Add -goto_for_early_return transformation

Adds a new -goto_for_early_return CLI option that rewrites functions
containing early returns to use goto-based control flow. When enabled,
functions with non-tail return statements are transformed so that:

- A return variable (result) is declared at the top with a type-specific
  initializer (e.g. 0 for int32_t, 0U for uint32_t, NULL for pointers;
  omitted for void functions).
- Each return is replaced by an assignment to result followed by goto exit.
- The original body is wrapped in an inner compound to avoid VLA scope
  issues with goto.
- An exit label and final return result are appended at the end.

Fresh name generation avoids collisions with existing identifiers.

This is useful for targets that do not support early returns or where
goto-based control flow is preferred (e.g., certain embedded C dialects).

Changes:
- lib/C11.ml: Add Goto and Label constructors to the stmt type.
- lib/Options.ml: Add goto_for_early_return option.
- lib/GotoForEarlyReturn.ml: New pass implementing the transformation.
- lib/PrintC.ml: Print Goto and Label statements.
- src/Karamel.ml: Wire up CLI flag and pipeline integration.
- test/goto_return/: Diff-based regression test.
- test/Makefile: Add goto-return-test to all target.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: nikswamy

lib/C11.ml

@@ -139,6 +139,8 @@ and stmt =
   | Continue
   | Comment of string
     (** note: this is not in the C grammar *)
+  | Goto of ident
+  | Label of ident
 
 and program =
   declaration_or_function list

lib/GotoForEarlyReturn.ml

@@ -0,0 +1,234 @@
+(* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. *)
+(* Licensed under the Apache 2.0 and MIT Licenses. *)
+
+(** Transform functions with early returns to use goto. When activated via
+    -goto_for_early_return, any function whose body contains a return statement
+    in non-tail position is rewritten so that:
+    - a return variable is allocated at the top (for non-void functions),
+    - every return is replaced by an assignment + goto,
+    - a label and final return are appended at the end. *)
+
+module C = C11
+
+(* Collect all identifier names appearing in a statement tree (variable names,
+   declaration names, etc.) so we can pick fresh names that don't collide. *)
+let collect_names (s: C.stmt): (string, unit) Hashtbl.t =
+  let names = Hashtbl.create 32 in
+  let add n = Hashtbl.replace names n () in
+  let rec collect_expr (e: C.expr) =
+    match e with
+    | C.Name n -> add n
+    | C.Op1 (_, e) | C.Deref e | C.Address e | C.Cast (_, e)
+    | C.Sizeof e | C.MemberAccess (e, _) | C.MemberAccessPointer (e, _)
+    | C.InlineComment (_, e, _) -> collect_expr e
+    | C.Op2 (_, e1, e2) | C.Index (e1, e2) | C.Member (e1, e2)
+    | C.MemberP (e1, e2) | C.Assign (e1, e2) ->
+        collect_expr e1; collect_expr e2
+    | C.Call (e, es) -> collect_expr e; List.iter collect_expr es
+    | C.CompoundLiteral (_, inits) -> List.iter collect_init inits
+    | C.Stmt ss -> List.iter collect_stmt ss
+    | C.CxxInitializerList init -> collect_init init
+    | C.Constant _ | C.Literal _ | C.Bool _ | C.Type _ -> ()
+  and collect_init (i: C.init) =
+    match i with
+    | C.InitExpr e -> collect_expr e
+    | C.Designated (_, i) -> collect_init i
+    | C.Initializer is -> List.iter collect_init is
+  and collect_decl_ident (d: C.declarator) =
+    match d with
+    | C.Ident n -> add n
+    | C.Pointer (_, d) | C.Array (_, d, _) | C.Function (_, d, _) ->
+        collect_decl_ident d
+  and collect_stmt (s: C.stmt) =
+    match s with
+    | C.Compound ss -> List.iter collect_stmt ss
+    | C.Decl (_, _, _, _, _, dais) ->
+        List.iter (fun (d, _, init) ->
+          collect_decl_ident d;
+          Option.iter collect_init init) dais
+    | C.Expr e -> collect_expr e
+    | C.If (e, s) -> collect_expr e; collect_stmt s
+    | C.IfElse (e, s1, s2) -> collect_expr e; collect_stmt s1; collect_stmt s2
+    | C.While (e, s) -> collect_expr e; collect_stmt s
+    | C.For (doe, e1, e2, s) ->
+        (match doe with `Decl d -> collect_stmt (C.Decl d)
+          | `Expr e -> collect_expr e | `Skip -> ());
+        collect_expr e1; collect_expr e2; collect_stmt s
+    | C.Return (Some e) -> collect_expr e
+    | C.Return None | C.Break | C.Continue | C.Comment _ -> ()
+    | C.Switch (e, branches, default) ->
+        collect_expr e;
+        List.iter (fun (e, s) -> collect_expr e; collect_stmt s) branches;
+        collect_stmt default
+    | C.IfDef (_, ss1, elif_blocks, ss2) ->
+        List.iter collect_stmt ss1;
+        List.iter (fun (_, ss) -> List.iter collect_stmt ss) elif_blocks;
+        List.iter collect_stmt ss2
+    | C.Goto _ | C.Label _ -> ()
+  in
+  collect_stmt s;
+  names
+
+(* Count the total number of Return statements in a statement tree. *)
+let rec count_returns (s: C.stmt): int =
+  match s with
+  | C.Return _ -> 1
+  | C.Compound stmts -> List.fold_left (fun acc s -> acc + count_returns s) 0 stmts
+  | C.If (_, s) -> count_returns s
+  | C.IfElse (_, s1, s2) -> count_returns s1 + count_returns s2
+  | C.While (_, s) -> count_returns s
+  | C.For (_, _, _, s) -> count_returns s
+  | C.Switch (_, branches, default) ->
+      List.fold_left (fun acc (_, s) -> acc + count_returns s) (count_returns default) branches
+  | C.IfDef (_, ss1, elif_blocks, ss2) ->
+      List.fold_left (fun acc s -> acc + count_returns s) 0 ss1 +
+      List.fold_left (fun acc (_, ss) ->
+        List.fold_left (fun a s -> a + count_returns s) acc ss) 0 elif_blocks +
+      List.fold_left (fun acc s -> acc + count_returns s) 0 ss2
+  | _ -> 0
+
+(* A function has an early return if:
+   - it has multiple returns (at least one must be early), or
+   - it has a single return that is not the last statement of the outermost
+     compound. *)
+let has_early_return (body: C.stmt): bool =
+  match body with
+  | C.Compound stmts ->
+      let n = count_returns body in
+      if n >= 2 then
+        true
+      else if n = 1 then
+        begin match List.rev stmts with
+        | C.Return _ :: _ -> false
+        | _ -> true
+        end
+      else
+        false
+  | _ -> false
+
+(* Replace every Return in a statement tree with an assignment + goto. *)
+let rec rewrite_stmt (ret_var: string) (label: string) (is_void: bool) (s: C.stmt): C.stmt =
+  match s with
+  | C.Return (Some e) when not is_void ->
+      C.Compound [C.Expr (C.Assign (C.Name ret_var, e)); C.Goto label]
+  | C.Return None when is_void ->
+      C.Goto label
+  | C.Return None ->
+      (* non-void function with bare return; just goto *)
+      C.Goto label
+  | C.Return (Some e) ->
+      (* void function returning an expression (shouldn't happen, but be safe) *)
+      C.Compound [C.Expr e; C.Goto label]
+  | C.Compound stmts ->
+      C.Compound (List.map (rewrite_stmt ret_var label is_void) stmts)
+  | C.If (e, s) ->
+      C.If (e, rewrite_stmt ret_var label is_void s)
+  | C.IfElse (e, s1, s2) ->
+      C.IfElse (e,
+        rewrite_stmt ret_var label is_void s1,
+        rewrite_stmt ret_var label is_void s2)
+  | C.While (e, s) ->
+      C.While (e, rewrite_stmt ret_var label is_void s)
+  | C.For (d, e1, e2, s) ->
+      C.For (d, e1, e2, rewrite_stmt ret_var label is_void s)
+  | C.Switch (e, branches, default) ->
+      C.Switch (e,
+        List.map (fun (e, s) -> (e, rewrite_stmt ret_var label is_void s)) branches,
+        rewrite_stmt ret_var label is_void default)
+  | C.IfDef (e, ss1, elif_blocks, ss2) ->
+      C.IfDef (e,
+        List.map (rewrite_stmt ret_var label is_void) ss1,
+        List.map (fun (e, ss) -> (e, List.map (rewrite_stmt ret_var label is_void) ss)) elif_blocks,
+        List.map (rewrite_stmt ret_var label is_void) ss2)
+  | s -> s
+
+(* Extract the inner declarator from a function declarator (stripping
+   the Function wrapper) to get the return-type portion. *)
+let extract_return_declarator (d: C.declarator): C.declarator =
+  match d with
+  | C.Function (_, inner, _) -> inner
+  | _ -> d
+
+(* Replace the leaf identifier in a declarator with a new name. *)
+let rec replace_ident (new_name: string) (d: C.declarator): C.declarator =
+  match d with
+  | C.Ident _ -> C.Ident new_name
+  | C.Pointer (qs, d) -> C.Pointer (qs, replace_ident new_name d)
+  | C.Array (qs, d, e) -> C.Array (qs, replace_ident new_name d, e)
+  | C.Function (cc, d, ps) -> C.Function (cc, replace_ident new_name d, ps)
+
+(* Check if a function declaration has void return type. *)
+let is_void_return (spec: C.type_spec) (decl_and_inits: C.declarator_and_inits): bool =
+  match spec with
+  | C.Void ->
+      begin match decl_and_inits with
+      | [(C.Function (_, C.Ident _, _), _, _)] -> true
+      | _ -> false
+      end
+  | _ -> false
+
+(* Generate a type-specific zero initializer based on the return type.
+   For pointers: NULL; for integers: 0 with appropriate suffix; for
+   bool: false; for named/aggregate types: { 0 }. *)
+let zero_initializer (spec: C.type_spec) (ret_decl: C.declarator): C.init =
+  let rec is_pointer = function
+    | C.Pointer _ -> true
+    | C.Ident _ | C.Array _ | C.Function _ -> false
+  in
+  if is_pointer ret_decl then
+    C.InitExpr (C.Name "NULL")
+  else
+    match spec with
+    | C.Int Constant.Bool -> C.InitExpr (C.Bool false)
+    | C.Int w -> C.InitExpr (C.Constant (w, "0"))
+    (* KaRaMeL maps Bool to Named "bool" / Named "BOOLEAN" (microsoft) *)
+    | C.Named ("bool" | "BOOLEAN") -> C.InitExpr (C.Bool false)
+    | C.Void | C.Named _ | C.Struct _ | C.Union _ | C.Enum _ ->
+        C.Initializer [C.InitExpr (C.Constant (Constant.UInt8, "0"))]
+
+let no_extra: C.extra = { maybe_unused = false; target = None }
+
+(* Rewrite a single declaration_or_function if it has early returns. *)
+let rewrite_decl (d: C.declaration_or_function): C.declaration_or_function =
+  match d with
+  | C.Function (comments,
+      ((qs, spec, _inline, _stor, _extra, decl_and_inits) as decl),
+      body) when has_early_return body ->
+      let is_void = is_void_return spec decl_and_inits in
+      (* Pick fresh names that don't collide with any identifier in the body. *)
+      let used = collect_names body in
+      let is_used n = Hashtbl.mem used n in
+      let ret_var = Idents.mk_fresh "result" is_used in
+      let label = Idents.mk_fresh "exit" is_used in
+      let body_stmts = match body with
+        | C.Compound stmts -> stmts
+        | s -> [s]
+      in
+      let rewritten_stmts = List.map (rewrite_stmt ret_var label is_void) body_stmts in
+      let new_body =
+        if is_void then
+          (* void function: no return variable needed *)
+          C.Compound [
+            C.Compound rewritten_stmts;
+            C.Label label;
+            C.Return None
+          ]
+        else
+          (* non-void: declare return variable, wrap body, add label + return *)
+          let ret_decl_inner = extract_return_declarator (match decl_and_inits with
+            | [(d, _, _)] -> d
+            | _ -> failwith "unexpected declarator_and_inits") in
+          let ret_decl = replace_ident ret_var ret_decl_inner in
+          let init = zero_initializer spec ret_decl_inner in
+          C.Compound [
+            C.Decl (qs, spec, None, None, no_extra, [ret_decl, None, Some init]);
+            C.Compound rewritten_stmts;
+            C.Label label;
+            C.Return (Some (C.Name ret_var))
+          ]
+      in
+      C.Function (comments, decl, new_body)
+  | d -> d
+
+let rewrite_file (decls: C.declaration_or_function list): C.declaration_or_function list =
+  List.map rewrite_decl decls

lib/Options.ml

@@ -166,3 +166,5 @@ let allow_tapps = ref false
 (* Rust only: foo_bar_baz.fst gets emitted as foo/bar_baz.fst with depth=1 and
    foo/bar/baz.fst with depth = 2 (you get the idea). *)
 let depth = ref 1
+
+let goto_for_early_return = ref false

lib/PrintC.ml

@@ -493,6 +493,10 @@ and p_stmt (s: stmt) =
      string "break" ^^ semi
   | Continue ->
      string "continue" ^^ semi
+  | Goto label ->
+     group (string "goto" ^^ space ^^ string label ^^ semi)
+  | Label label ->
+     group (string label ^^ colon ^^ space ^^ semi)
 
 and p_stmts stmts = separate_map hardline p_stmt stmts
 

src/Karamel.ml

@@ -357,6 +357,9 @@ Supported options:|}
       one of the included system headers";
     "-faggressive-inlining", Arg.Set Options.aggressive_inlining, " attempt to inline \
       every variable for more compact code-generation";
+    "-goto_for_early_return", Arg.Set Options.goto_for_early_return, " replace early \
+      returns with assignments to a return variable and gotos to a label at the end \
+      of the function";
     "", Arg.Unit (fun _ -> ()), " ";
 
     (* For developers *)
@@ -818,6 +821,12 @@ Supported options:|}
     (* Bundles.debug_deps deps; *)
     let ml_files  = GenCtypes.mk_ocaml_bindings files c_name_map file_of_map in
     let files = CStarToC11.mk_files c_name_map files in
+    let files =
+      if !Options.goto_for_early_return then
+        List.map (fun (name, decls) -> name, GotoForEarlyReturn.rewrite_file decls) files
+      else
+        files
+    in
     let files = List.filter (fun (_, decls) -> List.length decls > 0) files in
     tick_print true "CStarToC";
 

test/Makefile

@@ -90,7 +90,7 @@ FSTAR		= $(FSTAR_EXE) \
   --trivial_pre_for_unannotated_effectful_fns false \
   --cmi --warn_error -274
 
-all: $(FILES) rust $(WASM_FILES) $(CUSTOM) ctypes-test sepcomp-test rust-val-test bundle-test rust-propererasure-bundle-test
+all: $(FILES) rust $(WASM_FILES) $(CUSTOM) ctypes-test sepcomp-test rust-val-test bundle-test rust-propererasure-bundle-test goto-return-test
 
 # Needs node
 wasm: $(WASM_FILES)
@@ -314,6 +314,10 @@ rust-propererasure-bundle-test:
 	+$(MAKE) -C rust-propererasure-bundle
 .PHONY: rust-propererasure-bundle-test
 
+goto-return-test:
+	+$(MAKE) -C goto_return
+.PHONY: goto-return-test
+
 CTYPES_HAND_WRITTEN_FILES=Client.ml Makefile
 
 .PHONY: $(LOWLEVEL_DIR)/Client.native