This is an archive of the discontinued LLVM Phabricator instance.

Differential D87780

[lld-macho] Export trie addresses should be relative to the image base
ClosedPublic

Authored by int3 on Sep 16 2020, 11:23 AM.

Details

Reviewers
smeenai
Group Reviewers
Restricted Project
Commits
rGabd70fb3983f: [lld-macho] Export trie addresses should be relative to the image base
Summary

We didn't notice this earlier this we were only testing the export trie
encoded in a dylib, whose image base starts at zero. But a regular
executable contains __PAGEZERO, which means it has a non-zero image
base. This bug was discovered after attempting to run some programs that
performed dlopen on an executable.

Diff Detail

Event Timeline

int3 created this revision.Sep 16 2020, 11:23 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 16 2020, 11:23 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
int3 requested review of this revision.Sep 16 2020, 11:23 AM
Harbormaster completed remote builds in B71909: Diff 292281.Sep 16 2020, 12:04 PM
int3 added a parent revision: D87856: [lld-macho] Support -bundle.Sep 17 2020, 3:51 PM
int3 added a child revision: D87803: [lld-macho] Ignore `-mllvm` and its argument.
smeenai accepted this revision.Sep 17 2020, 3:58 PM
smeenai added a subscriber: smeenai.

LGTM

lld/MachO/ExportTrie.h
36

Nit: do we need this initialization, given that setImageBase should always be called?

This revision is now accepted and ready to land.Sep 17 2020, 3:58 PM
int3 marked an inline comment as done.Sep 17 2020, 4:07 PM
int3 added inline comments.
lld/MachO/ExportTrie.h
36

I think it's good practice to zero-init fields that aren't initialized in the ctor. That way, if we forget to call setImageBase, we'll be more likely to get a deterministic error.

smeenai added inline comments.Sep 17 2020, 5:00 PM
lld/MachO/ExportTrie.h
36

The flip side is that any tools which detect uninitialized memory wouldn't catch the issue. It doesn't seem like either ASan or UBSan can actually catch the uninitialized access right now though, so that's a purely academic concern :)

This revision was landed with ongoing or failed builds.Sep 20 2020, 8:44 PM
Closed by commit rGabd70fb3983f: [lld-macho] Export trie addresses should be relative to the image base (authored by int3). · Explain Why
This revision was automatically updated to reflect the committed changes.
int3 marked an inline comment as done.
int3 added a commit: rGabd70fb3983f: [lld-macho] Export trie addresses should be relative to the image base.
smeenai added inline comments.Sep 21 2020, 11:55 AM
lld/MachO/ExportTrie.h
36

Ah, MSan is able to catch the uninitialized memory use, which is helpful.

Revision Contents

PathSize
lld/
MachO/
2 lines
5 lines
1 line
test/
MachO/
26 lines

Diff 293054

lld/MachO/ExportTrie.h

Show All 16 Lines
namespace lld { namespace lld {
namespace macho { namespace macho {
struct TrieNode; struct TrieNode;
class Symbol; class Symbol;
class TrieBuilder { class TrieBuilder {
public: public:
void setImageBase(uint64_t addr) { imageBase = addr; }
void addSymbol(const Symbol &sym) { exported.push_back(&sym); } void addSymbol(const Symbol &sym) { exported.push_back(&sym); }
// Returns the size in bytes of the serialized trie. // Returns the size in bytes of the serialized trie.
size_t build(); size_t build();
void writeTo(uint8_t *buf) const; void writeTo(uint8_t *buf) const;
private: private:
TrieNode *makeNode(); TrieNode *makeNode();
void sortAndBuild(llvm::MutableArrayRef<const Symbol *> vec, TrieNode *node, void sortAndBuild(llvm::MutableArrayRef<const Symbol *> vec, TrieNode *node,
size_t lastPos, size_t pos); size_t lastPos, size_t pos);
uint64_t imageBase = 0;
smeenaiUnsubmitted
Done
ReplyInline Actions

Nit: do we need this initialization, given that setImageBase should always be called?

smeenai: Nit: do we need this initialization, given that `setImageBase` should always be called?
int3AuthorUnsubmitted
Done
ReplyInline Actions

I think it's good practice to zero-init fields that aren't initialized in the ctor. That way, if we forget to call setImageBase, we'll be more likely to get a deterministic error.

int3: I think it's good practice to zero-init fields that aren't initialized in the ctor. That way…
smeenaiUnsubmitted
Not Done
ReplyInline Actions

The flip side is that any tools which detect uninitialized memory wouldn't catch the issue. It doesn't seem like either ASan or UBSan can actually catch the uninitialized access right now though, so that's a purely academic concern :)

smeenai: The flip side is that any tools which detect uninitialized memory wouldn't catch the issue. It…
smeenaiUnsubmitted
Not Done
ReplyInline Actions

Ah, MSan is able to catch the uninitialized memory use, which is helpful.

smeenai: Ah, MSan is able to catch the uninitialized memory use, which is helpful.
std::vector<const Symbol *> exported; std::vector<const Symbol *> exported;
std::vector<TrieNode *> nodes; std::vector<TrieNode *> nodes;
}; };
using TrieEntryCallback = using TrieEntryCallback =
llvm::function_ref<void(const llvm::Twine & /*name*/, uint64_t /*flags*/)>; llvm::function_ref<void(const llvm::Twine & /*name*/, uint64_t /*flags*/)>;
void parseTrie(const uint8_t *buf, size_t size, const TrieEntryCallback &); void parseTrie(const uint8_t *buf, size_t size, const TrieEntryCallback &);
} // namespace macho } // namespace macho
} // namespace lld } // namespace lld
#endif #endif

lld/MachO/ExportTrie.cpp

Show First 20 LinesShow All 54 Lines▼ Show 20 Linesstruct Edge {
StringRef substring; StringRef substring;
struct TrieNode *child; struct TrieNode *child;
}; };
struct ExportInfo { struct ExportInfo {
uint64_t address; uint64_t address;
uint8_t flags = 0; uint8_t flags = 0;
explicit ExportInfo(const Symbol &sym) : address(sym.getVA()) { ExportInfo(const Symbol &sym, uint64_t imageBase)
: address(sym.getVA() - imageBase) {
if (sym.isWeakDef()) if (sym.isWeakDef())
flags |= EXPORT_SYMBOL_FLAGS_WEAK_DEFINITION; flags |= EXPORT_SYMBOL_FLAGS_WEAK_DEFINITION;
if (sym.isTlv()) if (sym.isTlv())
flags |= EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL; flags |= EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL;
// TODO: Add proper support for re-exports & stub-and-resolver flags. // TODO: Add proper support for re-exports & stub-and-resolver flags.
} }
}; };
▲ Show 20 LinesShow All 122 Lines▼ Show 20 Lines if (lastPos != pos && (isTerminal || prefixesDiverge)) {
lastPos = pos; lastPos = pos;
} }
sortAndBuild(vec.slice(0, i), node, lastPos, pos); sortAndBuild(vec.slice(0, i), node, lastPos, pos);
sortAndBuild(vec.slice(j), node, lastPos, pos); sortAndBuild(vec.slice(j), node, lastPos, pos);
if (isTerminal) { if (isTerminal) {
assert(j - i == 1); // no duplicate symbols assert(j - i == 1); // no duplicate symbols
node->info = ExportInfo(*pivotSymbol); node->info = ExportInfo(*pivotSymbol, imageBase);
} else { } else {
// This is the tail-call-optimized version of the following: // This is the tail-call-optimized version of the following:
// sortAndBuild(vec.slice(i, j - i), node, lastPos, pos + 1); // sortAndBuild(vec.slice(i, j - i), node, lastPos, pos + 1);
vec = vec.slice(i, j - i); vec = vec.slice(i, j - i);
++pos; ++pos;
goto tailcall; goto tailcall;
} }
} }
▲ Show 20 LinesShow All 78 LinesShow Last 20 Lines

lld/MachO/SyntheticSections.cpp

Show First 20 LinesShow All 435 Lines▼ Show 20 Lines os << static_cast<uint8_t>(MachO::BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM)
<< static_cast<uint8_t>(MachO::BIND_OPCODE_DONE); << static_cast<uint8_t>(MachO::BIND_OPCODE_DONE);
return opstreamOffset; return opstreamOffset;
} }
ExportSection::ExportSection() ExportSection::ExportSection()
: LinkEditSection(segment_names::linkEdit, section_names::export_) {} : LinkEditSection(segment_names::linkEdit, section_names::export_) {}
void ExportSection::finalizeContents() { void ExportSection::finalizeContents() {
trieBuilder.setImageBase(in.header->addr);
// TODO: We should check symbol visibility. // TODO: We should check symbol visibility.
for (const Symbol *sym : symtab->getSymbols()) { for (const Symbol *sym : symtab->getSymbols()) {
if (const auto *defined = dyn_cast<Defined>(sym)) { if (const auto *defined = dyn_cast<Defined>(sym)) {
trieBuilder.addSymbol(*defined); trieBuilder.addSymbol(*defined);
hasWeakSymbol = hasWeakSymbol || sym->isWeakDef(); hasWeakSymbol = hasWeakSymbol || sym->isWeakDef();
} }
} }
size = trieBuilder.build(); size = trieBuilder.build();
▲ Show 20 LinesShow All 53 LinesShow Last 20 Lines

lld/test/MachO/export-trie.s

# REQUIRES: x86 # REQUIRES: x86
# RUN: llvm-mc -filetype=obj -triple=x86_64-apple-darwin %s -o %t.o # RUN: llvm-mc -filetype=obj -triple=x86_64-apple-darwin %s -o %t.o
# RUN: lld -flavor darwinnew -dylib %t.o -o %t.dylib
# RUN: llvm-objdump --syms --exports-trie %t.dylib | \ ## We are intentionally building an executable here instead of a dylib / bundle
# RUN: FileCheck %s --check-prefix=EXPORTS ## in order that the `__PAGEZERO` segment is present, which in turn means that
## the image base starts at a non-zero address. This allows us to verify that
## addresses in the export trie are correctly encoded as relative to the image
## base.
# RUN: lld -flavor darwinnew %t.o -o %t
# RUN: llvm-objdump --syms --exports-trie %t | FileCheck %s --check-prefix=EXPORTS
# EXPORTS-LABEL: SYMBOL TABLE: # EXPORTS-LABEL: SYMBOL TABLE:
# EXPORTS-DAG: [[#%x, MAIN_ADDR:]] {{.*}} _main
# EXPORTS-DAG: [[#%x, HELLO_ADDR:]] {{.*}} _hello # EXPORTS-DAG: [[#%x, HELLO_ADDR:]] {{.*}} _hello
# EXPORTS-DAG: [[#%x, HELLO_WORLD_ADDR:]] {{.*}} _hello_world # EXPORTS-DAG: [[#%x, HELLO_WORLD_ADDR:]] {{.*}} _hello_world
# EXPORTS-DAG: [[#%x, HELLO_ITS_ME_ADDR:]] {{.*}} _hello_its_me # EXPORTS-DAG: [[#%x, HELLO_ITS_ME_ADDR:]] {{.*}} _hello_its_me
# EXPORTS-DAG: [[#%x, HELLO_ITS_YOU_ADDR:]] {{.*}} _hello_its_you # EXPORTS-DAG: [[#%x, HELLO_ITS_YOU_ADDR:]] {{.*}} _hello_its_you
# EXPORTS-LABEL: Exports trie: # EXPORTS-LABEL: Exports trie:
# EXPORTS-DAG: 0x{{0*}}[[#%X, MAIN_ADDR]] _main
# EXPORTS-DAG: 0x{{0*}}[[#%X, HELLO_ADDR]] _hello # EXPORTS-DAG: 0x{{0*}}[[#%X, HELLO_ADDR]] _hello
# EXPORTS-DAG: 0x{{0*}}[[#%X, HELLO_WORLD_ADDR]] _hello_world # EXPORTS-DAG: 0x{{0*}}[[#%X, HELLO_WORLD_ADDR]] _hello_world
# EXPORTS-DAG: 0x{{0*}}[[#%x, HELLO_ITS_ME_ADDR:]] _hello_its_me # EXPORTS-DAG: 0x{{0*}}[[#%x, HELLO_ITS_ME_ADDR:]] _hello_its_me
# EXPORTS-DAG: 0x{{0*}}[[#%x, HELLO_ITS_YOU_ADDR:]] _hello_its_you # EXPORTS-DAG: 0x{{0*}}[[#%x, HELLO_ITS_YOU_ADDR:]] _hello_its_you
## Check that we are sharing prefixes in the trie. ## Check that we are sharing prefixes in the trie.
# RUN: obj2yaml %t.dylib | FileCheck %s # RUN: obj2yaml %t | FileCheck %s
# CHECK-LABEL: ExportTrie: # CHECK-LABEL: ExportTrie:
# CHECK: Name: '' # CHECK: Name: ''
# CHECK: Name: _hello # CHECK: Name: _
# CHECK: Name: main
# CHECK: Name: hello
# CHECK: Name: _ # CHECK: Name: _
# CHECK: Name: world # CHECK: Name: world
# CHECK: Name: its_ # CHECK: Name: its_
# CHECK: Name: me
# CHECK: Name: you # CHECK: Name: you
# CHECK: Name: me
.section __TEXT,__cstring .section __TEXT,__cstring
.globl _hello, _hello_world, _hello_its_me, _hello_its_you .globl _hello, _hello_world, _hello_its_me, _hello_its_you, _main
## Test for when an entire symbol name is a prefix of another. ## Test for when an entire symbol name is a prefix of another.
_hello: _hello:
.asciz "Hello!\n" .asciz "Hello!\n"
_hello_world: _hello_world:
.asciz "Hello world!\n" .asciz "Hello world!\n"
.data .data
_hello_its_me: _hello_its_me:
.asciz "Hello, it's me\n" .asciz "Hello, it's me\n"
_hello_its_you: _hello_its_you:
.asciz "Hello, it's you\n" .asciz "Hello, it's you\n"
_main:
ret