[llvm] [BOLT] Add validation for direct call/branch targets, bypassing invalid functions (PR #165406)
Jinjie Huang via llvm-commits
llvm-commits at lists.llvm.org
Mon Dec 8 21:05:27 PST 2025
================
@@ -531,20 +531,39 @@ BinaryContext::handleAddressRef(uint64_t Address, BinaryFunction &BF,
}
MCSymbol *BinaryContext::handleExternalBranchTarget(uint64_t Address,
- BinaryFunction &BF) {
- if (BF.isInConstantIsland(Address)) {
- BF.setIgnored();
- this->outs() << "BOLT-WARNING: ignoring entry point at address 0x"
- << Twine::utohexstr(Address)
- << " in constant island of function " << BF << '\n';
- return nullptr;
+ BinaryFunction &Source,
+ BinaryFunction &Target) {
+ const uint64_t Offset = Address - Target.getAddress();
+ assert(Offset < Target.getSize() &&
+ "Address should be inside the referenced function");
+
+ bool IsValid = true;
+ if (Source.NeedBranchValidation) {
+ if (Target.CurrentState == BinaryFunction::State::Disassembled &&
+ !Target.getInstructionAtOffset(Offset)) {
+ this->outs()
+ << "BOLT-WARNING: corrupted control flow detected in function "
+ << Source
+ << ": an external branch/call targets an invalid instruction "
+ << "at address 0x" << Twine::utohexstr(Address) << '\n';
+ IsValid = false;
+ }
+ if (Target.isInConstantIsland(Address)) {
+ this->outs() << "BOLT-WARNING: ignoring entry point at address 0x"
+ << Twine::utohexstr(Address)
+ << " in constant island of function " << Target << '\n';
+ IsValid = false;
+ }
----------------
Jinjie-Huang wrote:
Seems the case of jumping into the middle of an instruction is already handled by `!Target.getInstructionAtOffset(Offset)`. Or should we tweak the error message?
https://github.com/llvm/llvm-project/pull/165406
More information about the llvm-commits
mailing list