Subzero - Fast code generator for PNaCl bitcode
===============================================

Design
------

See the accompanying DESIGN.rst file for a more detailed technical overview of
Subzero.

Building
--------

Subzero is set up to be built within the Native Client tree.  Follow the
`Developing PNaCl
<https://sites.google.com/a/chromium.org/dev/nativeclient/pnacl/developing-pnacl>`_
instructions, in particular the section on building PNaCl sources.  This will
prepare the necessary external headers and libraries that Subzero needs.
Checking out the Native Client project also gets the pre-built clang and LLVM
tools in ``native_client/../third_party/llvm-build/Release+Asserts/bin`` which
are used for building Subzero.

The Subzero source is in ``native_client/toolchain_build/src/subzero``.  From
within that directory, ``git checkout master && git pull`` to get the latest
version of Subzero source code.

The Makefile is designed to be used as part of the higher level LLVM build
system.  To build manually, use the ``Makefile.standalone``.  There are several
build configurations from the command line::

    make -f Makefile.standalone
    make -f Makefile.standalone DEBUG=1
    make -f Makefile.standalone NOASSERT=1
    make -f Makefile.standalone DEBUG=1 NOASSERT=1
    make -f Makefile.standalone MINIMAL=1
    make -f Makefile.standalone ASAN=1
    make -f Makefile.standalone TSAN=1

``DEBUG=1`` builds without optimizations and is good when running the translator
inside a debugger.  ``NOASSERT=1`` disables assertions and is the preferred
configuration for performance testing the translator.  ``MINIMAL=1`` attempts to
minimize the size of the translator by compiling out everything unnecessary.
``ASAN=1`` enables AddressSanitizer, and ``TSAN=1`` enables ThreadSanitizer.

The result of the ``make`` command is the target ``pnacl-sz`` in the current
directory.

Building within LLVM trunk
--------------------------

Subzero can also be built from within a standard LLVM trunk checkout.  Here is
an example of how it can be checked out and built::

    mkdir llvm-git
    cd llvm-git
    git clone http://llvm.org/git/llvm.git
    cd llvm/projects/
    git clone https://chromium.googlesource.com/native_client/pnacl-subzero
    cd ../..
    mkdir build
    cd build
    cmake -G Ninja ../llvm/
    ninja
    ./bin/pnacl-sz -version

This creates a default build of ``pnacl-sz``; currently any options such as
``DEBUG=1`` or ``MINIMAL=1`` have to be added manually.

``pnacl-sz``
------------

The ``pnacl-sz`` program parses a pexe or an LLVM bitcode file and translates it
into ICE (Subzero's intermediate representation).  It then invokes the ICE
translate method to lower it to target-specific machine code, optionally dumping
the intermediate representation at various stages of the translation.

The program can be run as follows::

    ../pnacl-sz ./path/to/<file>.pexe
    ../pnacl-sz ./tests_lit/pnacl-sz_tests/<file>.ll

At this time, ``pnacl-sz`` accepts a number of arguments, including the
following:

    ``-help`` -- Show available arguments and possible values.  (Note: this
    unfortunately also pulls in some LLVM-specific options that are reported but
    that Subzero doesn't use.)

    ``-notranslate`` -- Suppress the ICE translation phase, which is useful if
    ICE is missing some support.

    ``-target=<TARGET>`` -- Set the target architecture.  The default is x8632.
    Future targets include x8664, arm32, and arm64.

    ``-filetype=obj|asm|iasm`` -- Select the output file type.  ``obj`` is a
    native ELF file, ``asm`` is a textual assembly file, and ``iasm`` is a
    low-level textual assembly file demonstrating the integrated assembler.

    ``-O<LEVEL>`` -- Set the optimization level.  Valid levels are ``2``, ``1``,
    ``0``, ``-1``, and ``m1``.  Levels ``-1`` and ``m1`` are synonyms, and
    represent the minimum optimization and worst code quality, but fastest code
    generation.

    ``-verbose=<list>`` -- Set verbosity flags.  This argument allows a
    comma-separated list of values.  The default is ``none``, and the value
    ``inst,pred`` will roughly match the .ll bitcode file.  Of particular use
    are ``all``, ``most``, and ``none``.

    ``-o <FILE>`` -- Set the assembly output file name.  Default is stdout.

    ``-log <FILE>`` -- Set the file name for diagnostic output (whose level is
    controlled by ``-verbose``).  Default is stdout.

    ``-timing`` -- Dump some pass timing information after translating the input
    file.

Running the test suite
----------------------

Subzero uses the LLVM ``lit`` testing tool for part of its test suite, which
lives in ``tests_lit``. To execute the test suite, first build Subzero, and then
run::

    make -f Makefile.standalone check-lit

There is also a suite of cross tests in the ``crosstest`` directory.  A cross
test takes a test bitcode file implementing some unit tests, and translates it
twice, once with Subzero and once with LLVM's known-good ``llc`` translator.
The Subzero-translated symbols are specially mangled to avoid multiple
definition errors from the linker.  Both translated versions are linked together
with a driver program that calls each version of each unit test with a variety
of interesting inputs and compares the results for equality.  The cross tests
are currently invoked by running::

    make -f Makefile.standalone check-xtest

Similar, there is a suite of unit tests::

    make -f Makefile.standalone check-unit

A convenient way to run the lit, cross, and unit tests is::

    make -f Makefile.standalone check

Assembling ``pnacl-sz`` output as needed
----------------------------------------

``pnacl-sz`` can now produce a native ELF binary using ``-filetype=obj``.

``pnacl-sz`` can also produce textual assembly code in a structure suitable for
input to ``llvm-mc``, using ``-filetype=asm`` or ``-filetype=iasm``.  An object
file can then be produced using the command::

    llvm-mc -triple=i686 -filetype=obj -o=MyObj.o

Building a translated binary
----------------------------

There is a helper script, ``pydir/szbuild.py``, that translates a finalized pexe
into a fully linked executable.  Run it with ``-help`` for extensive
documentation.

By default, ``szbuild.py`` builds an executable using only Subzero translation,
but it can also be used to produce hybrid Subzero/``llc`` binaries (``llc`` is
the name of the LLVM translator) for bisection-based debugging.  In bisection
debugging mode, the pexe is translated using both Subzero and ``llc``, and the
resulting object files are combined into a single executable using symbol
weakening and other linker tricks to control which Subzero symbols and which
``llc`` symbols take precedence.  This is controlled by the ``-include`` and
``-exclude`` arguments.  These can be used to rapidly find a single function
that Subzero translates incorrectly leading to incorrect output.

There is another helper script, ``pydir/szbuild_spec2k.py``, that runs
``szbuild.py`` on one or more components of the Spec2K suite.  This assumes that
Spec2K is set up in the usual place in the Native Client tree, and the finalized
pexe files have been built.  (Note: for working with Spec2K and other pexes,
it's helpful to finalize the pexe using ``--no-strip-syms``, to preserve the
original function and global variable names.)

Status
------

Subzero currently fully supports the x86-32 architecture, for both native and
Native Client sandboxing modes.  The x86-64 architecture is also supported in
native mode only, and only for the x32 flavor due to the fact that pointers and
32-bit integers are indistinguishable in PNaCl bitcode.  Sandboxing support for
x86-64 is in progress.  ARM and MIPS support is in progress.  Two optimization
levels, ``-Om1`` and ``-O2``, are implemented.

The ``-Om1`` configuration is designed to be the simplest and fastest possible,
with a minimal set of passes and transformations.

* Simple Phi lowering before target lowering, by generating temporaries and
  adding assignments to the end of predecessor blocks.

* Simple register allocation limited to pre-colored or infinite-weight
  Variables.

The ``-O2`` configuration is designed to use all optimizations available and
produce the best code.

* Address mode inference to leverage the complex x86 addressing modes.

* Compare/branch fusing based on liveness/last-use analysis.

* Global, linear-scan register allocation.

* Advanced phi lowering after target lowering and global register allocation,
  via edge splitting, topological sorting of the parallel moves, and final local
  register allocation.

* Stack slot coalescing to reduce frame size.

* Branch optimization to reduce the number of branches to the following block.