| blob | c7b0fedd6e4d8bcc8b90398761d06525bfb10fa6 |
1 /* Execute symbolically all paths of the loop.
2 Calculate the value of the polynomial by executing loop with real values to
3 create LFSR state.
4 After each iteration check that final states of calculated CRC values match
5 determined LFSR.
6 Copyright (C) 2022-2025 Free Software Foundation, Inc.
7 Contributed by Mariam Arutunian <mariamarutunian@gmail.com>
9 This file is part of GCC.
11 GCC is free software; you can redistribute it and/or modify it under
12 the terms of the GNU General Public License as published by the Free
13 Software Foundation; either version 3, or (at your option) any later
14 version.
16 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
17 WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 for more details.
21 You should have received a copy of the GNU General Public License
22 along with GCC; see the file COPYING3. If not see
23 <http://www.gnu.org/licenses/>. */
38 /* Check whether defined variable is used outside the loop, only
39 CRC's definition is allowed to be used outside the loop. */
41 bool
43 {
44 imm_use_iterator imm_iter;
47 {
49 {
56 }
57 }
59 }
61 /* Calculate value of the rhs operation of GS assigment statement
62 and assign it to lhs variable. */
64 bool
66 {
73 /* This will filter some normal cases too. Ex. usage of array. */
77 /* Check uses only when m_output_crc is known. */
83 {
86 "Warning, encountered unsupported operation, "
90 }
100 }
102 /* Add E edge into the STACK if it doesn't have an immediate
103 successor edge going to the loop header.
105 When loop counter is checked in the if condition,
106 we mustn't continue on real path as we want to stop the execution before
107 the second iteration. */
109 bool
111 {
117 {
123 }
124 else
125 {
129 /* If the result of the condition is true/false,
130 continue execution only by the true/false branch. */
132 }
134 }
136 /* Add next basic blocks of the conditional block COND_BB
137 for the execution path into the STACK.
138 If the condition depends on symbolic values, keep both edges.
139 If the condition is true, keep true edge, else - false edge.
140 Returns true if addition succeeds. Otherwise - false. */
142 bool
146 {
147 edge true_edge;
148 edge false_edge;
151 /* When the condition depends on symbolic values. */
153 {
154 /* Supported CRC cases may have only two states. */
156 {
161 }
162 /* Add true branch's state into the states.
163 False branch's state will be kept in the current state. */
169 /* Add outgoing edges to the stack. */
174 }
175 /* When the condition evaluates to true. */
177 {
181 }
182 /* When the condition evaluates to false. */
184 {
188 }
189 else
190 {
195 }
197 /* When we continue execution of only one path,
198 there's no need of new state. */
201 }
203 /* Add conditions depending on symbolic variables in the states.
205 Keep conditions of each branch execution in its state.
206 Ex.
207 if (a == 0) // a's value is unknown
209 new_branch_state.keep (a==0)
210 current_state.keep (a!=0)
212 The condition is kept in the bit level.
213 For ex.
214 If a's size is 8 and its value is {symb_a, 0, 0, 0, 0, 0, 0, 0},
215 then for a == 0 we'll have symb_a == 0 condition. */
217 bool
221 {
225 {
227 {
232 }
234 {
239 }
241 {
246 }
248 {
253 }
255 {
260 }
262 {
267 }
269 {
273 }
274 }
275 }
277 /* Create new states for true and false branches.
278 Keep conditions in new created states. */
280 bool
283 {
287 /* Create new states and for true and false branches keep corresponding
288 conditions. */
292 /* Add true and false edges to the stack. */
294 }
296 /* If final states are less than two, add new FINAL_STATE and return true.
297 Otherwise, return false.
298 Supported CRC cases may not have more than two final states. */
300 {
303 else
304 {
309 }
311 }
313 /* Keep the state of the executed path in final states. */
316 {
321 {
325 }
329 }
331 /* Execute gimple statements of BB.
332 Keeping values of variables in the state. */
334 bool
337 {
340 {
343 {
346 }
348 {
350 {
354 }
356 {
358 }
359 /* Just skip debug statements. */
363 {
366 "Warning, encountered unsupported statement, "
369 }
370 }
371 }
373 /* Add each outgoing edge of the current block to the stack,
374 despite the edges going to the loop header.
375 This code isn't reachable if the last statement of the basic block
376 is a conditional statement or return statement.
377 Those cases are handled separately.
378 We mustn't encounter edges going to the CRC loop header. */
380 edge out_edge;
381 edge_iterator ei;
385 else
389 }
391 /* Assign values of phi instruction to its result.
392 Keep updated values in the state. */
394 bool
396 edge incoming_edge)
397 {
400 {
404 /* Check uses only when m_output_crc is known. */
409 /* Don't consider virtual operands. */
414 {
418 }
425 }
427 }
429 /* Execute all statements of BB.
430 Keeping values of variables in the state. */
432 bool
434 edge incoming_edge,
436 {
441 }
443 /* If the phi statements' result variables have initial constant value in the
444 beginning of the loop, initialize those variables. */
446 void
448 {
452 {
457 /* Don't consider virtual operands. */
464 {
466 {
471 }
474 }
475 }
476 }
478 /* If the phi statements' result variables have initial constant value in the
479 beginning of the loop, initialize those variables with
480 the value calculated during the previous iteration. */
482 bool
486 {
490 {
494 /* Don't consider virtual operands. */
500 {
507 {
509 {
513 }
515 }
517 {
519 {
524 }
526 }
527 else
528 {
530 {
534 }
535 unsigned HOST_WIDE_INT calc_number
538 calc_number);
540 }
541 }
542 }
544 }
546 /* Create initial state of the CRC_LOOP's header BB variables which have
547 constant values.
548 If it is the first iteration of the loop, initialise variables with the
549 initial values, otherwise initialise the variable with the value calculated
550 during the previous execution. */
552 state *
554 {
557 {
559 crc_loop))
562 }
563 else
566 }
568 /* Symbolically execute the CRC loop, doing one iteration. */
570 bool
572 {
588 /* Successor BB's are added into the stack
589 from the execute_bb_gimple_statements function. */
591 {
592 /* Look at the edge on the top of the stack. */
596 /* Get destination block of the edge. */
599 /* Execute only basic blocks of the m_crc_loop.
600 At the end of the execution path save states in final states. */
602 {
607 }
609 /* Execute statements. */
612 }
614 }
616 /* Determine which bit of the DATA must be 1.
617 We assume that last bit must be 1. */
619 unsigned HOST_WIDE_INT
621 {
623 /* This won't work correctly in the case when data's size is larger,
624 but MSB is checked for the middle bit. */
627 }
629 /* Assign appropriate values to data, CRC
630 and other phi results to calculate the polynomial. */
632 void
636 {
640 {
645 /* Don't consider virtual operands. */
650 {
652 {
656 }
659 is_shift_left));
660 }
662 {
664 {
668 }
672 }
673 else
674 {
678 {
680 {
685 }
688 }
689 else
690 {
692 {
697 }
701 }
702 }
703 }
704 }
706 /* Execute the loop, which calculates CRC with initial values,
707 to calculate the polynomial. */
709 bool
713 {
721 is_shift_left);
728 /* stack may not be empty. Successor BB's are added into the stack
729 from the execute_bb_gimple_statements function. */
731 {
732 /* Look at the edge on the top of the stack. */
736 /* Get dest block of the edge. */
739 /* Execute only basic blocks of the m_crc_loop. */
743 /* Execute statements. */
746 }
749 {
754 }
756 }
758 /* Return true if all bits of the POLYNOMIAL are constants (0 or 1).
759 Otherwise return false. */
761 bool
763 {
765 {
768 }
770 }
772 /* Execute the loop, which is expected to calculate CRC,
773 to extract polynomial, assigning real numbers to CRC and data.
774 Returns a pair, first value of the pair is the tree containing
775 the value of the polynomial, second is the calculated polynomial.
776 The pair may contain nullptr. */
780 tree calculated_crc,
782 {
787 {
792 }
795 /* CALCULATED_CRC contains the value of the polynomial
796 after one iteration of the loop. */
798 {
802 }
804 /* Get the value (bit vector) of the tree (it may be the polynomial). */
807 {
811 }
814 {
815 /* Note: It may not be the real polynomial.
816 If it's a bit reflected CRC,
817 then to get a real polynomial,
818 it must be reflected and 1 bit added. */
821 }
823 /* Check that polynomial's all bits are constants. */
825 {
829 }
832 }
835 /**************************** LFSR MATCHING *********************************/
838 /* Return true if CONST_BIT value equals to 1.
839 Otherwise, return false. */
841 bool
843 {
846 }
848 /* Return true if BIT is symbolic,
849 its index is same as LFSR bit's index (LFSR_BIT_INDEX)
850 and the origin is same as CRC_ORIGIN. */
852 bool
854 {
862 }
864 /* Return true if the BIT is a valid crc[LFSR_BIT_INDEX] ^ 1,
865 where i is a whole number and left part's origin is same as CRC_ORIGIN.
866 LFSR_BIT_INDEX is the index of the LFSR bit from the same position as in CRC.
868 If there is lfsr[8] at LFSR value vectors' 9-th bit,
869 when in the CRC vectors' 9-th bit's value must be
870 crc[8].
872 Otherwise, return false. */
874 bool
876 {
878 {
882 lfsr_bit_index);
884 }
886 }
888 /* Return true, if CONDITION_EXP checks CRC's MSB/LSB value
889 (under which xor is/not done).
890 Otherwise, return false. */
892 bool
895 {
902 /* The CONDITION_EXP of CRC may be a symbolic bit, if CRC is xor-ed with
903 the data, and updated CRC's significant bit is checked.
904 So, the CONDITION_EXP will be CRC's condition if it's origin is the same as
905 CRC_ORIGIN, and it's index equals to checked significant bit's index. */
907 {
911 }
912 /* The CONDITION_EXP of CRC may be a bit_xor_expression,
913 if CRC and data are xor-ed only for significant bit's check.
914 I.e. CONDITION_EXP in this case may be crc[]^data[].
915 So, the CONDITION_EXP will be CRC's condition if it's left or right
916 part's origin is the same as CRC_ORIGIN, and it's index equals to checked
917 significant bit's index. */
919 {
926 symbolic_bit *cond_left
928 symbolic_bit *cond_right
935 }
937 }
939 /* Check whether the condition is checked for significant bit being 0 or 1.
940 If IS_ONE is 1, when check whether the significant bit is 1 (xor branch),
941 if 0, whether the significant bit is 0 (not xor branch). */
943 bool
946 {
947 /* The CRC cases we detect must contain only one condition related to CRC. */
955 /* If the condition is for checking MSB/LSB, then
956 if is_one is 1 and the condition is for checking MSB/LSB being one, or
957 if is_one is 0 and condition is for checking MSB/LSB being 0
958 return true, otherwise - false. */
961 {
966 unsigned char comparison_val
973 }
975 }
977 /* Check whether LSB/MSB of LFSR and calculated (maybe)CRC match.
978 If MSB is checked in the CRC loop, then here we check LSB, or vice versa.
979 CHECKED_SB_VALUE indicates which state of CRC value is checked.
980 If the CHECKED_SB_VALUE is 1 - then xor-ed CRC value is checked,
981 otherwise, not xor-ed is checked. */
983 bool
986 {
987 /* If LFSR's MSB/LSB value is a constant (0 or 1),
988 then CRC's MSB/LSB must have the same value. */
990 {
996 }
997 /* If LFSR's MSB/LSB value is a symbolic_bit
998 (that means MSB/LSB of the polynomial is 1),
999 then CRC's MSB/LSB must be equal to CHECKED_SB_VALUE. */
1001 {
1006 }
1008 }
1010 /* Check whether significant bit of LFSR and calculated (maybe)CRC match. */
1012 bool
1015 {
1016 /* If it's bit-forward CRC, check 0 bit's value. */
1018 {
1024 }
1025 /* If it's bit-reversed CRC, check last bit's value. */
1027 {
1033 }
1034 else
1035 {
1038 }
1040 }
1042 /* Match the CRC to the LFSR, where CRC's all bit values are
1043 symbolic_bit or symbolic_bit ^ 1, besides MSB/LSB (it may be constant). */
1045 bool
1049 {
1051 /* Check whether significant bits of LFSR and CRC match. */
1056 {
1060 /* Check the case when in lfsr we have LFSR (i)^LFSR (SBi),
1061 where 0<i<LFSR_size and SBi is the index of MSB/LSB (LFSR_size-1/0).
1062 In that case in crc_state (resulting CRC)
1063 we must have crc (i) ^ 1 case, when condition is true
1064 and crc (i) when condition is false,
1065 (as CRC is xor-ed with the polynomial only if the LSB/MSB is one)
1066 where k is a whole number. */
1068 {
1071 /* Check CRC value of xor branch. */
1073 {
1076 }
1078 {
1081 }
1082 }
1083 /* Check the case when in LFSR we have LFSR (i), where 0<i<LFSR_size.
1084 In that case in resulting CRC we must have crc (i) case,
1085 when condition is true or condition is false.
1086 If we have just LFSR (i), that means polynomial's i ± 1 bit is 0,
1087 so despite CRC is xor-ed or not, we will have crc (i). */
1089 {
1093 }
1094 else
1095 {
1099 }
1100 }
1102 }
1104 /* Return origin of CRC_BIT.
1105 The first tree in loop, from which CRC's calculation is started. */
1107 tree
1109 {
1113 }
1115 /* Return origin of CRC_BIT. The first tree in loop, from which CRC's
1116 calculation is started. If the CRC_BIT is symbolic value, return its origin,
1117 otherwise return its left part's origin (right must be 1 if its CRC's
1118 value). */
1120 tree
1122 {
1127 {
1128 value_bit *crc_bit_left
1131 }
1133 }
1135 /* Determine and initialize significant bit index
1136 (if MSB is checked for CRC, then it's LSB index, and vice versa)
1137 and the remaining part's begin and end.
1138 SB_INDEX is the significant bit index.
1139 IT_BEG is the beginning of the remaining part.
1140 IT_END is the end of the remaining part. */
1142 void
1146 {
1149 {
1152 }
1153 else
1154 {
1158 }
1159 }
1161 /* Return true if CRC_STATE matches the LFSR, otherwise - false.
1162 LFSR - is created LFSR value for the given polynomial and CRC size.
1163 CRC_STATE - contains CRC's calculated value and execution path condition.
1164 IT_BEG and IT_END - are the border indexes of the value to be matched.
1165 SB_INDEX - is the significant bit index of the CRC value,
1166 which will be checked separately.
1167 IF MSB is checked for CRC, when sb_index will be the index of LSB.
1168 Otherwise, will be the index of MSB.
1169 CHECKED_SB_VALUE - is the significant bit's value (used for CRC's condition).
1170 If CHECKED_SB_VALUE is 1, it indicates that CRC_STATE is
1171 xor-ed path's state.
1172 If CHECKED_SB_VALUE is 0, then CRC_STATE is the state of the
1173 not xor branch. */
1175 bool
1179 {
1181 {
1184 }
1186 /* Get the origin (name) of the calculated CRC value.
1187 All bits must have the same origin. */
1195 /* Check whether CRC_VALUE and LFSR bits match. */
1198 }
1200 /* Return true if in the CRC_VALUE exists xor expression.
1201 Otherwise, return false. */
1203 bool
1205 {
1210 }
1212 /* Keep the value of calculated CRC. */
1214 value *
1216 {
1218 {
1222 }
1224 /* When the calculated CRC is constant, it's not possible to determine
1225 whether the CRC has been calculated. */
1227 {
1231 }
1233 /* Get calculated return value. */
1237 {
1241 }
1243 }
1245 /* Return true if all states from the FINAL_STATES match the LFSR,
1246 otherwise - false. */
1248 bool
1251 {
1253 {
1257 }
1262 /* LFSR's size must be equal to CRC's size. */
1267 /* Depending on whether it is bit-forward or reversed CRC,
1268 determine in which significant bit new value is added,
1269 to examine that bit separately.
1270 If in the CRC algorithm MSB (sb_index) is checked to be one for xor,
1271 then here we check LSB separately (marginal bit).
1272 If LSB (sb_index) is checked, then we separate MSB (marginal bit). */
1276 is_bit_forward);
1279 /* If first is not xor's state,
1280 then the second state is assumed to be xor's state. */
1282 {
1286 }
1288 /* If xor-ed CRC value doesn't match the LFSR value, return false. */
1293 /* If not xor-ed CRC value doesn't match the LFSR value, return false. */
1299 }