Index: bolt/lib/Rewrite/RewriteInstance.cpp
===================================================================
--- bolt/lib/Rewrite/RewriteInstance.cpp
+++ bolt/lib/Rewrite/RewriteInstance.cpp
@@ -1977,8 +1977,9 @@
     exit(1);
   }
 
-  if (opts::ReorderFunctions != ReorderFunctions::RT_NONE &&
-      !opts::HotText.getNumOccurrences()) {
+  if (opts::Instrument ||
+      (opts::ReorderFunctions != ReorderFunctions::RT_NONE &&
+       !opts::HotText.getNumOccurrences())) {
     opts::HotText = true;
   } else if (opts::HotText && !BC->HasRelocations) {
     errs() << "BOLT-WARNING: hot text is disabled in non-relocation mode\n";
Index: bolt/runtime/common.h
===================================================================
--- bolt/runtime/common.h
+++ bolt/runtime/common.h
@@ -154,6 +154,15 @@
 // Anonymous namespace covering everything but our library entry point
 namespace {
 
+uint64_t getBaseAddress() {
+  uint64_t DynAddr;
+  uint64_t StaticAddr;
+  __asm__ volatile("leaq __hot_end(%%rip), %0\n\t"
+                   "leaq __hot_end, %1\n\t"
+                   : "=r"(DynAddr), "=r"(StaticAddr));
+  return DynAddr - StaticAddr;
+}
+
 constexpr uint32_t BufSize = 10240;
 
 #define _STRINGIFY(x) #x
Index: bolt/runtime/instr.cpp
===================================================================
--- bolt/runtime/instr.cpp
+++ bolt/runtime/instr.cpp
@@ -210,6 +210,12 @@
 /// __bolt_instr_setup, our initialization routine.
 BumpPtrAllocator *GlobalAlloc;
 
+// Base address which we substract from recorded PC values when searching for
+// indirect call description entries. Needed because indCall descriptions are
+// mapped read-only and contain static addresses. Initialized in
+// __bolt_instr_setup.
+uint64_t TextBaseAddress = 0;
+
 // Storage for GlobalAlloc which can be shared if not using
 // instrumentation-file-append-pid.
 void *GlobalMetadataStorage;
@@ -1389,7 +1395,7 @@
   const IndCallDescription *CallsiteDesc =
       &Ctx->IndCallDescriptions[CallsiteID];
   const IndCallTargetDescription *TargetDesc =
-      Ctx->lookupIndCallTarget(Entry.Key);
+      Ctx->lookupIndCallTarget(Entry.Key - TextBaseAddress);
   if (!TargetDesc) {
     DEBUG(report("Failed to lookup indirect call target\n"));
     char LineBuf[BufSize];
@@ -1607,6 +1613,7 @@
 extern "C" void __attribute((force_align_arg_pointer)) __bolt_instr_setup() {
   __bolt_ind_call_counter_func_pointer = __bolt_instr_indirect_call;
   __bolt_ind_tailcall_counter_func_pointer = __bolt_instr_indirect_tailcall;
+  TextBaseAddress = getBaseAddress();
 
   const uint64_t CountersStart =
       reinterpret_cast<uint64_t>(&__bolt_instr_locations[0]);
Index: bolt/test/runtime/instrumentation-indirect-2.c
===================================================================
--- bolt/test/runtime/instrumentation-indirect-2.c
+++ bolt/test/runtime/instrumentation-indirect-2.c
@@ -52,7 +52,7 @@
 /*
 REQUIRES: system-linux
 
-RUN: %clang %cflags %s -o %t.exe -Wl,-q -no-pie
+RUN: %clang %cflags %s -o %t.exe -Wl,-q -pie
 
 RUN: llvm-bolt %t.exe --instrument --instrumentation-file=%t.fdata \
 RUN:   --conservative-instrumentation -o %t.instrumented_conservative \