This is an archive of the discontinued LLVM Phabricator instance.

Differential D128474

[BOLT] Support multiple parents for split jump table
ClosedPublic

Authored by nhuhuan on Jun 23 2022, 3:41 PM.

Details

Reviewers
rafauler
Amir
maksfb
Commits
rG05523dc32d8c: [BOLT] Support multiple parents for split jump table
Summary

There are two assumptions regarding jump table:
(a) It is accessed by only one fragment, say, Parent
(b) All entries target instructions in Parent

For (a), BOLT stores jump table entries as relative offset to Parent.
For (b), BOLT treats jump table entries target somewhere out of Parent
as INVALID_OFFSET, including fragment of same split function.

In this update, we extend (a) and (b) to include fragment of same split
functinon. For (a), we store jump table entries in absolute offset
instead. In addition, jump table will store all fragments that access
it. A fragment uses this information to only create label for jump table
entries that target to that fragment.

For (b), using absolute offset allows jump table entries to target
fragments of same split function, i.e., extend support for split jump
table. This can be done using relocation (fragment start/size) and
fragment detection heuristics (e.g., using symbol name pattern for
non-stripped binaries).

For jump table targets that can only be reached by one fragment, we
mark them as local label; otherwise, they would be the secondary
function entry to the target fragment.

Test Plan

ninja check-bolt

Diff Detail

Event Timeline

nhuhuan created this revision.Jun 23 2022, 3:41 PM
Herald added a reviewer: rafauler. · View Herald TranscriptJun 23 2022, 3:41 PM
Herald added a reviewer: Amir. · View Herald Transcript
Herald added a reviewer: maksfb. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added a subscriber: ayermolo. · View Herald Transcript
nhuhuan requested review of this revision.Jun 23 2022, 3:41 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 23 2022, 3:41 PM
Herald added subscribers: llvm-commits, yota9. · View Herald Transcript
nhuhuan edited the summary of this revision. (Show Details)Jun 23 2022, 3:42 PM
Harbormaster completed remote builds in B171716: Diff 439552.Jun 23 2022, 3:48 PM
rafauler added inline comments.Jun 23 2022, 6:04 PM
bolt/lib/Core/BinaryContext.cpp
645–648

debug code should be guarded under the LLVM_DEBUG macro in the same way as line 625. This line was previously unguarded by mistake.

651–660

same

rafauler added a comment.Jun 23 2022, 6:15 PM

Do you have a testcase?

bolt/lib/Core/BinaryContext.cpp
704–705

outdated coment

Amir added inline comments.Jun 23 2022, 9:18 PM
bolt/lib/Core/BinaryContext.cpp
629–632

I think checking if the first parent is non-simple is fine, but a future-proof solution would be to check if any of parents is non-simple.

667

Let's add curly braces in if and else bodies

nhuhuan added inline comments.Jun 23 2022, 11:07 PM
bolt/lib/Core/BinaryContext.cpp
629–632

I also thought the same. There are two reasons why I keep it this way:
(a) Not sure about why we need this check.

Possibly the assumption is non-simple fragments are not be optimized, thus we
don't have to make best effort on analyzing it. So it boils down to the meaning of
non-simple. Maksim argues non-simple functions should have complete references,
just that we cannot construct a complete CFG.

(b) The previous calls to analyzeJumpTable and getOrCreateJumpTable already mark

all parents as "HasIndirectTargetToSplitFragment = true". I mistakenly thought that
was the same with all parents being non-simple.

The bottom line is that I will update following your feedbacks.

Amir added inline comments.Jun 23 2022, 11:29 PM
bolt/lib/Core/BinaryContext.cpp
629–632

I agree with your reasoning. Let's stick to keeping the check for now as it's a safe option, and remove it later separately.

nhuhuan added inline comments.Jun 23 2022, 11:29 PM
bolt/lib/Core/BinaryContext.cpp
727

There are two main types for FragmentsToSkip: (a) split jump table targets, (b) split landing pad targets.
Note that with our current code, we would need to call skipMarkedFragments() twice for (a) and (b). This
removal is to prepare for the next update where we only invoke skipMarkedFragments() once. To do that
we need to retain all FragmentsToSkip of both types.

nhuhuan added inline comments.Jun 23 2022, 11:52 PM
bolt/lib/Core/BinaryFunction.cpp
1704

This is a side note. BOLT made two assumptions:
a. Jump table entries are always unsigned int.
b. Jump table entries are arranged moving forward from Jump table base.

It's very often in real-world binaries to use movsl/movsx instead of movzl/movzx,
which seem to suggests against (a). But it is rare to see cases violate (b) from my
experience.

Now keeping (a), it is messy when OffsetEntries point to another fragment whose
appear prior to current function. It will be integer overflow, and this is inconsistent.

nhuhuan updated this revision to Diff 439643.Jun 24 2022, 12:07 AM

Address some feedbacks

Harbormaster completed remote builds in B171785: Diff 439643.Jun 24 2022, 12:08 AM
nhuhuan marked 5 inline comments as done.Jun 24 2022, 12:10 AM
nhuhuan added inline comments.
bolt/lib/Core/BinaryContext.cpp
704–705

Thanks. I removed UniqueFunctions because it is the same as FragmentsToSkip. Also updated the comment.

nhuhuan updated this revision to Diff 439649.Jun 24 2022, 12:12 AM
nhuhuan marked an inline comment as done.

Clang-formatted

Harbormaster completed remote builds in B171786: Diff 439649.Jun 24 2022, 12:12 AM
nhuhuan added a comment.Jun 24 2022, 12:17 AM
In D128474#3606727, @rafauler wrote:

Do you have a testcase?

I already created a test case for it: two parents access same jump table whose entries target both parents:
split-func-jump-table-fragment-bidirection.s

nhuhuan updated this revision to Diff 439652.Jun 24 2022, 12:20 AM

Clang-formatted

Harbormaster completed remote builds in B171789: Diff 439652.Jun 24 2022, 12:21 AM
nhuhuan updated this revision to Diff 439855.Jun 24 2022, 12:26 PM

Update test case: print-cfg to show all parents of a jump table

Harbormaster completed remote builds in B171919: Diff 439855.Jun 24 2022, 12:27 PM
nhuhuan updated this revision to Diff 439862.Jun 24 2022, 12:41 PM

Fix the printing message to include all parents of a jump table

Harbormaster completed remote builds in B171924: Diff 439862.Jun 24 2022, 12:41 PM
nhuhuan updated this revision to Diff 439868.Jun 24 2022, 12:56 PM

Rebase

Harbormaster completed remote builds in B171931: Diff 439868.Jun 24 2022, 1:03 PM
Amir added inline comments.Jun 24 2022, 1:27 PM
bolt/lib/Core/BinaryContext.cpp
643

Let's move the body under !Success into

LLVM_DEBUG({
  ...
});

block, except llvm_unreachable at the end

832–833

Please remove that print

bolt/test/X86/split-func-jump-table-fragment-bidirection.s
14
Amir added inline comments.Jun 24 2022, 1:55 PM
bolt/lib/Core/BinaryContext.cpp
629–632

idk how clang-format skipped this

rafauler added inline comments.Jun 24 2022, 4:47 PM
bolt/lib/Core/BinaryContext.cpp
787–788

Warnings are printed to errs() and not outs()

BOLT-INFO is output to outs(). If this information is just reporting something on the input binary, consider converting it to INFO instead of WARNING, specially if this is supported.

Amir added a child revision: D128561: [BOLT] Support split landing pad.Jun 24 2022, 4:49 PM
rafauler added a comment.Jun 24 2022, 5:01 PM

Thanks Huan for all the work put in this diff. I have a few more comments below.

bolt/include/bolt/Core/BinaryContext.h
239–242

Remove dead code

bolt/lib/Core/BinaryContext.cpp
493–496

I think it's a bit weird to keep calling this "Offsets", and "OffsetEntries" in JumpTable if we are not using offsets anymore, right? We are now using the full address in each entry. Perhaps we should rename this in JumpTable class? Something like "EntriesAsAddresses" in JumpTables.h:73 - 74 (and update comments there)

571

Same renaming here (my motivation here is why are we calling this an offset if this is not an offset anymore)

rafauler added inline comments.Jun 24 2022, 5:03 PM
bolt/include/bolt/Core/BinaryContext.h
239–242

Now I see it is used in the follow-up diff

nhuhuan added inline comments.Jun 24 2022, 5:26 PM
bolt/lib/Core/BinaryContext.cpp
571

Offset is a general term.
For PIC, it is the offset to the program start. Definitely not "absolute address".
For NoPIC, it is the offset to process's memory start.

nhuhuan marked 2 inline comments as done.Jun 24 2022, 5:27 PM
nhuhuan added inline comments.
bolt/include/bolt/Core/BinaryContext.h
239–242

Right. The follow-up diff depends on this diff.

nhuhuan updated this revision to Diff 440326.Jun 27 2022, 11:23 AM
nhuhuan marked an inline comment as done.

Address the feedbacks.

nhuhuan marked 7 inline comments as done.Jun 27 2022, 11:30 AM
Harbormaster completed remote builds in B172274: Diff 440326.Jun 27 2022, 11:49 AM
Amir added inline comments.Jun 27 2022, 3:57 PM
bolt/include/bolt/Core/BinaryContext.h
496
nhuhuan added inline comments.Jun 28 2022, 8:23 PM
bolt/lib/Core/BinaryFunction.cpp
1703

Using same variable name "EntryOffset" is completely wrong, and may potentially trigger memory over-use!

nhuhuan updated this revision to Diff 440839.Jun 28 2022, 8:58 PM

Update how jump table entries are generated. Allow buildCFG to operate
on non-simple fragments. Address feedbacks.

nhuhuan edited the summary of this revision. (Show Details)Jun 28 2022, 9:00 PM
Harbormaster completed remote builds in B172635: Diff 440839.Jun 28 2022, 9:05 PM
nhuhuan updated this revision to Diff 440840.Jun 28 2022, 9:06 PM
nhuhuan marked an inline comment as done.

Clang-formatted.

Harbormaster completed remote builds in B172636: Diff 440840.Jun 28 2022, 9:13 PM
Amir added a comment.Jun 28 2022, 11:46 PM

Looks good, with a couple of final nits.

bolt/lib/Core/BinaryContext.cpp
827

Please keep the verbosity here

bolt/lib/Core/BinaryFunction.cpp
1649

The variables must be upper-cased according to LLVM Style Guide: https://llvm.org/docs/CodingStandards.html#name-types-functions-variables-and-enumerators-properly

1650–1654
nhuhuan updated this revision to Diff 440875.Jun 29 2022, 12:06 AM

Address feedbacks.

nhuhuan marked 3 inline comments as done.Jun 29 2022, 12:07 AM
Amir accepted this revision.Jun 29 2022, 12:16 AM

LGTM

This revision is now accepted and ready to land.Jun 29 2022, 12:16 AM
Harbormaster completed remote builds in B172662: Diff 440875.Jun 29 2022, 12:27 AM
nhuhuan updated this revision to Diff 442131.Jul 4 2022, 11:53 AM

Fix bugs:
(a) missing builtin_unreachable jump table targets
(b) incorrect jump table duplication

Harbormaster completed remote builds in B173589: Diff 442131.Jul 4 2022, 12:15 PM
nhuhuan updated this revision to Diff 444433.Jul 13 2022, 3:13 PM

Rebase

Harbormaster completed remote builds in B175244: Diff 444433.Jul 13 2022, 3:20 PM
Closed by commit rG05523dc32d8c: [BOLT] Support multiple parents for split jump table (authored by nhuhuan). · Explain WhyJul 13 2022, 11:38 PM
This revision was automatically updated to reflect the committed changes.
nhuhuan added a commit: rG05523dc32d8c: [BOLT] Support multiple parents for split jump table.

Revision Contents

PathSize
bolt/
include/
bolt/
Core/
28 lines
19 lines
13 lines
lib/
Core/
151 lines
37 lines
18 lines
Passes/
9 lines
Rewrite/
10 lines
test/
X86/
34 lines
5 lines

Diff 444530

bolt/include/bolt/Core/BinaryContext.h

Show First 20 LinesShow All 194 Lines▼ Show 20 Linesclass BinaryContext {
std::unordered_set<uint64_t> DataPCRelocations; std::unordered_set<uint64_t> DataPCRelocations;
/// Used in duplicateJumpTable() to uniquely identify a JT clone /// Used in duplicateJumpTable() to uniquely identify a JT clone
/// Start our IDs with a high number so getJumpTableContainingAddress checks /// Start our IDs with a high number so getJumpTableContainingAddress checks
/// with size won't overflow /// with size won't overflow
uint32_t DuplicatedJumpTables{0x10000000}; uint32_t DuplicatedJumpTables{0x10000000};
/// Function fragments to skip. /// Function fragments to skip.
std::vector<BinaryFunction *> FragmentsToSkip; std::unordered_set<BinaryFunction *> FragmentsToSkip;
/// The runtime library. /// The runtime library.
std::unique_ptr<RuntimeLibrary> RtLibrary; std::unique_ptr<RuntimeLibrary> RtLibrary;
/// DWP Context. /// DWP Context.
std::shared_ptr<DWARFContext> DWPContext; std::shared_ptr<DWARFContext> DWPContext;
/// A map of DWO Ids to CUs. /// A map of DWO Ids to CUs.
Show All 19 Linespublic:
/// overwritten, but it is okay to re-generate debug info for them. /// overwritten, but it is okay to re-generate debug info for them.
std::set<const DWARFUnit *> ProcessedCUs; std::set<const DWARFUnit *> ProcessedCUs;
// Setup MCPlus target builder // Setup MCPlus target builder
void initializeTarget(std::unique_ptr<MCPlusBuilder> TargetBuilder) { void initializeTarget(std::unique_ptr<MCPlusBuilder> TargetBuilder) {
MIB = std::move(TargetBuilder); MIB = std::move(TargetBuilder);
} }
/// Return function fragments to skip.
const std::unordered_set<BinaryFunction *> &getFragmentsToSkip() {
return FragmentsToSkip;
}
rafaulerUnsubmitted
Done
ReplyInline Actions

Remove dead code

rafauler: Remove dead code
rafaulerUnsubmitted
Done
ReplyInline Actions

Now I see it is used in the follow-up diff

rafauler: Now I see it is used in the follow-up diff
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

Right. The follow-up diff depends on this diff.

nhuhuan: Right. The follow-up diff depends on this diff.
/// Add function fragment to skip
void addFragmentsToSkip(BinaryFunction *Function) {
FragmentsToSkip.insert(Function);
}
void clearFragmentsToSkip() { FragmentsToSkip.clear(); }
/// Given DWOId returns CU if it exists in DWOCUs. /// Given DWOId returns CU if it exists in DWOCUs.
Optional<DWARFUnit *> getDWOCU(uint64_t DWOId); Optional<DWARFUnit *> getDWOCU(uint64_t DWOId);
/// Returns DWOContext if it exists. /// Returns DWOContext if it exists.
DWARFContext *getDWOContext() const; DWARFContext *getDWOContext() const;
/// Get Number of DWOCUs in a map. /// Get Number of DWOCUs in a map.
uint32_t getNumDWOCUs() { return DWOCUs.size(); } uint32_t getNumDWOCUs() { return DWOCUs.size(); }
▲ Show 20 LinesShow All 224 Lines▼ Show 20 Linespublic:
/// Analyze a possible jump table of type \p Type at a given \p Address. /// Analyze a possible jump table of type \p Type at a given \p Address.
/// \p BF is a function referencing the jump table. /// \p BF is a function referencing the jump table.
/// Return true if the jump table was detected at \p Address, and false /// Return true if the jump table was detected at \p Address, and false
/// otherwise. /// otherwise.
/// ///
/// If \p NextJTAddress is different from zero, it is used as an upper /// If \p NextJTAddress is different from zero, it is used as an upper
/// bound for jump table memory layout. /// bound for jump table memory layout.
/// ///
/// Optionally, populate \p Offsets with jump table entries. The entries /// Optionally, populate \p Address from jump table entries. The entries
/// could be partially populated if the jump table detection fails. /// could be partially populated if the jump table detection fails.
bool analyzeJumpTable(const uint64_t Address, bool analyzeJumpTable(const uint64_t Address,
const JumpTable::JumpTableType Type, BinaryFunction &BF, const JumpTable::JumpTableType Type, BinaryFunction &BF,
const uint64_t NextJTAddress = 0, const uint64_t NextJTAddress = 0,
JumpTable::OffsetsType *Offsets = nullptr); JumpTable::AddressesType *EntriesAsAddress = nullptr);
AmirUnsubmitted
Done
ReplyInline Actions
const uint64_t NextJTAddress = 0,
- JumpTable::AddressesType *EtriesAsAddress = nullptr);
+ JumpTable::AddressesType *EntriesAsAddress = nullptr);
/// After jump table locations are established, this function will populate
Amir:
/// After jump table locations are established, this function will populate /// After jump table locations are established, this function will populate
/// their OffsetEntries based on memory contents. /// their EntriesAsAddress based on memory contents.
void populateJumpTables(); void populateJumpTables();
/// Returns a jump table ID and label pointing to the duplicated jump table. /// Returns a jump table ID and label pointing to the duplicated jump table.
/// Ordinarily, jump tables are identified by their address in the input /// Ordinarily, jump tables are identified by their address in the input
/// binary. We return an ID with the high bit set to differentiate it from /// binary. We return an ID with the high bit set to differentiate it from
/// regular addresses, avoiding conflicts with standard jump tables. /// regular addresses, avoiding conflicts with standard jump tables.
std::pair<uint64_t, const MCSymbol *> std::pair<uint64_t, const MCSymbol *>
duplicateJumpTable(BinaryFunction &Function, JumpTable *JT, duplicateJumpTable(BinaryFunction &Function, JumpTable *JT,
const MCSymbol *OldLabel); const MCSymbol *OldLabel);
/// Generate a unique name for jump table at a given \p Address belonging /// Generate a unique name for jump table at a given \p Address belonging
/// to function \p BF. /// to function \p BF.
std::string generateJumpTableName(const BinaryFunction &BF, uint64_t Address); std::string generateJumpTableName(const BinaryFunction &BF, uint64_t Address);
/// Free memory used by jump table offsets /// Free memory used by JumpTable's EntriesAsAddress
void clearJumpTableOffsets() { void clearJumpTableTempData() {
for (auto &JTI : JumpTables) { for (auto &JTI : JumpTables) {
JumpTable &JT = *JTI.second; JumpTable &JT = *JTI.second;
JumpTable::OffsetsType Temp; JumpTable::AddressesType Temp;
Temp.swap(JT.OffsetEntries); Temp.swap(JT.EntriesAsAddress);
} }
} }
/// Return true if the array of bytes represents a valid code padding. /// Return true if the array of bytes represents a valid code padding.
bool hasValidCodePadding(const BinaryFunction &BF); bool hasValidCodePadding(const BinaryFunction &BF);
/// Verify padding area between functions, and adjust max function size /// Verify padding area between functions, and adjust max function size
/// accordingly. /// accordingly.
void adjustCodePadding(); void adjustCodePadding();
▲ Show 20 LinesShow All 796 LinesShow Last 20 Lines

bolt/include/bolt/Core/BinaryFunction.h

Show First 20 LinesShow All 327 Lines▼ Show 20 Linesprivate:
/// Indicate that the function body has Pseudo Probe /// Indicate that the function body has Pseudo Probe
bool HasPseudoProbe{BC.getUniqueSectionByName(".pseudo_probe_desc") && bool HasPseudoProbe{BC.getUniqueSectionByName(".pseudo_probe_desc") &&
BC.getUniqueSectionByName(".pseudo_probe")}; BC.getUniqueSectionByName(".pseudo_probe")};
/// True if the original entry point was patched. /// True if the original entry point was patched.
bool IsPatched{false}; bool IsPatched{false};
/// True if the function contains jump table with entries pointing to /// True if the function contains explicit or implicit indirect branch to its
/// locations in fragments. /// split fragments, e.g., split jump table, landing pad in split fragment
bool HasSplitJumpTable{false}; bool HasIndirectTargetToSplitFragment{false};
/// True if there are no control-flow edges with successors in other functions /// True if there are no control-flow edges with successors in other functions
/// (i.e. if tail calls have edges to function-local basic blocks). /// (i.e. if tail calls have edges to function-local basic blocks).
/// Set to false by SCTC. Dynostats can't be reliably computed for /// Set to false by SCTC. Dynostats can't be reliably computed for
/// functions with non-canonical CFG. /// functions with non-canonical CFG.
/// This attribute is only valid when hasCFG() == true. /// This attribute is only valid when hasCFG() == true.
bool HasCanonicalCFG{true}; bool HasCanonicalCFG{true};
▲ Show 20 LinesShow All 1,085 Lines▼ Show 20 Linespublic:
/// Return true if the function should be ignored for optimization purposes. /// Return true if the function should be ignored for optimization purposes.
bool isIgnored() const { return IsIgnored; } bool isIgnored() const { return IsIgnored; }
/// Return true if the function should not be disassembled, emitted, or /// Return true if the function should not be disassembled, emitted, or
/// otherwise processed. /// otherwise processed.
bool isPseudo() const { return IsPseudo; } bool isPseudo() const { return IsPseudo; }
/// Return true if the function contains a jump table with entries pointing /// Return true if the function contains explicit or implicit indirect branch
/// to split fragments. /// to its split fragments, e.g., split jump table, landing pad in split
bool hasSplitJumpTable() const { return HasSplitJumpTable; } /// fragment.
bool hasIndirectTargetToSplitFragment() const {
return HasIndirectTargetToSplitFragment;
}
/// Return true if all CFG edges have local successors. /// Return true if all CFG edges have local successors.
bool hasCanonicalCFG() const { return HasCanonicalCFG; } bool hasCanonicalCFG() const { return HasCanonicalCFG; }
/// Return true if the original function code has all necessary relocations /// Return true if the original function code has all necessary relocations
/// to track addresses of functions emitted to new locations. /// to track addresses of functions emitted to new locations.
bool hasExternalRefRelocations() const { return HasExternalRefRelocations; } bool hasExternalRefRelocations() const { return HasExternalRefRelocations; }
▲ Show 20 LinesShow All 378 Lines▼ Show 20 Lines BinaryFunction &setHasProfileAvailable(bool V = true) {
return *this; return *this;
} }
/// Mark function that should not be emitted. /// Mark function that should not be emitted.
void setIgnored(); void setIgnored();
void setIsPatched(bool V) { IsPatched = V; } void setIsPatched(bool V) { IsPatched = V; }
void setHasSplitJumpTable(bool V) { HasSplitJumpTable = V; } void setHasIndirectTargetToSplitFragment(bool V) {
HasIndirectTargetToSplitFragment = V;
}
void setHasCanonicalCFG(bool V) { HasCanonicalCFG = V; } void setHasCanonicalCFG(bool V) { HasCanonicalCFG = V; }
void setFolded(BinaryFunction *BF) { FoldedIntoFunction = BF; } void setFolded(BinaryFunction *BF) { FoldedIntoFunction = BF; }
BinaryFunction &setPersonalityFunction(uint64_t Addr) { BinaryFunction &setPersonalityFunction(uint64_t Addr) {
assert(!PersonalityFunction && "can't set personality function twice"); assert(!PersonalityFunction && "can't set personality function twice");
PersonalityFunction = BC.getOrCreateGlobalSymbol(Addr, "FUNCat"); PersonalityFunction = BC.getOrCreateGlobalSymbol(Addr, "FUNCat");
▲ Show 20 LinesShow All 636 LinesShow Last 20 Lines

bolt/include/bolt/Core/JumpTable.h

Show First 20 LinesShow All 63 Lines▼ Show 20 Linespublic:
size_t OutputEntrySize; size_t OutputEntrySize;
/// The type of this jump table. /// The type of this jump table.
JumpTableType Type; JumpTableType Type;
/// All the entries as labels. /// All the entries as labels.
std::vector<MCSymbol *> Entries; std::vector<MCSymbol *> Entries;
/// All the entries as offsets into a function. Invalid after CFG is built. /// All the entries as absolute addresses. Invalid after disassembly is done.
using OffsetsType = std::vector<uint64_t>; using AddressesType = std::vector<uint64_t>;
OffsetsType OffsetEntries; AddressesType EntriesAsAddress;
/// Map <Offset> -> <Label> used for embedded jump tables. Label at 0 offset /// Map <Offset> -> <Label> used for embedded jump tables. Label at 0 offset
/// is the main label for the jump table. /// is the main label for the jump table.
using LabelMapType = std::map<unsigned, MCSymbol *>; using LabelMapType = std::map<unsigned, MCSymbol *>;
LabelMapType Labels; LabelMapType Labels;
/// Dynamic number of times each entry in the table was referenced. /// Dynamic number of times each entry in the table was referenced.
/// Identical entries will have a shared count (identical for every /// Identical entries will have a shared count (identical for every
/// entry in the set). /// entry in the set).
std::vector<JumpInfo> Counts; std::vector<JumpInfo> Counts;
/// Total number of times this jump table was used. /// Total number of times this jump table was used.
uint64_t Count{0}; uint64_t Count{0};
/// BinaryFunction this jump tables belongs to. /// BinaryFunction this jump tables belongs to.
BinaryFunction *Parent{nullptr}; SmallVector<BinaryFunction *, 1> Parents;
private: private:
/// Constructor should only be called by a BinaryContext. /// Constructor should only be called by a BinaryContext.
JumpTable(MCSymbol &Symbol, uint64_t Address, size_t EntrySize, JumpTable(MCSymbol &Symbol, uint64_t Address, size_t EntrySize,
JumpTableType Type, LabelMapType &&Labels, BinaryFunction &BF, JumpTableType Type, LabelMapType &&Labels, BinarySection &Section);
BinarySection &Section);
public: public:
/// Return the size of the jump table. /// Return the size of the jump table.
uint64_t getSize() const { uint64_t getSize() const {
return std::max(OffsetEntries.size(), Entries.size()) * EntrySize; return std::max(EntriesAsAddress.size(), Entries.size()) * EntrySize;
} }
const MCSymbol *getFirstLabel() const { const MCSymbol *getFirstLabel() const {
assert(Labels.count(0) != 0 && "labels must have an entry at 0"); assert(Labels.count(0) != 0 && "labels must have an entry at 0");
return Labels.find(0)->second; return Labels.find(0)->second;
} }
/// Get the indexes for symbol entries that correspond to the jump table /// Get the indexes for symbol entries that correspond to the jump table
Show All 21 Lines

bolt/lib/Core/BinaryContext.cpp

Show First 20 LinesShow All 484 Lines▼ Show 20 Lines for (StringRef Name : Parent.getNames()) {
std::string NamePrefix = Regex::escape(NameResolver::restore(Name)); std::string NamePrefix = Regex::escape(NameResolver::restore(Name));
std::string NameRegex = Twine(NamePrefix, "\\.cold(\\.[0-9]+)?").str(); std::string NameRegex = Twine(NamePrefix, "\\.cold(\\.[0-9]+)?").str();
if (Fragment.hasRestoredNameRegex(NameRegex)) if (Fragment.hasRestoredNameRegex(NameRegex))
return true; return true;
} }
return false; return false;
} }
bool BinaryContext::analyzeJumpTable(const uint64_t Address, bool BinaryContext::analyzeJumpTable(
const JumpTable::JumpTableType Type, const uint64_t Address, const JumpTable::JumpTableType Type,
BinaryFunction &BF, BinaryFunction &BF, const uint64_t NextJTAddress,
const uint64_t NextJTAddress, JumpTable::AddressesType *EntriesAsAddress) {
rafaulerUnsubmitted
Done
ReplyInline Actions

I think it's a bit weird to keep calling this "Offsets", and "OffsetEntries" in JumpTable if we are not using offsets anymore, right? We are now using the full address in each entry. Perhaps we should rename this in JumpTable class? Something like "EntriesAsAddresses" in JumpTables.h:73 - 74 (and update comments there)

rafauler: I think it's a bit weird to keep calling this "Offsets", and "OffsetEntries" in JumpTable if we…
JumpTable::OffsetsType *Offsets) {
// Is one of the targets __builtin_unreachable? // Is one of the targets __builtin_unreachable?
bool HasUnreachable = false; bool HasUnreachable = false;
// Number of targets other than __builtin_unreachable. // Number of targets other than __builtin_unreachable.
uint64_t NumRealEntries = 0; uint64_t NumRealEntries = 0;
constexpr uint64_t INVALID_OFFSET = std::numeric_limits<uint64_t>::max(); auto addEntryAddress = [&](uint64_t EntryAddress) {
auto addOffset = [&](uint64_t Offset) { if (EntriesAsAddress)
if (Offsets) EntriesAsAddress->emplace_back(EntryAddress);
Offsets->emplace_back(Offset);
}; };
auto doesBelongToFunction = [&](const uint64_t Addr, auto doesBelongToFunction = [&](const uint64_t Addr,
BinaryFunction *TargetBF) -> bool { BinaryFunction *TargetBF) -> bool {
if (BF.containsAddress(Addr)) if (BF.containsAddress(Addr))
return true; return true;
// Nothing to do if we failed to identify the containing function. // Nothing to do if we failed to identify the containing function.
if (!TargetBF) if (!TargetBF)
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Lines for (uint64_t EntryAddress = Address; EntryAddress <= UpperBound - EntrySize;
const uint64_t Value = const uint64_t Value =
(Type == JumpTable::JTT_PIC) (Type == JumpTable::JTT_PIC)
? Address + *getSignedValueAtAddress(EntryAddress, EntrySize) ? Address + *getSignedValueAtAddress(EntryAddress, EntrySize)
: *getPointerAtAddress(EntryAddress); : *getPointerAtAddress(EntryAddress);
// __builtin_unreachable() case. // __builtin_unreachable() case.
if (Value == BF.getAddress() + BF.getSize()) { if (Value == BF.getAddress() + BF.getSize()) {
addOffset(Value - BF.getAddress()); addEntryAddress(Value);
rafaulerUnsubmitted
Done
ReplyInline Actions

Same renaming here (my motivation here is why are we calling this an offset if this is not an offset anymore)

rafauler: Same renaming here (my motivation here is why are we calling this an offset if this is not an…
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

Offset is a general term.
For PIC, it is the offset to the program start. Definitely not "absolute address".
For NoPIC, it is the offset to process's memory start.

nhuhuan: Offset is a general term. For PIC, it is the offset to the program start. Definitely not…
HasUnreachable = true; HasUnreachable = true;
LLVM_DEBUG(dbgs() << "OK: __builtin_unreachable\n"); LLVM_DEBUG(dbgs() << "OK: __builtin_unreachable\n");
continue; continue;
} }
// Function or one of its fragments. // Function or one of its fragments.
BinaryFunction *TargetBF = getBinaryFunctionContainingAddress(Value); BinaryFunction *TargetBF = getBinaryFunctionContainingAddress(Value);
Show All 23 Lines for (uint64_t EntryAddress = Address; EntryAddress <= UpperBound - EntrySize;
if (TargetBF->getState() == BinaryFunction::State::Disassembled && if (TargetBF->getState() == BinaryFunction::State::Disassembled &&
!TargetBF->getInstructionAtOffset(Value - TargetBF->getAddress())) { !TargetBF->getInstructionAtOffset(Value - TargetBF->getAddress())) {
LLVM_DEBUG(dbgs() << "FAIL: no instruction at this offset\n"); LLVM_DEBUG(dbgs() << "FAIL: no instruction at this offset\n");
break; break;
} }
++NumRealEntries; ++NumRealEntries;
if (TargetBF == &BF) { if (TargetBF != &BF)
// Address inside the function. BF.setHasIndirectTargetToSplitFragment(true);
addOffset(Value - TargetBF->getAddress()); addEntryAddress(Value);
LLVM_DEBUG(dbgs() << "OK: real entry\n");
} else {
// Address in split fragment.
BF.setHasSplitJumpTable(true);
// Add invalid offset for proper identification of jump table size.
addOffset(INVALID_OFFSET);
LLVM_DEBUG(dbgs() << "OK: address in split fragment "
<< TargetBF->getPrintName() << '\n');
}
} }
// It's a jump table if the number of real entries is more than 1, or there's // It's a jump table if the number of real entries is more than 1, or there's
// one real entry and "unreachable" targets. If there are only multiple // one real entry and "unreachable" targets. If there are only multiple
// "unreachable" targets, then it's not a jump table. // "unreachable" targets, then it's not a jump table.
return NumRealEntries + HasUnreachable >= 2; return NumRealEntries + HasUnreachable >= 2;
} }
void BinaryContext::populateJumpTables() { void BinaryContext::populateJumpTables() {
LLVM_DEBUG(dbgs() << "DataPCRelocations: " << DataPCRelocations.size() LLVM_DEBUG(dbgs() << "DataPCRelocations: " << DataPCRelocations.size()
<< '\n'); << '\n');
for (auto JTI = JumpTables.begin(), JTE = JumpTables.end(); JTI != JTE; for (auto JTI = JumpTables.begin(), JTE = JumpTables.end(); JTI != JTE;
++JTI) { ++JTI) {
JumpTable *JT = JTI->second; JumpTable *JT = JTI->second;
BinaryFunction &BF = *JT->Parent;
if (!BF.isSimple()) bool NonSimpleParent = false;
for (BinaryFunction *BF : JT->Parents)
NonSimpleParent |= !BF->isSimple();
if (NonSimpleParent)
AmirUnsubmitted
Done
ReplyInline Actions

I think checking if the first parent is non-simple is fine, but a future-proof solution would be to check if any of parents is non-simple.

Amir: I think checking if the first parent is non-simple is fine, but a future-proof solution would…
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

I also thought the same. There are two reasons why I keep it this way:
(a) Not sure about why we need this check.

Possibly the assumption is non-simple fragments are not be optimized, thus we
don't have to make best effort on analyzing it. So it boils down to the meaning of
non-simple. Maksim argues non-simple functions should have complete references,
just that we cannot construct a complete CFG.

(b) The previous calls to analyzeJumpTable and getOrCreateJumpTable already mark

all parents as "HasIndirectTargetToSplitFragment = true". I mistakenly thought that
was the same with all parents being non-simple.

The bottom line is that I will update following your feedbacks.

nhuhuan: I also thought the same. There are two reasons why I keep it this way: (a) Not sure about why…
AmirUnsubmitted
Done
ReplyInline Actions

I agree with your reasoning. Let's stick to keeping the check for now as it's a safe option, and remove it later separately.

Amir: I agree with your reasoning. Let's stick to keeping the check for now as it's a safe option…
AmirUnsubmitted
Done
ReplyInline Actions
JumpTable *JT = JTI->second;
- bool nonSimpleParent = false;
+ bool NonSimpleParent = false;
for (BinaryFunction *BF : JT->Parents)

idk how clang-format skipped this

Amir: idk how clang-format skipped this
continue; continue;
uint64_t NextJTAddress = 0; uint64_t NextJTAddress = 0;
auto NextJTI = std::next(JTI); auto NextJTI = std::next(JTI);
if (NextJTI != JTE) if (NextJTI != JTE)
NextJTAddress = NextJTI->second->getAddress(); NextJTAddress = NextJTI->second->getAddress();
const bool Success = analyzeJumpTable(JT->getAddress(), JT->Type, BF, const bool Success =
NextJTAddress, &JT->OffsetEntries); analyzeJumpTable(JT->getAddress(), JT->Type, *(JT->Parents[0]),
NextJTAddress, &JT->EntriesAsAddress);
if (!Success) { if (!Success) {
AmirUnsubmitted
Done
ReplyInline Actions

Let's move the body under !Success into

LLVM_DEBUG({
  ...
});

block, except llvm_unreachable at the end

Amir: Let's move the body under !Success into ```LLVM_DEBUG({ ... });``` block, except…
dbgs() << "failed to analyze jump table in function " << BF << '\n'; LLVM_DEBUG(ListSeparator LS;
dbgs() << "failed to analyze jump table in function ";
for (BinaryFunction *Frag
: JT->Parents) dbgs()
<< LS << *Frag;
rafaulerUnsubmitted
Done
ReplyInline Actions

debug code should be guarded under the LLVM_DEBUG macro in the same way as line 625. This line was previously unguarded by mistake.

rafauler: debug code should be guarded under the LLVM_DEBUG macro in the same way as line 625. This line…
dbgs() << '\n';);
JT->print(dbgs()); JT->print(dbgs());
if (NextJTI != JTE) { if (NextJTI != JTE) {
LLVM_DEBUG(ListSeparator LS;
dbgs() << "next jump table at 0x" dbgs() << "next jump table at 0x"
<< Twine::utohexstr(NextJTI->second->getAddress()) << Twine::utohexstr(NextJTI->second->getAddress())
<< " belongs to function " << *NextJTI->second->Parent << '\n'; << " belongs to function ";
for (BinaryFunction *Frag
: NextJTI->second->Parents) dbgs()
<< LS << *Frag;
dbgs() << "\n";);
NextJTI->second->print(dbgs()); NextJTI->second->print(dbgs());
rafaulerUnsubmitted
Done
ReplyInline Actions

same

rafauler: same
} }
llvm_unreachable("jump table heuristic failure"); llvm_unreachable("jump table heuristic failure");
} }
for (BinaryFunction *Frag : JT->Parents) {
for (uint64_t EntryOffset : JT->OffsetEntries) { for (uint64_t EntryAddress : JT->EntriesAsAddress)
if (EntryOffset == BF.getSize()) // if target is builtin_unreachable
BF.IgnoredBranches.emplace_back(EntryOffset, BF.getSize()); if (EntryAddress == Frag->getAddress() + Frag->getSize()) {
AmirUnsubmitted
Done
ReplyInline Actions

Let's add curly braces in if and else bodies

Amir: Let's add curly braces in if and else bodies
else Frag->IgnoredBranches.emplace_back(EntryAddress - Frag->getAddress(),
BF.registerReferencedOffset(EntryOffset); Frag->getSize());
} else if (EntryAddress >= Frag->getAddress() &&
EntryAddress < Frag->getAddress() + Frag->getSize()) {
Frag->registerReferencedOffset(EntryAddress - Frag->getAddress());
}
} }
// In strict mode, erase PC-relative relocation record. Later we check that // In strict mode, erase PC-relative relocation record. Later we check that
// all such records are erased and thus have been accounted for. // all such records are erased and thus have been accounted for.
if (opts::StrictMode && JT->Type == JumpTable::JTT_PIC) { if (opts::StrictMode && JT->Type == JumpTable::JTT_PIC) {
for (uint64_t Address = JT->getAddress(); for (uint64_t Address = JT->getAddress();
Address < JT->getAddress() + JT->getSize(); Address < JT->getAddress() + JT->getSize();
Address += JT->EntrySize) { Address += JT->EntrySize) {
DataPCRelocations.erase(DataPCRelocations.find(Address)); DataPCRelocations.erase(DataPCRelocations.find(Address));
} }
} }
// Mark to skip the function and all its fragments. // Mark to skip the function and all its fragments.
if (BF.hasSplitJumpTable()) for (BinaryFunction *Frag : JT->Parents)
FragmentsToSkip.push_back(&BF); if (Frag->hasIndirectTargetToSplitFragment())
addFragmentsToSkip(Frag);
} }
if (opts::StrictMode && DataPCRelocations.size()) { if (opts::StrictMode && DataPCRelocations.size()) {
LLVM_DEBUG({ LLVM_DEBUG({
dbgs() << DataPCRelocations.size() dbgs() << DataPCRelocations.size()
<< " unclaimed PC-relative relocations left in data:\n"; << " unclaimed PC-relative relocations left in data:\n";
for (uint64_t Reloc : DataPCRelocations) for (uint64_t Reloc : DataPCRelocations)
dbgs() << Twine::utohexstr(Reloc) << '\n'; dbgs() << Twine::utohexstr(Reloc) << '\n';
}); });
assert(0 && "unclaimed PC-relative relocations left in data\n"); assert(0 && "unclaimed PC-relative relocations left in data\n");
} }
clearList(DataPCRelocations); clearList(DataPCRelocations);
} }
void BinaryContext::skipMarkedFragments() { void BinaryContext::skipMarkedFragments() {
// Unique functions in the vector. std::vector<BinaryFunction *> FragmentQueue;
rafaulerUnsubmitted
Done
ReplyInline Actions

outdated coment

rafauler: outdated coment
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

Thanks. I removed UniqueFunctions because it is the same as FragmentsToSkip. Also updated the comment.

nhuhuan: Thanks. I removed UniqueFunctions because it is the same as FragmentsToSkip. Also updated the…
std::unordered_set<BinaryFunction *> UniqueFunctions(FragmentsToSkip.begin(), // Copy the functions to FragmentQueue.
FragmentsToSkip.end()); FragmentQueue.assign(FragmentsToSkip.begin(), FragmentsToSkip.end());
// Copy the functions back to FragmentsToSkip.
FragmentsToSkip.assign(UniqueFunctions.begin(), UniqueFunctions.end());
auto addToWorklist = [&](BinaryFunction *Function) -> void { auto addToWorklist = [&](BinaryFunction *Function) -> void {
if (UniqueFunctions.count(Function)) if (FragmentsToSkip.count(Function))
return; return;
FragmentsToSkip.push_back(Function); FragmentQueue.push_back(Function);
UniqueFunctions.insert(Function); addFragmentsToSkip(Function);
}; };
// Functions containing split jump tables need to be skipped with all // Functions containing split jump tables need to be skipped with all
// fragments (transitively). // fragments (transitively).
for (size_t I = 0; I != FragmentsToSkip.size(); I++) { for (size_t I = 0; I != FragmentQueue.size(); I++) {
BinaryFunction *BF = FragmentsToSkip[I]; BinaryFunction *BF = FragmentQueue[I];
assert(UniqueFunctions.count(BF) && assert(FragmentsToSkip.count(BF) &&
"internal error in traversing function fragments"); "internal error in traversing function fragments");
if (opts::Verbosity >= 1) if (opts::Verbosity >= 1)
errs() << "BOLT-WARNING: Ignoring " << BF->getPrintName() << '\n'; errs() << "BOLT-WARNING: Ignoring " << BF->getPrintName() << '\n';
BF->setSimple(false); BF->setSimple(false);
BF->setHasSplitJumpTable(true); BF->setHasIndirectTargetToSplitFragment(true);
llvm::for_each(BF->Fragments, addToWorklist); llvm::for_each(BF->Fragments, addToWorklist);
llvm::for_each(BF->ParentFragments, addToWorklist); llvm::for_each(BF->ParentFragments, addToWorklist);
} }
if (!FragmentsToSkip.empty()) if (!FragmentsToSkip.empty())
errs() << "BOLT-WARNING: skipped " << FragmentsToSkip.size() << " function" errs() << "BOLT-WARNING: skipped " << FragmentsToSkip.size() << " function"
<< (FragmentsToSkip.size() == 1 ? "" : "s") << (FragmentsToSkip.size() == 1 ? "" : "s")
<< " due to cold fragments\n"; << " due to cold fragments\n";
FragmentsToSkip.clear();
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

There are two main types for FragmentsToSkip: (a) split jump table targets, (b) split landing pad targets.
Note that with our current code, we would need to call skipMarkedFragments() twice for (a) and (b). This
removal is to prepare for the next update where we only invoke skipMarkedFragments() once. To do that
we need to retain all FragmentsToSkip of both types.

nhuhuan: There are two main types for FragmentsToSkip: (a) split jump table targets, (b) split landing…
} }
MCSymbol *BinaryContext::getOrCreateGlobalSymbol(uint64_t Address, Twine Prefix, MCSymbol *BinaryContext::getOrCreateGlobalSymbol(uint64_t Address, Twine Prefix,
uint64_t Size, uint64_t Size,
uint16_t Alignment, uint16_t Alignment,
unsigned Flags) { unsigned Flags) {
auto Itr = BinaryDataMap.find(Address); auto Itr = BinaryDataMap.find(Address);
if (Itr != BinaryDataMap.end()) { if (Itr != BinaryDataMap.end()) {
Show All 25 Lines
const MCSymbol * const MCSymbol *
BinaryContext::getOrCreateJumpTable(BinaryFunction &Function, uint64_t Address, BinaryContext::getOrCreateJumpTable(BinaryFunction &Function, uint64_t Address,
JumpTable::JumpTableType Type) { JumpTable::JumpTableType Type) {
auto isFragmentOf = [](BinaryFunction *Fragment, BinaryFunction *Parent) { auto isFragmentOf = [](BinaryFunction *Fragment, BinaryFunction *Parent) {
return (Fragment->isFragment() && Fragment->isParentFragment(Parent)); return (Fragment->isFragment() && Fragment->isParentFragment(Parent));
}; };
// Two fragments of same function access same jump table
if (JumpTable *JT = getJumpTableContainingAddress(Address)) { if (JumpTable *JT = getJumpTableContainingAddress(Address)) {
assert(JT->Type == Type && "jump table types have to match"); assert(JT->Type == Type && "jump table types have to match");
bool HasMultipleParents = isFragmentOf(JT->Parent, &Function) ||
isFragmentOf(&Function, JT->Parent);
assert((JT->Parent == &Function || HasMultipleParents) &&
"cannot re-use jump table of a different function");
assert(Address == JT->getAddress() && "unexpected non-empty jump table"); assert(Address == JT->getAddress() && "unexpected non-empty jump table");
// Flush OffsetEntries with INVALID_OFFSET if multiple parents // Prevent associating a jump table to a specific fragment twice.
// This simple check arises from the assumption: no more than 2 fragments.
if (JT->Parents.size() == 1 && JT->Parents[0] != &Function) {
bool SameFunction = isFragmentOf(JT->Parents[0], &Function) ||
isFragmentOf(&Function, JT->Parents[0]);
assert(SameFunction &&
"cannot re-use jump table of a different function");
// Duplicate the entry for the parent function for easy access // Duplicate the entry for the parent function for easy access
if (HasMultipleParents) { JT->Parents.push_back(&Function);
if (opts::Verbosity > 2) { if (opts::Verbosity > 2) {
outs() << "BOLT-WARNING: Multiple fragments access same jump table: " outs() << "BOLT-INFO: Multiple fragments access same jump table: "
rafaulerUnsubmitted
Done
ReplyInline Actions

Warnings are printed to errs() and not outs()

BOLT-INFO is output to outs(). If this information is just reporting something on the input binary, consider converting it to INFO instead of WARNING, specially if this is supported.

rafauler: Warnings are printed to errs() and not outs() BOLT-INFO is output to outs(). If this…
<< JT->Parent->getPrintName() << "; " << Function.getPrintName() << JT->Parents[0]->getPrintName() << "; "
<< "\n"; << Function.getPrintName() << "\n";
} JT->print(outs());
constexpr uint64_t INVALID_OFFSET = std::numeric_limits<uint64_t>::max(); }
for (unsigned I = 0; I < JT->OffsetEntries.size(); ++I)
JT->OffsetEntries[I] = INVALID_OFFSET;
Function.JumpTables.emplace(Address, JT); Function.JumpTables.emplace(Address, JT);
JT->Parents[0]->setHasIndirectTargetToSplitFragment(true);
JT->Parents[1]->setHasIndirectTargetToSplitFragment(true);
} }
bool IsJumpTableParent = false;
for (BinaryFunction *Frag : JT->Parents)
if (Frag == &Function)
IsJumpTableParent = true;
assert(IsJumpTableParent &&
"cannot re-use jump table of a different function");
return JT->getFirstLabel(); return JT->getFirstLabel();
} }
// Re-use the existing symbol if possible. // Re-use the existing symbol if possible.
MCSymbol *JTLabel = nullptr; MCSymbol *JTLabel = nullptr;
if (BinaryData *Object = getBinaryDataAtAddress(Address)) { if (BinaryData *Object = getBinaryDataAtAddress(Address)) {
if (!isInternalSymbolName(Object->getSymbol()->getName())) if (!isInternalSymbolName(Object->getSymbol()->getName()))
JTLabel = Object->getSymbol(); JTLabel = Object->getSymbol();
} }
const uint64_t EntrySize = getJumpTableEntrySize(Type); const uint64_t EntrySize = getJumpTableEntrySize(Type);
if (!JTLabel) { if (!JTLabel) {
const std::string JumpTableName = generateJumpTableName(Function, Address); const std::string JumpTableName = generateJumpTableName(Function, Address);
JTLabel = registerNameAtAddress(JumpTableName, Address, 0, EntrySize); JTLabel = registerNameAtAddress(JumpTableName, Address, 0, EntrySize);
} }
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: creating jump table " << JTLabel->getName() LLVM_DEBUG(dbgs() << "BOLT-DEBUG: creating jump table " << JTLabel->getName()
<< " in function " << Function << '\n'); << " in function " << Function << '\n');
JumpTable *JT = new JumpTable(*JTLabel, Address, EntrySize, Type, JumpTable *JT = new JumpTable(*JTLabel, Address, EntrySize, Type,
JumpTable::LabelMapType{{0, JTLabel}}, Function, JumpTable::LabelMapType{{0, JTLabel}},
*getSectionForAddress(Address)); *getSectionForAddress(Address));
JT->Parents.push_back(&Function);
if (opts::Verbosity > 2)
AmirUnsubmitted
Done
ReplyInline Actions

Please keep the verbosity here

Amir: Please keep the verbosity here
JT->print(outs());
JumpTables.emplace(Address, JT); JumpTables.emplace(Address, JT);
// Duplicate the entry for the parent function for easy access. // Duplicate the entry for the parent function for easy access.
Function.JumpTables.emplace(Address, JT); Function.JumpTables.emplace(Address, JT);
return JTLabel; return JTLabel;
AmirUnsubmitted
Done
ReplyInline Actions
Function.JumpTables.emplace(Address, JT);
- JT->print(outs());
+
return JTLabel;

Please remove that print

Amir: Please remove that print
} }
std::pair<uint64_t, const MCSymbol *> std::pair<uint64_t, const MCSymbol *>
BinaryContext::duplicateJumpTable(BinaryFunction &Function, JumpTable *JT, BinaryContext::duplicateJumpTable(BinaryFunction &Function, JumpTable *JT,
const MCSymbol *OldLabel) { const MCSymbol *OldLabel) {
auto L = scopeLock(); auto L = scopeLock();
unsigned Offset = 0; unsigned Offset = 0;
bool Found = false; bool Found = false;
for (std::pair<const unsigned, MCSymbol *> Elmt : JT->Labels) { for (std::pair<const unsigned, MCSymbol *> Elmt : JT->Labels) {
if (Elmt.second != OldLabel) if (Elmt.second != OldLabel)
continue; continue;
Offset = Elmt.first; Offset = Elmt.first;
Found = true; Found = true;
break; break;
} }
assert(Found && "Label not found"); assert(Found && "Label not found");
(void)Found; (void)Found;
MCSymbol *NewLabel = Ctx->createNamedTempSymbol("duplicatedJT"); MCSymbol *NewLabel = Ctx->createNamedTempSymbol("duplicatedJT");
JumpTable *NewJT = JumpTable *NewJT =
new JumpTable(*NewLabel, JT->getAddress(), JT->EntrySize, JT->Type, new JumpTable(*NewLabel, JT->getAddress(), JT->EntrySize, JT->Type,
JumpTable::LabelMapType{{Offset, NewLabel}}, Function, JumpTable::LabelMapType{{Offset, NewLabel}},
*getSectionForAddress(JT->getAddress())); *getSectionForAddress(JT->getAddress()));
NewJT->Parents = JT->Parents;
NewJT->Entries = JT->Entries; NewJT->Entries = JT->Entries;
NewJT->Counts = JT->Counts; NewJT->Counts = JT->Counts;
uint64_t JumpTableID = ++DuplicatedJumpTables; uint64_t JumpTableID = ++DuplicatedJumpTables;
// Invert it to differentiate from regular jump tables whose IDs are their // Invert it to differentiate from regular jump tables whose IDs are their
// addresses in the input binary memory space // addresses in the input binary memory space
JumpTableID = ~JumpTableID; JumpTableID = ~JumpTableID;
JumpTables.emplace(JumpTableID, NewJT); JumpTables.emplace(JumpTableID, NewJT);
Function.JumpTables.emplace(JumpTableID, NewJT); Function.JumpTables.emplace(JumpTableID, NewJT);
▲ Show 20 LinesShow All 1,471 LinesShow Last 20 Lines

bolt/lib/Core/BinaryFunction.cpp

Show First 20 LinesShow All 1,636 Lines▼ Show 20 Lines for (auto &JTI : JumpTables) {
JumpTable &JT = *JTI.second; JumpTable &JT = *JTI.second;
if (JT.Type == JumpTable::JTT_PIC && opts::JumpTables == JTS_BASIC) { if (JT.Type == JumpTable::JTT_PIC && opts::JumpTables == JTS_BASIC) {
opts::JumpTables = JTS_MOVE; opts::JumpTables = JTS_MOVE;
outs() << "BOLT-INFO: forcing -jump-tables=move as PIC jump table was " outs() << "BOLT-INFO: forcing -jump-tables=move as PIC jump table was "
"detected in function " "detected in function "
<< *this << '\n'; << *this << '\n';
} }
if (JT.Entries.empty()) { if (JT.Entries.empty()) {
for (unsigned I = 0; I < JT.OffsetEntries.size(); ++I) { bool HasOneParent = (JT.Parents.size() == 1);
for (unsigned I = 0; I < JT.EntriesAsAddress.size(); ++I) {
uint64_t EntryAddress = JT.EntriesAsAddress[I];
// builtin_unreachable does not belong to any function
// Need to handle separately
AmirUnsubmitted
Done
ReplyInline Actions

The variables must be upper-cased according to LLVM Style Guide: https://llvm.org/docs/CodingStandards.html#name-types-functions-variables-and-enumerators-properly

Amir: The variables must be upper-cased according to LLVM Style Guide: https://llvm.
bool IsBuiltIn = false;
for (BinaryFunction *Parent : JT.Parents) {
if (EntryAddress == Parent->getAddress() + Parent->getSize()) {
IsBuiltIn = true;
// Specify second parameter as true to accept builtin_unreachable
AmirUnsubmitted
Done
ReplyInline Actions
bool skipEntry = false;
- for (BinaryFunction *Parent : JT.Parents)
+ for (BinaryFunction *Parent : JT.Parents) {
if (EntryAddress == Parent->getAddress() + Parent->getSize()) {
skipEntry = true;
break;
}
+ }
if (skipEntry)
Amir:
MCSymbol *Label = getOrCreateLocalLabel(EntryAddress, true);
JT.Entries.push_back(Label);
break;
}
}
if (IsBuiltIn)
continue;
// Create local label for targets cannot be reached by other fragments
// Otherwise, secondary entry point to target function
BinaryFunction *TargetBF =
BC.getBinaryFunctionContainingAddress(EntryAddress);
if (TargetBF->getAddress() != EntryAddress) {
MCSymbol *Label = MCSymbol *Label =
getOrCreateLocalLabel(getAddress() + JT.OffsetEntries[I], (HasOneParent && TargetBF == this)
/*CreatePastEnd*/ true); ? getOrCreateLocalLabel(JT.EntriesAsAddress[I], true)
: TargetBF->addEntryPointAtOffset(EntryAddress -
TargetBF->getAddress());
JT.Entries.push_back(Label); JT.Entries.push_back(Label);
} }
} }
}
const uint64_t BDSize = const uint64_t BDSize =
BC.getBinaryDataAtAddress(JT.getAddress())->getSize(); BC.getBinaryDataAtAddress(JT.getAddress())->getSize();
if (!BDSize) { if (!BDSize) {
BC.setBinaryDataSize(JT.getAddress(), JT.getSize()); BC.setBinaryDataSize(JT.getAddress(), JT.getSize());
} else { } else {
assert(BDSize >= JT.getSize() && assert(BDSize >= JT.getSize() &&
"jump table cannot be larger than the containing object"); "jump table cannot be larger than the containing object");
} }
} }
// Add TakenBranches from JumpTables. // Add TakenBranches from JumpTables.
// //
// We want to do it after initial processing since we don't know jump tables' // We want to do it after initial processing since we don't know jump tables'
// boundaries until we process them all. // boundaries until we process them all.
for (auto &JTSite : JTSites) { for (auto &JTSite : JTSites) {
const uint64_t JTSiteOffset = JTSite.first; const uint64_t JTSiteOffset = JTSite.first;
const uint64_t JTAddress = JTSite.second; const uint64_t JTAddress = JTSite.second;
const JumpTable *JT = getJumpTableContainingAddress(JTAddress); const JumpTable *JT = getJumpTableContainingAddress(JTAddress);
assert(JT && "cannot find jump table for address"); assert(JT && "cannot find jump table for address");
uint64_t EntryOffset = JTAddress - JT->getAddress(); uint64_t EntryOffset = JTAddress - JT->getAddress();
while (EntryOffset < JT->getSize()) { while (EntryOffset < JT->getSize()) {
uint64_t TargetOffset = JT->OffsetEntries[EntryOffset / JT->EntrySize]; uint64_t EntryAddress = JT->EntriesAsAddress[EntryOffset / JT->EntrySize];
uint64_t TargetOffset = EntryAddress - getAddress();
if (TargetOffset < getSize()) { if (TargetOffset < getSize()) {
TakenBranches.emplace_back(JTSiteOffset, TargetOffset); TakenBranches.emplace_back(JTSiteOffset, TargetOffset);
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

Using same variable name "EntryOffset" is completely wrong, and may potentially trigger memory over-use!

nhuhuan: Using same variable name "EntryOffset" is completely wrong, and may potentially trigger memory…
if (opts::StrictMode) if (opts::StrictMode)
nhuhuanAuthorUnsubmitted
Done
ReplyInline Actions

This is a side note. BOLT made two assumptions:
a. Jump table entries are always unsigned int.
b. Jump table entries are arranged moving forward from Jump table base.

It's very often in real-world binaries to use movsl/movsx instead of movzl/movzx,
which seem to suggests against (a). But it is rare to see cases violate (b) from my
experience.

Now keeping (a), it is messy when OffsetEntries point to another fragment whose
appear prior to current function. It will be integer overflow, and this is inconsistent.

nhuhuan: This is a side note. BOLT made two assumptions: a. Jump table entries are always unsigned int.
registerReferencedOffset(TargetOffset); registerReferencedOffset(TargetOffset);
} }
EntryOffset += JT->EntrySize; EntryOffset += JT->EntrySize;
// A label at the next entry means the end of this jump table. // A label at the next entry means the end of this jump table.
if (JT->Labels.count(EntryOffset)) if (JT->Labels.count(EntryOffset))
break; break;
▲ Show 20 LinesShow All 2,744 LinesShow Last 20 Lines

bolt/lib/Core/JumpTable.cpp

Show All 23 Lines
namespace opts { namespace opts {
extern cl::opt<JumpTableSupportLevel> JumpTables; extern cl::opt<JumpTableSupportLevel> JumpTables;
extern cl::opt<unsigned> Verbosity; extern cl::opt<unsigned> Verbosity;
} // namespace opts } // namespace opts
bolt::JumpTable::JumpTable(MCSymbol &Symbol, uint64_t Address, size_t EntrySize, bolt::JumpTable::JumpTable(MCSymbol &Symbol, uint64_t Address, size_t EntrySize,
JumpTableType Type, LabelMapType &&Labels, JumpTableType Type, LabelMapType &&Labels,
BinaryFunction &BF, BinarySection &Section) BinarySection &Section)
: BinaryData(Symbol, Address, 0, EntrySize, Section), EntrySize(EntrySize), : BinaryData(Symbol, Address, 0, EntrySize, Section), EntrySize(EntrySize),
OutputEntrySize(EntrySize), Type(Type), Labels(Labels), Parent(&BF) {} OutputEntrySize(EntrySize), Type(Type), Labels(Labels) {}
std::pair<size_t, size_t> std::pair<size_t, size_t>
bolt::JumpTable::getEntriesForAddress(const uint64_t Addr) const { bolt::JumpTable::getEntriesForAddress(const uint64_t Addr) const {
// Check if this is not an address, but a cloned JT id // Check if this is not an address, but a cloned JT id
if ((int64_t)Addr < 0ll) if ((int64_t)Addr < 0ll)
return std::make_pair(0, Entries.size()); return std::make_pair(0, Entries.size());
const uint64_t InstOffset = Addr - getAddress(); const uint64_t InstOffset = Addr - getAddress();
▲ Show 20 LinesShow All 55 Lines▼ Show 20 Lines for (MCSymbol *Entry : Entries) {
EntryOffset += EntrySize; EntryOffset += EntrySize;
} }
} }
void bolt::JumpTable::print(raw_ostream &OS) const { void bolt::JumpTable::print(raw_ostream &OS) const {
uint64_t Offset = 0; uint64_t Offset = 0;
if (Type == JTT_PIC) if (Type == JTT_PIC)
OS << "PIC "; OS << "PIC ";
OS << "Jump table " << getName() << " for function " << *Parent << " at 0x" ListSeparator LS;
<< Twine::utohexstr(getAddress()) << " with a total count of " << Count
<< ":\n"; OS << "Jump table " << getName() << " for function ";
for (const uint64_t EntryOffset : OffsetEntries) for (BinaryFunction *Frag : Parents)
OS << " 0x" << Twine::utohexstr(EntryOffset) << '\n'; OS << LS << *Frag;
OS << " at 0x" << Twine::utohexstr(getAddress()) << " with a total count of "
<< Count << ":\n";
for (const uint64_t EntryAddress : EntriesAsAddress)
OS << " absolute offset: 0x" << Twine::utohexstr(EntryAddress) << '\n';
for (const MCSymbol *Entry : Entries) { for (const MCSymbol *Entry : Entries) {
auto LI = Labels.find(Offset); auto LI = Labels.find(Offset);
if (Offset && LI != Labels.end()) { if (Offset && LI != Labels.end()) {
OS << "Jump Table " << LI->second->getName() << " at 0x" OS << "Jump Table " << LI->second->getName() << " at 0x"
<< Twine::utohexstr(getAddress() + Offset) << Twine::utohexstr(getAddress() + Offset)
<< " (possibly part of larger jump table):\n"; << " (possibly part of larger jump table):\n";
} }
OS << format(" 0x%04" PRIx64 " : ", Offset) << Entry->getName(); OS << format(" 0x%04" PRIx64 " : ", Offset) << Entry->getName();
Show All 9 Lines

bolt/lib/Passes/AsmDump.cpp

Show First 20 LinesShow All 53 Lines▼ Show 20 Lines default:
MAP.emitCFIInstruction(*CFIInstr); MAP.emitCFIInstruction(*CFIInstr);
} }
} }
void dumpJumpTableFdata(raw_ostream &OS, const BinaryFunction &BF, void dumpJumpTableFdata(raw_ostream &OS, const BinaryFunction &BF,
const MCInst &Instr, const std::string &BranchLabel) { const MCInst &Instr, const std::string &BranchLabel) {
StringRef FunctionName = BF.getOneName(); StringRef FunctionName = BF.getOneName();
const JumpTable *JT = BF.getJumpTable(Instr); const JumpTable *JT = BF.getJumpTable(Instr);
for (const uint64_t EntryOffset : JT->OffsetEntries) { for (uint32_t i = 0; i < JT->Entries.size(); ++i) {
auto LI = JT->Labels.find(EntryOffset); StringRef TargetName = JT->Entries[i]->getName();
StringRef TargetName = LI->second->getName(); const uint64_t Mispreds = JT->Counts[i].Mispreds;
const uint64_t Mispreds = JT->Counts[EntryOffset].Mispreds; const uint64_t Count = JT->Counts[i].Count;
const uint64_t Count = JT->Counts[EntryOffset].Count;
OS << "# FDATA: 1 " << FunctionName << " #" << BranchLabel << "# " OS << "# FDATA: 1 " << FunctionName << " #" << BranchLabel << "# "
<< "1 " << FunctionName << " #" << TargetName << "# " << Mispreds << " " << "1 " << FunctionName << " #" << TargetName << "# " << Mispreds << " "
<< Count << '\n'; << Count << '\n';
} }
} }
void dumpTailCallFdata(raw_ostream &OS, const BinaryFunction &BF, void dumpTailCallFdata(raw_ostream &OS, const BinaryFunction &BF,
const MCInst &Instr, const std::string &BranchLabel) { const MCInst &Instr, const std::string &BranchLabel) {
▲ Show 20 LinesShow All 207 LinesShow Last 20 Lines

bolt/lib/Rewrite/RewriteInstance.cpp

Show First 20 LinesShow All 2,888 Lines▼ Show 20 Lines if (!Function.disassemble()) {
continue; continue;
} }
if (opts::PrintAll || opts::PrintDisasm) if (opts::PrintAll || opts::PrintDisasm)
Function.print(outs(), "after disassembly", true); Function.print(outs(), "after disassembly", true);
} }
BC->processInterproceduralReferences(); BC->processInterproceduralReferences();
BC->clearJumpTableOffsets();
BC->populateJumpTables(); BC->populateJumpTables();
BC->skipMarkedFragments();
for (auto &BFI : BC->getBinaryFunctions()) { for (auto &BFI : BC->getBinaryFunctions()) {
BinaryFunction &Function = BFI.second; BinaryFunction &Function = BFI.second;
if (!shouldDisassemble(Function)) if (!shouldDisassemble(Function))
continue; continue;
Function.postProcessEntryPoints(); Function.postProcessEntryPoints();
Function.postProcessJumpTables(); Function.postProcessJumpTables();
} }
BC->clearJumpTableTempData();
BC->adjustCodePadding(); BC->adjustCodePadding();
for (auto &BFI : BC->getBinaryFunctions()) { for (auto &BFI : BC->getBinaryFunctions()) {
BinaryFunction &Function = BFI.second; BinaryFunction &Function = BFI.second;
if (!shouldDisassemble(Function)) if (!shouldDisassemble(Function))
continue; continue;
if (!Function.isSimple()) { if (!Function.isSimple()) {
assert((!BC->HasRelocations || Function.getSize() == 0 || assert((!BC->HasRelocations || Function.getSize() == 0 ||
Function.hasSplitJumpTable()) && Function.hasIndirectTargetToSplitFragment()) &&
"unexpected non-simple function in relocation mode"); "unexpected non-simple function in relocation mode");
continue; continue;
} }
// Fill in CFI information for this function // Fill in CFI information for this function
if (!Function.trapsOnEntry() && !CFIRdWrt->fillCFIInfoFor(Function)) { if (!Function.trapsOnEntry() && !CFIRdWrt->fillCFIInfoFor(Function)) {
if (BC->HasRelocations) { if (BC->HasRelocations) {
BC->exitWithBugReport("unable to fill CFI.", Function); BC->exitWithBugReport("unable to fill CFI.", Function);
Show All 39 Lines ParallelUtilities::runOnEachFunctionWithUniqueAllocId(
*BC, ParallelUtilities::SchedulingPolicy::SP_INST_LINEAR, WorkFun, *BC, ParallelUtilities::SchedulingPolicy::SP_INST_LINEAR, WorkFun,
SkipPredicate, "disassembleFunctions-buildCFG", SkipPredicate, "disassembleFunctions-buildCFG",
/*ForceSequential*/ opts::SequentialDisassembly || opts::PrintAll); /*ForceSequential*/ opts::SequentialDisassembly || opts::PrintAll);
BC->postProcessSymbolTable(); BC->postProcessSymbolTable();
} }
void RewriteInstance::postProcessFunctions() { void RewriteInstance::postProcessFunctions() {
// We mark fragments as non-simple here, not during disassembly,
// So we can build their CFGs.
BC->skipMarkedFragments();
BC->clearFragmentsToSkip();
BC->TotalScore = 0; BC->TotalScore = 0;
BC->SumExecutionCount = 0; BC->SumExecutionCount = 0;
for (auto &BFI : BC->getBinaryFunctions()) { for (auto &BFI : BC->getBinaryFunctions()) {
BinaryFunction &Function = BFI.second; BinaryFunction &Function = BFI.second;
if (Function.empty()) if (Function.empty())
continue; continue;
▲ Show 20 LinesShow All 2,542 LinesShow Last 20 Lines

bolt/test/X86/jump-table-move.s

  • This file was added.
# REQUIRES: system-linux
# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
# RUN: %clang %cflags -no-pie %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt %t.exe -o %t.out --lite=0 -v=1 --jump-tables=move 2>&1 | FileCheck %s
# CHECK-NOT: unclaimed PC-relative relocations left in data
# CHECK: BOLT-INFO: marking main.cold.1 as a fragment of main
# CHECK: BOLT-WARNING: Ignoring main.cold.1
# CHECK: BOLT-WARNING: Ignoring main
.text
.globl main
.type main, %function
.p2align 2
main:
cmpl $0x67, %edi
jne main.cold.1
LBB0:
retq
.size main, .-main
.globl main.cold.1
.type main.cold.1, %function
.p2align 2
main.cold.1:
jmpq *JUMP_TABLE(,%rcx,8)
.size main.cold.1, .-main.cold.1
.rodata
.globl JUMP_TABLE
JUMP_TABLE:
.quad LBB0
.quad LBB0

bolt/test/X86/split-func-jump-table-fragment-bidirection.s

# This reproduces an issue where two fragments of same function access same # This reproduces an issue where two fragments of same function access same
# jump table, which means at least one fragment visits the other, i.e., one # jump table, which means at least one fragment visits the other, i.e., one
# of them has split jump table. As a result, all of them will be marked as # of them has split jump table. As a result, all of them will be marked as
# non-simple function. # non-simple function.
# REQUIRES: system-linux # REQUIRES: system-linux
# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o # RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
# RUN: llvm-strip --strip-unneeded %t.o # RUN: llvm-strip --strip-unneeded %t.o
# RUN: %clang %cflags %t.o -o %t.exe -Wl,-q # RUN: %clang %cflags %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt -v=3 %t.exe -o %t.out 2>&1 | FileCheck %s # RUN: llvm-bolt -print-cfg -v=3 %t.exe -o %t.out 2>&1 | FileCheck %s
# CHECK: BOLT-WARNING: Multiple fragments access same jump table: main; main.cold.1 # CHECK: BOLT-INFO: Multiple fragments access same jump table: main; main.cold.1
# CHECK: PIC Jump table JUMP_TABLE1 for function main, main.cold.1 at {{.*}} with a total count of 0:
AmirUnsubmitted
Done
ReplyInline Actions
# CHECK: BOLT-WARNING: Multiple fragments access same jump table: main; main.cold.1
- # CHECK: PIC Jump table JUMP_TABLE1 for function main, main.cold.1 at 0x2e0 with a total count of 0:
+ # CHECK: PIC Jump table JUMP_TABLE1 for function main, main.cold.1 at {{.*}} with a total count of 0:
.text
Amir:
.text .text
.globl main .globl main
.type main, %function .type main, %function
.p2align 2 .p2align 2
main: main:
LBB0: LBB0:
andl $0xf, %ecx andl $0xf, %ecx
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines