Skip to content

Memory transform #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 125 commits into from
Apr 14, 2025
Merged

Memory transform #377

merged 125 commits into from
Apr 14, 2025

Conversation

sadrabt
Copy link
Contributor

@sadrabt sadrabt commented Mar 18, 2025
edited
Loading

Transforms memory accesses to register assignments using the results of DSA when --memory-transform flag is set
(requires --simplify and --dsa norm)

  • creates a global graph (single global region node) and uses it to propagate global constraints among graphs of all procedures
  • replaces memory stores to stack only regions with local assignments
  • replaces memory stores to global only regions with memory assignments
  • Adds invariant to check unresolved expressions are only used in memory accesses that are unreachable
  • transforms memory accesses by splitting the memory to disjoint regions using Data structure analysis results
  • determines which values escape a procedure using DSA flags

@sadrabt sadrabt force-pushed the memory-transform branch 2 times, most recently from 3a65580 to cc83b68 Compare April 1, 2025 01:30
@sadrabt sadrabt marked this pull request as ready for review April 2, 2025 03:54
@sadrabt sadrabt force-pushed the memory-transform branch 2 times, most recently from 5c69dc7 to 2440870 Compare April 4, 2025 06:23
@sadrabt sadrabt requested a review from ailrst April 7, 2025 00:01
ailrst
ailrst reviewed Apr 7, 2025
View reviewed changes
Copy link
Contributor

@ailrst ailrst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable names in the output aren't going to be valid boogie identifiers, they should probably be renamed in the transform

src/test/memory_transform/clasloc/gcc/clasloc.adt
@@ -0,0 +1,530 @@
Project(Attrs([Attr("filename","\"clasloc.out\""),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are only checking in results from one lifter can we use the gtirb results rather than BAP

@sadrabt sadrabt force-pushed the memory-transform branch from 15e8e0a to be31a91 Compare April 7, 2025 06:02
@sadrabt
Copy link
Contributor Author

sadrabt commented Apr 8, 2025
edited
Loading

do i need to update ResolveSpec in IRtoBoogie to have the spec include accesses to globals which have been transformed to a scalar

@ailrst
Copy link
Contributor

ailrst commented Apr 8, 2025

Yeah I think so

sadrabt added 16 commits April 10, 2025 11:12
@sadrabt
stack interproc overlapping test
d68b677
@sadrabt
increase widening threshold
8d1e563
@sadrabt
http_parse_basic test case
337926f
@sadrabt
clean up http_parse_basic test
61d5f15
@sadrabt
reformat
c043e2f
@sadrabt
don't mark R29-31 as escaped values in DSA
85162da
@sadrabt
change test to match DSA intervals (be inclusive)
b9bce67
@sadrabt
update test config to take dsa spec as parameter
f750665
@sadrabt
update systemTests runTest to utilise provided DSA config via Test co…
a8decdb 
…nfig
@sadrabt
add Interval DSA systemTests
77269f5
@sadrabt
add mem Transform flag to runBASIL config
c5b6e92
@sadrabt
add MemoryTransformSystemTests (but disabled)
4429b27
@sadrabt
mark in/out parameter nodes as escapees instead of relying on indexes…
1bd9f77 
… to be in/out parameters
@sadrabt
update test so that out util register isn't marked as an out parameter
65e7ad8
@sadrabt
reformat
ee5e097
@sadrabt
expect incorrect test cases to fail for interval dsa system tests
8c57a40
@ailrst
Copy link
Contributor

ailrst commented Apr 10, 2025

Don't need to fix for this PR but afterward I have TODO

  • Go through and fix incomplete match warnings for MemoryAssign, I think there'll be some fixup for simp pass as well to handle them correctly
  • Make memoryassign unique in the il output text

@ailrst
Copy link
Contributor

ailrst commented Apr 10, 2025
edited
Loading

StackIdentification should be disabled by --memory-transform probably, its further splitting the memory but probably not soundly

BASIL/src/main/scala/util/RunUtils.scala

Lines 321 to 324 in 7a851c7

if (config.staticAnalysis.isEmpty || (config.staticAnalysis.get.memoryRegions == MemoryRegionsMode.Disabled)) {
val stackIdentification = StackSubstituter()
stackIdentification.visitProgram(ctx.program)
}

e.g. with mill run --load-directory-gtirb examples/cntlm-noduk/ --simplify --dsa norm --main-procedure-name acl_add --memory-transform --dump-il x --procedure-call-depth 2 --trim-early

It seems like DSA already splits it into stack and heap when it can't do the local stack variable transform with mem being stack so the stackIdentification is probably breaking it

@sadrabt sadrabt merged commit ebea59c into main Apr 14, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ailrst ailrst ailrst approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sadrabt @ailrst