This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
bolt/
-
include/bolt/Core/
-
bolt/
-
Core/
-
BinaryFunction.h
-
Relocation.h
-
lib/
-
Core/
3/5
BinaryFunction.cpp
-
Relocation.cpp
-
Rewrite/
-
RewriteInstance.cpp
-
test/X86/
-
X86/
-
fptr-addend-pcrel.s

Differential D120379

[BOLT] Support PC-relative relocations with addends
ClosedPublic

Authored by maksfb on Feb 22 2022, 7:11 PM.

Download Raw Diff

Details

Reviewers

yota9
rafauler
Amir
ayermolo

Commits

rG4101aa130a82: [BOLT] Support PC-relative relocations with addends

Summary

PC-relative memory operand could reference a different object from
the one located at the target address, e.g. when a negative offset
is used. Check relocations for the real referenced object.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

maksfb requested review of this revision.Feb 22 2022, 7:11 PM

maksfb created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptFeb 22 2022, 7:11 PM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Harbormaster completed remote builds in B150976: Diff 410690.Feb 22 2022, 7:18 PM

Update comment.

Harbormaster completed remote builds in B150982: Diff 410698.Feb 22 2022, 8:05 PM

ayermolo added inline comments.Feb 23 2022, 10:24 AM

bolt/lib/Core/BinaryFunction.cpp
1359	I think I miss understand something. Why are we subtracting Addend from the Value of relocation? Isn't it S + A - P? Presumably Relocation.Vaue is the address of the Symbol?

maksfb added a comment.Feb 23 2022, 10:27 AM

This comment was removed by maksfb.

maksfb added inline comments.Feb 23 2022, 10:29 AM

bolt/lib/Core/BinaryFunction.cpp
1359	Value is what the expression S + A - P evaluates to.

ayermolo added inline comments.Feb 23 2022, 10:56 AM

bolt/lib/Core/BinaryFunction.cpp
1359	Ah, had it backwards in my mind.

LGTM

This revision is now accepted and ready to land.Feb 23 2022, 2:43 PM

yota9 added inline comments.Feb 23 2022, 3:12 PM

bolt/lib/Core/BinaryFunction.cpp
1401	Maybe move this code to smth like replaceMemOperandWithSymbolRef, that will use setOperandToSymbolRef ?

maksfb added inline comments.Feb 23 2022, 3:43 PM

bolt/lib/Core/BinaryFunction.cpp
1401	That's a reasonable suggestion. However, I'm in the process of refactoring the code to use `MCSymbolizer` that will render such effort wasteful. The new code will not be replacing the operand but generating the expression in-place.

Closed by commit rG4101aa130a82: [BOLT] Support PC-relative relocations with addends (authored by maksfb). · Explain WhyFeb 23 2022, 10:55 PM

This revision was automatically updated to reflect the committed changes.

maksfb added a commit: rG4101aa130a82: [BOLT] Support PC-relative relocations with addends.

Revision Contents

Path

Size

bolt/

include/

bolt/

Core/

BinaryFunction.h

5 lines

Relocation.h

2 lines

lib/

Core/

BinaryFunction.cpp

118 lines

Relocation.cpp

6 lines

Rewrite/

RewriteInstance.cpp

26 lines

test/

X86/

fptr-addend-pcrel.s

35 lines

Diff 411011

bolt/include/bolt/Core/BinaryFunction.h

Show First 20 Lines • Show All 1,293 Lines • ▼ Show 20 Lines	public:
void addRelocationX86(uint64_t Offset, MCSymbol *Symbol, uint64_t RelType,		void addRelocationX86(uint64_t Offset, MCSymbol *Symbol, uint64_t RelType,
uint64_t Addend, uint64_t Value) {		uint64_t Addend, uint64_t Value) {
switch (RelType) {		switch (RelType) {
case ELF::R_X86_64_8:		case ELF::R_X86_64_8:
case ELF::R_X86_64_16:		case ELF::R_X86_64_16:
case ELF::R_X86_64_32:		case ELF::R_X86_64_32:
case ELF::R_X86_64_32S:		case ELF::R_X86_64_32S:
case ELF::R_X86_64_64:		case ELF::R_X86_64_64:
		case ELF::R_X86_64_PC8:
		case ELF::R_X86_64_PC32:
		case ELF::R_X86_64_PC64:
Relocations[Offset] = Relocation{Offset, Symbol, RelType, Addend, Value};		Relocations[Offset] = Relocation{Offset, Symbol, RelType, Addend, Value};
return;		return;
case ELF::R_X86_64_PC32:
case ELF::R_X86_64_PC8:
case ELF::R_X86_64_PLT32:		case ELF::R_X86_64_PLT32:
case ELF::R_X86_64_GOTPCRELX:		case ELF::R_X86_64_GOTPCRELX:
case ELF::R_X86_64_REX_GOTPCRELX:		case ELF::R_X86_64_REX_GOTPCRELX:
case ELF::R_X86_64_GOTPCREL:		case ELF::R_X86_64_GOTPCREL:
case ELF::R_X86_64_TPOFF32:		case ELF::R_X86_64_TPOFF32:
case ELF::R_X86_64_GOTTPOFF:		case ELF::R_X86_64_GOTTPOFF:
return;		return;
default:		default:
▲ Show 20 Lines • Show All 1,143 Lines • Show Last 20 Lines

bolt/include/bolt/Core/Relocation.h

Show First 20 Lines • Show All 43 Lines • ▼ Show 20 Lines	struct Relocation {
/// The offset from the \p Symbol base used to compute the final		/// The offset from the \p Symbol base used to compute the final
/// value of this relocation.		/// value of this relocation.
uint64_t Addend;		uint64_t Addend;

/// The computed relocation value extracted from the binary file.		/// The computed relocation value extracted from the binary file.
/// Used to validate relocation correctness.		/// Used to validate relocation correctness.
uint64_t Value;		uint64_t Value;

/// Return size of the given relocation \p Type.		/// Return size in bytes of the given relocation \p Type.
static size_t getSizeForType(uint64_t Type);		static size_t getSizeForType(uint64_t Type);

/// Return size of this relocation.		/// Return size of this relocation.
size_t getSize() const { return getSizeForType(Type); }		size_t getSize() const { return getSizeForType(Type); }

/// Handle special cases when relocation should not be processed by bolt		/// Handle special cases when relocation should not be processed by bolt
static bool skipRelocationProcess(uint64_t Type, uint64_t Contents);		static bool skipRelocationProcess(uint64_t Type, uint64_t Contents);

▲ Show 20 Lines • Show All 73 Lines • Show Last 20 Lines

bolt/lib/Core/BinaryFunction.cpp

Show First 20 Lines • Show All 1,259 Lines • ▼ Show 20 Lines	if (MIB->hasEVEXEncoding(Instruction)) {
errs() << " in function " << *this << '\n';		errs() << " in function " << *this << '\n';
}		}

setIgnored();		setIgnored();
break;		break;
}		}
}		}

// Check if there's a relocation associated with this instruction.
bool UsedReloc = false;
for (auto Itr = Relocations.lower_bound(Offset),
ItrE = Relocations.lower_bound(Offset + Size);
Itr != ItrE; ++Itr) {
const Relocation &Relocation = Itr->second;

LLVM_DEBUG(dbgs() << "BOLT-DEBUG: replacing immediate 0x"
<< Twine::utohexstr(Relocation.Value)
<< " with relocation"
" against "
<< Relocation.Symbol << "+" << Relocation.Addend
<< " in function " << *this
<< " for instruction at offset 0x"
<< Twine::utohexstr(Offset) << '\n');

// Process reference to the primary symbol.
if (!Relocation.isPCRelative())
BC.handleAddressRef(Relocation.Value - Relocation.Addend, *this,
/IsPCRel/ false);

int64_t Value = Relocation.Value;
const bool Result = BC.MIB->replaceImmWithSymbolRef(
Instruction, Relocation.Symbol, Relocation.Addend, Ctx.get(), Value,
Relocation.Type);
(void)Result;
assert(Result && "cannot replace immediate with relocation");

// For aarch, if we replaced an immediate with a symbol from a
// relocation, we mark it so we do not try to further process a
// pc-relative operand. All we need is the symbol.
if (BC.isAArch64())
UsedReloc = true;

// Make sure we replaced the correct immediate (instruction
// can have multiple immediate operands).
if (BC.isX86()) {
assert(truncateToSize(static_cast<uint64_t>(Value),
Relocation::getSizeForType(Relocation.Type)) ==
truncateToSize(Relocation.Value, Relocation::getSizeForType(
Relocation.Type)) &&
"immediate value mismatch in function");
}
}

if (MIB->isBranch(Instruction) \|\| MIB->isCall(Instruction)) {		if (MIB->isBranch(Instruction) \|\| MIB->isCall(Instruction)) {
uint64_t TargetAddress = 0;		uint64_t TargetAddress = 0;
if (MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size,		if (MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size,
TargetAddress)) {		TargetAddress)) {
// Check if the target is within the same function. Otherwise it's		// Check if the target is within the same function. Otherwise it's
// a call, possibly a tail call.		// a call, possibly a tail call.
//		//
// If the target is the function address it could be either a branch		// If the target is the function address it could be either a branch
▲ Show 20 Lines • Show All 68 Lines • ▼ Show 20 Lines	if (MIB->isBranch(Instruction) \|\| MIB->isCall(Instruction)) {
handleIndirectBranch(Instruction, Size, Offset);		handleIndirectBranch(Instruction, Size, Offset);
// Indirect call. We only need to fix it if the operand is RIP-relative.		// Indirect call. We only need to fix it if the operand is RIP-relative.
if (IsSimple && MIB->hasPCRelOperand(Instruction))		if (IsSimple && MIB->hasPCRelOperand(Instruction))
handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size);		handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size);

if (BC.isAArch64())		if (BC.isAArch64())
handleAArch64IndirectCall(Instruction, Offset);		handleAArch64IndirectCall(Instruction, Offset);
}		}
} else if (MIB->hasPCRelOperand(Instruction) && !UsedReloc) {		} else {
		// Check if there's a relocation associated with this instruction.
		bool UsedReloc = false;
		for (auto Itr = Relocations.lower_bound(Offset),
		ItrE = Relocations.lower_bound(Offset + Size);
		Itr != ItrE; ++Itr) {
		const Relocation &Relocation = Itr->second;
		uint64_t SymbolValue = Relocation.Value - Relocation.Addend;
		ayermoloUnsubmitted Not Done Reply Inline Actions I think I miss understand something. Why are we subtracting Addend from the Value of relocation? Isn't it S + A - P? Presumably Relocation.Vaue is the address of the Symbol? ayermolo: I think I miss understand something. Why are we subtracting Addend from the Value of relocation?
		maksfbAuthorUnsubmitted Done Reply Inline Actions Value is what the expression S + A - P evaluates to. maksfb: Value is what the expression S + A - P evaluates to.
		ayermoloUnsubmitted Done Reply Inline Actions Ah, had it backwards in my mind. ayermolo: Ah, had it backwards in my mind.
		if (Relocation.isPCRelative())
		SymbolValue += getAddress() + Relocation.Offset;

		// Process reference to the symbol.
		if (BC.isX86())
		BC.handleAddressRef(SymbolValue, *this, Relocation.isPCRelative());

		if (BC.isAArch64() \|\| !Relocation.isPCRelative()) {
		int64_t Value = Relocation.Value;
		const bool Result = BC.MIB->replaceImmWithSymbolRef(
		Instruction, Relocation.Symbol, Relocation.Addend, Ctx.get(),
		Value, Relocation.Type);
		(void)Result;
		assert(Result && "cannot replace immediate with relocation");

		if (BC.isX86()) {
		// Make sure we replaced the correct immediate (instruction
		// can have multiple immediate operands).
		assert(
		truncateToSize(static_cast<uint64_t>(Value),
		Relocation::getSizeForType(Relocation.Type)) ==
		truncateToSize(Relocation.Value, Relocation::getSizeForType(
		Relocation.Type)) &&
		"immediate value mismatch in function");
		} else if (BC.isAArch64()) {
		// For aarch, if we replaced an immediate with a symbol from a
		// relocation, we mark it so we do not try to further process a
		// pc-relative operand. All we need is the symbol.
		UsedReloc = true;
		}
		} else {
		// Check if the relocation matches memop's Disp.
		uint64_t TargetAddress;
		if (!BC.MIB->evaluateMemOperandTarget(Instruction, TargetAddress,
		AbsoluteInstrAddr, Size)) {
		errs() << "BOLT-ERROR: PC-relative operand can't be evaluated\n";
		exit(1);
		}
		assert(TargetAddress == Relocation.Value + AbsoluteInstrAddr + Size &&
		"Immediate value mismatch detected.");

		const MCExpr *Expr = MCSymbolRefExpr::create(
		yota9Unsubmitted Not Done Reply Inline Actions Maybe move this code to smth like replaceMemOperandWithSymbolRef, that will use setOperandToSymbolRef ? yota9: Maybe move this code to smth like replaceMemOperandWithSymbolRef, that will use…
		maksfbAuthorUnsubmitted Done Reply Inline Actions That's a reasonable suggestion. However, I'm in the process of refactoring the code to use `MCSymbolizer` that will render such effort wasteful. The new code will not be replacing the operand but generating the expression in-place. maksfb: That's a reasonable suggestion. However, I'm in the process of refactoring the code to use…
		Relocation.Symbol, MCSymbolRefExpr::VK_None, *BC.Ctx);
		// Real addend for pc-relative targets is adjusted with a delta
		// from relocation placement to the next instruction.
		const uint64_t TargetAddend =
		Relocation.Addend + Offset + Size - Relocation.Offset;
		if (TargetAddend) {
		const MCConstantExpr *Offset =
		MCConstantExpr::create(TargetAddend, *BC.Ctx);
		Expr = MCBinaryExpr::createAdd(Expr, Offset, *BC.Ctx);
		}
		BC.MIB->replaceMemOperandDisp(
		Instruction, MCOperand::createExpr(BC.MIB->getTargetExprFor(
		Instruction, Expr, *BC.Ctx, 0)));
		UsedReloc = true;
		}
		}

		if (MIB->hasPCRelOperand(Instruction) && !UsedReloc)
handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size);		handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size);
}		}

add_instruction:		add_instruction:
if (getDWARFLineTable()) {		if (getDWARFLineTable()) {
Instruction.setLoc(findDebugLineInformationForInstructionAt(		Instruction.setLoc(findDebugLineInformationForInstructionAt(
AbsoluteInstrAddr, getDWARFUnit(), getDWARFLineTable()));		AbsoluteInstrAddr, getDWARFUnit(), getDWARFLineTable()));
}		}

▲ Show 20 Lines • Show All 153 Lines • ▼ Show 20 Lines	for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) {
}		}

// Create more relocations based on input file relocations.		// Create more relocations based on input file relocations.
bool HasRel = false;		bool HasRel = false;
for (auto Itr = Relocations.lower_bound(Offset),		for (auto Itr = Relocations.lower_bound(Offset),
ItrE = Relocations.lower_bound(Offset + Size);		ItrE = Relocations.lower_bound(Offset + Size);
Itr != ItrE; ++Itr) {		Itr != ItrE; ++Itr) {
Relocation &Relocation = Itr->second;		Relocation &Relocation = Itr->second;
		if (Relocation.isPCRelative() && BC.isX86())
		continue;
if (ignoreReference(Relocation.Symbol))		if (ignoreReference(Relocation.Symbol))
continue;		continue;

int64_t Value = Relocation.Value;		int64_t Value = Relocation.Value;
const bool Result = BC.MIB->replaceImmWithSymbolRef(		const bool Result = BC.MIB->replaceImmWithSymbolRef(
Instruction, Relocation.Symbol, Relocation.Addend,		Instruction, Relocation.Symbol, Relocation.Addend,
Emitter.LocalCtx.get(), Value, Relocation.Type);		Emitter.LocalCtx.get(), Value, Relocation.Type);
(void)Result;		(void)Result;
▲ Show 20 Lines • Show All 2,904 Lines • Show Last 20 Lines

bolt/lib/Core/Relocation.cpp

Show First 20 Lines • Show All 248 Lines • ▼ Show 20 Lines	case ELF::R_AARCH64_PREL32:
Value -= PC;		Value -= PC;
break;		break;
}		}
return Value;		return Value;
}		}

uint64_t extractValueX86(uint64_t Type, uint64_t Contents, uint64_t PC) {		uint64_t extractValueX86(uint64_t Type, uint64_t Contents, uint64_t PC) {
if (Type == ELF::R_X86_64_32S)		if (Type == ELF::R_X86_64_32S)
return SignExtend64<32>(Contents & 0xffffffff);		return SignExtend64<32>(Contents);
		if (Relocation::isPCRelative(Type))
		return SignExtend64(Contents, 8 * Relocation::getSizeForType(Type));
return Contents;		return Contents;
}		}

uint64_t extractValueAArch64(uint64_t Type, uint64_t Contents, uint64_t PC) {		uint64_t extractValueAArch64(uint64_t Type, uint64_t Contents, uint64_t PC) {
switch (Type) {		switch (Type) {
default:		default:
errs() << object::getELFRelocationTypeName(ELF::EM_AARCH64, Type) << '\n';		errs() << object::getELFRelocationTypeName(ELF::EM_AARCH64, Type) << '\n';
llvm_unreachable("unsupported relocation type");		llvm_unreachable("unsupported relocation type");
▲ Show 20 Lines • Show All 171 Lines • ▼ Show 20 Lines	bool isPCRelativeX86(uint64_t Type) {
case ELF::R_X86_64_8:		case ELF::R_X86_64_8:
case ELF::R_X86_64_TPOFF32:		case ELF::R_X86_64_TPOFF32:
return false;		return false;
case ELF::R_X86_64_PC8:		case ELF::R_X86_64_PC8:
case ELF::R_X86_64_PC32:		case ELF::R_X86_64_PC32:
case ELF::R_X86_64_PC64:		case ELF::R_X86_64_PC64:
case ELF::R_X86_64_GOTPCREL:		case ELF::R_X86_64_GOTPCREL:
case ELF::R_X86_64_PLT32:		case ELF::R_X86_64_PLT32:
		case ELF::R_X86_64_GOTOFF64:
		case ELF::R_X86_64_GOTPC32:
case ELF::R_X86_64_GOTTPOFF:		case ELF::R_X86_64_GOTTPOFF:
case ELF::R_X86_64_GOTPCRELX:		case ELF::R_X86_64_GOTPCRELX:
case ELF::R_X86_64_REX_GOTPCRELX:		case ELF::R_X86_64_REX_GOTPCRELX:
return true;		return true;
}		}
}		}

bool isPCRelativeAArch64(uint64_t Type) {		bool isPCRelativeAArch64(uint64_t Type) {
▲ Show 20 Lines • Show All 187 Lines • Show Last 20 Lines

bolt/lib/Rewrite/RewriteInstance.cpp

Show First 20 Lines • Show All 2,296 Lines • ▼ Show 20 Lines	if (IsFromCode) {
outs() << "BOLT-INFO: " << *ContainingBF		outs() << "BOLT-INFO: " << *ContainingBF
<< " has relocations in padding area\n";		<< " has relocations in padding area\n";
ContainingBF->setSize(ContainingBF->getMaxSize());		ContainingBF->setSize(ContainingBF->getMaxSize());
ContainingBF->setSimple(false);		ContainingBF->setSimple(false);
continue;		continue;
}		}
}		}

		MCSymbol *ReferencedSymbol = nullptr;
		if (!IsSectionRelocation) {
		if (BinaryData *BD = BC->getBinaryDataByName(SymbolName))
		ReferencedSymbol = BD->getSymbol();
		}

// PC-relative relocations from data to code are tricky since the original		// PC-relative relocations from data to code are tricky since the original
// information is typically lost after linking even with '--emit-relocs'.		// information is typically lost after linking even with '--emit-relocs'.
// They are normally used by PIC-style jump tables and reference both		// They are normally used by PIC-style jump tables and reference both
// the jump table and jump destination by computing the difference		// the jump table and jump destination by computing the difference
// between the two. If we blindly apply the relocation it will appear		// between the two. If we blindly apply the relocation it will appear
// that it references an arbitrary location in the code, possibly even		// that it references an arbitrary location in the code, possibly even
// in a different function from that containing the jump table.		// in a different function from that containing the jump table.
if (!IsAArch64 && Relocation::isPCRelative(RType)) {		if (!IsAArch64 && Relocation::isPCRelative(RType)) {
// Just register the fact that we have PC-relative relocation at a given		// For relocations against non-code sections, just register the fact that
// address. The actual referenced label/address cannot be determined		// we have a PC-relative relocation at a given address. The actual
// from linker data alone.		// referenced label/address cannot be determined from linker data alone.
if (!IsFromCode)		if (!IsFromCode)
BC->addPCRelativeDataRelocation(Rel.getOffset());		BC->addPCRelativeDataRelocation(Rel.getOffset());
		else if (!IsSectionRelocation && ReferencedSymbol)
		ContainingBF->addRelocation(Rel.getOffset(), ReferencedSymbol, RType,
		Addend, ExtractedValue);
		else
LLVM_DEBUG(		LLVM_DEBUG(
dbgs() << "BOLT-DEBUG: not creating PC-relative relocation at 0x"		dbgs() << "BOLT-DEBUG: not creating PC-relative relocation at 0x"
<< Twine::utohexstr(Rel.getOffset()) << " for " << SymbolName		<< Twine::utohexstr(Rel.getOffset()) << " for " << SymbolName
<< "\n");		<< "\n");
continue;		continue;
}		}

bool ForceRelocation = BC->forceSymbolRelocations(SymbolName);		bool ForceRelocation = BC->forceSymbolRelocations(SymbolName);
ErrorOr<BinarySection &> RefSection =		ErrorOr<BinarySection &> RefSection =
std::make_error_code(std::errc::bad_address);		std::make_error_code(std::errc::bad_address);
if (BC->isAArch64() && Relocation::isGOT(RType)) {		if (BC->isAArch64() && Relocation::isGOT(RType)) {
ForceRelocation = true;		ForceRelocation = true;
▲ Show 20 Lines • Show All 63 Lines • ▼ Show 20 Lines	if (IsToCode && ContainingBF && !Relocation::isPCRelative(RType) &&
"de-virtualization bug: -1 addend used with "		"de-virtualization bug: -1 addend used with "
"non-pc-relative relocation against function "		"non-pc-relative relocation against function "
<< RogueBF << " in function " << ContainingBF << '\n';		<< RogueBF << " in function " << ContainingBF << '\n';
continue;		continue;
}		}
}		}
}		}

MCSymbol *ReferencedSymbol = nullptr;
if (ForceRelocation) {		if (ForceRelocation) {
std::string Name = Relocation::isGOT(RType) ? "Zero" : SymbolName;		std::string Name = Relocation::isGOT(RType) ? "Zero" : SymbolName;
ReferencedSymbol = BC->registerNameAtAddress(Name, 0, 0, 0);		ReferencedSymbol = BC->registerNameAtAddress(Name, 0, 0, 0);
SymbolAddress = 0;		SymbolAddress = 0;
if (Relocation::isGOT(RType))		if (Relocation::isGOT(RType))
Addend = Address;		Addend = Address;
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: forcing relocation against symbol "		LLVM_DEBUG(dbgs() << "BOLT-DEBUG: forcing relocation against symbol "
<< SymbolName << " with addend " << Addend << '\n');		<< SymbolName << " with addend " << Addend << '\n');
▲ Show 20 Lines • Show All 3,002 Lines • Show Last 20 Lines

bolt/test/X86/fptr-addend-pcrel.s

This file was added.

				## Check that BOLT correctly recognizes pc-relative function pointer
				## reference with an addend.

				# REQUIRES: system-linux

				# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-linux %s -o %t.o
				# RUN: llvm-strip --strip-unneeded %t.o
				# RUN: ld.lld %t.o -o %t.exe -q
				# RUN: llvm-bolt %t.exe -relocs -o /dev/null -print-only=foo -print-disasm \
				# RUN: \| FileCheck %s

				.text
				.globl _start
				.type _start,@function
				_start:
				.cfi_startproc
				call foo
				retq
				.size main, .-main
				.cfi_endproc

				.globl foo
				.type foo,@function
				foo:
				.cfi_startproc

				leaq foo-1(%rip), %rax
				## Check that the instruction references foo with a negative addend,
				## not the previous function with a positive addend (_start+X).
				#
				# CHECK: leaq foo-1(%rip), %rax

				retq
				.size foo, .-foo
				.cfi_endproc