[llvm] [RFC][BPF] Support Jump Table (PR #133856)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 3 09:42:43 PDT 2025
yonghong-song wrote:
> > Backtrack certainly work. But maybe there is an alternative not to do backtrack. For example,
> > ```
> > r1 = .LJTI6_0 ll
> > <== we will know this is from a map (representing a jump table)
> > <== so mark r1 with some info like (jump_table_addr, offset 0)
> > r1 += r6
> > <== r1 still like jump_table_addr, need to ensure [r6, r6 + 8] is
> > within jump table range
> > r1 = *(u64 *)(r1 + 0)
> > <== r1 will be jump_table target, but still keep jump_table reference in r1.
> > gotox r1
> > <== goto jump_table_target (still has jump_table reference,
> > from verifier perspective, all jump table targets
> > in jump table should be verified).
> > ```
>
> Right, this is exactly what I've meant by "backtrack". Looks like for `switch` this will look similar in most cases. The `need to ensure [r6, r6 + 8] is within jump table range[r6, r6 + 8]` from libbpf side might be "best effort", only the verifier needs to check this for sure. I think that from libbpf side "r1 was loaded from map, then an offset was added" is enough to think that `r1` is still a valid pointer from the same map. (The devil is in details, of course, let's see for sure when I have code.)
Yes, libbpf does not need to do verifier work. The range analysis should be done in verifier.
https://github.com/llvm/llvm-project/pull/133856
More information about the llvm-commits
mailing list