On Thu, 2023-12-14 at 21:20 -0800, Andrii Nakryiko wrote:
[...]
> > > can we detect that any register link is broken and force checkpoint here?
> >
> > Should be possible. I'll try this in the morning and check veristat results.
{still working on this}
> > By the way, I added some stats collection for find_equal_scalars() and see
> > the following results when run on ./test_progs:
> > - maximal number of registers with same id per call: 3
> > - average number of registers with same id per call: 1.4
>
> What if we keep 8 extra bytes in jump/instruction history and encode
> up to 8 linked registers/slots:
>
> 1. 1 bit to mark whether it's a src_reg set, or dst_reg set
> 2. 1 bit to mark whether it's a stack slot or register
> 3. 6 bits (0..63 values) to record register or slot number
>
> If we ever need more than 8 linked registers, we can just forcefully
> some "links" by resetting some IDs?
That should work as well.
Probably don't need src/dst bit, as backtracker marks both as precise
when processing conditional jump.
You mean "just forcefully [breaking] some "links" by resetting ...", right?
> BTW, is it only conditional jumps that need to record this linked
> register sets? Did we previously discuss why we don't need this for
> any other operation?
Don't think that we discussed it.
Here is my reasoning: the range transfer happens at find_equal_scalars()
which is called only from check_cond_jmp_op().
I think there are no other effects IDs have for scalar values.
Thus, covering conditional jumps seems sufficient.
