This is an archive of the discontinued LLVM Phabricator instance.

Differential D156013

[BOLT] Fix jump table issue for split functions
ClosedPublic

Authored by maksfb on Jul 21 2023, 7:33 PM.

Details

Reviewers
treapster
jobnoorman
yota9
Amir
ayermolo
rafauler
Commits
rGb6fbb64d7ce9: [BOLT] Fix jump table issue for split functions
Summary

A jump table in a split function may contain an entry matching a start
address of another fragment of the function. While converting addresses
to labels, we used to ignore such entries resulting in underpopulated
jump table. Change that, so we always create one label per address.

Diff Detail

Event Timeline

maksfb created this revision.Jul 21 2023, 7:33 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2023, 7:33 PM
maksfb requested review of this revision.Jul 21 2023, 7:33 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2023, 7:33 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B247370: Diff 543137.Jul 21 2023, 7:38 PM
Amir accepted this revision.EditedJul 21 2023, 9:24 PM

Thanks. I hope it won't break our jump table detection in unexpected ways.
As a suggestion to minimize fallout – we can restrict this new treatment to fragment starts only (ie. to *.cold functions only)

This revision is now accepted and ready to land.Jul 21 2023, 9:24 PM
maksfb updated this revision to Diff 543289.Jul 23 2023, 8:30 AM
maksfb retitled this revision from [BOLT] Fix jump table issue for fragmented functions to [BOLT] Fix jump table issue for split functions.
maksfb edited the summary of this revision. (Show Details)

Update comment.

Harbormaster completed remote builds in B247495: Diff 543289.Jul 23 2023, 8:36 AM
maksfb added a comment.Jul 23 2023, 8:37 AM
In D156013#4524579, @Amir wrote:

Thanks. I hope it won't break our jump table detection in unexpected ways.
As a suggestion to minimize fallout – we can restrict this new treatment to fragment starts only (ie. to *.cold functions only)

In postProcessJumpTables() we are not making decisions on what entries belong to the table. The population of the table is happening in BinaryContext.
The code that I'm changing is supposed to convert addresses to labels, but was skipping the corner case.

Closed by commit rGb6fbb64d7ce9: [BOLT] Fix jump table issue for split functions (authored by maksfb). · Explain WhyJul 23 2023, 8:40 AM
This revision was automatically updated to reflect the committed changes.
maksfb added a commit: rGb6fbb64d7ce9: [BOLT] Fix jump table issue for split functions.

Revision Contents

PathSize
bolt/
lib/
Core/
18 lines
test/
X86/
23 lines

Diff 543290

bolt/lib/Core/BinaryFunction.cpp

Show First 20 LinesShow All 1,633 Lines▼ Show 20 Lines for (uint64_t EntryAddress : JT.EntriesAsAddress) {
llvm::any_of(JT.Parents, [&](const BinaryFunction *Parent) { llvm::any_of(JT.Parents, [&](const BinaryFunction *Parent) {
return EntryAddress == Parent->getAddress() + Parent->getSize(); return EntryAddress == Parent->getAddress() + Parent->getSize();
}); });
if (IsBuiltinUnreachable) { if (IsBuiltinUnreachable) {
MCSymbol *Label = getOrCreateLocalLabel(EntryAddress, true); MCSymbol *Label = getOrCreateLocalLabel(EntryAddress, true);
JT.Entries.push_back(Label); JT.Entries.push_back(Label);
continue; continue;
} }
// Create local label for targets cannot be reached by other fragments // Create a local label for targets that cannot be reached by other
// Otherwise, secondary entry point to target function // fragments. Otherwise, create a secondary entry point in the target
// function.
BinaryFunction *TargetBF = BinaryFunction *TargetBF =
BC.getBinaryFunctionContainingAddress(EntryAddress); BC.getBinaryFunctionContainingAddress(EntryAddress);
if (uint64_t Offset = EntryAddress - TargetBF->getAddress()) { MCSymbol *Label;
MCSymbol *Label = (HasOneParent && TargetBF == this) if (HasOneParent && TargetBF == this) {
? getOrCreateLocalLabel(EntryAddress, true) Label = getOrCreateLocalLabel(EntryAddress, true);
: TargetBF->addEntryPointAtOffset(Offset); } else {
JT.Entries.push_back(Label); const uint64_t Offset = EntryAddress - TargetBF->getAddress();
Label = Offset ? TargetBF->addEntryPointAtOffset(Offset)
: TargetBF->getSymbol();
} }
JT.Entries.push_back(Label);
} }
} }
// Add TakenBranches from JumpTables. // Add TakenBranches from JumpTables.
// //
// We want to do it after initial processing since we don't know jump tables' // We want to do it after initial processing since we don't know jump tables'
// boundaries until we process them all. // boundaries until we process them all.
for (auto &JTSite : JTSites) { for (auto &JTSite : JTSites) {
▲ Show 20 LinesShow All 2,820 LinesShow Last 20 Lines

bolt/test/X86/split-func-jump-table-fragment.s

# This reproduces a bug with jump table identification where jump table has ## This reproduces a bug with jump table identification where jump table has
# entries pointing to code in function and its cold fragment. ## entries pointing to code in function and its cold fragment.
# REQUIRES: system-linux # REQUIRES: system-linux
# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o # RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
# RUN: llvm-strip --strip-unneeded %t.o # RUN: llvm-strip --strip-unneeded %t.o
# RUN: %clang %cflags %t.o -o %t.exe -Wl,-q # RUN: %clang %cflags %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt %t.exe -o %t.out --lite=0 -v=1 2>&1 | FileCheck %s # RUN: llvm-bolt %t.exe -o %t.out --lite=0 -v=1 --print-cfg --print-only=main \
# RUN: 2>&1 | FileCheck %s
# CHECK-NOT: unclaimed PC-relative relocations left in data # CHECK-NOT: unclaimed PC-relative relocations left in data
# CHECK: BOLT-INFO: marking main.cold.1 as a fragment of main # CHECK: BOLT-INFO: marking main.cold.1 as a fragment of main
.text .text
.globl main .globl main
.type main, %function .type main, %function
.p2align 2 .p2align 2
main: main:
Show All 13 Lines
LBB2: LBB2:
xorq %rax, %rax xorq %rax, %rax
LBB3: LBB3:
addq $0x8, %rsp addq $0x8, %rsp
ret ret
.size main, .-main .size main, .-main
# Insert padding between functions, so that the next instruction cannot be
# treated as __builtin_unreachable destination for the jump table.
.quad 0
.globl main.cold.1 .globl main.cold.1
.type main.cold.1, %function .type main.cold.1, %function
.p2align 2 .p2align 2
main.cold.1: main.cold.1:
# load bearing nop: pad LBB4 so that it can't be treated
# as __builtin_unreachable by analyzeJumpTable
nop
LBB4: LBB4:
callq abort callq abort
.size main.cold.1, .-main.cold.1 .size main.cold.1, .-main.cold.1
.rodata .rodata
# jmp table, entries must be R_X86_64_PC32 relocs # jmp table, entries must be R_X86_64_PC32 relocs
.globl JUMP_TABLE .globl JUMP_TABLE
JUMP_TABLE: JUMP_TABLE:
.long LBB2-JUMP_TABLE .long LBB2-JUMP_TABLE
.long LBB3-JUMP_TABLE .long LBB3-JUMP_TABLE
.long LBB4-JUMP_TABLE .long LBB4-JUMP_TABLE
.long LBB3-JUMP_TABLE .long LBB3-JUMP_TABLE
## Verify that the entry corresponding to the cold fragment was added to
## the jump table.
# CHECK: PIC Jump table
# CHECK-NEXT: 0x{{.*}} :
# CHECK-NEXT: 0x{{.*}} :
# CHECK-NEXT: 0x{{.*}} : main.cold.1
# CHECK-NEXT: 0x{{.*}} :