This is an archive of the discontinued LLVM Phabricator instance.

Differential D71242

[LLD][ELF]{ARM][AArch64] Add missing classof to patch sections.
ClosedPublic

Authored by peter.smith on Dec 10 2019, 1:42 AM.

Details

Reviewers
ruiu
grimar
MaskRay
espindola
hans
Commits
rG247b2ce11cf0: [LLD][ELF][AArch64][ARM] Add missing classof to patch sections.
Summary

The code to insert patch section merges them with a comparison function that uses logic of the form:

return (isa<PatchSection>(a) && !isa<PatchSection>(b));

The PatchSections don't implement classof so this check fails if a is a PatchSection and b (is not a PatchSection, but is a SyntheticSection). This can result in relocations in the patches being out of range if the SyntheticSection is big, for example a ThunkSection with lots of thunks.

fixes part of pr44071 https://bugs.llvm.org/show_bug.cgi?id=44071 . Namely the relocation out of range errors. The convergence failures in pr44071 are a separate problem that will be addressed in a follow up patch.

The test case is a simulation of the Chromium build reported in pr44071 . It will fail with relocation out of range errors without classof implemented. It isn't easy to replicate the out of range errors, it needs large thunk sections and a large number of patches. These won't be seen in the vast majority of AArch64 programs. The Chromium build in pr44071 is fully instrumented.

I've not got a real world example of the Arm Cortex-A8 patch failing, but it has the same code sequence so I've implemented the classof function. It is possible to write a test case, but it is difficult to find the right conditions to actually make it fail, I've erred on submitting the fix without one to unblock the Chromium team running into the problem.

Diff Detail

Event Timeline

peter.smith created this revision.Dec 10 2019, 1:42 AM
Herald added a reviewer: espindola. · View Herald TranscriptDec 10 2019, 1:42 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: kristof.beyls, arichardson, emaste. · View Herald Transcript
grimar accepted this revision.Dec 10 2019, 2:02 AM

LGTM. Please wait for another approval(s) too.

This revision is now accepted and ready to land.Dec 10 2019, 2:02 AM
hans accepted this revision.Dec 10 2019, 3:43 AM
hans added a subscriber: hans.

lgtm

grimar added a comment.Dec 10 2019, 6:53 AM

nit (patch title): "[LLD][ELF]{ARM]" -> ""[LLD][ELF][ARM]

MaskRay accepted this revision.Dec 10 2019, 9:18 AM

[LLD][ELF]{ARM][AArch64] Add missing classof to patch sections.

{ -> [

lld/ELF/ARMErrataFix.cpp
86

A C function named patch will reside in .text.patch when compiled with -ffunction-sections. This does not matter, because it is only used to break a tie:

auto mergeCmp = [](const InputSection *a, const InputSection *b) {
  if (a->outSecOff != b->outSecOff)
    return a->outSecOff < b->outSecOff;
  return isa<Patch657417Section>(a) && !isa<Patch657417Section>(b);
};
MaskRay added inline comments.Dec 10 2019, 5:29 PM
lld/test/ELF/aarch64-cortex-a53-843419-thunk-range.s
7

%t2 -> /dev/null

ruiu added a comment.Dec 10 2019, 5:47 PM

classof is an LLVM's way of implementing a dynamic casting, and the code is idiomatic -- we almost always dispatch only by an enum field. So this could be a bit confusing to those who are expecting that idiomatic mechanism? I wonder if it is better to define a new function instead of overloading classof.

MaskRay added a comment.Dec 10 2019, 5:59 PM
In D71242#1778767, @ruiu wrote:

classof is an LLVM's way of implementing a dynamic casting, and the code is idiomatic -- we almost always dispatch only by an enum field. So this could be a bit confusing to those who are expecting that idiomatic mechanism? I wonder if it is better to define a new function instead of overloading classof.

We already have such a code pattern

class EhFrameSection final : public SyntheticSection {
public:
  EhFrameSection();
  void writeTo(uint8_t *buf) override;
  void finalizeContents() override;
  bool isNeeded() const override { return !sections.empty(); }
  size_t getSize() const override { return size; }

  static bool classof(const SectionBase *d) {
    return SyntheticSection::classof(d) && d->name == ".eh_frame";
  }
lld/ELF/AArch64ErrataFix.cpp
385

Probably return SyntheticSection::classof(d) && d->name == ".text.patch";

See EhFrameSection::classof.

ruiu added a comment.Dec 10 2019, 6:02 PM
In D71242#1778777, @MaskRay wrote:
In D71242#1778767, @ruiu wrote:

classof is an LLVM's way of implementing a dynamic casting, and the code is idiomatic -- we almost always dispatch only by an enum field. So this could be a bit confusing to those who are expecting that idiomatic mechanism? I wonder if it is better to define a new function instead of overloading classof.

We already have such a code pattern

class EhFrameSection final : public SyntheticSection {
public:
  EhFrameSection();
  void writeTo(uint8_t *buf) override;
  void finalizeContents() override;
  bool isNeeded() const override { return !sections.empty(); }
  size_t getSize() const override { return size; }

  static bool classof(const SectionBase *d) {
    return SyntheticSection::classof(d) && d->name == ".eh_frame";
  }

Ah, that's true. Not sure if it's a good pattern, but it seems it doesn't cause a confusion, so I'm fine with that.

Closed by commit rG247b2ce11cf0: [LLD][ELF][AArch64][ARM] Add missing classof to patch sections. (authored by peter.smith). · Explain WhyDec 11 2019, 6:12 AM
This revision was automatically updated to reflect the committed changes.
peter.smith mentioned this in rG86d24193a9eb: [LLD][ELF][AArch64][ARM] When errata patching, round thunk size to 4KiB..

Revision Contents

Diff 233344

lld/ELF/AArch64ErrataFix.cpp

Show First 20 LinesShow All 375 Lines▼ Show 20 Linespublic:
Patch843419Section(InputSection *p, uint64_t off); Patch843419Section(InputSection *p, uint64_t off);
void writeTo(uint8_t *buf) override; void writeTo(uint8_t *buf) override;
size_t getSize() const override { return 8; } size_t getSize() const override { return 8; }
uint64_t getLDSTAddr() const; uint64_t getLDSTAddr() const;
static bool classof(const SectionBase *d) {
return d->kind() == InputSectionBase::Synthetic && d->name == ".text.patch";
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Probably return SyntheticSection::classof(d) && d->name == ".text.patch";

See EhFrameSection::classof.

MaskRay: Probably `return SyntheticSection::classof(d) && d->name == ".text.patch";` See EhFrameSection…
}
// The Section we are patching. // The Section we are patching.
const InputSection *patchee; const InputSection *patchee;
// The offset of the instruction in the patchee section we are patching. // The offset of the instruction in the patchee section we are patching.
uint64_t patcheeOffset; uint64_t patcheeOffset;
// A label for the start of the Patch that we can use as a relocation target. // A label for the start of the Patch that we can use as a relocation target.
Symbol *patchSym; Symbol *patchSym;
}; };
▲ Show 20 LinesShow All 254 LinesShow Last 20 Lines

lld/ELF/ARMErrataFix.cpp

Show First 20 LinesShow All 76 Lines▼ Show 20 Linespublic:
void writeTo(uint8_t *buf) override; void writeTo(uint8_t *buf) override;
size_t getSize() const override { return 4; } size_t getSize() const override { return 4; }
// Get the virtual address of the branch instruction at patcheeOffset. // Get the virtual address of the branch instruction at patcheeOffset.
uint64_t getBranchAddr() const; uint64_t getBranchAddr() const;
static bool classof(const SectionBase *d) {
return d->kind() == InputSectionBase::Synthetic && d->name ==".text.patch";
MaskRayUnsubmitted
Not Done
ReplyInline Actions

A C function named patch will reside in .text.patch when compiled with -ffunction-sections. This does not matter, because it is only used to break a tie:

auto mergeCmp = [](const InputSection *a, const InputSection *b) {
  if (a->outSecOff != b->outSecOff)
    return a->outSecOff < b->outSecOff;
  return isa<Patch657417Section>(a) && !isa<Patch657417Section>(b);
};
MaskRay: A C function named `patch` will reside in `.text.patch` when compiled with -ffunction-sections.
}
// The Section we are patching. // The Section we are patching.
const InputSection *patchee; const InputSection *patchee;
// The offset of the instruction in the Patchee section we are patching. // The offset of the instruction in the Patchee section we are patching.
uint64_t patcheeOffset; uint64_t patcheeOffset;
// A label for the start of the Patch that we can use as a relocation target. // A label for the start of the Patch that we can use as a relocation target.
Symbol *patchSym; Symbol *patchSym;
// A decoding of the branch instruction at patcheeOffset. // A decoding of the branch instruction at patcheeOffset.
uint32_t instr; uint32_t instr;
▲ Show 20 LinesShow All 436 LinesShow Last 20 Lines

lld/test/ELF/aarch64-cortex-a53-843419-thunk-range.s

  • This file was added.
// REQUIRES: aarch64
// RUN: llvm-mc -filetype=obj -triple=aarch64-none-linux --asm-macro-max-nesting-depth=40000 %s -o %t.o
// RUN: echo "SECTIONS { \
// RUN: .text1 0x10000 : { *(.text.*) } \
// RUN: .text2 0xf010000 : { *(.target) } } " > %t.script
// RUN: ld.lld --script %t.script -fix-cortex-a53-843419 %t.o -o %t2 --print-map 2>&1 | FileCheck %s
MaskRayUnsubmitted
Not Done
ReplyInline Actions

%t2 -> /dev/null

MaskRay: %t2 -> /dev/null
/// We use %(\parameter) to evaluate expression, which requires .altmacro.
.altmacro
/// Test to reproduce the conditions that trigger R_AARCH64_JUMP26 out of range
/// errors in pr44071. We create a large number of patches and thunks, with an
/// LLD with the fault, the patches will be inserted after the thunks and due
/// to the size of the thunk section some of the patches go out of range.
/// With a fixed LLD the patches are inserted before the thunks.
// CHECK: <internal>:(.text.patch)
// CHECK: <internal>:(.text.thunk)
/// Macro to generate the cortex-a53-843419 patch sequence
.macro ERRATA from, to
.balign 4096
.space 4096 - 8
adrp x0, dat1
ldr x1, [x1, #0]
ldr x0, [x0, :got_lo12:dat1]
ret
.if (\to-\from)
ERRATA %(\from+1),\to
.endif
.endm
.section .text.01, "ax", %progbits
.balign 4096
.globl _start
.type _start, %function
.space 4096 - 8
_start:
/// Generate lots of patches.
ERRATA 0, 4000
.macro CALLS from, to
bl far\from
.if (\to-\from)
CALLS %(\from+1),\to
.endif
.endm
/// Generate long range thunks. These are inserted before the patches. Generate
/// a sufficient number such that the patches must be placed before the
/// .text.thunk section, and if they aren't some of the patches go out of
/// range.
.section .text.02, "ax", %progbits
.global func
.type func, %function
func:
CALLS 0, 20000
.section .text.03, "ax", %progbits
.global space1
space1:
.space (1024 * 1024 * 96) + (120 * 4 * 1024)
.balign 4096
.section .text.04, "ax", %progbits
.global space2
space2:
.space 1024 * 1024
.macro DEFS from, to
.global far\from
.type far\from, %function
far\from:
ret
.if (\to-\from)
DEFS %(\from+1),\to
.endif
.endm
/// Define the thunk targets
.section .target, "ax", %progbits
DEFS 0, 20000
.data
.global dat1
dat1:
.xword 0