[PATCH] D129974: [BOLT] Support split function in stripped binaries

Sun Jul 17 14:16:05 PDT 2022

nhuhuan created this revision.
Herald added subscribers: ayermolo, JDevlieghere.
Herald added a reviewer: rafauler.
Herald added a reviewer: Amir.
Herald added a reviewer: maksfb.
Herald added a project: All.
nhuhuan requested review of this revision.
Herald added subscribers: llvm-commits, yota9.
Herald added a project: LLVM.

Split jump table support for stripped binaries.
Split landing pad support for both stripped/non-stripped binaries.

1. Split jump table a. No relocation (.rela.text) BOLT cannot reliably move code due to potentially undetected external references to the jump table address --> Non-simple. --> Relax for stripped binaries. --> Set function to non-simple after buildCFG. b. Validate jump table entries Current properties: --> Valid instruction boundary: + Cannot target middle of valid instruction. --> Intraprocedural target: + Accept targets to sibling fragments using symbol name. In this update: --> Non-overlapping jump tables: Overlapping jump tables are rare in nature for NonPIC, and extremely rare for PIC. --> Split function has no more than 2 fragments: Accept entries until reaching the second other fragment. Current fragment + 2 other fragments --> 3 fragments. --> Accept sibling fragments indicated by LSDA information + C++ exception handling is not widely used + But when used, because catch-block is rarely executed, compilers can move it to a separate .cold fragment. --> Jump table targets cannot callable fragment entry: + Unfinished! + Non-callable fragment entries are valid jump table targets. + Must underestimate callable entries using heuristics: --> Contain prologue --> Reached via a direct transfer --> Address is stored in GOT or vtable --> Tail call from at least 2 other fragments. --> Data flow properties: + Don't have invalid critical operators, ones that can cause program to crash, e.g. use undefined registers or access unallocated stack. + ABI properties: Callee-saved registers are preserved, e.g., %rsp.

2. Split landing pad a. Establish sibling-fragment relation LSDA information is more reliable than heuristics --> Run partial parseLSDA() earlier to help jump table analysis --> Two phases: + Early phase: Only validate landing pad targets. --> Stripped: Trust the correctness of LSDA information. --> Non-stripped: Verify using symbol name pattern. + Late phase: Only process LSDA. Skip validation. b. Update label for cross-function landing pad Previously cross-function targets are ignored. In this update: --> parseLSDA() + Support landing pad at builtin_unreachable. + Create local label for same-function landing pad. + Create secondary entry for cross-function landing pad. + Support recomputeLandingPad(). --> recomputeLandingPad() + Support cross-function landing pads. + Support when target function hasn't built CFG yet. --> Solution: rerun recomputeLandingPad() later. --> createEHTrampolines() + Support cross-function landing pads. + Support recomputeLandingPad().

3. Analyze stripped status automatically. Perform heuristics only for stripped binaries.

4. Added 4 manual tests with stripped binaries.

Test Plan:

  ninja check-bolt

Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D129974

Files:
  bolt/include/bolt/Core/BinaryContext.h
  bolt/include/bolt/Core/BinaryFunction.h
  bolt/include/bolt/Core/Exceptions.h
  bolt/lib/Core/BinaryContext.cpp
  bolt/lib/Core/BinaryFunction.cpp
  bolt/lib/Core/Exceptions.cpp
  bolt/lib/Passes/SplitFunctions.cpp
  bolt/lib/Rewrite/RewriteInstance.cpp
  bolt/test/X86/false-jump-table.s
  bolt/test/X86/jump-table-move-pic.s
  bolt/test/X86/split-func-jump-table-fragment-noparent.s
  bolt/test/X86/split-func-jump-table-fragment.s
  bolt/test/X86/split-landing-pad.s

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D129974.445351.patch
Type: text/x-patch
Size: 38637 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220717/df2eef58/attachment.bin>