Continue const& _continue)
{
yulAssert(m_forLoopInfo.has_value(), "");
jump(debugDataOf(_continue), m_forLoopInfo->post);
m_currentBlock = &m_graph.makeBlock(debugDataOf(*m_currentBlock));
}
// '_leave' and '__leave' are reserved in VisualStudio
void ControlFlowGraphBuilder::operator()(Leave const& leave_)
{
yulAssert(m_currentFunction.has_value(), "");
m_currentBlock->exit = CFG::BasicBlock::FunctionReturn{debugDataOf(leave_), *m_currentFunction};
(*m_currentFunction)->exits.emplace_back(m_currentBlock);
m_currentBlock = &m_graph.makeBlock(debugDataOf(*m_currentBlock));
}
void ControlFlowGraphBuilder::operator()(FunctionDefinition const& _function)
{
yulAssert(m_scope, "");
yulAssert(m_scope->identifiers.count(_function.name), "");
Scope::Function& function = std::get(m_scope->identifiers.at(_function.name));
m_graph.functions.emplace_back(&function);
CFG::FunctionInfo& functionInfo = m_graph.functionInfo.at(&function);
ControlFlowGraphBuilder builder{m_graph, m_info, m_dialect};
builder.m_currentFunction = &functionInfo;
builder.m_currentBlock = functionInfo.entry;
builder(_function.body);
functionInfo.exits.emplace_back(builder.m_currentBlock);
builder.m_currentBlock->exit = CFG::BasicBlock::FunctionReturn{debugDataOf(_function), &functionInfo};
}
void ControlFlowGraphBuilder::registerFunction(FunctionDefinition const& _function)
{
yulAssert(m_scope, "");
yulAssert(m_scope->identifiers.count(_function.name), "");
Scope::Function& function = std::get(m_scope->identifiers.at(_function.name));
yulAssert(m_info.scopes.at(&_function.body), "");
Scope* virtualFunctionScope = m_info.scopes.at(m_info.virtualBlocks.at(&_function).get()).get();
yulAssert(virtualFunctionScope, "");
bool inserted = m_graph.functionInfo.emplace(std::make_pair(&function, CFG::FunctionInfo{
_function.debugData,
function,
&m_graph.makeBlock(debugDataOf(_function.body)),
_function.parameters | ranges::views::transform([&](auto const& _param) {
return VariableSlot{
std::get(virtualFunctionScope->identifiers.at(_param.name)),
_param.debugData
};
}) | ranges::to,
_function.returnVariables | ranges::views::transform([&](auto const& _retVar) {
return VariableSlot{
std::get(virtualFunctionScope->identifiers.at(_retVar.name)),
_retVar.debugData
};
}) | ranges::to,
{}
})).second;
yulAssert(inserted);
}
Stack const& ControlFlowGraphBuilder::visitFunctionCall(FunctionCall const& _call)
{
yulAssert(m_scope, "");
yulAssert(m_currentBlock, "");
if (BuiltinFunction const* builtin = m_dialect.builtin(_call.functionName.name))
{
Stack inputs;
for (auto&& [idx, arg]: _call.arguments | ranges::views::enumerate | ranges::views::reverse)
if (!builtin->literalArgument(idx).has_value())
inputs.emplace_back(std::visit(*this, arg));
CFG::BuiltinCall builtinCall{_call.debugData, *builtin, _call, inputs.size()};
return m_currentBlock->operations.emplace_back(CFG::Operation{
// input
std::move(inputs),
// output
ranges::views::iota(0u, builtin->returns.size()) | ranges::views::transform([&](size_t _i) {
return TemporarySlot{_call, _i};
}) | ranges::to,
// operation
move(builtinCall)
}).output;
}
else
{
Scope::Function const& function = lookupFunction(_call.functionName.name);
Stack inputs{FunctionCallReturnLabelSlot{_call}};
for (auto const& arg: _call.arguments | ranges::views::reverse)
inputs.emplace_back(std::visit(*this, arg));
return m_currentBlock->operations.emplace_back(CFG::Operation{
// input
std::move(inputs),
// output
ranges::views::iota(0u, function.returns.size()) | ranges::views::transform([&](size_t _i) {
return TemporarySlot{_call, _i};
}) | ranges::to,
// operation
CFG::FunctionCall{_call.debugData, function, _call}
}).output;
}
}
Stack ControlFlowGraphBuilder::visitAssignmentRightHandSide(Expression const& _expression, size_t _expectedSlotCount)
{
return std::visit(util::GenericVisitor{
[&](FunctionCall const& _call) -> Stack {
Stack const& output = visitFunctionCall(_call);
yulAssert(_expectedSlotCount == output.size(), "");
return output;
},
[&](auto const& _identifierOrLiteral) -> Stack {
yulAssert(_expectedSlotCount == 1, "");
return {(*this)(_identifierOrLiteral)};
}
}, _expression);
}
Scope::Function const& ControlFlowGraphBuilder::lookupFunction(YulString _name) const
{
Scope::Function const* function = nullptr;
yulAssert(m_scope->lookup(_name, util::GenericVisitor{
[](Scope::Variable&) { yulAssert(false, "Expected function name."); },
[&](Scope::Function& _function) { function = &_function; }
}), "Function name not found.");
yulAssert(function, "");
return *function;
}
Scope::Variable const& ControlFlowGraphBuilder::lookupVariable(YulString _name) const
{
yulAssert(m_scope, "");
Scope::Variable const* var = nullptr;
if (m_scope->lookup(_name, util::GenericVisitor{
[&](Scope::Variable& _var) { var = &_var; },
[](Scope::Function&)
{
yulAssert(false, "Function not removed during desugaring.");
}
}))
{
yulAssert(var, "");
return *var;
};
yulAssert(false, "External identifier access unimplemented.");
}
void ControlFlowGraphBuilder::makeConditionalJump(
shared_ptr _debugData,
StackSlot _condition,
CFG::BasicBlock& _nonZero,
CFG::BasicBlock& _zero
)
{
yulAssert(m_currentBlock, "");
m_currentBlock->exit = CFG::BasicBlock::ConditionalJump{
move(_debugData),
move(_condition),
&_nonZero,
&_zero
};
_nonZero.entries.emplace_back(m_currentBlock);
_zero.entries.emplace_back(m_currentBlock);
m_currentBlock = nullptr;
}
void ControlFlowGraphBuilder::jump(
shared_ptr _debugData,
CFG::BasicBlock& _target,
bool backwards
)
{
yulAssert(m_currentBlock, "");
m_currentBlock->exit = CFG::BasicBlock::Jump{move(_debugData), &_target, backwards};
_target.entries.emplace_back(m_currentBlock);
m_currentBlock = &_target;
}