// Copyright (c) 2015-2016 The Khronos Group Inc. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and/or associated documentation files (the // "Materials"), to deal in the Materials without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Materials, and to // permit persons to whom the Materials are furnished to do so, subject to // the following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Materials. // // MODIFICATIONS TO THIS FILE MAY MEAN IT NO LONGER ACCURATELY REFLECTS // KHRONOS STANDARDS. THE UNMODIFIED, NORMATIVE VERSIONS OF KHRONOS // SPECIFICATIONS AND HEADER INFORMATION ARE LOCATED AT // https://www.khronos.org/registry/ // // THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE // MATERIALS OR THE USE OR OTHER DEALINGS IN THE MATERIALS. #include "validate.h" #include #include #include #include #include #include #include #include #include #include #include "val/BasicBlock.h" #include "val/Construct.h" #include "val/Function.h" #include "val/ValidationState.h" using std::find; using std::function; using std::get; using std::ignore; using std::make_pair; using std::make_tuple; using std::numeric_limits; using std::pair; using std::set; using std::string; using std::tie; using std::transform; using std::tuple; using std::unordered_map; using std::unordered_set; using std::vector; using libspirv::BasicBlock; namespace libspirv { namespace { using bb_ptr = BasicBlock*; using cbb_ptr = const BasicBlock*; using bb_iter = vector::const_iterator; struct block_info { cbb_ptr block; ///< pointer to the block bb_iter iter; ///< Iterator to the current child node being processed }; /// Returns true if a block with @p id is found in the @p work_list vector /// /// @param[in] work_list Set of blocks visited in the the depth first traversal /// of the CFG /// @param[in] id The ID of the block being checked /// /// @return true if the edge work_list.back().block->id() => id is a back-edge bool FindInWorkList(const vector& work_list, uint32_t id) { for (const auto b : work_list) { if (b.block->id() == id) return true; } return false; } } // namespace void DepthFirstTraversal(const BasicBlock* entry, get_blocks_func successor_func, function preorder, function postorder, function backedge) { unordered_set processed; /// NOTE: work_list is the sequence of nodes from the root node to the node /// being processed in the traversal vector work_list; work_list.reserve(10); work_list.push_back({entry, begin(*successor_func(entry))}); preorder(entry); processed.insert(entry->id()); while (!work_list.empty()) { block_info& top = work_list.back(); if (top.iter == end(*successor_func(top.block))) { postorder(top.block); work_list.pop_back(); } else { BasicBlock* child = *top.iter; top.iter++; if (FindInWorkList(work_list, child->id())) { backedge(top.block, child); } if (processed.count(child->id()) == 0) { preorder(child); work_list.emplace_back( block_info{child, begin(*successor_func(child))}); processed.insert(child->id()); } } } } vector> CalculateDominators( const vector& postorder, get_blocks_func predecessor_func) { struct block_detail { size_t dominator; ///< The index of blocks's dominator in post order array size_t postorder_index; ///< The index of the block in the post order array }; const size_t undefined_dom = postorder.size(); unordered_map idoms; for (size_t i = 0; i < postorder.size(); i++) { idoms[postorder[i]] = {undefined_dom, i}; } idoms[postorder.back()].dominator = idoms[postorder.back()].postorder_index; bool changed = true; while (changed) { changed = false; for (auto b = postorder.rbegin() + 1; b != postorder.rend(); ++b) { const vector& predecessors = *predecessor_func(*b); // Find the first processed/reachable predecessor that is reachable // in the forward traversal. auto res = find_if(begin(predecessors), end(predecessors), [&idoms, undefined_dom](BasicBlock* pred) { return idoms.count(pred) && idoms[pred].dominator != undefined_dom; }); if (res == end(predecessors)) continue; const BasicBlock* idom = *res; size_t idom_idx = idoms[idom].postorder_index; // all other predecessors for (const auto* p : predecessors) { if (idom == p) continue; // Only consider nodes reachable in the forward traversal. // Otherwise the intersection doesn't make sense and will never // terminate. if (!idoms.count(p)) continue; if (idoms[p].dominator != undefined_dom) { size_t finger1 = idoms[p].postorder_index; size_t finger2 = idom_idx; while (finger1 != finger2) { while (finger1 < finger2) { finger1 = idoms[postorder[finger1]].dominator; } while (finger2 < finger1) { finger2 = idoms[postorder[finger2]].dominator; } } idom_idx = finger1; } } if (idoms[*b].dominator != idom_idx) { idoms[*b].dominator = idom_idx; changed = true; } } } vector> out; for (auto idom : idoms) { // NOTE: performing a const cast for convenient usage with // UpdateImmediateDominators out.push_back({const_cast(get<0>(idom)), const_cast(postorder[get<1>(idom).dominator])}); } return out; } void printDominatorList(const BasicBlock& b) { std::cout << b.id() << " is dominated by: "; const BasicBlock* bb = &b; while (bb->immediate_dominator() != bb) { bb = bb->immediate_dominator(); std::cout << bb->id() << " "; } } #define CFG_ASSERT(ASSERT_FUNC, TARGET) \ if (spv_result_t rcode = ASSERT_FUNC(_, TARGET)) return rcode spv_result_t FirstBlockAssert(ValidationState_t& _, uint32_t target) { if (_.current_function().IsFirstBlock(target)) { return _.diag(SPV_ERROR_INVALID_CFG) << "First block " << _.getIdName(target) << " of funciton " << _.getIdName(_.current_function().id()) << " is targeted by block " << _.getIdName(_.current_function().current_block()->id()); } return SPV_SUCCESS; } spv_result_t MergeBlockAssert(ValidationState_t& _, uint32_t merge_block) { if (_.current_function().IsBlockType(merge_block, kBlockTypeMerge)) { return _.diag(SPV_ERROR_INVALID_CFG) << "Block " << _.getIdName(merge_block) << " is already a merge block for another header"; } return SPV_SUCCESS; } /// Update the continue construct's exit blocks once the backedge blocks are /// identified in the CFG. void UpdateContinueConstructExitBlocks( Function& function, const vector>& back_edges) { auto& constructs = function.constructs(); // TODO(umar): Think of a faster way to do this for (auto& edge : back_edges) { uint32_t back_edge_block_id; uint32_t loop_header_block_id; tie(back_edge_block_id, loop_header_block_id) = edge; auto is_this_header = [=](Construct& c) { return c.type() == ConstructType::kLoop && c.entry_block()->id() == loop_header_block_id; }; for (auto construct : constructs) { if (is_this_header(construct)) { Construct* continue_construct = construct.corresponding_constructs().back(); assert(continue_construct->type() == ConstructType::kContinue); BasicBlock* back_edge_block; tie(back_edge_block, ignore) = function.GetBlock(back_edge_block_id); continue_construct->set_exit(back_edge_block); } } } } tuple ConstructNames(ConstructType type) { string construct_name, header_name, exit_name; switch (type) { case ConstructType::kSelection: construct_name = "selection"; header_name = "selection header"; exit_name = "merge block"; break; case ConstructType::kLoop: construct_name = "loop"; header_name = "loop header"; exit_name = "merge block"; break; case ConstructType::kContinue: construct_name = "continue"; header_name = "continue target"; exit_name = "back-edge block"; break; case ConstructType::kCase: construct_name = "case"; header_name = "case entry block"; exit_name = "case exit block"; break; default: assert(1 == 0 && "Not defined type"); } return make_tuple(construct_name, header_name, exit_name); } /// Constructs an error message for construct validation errors string ConstructErrorString(const Construct& construct, const string& header_string, const string& exit_string, bool post_dominate = false) { string construct_name, header_name, exit_name, dominate_text; if (post_dominate) { dominate_text = "is not post dominated by"; } else { dominate_text = "does not dominate"; } tie(construct_name, header_name, exit_name) = ConstructNames(construct.type()); // TODO(umar): Add header block for continue constructs to error message return "The " + construct_name + " construct with the " + header_name + " " + header_string + " " + dominate_text + " the " + exit_name + " " + exit_string; } spv_result_t StructuredControlFlowChecks( const ValidationState_t& _, const Function& function, const vector>& back_edges) { /// Check all backedges target only loop headers and have exactly one /// back-edge branching to it set loop_headers; for (auto back_edge : back_edges) { uint32_t back_edge_block; uint32_t header_block; tie(back_edge_block, header_block) = back_edge; if (!function.IsBlockType(header_block, kBlockTypeLoop)) { return _.diag(SPV_ERROR_INVALID_CFG) << "Back-edges (" << _.getIdName(back_edge_block) << " -> " << _.getIdName(header_block) << ") can only be formed between a block and a loop header."; } bool success; tie(ignore, success) = loop_headers.insert(header_block); if (!success) { // TODO(umar): List the back-edge blocks that are branching to loop // header return _.diag(SPV_ERROR_INVALID_CFG) << "Loop header " << _.getIdName(header_block) << " targeted by multiple back-edges"; } } // Check the loop headers have exactly one back-edge branching to it for (BasicBlock* block : function.ordered_blocks()) { if (block->reachable() && block->is_type(kBlockTypeLoop) && loop_headers.count(block->id()) != 1) { return _.diag(SPV_ERROR_INVALID_CFG) << "Loop with header " + _.getIdName(block->id()) + " is targeted by " << loop_headers.count(block->id()) << " back-edges but the standard requires exactly one"; } } // Check construct rules for (const Construct& construct : function.constructs()) { auto header = construct.entry_block(); auto merge = construct.exit_block(); if (header->reachable() && !merge) { string construct_name, header_name, exit_name; tie(construct_name, header_name, exit_name) = ConstructNames(construct.type()); return _.diag(SPV_ERROR_INTERNAL) << "Construct " + construct_name + " with " + header_name + " " + _.getIdName(header->id()) + " does not have a " + exit_name + ". This may be a bug in the validator."; } // If the merge block is reachable then it's dominated by the header. if (merge && merge->reachable() && find(merge->dom_begin(), merge->dom_end(), header) == merge->dom_end()) { return _.diag(SPV_ERROR_INVALID_CFG) << ConstructErrorString(construct, _.getIdName(header->id()), _.getIdName(merge->id())); } // Check post-dominance for continue constructs. But dominance and // post-dominance only make sense when the construct is reachable. if (header->reachable() && construct.type() == ConstructType::kContinue) { if (find(header->pdom_begin(), header->pdom_end(), merge) == merge->pdom_end()) { return _.diag(SPV_ERROR_INVALID_CFG) << ConstructErrorString(construct, _.getIdName(header->id()), _.getIdName(merge->id()), true); } } // TODO(umar): an OpSwitch block dominates all its defined case // constructs // TODO(umar): each case construct has at most one branch to another // case construct // TODO(umar): each case construct is branched to by at most one other // case construct // TODO(umar): if Target T1 branches to Target T2, or if Target T1 // branches to the Default and the Default branches to Target T2, then // T1 must immediately precede T2 in the list of the OpSwitch Target // operands } return SPV_SUCCESS; } spv_result_t PerformCfgChecks(ValidationState_t& _) { for (auto& function : _.functions()) { // Check all referenced blocks are defined within a function if (function.undefined_block_count() != 0) { string undef_blocks("{"); for (auto undefined_block : function.undefined_blocks()) { undef_blocks += _.getIdName(undefined_block) + " "; } return _.diag(SPV_ERROR_INVALID_CFG) << "Block(s) " << undef_blocks << "\b}" << " are referenced but not defined in function " << _.getIdName(function.id()); } // Set each block's immediate dominator and immediate postdominator, // and find all back-edges. // // We want to analyze all the blocks in the function, even in degenerate // control flow cases including unreachable blocks. So use the augmented // CFG to ensure we cover all the blocks. vector postorder; vector postdom_postorder; vector> back_edges; if (!function.ordered_blocks().empty()) { /// calculate dominators DepthFirstTraversal(function.first_block(), function.AugmentedCFGSuccessorsFunction(), [](cbb_ptr) {}, [&](cbb_ptr b) { postorder.push_back(b); }, [&](cbb_ptr from, cbb_ptr to) { back_edges.emplace_back(from->id(), to->id()); }); auto edges = libspirv::CalculateDominators( postorder, function.AugmentedCFGPredecessorsFunction()); for (auto edge : edges) { edge.first->SetImmediateDominator(edge.second); } /// calculate post dominators DepthFirstTraversal(function.pseudo_exit_block(), function.AugmentedCFGPredecessorsFunction(), [](cbb_ptr) {}, [&](cbb_ptr b) { postdom_postorder.push_back(b); }, [&](cbb_ptr, cbb_ptr) {}); auto postdom_edges = libspirv::CalculateDominators( postdom_postorder, function.AugmentedCFGSuccessorsFunction()); for (auto edge : postdom_edges) { edge.first->SetImmediatePostDominator(edge.second); } } UpdateContinueConstructExitBlocks(function, back_edges); // Check if the order of blocks in the binary appear before the blocks they // dominate auto& blocks = function.ordered_blocks(); if (blocks.empty() == false) { for (auto block = begin(blocks) + 1; block != end(blocks); ++block) { if (auto idom = (*block)->immediate_dominator()) { if (idom != function.pseudo_entry_block() && block == std::find(begin(blocks), block, idom)) { return _.diag(SPV_ERROR_INVALID_CFG) << "Block " << _.getIdName((*block)->id()) << " appears in the binary before its dominator " << _.getIdName(idom->id()); } } } } /// Structured control flow checks are only required for shader capabilities if (_.has_capability(SpvCapabilityShader)) { spvCheckReturn(StructuredControlFlowChecks(_, function, back_edges)); } } return SPV_SUCCESS; } spv_result_t CfgPass(ValidationState_t& _, const spv_parsed_instruction_t* inst) { SpvOp opcode = static_cast(inst->opcode); switch (opcode) { case SpvOpLabel: spvCheckReturn(_.current_function().RegisterBlock(inst->result_id)); break; case SpvOpLoopMerge: { uint32_t merge_block = inst->words[inst->operands[0].offset]; uint32_t continue_block = inst->words[inst->operands[1].offset]; CFG_ASSERT(MergeBlockAssert, merge_block); spvCheckReturn( _.current_function().RegisterLoopMerge(merge_block, continue_block)); } break; case SpvOpSelectionMerge: { uint32_t merge_block = inst->words[inst->operands[0].offset]; CFG_ASSERT(MergeBlockAssert, merge_block); spvCheckReturn(_.current_function().RegisterSelectionMerge(merge_block)); } break; case SpvOpBranch: { uint32_t target = inst->words[inst->operands[0].offset]; CFG_ASSERT(FirstBlockAssert, target); _.current_function().RegisterBlockEnd({target}, opcode); } break; case SpvOpBranchConditional: { uint32_t tlabel = inst->words[inst->operands[1].offset]; uint32_t flabel = inst->words[inst->operands[2].offset]; CFG_ASSERT(FirstBlockAssert, tlabel); CFG_ASSERT(FirstBlockAssert, flabel); _.current_function().RegisterBlockEnd({tlabel, flabel}, opcode); } break; case SpvOpSwitch: { vector cases; for (int i = 1; i < inst->num_operands; i += 2) { uint32_t target = inst->words[inst->operands[i].offset]; CFG_ASSERT(FirstBlockAssert, target); cases.push_back(target); } _.current_function().RegisterBlockEnd({cases}, opcode); } break; case SpvOpKill: case SpvOpReturn: case SpvOpReturnValue: case SpvOpUnreachable: _.current_function().RegisterBlockEnd({}, opcode); break; default: break; } return SPV_SUCCESS; } } // namespace libspirv