[llvm] [BOLT] a local out-of-range stub might lead to infinite loop in LongJmp (PR #73918)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Dec 4 00:37:20 PST 2023
linsinan1995 wrote:
More detail for the infinite loop:
BB has a local stub .LStub1111 that is out of range, and the execution path entered the problematic [code piece](https://github.com/llvm/llvm-project/blob/main/bolt/lib/Passes/LongJmp.cpp#L203-L209).
```
.LFT2057:
00019e80: ldr x0, [x25]
00019e84: mov x1, x24
00019e88: ldr x8, [x0]
00019e8c: ldr x8, [x8, #0x10]
00019e90: blr x8 # handler: 0; action: 0
00019e94: tbz w0, #0x0, .LStub1111
00019e98: b .Ltmp22
preds: .LStub1110
succs: .LStub1111 .Ltmp22
```
After the problematic code, `TgtSym` and `TgtBBwere` changed from both `.LStub1111` into `.Ltmp2459` and `null`. Then a new local stub `.LStub1370` was created to replace the out-of-range stub.
```
TgtSym .LStub1111 => .Ltmp2459
TgtBB .LStub1111 => null
** createNewStub .LStub1370 **
.LFT2057:
00019e80: ldr x0, [x25]
00019e84: mov x1, x24
00019e88: ldr x8, [x0]
00019e8c: ldr x8, [x8, #0x10]
00019e90: blr x8 # handler: 0; action: 0
00019e94: tbz w0, #0x0, .LStub1370
00019e98: b .Ltmp22
preds: .LStub1110
succs: .LStub1111 .Ltmp22
```
likely because of we did not remove the relation between BB `.LFT2057` and `.LStub1111`, so the target of branch instruction was changed back to `.LStub1111` via `BinaryFunction::fixBranches`
```
During fixBranch
00000000: tbz w0, #0x0, .LStub1370
=>
00000000: tbz w0, #0x0, .LStub1111
```
Then Bolt was stuck in the loop of back-and-forth conversions between `.LStub1111` and `.LStub1370` .
https://github.com/llvm/llvm-project/pull/73918
More information about the llvm-commits
mailing list