diff --git a/bolt/lib/Core/BinaryContext.cpp b/bolt/lib/Core/BinaryContext.cpp --- a/bolt/lib/Core/BinaryContext.cpp +++ b/bolt/lib/Core/BinaryContext.cpp @@ -663,6 +663,7 @@ } void BinaryContext::populateJumpTables() { + SmallVector JTableRemoveList; LLVM_DEBUG(dbgs() << "DataPCRelocations: " << DataPCRelocations.size() << '\n'); for (auto JTI = JumpTables.begin(), JTE = JumpTables.end(); JTI != JTE; @@ -702,7 +703,9 @@ dbgs() << "\n";); NextJTI->second->print(dbgs()); } - llvm_unreachable("jump table heuristic failure"); + + JTableRemoveList.push_back(JT); + continue; } for (BinaryFunction *Frag : JT->Parents) { for (uint64_t EntryAddress : JT->EntriesAsAddress) @@ -732,6 +735,15 @@ addFragmentsToSkip(Frag); } + // Ignore invalid jump tables + for (JumpTable *JT : JTableRemoveList) { + for (BinaryFunction *Frag : JT->Parents) { + Frag->setIgnored(); + Frag->JumpTables.erase(Frag->JumpTables.find(JT->getAddress())); + } + JumpTables.erase(JumpTables.find(JT->getAddress())); + } + if (opts::StrictMode && DataPCRelocations.size()) { LLVM_DEBUG({ dbgs() << DataPCRelocations.size() diff --git a/bolt/lib/Core/BinaryFunction.cpp b/bolt/lib/Core/BinaryFunction.cpp --- a/bolt/lib/Core/BinaryFunction.cpp +++ b/bolt/lib/Core/BinaryFunction.cpp @@ -1671,10 +1671,20 @@ } if (IsBuiltIn) continue; - // Create local label for targets cannot be reached by other fragments - // Otherwise, secondary entry point to target function + BinaryFunction *TargetBF = BC.getBinaryFunctionContainingAddress(EntryAddress); + + // Disassemble all functions before postProcessJumpTable + // !shouldDisassembled --> State != Disassembled + // If target function is ignored, also ignore current function + if (TargetBF->getState() != BinaryFunction::State::Disassembled) { + setIgnored(); + return; + } + + // Create local label for targets cannot be reached by other fragments + // Otherwise, secondary entry point to target function if (TargetBF->getAddress() != EntryAddress) { MCSymbol *Label = (HasOneParent && TargetBF == this) diff --git a/bolt/lib/Rewrite/RewriteInstance.cpp b/bolt/lib/Rewrite/RewriteInstance.cpp --- a/bolt/lib/Rewrite/RewriteInstance.cpp +++ b/bolt/lib/Rewrite/RewriteInstance.cpp @@ -2913,14 +2913,21 @@ BC->populateJumpTables(); + // For split-function binaries, postProcessJumpTables generates + // some secondary entry points for the sibling fragments + // --> Need to be validated later by postProcessEntryPoints for (auto &BFI : BC->getBinaryFunctions()) { BinaryFunction &Function = BFI.second; - if (!shouldDisassemble(Function)) continue; + Function.postProcessJumpTables(); + } + for (auto &BFI : BC->getBinaryFunctions()) { + BinaryFunction &Function = BFI.second; + if (!shouldDisassemble(Function)) + continue; Function.postProcessEntryPoints(); - Function.postProcessJumpTables(); } BC->clearJumpTableTempData(); diff --git a/bolt/test/X86/fake_jtable.s b/bolt/test/X86/fake_jtable.s new file mode 100644 --- /dev/null +++ b/bolt/test/X86/fake_jtable.s @@ -0,0 +1,49 @@ +# Currently disassembly is not decoupled from branch target analysis. +# This causes a few checks related to availability of target insn to +# fail for stripped binaries: +# (a) analyzeJumpTable +# (b) postProcessEntryPoints +# This test checks if BOLT can safely support instruction bounds check +# for cross-function targets. + +# REQUIRES: system-linux + +# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o +# RUN: %clang %cflags %t.o -o %t.exe -Wl,-q +# RUN: llvm-bolt %t.exe -o %t.out -v=1 -print-cfg + + .text + .globl main + .type main, %function + .p2align 2 +main: +LBB0: + .cfi_startproc + andl $0xf, %ecx + cmpb $0x4, %cl + ja .main.cold.1 +LBB1: + leaq FAKE_JUMP_TABLE(%rip), %r8 + cmpq %r8, %r9 +LBB2: + xorq %rax, %rax + ret + .cfi_endproc +.size main, .-main + + .globl main.cold.1 + .type main.cold.1, %function + .p2align 2 +main.cold.1: + .cfi_startproc + nop +LBB3: + callq abort + .cfi_endproc +.size main.cold.1, .-main.cold.1 + + .rodata + .globl FAKE_JUMP_TABLE +FAKE_JUMP_TABLE: + .long LBB2-FAKE_JUMP_TABLE + .long LBB3-FAKE_JUMP_TABLE+0x1