il.txt (37383B)
1 =========================== 2 QBE Intermediate Language 3 =========================== 4 5 6 7 - Table of Contents 8 ------------------- 9 10 1. <@ Basic Concepts > 11 * <@ Input Files > 12 * <@ BNF Notation > 13 * <@ Sigils > 14 * <@ Spacing > 15 2. <@ Types > 16 * <@ Simple Types > 17 * <@ Subtyping > 18 3. <@ Constants and Vals > 19 4. <@ Linkage > 20 5. <@ Definitions > 21 * <@ Aggregate Types > 22 * <@ Data > 23 * <@ Functions > 24 6. <@ Control > 25 * <@ Blocks > 26 * <@ Jumps > 27 7. <@ Instructions > 28 * <@ Arithmetic and Bits > 29 * <@ Memory > 30 * <@ Comparisons > 31 * <@ Conversions > 32 * <@ Cast and Copy > 33 * <@ Call > 34 * <@ Variadic > 35 * <@ Phi > 36 8. <@ Instructions Index > 37 38 - 1. Basic Concepts 39 ------------------- 40 41 The intermediate language (IL) is a higher-level language 42 than the machine's assembly language. It smoothes most 43 of the irregularities of the underlying hardware and 44 allows an infinite number of temporaries to be used. 45 This higher abstraction level lets frontend programmers 46 focus on language design issues. 47 48 ~ Input Files 49 ~~~~~~~~~~~~~ 50 51 The intermediate language is provided to QBE as text. 52 Usually, one file is generated per each compilation unit from 53 the frontend input language. An IL file is a sequence of 54 <@ Definitions > for data, functions, and types. Once 55 processed by QBE, the resulting file can be assembled and 56 linked using a standard toolchain (e.g., GNU binutils). 57 58 Here is a complete "Hello World" IL file which defines a 59 function that prints to the screen. Since the string is 60 not a first class object (only the pointer is) it is 61 defined outside the function's body. Comments start with 62 a # character and finish with the end of the line. 63 64 # Define the string constant. 65 data $str = { b "hello world", b 0 } 66 67 export function w $main() { 68 @start 69 # Call the puts function with $str as argument. 70 %r =w call $puts(l $str) 71 ret 0 72 } 73 74 If you have read the LLVM language reference, you might 75 recognize the example above. In comparison, QBE makes a 76 much lighter use of types and the syntax is terser. 77 78 ~ BNF Notation 79 ~~~~~~~~~~~~~~ 80 81 The language syntax is vaporously described in the sections 82 below using BNF syntax. The different BNF constructs used 83 are listed below. 84 85 * Keywords are enclosed between quotes; 86 * `... | ...` expresses alternatives; 87 * `( ... )` groups syntax; 88 * `[ ... ]` marks the nested syntax as optional; 89 * `( ... ),` designates a comma-separated list of the 90 enclosed syntax; 91 * `...*` and `...+` are used for arbitrary and 92 at-least-once repetition respectively. 93 94 ~ Sigils 95 ~~~~~~~~ 96 97 The intermediate language makes heavy use of sigils, all 98 user-defined names are prefixed with a sigil. This is 99 to avoid keyword conflicts, and also to quickly spot the 100 scope and nature of identifiers. 101 102 * `:` is for user-defined <@ Aggregate Types> 103 * `$` is for globals (represented by a pointer) 104 * `%` is for function-scope temporaries 105 * `@` is for block labels 106 107 In this BNF syntax, we use `?IDENT` to designate an identifier 108 starting with the sigil `?`. 109 110 ~ Spacing 111 ~~~~~~~~~ 112 113 `bnf 114 NL := '\n'+ 115 116 Individual tokens in IL files must be separated by one or 117 more spacing characters. Both spaces and tabs are recognized 118 as spacing characters. In data and type definitions, newlines 119 may also be used as spaces to prevent overly long lines. When 120 exactly one of two consecutive tokens is a symbol (for example 121 `,` or `=` or `{`), spacing may be omitted. 122 123 - 2. Types 124 ---------- 125 126 ~ Simple Types 127 ~~~~~~~~~~~~~~ 128 129 `bnf 130 BASETY := 'w' | 'l' | 's' | 'd' # Base types 131 EXTTY := BASETY | 'b' | 'h' # Extended types 132 133 The IL makes minimal use of types. By design, the types 134 used are restricted to what is necessary for unambiguous 135 compilation to machine code and C interfacing. Unlike LLVM, 136 QBE is not using types as a means to safety; they are only 137 here for semantic purposes. 138 139 The four base types are `w` (word), `l` (long), `s` (single), 140 and `d` (double), they stand respectively for 32-bit and 141 64-bit integers, and 32-bit and 64-bit floating-point numbers. 142 There are no pointer types available; pointers are typed 143 by an integer type sufficiently wide to represent all memory 144 addresses (e.g., `l` on 64-bit architectures). Temporaries 145 in the IL can only have a base type. 146 147 Extended types contain base types plus `b` (byte) and `h` 148 (half word), respectively for 8-bit and 16-bit integers. 149 They are used in <@ Aggregate Types> and <@ Data> definitions. 150 151 For C interfacing, the IL also provides user-defined aggregate 152 types as well as signed and unsigned variants of the sub-word 153 extended types. Read more about these types in the 154 <@ Aggregate Types > and <@ Functions > sections. 155 156 ~ Subtyping 157 ~~~~~~~~~~~ 158 159 The IL has a minimal subtyping feature, for integer types only. 160 Any value of type `l` can be used in a `w` context. In that 161 case, only the 32 least significant bits of the word value 162 are used. 163 164 Make note that it is the opposite of the usual subtyping on 165 integers (in C, we can safely use an `int` where a `long` 166 is expected). A long value cannot be used in word context. 167 The rationale is that a word can be signed or unsigned, so 168 extending it to a long could be done in two ways, either 169 by zero-extension, or by sign-extension. 170 171 - 3. Constants and Vals 172 ----------------------- 173 174 `bnf 175 CONST := 176 ['-'] NUMBER # Decimal integer 177 | 's_' FP # Single-precision float 178 | 'd_' FP # Double-precision float 179 | $IDENT # Global symbol 180 181 DYNCONST := 182 CONST 183 | 'thread' $IDENT # Thread-local symbol 184 185 VAL := 186 DYNCONST 187 | %IDENT 188 189 Constants come in two kinds: compile-time constants and 190 dynamic constants. Dynamic constants include compile-time 191 constants and other symbol variants that are only known at 192 program-load time or execution time. Consequently, dynamic 193 constants can only occur in function bodies. 194 195 The representation of integers is two's complement. 196 Floating-point numbers are represented using the 197 single-precision and double-precision formats of the 198 IEEE 754 standard. 199 200 Constants specify a sequence of bits and are untyped. 201 They are always parsed as 64-bit blobs. Depending on 202 the context surrounding a constant, only some of its 203 bits are used. For example, in the program below, the 204 two variables defined have the same value since the first 205 operand of the subtraction is a word (32-bit) context. 206 207 %x =w sub -1, 0 208 %y =w sub 4294967295, 0 209 210 Because specifying floating-point constants by their bits 211 makes the code less readable, syntactic sugar is provided 212 to express them. Standard scientific notation is prefixed 213 with `s_` and `d_` for single and double precision numbers 214 respectively. Once again, the following example defines twice 215 the same double-precision constant. 216 217 %x =d add d_0, d_-1 218 %y =d add d_0, -4616189618054758400 219 220 Global symbols can also be used directly as constants; 221 they will be resolved and turned into actual numeric 222 constants by the linker. 223 224 When the `thread` keyword prefixes a symbol name, the 225 symbol's numeric value is resolved at runtime in the 226 thread-local storage. 227 228 Vals are used as arguments in regular, phi, and jump 229 instructions within function definitions. They are 230 either constants or function-scope temporaries. 231 232 - 4. Linkage 233 ------------ 234 235 `bnf 236 LINKAGE := 237 'export' [NL] 238 | 'thread' [NL] 239 | 'section' SECNAME [NL] 240 | 'section' SECNAME SECFLAGS [NL] 241 242 SECNAME := '"' .... '"' 243 SECFLAGS := '"' .... '"' 244 245 Function and data definitions (see below) can specify 246 linkage information to be passed to the assembler and 247 eventually to the linker. 248 249 The `export` linkage flag marks the defined item as 250 visible outside the current file's scope. If absent, 251 the symbol can only be referred to locally. Functions 252 compiled by QBE and called from C need to be exported. 253 254 The `thread` linkage flag can only qualify data 255 definitions. It mandates that the object defined is 256 stored in thread-local storage. Each time a runtime 257 thread starts, the supporting platform runtime is in 258 charge of making a new copy of the object for the 259 fresh thread. Objects in thread-local storage must 260 be accessed using the `thread $IDENT` syntax, as 261 specified in the <@ Constants and Vals > section. 262 263 A `section` flag can be specified to tell the linker to 264 put the defined item in a certain section. The use of 265 the section flag is platform dependent and we refer the 266 user to the documentation of their assembler and linker 267 for relevant information. 268 269 section ".init_array" 270 data $.init.f = { l $f } 271 272 The section flag can be used to add function pointers to 273 a global initialization list, as depicted above. Note 274 that some platforms provide a BSS section that can be 275 used to minimize the footprint of uniformly zeroed data. 276 When this section is available, QBE will automatically 277 make use of it and no section flag is required. 278 279 The section and export linkage flags should each appear 280 at most once in a definition. If multiple occurrences 281 are present, QBE is free to use any. 282 283 - 5. Definitions 284 ---------------- 285 286 Definitions are the essential components of an IL file. 287 They can define three types of objects: aggregate types, 288 data, and functions. Aggregate types are never exported 289 and do not compile to any code. Data and function 290 definitions have file scope and are mutually recursive 291 (even across IL files). Their visibility can be controlled 292 using linkage flags. 293 294 ~ Aggregate Types 295 ~~~~~~~~~~~~~~~~~ 296 297 `bnf 298 TYPEDEF := 299 # Regular type 300 'type' :IDENT '=' ['align' NUMBER] 301 '{' 302 ( SUBTY [NUMBER] ), 303 '}' 304 | # Union type 305 'type' :IDENT '=' ['align' NUMBER] 306 '{' 307 ( 308 '{' 309 ( SUBTY [NUMBER] ), 310 '}' 311 )+ 312 '}' 313 | # Opaque type 314 'type' :IDENT '=' 'align' NUMBER '{' NUMBER '}' 315 316 SUBTY := EXTTY | :IDENT 317 318 Aggregate type definitions start with the `type` keyword. 319 They have file scope, but types must be defined before being 320 referenced. The inner structure of a type is expressed by a 321 comma-separated list of types enclosed in curly braces. 322 323 type :fourfloats = { s, s, d, d } 324 325 For ease of IL generation, a trailing comma is tolerated by 326 the parser. In case many items of the same type are 327 sequenced (like in a C array), the shorter array syntax 328 can be used. 329 330 type :abyteandmanywords = { b, w 100 } 331 332 By default, the alignment of an aggregate type is the 333 maximum alignment of its members. The alignment can be 334 explicitly specified by the programmer. 335 336 type :cryptovector = align 16 { w 4 } 337 338 Union types allow the same chunk of memory to be used with 339 different layouts. They are defined by enclosing multiple 340 regular aggregate type bodies in a pair of curly braces. 341 Size and alignment of union types are set to the maximum size 342 and alignment of each variation or, in the case of alignment, 343 can be explicitly specified. 344 345 type :un9 = { { b } { s } } 346 347 Opaque types are used when the inner structure of an 348 aggregate cannot be specified; the alignment for opaque 349 types is mandatory. They are defined simply by enclosing 350 their size between curly braces. 351 352 type :opaque = align 16 { 32 } 353 354 ~ Data 355 ~~~~~~ 356 357 `bnf 358 DATADEF := 359 LINKAGE* 360 'data' $IDENT '=' ['align' NUMBER] 361 '{' 362 ( EXTTY DATAITEM+ 363 | 'z' NUMBER ), 364 '}' 365 366 DATAITEM := 367 $IDENT ['+' NUMBER] # Symbol and offset 368 | '"' ... '"' # String 369 | CONST # Constant 370 371 Data definitions express objects that will be emitted in the 372 compiled file. Their visibility and location in the compiled 373 artifact are controlled with linkage flags described in the 374 <@ Linkage > section. 375 376 They define a global identifier (starting with the sigil 377 `$`), that will contain a pointer to the object specified 378 by the definition. 379 380 Objects are described by a sequence of fields that start with 381 a type letter. This letter can either be an extended type, 382 or the `z` letter. If the letter used is an extended type, 383 the data item following specifies the bits to be stored in 384 the field. When several data items follow a letter, they 385 initialize multiple fields of the same size. 386 387 The members of a struct will be packed. This means that 388 padding has to be emitted by the frontend when necessary. 389 Alignment of the whole data objects can be manually specified, 390 and when no alignment is provided, the maximum alignment from 391 the platform is used. 392 393 When the `z` letter is used the number following indicates 394 the size of the field; the contents of the field are zero 395 initialized. It can be used to add padding between fields 396 or zero-initialize big arrays. 397 398 Here are various examples of data definitions. 399 400 # Three 32-bit values 1, 2, and 3 401 # followed by a 0 byte. 402 data $a = { w 1 2 3, b 0 } 403 404 # A thousand bytes 0 initialized. 405 data $b = { z 1000 } 406 407 # An object containing two 64-bit 408 # fields, one with all bits sets and the 409 # other containing a pointer to the 410 # object itself. 411 data $c = { l -1, l $c } 412 413 ~ Functions 414 ~~~~~~~~~~~ 415 416 `bnf 417 FUNCDEF := 418 LINKAGE* 419 'function' [ABITY] $IDENT '(' (PARAM), ')' [NL] 420 '{' NL 421 BLOCK+ 422 '}' 423 424 PARAM := 425 ABITY %IDENT # Regular parameter 426 | 'env' %IDENT # Environment parameter (first) 427 | '...' # Variadic marker (last) 428 429 SUBWTY := 'sb' | 'ub' | 'sh' | 'uh' # Sub-word types 430 ABITY := BASETY | SUBWTY | :IDENT 431 432 Function definitions contain the actual code to emit in 433 the compiled file. They define a global symbol that 434 contains a pointer to the function code. This pointer 435 can be used in `call` instructions or stored in memory. 436 437 The type given right before the function name is the 438 return type of the function. All return values of this 439 function must have this return type. If the return 440 type is missing, the function must not return any value. 441 442 The parameter list is a comma separated list of distinct 443 temporary names prefixed by types. The types are used 444 to correctly implement C compatibility. When an argument 445 has an aggregate type, a pointer to the aggregate is passed 446 by the caller. In the example below, we have to use a load 447 instruction to get the value of the first (and only) 448 member of the struct. 449 450 type :one = { w } 451 452 function w $getone(:one %p) { 453 @start 454 %val =w loadw %p 455 ret %val 456 } 457 458 If a function accepts or returns values that are smaller 459 than a word, such as `signed char` or `unsigned short` in C, 460 one of the sub-word type must be used. The sub-word types 461 `sb`, `ub`, `sh`, and `uh` stand, respectively, for signed 462 and unsigned 8-bit values, and signed and unsigned 16-bit 463 values. Parameters associated with a sub-word type of bit 464 width N only have their N least significant bits set and 465 have base type `w`. For example, the function 466 467 function w $addbyte(w %a, sb %b) { 468 @start 469 %bw =w extsb %b 470 %val =w add %a, %bw 471 ret %val 472 } 473 474 needs to sign-extend its second argument before the 475 addition. Dually, return values with sub-word types do 476 not need to be sign or zero extended. 477 478 If the parameter list ends with `...`, the function is 479 a variadic function: it can accept a variable number of 480 arguments. To access the extra arguments provided by 481 the caller, use the `vastart` and `vaarg` instructions 482 described in the <@ Variadic > section. 483 484 Optionally, the parameter list can start with an 485 environment parameter `env %e`. This special parameter is 486 a 64-bit integer temporary (i.e., of type `l`). If the 487 function does not use its environment parameter, callers 488 can safely omit it. This parameter is invisible to a C 489 caller: for example, the function 490 491 export function w $add(env %e, w %a, w %b) { 492 @start 493 %c =w add %a, %b 494 ret %c 495 } 496 497 must be given the C prototype `int add(int, int)`. 498 The intended use of this feature is to pass the 499 environment pointer of closures while retaining a 500 very good compatibility with C. The <@ Call > section 501 explains how to pass an environment parameter. 502 503 Since global symbols are defined mutually recursive, 504 there is no need for function declarations: a function 505 can be referenced before its definition. 506 Similarly, functions from other modules can be used 507 without previous declaration. All the type information 508 necessary to compile a call is in the instruction itself. 509 510 The syntax and semantics for the body of functions 511 are described in the <@ Control > section. 512 513 - 6. Control 514 ------------ 515 516 The IL represents programs as textual transcriptions of 517 control flow graphs. The control flow is serialized as 518 a sequence of blocks of straight-line code which are 519 connected using jump instructions. 520 521 ~ Blocks 522 ~~~~~~~~ 523 524 `bnf 525 BLOCK := 526 @IDENT NL # Block label 527 ( PHI NL )* # Phi instructions 528 ( INST NL )* # Regular instructions 529 JUMP NL # Jump or return 530 531 All blocks have a name that is specified by a label at 532 their beginning. Then follows a sequence of instructions 533 that have "fall-through" flow. Finally one jump terminates 534 the block. The jump can either transfer control to another 535 block of the same function or return; jumps are described 536 further below. 537 538 The first block in a function must not be the target of 539 any jump in the program. If a jump to the function start 540 is needed, the frontend must insert an empty prelude block 541 at the beginning of the function. 542 543 When one block jumps to the next block in the IL file, 544 it is not necessary to write the jump instruction, it 545 will be automatically added by the parser. For example 546 the start block in the example below jumps directly 547 to the loop block. 548 549 function $loop() { 550 @start 551 @loop 552 %x =w phi @start 100, @loop %x1 553 %x1 =w sub %x, 1 554 jnz %x1, @loop, @end 555 @end 556 ret 557 } 558 559 ~ Jumps 560 ~~~~~~~ 561 562 `bnf 563 JUMP := 564 'jmp' @IDENT # Unconditional 565 | 'jnz' VAL, @IDENT, @IDENT # Conditional 566 | 'ret' [VAL] # Return 567 | 'hlt' # Termination 568 569 A jump instruction ends every block and transfers the 570 control to another program location. The target of 571 a jump must never be the first block in a function. 572 The three kinds of jumps available are described in 573 the following list. 574 575 1. Unconditional jump. 576 577 Simply jumps to another block of the same function. 578 579 2. Conditional jump. 580 581 When its word argument is non-zero, it jumps to its 582 first label argument; otherwise it jumps to the other 583 label. The argument must be of word type; because of 584 subtyping a long argument can be passed, but only its 585 least significant 32 bits will be compared to 0. 586 587 3. Function return. 588 589 Terminates the execution of the current function, 590 optionally returning a value to the caller. The value 591 returned must be of the type given in the function 592 prototype. If the function prototype does not specify 593 a return type, no return value can be used. 594 595 4. Program termination. 596 597 Terminates the execution of the program with a 598 target-dependent error. This instruction can be used 599 when it is expected that the execution never reaches 600 the end of the block it closes; for example, after 601 having called a function such as `exit()`. 602 603 - 7. Instructions 604 ----------------- 605 606 Instructions are the smallest piece of code in the IL, they 607 form the body of <@ Blocks >. The IL uses a three-address 608 code, which means that one instruction computes an operation 609 between two operands and assigns the result to a third one. 610 611 An instruction has both a name and a return type, this 612 return type is a base type that defines the size of the 613 instruction's result. The type of the arguments can be 614 unambiguously inferred using the instruction name and the 615 return type. For example, for all arithmetic instructions, 616 the type of the arguments is the same as the return type. 617 The two additions below are valid if `%y` is a word or a long 618 (because of <@ Subtyping >). 619 620 %x =w add 0, %y 621 %z =w add %x, %x 622 623 Some instructions, like comparisons and memory loads 624 have operand types that differ from their return types. 625 For instance, two floating points can be compared to give a 626 word result (0 if the comparison succeeds, 1 if it fails). 627 628 %c =w cgts %a, %b 629 630 In the example above, both operands have to have single type. 631 This is made explicit by the instruction suffix. 632 633 The types of instructions are described below using a short 634 type string. A type string specifies all the valid return 635 types an instruction can have, its arity, and the type of 636 its arguments depending on its return type. 637 638 Type strings begin with acceptable return types, then 639 follows, in parentheses, the possible types for the arguments. 640 If the N-th return type of the type string is used for an 641 instruction, the arguments must use the N-th type listed for 642 them in the type string. When an instruction does not have a 643 return type, the type string only contains the types of the 644 arguments. 645 646 The following abbreviations are used. 647 648 * `T` stands for `wlsd` 649 * `I` stands for `wl` 650 * `F` stands for `sd` 651 * `m` stands for the type of pointers on the target; on 652 64-bit architectures it is the same as `l` 653 654 For example, consider the type string `wl(F)`, it mentions 655 that the instruction has only one argument and that if the 656 return type used is long, the argument must be of type double. 657 658 ~ Arithmetic and Bits 659 ~~~~~~~~~~~~~~~~~~~~~ 660 661 * `add`, `sub`, `div`, `mul` -- `T(T,T)` 662 * `neg` -- `T(T)` 663 * `udiv`, `rem`, `urem` -- `I(I,I)` 664 * `or`, `xor`, `and` -- `I(I,I)` 665 * `sar`, `shr`, `shl` -- `I(I,ww)` 666 667 The base arithmetic instructions in the first bullet are 668 available for all types, integers and floating points. 669 670 When `div` is used with word or long return type, the 671 arguments are treated as signed. The unsigned integral 672 division is available as `udiv` instruction. When the 673 result of a division is not an integer, it is truncated 674 towards zero. 675 676 The signed and unsigned remainder operations are available 677 as `rem` and `urem`. The sign of the remainder is the same 678 as the one of the dividend. Its magnitude is smaller than 679 the divisor one. These two instructions and `udiv` are only 680 available with integer arguments and result. 681 682 Bitwise OR, AND, and XOR operations are available for both 683 integer types. Logical operations of typical programming 684 languages can be implemented using <@ Comparisons > and 685 <@ Jumps >. 686 687 Shift instructions `sar`, `shr`, and `shl`, shift right or 688 left their first operand by the amount from the second 689 operand. The shifting amount is taken modulo the size of 690 the result type. Shifting right can either preserve the 691 sign of the value (using `sar`), or fill the newly freed 692 bits with zeroes (using `shr`). Shifting left always 693 fills the freed bits with zeroes. 694 695 Remark that an arithmetic shift right (`sar`) is only 696 equivalent to a division by a power of two for non-negative 697 numbers. This is because the shift right "truncates" 698 towards minus infinity, while the division truncates 699 towards zero. 700 701 ~ Memory 702 ~~~~~~~~ 703 704 * Store instructions. 705 706 * `stored` -- `(d,m)` 707 * `stores` -- `(s,m)` 708 * `storel` -- `(l,m)` 709 * `storew` -- `(w,m)` 710 * `storeh` -- `(w,m)` 711 * `storeb` -- `(w,m)` 712 713 Store instructions exist to store a value of any base type 714 and any extended type. Since halfwords and bytes are not 715 first class in the IL, `storeh` and `storeb` take a word 716 as argument. Only the first 16 or 8 bits of this word will 717 be stored in memory at the address specified in the second 718 argument. 719 720 * Load instructions. 721 722 * `loadd` -- `d(m)` 723 * `loads` -- `s(m)` 724 * `loadl` -- `l(m)` 725 * `loadsw`, `loaduw` -- `I(mm)` 726 * `loadsh`, `loaduh` -- `I(mm)` 727 * `loadsb`, `loadub` -- `I(mm)` 728 729 For types smaller than long, two variants of the load 730 instruction are available: one will sign extend the loaded 731 value, while the other will zero extend it. Note that 732 all loads smaller than long can load to either a long or 733 a word. 734 735 The two instructions `loadsw` and `loaduw` have the same 736 effect when they are used to define a word temporary. 737 A `loadw` instruction is provided as syntactic sugar for 738 `loadsw` to make explicit that the extension mechanism 739 used is irrelevant. 740 741 * Blits. 742 743 * `blit` -- `(m,m,w)` 744 745 The blit instruction copies in-memory data from its 746 first address argument to its second address argument. 747 The third argument is the number of bytes to copy. The 748 source and destination spans are required to be either 749 non-overlapping, or fully overlapping (source address 750 identical to the destination address). The byte count 751 argument must be a nonnegative numeric constant; it 752 cannot be a temporary. 753 754 One blit instruction may generate a number of 755 instructions proportional to its byte count argument, 756 consequently, it is recommended to keep this argument 757 relatively small. If large copies are necessary, it is 758 preferable that frontends generate calls to a supporting 759 `memcpy` function. 760 761 * Stack allocation. 762 763 * `alloc4` -- `m(l)` 764 * `alloc8` -- `m(l)` 765 * `alloc16` -- `m(l)` 766 767 These instructions allocate a chunk of memory on the 768 stack. The number ending the instruction name is the 769 alignment required for the allocated slot. QBE will 770 make sure that the returned address is a multiple of 771 that alignment value. 772 773 Stack allocation instructions are used, for example, 774 when compiling the C local variables, because their 775 address can be taken. When compiling Fortran, 776 temporaries can be used directly instead, because 777 it is illegal to take the address of a variable. 778 779 The following example makes use of some of the memory 780 instructions. Pointers are stored in long temporaries. 781 782 %A0 =l alloc4 8 # stack allocate an array A of 2 words 783 %A1 =l add %A0, 4 784 storew 43, %A0 # A[0] <- 43 785 storew 255, %A1 # A[1] <- 255 786 %v1 =w loadw %A0 # %v1 <- A[0] as word 787 %v2 =w loadsb %A1 # %v2 <- A[1] as signed byte 788 %v3 =w add %v1, %v2 # %v3 is 42 here 789 790 ~ Comparisons 791 ~~~~~~~~~~~~~ 792 793 Comparison instructions return an integer value (either a word 794 or a long), and compare values of arbitrary types. The returned 795 value is 1 if the two operands satisfy the comparison 796 relation, or 0 otherwise. The names of comparisons respect 797 a standard naming scheme in three parts. 798 799 1. All comparisons start with the letter `c`. 800 801 2. Then comes a comparison type. The following 802 types are available for integer comparisons: 803 804 * `eq` for equality 805 * `ne` for inequality 806 * `sle` for signed lower or equal 807 * `slt` for signed lower 808 * `sge` for signed greater or equal 809 * `sgt` for signed greater 810 * `ule` for unsigned lower or equal 811 * `ult` for unsigned lower 812 * `uge` for unsigned greater or equal 813 * `ugt` for unsigned greater 814 815 Floating point comparisons use one of these types: 816 817 * `eq` for equality 818 * `ne` for inequality 819 * `le` for lower or equal 820 * `lt` for lower 821 * `ge` for greater or equal 822 * `gt` for greater 823 * `o` for ordered (no operand is a NaN) 824 * `uo` for unordered (at least one operand is a NaN) 825 826 Because floating point types always have a sign bit, 827 all the comparisons available are signed. 828 829 3. Finally, the instruction name is terminated with a 830 basic type suffix precising the type of the operands 831 to be compared. 832 833 For example, `cod` (`I(dd,dd)`) compares two double-precision 834 floating point numbers and returns 1 if the two floating points 835 are not NaNs, or 0 otherwise. The `csltw` (`I(ww,ww)`) 836 instruction compares two words representing signed numbers and 837 returns 1 when the first argument is smaller than the second one. 838 839 ~ Conversions 840 ~~~~~~~~~~~~~ 841 842 Conversion operations change the representation of a value, 843 possibly modifying it if the target type cannot hold the value 844 of the source type. Conversions can extend the precision of a 845 temporary (e.g., from signed 8-bit to 32-bit), or convert a 846 floating point into an integer and vice versa. 847 848 * `extsw`, `extuw` -- `l(w)` 849 * `extsh`, `extuh` -- `I(ww)` 850 * `extsb`, `extub` -- `I(ww)` 851 * `exts` -- `d(s)` 852 * `truncd` -- `s(d)` 853 * `stosi` -- `I(ss)` 854 * `stoui` -- `I(ss)` 855 * `dtosi` -- `I(dd)` 856 * `dtoui` -- `I(dd)` 857 * `swtof` -- `F(ww)` 858 * `uwtof` -- `F(ww)` 859 * `sltof` -- `F(ll)` 860 * `ultof` -- `F(ll)` 861 862 Extending the precision of a temporary is done using the 863 `ext` family of instructions. Because QBE types do not 864 specify the signedness (like in LLVM), extension instructions 865 exist to sign-extend and zero-extend a value. For example, 866 `extsb` takes a word argument and sign-extends the 8 867 least-significant bits to a full word or long, depending on 868 the return type. 869 870 The instructions `exts` (extend single) and `truncd` (truncate 871 double) are provided to change the precision of a floating 872 point value. When the double argument of `truncd` cannot 873 be represented as a single-precision floating point, it is 874 truncated towards zero. 875 876 Converting between signed integers and floating points is done 877 using `stosi` (single to signed integer), `stoui` (single to 878 unsigned integer, `dtosi` (double to signed integer), `dtoui` 879 (double to unsigned integer), `swtof` (signed word to float), 880 `uwtof` (unsigned word to float), `sltof` (signed long to 881 float) and `ultof` (unsigned long to float). 882 883 Because of <@ Subtyping >, there is no need to have an 884 instruction to lower the precision of an integer temporary. 885 886 ~ Cast and Copy 887 ~~~~~~~~~~~~~~~ 888 889 The `cast` and `copy` instructions return the bits of their 890 argument verbatim. However a `cast` will change an integer 891 into a floating point of the same width and vice versa. 892 893 * `cast` -- `wlsd(sdwl)` 894 * `copy` -- `T(T)` 895 896 Casts can be used to make bitwise operations on the 897 representation of floating point numbers. For example 898 the following program will compute the opposite of the 899 single-precision floating point number `%f` into `%rs`. 900 901 %b0 =w cast %f 902 %b1 =w xor 2147483648, %b0 # flip the msb 903 %rs =s cast %b1 904 905 ~ Call 906 ~~~~~~ 907 908 `bnf 909 CALL := [%IDENT '=' ABITY] 'call' VAL '(' (ARG), ')' 910 911 ARG := 912 ABITY VAL # Regular argument 913 | 'env' VAL # Environment argument (first) 914 | '...' # Variadic marker 915 916 SUBWTY := 'sb' | 'ub' | 'sh' | 'uh' # Sub-word types 917 ABITY := BASETY | SUBWTY | :IDENT 918 919 The call instruction is special in several ways. It is not 920 a three-address instruction and requires the type of all 921 its arguments to be given. Also, the return type can be 922 either a base type or an aggregate type. These specifics 923 are required to compile calls with C compatibility (i.e., 924 to respect the ABI). 925 926 When an aggregate type is used as argument type or return 927 type, the value respectively passed or returned needs to be 928 a pointer to a memory location holding the value. This is 929 because aggregate types are not first-class citizens of 930 the IL. 931 932 Sub-word types are used for arguments and return values 933 of width less than a word. Details on these types are 934 presented in the <@ Functions > section. Arguments with 935 sub-word types need not be sign or zero extended according 936 to their type. Calls with a sub-word return type define 937 a temporary of base type `w` with its most significant bits 938 unspecified. 939 940 Unless the called function does not return a value, a 941 return temporary must be specified, even if it is never 942 used afterwards. 943 944 An environment parameter can be passed as first argument 945 using the `env` keyword. The passed value must be a 64-bit 946 integer. If the called function does not expect an environment 947 parameter, it will be safely discarded. See the <@ Functions > 948 section for more information about environment parameters. 949 950 When the called function is variadic, there must be a `...` 951 marker separating the named and variadic arguments. 952 953 ~ Variadic 954 ~~~~~~~~~~ 955 956 The `vastart` and `vaarg` instructions provide a portable 957 way to access the extra parameters of a variadic function. 958 959 * `vastart` -- `(m)` 960 * `vaarg` -- `T(mmmm)` 961 962 The `vastart` instruction initializes a *variable argument 963 list* used to access the extra parameters of the enclosing 964 variadic function. It is safe to call it multiple times. 965 966 The `vaarg` instruction fetches the next argument from 967 a variable argument list. It is currently limited to 968 fetching arguments that have a base type. This instruction 969 is essentially effectful: calling it twice in a row will 970 return two consecutive arguments from the argument list. 971 972 Both instructions take a pointer to a variable argument 973 list as sole argument. The size and alignment of variable 974 argument lists depend on the target used. However, it 975 is possible to conservatively use the maximum size and 976 alignment required by all the targets. 977 978 type :valist = align 8 { 24 } # For amd64_sysv 979 type :valist = align 8 { 32 } # For arm64 980 type :valist = align 8 { 8 } # For rv64 981 982 The following example defines a variadic function adding 983 its first three arguments. 984 985 function s $add3(s %a, ...) { 986 @start 987 %ap =l alloc8 32 988 vastart %ap 989 %r =s call $vadd(s %a, l %ap) 990 ret %r 991 } 992 993 function s $vadd(s %a, l %ap) { 994 @start 995 %b =s vaarg %ap 996 %c =s vaarg %ap 997 %d =s add %a, %b 998 %e =s add %d, %c 999 ret %e 1000 } 1001 1002 ~ Phi 1003 ~~~~~ 1004 1005 `bnf 1006 PHI := %IDENT '=' BASETY 'phi' ( @IDENT VAL ), 1007 1008 First and foremost, phi instructions are NOT necessary when 1009 writing a frontend to QBE. One solution to avoid having to 1010 deal with SSA form is to use stack allocated variables for 1011 all source program variables and perform assignments and 1012 lookups using <@ Memory > operations. This is what LLVM 1013 users typically do. 1014 1015 Another solution is to simply emit code that is not in SSA 1016 form! Contrary to LLVM, QBE is able to fixup programs not 1017 in SSA form without requiring the boilerplate of loading 1018 and storing in memory. For example, the following program 1019 will be correctly compiled by QBE. 1020 1021 @start 1022 %x =w copy 100 1023 %s =w copy 0 1024 @loop 1025 %s =w add %s, %x 1026 %x =w sub %x, 1 1027 jnz %x, @loop, @end 1028 @end 1029 ret %s 1030 1031 Now, if you want to know what phi instructions are and how 1032 to use them in QBE, you can read the following. 1033 1034 Phi instructions are specific to SSA form. In SSA form 1035 values can only be assigned once, without phi instructions, 1036 this requirement is too strong to represent many programs. 1037 For example consider the following C program. 1038 1039 int f(int x) { 1040 int y; 1041 if (x) 1042 y = 1; 1043 else 1044 y = 2; 1045 return y; 1046 } 1047 1048 The variable `y` is assigned twice, the solution to 1049 translate it in SSA form is to insert a phi instruction. 1050 1051 @ifstmt 1052 jnz %x, @ift, @iff 1053 @ift 1054 jmp @retstmt 1055 @iff 1056 jmp @retstmt 1057 @retstmt 1058 %y =w phi @ift 1, @iff 2 1059 ret %y 1060 1061 Phi instructions return one of their arguments depending 1062 on where the control came from. In the example, `%y` is 1063 set to 1 if the `@ift` branch is taken, or it is set to 1064 2 otherwise. 1065 1066 An important remark about phi instructions is that QBE 1067 assumes that if a variable is defined by a phi it respects 1068 all the SSA invariants. So it is critical to not use phi 1069 instructions unless you know exactly what you are doing. 1070 1071 - 8. Instructions Index 1072 ----------------------- 1073 1074 * <@ Arithmetic and Bits >: 1075 1076 * `add` 1077 * `and` 1078 * `div` 1079 * `mul` 1080 * `neg` 1081 * `or` 1082 * `rem` 1083 * `sar` 1084 * `shl` 1085 * `shr` 1086 * `sub` 1087 * `udiv` 1088 * `urem` 1089 * `xor` 1090 1091 * <@ Memory >: 1092 1093 * `alloc16` 1094 * `alloc4` 1095 * `alloc8` 1096 * `blit` 1097 * `loadd` 1098 * `loadl` 1099 * `loads` 1100 * `loadsb` 1101 * `loadsh` 1102 * `loadsw` 1103 * `loadub` 1104 * `loaduh` 1105 * `loaduw` 1106 * `loadw` 1107 * `storeb` 1108 * `stored` 1109 * `storeh` 1110 * `storel` 1111 * `stores` 1112 * `storew` 1113 1114 * <@ Comparisons >: 1115 1116 * `ceqd` 1117 * `ceql` 1118 * `ceqs` 1119 * `ceqw` 1120 * `cged` 1121 * `cges` 1122 * `cgtd` 1123 * `cgts` 1124 * `cled` 1125 * `cles` 1126 * `cltd` 1127 * `clts` 1128 * `cned` 1129 * `cnel` 1130 * `cnes` 1131 * `cnew` 1132 * `cod` 1133 * `cos` 1134 * `csgel` 1135 * `csgew` 1136 * `csgtl` 1137 * `csgtw` 1138 * `cslel` 1139 * `cslew` 1140 * `csltl` 1141 * `csltw` 1142 * `cugel` 1143 * `cugew` 1144 * `cugtl` 1145 * `cugtw` 1146 * `culel` 1147 * `culew` 1148 * `cultl` 1149 * `cultw` 1150 * `cuod` 1151 * `cuos` 1152 1153 * <@ Conversions >: 1154 1155 * `dtosi` 1156 * `dtoui` 1157 * `exts` 1158 * `extsb` 1159 * `extsh` 1160 * `extsw` 1161 * `extub` 1162 * `extuh` 1163 * `extuw` 1164 * `sltof` 1165 * `ultof` 1166 * `stosi` 1167 * `stoui` 1168 * `swtof` 1169 * `uwtof` 1170 * `truncd` 1171 1172 * <@ Cast and Copy > : 1173 1174 * `cast` 1175 * `copy` 1176 1177 * <@ Call >: 1178 1179 * `call` 1180 1181 * <@ Variadic >: 1182 1183 * `vastart` 1184 * `vaarg` 1185 1186 * <@ Phi >: 1187 1188 * `phi` 1189 1190 * <@ Jumps >: 1191 1192 * `hlt` 1193 * `jmp` 1194 * `jnz` 1195 * `ret`