This is an archive of the discontinued LLVM Phabricator instance.

Differential D159513

[Bolt] fix a relocation bug for R_AARCH64_CALL26
ClosedPublic

Authored by sinan on Sep 14 2023, 2:13 AM.

Details

Reviewers
Kepontry
rafauler
yota9
Amir
maksfb
Commits
rG7b4b09a59a75: [Bolt] fix a relocation bug for R_AARCH64_CALL26
Summary

If the R_AARCH64_CALL26 against a symbol that has a lower address, then encodeValueAArch64 will return a wrong value.

In the included test case, the expected output of encodeValueAArch64 is 97ffffff, but it returns 3fffffffffffffff, and then an invalid instruction is encoded.

Diff Detail

Event Timeline

sinan created this revision.Sep 14 2023, 2:13 AM
Herald added a reviewer: maksfb. · View Herald TranscriptSep 14 2023, 2:13 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: treapster, ayermolo, kristof.beyls. · View Herald Transcript
sinan requested review of this revision.Sep 14 2023, 2:13 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 14 2023, 2:13 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Kepontry accepted this revision.Sep 14 2023, 2:34 AM

Yes, you are absolutely right. This is my mistake, I didn't consider the sign bit when performing the right shift.

Thank you for your correction; I'm just getting started in this field, and I'll improve the quality of the patches I submit in the future.

Let's wait for the opinion from the Meta team.

This revision is now accepted and ready to land.Sep 14 2023, 2:34 AM
yota9 added a comment.EditedSep 14 2023, 2:48 AM

Thanks for the fix! Could you please incorporate your test to the old reloc-call26.s file? It seems to be easy to do, thanks!

sinan updated this revision to Diff 556772.Sep 14 2023, 4:31 AM

Merged into test case bolt/test/AArch64/reloc-call26.s

  1. Enhanced the test for relocations against functions with both higher and lower addresses.
  2. Added --force-patch option in the test case; otherwise, encodeValueAArch64 won't be invoked.
Harbormaster completed remote builds in B257218: Diff 556772.Sep 14 2023, 4:34 AM
sinan added a comment.EditedSep 14 2023, 4:34 AM
In D159513#4645837, @Kepontry wrote:

Yes, you are absolutely right. This is my mistake, I didn't consider the sign bit when performing the right shift.

Thank you for your correction; I'm just getting started in this field, and I'll improve the quality of the patches I submit in the future.

Let's wait for the opinion from the Meta team.

Hi @Kepontry

Take it easy, I've made even worse mistakes when I just started. Keep going and good luck :)

yota9 added a comment.EditedSep 14 2023, 7:14 AM

One more thing. It seems to be without force-patch the encodeValueAArch64 still would be called, but since functions would be moved to the new text there won't be negative address problem. I don't think there is a better way then using force-funcs so it would fail to patch entries & functions would stay on its current place, but please:

  1. Please write the reason of using force-funcs option in the test, because after some time even I won't remember what I wrote above :)
  2. Please add checks on llvm-bolt output that func1 and func2 were failed to patch and won't be optimised, since otherwise the test might pass, but the problem won't be checked. Alternatively (maybe even better) please check that in output binary the addresses are func1 < _start < func2. Maybe I would do both since the first option also shows more clearly why force-patch was used, but it's up to you.

Thanks!

sinan updated this revision to Diff 556932.Sep 18 2023, 1:33 AM

update the test case.

  1. check address order with llvm-nm --numeric-sort;
  2. check the message of fail to patch entries;
  3. add comment
Harbormaster completed remote builds in B257333: Diff 556932.Sep 18 2023, 1:37 AM
sinan added a comment.Sep 18 2023, 2:30 AM
In D159513#4645982, @yota9 wrote:

One more thing. It seems to be without force-patch the encodeValueAArch64 still would be called, but since functions would be moved to the new text there won't be negative address problem. I don't think there is a better way then using force-funcs so it would fail to patch entries & functions would stay on its current place, but please:

  1. Please write the reason of using force-funcs option in the test, because after some time even I won't remember what I wrote above :)
  2. Please add checks on llvm-bolt output that func1 and func2 were failed to patch and won't be optimised, since otherwise the test might pass, but the problem won't be checked. Alternatively (maybe even better) please check that in output binary the addresses are func1 < _start < func2. Maybe I would do both since the first option also shows more clearly why force-patch was used, but it's up to you.

Thanks!

your analysis is right. encodeValueAArch64 will be called without force-patch. What this option really does is keep the address order of func1, _start and func2 since func1 and func2 fail to patch entries. Thanks!

yota9 accepted this revision.Sep 18 2023, 2:53 AM

Thanks for the fix, @sinan ! LGTM

Closed by commit rG7b4b09a59a75: [Bolt] fix a relocation bug for R_AARCH64_CALL26 (authored by sinan). · Explain WhySep 18 2023, 4:56 AM
This revision was automatically updated to reflect the committed changes.
sinan added a commit: rG7b4b09a59a75: [Bolt] fix a relocation bug for R_AARCH64_CALL26.
Amir added a comment.Sep 18 2023, 10:33 AM

@sinan – please properly capitalize the title and use 50-72 commit formatting rule to align with the rest of BOLT commits for your future commits. Thank you for the fix!

Revision Contents

PathSize
bolt/
lib/
Core/
2 lines
test/
AArch64/
34 lines

Diff 556941

bolt/lib/Core/Relocation.cpp

Show First 20 LinesShow All 346 Lines▼ Show 20 Linesstatic uint64_t encodeValueAArch64(uint64_t Type, uint64_t Value, uint64_t PC) {
case ELF::R_AARCH64_PREL64: case ELF::R_AARCH64_PREL64:
Value -= PC; Value -= PC;
break; break;
case ELF::R_AARCH64_CALL26: case ELF::R_AARCH64_CALL26:
Value -= PC; Value -= PC;
assert(isInt<28>(Value) && "only PC +/- 128MB is allowed for direct call"); assert(isInt<28>(Value) && "only PC +/- 128MB is allowed for direct call");
// Immediate goes in bits 25:0 of BL. // Immediate goes in bits 25:0 of BL.
// OP 1001_01 goes in bits 31:26 of BL. // OP 1001_01 goes in bits 31:26 of BL.
Value = (Value >> 2) | 0x94000000ULL; Value = ((Value >> 2) & 0x3ffffff) | 0x94000000ULL;
break; break;
} }
return Value; return Value;
} }
static uint64_t extractValueX86(uint64_t Type, uint64_t Contents, uint64_t PC) { static uint64_t extractValueX86(uint64_t Type, uint64_t Contents, uint64_t PC) {
if (Type == ELF::R_X86_64_32S) if (Type == ELF::R_X86_64_32S)
return SignExtend64<32>(Contents); return SignExtend64<32>(Contents);
▲ Show 20 LinesShow All 571 LinesShow Last 20 Lines

bolt/test/AArch64/reloc-call26.s

## This test checks processing of R_AARCH64_CALL26 relocation ## This test checks processing of R_AARCH64_CALL26 relocation
## when option `--funcs` is enabled ## when option `--funcs` is enabled
## We want to test on relocations against functions with both higher
## and lower addresses. The '--force-patch' option is used to prevent
## the functions func1 and func2 from being optimized, so that their
## addresses can remain unchanged. Therefore, the relocations can be
## updated via encodeValueAArch64 and the address order in the output
## binary is func1 < _start < func2.
# REQUIRES: system-linux # REQUIRES: system-linux
# RUN: llvm-mc -filetype=obj -triple aarch64-unknown-unknown \ # RUN: llvm-mc -filetype=obj -triple aarch64-unknown-unknown \
# RUN: %s -o %t.o # RUN: %s -o %t.o
# RUN: %clang %cflags %t.o -o %t.exe -Wl,-q # RUN: %clang %cflags %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt %t.exe -o %t.bolt --funcs=func1 # RUN: llvm-bolt %t.exe -o %t.bolt --funcs=func1,func2 \
# RUN: --force-patch 2>&1 | FileCheck %s -check-prefix=CHECK-BOLT
# RUN: llvm-objdump -d --disassemble-symbols='_start' %t.bolt | \ # RUN: llvm-objdump -d --disassemble-symbols='_start' %t.bolt | \
# RUN: FileCheck %s # RUN: FileCheck %s
# RUN: llvm-nm --numeric-sort --extern-only %t.bolt | FileCheck \
# RUN: %s -check-prefix=CHECK-FUNC-ORDER
# CHECK-BOLT: BOLT-WARNING: failed to patch entries in func1. The function will not be optimized.
# CHECK-BOLT: BOLT-WARNING: failed to patch entries in func2. The function will not be optimized.
# CHECK: {{.*}} bl {{.*}} <func1> # CHECK: {{.*}} bl {{.*}} <func1>
# CHECK: {{.*}} bl {{.*}} <func2>
# CHECK-FUNC-ORDER: {{.*}} func1
# CHECK-FUNC-ORDER-NEXT: {{.*}} _start
# CHECK-FUNC-ORDER-NEXT: {{.*}} func2
.text .text
.align 4 .align 4
.global func1
.type func1, %function
func1:
ret
.size func1, .-func1
.global _start .global _start
.type _start, %function .type _start, %function
_start: _start:
bl func1 bl func1
bl func2
mov w8, #93 mov w8, #93
svc #0 svc #0
.size _start, .-_start .size _start, .-_start
.global func2
.global func1 .type func2, %function
.type func1, %function func2:
func1:
ret ret
.size func1, .-func1 .size func2, .-func2