Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Offline Partial Eval #55

Merged
merged 49 commits into from
Mar 18, 2024
Merged

Offline Partial Eval #55

merged 49 commits into from
Mar 18, 2024

Conversation

ncough
Copy link
Collaborator

@ncough ncough commented Mar 14, 2024
edited
Loading

Wrapper around existing online partial evaluation work to perform offline partial evaluation. Rather than producing the semantics for a single instruction opcode, this approach produces a lifter for some subset of the architecture.

The process looks roughly like the following:

  1. Convert the decoder & instruction encoding structures into ASL functions
  2. Identify all of the reachable functions from this initial set up to a configurable frontier
  3. Simplify these functions to remove annoying/unsupported features
  4. Transform each function such that loop bounds and bitvector widths are always known
  5. Run the existing online partial evaluation over each instruction encoding function
  6. Do some cleanup and pruning based on the results of the partial evaluation
  7. Run a taint analysis over the evaluated instruction encoding functions to identify
    what is known at lifttime vs runtime
  8. Transform all runtime influenced statements and expressions into IR generating operations
    against an assumed interface
  9. Print the result as an OCaml program with the IR interface instantiated as ASL IR

The above works for a significant portion of AArch64 matching the existing lifters coverage for all but aarch64_memory_vector_single_post_inc, aarch64_memory_vector_single_no_wb, aarch64_memory_vector_multiple_post_inc, aarch64_memory_vector_multiple_no_wb. However, the resulting OCaml program is ~200k lines long and takes ~5min to build. This can mostly be attributed to some aggressive specialisation in stage 4 and the resulting unrolling transforms introduced by stage 5.

There are still a decent number of things to do:

  • Improvements to AArch64 coverage:
    • LExpr BitTuple support
  • Improvements to compile time / size:
    • Break the produced OCaml program into a series of files, rather than one
    • Support symbolic for loops throughout the pipeline, to reduce unrolling and specialisation
    • Simplify based on branch conditions (e.g. if X = '1' then c should replace X with '1' in c)
  • 'Quality' of resulting program:
    • Comparison of online & offline lifter results
    • Implement a form of copy prop over the IR generating operations produced in stage 8
    • Implement some trivial identities within the IR interface

Given the compile time issues, this PR includes a generate lifter that supports no instructions.
A new lifter can be generated using echo ':gen A64 aarch64.+' | dune exec asli from the project directory.
A subsequent dune build will compile the new lifter.
There are two entry points to the lifter:

  • asloff-sem OPCODE will dump the semantics of OPCODE
  • asloff-coverage PAT will run the coverage test for all instruction encodings matching PAT

ncough added 30 commits March 12, 2024 08:14
@ncough
Fix a typo and stub out some complex behaviours in spec
13b9db4
@ncough
Add bool prims to prim list
3bdba30
@ncough
Add missing prims for type inference in transforms
6a0f549
@ncough
StatefulIntToBit fixes
d14df21 
Correct visit order bug in StatefulIntToBit, support
register type
@ncough
Pass to remove temp dynamic bitvectors
06585eb 
Some common idioms can be easily rewritten, avoiding
complexity udring dis. Currently unused.
@ncough
Rework mask support to reduce to bitops
b33a795 
Masks are never symbolic, so they can be trivially
rewritten as a masking and equiv test if needed.
@ncough
Centralise no_inline sets
1692ad8 
May want to make this a configuration option to dis
@ncough
Extend stmt append to halt on terminal stmts
4910d10 
Cuts of prefix early, even if prefix does not end with terminal
@ncough
Symbolic array accesses
e4a2be2 
Assumes no mixed use of array indices
@ncough
Some helpers for dealing with fn signatures
5fbd788
@ncough
Mostly working offline partial eval pipeline
e88fafb 
Capable of extracting and simplifying behaviours for
most of the instruction encodings on AArch64.
Offline gen is missing specs for primitives as well
as the prelude required for the ocaml backend.
@ncough
Build decoder tests without patterns or early returns
44e561f
@ncough
Functionality to get the type of an expression post-dis
30e5aa2
@ncough
Add entry point, coverage testing for offline
1e4e16e
@ncough
Add a pass to replace register types with bits
d1b440c
@ncough
Add req transform for cases
683dbf4
@ncough
Extend offline to integer operations
8f3194d
@ncough
Add coverage script for offline
baece37 
Some differences in exception printing, unclear
@ncough
Hack in prj file support to offline coverage, matching existing results
0e01ba2
@ncough
Reduce debug printing
4629f70
@ncough
Fixes for branches
5d34f5c
@ncough
Fixes for memory operations
1b9c0c4
@ncough
Prevent large vector ops for now
d0a4d1d
@ncough
Partially extend req patterns
c62b269
@ncough
Extend symbolic to support reducing HiLo widths
a41fe70
@ncough
Coverage fixes
85b446c
@ncough
Consider producing many individual files
5c16002
@ncough
Add getlast util
0e2ab6b
@ncough
Extend offline to support floats
bb3660f
@ncough
Clean out redundant transforms, filters
8d028bf
ncough added 17 commits March 14, 2024 08:24
@ncough
Fix IntToBit for cvt_int_bits
4359e28 
If feeding in a larger bit rep, its necessary to slice down
@ncough
Prune useless globals
be46773
@ncough
Generalise req patterns to capture generic case & LowestSetBit
8afd480
@ncough
Improve sub_int simplification
dc8702f 
Given (e - (a + b)) apply existing rules as ((e - a) - b)
@ncough
Rather than failing on unsupported PSTATE mods, insert assert
6487cd1
@ncough
Ocaml backend cleanup
0145c36
@ncough
Prune unsupported impdefs, block insts with unsupported state access
97bc172
@ncough
Offline lifter cleanup, push to all of aarch64
ff4faf6
@ncough
Collect TODOs
3f4107d
@ncough
Cleanup build, bundle empty implementation to avoid costly builds
64abb6e
@ncough
Fixups for coverage
9cb7137 
Don't remove dead globals to maintain coverage results
Set CRC support
@ncough
Convert tuple return from FPToFixedJS to bitvec
deeb964
@ncough
Offline transform cleanup
2276156
@ncough
Replace bool impdefs with false rather than assert
4d12d79
@ncough
Add missing fp op
246a34c
@ncough
Fix sed usage
a311fc3
@ncough
Fix coverage for FPToFixedJS
4b5f9af 
We no longer have any stage 2,3 or 4 failures!
katrinafyi
katrinafyi approved these changes Mar 15, 2024
View reviewed changes
Copy link
Member

@katrinafyi katrinafyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing!! You can merge this whenever you're ready, #53 can merge cleanly on top of this.

ncough added 2 commits March 18, 2024 09:42
@ncough
Extend ocaml backend to produce many files
fc94e90
@ncough
Eliminate unnecessary temps in offline transform
12221c1 
The naive offline transform treats all runtime variables
as temporaries that must be declared in the runtime program.
Often these temporaries simply hold intermediate calculations
and can be trivially removed through a copy prop pass.

As we do not want to introduce a copy prop into the generated
lifter, we can mimic its effects over the produced lifter by
identifying candidate temporaries and changing them to directly
hold the intermediate calculations, rather than representing
runtime variables.
@ncough
Copy link
Collaborator Author

ncough commented Mar 18, 2024

Apologies, made a few improvements. After splitting the OCaml program across multiple files, build times are now down to ~1min. Also managed to get the copy prop pass implemented. Will merge once the tests pass.

@ncough ncough marked this pull request as ready for review March 18, 2024 01:34
@ncough ncough merged commit 4991bcd into partial_eval Mar 18, 2024
1 check passed
@katrinafyi katrinafyi mentioned this pull request Mar 18, 2024
Closed
@ncough ncough mentioned this pull request Mar 18, 2024
Merged
@ncough ncough deleted the taint branch March 18, 2024 22:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katrinafyi katrinafyi katrinafyi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ncough @katrinafyi