[llvm] [BOLT] Add validation for direct call/branch targets, bypassing invalid functions (PR #165406)
Maksim Panchenko via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 4 16:15:37 PST 2025
================
@@ -1902,6 +1910,71 @@ bool BinaryFunction::scanExternalRefs() {
return Success;
}
+bool BinaryFunction::validateExternalBranch(uint64_t TargetAddress) {
+ if (!isSimple())
+ return true;
+
+ BinaryFunction *TargetFunction =
+ BC.getBinaryFunctionContainingAddress(TargetAddress);
+
+ bool IsValid = true;
+
+ if (TargetFunction) {
+ const uint64_t TargetOffset = TargetAddress - TargetFunction->getAddress();
+ // Skip empty functions and out-of-bounds offsets,
+ // as they may not be disassembled.
+ if (!TargetOffset || (TargetOffset > TargetFunction->getSize()))
+ return true;
+
+ if (TargetFunction->CurrentState == State::Disassembled &&
+ (!TargetFunction->getInstructionAtOffset(TargetOffset) ||
+ getSizeOfDataInCodeAt(TargetOffset)))
+ IsValid = false;
+ } else {
+ if (!BC.getSectionForAddress(TargetAddress))
+ IsValid = false;
+ }
+
+ if (!IsValid) {
+ setIgnored();
+ BC.errs() << "BOLT-WARNING: corrupted control flow detected in function "
+ << *this
+ << ", an external branch/call targets an invalid instruction "
+ << "at address 0x" << Twine::utohexstr(TargetAddress) << "\n";
+ return false;
+ }
+
+ return true;
+}
+
+bool BinaryFunction::validateInternalBranches() {
+ if (!isSimple())
----------------
maksfb wrote:
```suggestion
if (!isSimple() || TrapsOnEntry)
```
https://github.com/llvm/llvm-project/pull/165406
More information about the llvm-commits
mailing list