This is an archive of the discontinued LLVM Phabricator instance.

Differential D158191

[BOLT] Fix trap value for non-X86
ClosedPublic

Authored by treapster on Aug 17 2023, 8:45 AM.

Details

Reviewers
rafauler
Amir
maksfb
Commits
rG82ed7896cf24: [BOLT] Add test for emitting trap value
rG28fd2ca14246: [BOLT] Fix trap value for non-X86
Summary

The trap value used by BOLT was assumed to be single-byte instruction. It made some functions unaligned on AArch64(e.g exceptions-instrumentation test with AArch64 instrumentation) and caused emission failures. Fix that by changing fill value to target-specific StringRef. Since AArch64 instrumentation is not merged yet, here i use mark-funcs option to trigger the bug and provide a testcase.

Diff Detail

Event Timeline

treapster created this revision.Aug 17 2023, 8:45 AM
Herald added a reviewer: rafauler. · View Herald TranscriptAug 17 2023, 8:45 AM
Herald added a reviewer: Amir. · View Herald Transcript
Herald added a reviewer: maksfb. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: luke, sunshaoce, ayermolo and 23 others. · View Herald Transcript
treapster requested review of this revision.Aug 17 2023, 8:45 AM
Herald added subscribers: wangpc, yota9, MaskRay. · View Herald TranscriptAug 17 2023, 8:45 AM
Harbormaster completed remote builds in B253233: Diff 551151.Aug 17 2023, 9:17 AM
treapster updated this revision to Diff 551716.Aug 19 2023, 1:04 AM

clang-format

Harbormaster completed remote builds in B253632: Diff 551716.Aug 19 2023, 1:11 AM
rafauler accepted this revision.Aug 22 2023, 2:31 PM

LGTM. Thanks!

bolt/lib/Core/BinaryEmitter.cpp
383

Note: I'm guessing this is not accounted for in LongJmp.cpp.. this will be one source of mismatched layout between what LongJmp thinks the layout will be and what the layout really is, leading to missing trampolines in some cases.

This is a point in favor of maybe trying to insert the trampolines in JITLink maybe, as syncing LongJmp's understanding of the layout with what actually is happening in BOLT's emitter is a hard task.

This revision is now accepted and ready to land.Aug 22 2023, 2:31 PM
Closed by commit rG28fd2ca14246: [BOLT] Fix trap value for non-X86 (authored by treapster). · Explain WhyAug 23 2023, 3:32 PM
This revision was automatically updated to reflect the committed changes.
treapster added a commit: rG28fd2ca14246: [BOLT] Fix trap value for non-X86.
Herald added a project: Restricted Project. · View Herald TranscriptAug 23 2023, 3:32 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
treapster added a commit: rG82ed7896cf24: [BOLT] Add test for emitting trap value.Aug 23 2023, 3:32 PM
Elvina mentioned this in rG777e268b8168: [BOLT][test] Enable exceptions_split tests for AArch64.Sep 1 2023, 12:48 AM

Revision Contents

PathSize
bolt/
include/
bolt/
Core/
9 lines
lib/
Core/
4 lines
Rewrite/
6 lines
Target/
AArch64/
4 lines
RISCV/
4 lines
X86/
2 lines

Diff 552903

bolt/include/bolt/Core/MCPlusBuilder.h

Show First 20 LinesShow All 633 Lines▼ Show 20 Linespublic:
} }
/// Returns true if First/Second is a AUIPC/JALR call pair. /// Returns true if First/Second is a AUIPC/JALR call pair.
virtual bool isRISCVCall(const MCInst &First, const MCInst &Second) const { virtual bool isRISCVCall(const MCInst &First, const MCInst &Second) const {
llvm_unreachable("not implemented"); llvm_unreachable("not implemented");
return false; return false;
} }
/// If non-zero, this is used to fill the executable space with instructions /// Used to fill the executable space with instructions
/// that will trap. Defaults to 0. /// that will trap.
virtual unsigned getTrapFillValue() const { return 0; } virtual StringRef getTrapFillValue() const {
llvm_unreachable("not implemented");
return StringRef();
}
/// Interface and basic functionality of a MCInstMatcher. The idea is to make /// Interface and basic functionality of a MCInstMatcher. The idea is to make
/// it easy to match one or more MCInsts against a tree-like pattern and /// it easy to match one or more MCInsts against a tree-like pattern and
/// extract the fragment operands. Example: /// extract the fragment operands. Example:
/// ///
/// auto IndJmpMatcher = /// auto IndJmpMatcher =
/// matchIndJmp(matchAdd(matchAnyOperand(), matchAnyOperand())); /// matchIndJmp(matchAdd(matchAnyOperand(), matchAnyOperand()));
/// if (!IndJmpMatcher->match(...)) /// if (!IndJmpMatcher->match(...))
▲ Show 20 LinesShow All 1,438 LinesShow Last 20 Lines

bolt/lib/Core/BinaryEmitter.cpp

Show First 20 LinesShow All 374 Lines▼ Show 20 Linesbool BinaryEmitter::emitFunction(BinaryFunction &Function,
// Emit padding if requested. // Emit padding if requested.
if (size_t Padding = opts::padFunction(Function)) { if (size_t Padding = opts::padFunction(Function)) {
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: padding function " << Function << " with " LLVM_DEBUG(dbgs() << "BOLT-DEBUG: padding function " << Function << " with "
<< Padding << " bytes\n"); << Padding << " bytes\n");
Streamer.emitFill(Padding, MAI->getTextAlignFillValue()); Streamer.emitFill(Padding, MAI->getTextAlignFillValue());
} }
if (opts::MarkFuncs) if (opts::MarkFuncs)
Streamer.emitIntValue(BC.MIB->getTrapFillValue(), 1); Streamer.emitBytes(BC.MIB->getTrapFillValue());
rafaulerUnsubmitted
Not Done
ReplyInline Actions

Note: I'm guessing this is not accounted for in LongJmp.cpp.. this will be one source of mismatched layout between what LongJmp thinks the layout will be and what the layout really is, leading to missing trampolines in some cases.

This is a point in favor of maybe trying to insert the trampolines in JITLink maybe, as syncing LongJmp's understanding of the layout with what actually is happening in BOLT's emitter is a hard task.

rafauler: Note: I'm guessing this is not accounted for in LongJmp.cpp.. this will be one source of…
// Emit CFI end // Emit CFI end
if (Function.hasCFI()) if (Function.hasCFI())
Streamer.emitCFIEndProc(); Streamer.emitCFIEndProc();
MCSymbol *EndSymbol = Function.getFunctionEndLabel(FF.getFragmentNum()); MCSymbol *EndSymbol = Function.getFunctionEndLabel(FF.getFragmentNum());
Streamer.emitLabel(EndSymbol); Streamer.emitLabel(EndSymbol);
Show All 27 Linesvoid BinaryEmitter::emitFunctionBody(BinaryFunction &BF, FunctionFragment &FF,
if (!FF.empty() && FF.front()->isLandingPad()) { if (!FF.empty() && FF.front()->isLandingPad()) {
assert(!FF.front()->isEntryPoint() && assert(!FF.front()->isEntryPoint() &&
"Landing pad cannot be entry point of function"); "Landing pad cannot be entry point of function");
// If the first block of the fragment is a landing pad, it's offset from the // If the first block of the fragment is a landing pad, it's offset from the
// start of the area that the corresponding LSDA describes is zero. In this // start of the area that the corresponding LSDA describes is zero. In this
// case, the call site entries in that LSDA have 0 as offset to the landing // case, the call site entries in that LSDA have 0 as offset to the landing
// pad, which the runtime interprets as "no handler". To prevent this, // pad, which the runtime interprets as "no handler". To prevent this,
// insert some padding. // insert some padding.
Streamer.emitIntValue(BC.MIB->getTrapFillValue(), 1); Streamer.emitBytes(BC.MIB->getTrapFillValue());
} }
// Track the first emitted instruction with debug info. // Track the first emitted instruction with debug info.
bool FirstInstr = true; bool FirstInstr = true;
for (BinaryBasicBlock *const BB : FF) { for (BinaryBasicBlock *const BB : FF) {
if ((opts::AlignBlocks || opts::PreserveBlocksAlignment) && if ((opts::AlignBlocks || opts::PreserveBlocksAlignment) &&
BB->getAlignment() > 1) BB->getAlignment() > 1)
Streamer.emitCodeAlignment(BB->getAlign(), &*BC.STI, Streamer.emitCodeAlignment(BB->getAlign(), &*BC.STI,
▲ Show 20 LinesShow All 756 LinesShow Last 20 Lines

bolt/lib/Rewrite/RewriteInstance.cpp

Show First 20 LinesShow All 5,280 Lines▼ Show 20 Linesvoid RewriteInstance::rewriteFile() {
if (BC->HasRelocations && opts::TrapOldCode) { if (BC->HasRelocations && opts::TrapOldCode) {
uint64_t SavedPos = OS.tell(); uint64_t SavedPos = OS.tell();
// Overwrite function body to make sure we never execute these instructions. // Overwrite function body to make sure we never execute these instructions.
for (auto &BFI : BC->getBinaryFunctions()) { for (auto &BFI : BC->getBinaryFunctions()) {
BinaryFunction &BF = BFI.second; BinaryFunction &BF = BFI.second;
if (!BF.getFileOffset() || !BF.isEmitted()) if (!BF.getFileOffset() || !BF.isEmitted())
continue; continue;
OS.seek(BF.getFileOffset()); OS.seek(BF.getFileOffset());
for (unsigned I = 0; I < BF.getMaxSize(); ++I) StringRef TrapInstr = BC->MIB->getTrapFillValue();
OS.write((unsigned char)BC->MIB->getTrapFillValue()); unsigned NInstr = BF.getMaxSize() / TrapInstr.size();
for (unsigned I = 0; I < NInstr; ++I)
OS.write(TrapInstr.data(), TrapInstr.size());
} }
OS.seek(SavedPos); OS.seek(SavedPos);
} }
// Write all allocatable sections - reloc-mode text is written here as well // Write all allocatable sections - reloc-mode text is written here as well
for (BinarySection &Section : BC->allocatableSections()) { for (BinarySection &Section : BC->allocatableSections()) {
if (!Section.isFinalized() || !Section.getOutputData()) if (!Section.isFinalized() || !Section.getOutputData())
continue; continue;
▲ Show 20 LinesShow All 198 LinesShow Last 20 Lines

bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp

Show First 20 LinesShow All 1,128 Lines▼ Show 20 Lines bool shouldRecordCodeRelocation(uint64_t RelType) const override {
case ELF::R_AARCH64_TLSLE_ADD_TPREL_HI12: case ELF::R_AARCH64_TLSLE_ADD_TPREL_HI12:
case ELF::R_AARCH64_TLSLE_ADD_TPREL_LO12_NC: case ELF::R_AARCH64_TLSLE_ADD_TPREL_LO12_NC:
return false; return false;
default: default:
llvm_unreachable("Unexpected AArch64 relocation type in code"); llvm_unreachable("Unexpected AArch64 relocation type in code");
} }
} }
StringRef getTrapFillValue() const override {
return StringRef("\0\0\0\0", 4);
}
bool createReturn(MCInst &Inst) const override { bool createReturn(MCInst &Inst) const override {
Inst.setOpcode(AArch64::RET); Inst.setOpcode(AArch64::RET);
Inst.clear(); Inst.clear();
Inst.addOperand(MCOperand::createReg(AArch64::LR)); Inst.addOperand(MCOperand::createReg(AArch64::LR));
return true; return true;
} }
InstructionListType materializeAddress(const MCSymbol *Target, MCContext *Ctx, InstructionListType materializeAddress(const MCSymbol *Target, MCContext *Ctx,
▲ Show 20 LinesShow All 81 LinesShow Last 20 Lines

bolt/lib/Target/RISCV/RISCVMCPlusBuilder.cpp

Show First 20 LinesShow All 165 Lines▼ Show 20 Lines bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB,
Inst.setOpcode(RISCV::JAL); Inst.setOpcode(RISCV::JAL);
Inst.clear(); Inst.clear();
Inst.addOperand(MCOperand::createReg(RISCV::X0)); Inst.addOperand(MCOperand::createReg(RISCV::X0));
Inst.addOperand(MCOperand::createExpr( Inst.addOperand(MCOperand::createExpr(
MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)));
return true; return true;
} }
StringRef getTrapFillValue() const override {
return StringRef("\0\0\0\0", 4);
}
bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, bool analyzeBranch(InstructionIterator Begin, InstructionIterator End,
const MCSymbol *&TBB, const MCSymbol *&FBB, const MCSymbol *&TBB, const MCSymbol *&FBB,
MCInst *&CondBranch, MCInst *&CondBranch,
MCInst *&UncondBranch) const override { MCInst *&UncondBranch) const override {
auto I = End; auto I = End;
while (I != Begin) { while (I != Begin) {
--I; --I;
▲ Show 20 LinesShow All 226 LinesShow Last 20 Lines

bolt/lib/Target/X86/X86MCPlusBuilder.cpp

Show First 20 LinesShow All 391 Lines▼ Show 20 Lines bool shouldRecordCodeRelocation(uint64_t RelType) const override {
case ELF::R_X86_64_TPOFF32: case ELF::R_X86_64_TPOFF32:
case ELF::R_X86_64_GOTTPOFF: case ELF::R_X86_64_GOTTPOFF:
return false; return false;
default: default:
llvm_unreachable("Unexpected x86 relocation type in code"); llvm_unreachable("Unexpected x86 relocation type in code");
} }
} }
unsigned getTrapFillValue() const override { return 0xCC; } StringRef getTrapFillValue() const override { return StringRef("\314", 1); }
struct IndJmpMatcherFrag1 : MCInstMatcher { struct IndJmpMatcherFrag1 : MCInstMatcher {
std::unique_ptr<MCInstMatcher> Base; std::unique_ptr<MCInstMatcher> Base;
std::unique_ptr<MCInstMatcher> Scale; std::unique_ptr<MCInstMatcher> Scale;
std::unique_ptr<MCInstMatcher> Index; std::unique_ptr<MCInstMatcher> Index;
std::unique_ptr<MCInstMatcher> Offset; std::unique_ptr<MCInstMatcher> Offset;
IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base,
▲ Show 20 LinesShow All 3,169 LinesShow Last 20 Lines