[llvm] [BOLT][BTI] Disassemble PLT entries when processing BTI binaries (PR #169663)

Gergely Bálint via llvm-commits llvm-commits at lists.llvm.org
Wed Nov 26 09:31:42 PST 2025 

https://github.com/bgergely0 updated https://github.com/llvm/llvm-project/pull/169663

>From 1a96c464c9bcb258db09f0e77962f8b45c686e53 Mon Sep 17 00:00:00 2001
From: Gergely Balint <gergely.balint at arm.com>
Date: Wed, 19 Nov 2025 14:40:11 +0000
Subject: [PATCH 1/2] [BOLT][BTI] Disassemble PLT entries when processing BTI
 binaries

PLT entries are PseudoFunctions, and are not disassembled or emitted.
For BTI, we need to check the first MCInst of PLT entries, to see
if indirectly calling them is safe or not.

This patch disassembles PLTs for binaries using BTI, while not changing
the behaviour for binaries without BTI.

The PLTs are only disassembled, not emitted.
---
 bolt/lib/Core/BinaryFunction.cpp             |  5 ++++
 bolt/lib/Rewrite/RewriteInstance.cpp         |  6 ++++
 bolt/test/runtime/AArch64/disassemble-plts.c | 31 ++++++++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 bolt/test/runtime/AArch64/disassemble-plts.c

diff --git a/bolt/lib/Core/BinaryFunction.cpp b/bolt/lib/Core/BinaryFunction.cpp
index a5fdf79a737f5..8cb0ccf7bd396 100644
--- a/bolt/lib/Core/BinaryFunction.cpp
+++ b/bolt/lib/Core/BinaryFunction.cpp
@@ -147,6 +147,11 @@ static cl::opt<bool> TrapOnAVX512(
     cl::init(false), cl::ZeroOrMore, cl::Hidden, cl::cat(BoltCategory));
 
 bool shouldPrint(const BinaryFunction &Function) {
+  // PLT stubs are disassembled for BTI binaries, therefore they should be
+  // printed.
+  if (Function.getBinaryContext().usesBTI() && Function.isPLTFunction())
+    return true;
+
   if (Function.isIgnored())
     return false;
 
diff --git a/bolt/lib/Rewrite/RewriteInstance.cpp b/bolt/lib/Rewrite/RewriteInstance.cpp
index 8a5bbe28e5f66..1be5fc4e2a707 100644
--- a/bolt/lib/Rewrite/RewriteInstance.cpp
+++ b/bolt/lib/Rewrite/RewriteInstance.cpp
@@ -461,6 +461,12 @@ Error RewriteInstance::setProfile(StringRef Filename) {
 
 /// Return true if the function \p BF should be disassembled.
 static bool shouldDisassemble(const BinaryFunction &BF) {
+
+  const BinaryContext &BC = BF.getBinaryContext();
+  // Disassemble PLT functions on AArch64 to check BTI landing pads.
+  if (BC.usesBTI() && BF.isPLTFunction())
+    return true;
+
   if (BF.isPseudo())
     return false;
 
diff --git a/bolt/test/runtime/AArch64/disassemble-plts.c b/bolt/test/runtime/AArch64/disassemble-plts.c
new file mode 100644
index 0000000000000..031955d045b44
--- /dev/null
+++ b/bolt/test/runtime/AArch64/disassemble-plts.c
@@ -0,0 +1,31 @@
+// This test checks that BOLT disassembles PLT stubs in binaries using BTI,
+// while keeping them not disassembled in non-BTI binaries.
+
+// RUN: %clang -fuse-ld=lld --target=aarch64-unknown-linux-gnu %s -o %t.exe \
+// RUN: -Wl,-q
+// RUN: llvm-bolt %t.exe -o %t.bolt --print-disasm | FileCheck %s
+
+// RUN: %clang -fuse-ld=lld --target=aarch64-unknown-linux-gnu \
+// RUN: -mbranch-protection=standard %s -o %t.bti.exe -Wl,-q -Wl,-z,force-bti
+// RUN: llvm-bolt %t.bti.exe -o %t.bolt --print-disasm | FileCheck %s \
+// RUN: --check-prefix=CHECK-BTI
+
+// For the non-BTI binary, PLTs should not be disassembled.
+// CHECK-NOT: Binary Function "{{.*}}@PLT" after disassembly {
+
+// Check that PLTs are disassembled for the BTI binary.
+// CHECK-BTI: Binary Function "__libc_start_main at PLT" after disassembly {
+// CHECK-BTI: adrp
+// CHECK-BTI: ldr
+// CHECK-BTI: add
+// CHECK-BTI: br
+// CHECK-BTI: End of Function "__libc_start_main at PLT"
+
+#include <stdio.h>
+#include <stdlib.h>
+int main(int argc, char **argv) {
+  if (argc > 3)
+    exit(42);
+  else
+    printf("Number of args: %d\n", argc);
+}

>From 6ed1d8d11f55467393735a02bfddef77018b8719 Mon Sep 17 00:00:00 2001
From: Gergely Balint <gergely.balint at arm.com>
Date: Wed, 26 Nov 2025 17:24:39 +0000
Subject: [PATCH 2/2] [BOLT] Fix comment

---
 bolt/lib/Rewrite/RewriteInstance.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bolt/lib/Rewrite/RewriteInstance.cpp b/bolt/lib/Rewrite/RewriteInstance.cpp
index 1be5fc4e2a707..df380163d8c53 100644
--- a/bolt/lib/Rewrite/RewriteInstance.cpp
+++ b/bolt/lib/Rewrite/RewriteInstance.cpp
@@ -463,7 +463,8 @@ Error RewriteInstance::setProfile(StringRef Filename) {
 static bool shouldDisassemble(const BinaryFunction &BF) {
 
   const BinaryContext &BC = BF.getBinaryContext();
-  // Disassemble PLT functions on AArch64 to check BTI landing pads.
+  // Disassemble PLT functions for BTI binaries to check if they need landing
+  // pads when targeting them in LongJmp.
   if (BC.usesBTI() && BF.isPLTFunction())
     return true;

More information about the llvm-commits mailing list