This is an archive of the discontinued LLVM Phabricator instance.

Differential D134098

[BOLT] Add pass to fix ambiguous memory references
ClosedPublic

Authored by rafauler on Sep 16 2022, 6:36 PM.

Details

Reviewers
Amir
maksfb
Group Reviewers
Restricted Project
Commits
rG4f158995b9cd: [BOLT] Add pass to fix ambiguous memory references
Summary

This adds a round of checks to memory references, looking for
incorrect references to jump table objects. Fix them by replacing the
jump table reference with another object reference + offset.

This solves bugs related to regular data references in code
accidentally being bound to a jump table, and this reference being
updated to a new (incorrect) location because we moved this jump
table.

Fixes #55004

Diff Detail

Event Timeline

rafauler created this revision.Sep 16 2022, 6:36 PM
Herald added a reviewer: Amir. · View Herald TranscriptSep 16 2022, 6:36 PM
Herald added a reviewer: maksfb. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: treapster, ayermolo, mgorny. · View Herald Transcript
rafauler requested review of this revision.Sep 16 2022, 6:36 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 16 2022, 6:36 PM
Herald added subscribers: llvm-commits, yota9. · View Herald Transcript
rafauler added a parent revision: D134097: [BOLT][NFC] Refactor creation of symbol+addend references.Sep 16 2022, 6:37 PM
rafauler mentioned this in D134099: [RFC][BOLT] Create an independent namespace for jump tables.Sep 16 2022, 6:43 PM
rafauler added a comment.EditedSep 16 2022, 6:47 PM

This pass adds ~3.5s processing time in a large binary that takes about 3 minutes to process. This pass currently does not handle the case where the ambiguous jump table reference is in the same function that owns the referenced jump table label. This requires additional analysis and runtime overhead.

Harbormaster completed remote builds in B187291: Diff 460955.Sep 16 2022, 6:55 PM
yota9 added inline comments.Sep 17 2022, 11:28 AM
bolt/lib/Passes/ValidateMemRefs.cpp
23

BC might be taken from BF

88

Just curious why not to parallel this?

tschuett added a subscriber: tschuett.Sep 18 2022, 5:43 AM
tschuett added inline comments.
bolt/include/bolt/Passes/ValidateMemRefs.h
16

You may use nested namespaces.

bolt/lib/Passes/ValidateMemRefs.cpp
69

You may use structured bindings.

rafauler updated this revision to Diff 461393.Sep 19 2022, 3:41 PM

Reviewer suggestions: nested namespaces, structured bindings, paralellism.

rafauler marked 4 inline comments as done.Sep 19 2022, 3:46 PM
rafauler added inline comments.
bolt/lib/Passes/ValidateMemRefs.cpp
88

I put up the basic scaffolding necessary to run this in parallel. It does run slower, though. The pass takes 8s wall time versus 3.7s sequential for a given test input. So I forced it run sequentially for now, but I left it there so we can easily change to run in parallel in case this changes.

The reason it runs slower is because we need to acquire a large lock to prevent data races from creating new symbols on line 47. Specifically, in BinaryContext::registerNameAtAddress, we hold iterators to a std::map and another thread might be changing this map.

Harbormaster completed remote builds in B187622: Diff 461393.Sep 19 2022, 4:41 PM
maksfb added inline comments.Oct 7 2022, 5:23 PM
bolt/lib/Passes/ValidateMemRefs.cpp
58–59
61

Is there a reason to iterate over layout (vs CFG)? If there's no reason, we should prefer CFG.

83

Probably the condition needs to be modified as we are moving jump tables in other modes as well.

93
95

Is the complexity really quadratic?

103
rafauler updated this revision to Diff 466672.Oct 10 2022, 5:54 PM
rafauler marked an inline comment as done.

Maksim's suggestions. Thanks!

Harbormaster completed remote builds in B191403: Diff 466672.Oct 10 2022, 6:13 PM
maksfb accepted this revision.Oct 12 2022, 12:07 PM

One nit and one comment. Otherwise, LGTM.

bolt/lib/Core/BinaryEmitter.cpp
818–836

Could you please add a comment under which conditions we can have more than one label?

bolt/lib/Passes/ValidateMemRefs.cpp
50
This revision is now accepted and ready to land.Oct 12 2022, 12:07 PM
rafauler updated this revision to Diff 467302.Oct 12 2022, 4:45 PM

Adding requested comment, debugging message fixed, improved test case
2 to be more clear and to test if BOLT breaks this test case.

Harbormaster completed remote builds in B191850: Diff 467302.Oct 12 2022, 4:52 PM
Closed by commit rG4f158995b9cd: [BOLT] Add pass to fix ambiguous memory references (authored by rafauler). · Explain WhyOct 12 2022, 6:40 PM
This revision was automatically updated to reflect the committed changes.
rafauler added a commit: rG4f158995b9cd: [BOLT] Add pass to fix ambiguous memory references.

Revision Contents

PathSize
bolt/
include/
bolt/
Passes/
41 lines
lib/
Core/
20 lines
Passes/
1 line
104 lines
Rewrite/
9 lines
test/
runtime/
X86/
100 lines
91 lines

Diff 467341

bolt/include/bolt/Passes/ValidateMemRefs.h

  • This file was added.
//===- bolt/Passes/ValidateMemRefs.h ----------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef BOLT_PASSES_VALIDATEMEMREFS_H
#define BOLT_PASSES_VALIDATEMEMREFS_H
#include "bolt/Passes/BinaryPasses.h"
namespace llvm::bolt {
/// Post processing to check for memory references that cause a symbol
tschuettUnsubmitted
Done
ReplyInline Actions

You may use nested namespaces.

tschuett: You may use nested namespaces.
/// in data section to be ambiguous, requiring us to avoid moving that
/// object or disambiguating such references. This is currently
/// limited to fixing false references to the location of jump tables.
///
class ValidateMemRefs : public BinaryFunctionPass {
public:
explicit ValidateMemRefs(const cl::opt<bool> &PrintPass)
: BinaryFunctionPass(PrintPass) {}
const char *getName() const override { return "validate-mem-refs"; }
void runOnFunctions(BinaryContext &BC) override;
private:
bool checkAndFixJTReference(BinaryFunction &BF, MCInst &Inst,
uint32_t OperandNum, const MCSymbol *Sym,
uint64_t Offset);
void runOnFunction(BinaryFunction &BF);
static std::atomic<std::uint64_t> ReplacedReferences;
};
} // namespace llvm::bolt
#endif

bolt/lib/Core/BinaryEmitter.cpp

Show First 20 LinesShow All 809 Lines▼ Show 20 Lines if (LI != JT.Labels.end()) {
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: jump table count: " LLVM_DEBUG(dbgs() << "BOLT-DEBUG: jump table count: "
<< LabelCounts[LI->second] << '\n'); << LabelCounts[LI->second] << '\n');
if (LabelCounts[LI->second] > 0) if (LabelCounts[LI->second] > 0)
Streamer.switchSection(HotSection); Streamer.switchSection(HotSection);
else else
Streamer.switchSection(ColdSection); Streamer.switchSection(ColdSection);
Streamer.emitValueToAlignment(JT.EntrySize); Streamer.emitValueToAlignment(JT.EntrySize);
} }
// Emit all labels registered at the address of this jump table
// to sync with our global symbol table. We may have two labels
// registered at this address if one label was created via
// getOrCreateGlobalSymbol() (e.g. LEA instructions referencing
// this location) and another via getOrCreateJumpTable(). This
// creates a race where the symbols created by these two
// functions may or may not be the same, but they are both
// registered in our symbol table at the same address. By
// emitting them all here we make sure there is no ambiguity
// that depends on the order that these symbols were created, so
// whenever this address is referenced in the binary, it is
// certain to point to the jump table identified at this
// address.
if (BinaryData *BD = BC.getBinaryDataByName(LI->second->getName())) {
for (MCSymbol *S : BD->getSymbols())
Streamer.emitLabel(S);
} else {
Streamer.emitLabel(LI->second); Streamer.emitLabel(LI->second);
}
maksfbUnsubmitted
Not Done
ReplyInline Actions

Could you please add a comment under which conditions we can have more than one label?

maksfb: Could you please add a comment under which conditions we can have more than one label?
LastLabel = LI->second; LastLabel = LI->second;
} }
if (JT.Type == JumpTable::JTT_NORMAL) { if (JT.Type == JumpTable::JTT_NORMAL) {
Streamer.emitSymbolValue(Entry, JT.OutputEntrySize); Streamer.emitSymbolValue(Entry, JT.OutputEntrySize);
} else { // JTT_PIC } else { // JTT_PIC
const MCSymbolRefExpr *JTExpr = const MCSymbolRefExpr *JTExpr =
MCSymbolRefExpr::create(LastLabel, Streamer.getContext()); MCSymbolRefExpr::create(LastLabel, Streamer.getContext());
const MCSymbolRefExpr *E = const MCSymbolRefExpr *E =
▲ Show 20 LinesShow All 342 LinesShow Last 20 Lines

bolt/lib/Passes/CMakeLists.txt

Show All 36 Linesadd_llvm_library(LLVMBOLTPasses
StackAllocationAnalysis.cpp StackAllocationAnalysis.cpp
StackAvailableExpressions.cpp StackAvailableExpressions.cpp
StackPointerTracking.cpp StackPointerTracking.cpp
StackReachingUses.cpp StackReachingUses.cpp
StokeInfo.cpp StokeInfo.cpp
TailDuplication.cpp TailDuplication.cpp
ThreeWayBranch.cpp ThreeWayBranch.cpp
ValidateInternalCalls.cpp ValidateInternalCalls.cpp
ValidateMemRefs.cpp
VeneerElimination.cpp VeneerElimination.cpp
RetpolineInsertion.cpp RetpolineInsertion.cpp
DISABLE_LLVM_LINK_LLVM_DYLIB DISABLE_LLVM_LINK_LLVM_DYLIB
LINK_LIBS LINK_LIBS
${LLVM_PTHREAD_LIB} ${LLVM_PTHREAD_LIB}
Show All 12 Lines

bolt/lib/Passes/ValidateMemRefs.cpp

  • This file was added.
//===- bolt/Passes/ValidateMemRefs.cpp ------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "bolt/Passes/ValidateMemRefs.h"
#include "bolt/Core/ParallelUtilities.h"
#define DEBUG_TYPE "bolt-memrefs"
namespace opts {
extern llvm::cl::opt<llvm::bolt::JumpTableSupportLevel> JumpTables;
}
namespace llvm::bolt {
std::atomic<std::uint64_t> ValidateMemRefs::ReplacedReferences{0};
bool ValidateMemRefs::checkAndFixJTReference(BinaryFunction &BF, MCInst &Inst,
uint32_t OperandNum,
yota9Unsubmitted
Done
ReplyInline Actions

BC might be taken from BF

yota9: BC might be taken from BF
const MCSymbol *Sym,
uint64_t Offset) {
BinaryContext &BC = BF.getBinaryContext();
auto L = BC.scopeLock();
BinaryData *BD = BC.getBinaryDataByName(Sym->getName());
if (!BD)
return false;
const uint64_t TargetAddress = BD->getAddress() + Offset;
JumpTable *JT = BC.getJumpTableContainingAddress(TargetAddress);
if (!JT)
return false;
const bool IsLegitAccess = llvm::any_of(
JT->Parents, [&](const BinaryFunction *Parent) { return Parent == &BF; });
if (IsLegitAccess)
return true;
// Accessing a jump table in another function. This is not a
// legitimate jump table access, we need to replace the reference to
// the jump table label with a regular rodata reference. Get a
// non-JT reference by fetching the symbol 1 byte before the JT
// label.
MCSymbol *NewSym = BC.getOrCreateGlobalSymbol(TargetAddress - 1, "DATAat");
BC.MIB->setOperandToSymbolRef(Inst, OperandNum, NewSym, 1, &*BC.Ctx, 0);
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: replaced reference @" << BF.getPrintName()
<< " from " << BD->getName() << " to " << NewSym->getName()
maksfbUnsubmitted
Not Done
ReplyInline Actions
BC.MIB->setOperandToSymbolRef(Inst, OperandNum, NewSym, 1, &*BC.Ctx, 0);
- LLVM_DEBUG(dbgs() << "Replaced reference @" << BF.getPrintName() << " from "
+ LLVM_DEBUG(dbgs() << "BOLT-DEBUG: replaced reference @" << BF.getPrintName() << " from "
<< BD->getName() << " to " << NewSym->getName()
maksfb:
<< " + 1\n");
++ReplacedReferences;
return true;
}
void ValidateMemRefs::runOnFunction(BinaryFunction &BF) {
MCPlusBuilder *MIB = BF.getBinaryContext().MIB.get();
for (BinaryBasicBlock &BB : BF) {
maksfbUnsubmitted
Not Done
ReplyInline Actions
void ValidateMemRefs::runOnFunction(BinaryFunction &BF) {
- BinaryContext &BC = BF.getBinaryContext();
- MCPlusBuilder *MIB = BC.MIB.get();
+ MCPlusBuilder *MIB = BF.getBinaryContext().MIB.get();
for (BinaryBasicBlock *BB : BF.getLayout().blocks()) {
maksfb:
for (MCInst &Inst : BB) {
for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) {
maksfbUnsubmitted
Not Done
ReplyInline Actions

Is there a reason to iterate over layout (vs CFG)? If there's no reason, we should prefer CFG.

maksfb: Is there a reason to iterate over layout (vs CFG)? If there's no reason, we should prefer CFG.
const MCOperand &Operand = Inst.getOperand(I);
if (!Operand.isExpr())
continue;
const auto [Sym, Offset] = MIB->getTargetSymbolInfo(Operand.getExpr());
if (!Sym)
continue;
tschuettUnsubmitted
Done
ReplyInline Actions

You may use structured bindings.

tschuett: You may use structured bindings.
checkAndFixJTReference(BF, Inst, I, Sym, Offset);
}
}
}
}
void ValidateMemRefs::runOnFunctions(BinaryContext &BC) {
if (!BC.isX86())
return;
// Skip validation if not moving JT
if (opts::JumpTables == JTS_NONE || opts::JumpTables == JTS_BASIC)
return;
maksfbUnsubmitted
Not Done
ReplyInline Actions
// Skip validation if not moving JT
- if (opts::JumpTables != JTS_MOVE)
+ if (opts::JumpTables == JTS_NONE || opts::JumpTables == JTS_BASIC)
return;

Probably the condition needs to be modified as we are moving jump tables in other modes as well.

maksfb: Probably the condition needs to be modified as we are moving jump tables in other modes as well.
ParallelUtilities::WorkFuncWithAllocTy ProcessFunction =
[&](BinaryFunction &BF, MCPlusBuilder::AllocatorIdTy AllocId) {
runOnFunction(BF);
};
ParallelUtilities::PredicateTy SkipPredicate = [&](const BinaryFunction &BF) {
yota9Unsubmitted
Done
ReplyInline Actions

Just curious why not to parallel this?

yota9: Just curious why not to parallel this?
rafaulerAuthorUnsubmitted
Done
ReplyInline Actions

I put up the basic scaffolding necessary to run this in parallel. It does run slower, though. The pass takes 8s wall time versus 3.7s sequential for a given test input. So I forced it run sequentially for now, but I left it there so we can easily change to run in parallel in case this changes.

The reason it runs slower is because we need to acquire a large lock to prevent data races from creating new symbols on line 47. Specifically, in BinaryContext::registerNameAtAddress, we hold iterators to a std::map and another thread might be changing this map.

rafauler: I put up the basic scaffolding necessary to run this in parallel. It does run slower, though.
return !BF.hasCFG();
};
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: starting memrefs validation pass\n");
ParallelUtilities::runOnEachFunctionWithUniqueAllocId(
BC, ParallelUtilities::SchedulingPolicy::SP_INST_LINEAR, ProcessFunction,
maksfbUnsubmitted
Not Done
ReplyInline Actions
return !BF.hasCFG();
};
- LLVM_DEBUG(dbgs() << "BOLT-DEBUG: Starting memrefs validation pass\n");
+ LLVM_DEBUG(dbgs() << "BOLT-DEBUG: starting memrefs validation pass\n");
ParallelUtilities::runOnEachFunctionWithUniqueAllocId(
maksfb:
SkipPredicate, "validate-mem-refs", /*ForceSequential=*/true);
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: memrefs validation is concluded\n");
maksfbUnsubmitted
Not Done
ReplyInline Actions

Is the complexity really quadratic?

maksfb: Is the complexity really quadratic?
if (!ReplacedReferences)
return;
outs() << "BOLT-INFO: validate-mem-refs updated " << ReplacedReferences
<< " object references\n";
}
maksfbUnsubmitted
Not Done
ReplyInline Actions
outs() << "BOLT-INFO: validate-mem-refs updated " << ReplacedReferences
- << " object references.\n";
+ << " object references\n";
}
} // namespace llvm::bolt
maksfb:
} // namespace llvm::bolt

bolt/lib/Rewrite/BinaryPassManager.cpp

Show All 25 Lines
#include "bolt/Passes/ReorderData.h" #include "bolt/Passes/ReorderData.h"
#include "bolt/Passes/ReorderFunctions.h" #include "bolt/Passes/ReorderFunctions.h"
#include "bolt/Passes/RetpolineInsertion.h" #include "bolt/Passes/RetpolineInsertion.h"
#include "bolt/Passes/SplitFunctions.h" #include "bolt/Passes/SplitFunctions.h"
#include "bolt/Passes/StokeInfo.h" #include "bolt/Passes/StokeInfo.h"
#include "bolt/Passes/TailDuplication.h" #include "bolt/Passes/TailDuplication.h"
#include "bolt/Passes/ThreeWayBranch.h" #include "bolt/Passes/ThreeWayBranch.h"
#include "bolt/Passes/ValidateInternalCalls.h" #include "bolt/Passes/ValidateInternalCalls.h"
#include "bolt/Passes/ValidateMemRefs.h"
#include "bolt/Passes/VeneerElimination.h" #include "bolt/Passes/VeneerElimination.h"
#include "bolt/Utils/CommandLineOpts.h" #include "bolt/Utils/CommandLineOpts.h"
#include "llvm/Support/FormatVariadic.h" #include "llvm/Support/FormatVariadic.h"
#include "llvm/Support/Timer.h" #include "llvm/Support/Timer.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include <memory> #include <memory>
#include <numeric> #include <numeric>
▲ Show 20 LinesShow All 270 Lines▼ Show 20 Linesvoid BinaryFunctionPassManager::runAllPasses(BinaryContext &BC) {
Manager.registerPass(std::make_unique<AsmDumpPass>(), Manager.registerPass(std::make_unique<AsmDumpPass>(),
opts::AsmDump.getNumOccurrences()); opts::AsmDump.getNumOccurrences());
if (BC.isAArch64()) if (BC.isAArch64())
Manager.registerPass( Manager.registerPass(
std::make_unique<VeneerElimination>(PrintVeneerElimination)); std::make_unique<VeneerElimination>(PrintVeneerElimination));
if (opts::Instrument)
Manager.registerPass(std::make_unique<Instrumentation>(NeverPrint));
// Here we manage dependencies/order manually, since passes are run in the // Here we manage dependencies/order manually, since passes are run in the
// order they're registered. // order they're registered.
// Run this pass first to use stats for the original functions. // Run this pass first to use stats for the original functions.
Manager.registerPass(std::make_unique<PrintProgramStats>(NeverPrint)); Manager.registerPass(std::make_unique<PrintProgramStats>(NeverPrint));
if (opts::PrintProfileStats) if (opts::PrintProfileStats)
Manager.registerPass(std::make_unique<PrintProfileStats>(NeverPrint)); Manager.registerPass(std::make_unique<PrintProfileStats>(NeverPrint));
Manager.registerPass(std::make_unique<ValidateInternalCalls>(NeverPrint)); Manager.registerPass(std::make_unique<ValidateInternalCalls>(NeverPrint));
Manager.registerPass(std::make_unique<ValidateMemRefs>(NeverPrint));
if (opts::Instrument)
Manager.registerPass(std::make_unique<Instrumentation>(NeverPrint));
Manager.registerPass(std::make_unique<ShortenInstructions>(NeverPrint)); Manager.registerPass(std::make_unique<ShortenInstructions>(NeverPrint));
Manager.registerPass(std::make_unique<RemoveNops>(NeverPrint)); Manager.registerPass(std::make_unique<RemoveNops>(NeverPrint));
Manager.registerPass(std::make_unique<NormalizeCFG>(PrintNormalized)); Manager.registerPass(std::make_unique<NormalizeCFG>(PrintNormalized));
Manager.registerPass(std::make_unique<StripRepRet>(NeverPrint), Manager.registerPass(std::make_unique<StripRepRet>(NeverPrint),
opts::StripRepRet); opts::StripRepRet);
▲ Show 20 LinesShow All 139 LinesShow Last 20 Lines

bolt/test/runtime/X86/jt-symbol-disambiguation-2.s

  • This file was added.
# In this test case, we reproduce the behavior seen in gcc where the
# base address of a data object is decremented by some number and lands
# inside a jump table from another function.
# REQUIRES: system-linux
# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
# RUN: llvm-strip --strip-unneeded %t.o
# RUN: %clang %cflags -no-pie -nostartfiles -nostdlib -lc %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt %t.exe -o %t.exe.bolt --relocs=1 --lite=0 \
# RUN: --reorder-blocks=reverse -jump-tables=move
# RUN: %t.exe.bolt 1 2 3
.file "jt-symbol-disambiguation-2.s"
.text
# ----
# Func foo contains a jump table whose start is colocated with a
# symbol marking the end of a data table
# ----
.globl foo
.type foo, @function
foo:
.cfi_startproc
xor %rax,%rax
and $0x3,%rdi
leaq .JT1(%rip), %rax
movslq (%rax, %rdi, 4), %rdi
addq %rax, %rdi
jmpq *%rdi
.LBB1:
movl $0x1,%eax
jmp .LBB5
.LBB2:
movl $0x2,%eax
jmp .LBB5
.LBB3:
movl $0x3,%eax
jmp .LBB5
.LBB4:
movl $0x4,%eax
.LBB5:
retq
.cfi_endproc
.size foo, .-foo
# ----
# Func _start scans an object with indexed access using %rax * 8 as an
# index. However, %rax is known to be at least one, so the compiler
# loads the pointer for the base address as object - 8 instead of just
# object.
# ----
.globl _start
.type _start, @function
_start:
.cfi_startproc
movq (%rsp), %rdi
callq foo
xorq %rbx, %rbx
leaq .object-8(%rip), %rsi # indexed access base address
movq $1, %rax # start index
.LBB6:
cmpq $4, %rax
je .LBB7
addq (%rsi,%rax,8), %rbx
incq %rax # ++iterator
jmp .LBB6
.LBB7:
cmpq $1368, %rbx # check .object contents integrity
jne .LBB_BAD
xor %rdi, %rdi
callq exit@PLT
retq
.LBB_BAD:
leaq .message, %rdi
callq puts@PLT
movq $1, %rdi
callq exit@PLT
retq
.cfi_endproc
.size _start, .-_start
# ----
# Data section
# ----
.section .rodata,"a",@progbits
.p2align 3
.JT1:
.long .LBB1 - .JT1
.long .LBB2 - .JT1
.long .LBB3 - .JT1
.long .LBB4 - .JT1
.object:
.quad 123
.quad 456
.quad 789
.message:
.asciz "RUNTIME ASSERTION FAILURE: references in test binary are corrupt after BOLT"

bolt/test/runtime/X86/jt-symbol-disambiguation.s

  • This file was added.
# In this test case, the symbol that represents the end of a table
# in .rodata is being colocated with the start of a jump table from
# another function, and BOLT moves that jump table. This should not
# cause the symbol representing the end of the table to be moved as
# well.
# Bug reported in https://github.com/llvm/llvm-project/issues/55004
# REQUIRES: system-linux
# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
# RUN: llvm-strip --strip-unneeded %t.o
# RUN: %clang %cflags -no-pie -nostartfiles -nostdlib -lc %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt %t.exe -o %t.exe.bolt --relocs=1 --lite=0 \
# RUN: --reorder-blocks=reverse -jump-tables=move
# RUN: %t.exe.bolt 1 2 3
.file "jt-symbol-disambiguation.s"
.text
# ----
# Func foo contains a jump table whose start is colocated with a
# symbol marking the end of a data table
# ----
.globl foo
.type foo, @function
foo:
.cfi_startproc
xor %rax,%rax
and $0x3,%rdi
leaq .JT1(%rip), %rax
movslq (%rax, %rdi, 4), %rdi
addq %rax, %rdi
jmpq *%rdi
.LBB1:
movl $0x1,%eax
jmp .LBB5
.LBB2:
movl $0x2,%eax
jmp .LBB5
.LBB3:
movl $0x3,%eax
jmp .LBB5
.LBB4:
movl $0x4,%eax
.LBB5:
retq
.cfi_endproc
.size foo, .-foo
# ----
# Func _start scans a table using begin/end pointers. End pointer is colocated
# with the start of a jump table of function foo. When that jump
# table moves, end pointer in _start should not be affected.
# ----
.globl _start
.type _start, @function
_start:
.cfi_startproc
movq (%rsp), %rdi
callq foo
leaq .start_of_table(%rip), %rsi # iterator
leaq .end_of_table(%rip), %rdi # iterator end
.LBB6:
cmpq %rsi, %rdi
je .LBB7
movq (%rsi), %rbx
leaq 8(%rsi), %rsi # ++iterator
jmp .LBB6
.LBB7:
xor %rdi, %rdi
callq exit@PLT
.cfi_endproc
.size _start, .-_start
# ----
# Data section
# ----
.section .rodata,"a",@progbits
.p2align 3
.start_of_table:
.quad 123
.quad 456
.quad 789
.end_of_table:
.JT1:
.long .LBB1 - .JT1
.long .LBB2 - .JT1
.long .LBB3 - .JT1
.long .LBB4 - .JT1