[llvm-bugs] [Bug 44124] New: ICF merges PLT entries and then merges wrongly conflated PLT callers
via llvm-bugs
llvm-bugs at lists.llvm.org
Sat Nov 23 03:13:00 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=44124
Bug ID: 44124
Summary: ICF merges PLT entries and then merges wrongly
conflated PLT callers
Product: lld
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: ELF
Assignee: unassignedbugs at nondot.org
Reporter: roland at hack.frob.com
CC: llvm-bugs at lists.llvm.org, peter.smith at linaro.org
Full example below. In the real-world example, all four functions are exported
symbols from Fuchsia's libc.so (caller[12] are send and recv, callee[12] are
sendto and recvfrom). The callee[12] symbols (i.e. sendto/recvfrom) are
commonly overridden at runtime by a different DSO earlier in the link order.
The callee[12] definitions in libc.so itself are identical stubs so they are
correctly ICF'd. However, it is still an ABI requirement that the callee[12]
PLT entries be distinct at runtime. Thus, caller[12] must not be ICF'd
together, because each references a different PLT entry. However, LLD is
merging the callers together so they both use a PLT entry for callee1 and thus
at runtime caller2 calls callee1 rather than callee2 when callee1 and callee2
have disjoint definitions at runtime and the (identical) callee[12] definitions
in libc.so are unused.
```
frobland 615 % cat icf-bug.s
.section .text.caller1,"ax",%progbits
.type caller1,%function
.globl caller1
caller1: jmp callee1 at plt
.section .text.caller2,"ax",%progbits
.type caller2,%function
.globl caller2
caller2: jmp callee2 at plt
.section .text.callee1,"ax",%progbits
.type callee1,%function
.globl callee1
callee1: ret
.section .text.callee2,"ax",%progbits
.type callee2,%function
.globl callee2
callee2: ret
frobland 616 % ./prebuilt/third_party/clang/linux-x64/bin/clang -c icf-bug.s
frobland 617 % ./prebuilt/third_party/clang/linux-x64/bin/ld.lld -shared
--icf=\
all --print-icf-sections --gc-sections -o icf-bug.so icf-bug.o
selected section icf-bug.o:(.text.callee1)
removing identical section icf-bug.o:(.text.callee2)
selected section icf-bug.o:(.text.caller1)
removing identical section icf-bug.o:(.text.caller2)
frobland 618 % objdump -rd icf-bug.so
icf-bug.so: file format elf64-x86-64
Disassembly of section .text:
0000000000001310 <caller1>:
1310: e9 1b 00 00 00 jmpq 1330 <callee1 at plt>
0000000000001315 <callee1>:
1315: c3 retq
Disassembly of section .plt:
0000000000001320 <callee1 at plt-0x10>:
1320: ff 35 d2 20 00 00 pushq 0x20d2(%rip) # 33f8
<_DYN\
AMIC+0x10b8>
1326: ff 25 d4 20 00 00 jmpq *0x20d4(%rip) # 3400
<_DY\
NAMIC+0x10c0>
132c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000001330 <callee1 at plt>:
1330: ff 25 d2 20 00 00 jmpq *0x20d2(%rip) # 3408
<cal\
lee1+0x20f3>
1336: 68 00 00 00 00 pushq $0x0
133b: e9 e0 ff ff ff jmpq 1320 <callee1+0xb>
frobland 619 %
```
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191123/6234d360/attachment-0001.html>
More information about the llvm-bugs
mailing list