<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ICF merges PLT entries and then merges wrongly conflated PLT callers"
href="https://bugs.llvm.org/show_bug.cgi?id=44124">44124</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ICF merges PLT entries and then merges wrongly conflated PLT callers
</td>
</tr>
<tr>
<th>Product</th>
<td>lld
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>ELF
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>roland@hack.frob.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org, peter.smith@linaro.org
</td>
</tr></table>
<p>
<div>
<pre>Full example below. In the real-world example, all four functions are exported
symbols from Fuchsia's libc.so (caller[12] are send and recv, callee[12] are
sendto and recvfrom). The callee[12] symbols (i.e. sendto/recvfrom) are
commonly overridden at runtime by a different DSO earlier in the link order.
The callee[12] definitions in libc.so itself are identical stubs so they are
correctly ICF'd. However, it is still an ABI requirement that the callee[12]
PLT entries be distinct at runtime. Thus, caller[12] must not be ICF'd
together, because each references a different PLT entry. However, LLD is
merging the callers together so they both use a PLT entry for callee1 and thus
at runtime caller2 calls callee1 rather than callee2 when callee1 and callee2
have disjoint definitions at runtime and the (identical) callee[12] definitions
in libc.so are unused.
```
frobland 615 % cat icf-bug.s
.section .text.caller1,"ax",%progbits
.type caller1,%function
.globl caller1
caller1: jmp callee1@plt
.section .text.caller2,"ax",%progbits
.type caller2,%function
.globl caller2
caller2: jmp callee2@plt
.section .text.callee1,"ax",%progbits
.type callee1,%function
.globl callee1
callee1: ret
.section .text.callee2,"ax",%progbits
.type callee2,%function
.globl callee2
callee2: ret
frobland 616 % ./prebuilt/third_party/clang/linux-x64/bin/clang -c icf-bug.s
frobland 617 % ./prebuilt/third_party/clang/linux-x64/bin/ld.lld -shared
--icf=\
all --print-icf-sections --gc-sections -o icf-bug.so icf-bug.o
selected section icf-bug.o:(.text.callee1)
removing identical section icf-bug.o:(.text.callee2)
selected section icf-bug.o:(.text.caller1)
removing identical section icf-bug.o:(.text.caller2)
frobland 618 % objdump -rd icf-bug.so
icf-bug.so: file format elf64-x86-64
Disassembly of section .text:
0000000000001310 <caller1>:
1310: e9 1b 00 00 00 jmpq 1330 <callee1@plt>
0000000000001315 <callee1>:
1315: c3 retq
Disassembly of section .plt:
0000000000001320 <callee1@plt-0x10>:
1320: ff 35 d2 20 00 00 pushq 0x20d2(%rip) # 33f8
<_DYN\
AMIC+0x10b8>
1326: ff 25 d4 20 00 00 jmpq *0x20d4(%rip) # 3400
<_DY\
NAMIC+0x10c0>
132c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000001330 <callee1@plt>:
1330: ff 25 d2 20 00 00 jmpq *0x20d2(%rip) # 3408
<cal\
lee1+0x20f3>
1336: 68 00 00 00 00 pushq $0x0
133b: e9 e0 ff ff ff jmpq 1320 <callee1+0xb>
frobland 619 %
```</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>