Rough draft MIR dataflow

Author: ecstatic-morse

src/SUMMARY.md

@@ -82,6 +82,7 @@
         - [MIR visitor and traversal](./mir/visitor.md)
         - [MIR passes: getting the MIR for a function](./mir/passes.md)
         - [MIR optimizations](./mir/optimizations.md)
+        - [Data-flow Analysis](./mir/dataflow.md)
         - [Debugging](./mir/debugging.md)
     - [The borrow checker](./borrow_check.md)
         - [Tracking moves and initialization](./borrow_check/moves_and_initialization.md)

src/mir/dataflow.md

@@ -0,0 +1,159 @@
+# Data-flow Analysis
+
+If you work on the MIR, you will frequently come across various flavors of
+[data-flow analysis][wiki]. For example, `rustc` uses data-flow to find
+uninitialized variables, determine what variables are live across a generator
+`yield` statement, and compute which `Place`s are borrowed at a given point in
+the control-flow graph.
+
+Since data-flow analysis is such a fundamental concept in modern compilers, there
+are ample resources for those who are not yet familiar. [*Static
+Program Analysis*] by Anders Møller and Michael I. Schwartzbach is an
+incredible, freely available textbook. For those who prefer audiovisual
+learning, the Goethe University Frankfurt has published a series of short
+[youtube lectures][goethe] that are very approachable.
+
+The following sections will discuss the framework used to define and inspect
+data-flow analyses in `rustc`. They assume that the reader is familiar with
+common data-flow ideas such as [lattices], fixpoint, and transfer functions.
+Any of the resources listed above should give you enough background to
+understand what comes next.
+
+[wiki]: https://en.wikipedia.org/wiki/Data-flow_analysis#Basic_principles
+[goethe]: https://www.youtube.com/watch?v=NVBQSR_HdL0&list=PL_sGR8T76Y58l3Gck3ZwIIHLWEmXrOLV_&index=2
+[lattices]: https://en.wikipedia.org/wiki/Lattice_(order)
+[*Static Program Analysis*]: https://cs.au.dk/~amoeller/spa/
+
+## Inspecting the Results of a Data-flow Analysis
+
+Before we describe how to define a new data-flow analysis, let's inspect the
+results of an existing one. Once you have constructed an analysis, you must
+pass it to an `Engine`, which is capable of finding the fixpoint of
+your data-flow problem. Calling `iterate_to_fixpoint` will return a `Results`,
+which contains the fixpoint upon entry of each block.
+
+Once you have a `Results`, you can can inspect the data-flow state at fixpoint
+at any point in the CFG. If you only need the state at a few locations (e.g.,
+each `Drop` terminator) use a [`ResultsCursor`]. If you need the state at *all*
+locations, a [`ResultsVisitor`] will be more efficient.
+
+```
+                         Analysis
+                            |
+                            | into_engine(…)
+                            |
+                          Engine
+                            |
+                            | iterate_to_fixpoint()
+                            |
+                         Results
+                         /     \
+ into_results_cursor(…) /       \  visit(…)
+                       /         \
+               ResultsCursor  ResultsVisitor
+```
+
+The following code example uses the `ResultsVisitor` method...
+
+
+```rust,ignore
+// Assuming `MyVisitor` implements `ResultsVisitor<FlowState = BitSet<MyAnalysis::Idx>>`...
+let my_visitor = MyVisitor::new();
+
+// inspect the fixpoint state for every location within every block in RPO.
+let results = MyAnalysis()
+    .into_engine(tcx, body, def_id)
+    .iterate_to_fixpoint()
+    .visit(body, traversal::reverse_postorder(body), my_visitor);
+```
+
+and this code uses `ResultsCursor`.
+
+```rust,ignore
+let mut results = MyAnalysis()
+    .into_engine(tcx, body, def_id)
+    .iterate_to_fixpoint()
+    .into_results_cursor(body);
+
+// Inspect the fixpoint state immediately before each `Drop` terminator.
+for (bb, block) in body.basic_blocks().iter_enumerated() {
+    if let TerminatorKind::Drop { .. } = block.terminator().kind {
+        results.seek_before(body.terminator_loc(bb));
+        let state = results.get();
+
+        println!("state before drop: {:#?}", state);
+    }
+}
+```
+
+[`ResultsCursor`]: #
+[`ResultsVisitor`]: #
+
+## Defining a New Data-flow Analysis
+
+### Domain
+
+A data-flow analysis has two defining characteristics. First is the domain upon
+which the analysis is defined, also known as the data-flow lattice. For
+example, the domain of the [`MaybeInitializedPlaces`] analysis is the set–or,
+more formally, the powerset lattice–of all move paths that are used in a
+function. For now, the MIR data-flow framework only supports analyses whose
+domain is the powerset lattice of some monotonic index, such as a `MovePathIndex`
+or a `Local`.
+
+The [`AnalysisDomain`] and [`BottomValue`] traits define the domain of a data-flow
+analysis. `BottomValue` determines the initial value of the data-flow state for
+each basic block, either the empty set (if `BOTTOM_VALUE = false`) or the full
+set (if `BOTTOM_VALUE = true`). This also specifies the default lattice join
+operator, union (if `BOTTOM_VALUE = false`) or intersection (if `BOTTOM_VALUE =
+true`). This is because the initial value of the entry state of each block is
+joined with the exit state of its predecessors. For example, if the initial
+value of the data-flow state is the empty set but intersection is used as the
+join operator, the entry state will never change since ∅ ∩ A = ∅ for all A.
+
+`AnalysisDomain` defines the index type that serves as the element of the
+data-flow state. It is also responsible for initalizing the data-flow state for
+the `START_BLOCK`. For example,
+`MaybeInitializedPlaces::initialize_start_block` marks move paths
+corresponding to the parameters of a function as initialized.
+
+[`MaybeInitializedPlaces`]: #
+[`BottomValue`]: #
+[`AnalysisDomain`]: #
+
+### Transfer Function
+
+The second characteristic of a data-flow analysis is its transfer function.
+This describes how the data-flow state changes as a program is executed. For
+the MIR, the transfer function of each basic block is comprised of the
+effects of each individual statement followed by the effect of the terminator.
+For example, in `MaybeInitializedPlaces`, the statement effect for an
+assignment marks its destination as initialized.
+
+A transfer function is defined for each statement and terminator via the
+`Analysis::effect` methods. When called in sequence, these comprise the
+transfer function for the entire basic block. Try to avoid using the
+`before` variants of the effect methods. Unlike the unprefixed variants, their
+effect on a given statement will be applied when `seek_before` is called with
+that statement as the target location. Instead, use `seek_after` or
+`visit_statement_exit` when inspecting the results.
+
+#### Gen-kill data-flow problems
+
+[Gen-kill] problems (also known as bit vector problems) are a certain class of
+data-flow analyses whose domain is a powerset lattice and whose transfer
+function only inserts or removes specific elements from the state vector. This
+class of analyses is guaranteed to converge quickly, since we can use more
+efficient approach when iterating to fixpoint. If your analysis can be defined
+using only `gen` and `kill` operations, it probably should be.
+
+[`GenKillAnalysis`] defines the transfer function for such analyses. Unlike the
+[`Analysis`] trait, which can mutate the state vector directly. A
+`GenKillAnalysis` only has access to a generic type that implements the
+[`GenKill`] interface.
+
+
+[`GenKillAnalysis`]: #
+[`Analysis`]: #
+[`GenKill`]: #
+[Gen-kill]: https://en.wikipedia.org/wiki/Data-flow_analysis#Bit_vector_problems