[PATCH] D94355: [Passes] Add relative lookup table converter pass

Dimitry Andric via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Dec 10 13:15:48 PST 2021 

dim added subscribers: emaste, jrtc27, dim.
dim added a comment.

FWIW, this commit turned out to break the FreeBSD dns/bind916 port, see https://bugs.freebsd.org/259921.

The short story is that the bind9 code on and after this line: https://gitlab.isc.org/isc-projects/bind9/-/blob/main/lib/isc/log.c#L1525 gets changed from something like:

  .Ltmp661:
          #DEBUG_VALUE: isc_log_doit:category_channels <- $r12
          .loc    3 0 58                          # log.c:0:58
          xorl    %eax, %eax
          testl   %r15d, %r15d
          setg    %al
          movl    %r15d, %ecx
          negl    %ecx
          movq    %rcx, -840(%rbp)                # 8-byte Spill
          leaq    8328(%r13), %rcx
          #DEBUG_VALUE: isc_log_doit:matched <- 0
          movq    %rcx, -808(%rbp)                # 8-byte Spill
  .Ltmp662:
          .loc    3 1552 25 is_stmt 1             # log.c:1552:25

to using a relative lookup table:

  .Ltmp661:
          #DEBUG_VALUE: isc_log_doit:category_channels <- $r12
          .loc    3 0 58                          # log.c:0:58
          xorl    %eax, %eax
          testl   %r15d, %r15d
          setg    %al
          movl    %r15d, %edx
          negl    %edx
          leaq    reltable.isc_log_doit(%rip), %rcx
          movq    %rdx, -848(%rbp)                # 8-byte Spill
          movslq  (%rcx,%rdx,4), %rdx
          addq    %rcx, %rdx
          movq    %rdx, -840(%rbp)                # 8-byte Spill
          leaq    8328(%r13), %rcx
          #DEBUG_VALUE: isc_log_doit:matched <- 0
          movq    %rcx, -808(%rbp)                # 8-byte Spill
  .Ltmp662:
          .loc    3 1552 25 is_stmt 1             # log.c:1552:25

However, the value of `%rcx` at the `movslq (%rcx,%rdx,4), %rdx` statement becomes -2, so it attempts to access data before `reltable.isc_log_doit`. As that is in `.rodata`, this leads to a segfault.

The current working theory is that some code is hoisted out of the do-while loop starting at https://gitlab.isc.org/isc-projects/bind9/-/blob/main/lib/isc/log.c#L1531, in particular the `[-level]` accesses on lines 1613 and 1843:

                                  snprintf(level_string, sizeof(level_string),
                                           "%s: ", log_level_strings[-level]);
  ...
                          } else {
                                  syslog_level = syslog_map[-level];
                          }

but maybe these negative offsets confuse the lookup table converter?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D94355/new/

https://reviews.llvm.org/D94355

More information about the cfe-commits mailing list