Merge pull request #1400 from lthls/cmm_invariants

Cmm invariants

.depend

@@ -2141,6 +2141,7 @@ asmcomp/asmgen.cmo : \
     asmcomp/comballoc.cmi \
     asmcomp/coloring.cmi \
     asmcomp/cmmgen.cmi \
+    asmcomp/cmm_invariants.cmi \
     asmcomp/cmm_helpers.cmi \
     asmcomp/cmm.cmi \
     utils/clflags.cmi \
@@ -2182,6 +2183,7 @@ asmcomp/asmgen.cmx : \
     asmcomp/comballoc.cmx \
     asmcomp/coloring.cmx \
     asmcomp/cmmgen.cmx \
+    asmcomp/cmm_invariants.cmx \
     asmcomp/cmm_helpers.cmx \
     asmcomp/cmm.cmx \
     utils/clflags.cmx \
@@ -2418,6 +2420,16 @@ asmcomp/cmm_helpers.cmi : \
     middle_end/clambda_primitives.cmi \
     middle_end/clambda.cmi \
     parsing/asttypes.cmi
+asmcomp/cmm_invariants.cmo : \
+    utils/numbers.cmi \
+    asmcomp/cmm.cmi \
+    asmcomp/cmm_invariants.cmi
+asmcomp/cmm_invariants.cmx : \
+    utils/numbers.cmx \
+    asmcomp/cmm.cmx \
+    asmcomp/cmm_invariants.cmi
+asmcomp/cmm_invariants.cmi : \
+    asmcomp/cmm.cmi
 asmcomp/cmmgen.cmo : \
     typing/types.cmi \
     middle_end/printclambda_primitives.cmi \

.github/workflows/build.yml

@@ -26,7 +26,7 @@ jobs:
         sudo apt-get update -y && sudo apt-get install -y gcc-multilib gfortran-multilib
     - name: configure tree
       run: |
-        XARCH=i386 CONFIG_ARG='--disable-stdlib-manpages --disable-shared' bash -xe tools/ci/actions/runner.sh configure
+        XARCH=i386 CONFIG_ARG='--disable-stdlib-manpages --disable-shared --enable-cmm-invariants' bash -xe tools/ci/actions/runner.sh configure
     - name: Build
       run: |
         bash -xe tools/ci/actions/runner.sh build
@@ -55,7 +55,7 @@ jobs:
         MAKE_ARG=-j make distclean
     - name: configure tree
       run: |
-        MAKE_ARG=-j XARCH=x64 CONFIG_ARG='--enable-flambda --enable-dependency-generation' OCAMLRUNPARAM=b,v=0 bash -xe tools/ci/actions/runner.sh configure
+        MAKE_ARG=-j XARCH=x64 CONFIG_ARG='--enable-flambda --enable-cmm-invariants --enable-dependency-generation' OCAMLRUNPARAM=b,v=0 bash -xe tools/ci/actions/runner.sh configure
     - name: Build
       run: |
         MAKE_ARG=-j OCAMLRUNPARAM=b,v=0 bash -xe tools/ci/actions/runner.sh build

Changes

@@ -111,6 +111,11 @@ Working version
 - #10349: Fix destroyed_at_c_call on RISC-V
   (Mark Shinwell, review by Nicolás Ojeda Bär)
 
+- #1400: Add an optional invariants check on Cmm, which can be activated
+  with the -dcmm-invariants flag
+  (Vincent Laviron, with help from Sebastien Hinderer, review by Stephen Dolan
+   and David Allsopp)
+
 ### Type system:
 
 * #10081: Typecheck `x |> f` and `f @@ x` as `(f x)`

Makefile.config.in

@@ -234,6 +234,7 @@ TARGET=@target@
 HOST=@host@
 FLAMBDA=@flambda@
 WITH_FLAMBDA_INVARIANTS=@flambda_invariants@
+WITH_CMM_INVARIANTS=@cmm_invariants@
 FORCE_SAFE_STRING=@force_safe_string@
 DEFAULT_SAFE_STRING=@default_safe_string@
 WINDOWS_UNICODE=@windows_unicode@

asmcomp/asmgen.ml

@@ -30,6 +30,16 @@ type error =
 
 exception Error of error
 
+let cmm_invariants ppf fd_cmm =
+  let print_fundecl =
+    if !Clflags.dump_cmm then Printcmm.fundecl
+    else fun ppf fdecl -> Format.fprintf ppf "%s" fdecl.fun_name
+  in
+  if !Clflags.cmm_invariants && Cmm_invariants.run ppf fd_cmm then
+    Misc.fatal_errorf "Cmm invariants failed on following fundecl:@.%a@."
+      print_fundecl fd_cmm;
+  fd_cmm
+
 let liveness phrase = Liveness.fundecl phrase; phrase
 
 let dump_if ppf flag message phrase =
@@ -127,6 +137,7 @@ let compile_fundecl ~ppf_dump fd_cmm =
   Proc.init ();
   Reg.reset();
   fd_cmm
+  ++ Profile.record ~accumulate:true "cmm_invariants" (cmm_invariants ppf_dump)
   ++ Profile.record ~accumulate:true "selection" Selection.fundecl
   ++ pass_dump_if ppf_dump dump_selection "After instruction selection"
   ++ Profile.record ~accumulate:true "comballoc" Comballoc.fundecl

asmcomp/cmm_invariants.ml

@@ -0,0 +1,180 @@
+(**************************************************************************)
+(*                                                                        *)
+(*                                 OCaml                                  *)
+(*                                                                        *)
+(*                       Vincent Laviron, OCamlPro                        *)
+(*                                                                        *)
+(*   Copyright 2017 OCamlPro SAS                                          *)
+(*                                                                        *)
+(*   All rights reserved.  This file is distributed under the terms of    *)
+(*   the GNU Lesser General Public License version 2.1, with the          *)
+(*   special exception on linking described in the file LICENSE.          *)
+(*                                                                        *)
+(**************************************************************************)
+
+[@@@ocaml.warning "-40"]
+
+module Int = Numbers.Int
+
+(* Check a number of continuation-related invariants *)
+
+module Env : sig
+  type t
+
+  val init : unit -> t
+
+  val handler : t -> cont:int -> arg_num:int -> t
+
+  val jump : t -> cont:int -> arg_num:int -> unit
+
+  val report : Format.formatter -> bool
+end = struct
+  type t = {
+    bound_handlers : int Int.Map.t;
+  }
+
+  type error =
+    | Unbound_handler of { cont: int }
+    | Multiple_handlers of { cont: int; }
+    | Wrong_arguments_number of
+        { cont: int; handler_args: int; jump_args: int; }
+
+  module Error = struct
+    type t = error
+
+    let compare = Stdlib.compare
+  end
+
+  module ErrorSet = Set.Make(Error)
+
+  type persistent_state = {
+    mutable all_handlers : Int.Set.t;
+    mutable errors : ErrorSet.t;
+  }
+
+  let state = {
+    all_handlers = Int.Set.empty;
+    errors = ErrorSet.empty;
+  }
+
+  let record_error error =
+    state.errors <- ErrorSet.add error state.errors
+
+  let unbound_handler cont =
+    record_error (Unbound_handler { cont; })
+
+  let multiple_handler cont =
+    record_error (Multiple_handlers { cont; })
+
+  let wrong_arguments cont handler_args jump_args =
+    record_error (Wrong_arguments_number { cont; handler_args; jump_args; })
+
+  let init () =
+    state.all_handlers <- Int.Set.empty;
+    state.errors <- ErrorSet.empty;
+    {
+      bound_handlers = Int.Map.empty;
+    }
+
+  let handler t ~cont ~arg_num =
+    if Int.Set.mem cont state.all_handlers then multiple_handler cont;
+    state.all_handlers <- Int.Set.add cont state.all_handlers;
+    let bound_handlers = Int.Map.add cont arg_num t.bound_handlers in
+    { bound_handlers; }
+
+  let jump t ~cont ~arg_num =
+    match Int.Map.find cont t.bound_handlers with
+    | handler_args ->
+      if arg_num <> handler_args then
+        wrong_arguments cont handler_args arg_num
+    | exception Not_found -> unbound_handler cont
+
+  let print_error ppf error =
+    match error with
+    | Unbound_handler { cont } ->
+      if Int.Set.mem cont state.all_handlers then
+        Format.fprintf ppf
+          "Continuation %d was used outside the scope of its handler"
+          cont
+      else
+        Format.fprintf ppf
+          "Continuation %d was used but never bound"
+          cont
+    | Multiple_handlers { cont; } ->
+      Format.fprintf ppf
+        "Continuation %d was declared in more than one handler"
+        cont
+    | Wrong_arguments_number { cont; handler_args; jump_args } ->
+      Format.fprintf ppf
+        "Continuation %d was declared with %d arguments but called with %d"
+        cont
+        handler_args
+        jump_args
+
+  let print_error_newline ppf error =
+    Format.fprintf ppf "%a@." print_error error
+
+  let report ppf =
+    if ErrorSet.is_empty state.errors then false
+    else begin
+      ErrorSet.iter (fun err -> print_error_newline ppf err) state.errors;
+      true
+    end
+end
+
+let rec check env (expr : Cmm.expression) =
+  match expr with
+  | Cconst_int _ | Cconst_natint _ | Cconst_float _ | Cconst_symbol _
+  | Cvar _ ->
+    ()
+  | Clet (_, expr, body)
+  | Clet_mut (_, _, expr, body) ->
+    check env expr;
+    check env body
+  | Cphantom_let (_, _, expr) ->
+    check env expr
+  | Cassign (_, expr) ->
+    check env expr
+  | Ctuple exprs ->
+    List.iter (check env) exprs
+  | Cop (_, args, _) ->
+    List.iter (check env) args;
+  | Csequence (expr1, expr2) ->
+    check env expr1;
+    check env expr2
+  | Cifthenelse (test, _, ifso, _, ifnot, _) ->
+    check env test;
+    check env ifso;
+    check env ifnot
+  | Cswitch (body, _, branches, _) ->
+    check env body;
+    Array.iter (fun (expr, _) -> check env expr) branches
+  | Ccatch (rec_flag, handlers, body) ->
+    let env_extended =
+      List.fold_left
+        (fun env (cont, args, _, _) ->
+           Env.handler env ~cont ~arg_num:(List.length args))
+        env
+        handlers
+    in
+    check env_extended body;
+    let env_handler =
+      match rec_flag with
+      | Recursive -> env_extended
+      | Nonrecursive -> env
+    in
+    List.iter (fun (_, _, handler, _) -> check env_handler handler) handlers
+  | Cexit (cont, args) ->
+    Env.jump env ~cont ~arg_num:(List.length args)
+  | Ctrywith (body, _, handler, _) ->
+    (* Jumping from inside a trywith body to outside isn't very nice,
+       but it's handled correctly by Linearize, as it happens
+       when compiling match ... with exception ..., for instance, so it is
+       not reported as an error. *)
+    check env body;
+    check env handler
+
+let run ppf (fundecl : Cmm.fundecl) =
+  let env = Env.init () in
+  check env fundecl.fun_body;
+  Env.report ppf

asmcomp/cmm_invariants.mli

@@ -0,0 +1,36 @@
+(**************************************************************************)
+(*                                                                        *)
+(*                                 OCaml                                  *)
+(*                                                                        *)
+(*                       Vincent Laviron, OCamlPro                        *)
+(*                                                                        *)
+(*   Copyright 2017 OCamlPro SAS                                          *)
+(*                                                                        *)
+(*   All rights reserved.  This file is distributed under the terms of    *)
+(*   the GNU Lesser General Public License version 2.1, with the          *)
+(*   special exception on linking described in the file LICENSE.          *)
+(*                                                                        *)
+(**************************************************************************)
+
+(* Check a number of continuation-related invariants *)
+
+(* Currently, this checks that :
+   - Every use of a continuation occurs within the scope of its handler
+   - Exit instructions take the same number of arguments as their handler.
+   - In every function declaration, a given continuation can only be
+   declared in a single handler.
+
+   This is intended to document what invariants the backend can rely upon.
+   The first two would trigger errors later, and the last one, while
+   harmless for now, is not that hard to ensure, could be useful for
+   future work on the backend, and helped detect a code duplication bug.
+
+   These invariants are not checked by default, but the check can be turned
+   on with the -dcmm-invariants compilation flag.
+*)
+
+(** [run ppf fundecl] analyses the given function, and returns whether
+    any errors were encountered (with corresponding error messages printed
+    on the given formatter). *)
+
+val run : Format.formatter -> Cmm.fundecl -> bool

compilerlibs/Makefile.compilerlibs

@@ -134,6 +134,7 @@ ASMCOMP=\
   asmcomp/cmmgen_state.cmo \
   asmcomp/cmm_helpers.cmo \
   asmcomp/cmmgen.cmo \
+  asmcomp/cmm_invariants.cmo \
   asmcomp/interval.cmo \
   asmcomp/printmach.cmo asmcomp/selectgen.cmo \
   asmcomp/selection.cmo \