2021-12-21 10:21:41 -08:00
|
|
|
//===- bolt/Core/BinaryFunction.cpp - Low-level function ------------------===//
|
2015-10-09 17:21:14 -07:00
|
|
|
//
|
2021-03-15 18:04:18 -07:00
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
2015-10-09 17:21:14 -07:00
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
//
|
2021-12-21 10:21:41 -08:00
|
|
|
// This file implements the BinaryFunction class.
|
|
|
|
|
//
|
2015-10-09 17:21:14 -07:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2021-10-08 11:47:10 -07:00
|
|
|
#include "bolt/Core/BinaryFunction.h"
|
|
|
|
|
#include "bolt/Core/BinaryBasicBlock.h"
|
|
|
|
|
#include "bolt/Core/DynoStats.h"
|
2023-02-16 10:52:04 -08:00
|
|
|
#include "bolt/Core/HashUtilities.h"
|
2021-10-08 11:47:10 -07:00
|
|
|
#include "bolt/Core/MCPlusBuilder.h"
|
2025-02-25 10:53:45 -08:00
|
|
|
#include "bolt/Utils/CommandLineOpts.h"
|
2021-10-08 11:47:10 -07:00
|
|
|
#include "bolt/Utils/NameResolver.h"
|
|
|
|
|
#include "bolt/Utils/NameShortener.h"
|
|
|
|
|
#include "bolt/Utils/Utils.h"
|
2022-05-24 18:04:42 -07:00
|
|
|
#include "llvm/ADT/STLExtras.h"
|
2019-09-20 11:29:35 -07:00
|
|
|
#include "llvm/ADT/SmallSet.h"
|
2022-05-24 18:28:42 -07:00
|
|
|
#include "llvm/ADT/StringExtras.h"
|
2015-10-09 17:21:14 -07:00
|
|
|
#include "llvm/ADT/StringRef.h"
|
2021-11-11 18:14:53 -08:00
|
|
|
#include "llvm/Demangle/Demangle.h"
|
2015-10-09 17:21:14 -07:00
|
|
|
#include "llvm/MC/MCAsmInfo.h"
|
|
|
|
|
#include "llvm/MC/MCContext.h"
|
2021-04-30 13:54:02 -07:00
|
|
|
#include "llvm/MC/MCDisassembler/MCDisassembler.h"
|
2015-10-09 21:47:18 -07:00
|
|
|
#include "llvm/MC/MCExpr.h"
|
2015-10-09 17:21:14 -07:00
|
|
|
#include "llvm/MC/MCInst.h"
|
|
|
|
|
#include "llvm/MC/MCInstPrinter.h"
|
2022-02-09 08:26:30 -05:00
|
|
|
#include "llvm/MC/MCRegisterInfo.h"
|
2022-08-18 21:40:00 -07:00
|
|
|
#include "llvm/MC/MCSymbol.h"
|
2015-10-09 17:21:14 -07:00
|
|
|
#include "llvm/Object/ObjectFile.h"
|
2016-01-21 14:18:30 -08:00
|
|
|
#include "llvm/Support/CommandLine.h"
|
2015-10-09 17:21:14 -07:00
|
|
|
#include "llvm/Support/Debug.h"
|
2024-03-31 19:29:45 -07:00
|
|
|
#include "llvm/Support/GenericDomTreeConstruction.h"
|
|
|
|
|
#include "llvm/Support/GenericLoopInfoImpl.h"
|
2016-07-01 08:40:56 -07:00
|
|
|
#include "llvm/Support/GraphWriter.h"
|
2020-12-01 16:29:39 -08:00
|
|
|
#include "llvm/Support/LEB128.h"
|
|
|
|
|
#include "llvm/Support/Regex.h"
|
2017-11-27 18:00:24 -08:00
|
|
|
#include "llvm/Support/Timer.h"
|
2015-10-09 17:21:14 -07:00
|
|
|
#include "llvm/Support/raw_ostream.h"
|
2023-11-27 14:45:46 -08:00
|
|
|
#include "llvm/Support/xxhash.h"
|
2019-04-09 21:22:41 -07:00
|
|
|
#include <functional>
|
2015-10-09 17:21:14 -07:00
|
|
|
#include <limits>
|
2019-04-09 21:22:41 -07:00
|
|
|
#include <numeric>
|
2024-06-21 14:01:33 +02:00
|
|
|
#include <stack>
|
2015-10-09 17:21:14 -07:00
|
|
|
#include <string>
|
|
|
|
|
|
2016-02-05 14:42:04 -08:00
|
|
|
#define DEBUG_TYPE "bolt"
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2016-09-02 14:15:29 -07:00
|
|
|
using namespace llvm;
|
2016-09-16 15:54:32 -07:00
|
|
|
using namespace bolt;
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2016-01-21 14:18:30 -08:00
|
|
|
namespace opts {
|
|
|
|
|
|
2017-03-28 14:40:20 -07:00
|
|
|
extern cl::OptionCategory BoltCategory;
|
|
|
|
|
extern cl::OptionCategory BoltOptCategory;
|
|
|
|
|
|
2019-04-12 17:33:46 -07:00
|
|
|
extern cl::opt<bool> EnableBAT;
|
2019-06-19 20:10:49 -07:00
|
|
|
extern cl::opt<bool> Instrument;
|
2019-06-28 09:21:27 -07:00
|
|
|
extern cl::opt<bool> StrictMode;
|
|
|
|
|
extern cl::opt<bool> UpdateDebugSections;
|
|
|
|
|
extern cl::opt<unsigned> Verbosity;
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2025-04-30 14:41:11 +02:00
|
|
|
extern bool BinaryAnalysisMode;
|
|
|
|
|
extern bool HeatmapMode;
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
extern bool processAllFunctions();
|
|
|
|
|
|
2025-03-06 14:11:05 +08:00
|
|
|
static cl::opt<bool> CheckEncoding(
|
2022-06-05 13:29:49 -07:00
|
|
|
"check-encoding",
|
|
|
|
|
cl::desc("perform verification of LLVM instruction encoding/decoding. "
|
|
|
|
|
"Every instruction in the input is decoded and re-encoded. "
|
|
|
|
|
"If the resulting bytes do not match the input, a warning message "
|
|
|
|
|
"is printed."),
|
|
|
|
|
cl::Hidden, cl::cat(BoltCategory));
|
|
|
|
|
|
|
|
|
|
static cl::opt<bool> DotToolTipCode(
|
|
|
|
|
"dot-tooltip-code",
|
|
|
|
|
cl::desc("add basic block instructions as tool tips on nodes"), cl::Hidden,
|
|
|
|
|
cl::cat(BoltCategory));
|
2020-07-16 17:35:55 -07:00
|
|
|
|
|
|
|
|
cl::opt<JumpTableSupportLevel>
|
|
|
|
|
JumpTables("jump-tables",
|
|
|
|
|
cl::desc("jump tables support (default=basic)"),
|
|
|
|
|
cl::init(JTS_BASIC),
|
|
|
|
|
cl::values(
|
|
|
|
|
clEnumValN(JTS_NONE, "none",
|
|
|
|
|
"do not optimize functions with jump tables"),
|
|
|
|
|
clEnumValN(JTS_BASIC, "basic",
|
|
|
|
|
"optimize functions with jump tables"),
|
|
|
|
|
clEnumValN(JTS_MOVE, "move",
|
|
|
|
|
"move jump tables to a separate section"),
|
|
|
|
|
clEnumValN(JTS_SPLIT, "split",
|
|
|
|
|
"split jump tables section into hot and cold based on "
|
|
|
|
|
"function execution frequency"),
|
|
|
|
|
clEnumValN(JTS_AGGRESSIVE, "aggressive",
|
|
|
|
|
"aggressively split jump tables section based on usage "
|
|
|
|
|
"of the tables")),
|
|
|
|
|
cl::ZeroOrMore,
|
|
|
|
|
cl::cat(BoltOptCategory));
|
|
|
|
|
|
2022-06-05 13:29:49 -07:00
|
|
|
static cl::opt<bool> NoScan(
|
|
|
|
|
"no-scan",
|
|
|
|
|
cl::desc(
|
|
|
|
|
"do not scan cold functions for external references (may result in "
|
|
|
|
|
"slower binary)"),
|
|
|
|
|
cl::Hidden, cl::cat(BoltOptCategory));
|
2020-12-30 12:23:58 -08:00
|
|
|
|
2020-07-16 17:35:55 -07:00
|
|
|
cl::opt<bool>
|
2022-06-05 13:29:49 -07:00
|
|
|
PreserveBlocksAlignment("preserve-blocks-alignment",
|
|
|
|
|
cl::desc("try to preserve basic block alignment"),
|
|
|
|
|
cl::cat(BoltOptCategory));
|
2019-07-31 16:03:49 -07:00
|
|
|
|
2023-11-23 15:28:31 -05:00
|
|
|
static cl::opt<bool> PrintOutputAddressRange(
|
|
|
|
|
"print-output-address-range",
|
|
|
|
|
cl::desc(
|
|
|
|
|
"print output address range for each basic block in the function when"
|
|
|
|
|
"BinaryFunction::print is called"),
|
|
|
|
|
cl::Hidden, cl::cat(BoltOptCategory));
|
|
|
|
|
|
2017-08-10 13:18:44 -07:00
|
|
|
cl::opt<bool>
|
2020-07-16 17:35:55 -07:00
|
|
|
PrintDynoStats("dyno-stats",
|
|
|
|
|
cl::desc("print execution info based on profile"),
|
|
|
|
|
cl::cat(BoltCategory));
|
|
|
|
|
|
|
|
|
|
static cl::opt<bool>
|
|
|
|
|
PrintDynoStatsOnly("print-dyno-stats-only",
|
|
|
|
|
cl::desc("while printing functions output dyno-stats and skip instructions"),
|
|
|
|
|
cl::init(false),
|
|
|
|
|
cl::Hidden,
|
|
|
|
|
cl::cat(BoltCategory));
|
|
|
|
|
|
|
|
|
|
static cl::list<std::string>
|
|
|
|
|
PrintOnly("print-only",
|
|
|
|
|
cl::CommaSeparated,
|
|
|
|
|
cl::desc("list of functions to print"),
|
|
|
|
|
cl::value_desc("func1,func2,func3,..."),
|
|
|
|
|
cl::Hidden,
|
|
|
|
|
cl::cat(BoltCategory));
|
2017-03-17 19:05:11 -07:00
|
|
|
|
2019-07-12 07:25:50 -07:00
|
|
|
cl::opt<bool>
|
2022-06-05 13:29:49 -07:00
|
|
|
TimeBuild("time-build",
|
|
|
|
|
cl::desc("print time spent constructing binary functions"),
|
|
|
|
|
cl::Hidden, cl::cat(BoltCategory));
|
2017-11-27 18:00:24 -08:00
|
|
|
|
2025-03-06 14:11:05 +08:00
|
|
|
static cl::opt<bool> TrapOnAVX512(
|
|
|
|
|
"trap-avx512",
|
|
|
|
|
cl::desc("in relocation mode trap upon entry to any function that uses "
|
|
|
|
|
"AVX-512 instructions"),
|
|
|
|
|
cl::init(false), cl::ZeroOrMore, cl::Hidden, cl::cat(BoltCategory));
|
2018-02-02 16:07:11 -08:00
|
|
|
|
2017-03-17 19:05:11 -07:00
|
|
|
bool shouldPrint(const BinaryFunction &Function) {
|
2020-05-03 13:54:45 -07:00
|
|
|
if (Function.isIgnored())
|
|
|
|
|
return false;
|
|
|
|
|
|
2019-05-29 18:33:09 -07:00
|
|
|
if (PrintOnly.empty())
|
2017-03-17 19:05:11 -07:00
|
|
|
return true;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (std::string &Name : opts::PrintOnly) {
|
2017-10-20 12:11:34 -07:00
|
|
|
if (Function.hasNameRegex(Name)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-25 23:44:06 +02:00
|
|
|
std::optional<StringRef> Origin = Function.getOriginSectionName();
|
|
|
|
|
if (Origin && llvm::any_of(opts::PrintOnly, [&](const std::string &Name) {
|
|
|
|
|
return Name == *Origin;
|
|
|
|
|
}))
|
|
|
|
|
return true;
|
|
|
|
|
|
2017-03-17 19:05:11 -07:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-21 14:18:30 -08:00
|
|
|
} // namespace opts
|
|
|
|
|
|
2016-09-02 14:15:29 -07:00
|
|
|
namespace llvm {
|
|
|
|
|
namespace bolt {
|
|
|
|
|
|
2023-02-06 17:38:20 -08:00
|
|
|
template <typename R> static bool emptyRange(const R &Range) {
|
2017-10-20 12:11:34 -07:00
|
|
|
return Range.begin() == Range.end();
|
|
|
|
|
}
|
2017-11-27 12:58:21 -08:00
|
|
|
|
2016-05-27 20:19:19 -07:00
|
|
|
/// Gets debug line information for the instruction located at the given
|
|
|
|
|
/// address in the original binary. The SMLoc's pointer is used
|
|
|
|
|
/// to point to this information, which is represented by a
|
|
|
|
|
/// DebugLineTableRowRef. The returned pointer is null if no debug line
|
|
|
|
|
/// information for this instruction was found.
|
2023-02-06 17:38:20 -08:00
|
|
|
static SMLoc findDebugLineInformationForInstructionAt(
|
2021-12-14 16:52:51 -08:00
|
|
|
uint64_t Address, DWARFUnit *Unit,
|
|
|
|
|
const DWARFDebugLine::LineTable *LineTable) {
|
2016-05-27 20:19:19 -07:00
|
|
|
// We use the pointer in SMLoc to store an instance of DebugLineTableRowRef,
|
|
|
|
|
// which occupies 64 bits. Thus, we can only proceed if the struct fits into
|
|
|
|
|
// the pointer itself.
|
2023-08-10 18:44:17 -07:00
|
|
|
static_assert(
|
|
|
|
|
sizeof(decltype(SMLoc().getPointer())) >= sizeof(DebugLineTableRowRef),
|
|
|
|
|
"Cannot fit instruction debug line information into SMLoc's pointer");
|
2016-02-25 16:57:07 -08:00
|
|
|
|
2016-05-27 20:19:19 -07:00
|
|
|
SMLoc NullResult = DebugLineTableRowRef::NULL_ROW.toSMLoc();
|
2020-12-01 16:29:39 -08:00
|
|
|
uint32_t RowIndex = LineTable->lookupAddress(
|
|
|
|
|
{Address, object::SectionedAddress::UndefSection});
|
2016-05-27 20:19:19 -07:00
|
|
|
if (RowIndex == LineTable->UnknownRowIndex)
|
|
|
|
|
return NullResult;
|
|
|
|
|
|
|
|
|
|
assert(RowIndex < LineTable->Rows.size() &&
|
|
|
|
|
"Line Table lookup returned invalid index.");
|
|
|
|
|
|
|
|
|
|
decltype(SMLoc().getPointer()) Ptr;
|
|
|
|
|
DebugLineTableRowRef *InstructionLocation =
|
2021-12-14 16:52:51 -08:00
|
|
|
reinterpret_cast<DebugLineTableRowRef *>(&Ptr);
|
2016-05-27 20:19:19 -07:00
|
|
|
|
2020-10-12 21:04:42 -07:00
|
|
|
InstructionLocation->DwCompileUnitIndex = Unit->getOffset();
|
2016-05-27 20:19:19 -07:00
|
|
|
InstructionLocation->RowIndex = RowIndex + 1;
|
|
|
|
|
|
|
|
|
|
return SMLoc::getFromPointer(Ptr);
|
2016-02-25 16:57:07 -08:00
|
|
|
}
|
|
|
|
|
|
2023-02-06 17:38:20 -08:00
|
|
|
static std::string buildSectionName(StringRef Prefix, StringRef Name,
|
|
|
|
|
const BinaryContext &BC) {
|
2020-05-26 04:21:04 -07:00
|
|
|
if (BC.isELF())
|
|
|
|
|
return (Prefix + Name).str();
|
|
|
|
|
static NameShortener NS;
|
|
|
|
|
return (Prefix + Twine(NS.getID(Name))).str();
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-06 17:38:20 -08:00
|
|
|
static raw_ostream &operator<<(raw_ostream &OS,
|
|
|
|
|
const BinaryFunction::State State) {
|
2021-12-14 16:52:51 -08:00
|
|
|
switch (State) {
|
|
|
|
|
case BinaryFunction::State::Empty: OS << "empty"; break;
|
|
|
|
|
case BinaryFunction::State::Disassembled: OS << "disassembled"; break;
|
|
|
|
|
case BinaryFunction::State::CFG: OS << "CFG constructed"; break;
|
|
|
|
|
case BinaryFunction::State::CFG_Finalized: OS << "CFG finalized"; break;
|
|
|
|
|
case BinaryFunction::State::EmittedCFG: OS << "emitted with CFG"; break;
|
|
|
|
|
case BinaryFunction::State::Emitted: OS << "emitted"; break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return OS;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-26 04:21:04 -07:00
|
|
|
std::string BinaryFunction::buildCodeSectionName(StringRef Name,
|
|
|
|
|
const BinaryContext &BC) {
|
|
|
|
|
return buildSectionName(BC.isELF() ? ".local.text." : ".l.text.", Name, BC);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string BinaryFunction::buildColdCodeSectionName(StringRef Name,
|
|
|
|
|
const BinaryContext &BC) {
|
|
|
|
|
return buildSectionName(BC.isELF() ? ".local.cold.text." : ".l.c.text.", Name,
|
|
|
|
|
BC);
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-18 17:00:46 -08:00
|
|
|
uint64_t BinaryFunction::Count = 0;
|
|
|
|
|
|
2022-12-11 12:33:47 -08:00
|
|
|
std::optional<StringRef>
|
|
|
|
|
BinaryFunction::hasNameRegex(const StringRef Name) const {
|
2021-04-08 00:19:26 -07:00
|
|
|
const std::string RegexName = (Twine("^") + StringRef(Name) + "$").str();
|
2019-05-29 18:33:09 -07:00
|
|
|
Regex MatchName(RegexName);
|
2022-12-11 12:33:47 -08:00
|
|
|
return forEachName(
|
2021-04-08 00:19:26 -07:00
|
|
|
[&MatchName](StringRef Name) { return MatchName.match(Name); });
|
2017-10-20 12:11:34 -07:00
|
|
|
}
|
2017-11-27 12:58:21 -08:00
|
|
|
|
2022-12-11 12:33:47 -08:00
|
|
|
std::optional<StringRef>
|
2020-11-09 12:38:51 -08:00
|
|
|
BinaryFunction::hasRestoredNameRegex(const StringRef Name) const {
|
2021-04-08 00:19:26 -07:00
|
|
|
const std::string RegexName = (Twine("^") + StringRef(Name) + "$").str();
|
2020-11-09 12:38:51 -08:00
|
|
|
Regex MatchName(RegexName);
|
2022-12-11 12:33:47 -08:00
|
|
|
return forEachName([&MatchName](StringRef Name) {
|
2021-04-08 00:19:26 -07:00
|
|
|
return MatchName.match(NameResolver::restore(Name));
|
2020-11-09 12:38:51 -08:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-07 15:00:41 -08:00
|
|
|
std::string BinaryFunction::getDemangledName() const {
|
2020-10-09 16:06:27 -07:00
|
|
|
StringRef MangledName = NameResolver::restore(getOneName());
|
2021-11-11 18:14:53 -08:00
|
|
|
return demangle(MangledName.str());
|
2017-12-07 15:00:41 -08:00
|
|
|
}
|
|
|
|
|
|
2015-10-12 12:12:16 -07:00
|
|
|
BinaryBasicBlock *
|
|
|
|
|
BinaryFunction::getBasicBlockContainingOffset(uint64_t Offset) {
|
|
|
|
|
if (Offset > Size)
|
|
|
|
|
return nullptr;
|
|
|
|
|
|
2016-09-07 18:59:23 -07:00
|
|
|
if (BasicBlockOffsets.empty())
|
2015-10-12 12:12:16 -07:00
|
|
|
return nullptr;
|
|
|
|
|
|
2016-09-07 18:59:23 -07:00
|
|
|
/*
|
2018-06-14 14:27:20 -07:00
|
|
|
* This is commented out because it makes BOLT too slow.
|
2016-09-07 18:59:23 -07:00
|
|
|
* assert(std::is_sorted(BasicBlockOffsets.begin(),
|
|
|
|
|
* BasicBlockOffsets.end(),
|
|
|
|
|
* CompareBasicBlockOffsets())));
|
|
|
|
|
*/
|
2022-06-23 22:15:47 -07:00
|
|
|
auto I =
|
|
|
|
|
llvm::upper_bound(BasicBlockOffsets, BasicBlockOffset(Offset, nullptr),
|
|
|
|
|
CompareBasicBlockOffsets());
|
2016-09-07 18:59:23 -07:00
|
|
|
assert(I != BasicBlockOffsets.begin() && "first basic block not at offset 0");
|
|
|
|
|
--I;
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *BB = I->second;
|
2017-05-16 09:27:34 -07:00
|
|
|
return (Offset < BB->getOffset() + BB->getOriginalSize()) ? BB : nullptr;
|
2016-03-28 17:45:22 -07:00
|
|
|
}
|
|
|
|
|
|
2018-03-30 17:44:14 -07:00
|
|
|
void BinaryFunction::markUnreachableBlocks() {
|
2016-09-07 18:59:23 -07:00
|
|
|
std::stack<BinaryBasicBlock *> Stack;
|
|
|
|
|
|
2022-07-14 12:55:20 -07:00
|
|
|
for (BinaryBasicBlock &BB : blocks())
|
|
|
|
|
BB.markValid(false);
|
2016-09-07 18:59:23 -07:00
|
|
|
|
2016-09-29 11:19:06 -07:00
|
|
|
// Add all entries and landing pads as roots.
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2020-04-19 22:29:54 -07:00
|
|
|
if (isEntryPoint(*BB) || BB->isLandingPad()) {
|
2016-09-07 18:59:23 -07:00
|
|
|
Stack.push(BB);
|
|
|
|
|
BB->markValid(true);
|
2018-07-03 17:02:33 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// FIXME:
|
|
|
|
|
// Also mark BBs with indirect jumps as reachable, since we do not
|
2021-11-08 19:54:05 -08:00
|
|
|
// support removing unused jump tables yet (GH-issue20).
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const MCInst &Inst : *BB) {
|
2018-07-03 17:02:33 -07:00
|
|
|
if (BC.MIB->getJumpTable(Inst)) {
|
|
|
|
|
Stack.push(BB);
|
|
|
|
|
BB->markValid(true);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-09-07 18:59:23 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Determine reachable BBs from the entry point
|
|
|
|
|
while (!Stack.empty()) {
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *BB = Stack.top();
|
2016-09-07 18:59:23 -07:00
|
|
|
Stack.pop();
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *Succ : BB->successors()) {
|
2016-09-07 18:59:23 -07:00
|
|
|
if (Succ->isValid())
|
|
|
|
|
continue;
|
|
|
|
|
Succ->markValid(true);
|
|
|
|
|
Stack.push(Succ);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Any unnecessary fallthrough jumps revealed after calling eraseInvalidBBs
|
|
|
|
|
// will be cleaned up by fixBranches().
|
2023-11-10 00:46:04 +04:00
|
|
|
std::pair<unsigned, uint64_t>
|
|
|
|
|
BinaryFunction::eraseInvalidBBs(const MCCodeEmitter *Emitter) {
|
2022-07-16 17:23:21 -07:00
|
|
|
DenseSet<const BinaryBasicBlock *> InvalidBBs;
|
2015-10-20 12:47:37 -07:00
|
|
|
unsigned Count = 0;
|
2016-09-07 18:59:23 -07:00
|
|
|
uint64_t Bytes = 0;
|
2022-07-16 17:23:21 -07:00
|
|
|
for (BinaryBasicBlock *const BB : BasicBlocks) {
|
|
|
|
|
if (!BB->isValid()) {
|
2020-04-19 22:29:54 -07:00
|
|
|
assert(!isEntryPoint(*BB) && "all entry blocks must be valid");
|
2022-07-16 17:23:21 -07:00
|
|
|
InvalidBBs.insert(BB);
|
2015-10-20 12:47:37 -07:00
|
|
|
++Count;
|
2023-11-10 00:46:04 +04:00
|
|
|
Bytes += BC.computeCodeSize(BB->begin(), BB->end(), Emitter);
|
2016-09-07 18:59:23 -07:00
|
|
|
}
|
2015-10-20 12:47:37 -07:00
|
|
|
}
|
2022-07-16 17:23:21 -07:00
|
|
|
|
|
|
|
|
Layout.eraseBasicBlocks(InvalidBBs);
|
2016-09-07 18:59:23 -07:00
|
|
|
|
|
|
|
|
BasicBlockListType NewBasicBlocks;
|
|
|
|
|
for (auto I = BasicBlocks.begin(), E = BasicBlocks.end(); I != E; ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *BB = *I;
|
2022-07-16 17:23:21 -07:00
|
|
|
if (InvalidBBs.contains(BB)) {
|
2018-03-30 17:44:14 -07:00
|
|
|
// Make sure the block is removed from the list of predecessors.
|
|
|
|
|
BB->removeAllSuccessors();
|
|
|
|
|
DeletedBasicBlocks.push_back(BB);
|
2022-07-16 17:23:21 -07:00
|
|
|
} else {
|
|
|
|
|
NewBasicBlocks.push_back(BB);
|
2016-09-07 18:59:23 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
BasicBlocks = std::move(NewBasicBlocks);
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
assert(BasicBlocks.size() == Layout.block_size());
|
2016-09-07 18:59:23 -07:00
|
|
|
|
|
|
|
|
// Update CFG state if needed
|
2017-10-26 18:36:30 -07:00
|
|
|
if (Count > 0)
|
|
|
|
|
recomputeLandingPads();
|
2016-09-07 18:59:23 -07:00
|
|
|
|
|
|
|
|
return std::make_pair(Count, Bytes);
|
2015-10-20 12:47:37 -07:00
|
|
|
}
|
|
|
|
|
|
2016-09-22 18:08:20 -07:00
|
|
|
bool BinaryFunction::isForwardCall(const MCSymbol *CalleeSymbol) const {
|
2017-03-20 22:44:25 -07:00
|
|
|
// This function should work properly before and after function reordering.
|
|
|
|
|
// In order to accomplish this, we use the function index (if it is valid).
|
|
|
|
|
// If the function indices are not valid, we fall back to the original
|
|
|
|
|
// addresses. This should be ok because the functions without valid indices
|
|
|
|
|
// should have been ordered with a stable sort.
|
2021-04-08 00:19:26 -07:00
|
|
|
const BinaryFunction *CalleeBF = BC.getFunctionForSymbol(CalleeSymbol);
|
2016-09-22 18:08:20 -07:00
|
|
|
if (CalleeBF) {
|
2021-12-14 16:52:51 -08:00
|
|
|
if (CalleeBF->isInjected())
|
2018-07-08 12:14:08 -07:00
|
|
|
return true;
|
2024-11-27 09:01:12 +08:00
|
|
|
return compareBinaryFunctionByIndex(this, CalleeBF);
|
2016-09-22 18:08:20 -07:00
|
|
|
} else {
|
|
|
|
|
// Absolute symbol.
|
2021-04-08 00:19:26 -07:00
|
|
|
ErrorOr<uint64_t> CalleeAddressOrError = BC.getSymbolValue(*CalleeSymbol);
|
2019-06-04 15:30:22 -07:00
|
|
|
assert(CalleeAddressOrError && "unregistered symbol found");
|
|
|
|
|
return *CalleeAddressOrError > getAddress();
|
2016-09-22 18:08:20 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-20 15:16:32 -08:00
|
|
|
void BinaryFunction::dump() const {
|
2022-08-24 15:56:02 -07:00
|
|
|
// getDynoStats calls FunctionLayout::updateLayoutIndices and
|
|
|
|
|
// BasicBlock::analyzeBranch. The former cannot be const, but should be
|
|
|
|
|
// removed, the latter should be made const, but seems to require refactoring.
|
|
|
|
|
// Forcing all callers to have a non-const reference to BinaryFunction to call
|
|
|
|
|
// dump non-const however is not ideal either. Adding this const_cast is right
|
|
|
|
|
// now the best solution. It is safe, because BinaryFunction itself is not
|
|
|
|
|
// modified. Only BinaryBasicBlocks are actually modified (if it all) and we
|
|
|
|
|
// have mutable pointers to those regardless whether this function is
|
|
|
|
|
// const-qualified or not.
|
2022-12-20 15:16:32 -08:00
|
|
|
const_cast<BinaryFunction &>(*this).print(dbgs(), "");
|
2016-07-23 08:01:53 -07:00
|
|
|
}
|
|
|
|
|
|
2022-12-20 15:16:32 -08:00
|
|
|
void BinaryFunction::print(raw_ostream &OS, std::string Annotation) {
|
2020-05-03 13:54:45 -07:00
|
|
|
if (!opts::shouldPrint(*this))
|
2016-09-27 19:09:38 -07:00
|
|
|
return;
|
|
|
|
|
|
2018-07-08 12:14:08 -07:00
|
|
|
StringRef SectionName =
|
2020-10-09 16:06:27 -07:00
|
|
|
OriginSection ? OriginSection->getName() : "<no origin section>";
|
2016-08-07 12:35:23 -07:00
|
|
|
OS << "Binary Function \"" << *this << "\" " << Annotation << " {";
|
2021-04-08 00:19:26 -07:00
|
|
|
std::vector<StringRef> AllNames = getNames();
|
2020-01-13 11:56:59 -08:00
|
|
|
if (AllNames.size() > 1) {
|
|
|
|
|
OS << "\n All names : ";
|
2021-04-08 00:19:26 -07:00
|
|
|
const char *Sep = "";
|
2022-05-13 20:14:17 +01:00
|
|
|
for (const StringRef &Name : AllNames) {
|
2020-01-13 11:56:59 -08:00
|
|
|
OS << Sep << Name;
|
2016-06-10 17:13:05 -07:00
|
|
|
Sep = "\n ";
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-24 18:07:06 -07:00
|
|
|
OS << "\n Number : " << FunctionNumber;
|
|
|
|
|
OS << "\n State : " << CurrentState;
|
|
|
|
|
OS << "\n Address : 0x" << Twine::utohexstr(Address);
|
|
|
|
|
OS << "\n Size : 0x" << Twine::utohexstr(Size);
|
|
|
|
|
OS << "\n MaxSize : 0x" << Twine::utohexstr(MaxSize);
|
|
|
|
|
OS << "\n Offset : 0x" << Twine::utohexstr(getFileOffset());
|
|
|
|
|
OS << "\n Section : " << SectionName;
|
|
|
|
|
OS << "\n Orc Section : " << getCodeSectionName();
|
|
|
|
|
OS << "\n LSDA : 0x" << Twine::utohexstr(getLSDAAddress());
|
|
|
|
|
OS << "\n IsSimple : " << IsSimple;
|
|
|
|
|
OS << "\n IsMultiEntry: " << isMultiEntry();
|
|
|
|
|
OS << "\n IsSplit : " << isSplit();
|
|
|
|
|
OS << "\n BB Count : " << size();
|
2016-12-21 17:13:56 -08:00
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
if (HasUnknownControlFlow)
|
2019-06-28 09:21:27 -07:00
|
|
|
OS << "\n Unknown CF : true";
|
2021-12-14 16:52:51 -08:00
|
|
|
if (getPersonalityFunction())
|
2020-06-22 13:08:28 -07:00
|
|
|
OS << "\n Personality : " << getPersonalityFunction()->getName();
|
2021-12-14 16:52:51 -08:00
|
|
|
if (IsFragment)
|
[BOLT] Basic support for split functions
Summary:
This adds very basic and limited support for split functions.
In non-relocation mode, split functions are ignored, while their debug
info is properly updated. No support in the relocation mode yet.
Split functions consist of a main body and one or more fragments.
For fragments, the main part is called their parent. Any fragment
could only be entered via its parent or another fragment.
The short-term goal is to correctly update debug information for split
functions, while the long-term goal is to have a complete support
including full optimization. Note that if we don't detect split
bodies, we would have to add multiple entry points via tail calls,
which we would rather avoid.
Parent functions and fragments are represented by a `BinaryFunction`
and are marked accordingly. For now they are marked as non-simple, and
thus only supported in non-relocation mode. Once we start building a
CFG, it should be a common graph (i.e. the one that includes all
fragments) in the parent function.
The function discovery is unchanged, except for the detection of
`\.cold\.` pattern in the function name, which automatically marks the
function as a fragment of another function.
Because of the local function name ambiguity, we cannot rely on the
function name to establish child fragment and parent relationship.
Instead we rely on disassembly processing.
`BinaryContext::getBinaryFunctionContainingAddress()` now returns a
parent function if an address from its fragment is passed.
There's no jump table support at the moment. Jump tables can have
source and destinations in both fragment and parent.
Parent functions that enter their fragments via C++ exception handling
mechanism are not yet supported.
(cherry picked from FBD14970569)
2019-04-16 10:24:34 -07:00
|
|
|
OS << "\n IsFragment : true";
|
2021-12-14 16:52:51 -08:00
|
|
|
if (isFolded())
|
2020-04-16 00:02:35 -07:00
|
|
|
OS << "\n FoldedInto : " << *getFoldedIntoFunction();
|
2021-12-14 16:52:51 -08:00
|
|
|
for (BinaryFunction *ParentFragment : ParentFragments)
|
2020-09-14 15:48:32 -07:00
|
|
|
OS << "\n Parent : " << *ParentFragment;
|
[BOLT] Basic support for split functions
Summary:
This adds very basic and limited support for split functions.
In non-relocation mode, split functions are ignored, while their debug
info is properly updated. No support in the relocation mode yet.
Split functions consist of a main body and one or more fragments.
For fragments, the main part is called their parent. Any fragment
could only be entered via its parent or another fragment.
The short-term goal is to correctly update debug information for split
functions, while the long-term goal is to have a complete support
including full optimization. Note that if we don't detect split
bodies, we would have to add multiple entry points via tail calls,
which we would rather avoid.
Parent functions and fragments are represented by a `BinaryFunction`
and are marked accordingly. For now they are marked as non-simple, and
thus only supported in non-relocation mode. Once we start building a
CFG, it should be a common graph (i.e. the one that includes all
fragments) in the parent function.
The function discovery is unchanged, except for the detection of
`\.cold\.` pattern in the function name, which automatically marks the
function as a fragment of another function.
Because of the local function name ambiguity, we cannot rely on the
function name to establish child fragment and parent relationship.
Instead we rely on disassembly processing.
`BinaryContext::getBinaryFunctionContainingAddress()` now returns a
parent function if an address from its fragment is passed.
There's no jump table support at the moment. Jump tables can have
source and destinations in both fragment and parent.
Parent functions that enter their fragments via C++ exception handling
mechanism are not yet supported.
(cherry picked from FBD14970569)
2019-04-16 10:24:34 -07:00
|
|
|
if (!Fragments.empty()) {
|
|
|
|
|
OS << "\n Fragments : ";
|
2022-05-24 18:28:42 -07:00
|
|
|
ListSeparator LS;
|
|
|
|
|
for (BinaryFunction *Frag : Fragments)
|
|
|
|
|
OS << LS << *Frag;
|
[BOLT] Basic support for split functions
Summary:
This adds very basic and limited support for split functions.
In non-relocation mode, split functions are ignored, while their debug
info is properly updated. No support in the relocation mode yet.
Split functions consist of a main body and one or more fragments.
For fragments, the main part is called their parent. Any fragment
could only be entered via its parent or another fragment.
The short-term goal is to correctly update debug information for split
functions, while the long-term goal is to have a complete support
including full optimization. Note that if we don't detect split
bodies, we would have to add multiple entry points via tail calls,
which we would rather avoid.
Parent functions and fragments are represented by a `BinaryFunction`
and are marked accordingly. For now they are marked as non-simple, and
thus only supported in non-relocation mode. Once we start building a
CFG, it should be a common graph (i.e. the one that includes all
fragments) in the parent function.
The function discovery is unchanged, except for the detection of
`\.cold\.` pattern in the function name, which automatically marks the
function as a fragment of another function.
Because of the local function name ambiguity, we cannot rely on the
function name to establish child fragment and parent relationship.
Instead we rely on disassembly processing.
`BinaryContext::getBinaryFunctionContainingAddress()` now returns a
parent function if an address from its fragment is passed.
There's no jump table support at the moment. Jump tables can have
source and destinations in both fragment and parent.
Parent functions that enter their fragments via C++ exception handling
mechanism are not yet supported.
(cherry picked from FBD14970569)
2019-04-16 10:24:34 -07:00
|
|
|
}
|
2021-12-14 16:52:51 -08:00
|
|
|
if (hasCFG())
|
|
|
|
|
OS << "\n Hash : " << Twine::utohexstr(computeHash());
|
2020-04-19 22:29:54 -07:00
|
|
|
if (isMultiEntry()) {
|
|
|
|
|
OS << "\n Secondary Entry Points : ";
|
2022-05-24 18:28:42 -07:00
|
|
|
ListSeparator LS;
|
|
|
|
|
for (const auto &KV : SecondaryEntryPoints)
|
|
|
|
|
OS << LS << KV.second->getName();
|
2020-04-19 22:29:54 -07:00
|
|
|
}
|
2021-12-14 16:52:51 -08:00
|
|
|
if (FrameInstructions.size())
|
|
|
|
|
OS << "\n CFI Instrs : " << FrameInstructions.size();
|
2022-07-16 17:23:21 -07:00
|
|
|
if (!Layout.block_empty()) {
|
2015-10-23 15:52:59 -07:00
|
|
|
OS << "\n BB Layout : ";
|
2022-05-24 18:28:42 -07:00
|
|
|
ListSeparator LS;
|
2022-07-16 17:23:21 -07:00
|
|
|
for (const BinaryBasicBlock *BB : Layout.blocks())
|
2022-05-24 18:28:42 -07:00
|
|
|
OS << LS << BB->getName();
|
2015-10-23 15:52:59 -07:00
|
|
|
}
|
2022-08-24 18:07:06 -07:00
|
|
|
if (getImageAddress())
|
|
|
|
|
OS << "\n Image : 0x" << Twine::utohexstr(getImageAddress());
|
2016-06-15 18:36:16 -07:00
|
|
|
if (ExecutionCount != COUNT_NO_PROFILE) {
|
2015-10-12 12:30:47 -07:00
|
|
|
OS << "\n Exec Count : " << ExecutionCount;
|
2023-02-16 10:52:04 -08:00
|
|
|
OS << "\n Branch Count: " << RawBranchCount;
|
2016-06-15 18:36:16 -07:00
|
|
|
OS << "\n Profile Acc : " << format("%.1f%%", ProfileMatchRatio * 100.0f);
|
|
|
|
|
}
|
2015-10-23 15:52:59 -07:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
if (opts::PrintDynoStats && !getLayout().block_empty()) {
|
2016-09-16 15:54:32 -07:00
|
|
|
OS << '\n';
|
2019-04-29 12:51:10 -07:00
|
|
|
DynoStats dynoStats = getDynoStats(*this);
|
2016-08-29 21:11:22 -07:00
|
|
|
OS << dynoStats;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-12 12:30:47 -07:00
|
|
|
OS << "\n}\n";
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2022-12-20 15:16:32 -08:00
|
|
|
if (opts::PrintDynoStatsOnly || !BC.InstPrinter)
|
2015-10-09 17:21:14 -07:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// Offset of the instruction in function.
|
2021-05-13 10:50:47 -07:00
|
|
|
uint64_t Offset = 0;
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2025-02-06 00:25:48 -08:00
|
|
|
auto printConstantIslandInRange = [&](uint64_t Start, uint64_t End) {
|
|
|
|
|
assert(Start <= End && "Invalid range");
|
|
|
|
|
std::optional<uint64_t> IslandOffset = getIslandInRange(Start, End);
|
2025-02-05 22:41:40 -08:00
|
|
|
|
|
|
|
|
if (!IslandOffset)
|
|
|
|
|
return;
|
|
|
|
|
|
2025-02-20 11:16:01 -08:00
|
|
|
// Print label if it exists at this offset.
|
|
|
|
|
if (const BinaryData *BD =
|
|
|
|
|
BC.getBinaryDataAtAddress(getAddress() + *IslandOffset))
|
|
|
|
|
OS << BD->getName() << ":\n";
|
|
|
|
|
|
2025-02-05 22:41:40 -08:00
|
|
|
const size_t IslandSize = getSizeOfDataInCodeAt(*IslandOffset);
|
|
|
|
|
BC.printData(OS, BC.extractData(getAddress() + *IslandOffset, IslandSize),
|
|
|
|
|
*IslandOffset);
|
|
|
|
|
};
|
|
|
|
|
|
2017-11-04 19:22:05 -07:00
|
|
|
if (BasicBlocks.empty() && !Instructions.empty()) {
|
2015-10-09 17:21:14 -07:00
|
|
|
// Print before CFG was built.
|
2025-02-05 22:41:40 -08:00
|
|
|
uint64_t PrevOffset = 0;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const std::pair<const uint32_t, MCInst> &II : Instructions) {
|
2016-06-15 18:36:16 -07:00
|
|
|
Offset = II.first;
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2025-02-05 22:41:40 -08:00
|
|
|
// Print any constant islands inbeetween the instructions.
|
|
|
|
|
printConstantIslandInRange(PrevOffset, Offset);
|
|
|
|
|
|
2015-10-09 17:21:14 -07:00
|
|
|
// Print label if exists at this offset.
|
|
|
|
|
auto LI = Labels.find(Offset);
|
2020-04-19 22:29:54 -07:00
|
|
|
if (LI != Labels.end()) {
|
2021-04-08 00:19:26 -07:00
|
|
|
if (const MCSymbol *EntrySymbol =
|
|
|
|
|
getSecondaryEntryPointSymbol(LI->second))
|
2020-04-19 22:29:54 -07:00
|
|
|
OS << EntrySymbol->getName() << " (Entry Point):\n";
|
2015-10-09 17:21:14 -07:00
|
|
|
OS << LI->second->getName() << ":\n";
|
2020-04-19 22:29:54 -07:00
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2017-11-04 19:22:05 -07:00
|
|
|
BC.printInstruction(OS, II.second, Offset, this);
|
2025-02-05 22:41:40 -08:00
|
|
|
|
|
|
|
|
PrevOffset = Offset;
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
2025-02-05 22:41:40 -08:00
|
|
|
|
|
|
|
|
// Print any data at the end of the function.
|
|
|
|
|
printConstantIslandInRange(PrevOffset, getMaxSize());
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
StringRef SplitPointMsg = "";
|
2022-08-24 17:47:01 -07:00
|
|
|
for (const FunctionFragment &FF : Layout.fragments()) {
|
2022-07-16 17:23:21 -07:00
|
|
|
OS << SplitPointMsg;
|
|
|
|
|
SplitPointMsg = "------- HOT-COLD SPLIT POINT -------\n\n";
|
2022-08-17 14:51:29 -07:00
|
|
|
for (const BinaryBasicBlock *BB : FF) {
|
2022-07-16 17:23:21 -07:00
|
|
|
OS << BB->getName() << " (" << BB->size()
|
|
|
|
|
<< " instructions, align : " << BB->getAlignment() << ")\n";
|
|
|
|
|
|
2023-11-23 15:28:31 -05:00
|
|
|
if (opts::PrintOutputAddressRange)
|
|
|
|
|
OS << formatv(" Output Address Range: [{0:x}, {1:x}) ({2} bytes)\n",
|
|
|
|
|
BB->getOutputAddressRange().first,
|
|
|
|
|
BB->getOutputAddressRange().second, BB->getOutputSize());
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
if (isEntryPoint(*BB)) {
|
|
|
|
|
if (MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB))
|
|
|
|
|
OS << " Secondary Entry Point: " << EntrySymbol->getName() << '\n';
|
|
|
|
|
else
|
|
|
|
|
OS << " Entry Point\n";
|
|
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
if (BB->isLandingPad())
|
|
|
|
|
OS << " Landing Pad\n";
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
uint64_t BBExecCount = BB->getExecutionCount();
|
|
|
|
|
if (hasValidProfile()) {
|
|
|
|
|
OS << " Exec Count : ";
|
|
|
|
|
if (BB->getExecutionCount() != BinaryBasicBlock::COUNT_NO_PROFILE)
|
|
|
|
|
OS << BBExecCount << '\n';
|
|
|
|
|
else
|
|
|
|
|
OS << "<unknown>\n";
|
|
|
|
|
}
|
2024-06-27 17:26:58 -07:00
|
|
|
if (hasCFI())
|
2022-07-16 17:23:21 -07:00
|
|
|
OS << " CFI State : " << BB->getCFIState() << '\n';
|
|
|
|
|
if (opts::EnableBAT) {
|
2023-11-06 11:25:49 -08:00
|
|
|
OS << " Input offset: 0x" << Twine::utohexstr(BB->getInputOffset())
|
2022-07-16 17:23:21 -07:00
|
|
|
<< "\n";
|
|
|
|
|
}
|
|
|
|
|
if (!BB->pred_empty()) {
|
|
|
|
|
OS << " Predecessors: ";
|
|
|
|
|
ListSeparator LS;
|
|
|
|
|
for (BinaryBasicBlock *Pred : BB->predecessors())
|
|
|
|
|
OS << LS << Pred->getName();
|
|
|
|
|
OS << '\n';
|
2019-04-09 11:27:23 -07:00
|
|
|
}
|
2022-07-16 17:23:21 -07:00
|
|
|
if (!BB->throw_empty()) {
|
|
|
|
|
OS << " Throwers: ";
|
|
|
|
|
ListSeparator LS;
|
|
|
|
|
for (BinaryBasicBlock *Throw : BB->throwers())
|
|
|
|
|
OS << LS << Throw->getName();
|
|
|
|
|
OS << '\n';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Offset = alignTo(Offset, BB->getAlignment());
|
|
|
|
|
|
|
|
|
|
// Note: offsets are imprecise since this is happening prior to
|
|
|
|
|
// relaxation.
|
|
|
|
|
Offset = BC.printInstructions(OS, BB->begin(), BB->end(), Offset, this);
|
|
|
|
|
|
|
|
|
|
if (!BB->succ_empty()) {
|
|
|
|
|
OS << " Successors: ";
|
|
|
|
|
// For more than 2 successors, sort them based on frequency.
|
|
|
|
|
std::vector<uint64_t> Indices(BB->succ_size());
|
|
|
|
|
std::iota(Indices.begin(), Indices.end(), 0);
|
|
|
|
|
if (BB->succ_size() > 2 && BB->getKnownExecutionCount()) {
|
|
|
|
|
llvm::stable_sort(Indices, [&](const uint64_t A, const uint64_t B) {
|
|
|
|
|
return BB->BranchInfo[B] < BB->BranchInfo[A];
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
ListSeparator LS;
|
|
|
|
|
for (unsigned I = 0; I < Indices.size(); ++I) {
|
|
|
|
|
BinaryBasicBlock *Succ = BB->Successors[Indices[I]];
|
|
|
|
|
const BinaryBasicBlock::BinaryBranchInfo &BI =
|
|
|
|
|
BB->BranchInfo[Indices[I]];
|
|
|
|
|
OS << LS << Succ->getName();
|
|
|
|
|
if (ExecutionCount != COUNT_NO_PROFILE &&
|
|
|
|
|
BI.MispredictedCount != BinaryBasicBlock::COUNT_INFERRED) {
|
|
|
|
|
OS << " (mispreds: " << BI.MispredictedCount
|
|
|
|
|
<< ", count: " << BI.Count << ")";
|
|
|
|
|
} else if (ExecutionCount != COUNT_NO_PROFILE &&
|
|
|
|
|
BI.Count != BinaryBasicBlock::COUNT_NO_PROFILE) {
|
|
|
|
|
OS << " (inferred count: " << BI.Count << ")";
|
|
|
|
|
}
|
2015-10-13 10:25:45 -07:00
|
|
|
}
|
2022-07-16 17:23:21 -07:00
|
|
|
OS << '\n';
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
if (!BB->lp_empty()) {
|
|
|
|
|
OS << " Landing Pads: ";
|
|
|
|
|
ListSeparator LS;
|
|
|
|
|
for (BinaryBasicBlock *LP : BB->landing_pads()) {
|
|
|
|
|
OS << LS << LP->getName();
|
|
|
|
|
if (ExecutionCount != COUNT_NO_PROFILE) {
|
|
|
|
|
OS << " (count: " << LP->getExecutionCount() << ")";
|
|
|
|
|
}
|
2016-05-26 15:10:09 -07:00
|
|
|
}
|
2022-07-16 17:23:21 -07:00
|
|
|
OS << '\n';
|
2016-05-26 15:10:09 -07:00
|
|
|
}
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
// In CFG_Finalized state we can miscalculate CFI state at exit.
|
2024-06-27 17:26:58 -07:00
|
|
|
if (CurrentState == State::CFG && hasCFI()) {
|
2022-07-16 17:23:21 -07:00
|
|
|
const int32_t CFIStateAtExit = BB->getCFIStateAtExit();
|
|
|
|
|
if (CFIStateAtExit >= 0)
|
|
|
|
|
OS << " CFI State: " << CFIStateAtExit << '\n';
|
|
|
|
|
}
|
2017-02-24 21:59:33 -08:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
OS << '\n';
|
|
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2015-11-13 14:18:45 -08:00
|
|
|
// Dump new exception ranges for the function.
|
|
|
|
|
if (!CallSites.empty()) {
|
|
|
|
|
OS << "EH table:\n";
|
2022-09-08 17:10:27 -07:00
|
|
|
for (const FunctionFragment &FF : getLayout().fragments()) {
|
|
|
|
|
for (const auto &FCSI : getCallSites(FF.getFragmentNum())) {
|
|
|
|
|
const CallSite &CSI = FCSI.second;
|
|
|
|
|
OS << " [" << *CSI.Start << ", " << *CSI.End << ") landing pad : ";
|
|
|
|
|
if (CSI.LP)
|
|
|
|
|
OS << *CSI.LP;
|
|
|
|
|
else
|
|
|
|
|
OS << "0";
|
|
|
|
|
OS << ", action : " << CSI.Action << '\n';
|
|
|
|
|
}
|
2015-11-13 14:18:45 -08:00
|
|
|
}
|
|
|
|
|
OS << '\n';
|
2015-11-04 16:48:47 -08:00
|
|
|
}
|
|
|
|
|
|
2016-09-16 15:54:32 -07:00
|
|
|
// Print all jump tables.
|
2021-12-20 11:07:46 -08:00
|
|
|
for (const std::pair<const uint64_t, JumpTable *> &JTI : JumpTables)
|
2017-11-14 20:05:11 -08:00
|
|
|
JTI.second->print(OS);
|
2016-09-14 16:45:40 -07:00
|
|
|
|
2015-11-08 12:23:54 -08:00
|
|
|
OS << "DWARF CFI Instructions:\n";
|
|
|
|
|
if (OffsetToCFI.size()) {
|
|
|
|
|
// Pre-buildCFG information
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const std::pair<const uint32_t, uint32_t> &Elmt : OffsetToCFI) {
|
2015-11-08 12:23:54 -08:00
|
|
|
OS << format(" %08x:\t", Elmt.first);
|
|
|
|
|
assert(Elmt.second < FrameInstructions.size() && "Incorrect CFI offset");
|
2017-05-01 16:52:54 -07:00
|
|
|
BinaryContext::printCFI(OS, FrameInstructions[Elmt.second]);
|
2015-11-08 12:23:54 -08:00
|
|
|
OS << "\n";
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// Post-buildCFG information
|
|
|
|
|
for (uint32_t I = 0, E = FrameInstructions.size(); I != E; ++I) {
|
|
|
|
|
const MCCFIInstruction &CFI = FrameInstructions[I];
|
|
|
|
|
OS << format(" %d:\t", I);
|
2017-05-01 16:52:54 -07:00
|
|
|
BinaryContext::printCFI(OS, CFI);
|
2015-11-08 12:23:54 -08:00
|
|
|
OS << "\n";
|
2015-11-04 16:48:47 -08:00
|
|
|
}
|
|
|
|
|
}
|
2015-11-08 12:23:54 -08:00
|
|
|
if (FrameInstructions.empty())
|
|
|
|
|
OS << " <empty>\n";
|
2015-11-04 16:48:47 -08:00
|
|
|
|
2016-08-07 12:35:23 -07:00
|
|
|
OS << "End of Function \"" << *this << "\"\n\n";
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
void BinaryFunction::printRelocations(raw_ostream &OS, uint64_t Offset,
|
2017-10-20 12:11:34 -07:00
|
|
|
uint64_t Size) const {
|
2018-07-12 10:13:03 -07:00
|
|
|
const char *Sep = " # Relocs: ";
|
2017-10-20 12:11:34 -07:00
|
|
|
|
|
|
|
|
auto RI = Relocations.lower_bound(Offset);
|
|
|
|
|
while (RI != Relocations.end() && RI->first < Offset + Size) {
|
|
|
|
|
OS << Sep << "(R: " << RI->second << ")";
|
|
|
|
|
Sep = ", ";
|
|
|
|
|
++RI;
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-11-27 12:58:21 -08:00
|
|
|
|
2023-02-06 17:38:20 -08:00
|
|
|
static std::string mutateDWARFExpressionTargetReg(const MCCFIInstruction &Instr,
|
|
|
|
|
MCPhysReg NewReg) {
|
2020-12-01 16:29:39 -08:00
|
|
|
StringRef ExprBytes = Instr.getValues();
|
|
|
|
|
assert(ExprBytes.size() > 1 && "DWARF expression CFI is too short");
|
|
|
|
|
uint8_t Opcode = ExprBytes[0];
|
|
|
|
|
assert((Opcode == dwarf::DW_CFA_expression ||
|
|
|
|
|
Opcode == dwarf::DW_CFA_val_expression) &&
|
|
|
|
|
"invalid DWARF expression CFI");
|
2022-05-13 19:56:45 +01:00
|
|
|
(void)Opcode;
|
2020-12-01 16:29:39 -08:00
|
|
|
const uint8_t *const Start =
|
|
|
|
|
reinterpret_cast<const uint8_t *>(ExprBytes.drop_front(1).data());
|
|
|
|
|
const uint8_t *const End =
|
|
|
|
|
reinterpret_cast<const uint8_t *>(Start + ExprBytes.size() - 1);
|
|
|
|
|
unsigned Size = 0;
|
|
|
|
|
decodeULEB128(Start, &Size, End);
|
|
|
|
|
assert(Size > 0 && "Invalid reg encoding for DWARF expression CFI");
|
|
|
|
|
SmallString<8> Tmp;
|
|
|
|
|
raw_svector_ostream OSE(Tmp);
|
|
|
|
|
encodeULEB128(NewReg, OSE);
|
|
|
|
|
return Twine(ExprBytes.slice(0, 1))
|
|
|
|
|
.concat(OSE.str())
|
|
|
|
|
.concat(ExprBytes.drop_front(1 + Size))
|
|
|
|
|
.str();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BinaryFunction::mutateCFIRegisterFor(const MCInst &Instr,
|
|
|
|
|
MCPhysReg NewReg) {
|
|
|
|
|
const MCCFIInstruction *OldCFI = getCFIFor(Instr);
|
|
|
|
|
assert(OldCFI && "invalid CFI instr");
|
|
|
|
|
switch (OldCFI->getOperation()) {
|
|
|
|
|
default:
|
|
|
|
|
llvm_unreachable("Unexpected instruction");
|
|
|
|
|
case MCCFIInstruction::OpDefCfa:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::cfiDefCfa(nullptr, NewReg,
|
|
|
|
|
OldCFI->getOffset()));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpDefCfaRegister:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createDefCfaRegister(nullptr, NewReg));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpOffset:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createOffset(nullptr, NewReg,
|
|
|
|
|
OldCFI->getOffset()));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpRegister:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createRegister(nullptr, NewReg,
|
|
|
|
|
OldCFI->getRegister2()));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpSameValue:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createSameValue(nullptr, NewReg));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpEscape:
|
|
|
|
|
setCFIFor(Instr,
|
|
|
|
|
MCCFIInstruction::createEscape(
|
|
|
|
|
nullptr,
|
|
|
|
|
StringRef(mutateDWARFExpressionTargetReg(*OldCFI, NewReg))));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpRestore:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createRestore(nullptr, NewReg));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpUndefined:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createUndefined(nullptr, NewReg));
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const MCCFIInstruction *BinaryFunction::mutateCFIOffsetFor(const MCInst &Instr,
|
|
|
|
|
int64_t NewOffset) {
|
|
|
|
|
const MCCFIInstruction *OldCFI = getCFIFor(Instr);
|
|
|
|
|
assert(OldCFI && "invalid CFI instr");
|
|
|
|
|
switch (OldCFI->getOperation()) {
|
|
|
|
|
default:
|
|
|
|
|
llvm_unreachable("Unexpected instruction");
|
|
|
|
|
case MCCFIInstruction::OpDefCfaOffset:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::cfiDefCfaOffset(nullptr, NewOffset));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpAdjustCfaOffset:
|
|
|
|
|
setCFIFor(Instr,
|
|
|
|
|
MCCFIInstruction::createAdjustCfaOffset(nullptr, NewOffset));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpDefCfa:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::cfiDefCfa(nullptr, OldCFI->getRegister(),
|
|
|
|
|
NewOffset));
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpOffset:
|
|
|
|
|
setCFIFor(Instr, MCCFIInstruction::createOffset(
|
|
|
|
|
nullptr, OldCFI->getRegister(), NewOffset));
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return getCFIFor(Instr);
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-06 11:22:45 -07:00
|
|
|
IndirectBranchType
|
2021-12-14 16:52:51 -08:00
|
|
|
BinaryFunction::processIndirectBranch(MCInst &Instruction, unsigned Size,
|
2018-08-06 11:22:45 -07:00
|
|
|
uint64_t Offset,
|
|
|
|
|
uint64_t &TargetAddress) {
|
2021-03-23 13:41:41 -07:00
|
|
|
const unsigned PtrSize = BC.AsmInfo->getCodePointerSize();
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
// The instruction referencing memory used by the branch instruction.
|
|
|
|
|
// It could be the branch instruction itself or one of the instructions
|
|
|
|
|
// setting the value of the register used by the branch.
|
2017-10-20 12:11:34 -07:00
|
|
|
MCInst *MemLocInstr;
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2024-05-09 12:35:45 -07:00
|
|
|
// The instruction loading the fixed PIC jump table entry value.
|
|
|
|
|
MCInst *FixedEntryLoadInstr;
|
|
|
|
|
|
2016-09-27 19:09:38 -07:00
|
|
|
// Address of the table referenced by MemLocInstr. Could be either an
|
|
|
|
|
// array of function pointers, or a jump table.
|
|
|
|
|
uint64_t ArrayStart = 0;
|
|
|
|
|
|
2017-11-01 10:26:07 -07:00
|
|
|
unsigned BaseRegNum, IndexRegNum;
|
|
|
|
|
int64_t DispValue;
|
|
|
|
|
const MCExpr *DispExpr;
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2017-10-16 11:12:22 -07:00
|
|
|
// In AArch, identify the instruction adding the PC-relative offset to
|
|
|
|
|
// jump table entries to correctly decode it.
|
|
|
|
|
MCInst *PCRelBaseInstr;
|
|
|
|
|
uint64_t PCRelAddr = 0;
|
|
|
|
|
|
2017-11-04 19:22:05 -07:00
|
|
|
auto Begin = Instructions.begin();
|
2018-03-20 14:34:58 -07:00
|
|
|
if (BC.isAArch64()) {
|
2017-10-16 11:12:22 -07:00
|
|
|
// Start at the last label as an approximation of the current basic block.
|
|
|
|
|
// This is a heuristic, since the full set of labels have yet to be
|
|
|
|
|
// determined
|
2023-01-03 17:31:44 -08:00
|
|
|
for (const uint32_t Offset :
|
|
|
|
|
llvm::make_first_range(llvm::reverse(Labels))) {
|
|
|
|
|
auto II = Instructions.find(Offset);
|
2017-11-04 19:22:05 -07:00
|
|
|
if (II != Instructions.end()) {
|
|
|
|
|
Begin = II;
|
2017-10-16 11:12:22 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
IndirectBranchType BranchType = BC.MIB->analyzeIndirectBranch(
|
|
|
|
|
Instruction, Begin, Instructions.end(), PtrSize, MemLocInstr, BaseRegNum,
|
2024-05-09 12:35:45 -07:00
|
|
|
IndexRegNum, DispValue, DispExpr, PCRelBaseInstr, FixedEntryLoadInstr);
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
if (BranchType == IndirectBranchType::UNKNOWN && !MemLocInstr)
|
|
|
|
|
return BranchType;
|
2016-09-27 19:09:38 -07:00
|
|
|
|
[BOLT] Optimize jump tables with hot entries
Summary:
This diff is similar to Bill's diff for optimizing jump tables
(and is built on top of it), but it differs in the strategy used to
optimize the jump table. The previous approach loads the target address
from the jump table and compare it to check if it is a hot target. This
accomplishes branch misprediction reduction by promote the indirect jmp
to a (more predictable) direct jmp.
load %r10, JMPTABLE
cmp %r10, HOTTARGET
je HOTTARGET
ijmp [JMPTABLE + %index * scale]
The idea in this diff is instead to make dcache better by avoiding the
load of the jump table, leaving branch mispredictions as a secondary
target. To do this we compare the index used in the indirect jmp and if
it matches a known hot entry, it performs a direct jump to the target.
cmp %index, HOTINDEX
je CORRESPONDING_TARGET
ijmp [JMPTABLE + %index * scale]
The downside of this approach is that we may have multiple indices
associated with a single target, but we only have profiling to show
which targets are hot and we have no clue about which indices are hot.
INDEX TARGET
0 4004f8
8 4004f8
10 4003d0
18 4004f8
Profiling data:
TARGET COUNT
4004f8 10020
4003d0 17
In this example, we know 4004f8 is hot, but to make a direct call to it
we need to check for indices 0, 8 and 18 -- 3 comparisons instead of 1.
Therefore, once we know a target is hot, we must generate code to
compare against all possible indices associated with this target because
we don't know which index is the hot one (IF there's a hotter index).
cmp %index, 0
je 4004f8
cmp %index, 8
je 4004f8
cmp %index, 18
je 4004f8
(... up to N comparisons as in --indirect-call-promotion-topn=N )
ijmp [JMPTABLE + %index * scale]
(cherry picked from FBD5005620)
2017-05-01 14:04:40 -07:00
|
|
|
if (MemLocInstr != &Instruction)
|
2019-06-28 09:21:27 -07:00
|
|
|
IndexRegNum = BC.MIB->getNoRegister();
|
[BOLT] Optimize jump tables with hot entries
Summary:
This diff is similar to Bill's diff for optimizing jump tables
(and is built on top of it), but it differs in the strategy used to
optimize the jump table. The previous approach loads the target address
from the jump table and compare it to check if it is a hot target. This
accomplishes branch misprediction reduction by promote the indirect jmp
to a (more predictable) direct jmp.
load %r10, JMPTABLE
cmp %r10, HOTTARGET
je HOTTARGET
ijmp [JMPTABLE + %index * scale]
The idea in this diff is instead to make dcache better by avoiding the
load of the jump table, leaving branch mispredictions as a secondary
target. To do this we compare the index used in the indirect jmp and if
it matches a known hot entry, it performs a direct jump to the target.
cmp %index, HOTINDEX
je CORRESPONDING_TARGET
ijmp [JMPTABLE + %index * scale]
The downside of this approach is that we may have multiple indices
associated with a single target, but we only have profiling to show
which targets are hot and we have no clue about which indices are hot.
INDEX TARGET
0 4004f8
8 4004f8
10 4003d0
18 4004f8
Profiling data:
TARGET COUNT
4004f8 10020
4003d0 17
In this example, we know 4004f8 is hot, but to make a direct call to it
we need to check for indices 0, 8 and 18 -- 3 comparisons instead of 1.
Therefore, once we know a target is hot, we must generate code to
compare against all possible indices associated with this target because
we don't know which index is the hot one (IF there's a hotter index).
cmp %index, 0
je 4004f8
cmp %index, 8
je 4004f8
cmp %index, 18
je 4004f8
(... up to N comparisons as in --indirect-call-promotion-topn=N )
ijmp [JMPTABLE + %index * scale]
(cherry picked from FBD5005620)
2017-05-01 14:04:40 -07:00
|
|
|
|
2018-03-20 14:34:58 -07:00
|
|
|
if (BC.isAArch64()) {
|
2021-03-23 13:41:41 -07:00
|
|
|
const MCSymbol *Sym = BC.MIB->getTargetSymbol(*PCRelBaseInstr, 1);
|
|
|
|
|
assert(Sym && "Symbol extraction failed");
|
2021-04-08 00:19:26 -07:00
|
|
|
ErrorOr<uint64_t> SymValueOrError = BC.getSymbolValue(*Sym);
|
2019-06-04 15:30:22 -07:00
|
|
|
if (SymValueOrError) {
|
|
|
|
|
PCRelAddr = *SymValueOrError;
|
2017-10-16 11:12:22 -07:00
|
|
|
} else {
|
2021-04-08 00:19:26 -07:00
|
|
|
for (std::pair<const uint32_t, MCSymbol *> &Elmt : Labels) {
|
2017-10-16 11:12:22 -07:00
|
|
|
if (Elmt.second == Sym) {
|
|
|
|
|
PCRelAddr = Elmt.first + getAddress();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
uint64_t InstrAddr = 0;
|
2017-11-04 19:22:05 -07:00
|
|
|
for (auto II = Instructions.rbegin(); II != Instructions.rend(); ++II) {
|
|
|
|
|
if (&II->second == PCRelBaseInstr) {
|
2017-10-16 11:12:22 -07:00
|
|
|
InstrAddr = II->first + getAddress();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
assert(InstrAddr != 0 && "instruction not found");
|
|
|
|
|
// We do this to avoid spurious references to code locations outside this
|
|
|
|
|
// function (for example, if the indirect jump lives in the last basic
|
|
|
|
|
// block of the function, it will create a reference to the next function).
|
|
|
|
|
// This replaces a symbol reference with an immediate.
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->replaceMemOperandDisp(*PCRelBaseInstr,
|
2017-10-16 11:12:22 -07:00
|
|
|
MCOperand::createImm(PCRelAddr - InstrAddr));
|
|
|
|
|
// FIXME: Disable full jump table processing for AArch64 until we have a
|
|
|
|
|
// proper way of determining the jump table limits.
|
|
|
|
|
return IndirectBranchType::UNKNOWN;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-24 15:33:25 -07:00
|
|
|
auto getExprValue = [&](const MCExpr *Expr) {
|
2017-11-14 20:05:11 -08:00
|
|
|
const MCSymbol *TargetSym;
|
|
|
|
|
uint64_t TargetOffset;
|
2024-05-24 15:33:25 -07:00
|
|
|
std::tie(TargetSym, TargetOffset) = BC.MIB->getTargetSymbolInfo(Expr);
|
2021-04-08 00:19:26 -07:00
|
|
|
ErrorOr<uint64_t> SymValueOrError = BC.getSymbolValue(*TargetSym);
|
2024-05-24 15:33:25 -07:00
|
|
|
assert(SymValueOrError && "Global symbol needs a value");
|
|
|
|
|
return *SymValueOrError + TargetOffset;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// RIP-relative addressing should be converted to symbol form by now
|
|
|
|
|
// in processed instructions (but not in jump).
|
|
|
|
|
if (DispExpr) {
|
|
|
|
|
ArrayStart = getExprValue(DispExpr);
|
2019-06-28 09:21:27 -07:00
|
|
|
BaseRegNum = BC.MIB->getNoRegister();
|
2018-03-20 14:34:58 -07:00
|
|
|
if (BC.isAArch64()) {
|
2017-10-16 11:12:22 -07:00
|
|
|
ArrayStart &= ~0xFFFULL;
|
|
|
|
|
ArrayStart += DispValue & 0xFFFULL;
|
|
|
|
|
}
|
2016-09-27 19:09:38 -07:00
|
|
|
} else {
|
|
|
|
|
ArrayStart = static_cast<uint64_t>(DispValue);
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-01 10:26:07 -07:00
|
|
|
if (BaseRegNum == BC.MRI->getProgramCounter())
|
|
|
|
|
ArrayStart += getAddress() + Offset + Size;
|
|
|
|
|
|
2024-05-09 12:35:45 -07:00
|
|
|
if (FixedEntryLoadInstr) {
|
|
|
|
|
assert(BranchType == IndirectBranchType::POSSIBLE_PIC_FIXED_BRANCH &&
|
|
|
|
|
"Invalid IndirectBranch type");
|
|
|
|
|
MCInst::iterator FixedEntryDispOperand =
|
|
|
|
|
BC.MIB->getMemOperandDisp(*FixedEntryLoadInstr);
|
|
|
|
|
assert(FixedEntryDispOperand != FixedEntryLoadInstr->end() &&
|
|
|
|
|
"Invalid memory instruction");
|
|
|
|
|
const MCExpr *FixedEntryDispExpr = FixedEntryDispOperand->getExpr();
|
|
|
|
|
const uint64_t EntryAddress = getExprValue(FixedEntryDispExpr);
|
|
|
|
|
uint64_t EntrySize = BC.getJumpTableEntrySize(JumpTable::JTT_PIC);
|
|
|
|
|
ErrorOr<int64_t> Value =
|
|
|
|
|
BC.getSignedValueAtAddress(EntryAddress, EntrySize);
|
|
|
|
|
if (!Value)
|
|
|
|
|
return IndirectBranchType::UNKNOWN;
|
|
|
|
|
|
|
|
|
|
BC.outs() << "BOLT-INFO: fixed PIC indirect branch detected in " << *this
|
|
|
|
|
<< " at 0x" << Twine::utohexstr(getAddress() + Offset)
|
|
|
|
|
<< " referencing data at 0x" << Twine::utohexstr(EntryAddress)
|
|
|
|
|
<< " the destination value is 0x"
|
|
|
|
|
<< Twine::utohexstr(ArrayStart + *Value) << '\n';
|
|
|
|
|
|
|
|
|
|
TargetAddress = ArrayStart + *Value;
|
|
|
|
|
|
|
|
|
|
// Remove spurious JumpTable at EntryAddress caused by PIC reference from
|
|
|
|
|
// the load instruction.
|
|
|
|
|
BC.deleteJumpTable(EntryAddress);
|
|
|
|
|
|
|
|
|
|
// Replace FixedEntryDispExpr used in target address calculation with outer
|
|
|
|
|
// jump table reference.
|
|
|
|
|
JumpTable *JT = BC.getJumpTableContainingAddress(ArrayStart);
|
|
|
|
|
assert(JT && "Must have a containing jump table for PIC fixed branch");
|
|
|
|
|
BC.MIB->replaceMemOperandDisp(*FixedEntryLoadInstr, JT->getFirstLabel(),
|
|
|
|
|
EntryAddress - ArrayStart, &*BC.Ctx);
|
|
|
|
|
|
|
|
|
|
return BranchType;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: addressed memory is 0x"
|
|
|
|
|
<< Twine::utohexstr(ArrayStart) << '\n');
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
ErrorOr<BinarySection &> Section = BC.getSectionForAddress(ArrayStart);
|
2018-01-23 15:10:24 -08:00
|
|
|
if (!Section) {
|
2016-09-27 19:09:38 -07:00
|
|
|
// No section - possibly an absolute address. Since we don't allow
|
|
|
|
|
// internal function addresses to escape the function scope - we
|
|
|
|
|
// consider it a tail call.
|
|
|
|
|
if (opts::Verbosity >= 1) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: no section for address 0x"
|
|
|
|
|
<< Twine::utohexstr(ArrayStart) << " referenced from function "
|
|
|
|
|
<< *this << '\n';
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
|
|
|
|
return IndirectBranchType::POSSIBLE_TAIL_CALL;
|
|
|
|
|
}
|
2018-01-23 15:10:24 -08:00
|
|
|
if (Section->isVirtual()) {
|
2016-09-27 19:09:38 -07:00
|
|
|
// The contents are filled at runtime.
|
|
|
|
|
return IndirectBranchType::POSSIBLE_TAIL_CALL;
|
|
|
|
|
}
|
2018-08-06 11:22:45 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
if (BranchType == IndirectBranchType::POSSIBLE_FIXED_BRANCH) {
|
|
|
|
|
ErrorOr<uint64_t> Value = BC.getPointerAtAddress(ArrayStart);
|
2019-06-12 18:21:02 -07:00
|
|
|
if (!Value)
|
|
|
|
|
return IndirectBranchType::UNKNOWN;
|
2019-04-30 15:47:10 -07:00
|
|
|
|
2023-01-18 14:21:28 -08:00
|
|
|
if (BC.getSectionForAddress(ArrayStart)->isWritable())
|
2018-08-06 11:22:45 -07:00
|
|
|
return IndirectBranchType::UNKNOWN;
|
2019-06-12 18:21:02 -07:00
|
|
|
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: fixed indirect branch detected in " << *this
|
|
|
|
|
<< " at 0x" << Twine::utohexstr(getAddress() + Offset)
|
|
|
|
|
<< " referencing data at 0x" << Twine::utohexstr(ArrayStart)
|
|
|
|
|
<< " the destination value is 0x" << Twine::utohexstr(*Value)
|
|
|
|
|
<< '\n';
|
2019-06-12 18:21:02 -07:00
|
|
|
|
|
|
|
|
TargetAddress = *Value;
|
2021-03-23 13:41:41 -07:00
|
|
|
return BranchType;
|
2019-06-12 18:21:02 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if there's already a jump table registered at this address.
|
2021-03-23 13:41:41 -07:00
|
|
|
MemoryContentsType MemType;
|
|
|
|
|
if (JumpTable *JT = BC.getJumpTableContainingAddress(ArrayStart)) {
|
|
|
|
|
switch (JT->Type) {
|
|
|
|
|
case JumpTable::JTT_NORMAL:
|
|
|
|
|
MemType = MemoryContentsType::POSSIBLE_JUMP_TABLE;
|
|
|
|
|
break;
|
|
|
|
|
case JumpTable::JTT_PIC:
|
|
|
|
|
MemType = MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE;
|
|
|
|
|
break;
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
2021-03-23 13:41:41 -07:00
|
|
|
} else {
|
|
|
|
|
MemType = BC.analyzeMemoryAt(ArrayStart, *this);
|
|
|
|
|
}
|
2017-11-14 20:05:11 -08:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
// Check that jump table type in instruction pattern matches memory contents.
|
|
|
|
|
JumpTable::JumpTableType JTType;
|
|
|
|
|
if (BranchType == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE) {
|
|
|
|
|
if (MemType != MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE)
|
|
|
|
|
return IndirectBranchType::UNKNOWN;
|
|
|
|
|
JTType = JumpTable::JTT_PIC;
|
|
|
|
|
} else {
|
|
|
|
|
if (MemType == MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE)
|
|
|
|
|
return IndirectBranchType::UNKNOWN;
|
2019-06-12 18:21:02 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
if (MemType == MemoryContentsType::UNKNOWN)
|
|
|
|
|
return IndirectBranchType::POSSIBLE_TAIL_CALL;
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
BranchType = IndirectBranchType::POSSIBLE_JUMP_TABLE;
|
|
|
|
|
JTType = JumpTable::JTT_NORMAL;
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
2019-03-12 16:36:35 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
// Convert the instruction into jump table branch.
|
|
|
|
|
const MCSymbol *JTLabel = BC.getOrCreateJumpTable(*this, ArrayStart, JTType);
|
|
|
|
|
BC.MIB->replaceMemOperandDisp(*MemLocInstr, JTLabel, BC.Ctx.get());
|
|
|
|
|
BC.MIB->setJumpTable(Instruction, ArrayStart, IndexRegNum);
|
2019-06-12 18:21:02 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
JTSites.emplace_back(Offset, ArrayStart);
|
2018-08-06 11:22:45 -07:00
|
|
|
|
2021-03-23 13:41:41 -07:00
|
|
|
return BranchType;
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MCSymbol *BinaryFunction::getOrCreateLocalLabel(uint64_t Address,
|
|
|
|
|
bool CreatePastEnd) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const uint64_t Offset = Address - getAddress();
|
2016-09-27 19:09:38 -07:00
|
|
|
|
|
|
|
|
if ((Offset == getSize()) && CreatePastEnd)
|
|
|
|
|
return getFunctionEndLabel();
|
|
|
|
|
|
|
|
|
|
auto LI = Labels.find(Offset);
|
2018-04-12 10:07:11 -07:00
|
|
|
if (LI != Labels.end())
|
|
|
|
|
return LI->second;
|
|
|
|
|
|
|
|
|
|
// For AArch64, check if this address is part of a constant island.
|
2020-04-19 22:29:54 -07:00
|
|
|
if (BC.isAArch64()) {
|
2021-12-20 11:07:46 -08:00
|
|
|
if (MCSymbol *IslandSym = getOrCreateIslandAccess(Address))
|
2020-04-19 22:29:54 -07:00
|
|
|
return IslandSym;
|
2019-07-12 07:25:50 -07:00
|
|
|
}
|
2020-04-19 22:29:54 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
MCSymbol *Label = BC.Ctx->createNamedTempSymbol();
|
2020-04-19 22:29:54 -07:00
|
|
|
Labels[Offset] = Label;
|
|
|
|
|
|
|
|
|
|
return Label;
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
|
|
|
|
|
2020-02-10 15:35:11 -08:00
|
|
|
ErrorOr<ArrayRef<uint8_t>> BinaryFunction::getData() const {
|
2020-10-09 16:06:27 -07:00
|
|
|
BinarySection &Section = *getOriginSection();
|
2020-02-10 15:35:11 -08:00
|
|
|
assert(Section.containsRange(getAddress(), getMaxSize()) &&
|
|
|
|
|
"wrong section for function");
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (!Section.isText() || Section.isVirtual() || !Section.getSize())
|
2020-02-10 15:35:11 -08:00
|
|
|
return std::make_error_code(std::errc::bad_address);
|
|
|
|
|
|
|
|
|
|
StringRef SectionContents = Section.getContents();
|
|
|
|
|
|
|
|
|
|
assert(SectionContents.size() == Section.getSize() &&
|
|
|
|
|
"section size mismatch");
|
|
|
|
|
|
|
|
|
|
// Function offset from the section start.
|
2021-04-08 00:19:26 -07:00
|
|
|
uint64_t Offset = getAddress() - Section.getAddress();
|
2020-02-10 15:35:11 -08:00
|
|
|
auto *Bytes = reinterpret_cast<const uint8_t *>(SectionContents.data());
|
|
|
|
|
return ArrayRef<uint8_t>(Bytes + Offset, getMaxSize());
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-03 15:49:58 -07:00
|
|
|
size_t BinaryFunction::getSizeOfDataInCodeAt(uint64_t Offset) const {
|
2021-10-08 11:31:45 -07:00
|
|
|
if (!Islands)
|
2020-05-03 15:49:58 -07:00
|
|
|
return 0;
|
|
|
|
|
|
2023-03-14 15:36:40 -07:00
|
|
|
if (!llvm::is_contained(Islands->DataOffsets, Offset))
|
2021-10-08 11:31:45 -07:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
auto Iter = Islands->CodeOffsets.upper_bound(Offset);
|
2021-12-20 11:07:46 -08:00
|
|
|
if (Iter != Islands->CodeOffsets.end())
|
2020-05-03 15:49:58 -07:00
|
|
|
return *Iter - Offset;
|
2025-02-20 11:16:01 -08:00
|
|
|
return getMaxSize() - Offset;
|
2020-05-03 15:49:58 -07:00
|
|
|
}
|
|
|
|
|
|
2025-02-05 22:41:40 -08:00
|
|
|
std::optional<uint64_t>
|
|
|
|
|
BinaryFunction::getIslandInRange(uint64_t StartOffset,
|
|
|
|
|
uint64_t EndOffset) const {
|
|
|
|
|
if (!Islands)
|
|
|
|
|
return std::nullopt;
|
|
|
|
|
|
|
|
|
|
auto Iter = llvm::lower_bound(Islands->DataOffsets, StartOffset);
|
|
|
|
|
if (Iter != Islands->DataOffsets.end() && *Iter < EndOffset)
|
|
|
|
|
return *Iter;
|
|
|
|
|
|
|
|
|
|
return std::nullopt;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-03 15:49:58 -07:00
|
|
|
bool BinaryFunction::isZeroPaddingAt(uint64_t Offset) const {
|
|
|
|
|
ArrayRef<uint8_t> FunctionData = *getData();
|
|
|
|
|
uint64_t EndOfCode = getSize();
|
2021-10-08 11:31:45 -07:00
|
|
|
if (Islands) {
|
|
|
|
|
auto Iter = Islands->DataOffsets.upper_bound(Offset);
|
|
|
|
|
if (Iter != Islands->DataOffsets.end())
|
|
|
|
|
EndOfCode = *Iter;
|
|
|
|
|
}
|
2021-12-20 11:07:46 -08:00
|
|
|
for (uint64_t I = Offset; I < EndOfCode; ++I)
|
|
|
|
|
if (FunctionData[I] != 0)
|
2020-05-03 15:49:58 -07:00
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-12 14:51:15 -08:00
|
|
|
Error BinaryFunction::handlePCRelOperand(MCInst &Instruction, uint64_t Address,
|
|
|
|
|
uint64_t Size) {
|
2022-08-23 16:07:46 -07:00
|
|
|
auto &MIB = BC.MIB;
|
|
|
|
|
uint64_t TargetAddress = 0;
|
|
|
|
|
if (!MIB->evaluateMemOperandTarget(Instruction, TargetAddress, Address,
|
|
|
|
|
Size)) {
|
2024-02-12 14:51:15 -08:00
|
|
|
std::string Msg;
|
|
|
|
|
raw_string_ostream SS(Msg);
|
|
|
|
|
SS << "BOLT-ERROR: PC-relative operand can't be evaluated:\n";
|
|
|
|
|
BC.InstPrinter->printInst(&Instruction, 0, "", *BC.STI, SS);
|
|
|
|
|
SS << '\n';
|
|
|
|
|
Instruction.dump_pretty(SS, BC.InstPrinter.get());
|
|
|
|
|
SS << '\n';
|
|
|
|
|
SS << "BOLT-ERROR: cannot handle PC-relative operand at 0x"
|
|
|
|
|
<< Twine::utohexstr(Address) << ". Skipping function " << *this << ".\n";
|
2022-08-23 16:07:46 -07:00
|
|
|
if (BC.HasRelocations)
|
2024-02-12 14:51:15 -08:00
|
|
|
return createFatalBOLTError(Msg);
|
2022-08-23 16:07:46 -07:00
|
|
|
IsSimple = false;
|
2024-02-12 14:51:15 -08:00
|
|
|
return createNonFatalBOLTError(Msg);
|
2022-08-23 16:07:46 -07:00
|
|
|
}
|
|
|
|
|
if (TargetAddress == 0 && opts::Verbosity >= 1) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: PC-relative operand is zero in function " << *this
|
|
|
|
|
<< '\n';
|
2022-08-23 16:07:46 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const MCSymbol *TargetSymbol;
|
|
|
|
|
uint64_t TargetOffset;
|
|
|
|
|
std::tie(TargetSymbol, TargetOffset) =
|
|
|
|
|
BC.handleAddressRef(TargetAddress, *this, /*IsPCRel*/ true);
|
2022-09-16 16:20:00 -07:00
|
|
|
|
|
|
|
|
bool ReplaceSuccess = MIB->replaceMemOperandDisp(
|
|
|
|
|
Instruction, TargetSymbol, static_cast<int64_t>(TargetOffset), &*BC.Ctx);
|
|
|
|
|
(void)ReplaceSuccess;
|
|
|
|
|
assert(ReplaceSuccess && "Failed to replace mem operand with symbol+off.");
|
2024-02-12 14:51:15 -08:00
|
|
|
return Error::success();
|
2022-08-23 16:07:46 -07:00
|
|
|
}
|
|
|
|
|
|
2022-08-23 16:07:52 -07:00
|
|
|
MCSymbol *BinaryFunction::handleExternalReference(MCInst &Instruction,
|
|
|
|
|
uint64_t Size,
|
|
|
|
|
uint64_t Offset,
|
|
|
|
|
uint64_t TargetAddress,
|
|
|
|
|
bool &IsCall) {
|
|
|
|
|
auto &MIB = BC.MIB;
|
|
|
|
|
|
|
|
|
|
const uint64_t AbsoluteInstrAddr = getAddress() + Offset;
|
|
|
|
|
BC.addInterproceduralReference(this, TargetAddress);
|
|
|
|
|
if (opts::Verbosity >= 2 && !IsCall && Size == 2 && !BC.HasRelocations) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: relaxed tail call detected at 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << " in function " << *this
|
|
|
|
|
<< ". Code size will be increased.\n";
|
2022-08-23 16:07:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
assert(!MIB->isTailCall(Instruction) &&
|
|
|
|
|
"synthetic tail call instruction found");
|
|
|
|
|
|
|
|
|
|
// This is a call regardless of the opcode.
|
|
|
|
|
// Assign proper opcode for tail calls, so that they could be
|
|
|
|
|
// treated as calls.
|
|
|
|
|
if (!IsCall) {
|
|
|
|
|
if (!MIB->convertJmpToTailCall(Instruction)) {
|
|
|
|
|
assert(MIB->isConditionalBranch(Instruction) &&
|
|
|
|
|
"unknown tail call instruction");
|
|
|
|
|
if (opts::Verbosity >= 2) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: conditional tail call detected in "
|
|
|
|
|
<< "function " << *this << " at 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << ".\n";
|
2022-08-23 16:07:52 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
IsCall = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opts::Verbosity >= 2 && TargetAddress == 0) {
|
|
|
|
|
// We actually see calls to address 0 in presence of weak
|
|
|
|
|
// symbols originating from libraries. This code is never meant
|
|
|
|
|
// to be executed.
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: Function " << *this
|
|
|
|
|
<< " has a call to address zero.\n";
|
2022-08-23 16:07:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return BC.getOrCreateGlobalSymbol(TargetAddress, "FUNCat");
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-23 16:07:58 -07:00
|
|
|
void BinaryFunction::handleIndirectBranch(MCInst &Instruction, uint64_t Size,
|
|
|
|
|
uint64_t Offset) {
|
|
|
|
|
auto &MIB = BC.MIB;
|
|
|
|
|
uint64_t IndirectTarget = 0;
|
|
|
|
|
IndirectBranchType Result =
|
|
|
|
|
processIndirectBranch(Instruction, Size, Offset, IndirectTarget);
|
|
|
|
|
switch (Result) {
|
|
|
|
|
default:
|
|
|
|
|
llvm_unreachable("unexpected result");
|
|
|
|
|
case IndirectBranchType::POSSIBLE_TAIL_CALL: {
|
|
|
|
|
bool Result = MIB->convertJmpToTailCall(Instruction);
|
|
|
|
|
(void)Result;
|
|
|
|
|
assert(Result);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case IndirectBranchType::POSSIBLE_JUMP_TABLE:
|
|
|
|
|
case IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE:
|
2024-05-09 12:35:45 -07:00
|
|
|
case IndirectBranchType::POSSIBLE_PIC_FIXED_BRANCH:
|
2022-08-23 16:07:58 -07:00
|
|
|
if (opts::JumpTables == JTS_NONE)
|
|
|
|
|
IsSimple = false;
|
|
|
|
|
break;
|
|
|
|
|
case IndirectBranchType::POSSIBLE_FIXED_BRANCH: {
|
|
|
|
|
if (containsAddress(IndirectTarget)) {
|
|
|
|
|
const MCSymbol *TargetSymbol = getOrCreateLocalLabel(IndirectTarget);
|
|
|
|
|
Instruction.clear();
|
|
|
|
|
MIB->createUncondBranch(Instruction, TargetSymbol, BC.Ctx.get());
|
|
|
|
|
TakenBranches.emplace_back(Offset, IndirectTarget - getAddress());
|
2023-11-16 09:30:55 +04:00
|
|
|
addEntryPointAtOffset(IndirectTarget - getAddress());
|
2022-08-23 16:07:58 -07:00
|
|
|
} else {
|
|
|
|
|
MIB->convertJmpToTailCall(Instruction);
|
|
|
|
|
BC.addInterproceduralReference(this, IndirectTarget);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case IndirectBranchType::UNKNOWN:
|
|
|
|
|
// Keep processing. We'll do more checks and fixes in
|
|
|
|
|
// postProcessIndirectBranches().
|
2025-04-01 13:49:09 +03:00
|
|
|
if (opts::Verbosity > 2) {
|
|
|
|
|
outs() << "BOLT-WARNING: failed to match indirect branch, "
|
|
|
|
|
<< getPrintName() << " at 0x" << Twine::utohexstr(Offset)
|
|
|
|
|
<< " offset\n";
|
|
|
|
|
}
|
2022-08-23 16:07:58 -07:00
|
|
|
UnknownIndirectBranchOffsets.emplace(Offset);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-23 16:08:01 -07:00
|
|
|
void BinaryFunction::handleAArch64IndirectCall(MCInst &Instruction,
|
|
|
|
|
const uint64_t Offset) {
|
|
|
|
|
auto &MIB = BC.MIB;
|
|
|
|
|
const uint64_t AbsoluteInstrAddr = getAddress() + Offset;
|
|
|
|
|
MCInst *TargetHiBits, *TargetLowBits;
|
|
|
|
|
uint64_t TargetAddress, Count;
|
|
|
|
|
Count = MIB->matchLinkerVeneer(Instructions.begin(), Instructions.end(),
|
|
|
|
|
AbsoluteInstrAddr, Instruction, TargetHiBits,
|
|
|
|
|
TargetLowBits, TargetAddress);
|
|
|
|
|
if (Count) {
|
|
|
|
|
MIB->addAnnotation(Instruction, "AArch64Veneer", true);
|
|
|
|
|
--Count;
|
|
|
|
|
for (auto It = std::prev(Instructions.end()); Count != 0;
|
|
|
|
|
It = std::prev(It), --Count) {
|
|
|
|
|
MIB->addAnnotation(It->second, "AArch64Veneer", true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BC.addAdrpAddRelocAArch64(*this, *TargetLowBits, *TargetHiBits,
|
|
|
|
|
TargetAddress);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-08 12:02:18 -07:00
|
|
|
std::optional<MCInst>
|
|
|
|
|
BinaryFunction::disassembleInstructionAtOffset(uint64_t Offset) const {
|
|
|
|
|
assert(CurrentState == State::Empty && "Function should not be disassembled");
|
|
|
|
|
assert(Offset < MaxSize && "Invalid offset");
|
|
|
|
|
ErrorOr<ArrayRef<unsigned char>> FunctionData = getData();
|
|
|
|
|
assert(FunctionData && "Cannot get function as data");
|
|
|
|
|
MCInst Instr;
|
|
|
|
|
uint64_t InstrSize = 0;
|
|
|
|
|
const uint64_t InstrAddress = getAddress() + Offset;
|
|
|
|
|
if (BC.DisAsm->getInstruction(Instr, InstrSize, FunctionData->slice(Offset),
|
|
|
|
|
InstrAddress, nulls()))
|
|
|
|
|
return Instr;
|
|
|
|
|
return std::nullopt;
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-12 14:51:15 -08:00
|
|
|
Error BinaryFunction::disassemble() {
|
2019-07-12 07:25:50 -07:00
|
|
|
NamedRegionTimer T("disassemble", "Disassemble function", "buildfuncs",
|
|
|
|
|
"Build Binary Functions", opts::TimeBuild);
|
2020-02-10 15:35:11 -08:00
|
|
|
ErrorOr<ArrayRef<uint8_t>> ErrorOrFunctionData = getData();
|
2020-05-03 15:49:58 -07:00
|
|
|
assert(ErrorOrFunctionData && "function data is not available");
|
2020-02-10 15:35:11 -08:00
|
|
|
ArrayRef<uint8_t> FunctionData = *ErrorOrFunctionData;
|
[BOLT] Add code padding verification
Summary:
In non-relocation mode, we allow data objects to be embedded in the
code. Such objects could be unmarked, and could occupy an area between
functions, the area which is considered to be code padding.
When we disassemble code, we detect references into the padding area
and adjust it, so that it is not overwritten during the code emission.
We assume the reference to be pointing to the beginning of the object.
However, assembly-written functions may reference the middle of an
object and use negative offsets to reference data fields. Thus,
conservatively, we reduce the possibly-overwritten padding area to
a minimum if the object reference was detected.
Since we also allow functions with unknown code in non-relocation mode,
it is possible that we miss references to some objects in code.
To cover such cases, we need to verify the padding area before we
allow to overwrite it.
(cherry picked from FBD16477787)
2019-07-23 20:48:41 -07:00
|
|
|
assert(FunctionData.size() == getMaxSize() &&
|
2015-10-09 17:21:14 -07:00
|
|
|
"function size does not match raw data size");
|
|
|
|
|
|
|
|
|
|
auto &Ctx = BC.Ctx;
|
2018-03-09 09:45:13 -08:00
|
|
|
auto &MIB = BC.MIB;
|
2016-02-25 16:57:07 -08:00
|
|
|
|
2022-02-22 19:06:25 -08:00
|
|
|
BC.SymbolicDisAsm->setSymbolizer(MIB->createTargetSymbolizer(*this));
|
|
|
|
|
|
2015-10-09 17:21:14 -07:00
|
|
|
// Insert a label at the beginning of the function. This will be our first
|
|
|
|
|
// basic block.
|
2020-12-01 16:29:39 -08:00
|
|
|
Labels[0] = Ctx->createNamedTempSymbol("BB0");
|
2015-10-09 17:21:14 -07:00
|
|
|
|
[BOLT] Improve handling of relocations targeting specific instructions (#66395)
On RISC-V, there are certain relocations that target a specific
instruction instead of a more abstract location like a function or basic
block. Take the following example that loads a value from symbol `foo`:
```
nop
1: auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(1b)(t0)
```
This results in two relocation:
- auipc: `R_RISCV_PCREL_HI20` referencing `foo`;
- ld: `R_RISCV_PCREL_LO12_I` referencing to local label `1` which points
to the auipc instruction.
It is of utmost importance that the `R_RISCV_PCREL_LO12_I` keeps
referring to the auipc instruction; if not, the program will fail to
assemble. However, BOLT currently does not guarantee this.
BOLT currently assumes that all local symbols are jump targets and
always starts a new basic block at symbol locations. The example above
results in a CFG the looks like this:
```
.BB0:
nop
.BB1:
auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(.BB1)(t0)
```
While this currently works (i.e., the `R_RISCV_PCREL_LO12_I` relocation
points to the correct instruction), it has two downsides:
- Too many basic blocks are created (the example above is logically only
one yet two are created);
- If instructions are inserted in `.BB1` (e.g., by instrumentation),
things will break since the label will not point to the auipc anymore.
This patch proposes to fix this issue by teaching BOLT to track labels
that should always point to a specific instruction. This is implemented
as follows:
- Add a new annotation type (`kLabel`) that allows us to annotate
instructions with an `MCSymbol *`;
- Whenever we encounter a relocation type that is used to refer to a
specific instruction (`Relocation::isInstructionReference`), we
register it without a symbol;
- During disassembly, whenever we encounter an instruction with such a
relocation, create a symbol for its target and store it in an offset
to symbol map (to ensure multiple relocations referencing the same
instruction use the same label);
- After disassembly, iterate this map to attach labels to instructions
via the new annotation type;
- During emission, emit these labels right before the instruction.
I believe the use of annotations works quite well for this use case as
it allows us to reliably track instruction labels. If we were to store
them as offsets in basic blocks, it would be error prone to keep them
updated whenever instructions are inserted or removed.
I have chosen to add labels as first-class annotations (as opposed to a
generic one) because the documentation of `MCAnnotation` suggests that
generic annotations are to be used for optional metadata that can be
discarded without affecting correctness. As this is not the case for
labels, a first-class annotation seemed more appropriate.
2023-10-06 06:46:16 +00:00
|
|
|
// Map offsets in the function to a label that should always point to the
|
|
|
|
|
// corresponding instruction. This is used for labels that shouldn't point to
|
|
|
|
|
// the start of a basic block but always to a specific instruction. This is
|
|
|
|
|
// used, for example, on RISC-V where %pcrel_lo relocations point to the
|
|
|
|
|
// corresponding %pcrel_hi.
|
|
|
|
|
LabelsMapType InstructionLabels;
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
uint64_t Size = 0; // instruction size
|
2017-03-03 11:35:41 -08:00
|
|
|
for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) {
|
2015-10-09 17:21:14 -07:00
|
|
|
MCInst Instruction;
|
2016-09-27 19:09:38 -07:00
|
|
|
const uint64_t AbsoluteInstrAddr = getAddress() + Offset;
|
2016-02-25 16:57:07 -08:00
|
|
|
|
2017-09-20 10:43:01 -07:00
|
|
|
// Check for data inside code and ignore it
|
2021-04-08 00:19:26 -07:00
|
|
|
if (const size_t DataInCodeSize = getSizeOfDataInCodeAt(Offset)) {
|
2020-05-03 15:49:58 -07:00
|
|
|
Size = DataInCodeSize;
|
|
|
|
|
continue;
|
2017-09-20 10:43:01 -07:00
|
|
|
}
|
|
|
|
|
|
2022-02-22 19:06:25 -08:00
|
|
|
if (!BC.SymbolicDisAsm->getInstruction(Instruction, Size,
|
|
|
|
|
FunctionData.slice(Offset),
|
|
|
|
|
AbsoluteInstrAddr, nulls())) {
|
2017-02-08 09:14:10 -08:00
|
|
|
// Functions with "soft" boundaries, e.g. coming from assembly source,
|
|
|
|
|
// can have 0-byte padding at the end.
|
2020-05-03 15:49:58 -07:00
|
|
|
if (isZeroPaddingAt(Offset))
|
|
|
|
|
break;
|
2017-02-08 09:14:10 -08:00
|
|
|
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs()
|
|
|
|
|
<< "BOLT-WARNING: unable to disassemble instruction at offset 0x"
|
|
|
|
|
<< Twine::utohexstr(Offset) << " (address 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << ") in function " << *this
|
|
|
|
|
<< '\n';
|
2020-05-03 15:49:58 -07:00
|
|
|
// Some AVX-512 instructions could not be disassembled at all.
|
|
|
|
|
if (BC.HasRelocations && opts::TrapOnAVX512 && BC.isX86()) {
|
|
|
|
|
setTrapOnEntry();
|
|
|
|
|
BC.TrappedFunctions.push_back(this);
|
|
|
|
|
} else {
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
setIgnored();
|
2017-02-08 09:14:10 -08:00
|
|
|
}
|
2020-05-03 15:49:58 -07:00
|
|
|
|
2015-10-09 17:21:14 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-31 16:03:49 -07:00
|
|
|
// Check integrity of LLVM assembler/disassembler.
|
|
|
|
|
if (opts::CheckEncoding && !BC.MIB->isBranch(Instruction) &&
|
|
|
|
|
!BC.MIB->isCall(Instruction) && !BC.MIB->isNoop(Instruction)) {
|
2022-10-17 16:15:59 -07:00
|
|
|
if (!BC.validateInstructionEncoding(FunctionData.slice(Offset, Size))) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: mismatching LLVM encoding detected in "
|
|
|
|
|
<< "function " << *this << " for instruction :\n";
|
|
|
|
|
BC.printInstruction(BC.errs(), Instruction, AbsoluteInstrAddr);
|
|
|
|
|
BC.errs() << '\n';
|
2019-07-31 16:03:49 -07:00
|
|
|
}
|
2025-03-03 12:44:28 -08:00
|
|
|
|
|
|
|
|
// Verify that we've symbolized an operand if the instruction has a
|
|
|
|
|
// relocation against it.
|
|
|
|
|
if (getRelocationInRange(Offset, Offset + Size)) {
|
|
|
|
|
bool HasSymbolicOp = false;
|
|
|
|
|
for (MCOperand &Op : Instruction) {
|
|
|
|
|
if (Op.isExpr()) {
|
|
|
|
|
HasSymbolicOp = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!HasSymbolicOp)
|
|
|
|
|
return createFatalBOLTError(
|
|
|
|
|
"expected symbolized operand for instruction at 0x" +
|
|
|
|
|
Twine::utohexstr(AbsoluteInstrAddr));
|
|
|
|
|
}
|
2019-07-31 16:03:49 -07:00
|
|
|
}
|
|
|
|
|
|
2019-11-22 14:53:20 -08:00
|
|
|
// Special handling for AVX-512 instructions.
|
2018-03-09 09:45:13 -08:00
|
|
|
if (MIB->hasEVEXEncoding(Instruction)) {
|
2018-02-02 16:07:11 -08:00
|
|
|
if (BC.HasRelocations && opts::TrapOnAVX512) {
|
|
|
|
|
setTrapOnEntry();
|
|
|
|
|
BC.TrappedFunctions.push_back(this);
|
2019-11-22 14:53:20 -08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-17 16:15:59 -07:00
|
|
|
if (!BC.validateInstructionEncoding(FunctionData.slice(Offset, Size))) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: internal assembler/disassembler error "
|
|
|
|
|
"detected for AVX512 instruction:\n";
|
|
|
|
|
BC.printInstruction(BC.errs(), Instruction, AbsoluteInstrAddr);
|
|
|
|
|
BC.errs() << " in function " << *this << '\n';
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
setIgnored();
|
|
|
|
|
break;
|
2018-02-02 16:07:11 -08:00
|
|
|
}
|
2016-10-16 18:56:56 -07:00
|
|
|
}
|
|
|
|
|
|
2024-06-28 07:45:37 -04:00
|
|
|
bool IsUnsupported = BC.MIB->isUnsupportedInstruction(Instruction);
|
|
|
|
|
if (IsUnsupported)
|
|
|
|
|
setIgnored();
|
|
|
|
|
|
2018-03-09 09:45:13 -08:00
|
|
|
if (MIB->isBranch(Instruction) || MIB->isCall(Instruction)) {
|
2016-08-22 14:24:09 -07:00
|
|
|
uint64_t TargetAddress = 0;
|
2018-03-20 14:34:58 -07:00
|
|
|
if (MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size,
|
2016-08-22 14:24:09 -07:00
|
|
|
TargetAddress)) {
|
2015-10-09 17:21:14 -07:00
|
|
|
// Check if the target is within the same function. Otherwise it's
|
|
|
|
|
// a call, possibly a tail call.
|
|
|
|
|
//
|
|
|
|
|
// If the target *is* the function address it could be either a branch
|
|
|
|
|
// or a recursive call.
|
2018-03-09 09:45:13 -08:00
|
|
|
bool IsCall = MIB->isCall(Instruction);
|
|
|
|
|
const bool IsCondBranch = MIB->isConditionalBranch(Instruction);
|
2017-10-12 14:57:11 -07:00
|
|
|
MCSymbol *TargetSymbol = nullptr;
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2024-06-28 07:45:37 -04:00
|
|
|
if (IsUnsupported)
|
|
|
|
|
if (auto *TargetFunc =
|
2021-12-14 16:52:51 -08:00
|
|
|
BC.getBinaryFunctionContainingAddress(TargetAddress))
|
2021-04-23 11:34:40 +03:00
|
|
|
TargetFunc->setIgnored();
|
|
|
|
|
|
2024-08-27 11:31:32 -07:00
|
|
|
if (IsCall && TargetAddress == getAddress()) {
|
|
|
|
|
// A recursive call. Calls to internal blocks are handled by
|
|
|
|
|
// ValidateInternalCalls pass.
|
|
|
|
|
TargetSymbol = getSymbol();
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!TargetSymbol) {
|
|
|
|
|
// Create either local label or external symbol.
|
2016-08-22 14:24:09 -07:00
|
|
|
if (containsAddress(TargetAddress)) {
|
|
|
|
|
TargetSymbol = getOrCreateLocalLabel(TargetAddress);
|
2015-10-09 17:21:14 -07:00
|
|
|
} else {
|
2017-03-03 11:35:41 -08:00
|
|
|
if (TargetAddress == getAddress() + getSize() &&
|
2022-07-07 00:01:33 +03:00
|
|
|
TargetAddress < getAddress() + getMaxSize() &&
|
|
|
|
|
!(BC.isAArch64() &&
|
|
|
|
|
BC.handleAArch64Veneer(TargetAddress, /*MatchOnly*/ true))) {
|
2017-03-03 11:35:41 -08:00
|
|
|
// Result of __builtin_unreachable().
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: jump past end detected at 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr)
|
|
|
|
|
<< " in function " << *this
|
|
|
|
|
<< " : replacing with nop.\n");
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->createNoop(Instruction);
|
2017-03-03 11:35:41 -08:00
|
|
|
if (IsCondBranch) {
|
2017-10-12 14:57:11 -07:00
|
|
|
// Register branch offset for profile validation.
|
2017-04-18 23:32:11 -07:00
|
|
|
IgnoredBranches.emplace_back(Offset, Offset + Size);
|
2017-03-03 11:35:41 -08:00
|
|
|
}
|
|
|
|
|
goto add_instruction;
|
|
|
|
|
}
|
2021-06-25 17:32:25 -07:00
|
|
|
// May update Instruction and IsCall
|
|
|
|
|
TargetSymbol = handleExternalReference(Instruction, Size, Offset,
|
|
|
|
|
TargetAddress, IsCall);
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!IsCall) {
|
2016-06-15 18:36:16 -07:00
|
|
|
// Add taken branch info.
|
2016-09-14 16:45:40 -07:00
|
|
|
TakenBranches.emplace_back(Offset, TargetAddress - getAddress());
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->replaceBranchTarget(Instruction, TargetSymbol, &*Ctx);
|
Indirect call promotion optimization.
Summary:
Perform indirect call promotion optimization in BOLT.
The code scans the instructions during CFG creation for all
indirect calls. Right now indirect tail calls are not handled
since the functions are marked not simple. The offsets of the
indirect calls are stored for later use by the ICP pass.
The indirect call promotion pass visits each indirect call and
examines the BranchData for each. If the most frequent targets
from that callsite exceed the specified threshold (default 90%),
the call is promoted. Otherwise, it is ignored. By default,
only one target is considered at each callsite.
When an candiate callsite is processed, we modify the callsite
to test for the most common call targets before calling through
the original generic call mechanism.
The CFG and layout are modified by ICP.
A few new command line options have been added:
-indirect-call-promotion
-indirect-call-promotion-threshold=<percentage>
-indirect-call-promotion-topn=<int>
The threshold is the minimum frequency of a call target needed
before ICP is triggered.
The topn option controls the number of targets to consider for
each callsite, e.g. ICP is triggered if topn=2 and the total
requency of the top two call targets exceeds the threshold.
Example of ICP:
C++ code:
int B_count = 0;
int C_count = 0;
struct A { virtual void foo() = 0; }
struct B : public A { virtual void foo() { ++B_count; }; };
struct C : public A { virtual void foo() { ++C_count; }; };
A* a = ...
a->foo();
...
original:
400863: 49 8b 07 mov (%r15),%rax
400866: 4c 89 ff mov %r15,%rdi
400869: ff 10 callq *(%rax)
40086b: 41 83 e6 01 and $0x1,%r14d
40086f: 4d 89 e6 mov %r12,%r14
400872: 4c 0f 44 f5 cmove %rbp,%r14
400876: 4c 89 f7 mov %r14,%rdi
...
after ICP:
40085e: 49 8b 07 mov (%r15),%rax
400861: 4c 89 ff mov %r15,%rdi
400864: 49 ba e0 0b 40 00 00 movabs $0x400be0,%r10
40086b: 00 00 00
40086e: 4c 3b 10 cmp (%rax),%r10
400871: 75 29 jne 40089c <main+0x9c>
400873: 41 ff d2 callq *%r10
400876: 41 83 e6 01 and $0x1,%r14d
40087a: 4d 89 e6 mov %r12,%r14
40087d: 4c 0f 44 f5 cmove %rbp,%r14
400881: 4c 89 f7 mov %r14,%rdi
...
40089c: ff 10 callq *(%rax)
40089e: eb d6 jmp 400876 <main+0x76>
(cherry picked from FBD3612218)
2016-09-07 18:59:23 -07:00
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
// Mark CTC.
|
2021-12-20 11:07:46 -08:00
|
|
|
if (IsCondBranch && IsCall)
|
2018-03-09 09:45:13 -08:00
|
|
|
MIB->setConditionalTailCall(Instruction, TargetAddress);
|
2015-10-09 17:21:14 -07:00
|
|
|
} else {
|
2016-08-22 14:24:09 -07:00
|
|
|
// Could not evaluate branch. Should be an indirect call or an
|
|
|
|
|
// indirect branch. Bail out on the latter case.
|
2021-06-25 17:49:43 -07:00
|
|
|
if (MIB->isIndirectBranch(Instruction))
|
|
|
|
|
handleIndirectBranch(Instruction, Size, Offset);
|
2019-06-12 18:21:02 -07:00
|
|
|
// Indirect call. We only need to fix it if the operand is RIP-relative.
|
2024-02-12 14:51:15 -08:00
|
|
|
if (IsSimple && MIB->hasPCRelOperand(Instruction)) {
|
|
|
|
|
if (auto NewE = handleErrors(
|
|
|
|
|
handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size),
|
|
|
|
|
[&](const BOLTError &E) -> Error {
|
|
|
|
|
if (E.isFatal())
|
|
|
|
|
return Error(std::make_unique<BOLTError>(std::move(E)));
|
|
|
|
|
if (!E.getMessage().empty())
|
2024-02-12 14:53:53 -08:00
|
|
|
E.log(BC.errs());
|
2024-02-12 14:51:15 -08:00
|
|
|
return Error::success();
|
|
|
|
|
})) {
|
|
|
|
|
return Error(std::move(NewE));
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-06-17 17:41:28 -07:00
|
|
|
|
2021-06-25 17:52:51 -07:00
|
|
|
if (BC.isAArch64())
|
|
|
|
|
handleAArch64IndirectCall(Instruction, Offset);
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
2025-03-03 12:44:28 -08:00
|
|
|
} else if (BC.isRISCV()) {
|
2022-02-23 22:54:42 -08:00
|
|
|
// Check if there's a relocation associated with this instruction.
|
|
|
|
|
for (auto Itr = Relocations.lower_bound(Offset),
|
|
|
|
|
ItrE = Relocations.lower_bound(Offset + Size);
|
|
|
|
|
Itr != ItrE; ++Itr) {
|
|
|
|
|
const Relocation &Relocation = Itr->second;
|
[BOLT] Improve handling of relocations targeting specific instructions (#66395)
On RISC-V, there are certain relocations that target a specific
instruction instead of a more abstract location like a function or basic
block. Take the following example that loads a value from symbol `foo`:
```
nop
1: auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(1b)(t0)
```
This results in two relocation:
- auipc: `R_RISCV_PCREL_HI20` referencing `foo`;
- ld: `R_RISCV_PCREL_LO12_I` referencing to local label `1` which points
to the auipc instruction.
It is of utmost importance that the `R_RISCV_PCREL_LO12_I` keeps
referring to the auipc instruction; if not, the program will fail to
assemble. However, BOLT currently does not guarantee this.
BOLT currently assumes that all local symbols are jump targets and
always starts a new basic block at symbol locations. The example above
results in a CFG the looks like this:
```
.BB0:
nop
.BB1:
auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(.BB1)(t0)
```
While this currently works (i.e., the `R_RISCV_PCREL_LO12_I` relocation
points to the correct instruction), it has two downsides:
- Too many basic blocks are created (the example above is logically only
one yet two are created);
- If instructions are inserted in `.BB1` (e.g., by instrumentation),
things will break since the label will not point to the auipc anymore.
This patch proposes to fix this issue by teaching BOLT to track labels
that should always point to a specific instruction. This is implemented
as follows:
- Add a new annotation type (`kLabel`) that allows us to annotate
instructions with an `MCSymbol *`;
- Whenever we encounter a relocation type that is used to refer to a
specific instruction (`Relocation::isInstructionReference`), we
register it without a symbol;
- During disassembly, whenever we encounter an instruction with such a
relocation, create a symbol for its target and store it in an offset
to symbol map (to ensure multiple relocations referencing the same
instruction use the same label);
- After disassembly, iterate this map to attach labels to instructions
via the new annotation type;
- During emission, emit these labels right before the instruction.
I believe the use of annotations works quite well for this use case as
it allows us to reliably track instruction labels. If we were to store
them as offsets in basic blocks, it would be error prone to keep them
updated whenever instructions are inserted or removed.
I have chosen to add labels as first-class annotations (as opposed to a
generic one) because the documentation of `MCAnnotation` suggests that
generic annotations are to be used for optional metadata that can be
discarded without affecting correctness. As this is not the case for
labels, a first-class annotation seemed more appropriate.
2023-10-06 06:46:16 +00:00
|
|
|
MCSymbol *Symbol = Relocation.Symbol;
|
|
|
|
|
|
|
|
|
|
if (Relocation::isInstructionReference(Relocation.Type)) {
|
|
|
|
|
uint64_t RefOffset = Relocation.Value - getAddress();
|
|
|
|
|
LabelsMapType::iterator LI = InstructionLabels.find(RefOffset);
|
|
|
|
|
|
|
|
|
|
if (LI == InstructionLabels.end()) {
|
|
|
|
|
Symbol = BC.Ctx->createNamedTempSymbol();
|
|
|
|
|
InstructionLabels.emplace(RefOffset, Symbol);
|
|
|
|
|
} else {
|
|
|
|
|
Symbol = LI->second;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-03-14 18:44:33 -07:00
|
|
|
uint64_t Addend = Relocation.Addend;
|
|
|
|
|
|
|
|
|
|
// For GOT relocations, create a reference against GOT entry ignoring
|
|
|
|
|
// the relocation symbol.
|
|
|
|
|
if (Relocation::isGOT(Relocation.Type)) {
|
|
|
|
|
assert(Relocation::isPCRelative(Relocation.Type) &&
|
|
|
|
|
"GOT relocation must be PC-relative on RISC-V");
|
|
|
|
|
Symbol = BC.registerNameAtAddress("__BOLT_got_zero", 0, 0, 0);
|
|
|
|
|
Addend = Relocation.Value + Relocation.Offset + getAddress();
|
|
|
|
|
}
|
2022-02-22 19:06:25 -08:00
|
|
|
int64_t Value = Relocation.Value;
|
|
|
|
|
const bool Result = BC.MIB->replaceImmWithSymbolRef(
|
2025-03-14 18:44:33 -07:00
|
|
|
Instruction, Symbol, Addend, Ctx.get(), Value, Relocation.Type);
|
2022-02-22 19:06:25 -08:00
|
|
|
(void)Result;
|
|
|
|
|
assert(Result && "cannot replace immediate with relocation");
|
2024-02-12 14:51:15 -08:00
|
|
|
}
|
2021-12-20 11:07:46 -08:00
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2020-07-16 17:35:55 -07:00
|
|
|
add_instruction:
|
2020-10-12 21:04:42 -07:00
|
|
|
if (getDWARFLineTable()) {
|
2021-12-14 16:52:51 -08:00
|
|
|
Instruction.setLoc(findDebugLineInformationForInstructionAt(
|
|
|
|
|
AbsoluteInstrAddr, getDWARFUnit(), getDWARFLineTable()));
|
2016-02-25 16:57:07 -08:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
// Record offset of the instruction for profile matching.
|
2021-12-20 11:07:46 -08:00
|
|
|
if (BC.keepOffsetForInstruction(Instruction))
|
2021-08-03 17:53:32 -07:00
|
|
|
MIB->setOffset(Instruction, static_cast<uint32_t>(Offset));
|
2017-11-28 09:57:21 -08:00
|
|
|
|
2023-11-06 15:21:50 +04:00
|
|
|
if (BC.isX86() && BC.MIB->isNoop(Instruction)) {
|
|
|
|
|
// NOTE: disassembly loses the correct size information for noops on x86.
|
2021-12-18 17:03:35 -08:00
|
|
|
// E.g. nopw 0x0(%rax,%rax,1) is 9 bytes, but re-encoded it's only
|
|
|
|
|
// 5 bytes. Preserve the size info using annotations.
|
2023-11-13 14:33:39 -08:00
|
|
|
MIB->setSize(Instruction, Size);
|
2021-12-18 17:03:35 -08:00
|
|
|
}
|
|
|
|
|
|
2015-10-09 17:21:14 -07:00
|
|
|
addInstruction(Offset, std::move(Instruction));
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Improve handling of relocations targeting specific instructions (#66395)
On RISC-V, there are certain relocations that target a specific
instruction instead of a more abstract location like a function or basic
block. Take the following example that loads a value from symbol `foo`:
```
nop
1: auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(1b)(t0)
```
This results in two relocation:
- auipc: `R_RISCV_PCREL_HI20` referencing `foo`;
- ld: `R_RISCV_PCREL_LO12_I` referencing to local label `1` which points
to the auipc instruction.
It is of utmost importance that the `R_RISCV_PCREL_LO12_I` keeps
referring to the auipc instruction; if not, the program will fail to
assemble. However, BOLT currently does not guarantee this.
BOLT currently assumes that all local symbols are jump targets and
always starts a new basic block at symbol locations. The example above
results in a CFG the looks like this:
```
.BB0:
nop
.BB1:
auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(.BB1)(t0)
```
While this currently works (i.e., the `R_RISCV_PCREL_LO12_I` relocation
points to the correct instruction), it has two downsides:
- Too many basic blocks are created (the example above is logically only
one yet two are created);
- If instructions are inserted in `.BB1` (e.g., by instrumentation),
things will break since the label will not point to the auipc anymore.
This patch proposes to fix this issue by teaching BOLT to track labels
that should always point to a specific instruction. This is implemented
as follows:
- Add a new annotation type (`kLabel`) that allows us to annotate
instructions with an `MCSymbol *`;
- Whenever we encounter a relocation type that is used to refer to a
specific instruction (`Relocation::isInstructionReference`), we
register it without a symbol;
- During disassembly, whenever we encounter an instruction with such a
relocation, create a symbol for its target and store it in an offset
to symbol map (to ensure multiple relocations referencing the same
instruction use the same label);
- After disassembly, iterate this map to attach labels to instructions
via the new annotation type;
- During emission, emit these labels right before the instruction.
I believe the use of annotations works quite well for this use case as
it allows us to reliably track instruction labels. If we were to store
them as offsets in basic blocks, it would be error prone to keep them
updated whenever instructions are inserted or removed.
I have chosen to add labels as first-class annotations (as opposed to a
generic one) because the documentation of `MCAnnotation` suggests that
generic annotations are to be used for optional metadata that can be
discarded without affecting correctness. As this is not the case for
labels, a first-class annotation seemed more appropriate.
2023-10-06 06:46:16 +00:00
|
|
|
for (auto [Offset, Label] : InstructionLabels) {
|
|
|
|
|
InstrMapType::iterator II = Instructions.find(Offset);
|
|
|
|
|
assert(II != Instructions.end() && "reference to non-existing instruction");
|
|
|
|
|
|
2024-02-27 18:44:28 -08:00
|
|
|
BC.MIB->setInstLabel(II->second, Label);
|
[BOLT] Improve handling of relocations targeting specific instructions (#66395)
On RISC-V, there are certain relocations that target a specific
instruction instead of a more abstract location like a function or basic
block. Take the following example that loads a value from symbol `foo`:
```
nop
1: auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(1b)(t0)
```
This results in two relocation:
- auipc: `R_RISCV_PCREL_HI20` referencing `foo`;
- ld: `R_RISCV_PCREL_LO12_I` referencing to local label `1` which points
to the auipc instruction.
It is of utmost importance that the `R_RISCV_PCREL_LO12_I` keeps
referring to the auipc instruction; if not, the program will fail to
assemble. However, BOLT currently does not guarantee this.
BOLT currently assumes that all local symbols are jump targets and
always starts a new basic block at symbol locations. The example above
results in a CFG the looks like this:
```
.BB0:
nop
.BB1:
auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(.BB1)(t0)
```
While this currently works (i.e., the `R_RISCV_PCREL_LO12_I` relocation
points to the correct instruction), it has two downsides:
- Too many basic blocks are created (the example above is logically only
one yet two are created);
- If instructions are inserted in `.BB1` (e.g., by instrumentation),
things will break since the label will not point to the auipc anymore.
This patch proposes to fix this issue by teaching BOLT to track labels
that should always point to a specific instruction. This is implemented
as follows:
- Add a new annotation type (`kLabel`) that allows us to annotate
instructions with an `MCSymbol *`;
- Whenever we encounter a relocation type that is used to refer to a
specific instruction (`Relocation::isInstructionReference`), we
register it without a symbol;
- During disassembly, whenever we encounter an instruction with such a
relocation, create a symbol for its target and store it in an offset
to symbol map (to ensure multiple relocations referencing the same
instruction use the same label);
- After disassembly, iterate this map to attach labels to instructions
via the new annotation type;
- During emission, emit these labels right before the instruction.
I believe the use of annotations works quite well for this use case as
it allows us to reliably track instruction labels. If we were to store
them as offsets in basic blocks, it would be error prone to keep them
updated whenever instructions are inserted or removed.
I have chosen to add labels as first-class annotations (as opposed to a
generic one) because the documentation of `MCAnnotation` suggests that
generic annotations are to be used for optional metadata that can be
discarded without affecting correctness. As this is not the case for
labels, a first-class annotation seemed more appropriate.
2023-10-06 06:46:16 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-22 19:06:25 -08:00
|
|
|
// Reset symbolizer for the disassembler.
|
|
|
|
|
BC.SymbolicDisAsm->setSymbolizer(nullptr);
|
|
|
|
|
|
2022-06-08 15:08:31 -07:00
|
|
|
if (uint64_t Offset = getFirstInstructionOffset())
|
|
|
|
|
Labels[Offset] = BC.Ctx->createNamedTempSymbol();
|
|
|
|
|
|
2019-11-08 14:41:31 -08:00
|
|
|
clearList(Relocations);
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!IsSimple) {
|
|
|
|
|
clearList(Instructions);
|
2024-02-12 14:51:15 -08:00
|
|
|
return createNonFatalBOLTError("");
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
}
|
|
|
|
|
|
2016-09-27 19:09:38 -07:00
|
|
|
updateState(State::Disassembled);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
|
2024-02-12 14:51:15 -08:00
|
|
|
return Error::success();
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
|
|
|
|
|
2024-02-28 20:04:28 -08:00
|
|
|
MCSymbol *BinaryFunction::registerBranch(uint64_t Src, uint64_t Dst) {
|
|
|
|
|
assert(CurrentState == State::Disassembled &&
|
|
|
|
|
"Cannot register branch unless function is in disassembled state.");
|
|
|
|
|
assert(containsAddress(Src) && containsAddress(Dst) &&
|
|
|
|
|
"Cannot register external branch.");
|
|
|
|
|
MCSymbol *Target = getOrCreateLocalLabel(Dst);
|
|
|
|
|
TakenBranches.emplace_back(Src - getAddress(), Dst - getAddress());
|
|
|
|
|
return Target;
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-16 21:49:53 -08:00
|
|
|
void BinaryFunction::analyzeInstructionForFuncReference(const MCInst &Inst) {
|
2025-02-28 17:57:54 -08:00
|
|
|
for (unsigned OpNum = 0; OpNum < MCPlus::getNumPrimeOperands(Inst); ++OpNum) {
|
|
|
|
|
const MCSymbol *Symbol = BC.MIB->getTargetSymbol(Inst, OpNum);
|
|
|
|
|
if (!Symbol)
|
2024-12-16 21:49:53 -08:00
|
|
|
continue;
|
2025-02-28 17:57:54 -08:00
|
|
|
if (BinaryFunction *BF = BC.getFunctionForSymbol(Symbol))
|
2024-12-16 21:49:53 -08:00
|
|
|
BF->setHasAddressTaken(true);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
bool BinaryFunction::scanExternalRefs() {
|
|
|
|
|
bool Success = true;
|
|
|
|
|
bool DisassemblyFailed = false;
|
|
|
|
|
|
|
|
|
|
// Ignore pseudo functions.
|
|
|
|
|
if (isPseudo())
|
|
|
|
|
return Success;
|
|
|
|
|
|
2020-12-30 12:23:58 -08:00
|
|
|
if (opts::NoScan) {
|
|
|
|
|
clearList(Relocations);
|
|
|
|
|
clearList(ExternallyReferencedOffsets);
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
// List of external references for this function.
|
|
|
|
|
std::vector<Relocation> FunctionRelocations;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
static BinaryContext::IndependentCodeEmitter Emitter =
|
|
|
|
|
BC.createIndependentMCCodeEmitter();
|
2020-05-03 15:49:58 -07:00
|
|
|
|
|
|
|
|
ErrorOr<ArrayRef<uint8_t>> ErrorOrFunctionData = getData();
|
|
|
|
|
assert(ErrorOrFunctionData && "function data is not available");
|
|
|
|
|
ArrayRef<uint8_t> FunctionData = *ErrorOrFunctionData;
|
|
|
|
|
assert(FunctionData.size() == getMaxSize() &&
|
|
|
|
|
"function size does not match raw data size");
|
|
|
|
|
|
[BOLT][AArch64] Add partial support for lite mode (#133014)
In lite mode, we only emit code for a subset of functions while
preserving the original code in .bolt.org.text. This requires updating
code references in non-emitted functions to ensure that:
* Non-optimized versions of the optimized code never execute.
* Function pointer comparison semantics is preserved.
On x86-64, we can update code references in-place using "pending
relocations" added in scanExternalRefs(). However, on AArch64, this is
not always possible due to address range limitations and linker address
"relaxation".
There are two types of code-to-code references: control transfer (e.g.,
calls and branches) and function pointer materialization.
AArch64-specific control transfer instructions are covered by #116964.
For function pointer materialization, simply changing the immediate
field of an instruction is not always sufficient. In some cases, we need
to modify a pair of instructions, such as undoing linker relaxation and
converting NOP+ADR into ADRP+ADD sequence.
To achieve this, we use the instruction patch mechanism instead of
pending relocations. Instruction patches are emitted via the regular MC
layer, just like regular functions. However, they have a fixed address
and do not have an associated symbol table entry. This allows us to make
more complex changes to the code, ensuring that function pointers are
correctly updated. Such mechanism should also be portable to RISC-V and
other architectures.
To summarize, for AArch64, we extend the scanExternalRefs() process to
undo linker relaxation and use instruction patches to partially
overwrite unoptimized code.
2025-03-27 21:33:25 -07:00
|
|
|
BC.SymbolicDisAsm->setSymbolizer(
|
|
|
|
|
BC.MIB->createTargetSymbolizer(*this, /*CreateSymbols*/ false));
|
|
|
|
|
|
|
|
|
|
// A list of patches for this function.
|
|
|
|
|
using PatchTy = std::pair<uint64_t, MCInst>;
|
|
|
|
|
std::vector<PatchTy> InstructionPatches;
|
2023-06-06 18:25:46 -07:00
|
|
|
|
|
|
|
|
// Disassemble contents of the function. Detect code entry points and create
|
|
|
|
|
// relocations for references to code that will be moved.
|
2021-12-14 16:52:51 -08:00
|
|
|
uint64_t Size = 0; // instruction size
|
[BOLT][AArch64] Add partial support for lite mode (#133014)
In lite mode, we only emit code for a subset of functions while
preserving the original code in .bolt.org.text. This requires updating
code references in non-emitted functions to ensure that:
* Non-optimized versions of the optimized code never execute.
* Function pointer comparison semantics is preserved.
On x86-64, we can update code references in-place using "pending
relocations" added in scanExternalRefs(). However, on AArch64, this is
not always possible due to address range limitations and linker address
"relaxation".
There are two types of code-to-code references: control transfer (e.g.,
calls and branches) and function pointer materialization.
AArch64-specific control transfer instructions are covered by #116964.
For function pointer materialization, simply changing the immediate
field of an instruction is not always sufficient. In some cases, we need
to modify a pair of instructions, such as undoing linker relaxation and
converting NOP+ADR into ADRP+ADD sequence.
To achieve this, we use the instruction patch mechanism instead of
pending relocations. Instruction patches are emitted via the regular MC
layer, just like regular functions. However, they have a fixed address
and do not have an associated symbol table entry. This allows us to make
more complex changes to the code, ensuring that function pointers are
correctly updated. Such mechanism should also be portable to RISC-V and
other architectures.
To summarize, for AArch64, we extend the scanExternalRefs() process to
undo linker relaxation and use instruction patches to partially
overwrite unoptimized code.
2025-03-27 21:33:25 -07:00
|
|
|
MCInst Instruction;
|
|
|
|
|
MCInst PrevInstruction;
|
2020-05-03 15:49:58 -07:00
|
|
|
for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) {
|
|
|
|
|
// Check for data inside code and ignore it
|
2021-04-08 00:19:26 -07:00
|
|
|
if (const size_t DataInCodeSize = getSizeOfDataInCodeAt(Offset)) {
|
2020-05-03 15:49:58 -07:00
|
|
|
Size = DataInCodeSize;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const uint64_t AbsoluteInstrAddr = getAddress() + Offset;
|
[BOLT][AArch64] Add partial support for lite mode (#133014)
In lite mode, we only emit code for a subset of functions while
preserving the original code in .bolt.org.text. This requires updating
code references in non-emitted functions to ensure that:
* Non-optimized versions of the optimized code never execute.
* Function pointer comparison semantics is preserved.
On x86-64, we can update code references in-place using "pending
relocations" added in scanExternalRefs(). However, on AArch64, this is
not always possible due to address range limitations and linker address
"relaxation".
There are two types of code-to-code references: control transfer (e.g.,
calls and branches) and function pointer materialization.
AArch64-specific control transfer instructions are covered by #116964.
For function pointer materialization, simply changing the immediate
field of an instruction is not always sufficient. In some cases, we need
to modify a pair of instructions, such as undoing linker relaxation and
converting NOP+ADR into ADRP+ADD sequence.
To achieve this, we use the instruction patch mechanism instead of
pending relocations. Instruction patches are emitted via the regular MC
layer, just like regular functions. However, they have a fixed address
and do not have an associated symbol table entry. This allows us to make
more complex changes to the code, ensuring that function pointers are
correctly updated. Such mechanism should also be portable to RISC-V and
other architectures.
To summarize, for AArch64, we extend the scanExternalRefs() process to
undo linker relaxation and use instruction patches to partially
overwrite unoptimized code.
2025-03-27 21:33:25 -07:00
|
|
|
PrevInstruction = Instruction;
|
2023-06-06 18:25:46 -07:00
|
|
|
if (!BC.SymbolicDisAsm->getInstruction(Instruction, Size,
|
|
|
|
|
FunctionData.slice(Offset),
|
|
|
|
|
AbsoluteInstrAddr, nulls())) {
|
2020-05-03 15:49:58 -07:00
|
|
|
if (opts::Verbosity >= 1 && !isZeroPaddingAt(Offset)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs()
|
|
|
|
|
<< "BOLT-WARNING: unable to disassemble instruction at offset 0x"
|
|
|
|
|
<< Twine::utohexstr(Offset) << " (address 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << ") in function " << *this
|
|
|
|
|
<< '\n';
|
2020-05-03 15:49:58 -07:00
|
|
|
}
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
Success = false;
|
|
|
|
|
DisassemblyFailed = true;
|
2020-05-03 15:49:58 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
// Return true if we can skip handling the Target function reference.
|
|
|
|
|
auto ignoreFunctionRef = [&](const BinaryFunction &Target) {
|
|
|
|
|
if (&Target == this)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
// Note that later we may decide not to emit Target function. In that
|
|
|
|
|
// case, we conservatively create references that will be ignored or
|
|
|
|
|
// resolved to the same function.
|
|
|
|
|
if (!BC.shouldEmit(Target))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Return true if we can ignore reference to the symbol.
|
|
|
|
|
auto ignoreReference = [&](const MCSymbol *TargetSymbol) {
|
2020-06-18 11:10:41 -07:00
|
|
|
if (!TargetSymbol)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if (BC.forceSymbolRelocations(TargetSymbol->getName()))
|
|
|
|
|
return false;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryFunction *TargetFunction = BC.getFunctionForSymbol(TargetSymbol);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!TargetFunction)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return ignoreFunctionRef(*TargetFunction);
|
|
|
|
|
};
|
|
|
|
|
|
2023-06-06 18:25:46 -07:00
|
|
|
// Handle calls and branches separately as symbolization doesn't work for
|
|
|
|
|
// them yet.
|
|
|
|
|
MCSymbol *BranchTargetSymbol = nullptr;
|
|
|
|
|
if (BC.MIB->isCall(Instruction) || BC.MIB->isBranch(Instruction)) {
|
|
|
|
|
uint64_t TargetAddress = 0;
|
|
|
|
|
BC.MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size,
|
|
|
|
|
TargetAddress);
|
2020-05-03 15:49:58 -07:00
|
|
|
|
2023-06-06 18:25:46 -07:00
|
|
|
// Create an entry point at reference address if needed.
|
|
|
|
|
BinaryFunction *TargetFunction =
|
|
|
|
|
BC.getBinaryFunctionContainingAddress(TargetAddress);
|
|
|
|
|
|
|
|
|
|
if (!TargetFunction || ignoreFunctionRef(*TargetFunction))
|
|
|
|
|
continue;
|
2020-05-03 15:49:58 -07:00
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
const uint64_t FunctionOffset =
|
2021-12-14 16:52:51 -08:00
|
|
|
TargetAddress - TargetFunction->getAddress();
|
2023-06-06 18:25:46 -07:00
|
|
|
BranchTargetSymbol =
|
|
|
|
|
FunctionOffset ? TargetFunction->addEntryPointAtOffset(FunctionOffset)
|
2021-12-14 16:52:51 -08:00
|
|
|
: TargetFunction->getSymbol();
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
}
|
|
|
|
|
|
2023-06-06 18:25:46 -07:00
|
|
|
// Can't find more references. Not creating relocations since we are not
|
|
|
|
|
// moving code.
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!BC.HasRelocations)
|
|
|
|
|
continue;
|
|
|
|
|
|
2023-06-06 18:25:46 -07:00
|
|
|
if (BranchTargetSymbol) {
|
|
|
|
|
BC.MIB->replaceBranchTarget(Instruction, BranchTargetSymbol,
|
|
|
|
|
Emitter.LocalCtx.get());
|
2024-12-16 21:49:53 -08:00
|
|
|
} else {
|
|
|
|
|
analyzeInstructionForFuncReference(Instruction);
|
[BOLT][AArch64] Add partial support for lite mode (#133014)
In lite mode, we only emit code for a subset of functions while
preserving the original code in .bolt.org.text. This requires updating
code references in non-emitted functions to ensure that:
* Non-optimized versions of the optimized code never execute.
* Function pointer comparison semantics is preserved.
On x86-64, we can update code references in-place using "pending
relocations" added in scanExternalRefs(). However, on AArch64, this is
not always possible due to address range limitations and linker address
"relaxation".
There are two types of code-to-code references: control transfer (e.g.,
calls and branches) and function pointer materialization.
AArch64-specific control transfer instructions are covered by #116964.
For function pointer materialization, simply changing the immediate
field of an instruction is not always sufficient. In some cases, we need
to modify a pair of instructions, such as undoing linker relaxation and
converting NOP+ADR into ADRP+ADD sequence.
To achieve this, we use the instruction patch mechanism instead of
pending relocations. Instruction patches are emitted via the regular MC
layer, just like regular functions. However, they have a fixed address
and do not have an associated symbol table entry. This allows us to make
more complex changes to the code, ensuring that function pointers are
correctly updated. Such mechanism should also be portable to RISC-V and
other architectures.
To summarize, for AArch64, we extend the scanExternalRefs() process to
undo linker relaxation and use instruction patches to partially
overwrite unoptimized code.
2025-03-27 21:33:25 -07:00
|
|
|
const bool NeedsPatch = llvm::any_of(
|
|
|
|
|
MCPlus::primeOperands(Instruction), [&](const MCOperand &Op) {
|
|
|
|
|
return Op.isExpr() &&
|
|
|
|
|
!ignoreReference(BC.MIB->getTargetSymbol(Op.getExpr()));
|
|
|
|
|
});
|
|
|
|
|
if (!NeedsPatch)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// For AArch64, we need to undo relaxation done by the linker if the target
|
|
|
|
|
// of the instruction is a function that we plan to move.
|
|
|
|
|
//
|
|
|
|
|
// Linker relaxation is documented at:
|
|
|
|
|
// https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst
|
|
|
|
|
// under #relocation-optimization.
|
|
|
|
|
if (const Relocation *Rel;
|
|
|
|
|
BC.isAArch64() && (Rel = getRelocationAt(Offset))) {
|
|
|
|
|
// NOP+ADR sequence can originate from either ADRP+ADD or ADRP+LDR.
|
|
|
|
|
// In either case, we convert it into ADRP+ADD.
|
|
|
|
|
if (BC.MIB->isADR(Instruction) &&
|
|
|
|
|
(Rel->Type == ELF::R_AARCH64_ADD_ABS_LO12_NC ||
|
|
|
|
|
Rel->Type == ELF::R_AARCH64_LD64_GOT_LO12_NC)) {
|
|
|
|
|
if (!BC.MIB->isNoop(PrevInstruction)) {
|
|
|
|
|
// In case of unexpected conversion from the linker, skip target
|
|
|
|
|
// optimization.
|
|
|
|
|
const MCSymbol *Symbol = BC.MIB->getTargetSymbol(Instruction);
|
|
|
|
|
BC.errs() << "BOLT-WARNING: cannot undo linker relaxation for "
|
|
|
|
|
"instruction at 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << " referencing "
|
|
|
|
|
<< Symbol->getName() << '\n';
|
|
|
|
|
if (BinaryFunction *TargetBF = BC.getFunctionForSymbol(Symbol))
|
|
|
|
|
TargetBF->setIgnored();
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
InstructionListType AdrpAdd =
|
|
|
|
|
BC.MIB->undoAdrpAddRelaxation(Instruction, BC.Ctx.get());
|
|
|
|
|
assert(AdrpAdd.size() == 2 && "Two instructions expected");
|
|
|
|
|
LLVM_DEBUG({
|
|
|
|
|
dbgs() << "BOLT-DEBUG: linker relaxation undone for instruction "
|
|
|
|
|
"at 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << '\n';
|
|
|
|
|
});
|
|
|
|
|
InstructionPatches.push_back({AbsoluteInstrAddr - 4, AdrpAdd[0]});
|
|
|
|
|
InstructionPatches.push_back({AbsoluteInstrAddr, AdrpAdd[1]});
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If ADR was emitted by the compiler/assembler to reference a nearby
|
|
|
|
|
// local function, we cannot move away that function due to ADR address
|
|
|
|
|
// span limitation. Hence, we skip the optimization.
|
|
|
|
|
if (BC.MIB->isADR(Instruction) &&
|
|
|
|
|
Rel->Type == ELF::R_AARCH64_ADR_PREL_LO21) {
|
|
|
|
|
BC.errs() << "BOLT-WARNING: unable to convert ADR that references "
|
|
|
|
|
<< Rel->Symbol->getName()
|
|
|
|
|
<< ". Will not optimize the target\n";
|
|
|
|
|
if (BinaryFunction *TargetBF = BC.getFunctionForSymbol(Rel->Symbol))
|
|
|
|
|
TargetBF->setIgnored();
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// In the case of GOT load, ADRP+LDR can also be converted into ADRP+ADD.
|
|
|
|
|
// When this happens, it's not always possible to properly symbolize ADRP
|
|
|
|
|
// operand and we might have to adjust the operand based on the next
|
|
|
|
|
// instruction.
|
|
|
|
|
if (BC.MIB->isAddXri(Instruction) &&
|
|
|
|
|
Rel->Type == ELF::R_AARCH64_LD64_GOT_LO12_NC) {
|
|
|
|
|
if (!BC.MIB->matchAdrpAddPair(PrevInstruction, Instruction)) {
|
|
|
|
|
BC.errs() << "BOLT-ERROR: cannot find matching ADRP for relaxed LDR "
|
|
|
|
|
"instruction at 0x"
|
|
|
|
|
<< Twine::utohexstr(AbsoluteInstrAddr) << '\n';
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if ADRP was already patched. If not, add a new patch for it.
|
|
|
|
|
if (InstructionPatches.empty() ||
|
|
|
|
|
InstructionPatches.back().first != AbsoluteInstrAddr - 4)
|
|
|
|
|
InstructionPatches.push_back(
|
|
|
|
|
{AbsoluteInstrAddr - 4, PrevInstruction});
|
|
|
|
|
|
|
|
|
|
// Adjust the operand for ADRP from the patch.
|
|
|
|
|
MCInst &ADRPInst = InstructionPatches.back().second;
|
|
|
|
|
const MCSymbol *ADRPSymbol = BC.MIB->getTargetSymbol(ADRPInst);
|
|
|
|
|
const MCSymbol *ADDSymbol = BC.MIB->getTargetSymbol(Instruction);
|
|
|
|
|
if (ADRPSymbol != ADDSymbol) {
|
|
|
|
|
const int64_t Addend = BC.MIB->getTargetAddend(Instruction);
|
|
|
|
|
BC.MIB->setOperandToSymbolRef(ADRPInst, /*OpNum*/ 1, ADDSymbol,
|
|
|
|
|
Addend, BC.Ctx.get(),
|
|
|
|
|
ELF::R_AARCH64_NONE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// On AArch64, we use instruction patches for fixing references. We make an
|
|
|
|
|
// exception for branch instructions since they require optional
|
|
|
|
|
// relocations.
|
|
|
|
|
if (BC.isAArch64() && !BranchTargetSymbol) {
|
|
|
|
|
LLVM_DEBUG(BC.printInstruction(dbgs(), Instruction, AbsoluteInstrAddr));
|
|
|
|
|
InstructionPatches.push_back({AbsoluteInstrAddr, Instruction});
|
|
|
|
|
continue;
|
2023-06-06 18:25:46 -07:00
|
|
|
}
|
2020-05-03 15:49:58 -07:00
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
// Emit the instruction using temp emitter and generate relocations.
|
|
|
|
|
SmallString<256> Code;
|
|
|
|
|
SmallVector<MCFixup, 4> Fixups;
|
2023-03-10 15:20:30 +01:00
|
|
|
Emitter.MCE->encodeInstruction(Instruction, Code, Fixups, *BC.STI);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
|
|
|
|
|
// Create relocation for every fixup.
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const MCFixup &Fixup : Fixups) {
|
2022-12-06 14:15:54 -08:00
|
|
|
std::optional<Relocation> Rel = BC.MIB->createRelocation(Fixup, *BC.MAB);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!Rel) {
|
|
|
|
|
Success = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-06 18:25:46 -07:00
|
|
|
if (ignoreReference(Rel->Symbol))
|
|
|
|
|
continue;
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (Relocation::getSizeForType(Rel->Type) < 4) {
|
|
|
|
|
// If the instruction uses a short form, then we might not be able
|
|
|
|
|
// to handle the rewrite without relaxation, and hence cannot reliably
|
|
|
|
|
// create an external reference relocation.
|
|
|
|
|
Success = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2025-05-08 10:53:47 -07:00
|
|
|
|
|
|
|
|
if (BC.isAArch64()) {
|
|
|
|
|
// Allow the relocation to be skipped in case of the overflow during the
|
|
|
|
|
// relocation value encoding.
|
|
|
|
|
Rel->setOptional();
|
|
|
|
|
|
|
|
|
|
if (!opts::CompactCodeModel)
|
|
|
|
|
if (BinaryFunction *TargetBF = BC.getFunctionForSymbol(Rel->Symbol))
|
|
|
|
|
TargetBF->setNeedsPatch(true);
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
Rel->Offset += getAddress() - getOriginSection()->getAddress() + Offset;
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
FunctionRelocations.push_back(*Rel);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!Success)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-06 18:25:46 -07:00
|
|
|
// Reset symbolizer for the disassembler.
|
|
|
|
|
BC.SymbolicDisAsm->setSymbolizer(nullptr);
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
// Add relocations unless disassembly failed for this function.
|
2021-12-20 11:07:46 -08:00
|
|
|
if (!DisassemblyFailed)
|
|
|
|
|
for (Relocation &Rel : FunctionRelocations)
|
2020-10-09 16:06:27 -07:00
|
|
|
getOriginSection()->addPendingRelocation(Rel);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
|
[BOLT][AArch64] Add partial support for lite mode (#133014)
In lite mode, we only emit code for a subset of functions while
preserving the original code in .bolt.org.text. This requires updating
code references in non-emitted functions to ensure that:
* Non-optimized versions of the optimized code never execute.
* Function pointer comparison semantics is preserved.
On x86-64, we can update code references in-place using "pending
relocations" added in scanExternalRefs(). However, on AArch64, this is
not always possible due to address range limitations and linker address
"relaxation".
There are two types of code-to-code references: control transfer (e.g.,
calls and branches) and function pointer materialization.
AArch64-specific control transfer instructions are covered by #116964.
For function pointer materialization, simply changing the immediate
field of an instruction is not always sufficient. In some cases, we need
to modify a pair of instructions, such as undoing linker relaxation and
converting NOP+ADR into ADRP+ADD sequence.
To achieve this, we use the instruction patch mechanism instead of
pending relocations. Instruction patches are emitted via the regular MC
layer, just like regular functions. However, they have a fixed address
and do not have an associated symbol table entry. This allows us to make
more complex changes to the code, ensuring that function pointers are
correctly updated. Such mechanism should also be portable to RISC-V and
other architectures.
To summarize, for AArch64, we extend the scanExternalRefs() process to
undo linker relaxation and use instruction patches to partially
overwrite unoptimized code.
2025-03-27 21:33:25 -07:00
|
|
|
// Add patches grouping them together.
|
|
|
|
|
if (!InstructionPatches.empty()) {
|
|
|
|
|
uint64_t PatchGroupAddress;
|
|
|
|
|
InstructionListType PatchGroup;
|
|
|
|
|
for (auto PI = InstructionPatches.begin(), PE = InstructionPatches.end();
|
|
|
|
|
PI != PE; ++PI) {
|
|
|
|
|
auto &Patch = *PI;
|
|
|
|
|
if (PatchGroup.empty())
|
|
|
|
|
PatchGroupAddress = Patch.first;
|
|
|
|
|
PatchGroup.push_back(Patch.second);
|
|
|
|
|
if (std::next(PI) == PE || std::next(PI)->first != Patch.first + 4) {
|
|
|
|
|
BC.createInstructionPatch(PatchGroupAddress, PatchGroup);
|
|
|
|
|
PatchGroup.clear();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
// Inform BinaryContext that this function symbols will not be defined and
|
|
|
|
|
// relocations should not be created against them.
|
|
|
|
|
if (BC.HasRelocations) {
|
2021-12-20 11:07:46 -08:00
|
|
|
for (std::pair<const uint32_t, MCSymbol *> &LI : Labels)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
BC.UndefinedSymbols.insert(LI.second);
|
2022-08-18 21:40:00 -07:00
|
|
|
for (MCSymbol *const EndLabel : FunctionEndLabels)
|
|
|
|
|
if (EndLabel)
|
|
|
|
|
BC.UndefinedSymbols.insert(EndLabel);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
clearList(Relocations);
|
|
|
|
|
clearList(ExternallyReferencedOffsets);
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (Success && BC.HasRelocations)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
HasExternalRefRelocations = true;
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (opts::Verbosity >= 1 && !Success)
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: failed to scan refs for " << *this << '\n';
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
|
|
|
|
|
return Success;
|
2020-05-03 15:49:58 -07:00
|
|
|
}
|
|
|
|
|
|
2019-04-03 22:31:12 -07:00
|
|
|
void BinaryFunction::postProcessEntryPoints() {
|
2019-04-15 11:56:55 -07:00
|
|
|
if (!isSimple())
|
|
|
|
|
return;
|
|
|
|
|
|
2020-04-19 22:29:54 -07:00
|
|
|
for (auto &KV : Labels) {
|
2021-04-08 00:19:26 -07:00
|
|
|
MCSymbol *Label = KV.second;
|
2020-04-19 22:29:54 -07:00
|
|
|
if (!getSecondaryEntryPointSymbol(Label))
|
|
|
|
|
continue;
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
// In non-relocation mode there's potentially an external undetectable
|
|
|
|
|
// reference to the entry point and hence we cannot move this entry
|
|
|
|
|
// point. Optimizing without moving could be difficult.
|
2025-02-25 10:53:45 -08:00
|
|
|
// In aggregation, register any known entry points for CFG construction.
|
|
|
|
|
if (!BC.HasRelocations && !opts::AggregateOnly)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
setSimple(false);
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
const uint32_t Offset = KV.first;
|
2020-04-19 22:29:54 -07:00
|
|
|
|
2020-01-14 17:12:03 -08:00
|
|
|
// If we are at Offset 0 and there is no instruction associated with it,
|
|
|
|
|
// this means this is an empty function. Just ignore. If we find an
|
|
|
|
|
// instruction at this offset, this entry point is valid.
|
2021-12-20 11:07:46 -08:00
|
|
|
if (!Offset || getInstructionAtOffset(Offset))
|
2020-01-14 17:12:03 -08:00
|
|
|
continue;
|
2019-04-03 22:31:12 -07:00
|
|
|
|
2020-01-14 17:12:03 -08:00
|
|
|
// On AArch64 there are legitimate reasons to have references past the
|
|
|
|
|
// end of the function, e.g. jump tables.
|
2021-12-20 11:07:46 -08:00
|
|
|
if (BC.isAArch64() && Offset == getSize())
|
2020-01-14 17:12:03 -08:00
|
|
|
continue;
|
2019-06-24 20:23:22 -07:00
|
|
|
|
2025-04-15 13:19:15 -07:00
|
|
|
// If we have grabbed a wrong code label which actually points to some
|
|
|
|
|
// constant island inside the function, ignore this label and remove it
|
|
|
|
|
// from the secondary entry point map.
|
|
|
|
|
if (isStartOfConstantIsland(Offset)) {
|
|
|
|
|
BC.SymbolToFunctionMap.erase(Label);
|
|
|
|
|
removeSymbolFromSecondaryEntryPointMap(Label);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: reference in the middle of instruction "
|
|
|
|
|
"detected in function "
|
|
|
|
|
<< *this << " at offset 0x" << Twine::utohexstr(Offset) << '\n';
|
2021-12-20 11:07:46 -08:00
|
|
|
if (BC.HasRelocations)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
setIgnored();
|
2020-01-14 17:12:03 -08:00
|
|
|
setSimple(false);
|
2020-09-29 19:37:47 -07:00
|
|
|
return;
|
2019-04-03 22:31:12 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-27 19:09:38 -07:00
|
|
|
void BinaryFunction::postProcessJumpTables() {
|
|
|
|
|
// Create labels for all entries.
|
|
|
|
|
for (auto &JTI : JumpTables) {
|
2021-04-08 00:19:26 -07:00
|
|
|
JumpTable &JT = *JTI.second;
|
[BOLT] Fix support for PIC jump tables
Summary:
BOLT heuristics failed to work if false PIC jump table entries were
accepted when they were pointing inside a function, but not at
an instruction boundary.
This fix checks if the destination falls at instruction boundary, and
if it does not, it truncates the jump table. This, of course, still does not
guarantee that the entry corresponds to a real destination, and we can
have "false positive" entry(ies). However, it shouldn't affect
correctness of the function, but the CFG may have edges that are never
taken. We may update an incorrect jump table entry, corresponding to an
unrelated data, and for that reason we force moving of jump tables if a
PIC jump table was detected.
(cherry picked from FBD8559588)
2018-06-20 21:43:22 -07:00
|
|
|
if (JT.Type == JumpTable::JTT_PIC && opts::JumpTables == JTS_BASIC) {
|
|
|
|
|
opts::JumpTables = JTS_MOVE;
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: forcing -jump-tables=move as PIC jump table was "
|
|
|
|
|
"detected in function "
|
|
|
|
|
<< *this << '\n';
|
[BOLT] Fix support for PIC jump tables
Summary:
BOLT heuristics failed to work if false PIC jump table entries were
accepted when they were pointing inside a function, but not at
an instruction boundary.
This fix checks if the destination falls at instruction boundary, and
if it does not, it truncates the jump table. This, of course, still does not
guarantee that the entry corresponds to a real destination, and we can
have "false positive" entry(ies). However, it shouldn't affect
correctness of the function, but the CFG may have edges that are never
taken. We may update an incorrect jump table entry, corresponding to an
unrelated data, and for that reason we force moving of jump tables if a
PIC jump table was detected.
(cherry picked from FBD8559588)
2018-06-20 21:43:22 -07:00
|
|
|
}
|
2021-04-08 00:19:26 -07:00
|
|
|
const uint64_t BDSize =
|
|
|
|
|
BC.getBinaryDataAtAddress(JT.getAddress())->getSize();
|
2019-06-28 09:21:27 -07:00
|
|
|
if (!BDSize) {
|
|
|
|
|
BC.setBinaryDataSize(JT.getAddress(), JT.getSize());
|
|
|
|
|
} else {
|
|
|
|
|
assert(BDSize >= JT.getSize() &&
|
|
|
|
|
"jump table cannot be larger than the containing object");
|
|
|
|
|
}
|
2023-06-29 22:21:44 -07:00
|
|
|
if (!JT.Entries.empty())
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
bool HasOneParent = (JT.Parents.size() == 1);
|
|
|
|
|
for (uint64_t EntryAddress : JT.EntriesAsAddress) {
|
|
|
|
|
// builtin_unreachable does not belong to any function
|
|
|
|
|
// Need to handle separately
|
|
|
|
|
bool IsBuiltinUnreachable =
|
|
|
|
|
llvm::any_of(JT.Parents, [&](const BinaryFunction *Parent) {
|
|
|
|
|
return EntryAddress == Parent->getAddress() + Parent->getSize();
|
|
|
|
|
});
|
|
|
|
|
if (IsBuiltinUnreachable) {
|
|
|
|
|
MCSymbol *Label = getOrCreateLocalLabel(EntryAddress, true);
|
|
|
|
|
JT.Entries.push_back(Label);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2023-07-21 19:14:26 -07:00
|
|
|
// Create a local label for targets that cannot be reached by other
|
|
|
|
|
// fragments. Otherwise, create a secondary entry point in the target
|
|
|
|
|
// function.
|
2023-06-29 22:21:44 -07:00
|
|
|
BinaryFunction *TargetBF =
|
|
|
|
|
BC.getBinaryFunctionContainingAddress(EntryAddress);
|
2023-07-21 19:14:26 -07:00
|
|
|
MCSymbol *Label;
|
|
|
|
|
if (HasOneParent && TargetBF == this) {
|
|
|
|
|
Label = getOrCreateLocalLabel(EntryAddress, true);
|
|
|
|
|
} else {
|
|
|
|
|
const uint64_t Offset = EntryAddress - TargetBF->getAddress();
|
|
|
|
|
Label = Offset ? TargetBF->addEntryPointAtOffset(Offset)
|
|
|
|
|
: TargetBF->getSymbol();
|
2023-06-29 22:21:44 -07:00
|
|
|
}
|
2023-07-21 19:14:26 -07:00
|
|
|
JT.Entries.push_back(Label);
|
2023-06-29 22:21:44 -07:00
|
|
|
}
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add TakenBranches from JumpTables.
|
2016-09-16 15:54:32 -07:00
|
|
|
//
|
2016-09-27 19:09:38 -07:00
|
|
|
// We want to do it after initial processing since we don't know jump tables'
|
2016-09-16 15:54:32 -07:00
|
|
|
// boundaries until we process them all.
|
|
|
|
|
for (auto &JTSite : JTSites) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const uint64_t JTSiteOffset = JTSite.first;
|
|
|
|
|
const uint64_t JTAddress = JTSite.second;
|
|
|
|
|
const JumpTable *JT = getJumpTableContainingAddress(JTAddress);
|
2016-09-16 15:54:32 -07:00
|
|
|
assert(JT && "cannot find jump table for address");
|
2019-08-19 14:06:36 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
uint64_t EntryOffset = JTAddress - JT->getAddress();
|
2016-09-27 19:09:38 -07:00
|
|
|
while (EntryOffset < JT->getSize()) {
|
[BOLT] Support multiple parents for split jump table
There are two assumptions regarding jump table:
(a) It is accessed by only one fragment, say, Parent
(b) All entries target instructions in Parent
For (a), BOLT stores jump table entries as relative offset to Parent.
For (b), BOLT treats jump table entries target somewhere out of Parent
as INVALID_OFFSET, including fragment of same split function.
In this update, we extend (a) and (b) to include fragment of same split
functinon. For (a), we store jump table entries in absolute offset
instead. In addition, jump table will store all fragments that access
it. A fragment uses this information to only create label for jump table
entries that target to that fragment.
For (b), using absolute offset allows jump table entries to target
fragments of same split function, i.e., extend support for split jump
table. This can be done using relocation (fragment start/size) and
fragment detection heuristics (e.g., using symbol name pattern for
non-stripped binaries).
For jump table targets that can only be reached by one fragment, we
mark them as local label; otherwise, they would be the secondary
function entry to the target fragment.
Test Plan
```
ninja check-bolt
```
Reviewed By: Amir
Differential Revision: https://reviews.llvm.org/D128474
2022-07-13 23:35:51 -07:00
|
|
|
uint64_t EntryAddress = JT->EntriesAsAddress[EntryOffset / JT->EntrySize];
|
|
|
|
|
uint64_t TargetOffset = EntryAddress - getAddress();
|
2019-06-28 09:21:27 -07:00
|
|
|
if (TargetOffset < getSize()) {
|
2016-09-16 15:54:32 -07:00
|
|
|
TakenBranches.emplace_back(JTSiteOffset, TargetOffset);
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2019-06-28 09:21:27 -07:00
|
|
|
if (opts::StrictMode)
|
|
|
|
|
registerReferencedOffset(TargetOffset);
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-27 19:09:38 -07:00
|
|
|
EntryOffset += JT->EntrySize;
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2016-09-16 15:54:32 -07:00
|
|
|
// A label at the next entry means the end of this jump table.
|
2016-09-27 19:09:38 -07:00
|
|
|
if (JT->Labels.count(EntryOffset))
|
2016-09-16 15:54:32 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-05-02 17:42:06 -07:00
|
|
|
clearList(JTSites);
|
2016-09-16 15:54:32 -07:00
|
|
|
|
2019-06-28 09:21:27 -07:00
|
|
|
// Conservatively populate all possible destinations for unknown indirect
|
|
|
|
|
// branches.
|
|
|
|
|
if (opts::StrictMode && hasInternalReference()) {
|
2021-04-08 00:19:26 -07:00
|
|
|
for (uint64_t Offset : UnknownIndirectBranchOffsets) {
|
|
|
|
|
for (uint64_t PossibleDestination : ExternallyReferencedOffsets) {
|
2019-10-20 20:46:32 -07:00
|
|
|
// Ignore __builtin_unreachable().
|
|
|
|
|
if (PossibleDestination == getSize())
|
|
|
|
|
continue;
|
2019-06-28 09:21:27 -07:00
|
|
|
TakenBranches.emplace_back(Offset, PossibleDestination);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2022-09-16 11:43:16 -07:00
|
|
|
bool BinaryFunction::validateExternallyReferencedOffsets() {
|
|
|
|
|
SmallPtrSet<MCSymbol *, 4> JTTargets;
|
|
|
|
|
for (const JumpTable *JT : llvm::make_second_range(JumpTables))
|
2025-03-29 16:52:16 -07:00
|
|
|
JTTargets.insert_range(JT->Entries);
|
2022-09-16 11:43:16 -07:00
|
|
|
|
|
|
|
|
bool HasUnclaimedReference = false;
|
|
|
|
|
for (uint64_t Destination : ExternallyReferencedOffsets) {
|
|
|
|
|
// Ignore __builtin_unreachable().
|
|
|
|
|
if (Destination == getSize())
|
|
|
|
|
continue;
|
|
|
|
|
// Ignore constant islands
|
|
|
|
|
if (isInConstantIsland(Destination + getAddress()))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (BinaryBasicBlock *BB = getBasicBlockAtOffset(Destination)) {
|
|
|
|
|
// Check if the externally referenced offset is a recognized jump table
|
|
|
|
|
// target.
|
|
|
|
|
if (JTTargets.contains(BB->getLabel()))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (opts::Verbosity >= 1) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: unclaimed data to code reference (possibly "
|
|
|
|
|
<< "an unrecognized jump table entry) to " << BB->getName()
|
|
|
|
|
<< " in " << *this << "\n";
|
2022-09-16 11:43:16 -07:00
|
|
|
}
|
|
|
|
|
auto L = BC.scopeLock();
|
|
|
|
|
addEntryPoint(*BB);
|
|
|
|
|
} else {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: unknown data to code reference to offset "
|
|
|
|
|
<< Twine::utohexstr(Destination) << " in " << *this << "\n";
|
2022-09-16 11:43:16 -07:00
|
|
|
setIgnored();
|
|
|
|
|
}
|
|
|
|
|
HasUnclaimedReference = true;
|
|
|
|
|
}
|
|
|
|
|
return !HasUnclaimedReference;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-12 07:25:50 -07:00
|
|
|
bool BinaryFunction::postProcessIndirectBranches(
|
|
|
|
|
MCPlusBuilder::AllocatorIdTy AllocId) {
|
2019-06-28 09:21:27 -07:00
|
|
|
auto addUnknownControlFlow = [&](BinaryBasicBlock &BB) {
|
2023-02-27 15:21:23 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: adding unknown control flow in " << *this
|
|
|
|
|
<< " for " << BB.getName() << "\n");
|
2019-06-28 09:21:27 -07:00
|
|
|
HasUnknownControlFlow = true;
|
|
|
|
|
BB.removeAllSuccessors();
|
2021-12-20 11:07:46 -08:00
|
|
|
for (uint64_t PossibleDestination : ExternallyReferencedOffsets)
|
2021-04-08 00:19:26 -07:00
|
|
|
if (BinaryBasicBlock *SuccBB = getBasicBlockAtOffset(PossibleDestination))
|
2019-06-28 09:21:27 -07:00
|
|
|
BB.addSuccessor(SuccBB);
|
|
|
|
|
};
|
|
|
|
|
|
2021-05-13 10:50:47 -07:00
|
|
|
uint64_t NumIndirectJumps = 0;
|
2019-06-28 09:21:27 -07:00
|
|
|
MCInst *LastIndirectJump = nullptr;
|
2021-05-13 10:50:47 -07:00
|
|
|
BinaryBasicBlock *LastIndirectJumpBB = nullptr;
|
|
|
|
|
uint64_t LastJT = 0;
|
2019-06-28 09:21:27 -07:00
|
|
|
uint16_t LastJTIndexReg = BC.MIB->getNoRegister();
|
2022-07-14 12:55:20 -07:00
|
|
|
for (BinaryBasicBlock &BB : blocks()) {
|
2023-10-05 08:55:30 +00:00
|
|
|
for (BinaryBasicBlock::iterator II = BB.begin(); II != BB.end(); ++II) {
|
|
|
|
|
MCInst &Instr = *II;
|
2018-03-09 09:45:13 -08:00
|
|
|
if (!BC.MIB->isIndirectBranch(Instr))
|
2016-08-22 14:24:09 -07:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// If there's an indirect branch in a single-block function -
|
|
|
|
|
// it must be a tail call.
|
2022-07-14 12:55:20 -07:00
|
|
|
if (BasicBlocks.size() == 1) {
|
2019-06-28 09:21:27 -07:00
|
|
|
BC.MIB->convertJmpToTailCall(Instr);
|
2016-08-22 14:24:09 -07:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-28 09:21:27 -07:00
|
|
|
++NumIndirectJumps;
|
|
|
|
|
|
|
|
|
|
if (opts::StrictMode && !hasInternalReference()) {
|
|
|
|
|
BC.MIB->convertJmpToTailCall(Instr);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-22 18:14:34 -07:00
|
|
|
// Validate the tail call or jump table assumptions now that we know
|
|
|
|
|
// basic block boundaries.
|
2018-03-09 09:45:13 -08:00
|
|
|
if (BC.MIB->isTailCall(Instr) || BC.MIB->getJumpTable(Instr)) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const unsigned PtrSize = BC.AsmInfo->getCodePointerSize();
|
2019-05-22 18:14:34 -07:00
|
|
|
MCInst *MemLocInstr;
|
|
|
|
|
unsigned BaseRegNum, IndexRegNum;
|
|
|
|
|
int64_t DispValue;
|
|
|
|
|
const MCExpr *DispExpr;
|
|
|
|
|
MCInst *PCRelBaseInstr;
|
2024-05-09 12:35:45 -07:00
|
|
|
MCInst *FixedEntryLoadInstr;
|
2021-04-08 00:19:26 -07:00
|
|
|
IndirectBranchType Type = BC.MIB->analyzeIndirectBranch(
|
2023-10-05 08:55:30 +00:00
|
|
|
Instr, BB.begin(), II, PtrSize, MemLocInstr, BaseRegNum,
|
2024-05-09 12:35:45 -07:00
|
|
|
IndexRegNum, DispValue, DispExpr, PCRelBaseInstr,
|
|
|
|
|
FixedEntryLoadInstr);
|
2019-06-28 09:21:27 -07:00
|
|
|
if (Type != IndirectBranchType::UNKNOWN || MemLocInstr != nullptr)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (!opts::StrictMode)
|
2016-09-27 19:09:38 -07:00
|
|
|
return false;
|
|
|
|
|
|
2019-06-28 09:21:27 -07:00
|
|
|
if (BC.MIB->isTailCall(Instr)) {
|
|
|
|
|
BC.MIB->convertTailCallToJmp(Instr);
|
|
|
|
|
} else {
|
|
|
|
|
LastIndirectJump = &Instr;
|
2022-07-14 12:55:20 -07:00
|
|
|
LastIndirectJumpBB = &BB;
|
2019-06-28 09:21:27 -07:00
|
|
|
LastJT = BC.MIB->getJumpTable(Instr);
|
|
|
|
|
LastJTIndexReg = BC.MIB->getJumpTableIndexReg(Instr);
|
|
|
|
|
BC.MIB->unsetJumpTable(Instr);
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
JumpTable *JT = BC.getJumpTableContainingAddress(LastJT);
|
2019-06-28 09:21:27 -07:00
|
|
|
if (JT->Type == JumpTable::JTT_NORMAL) {
|
|
|
|
|
// Invalidating the jump table may also invalidate other jump table
|
|
|
|
|
// boundaries. Until we have/need a support for this, mark the
|
|
|
|
|
// function as non-simple.
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: rejected jump table reference"
|
|
|
|
|
<< JT->getName() << " in " << *this << '\n');
|
2019-06-28 09:21:27 -07:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-14 12:55:20 -07:00
|
|
|
addUnknownControlFlow(BB);
|
2016-09-27 19:09:38 -07:00
|
|
|
continue;
|
2016-08-22 14:24:09 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If this block contains an epilogue code and has an indirect branch,
|
|
|
|
|
// then most likely it's a tail call. Otherwise, we cannot tell for sure
|
|
|
|
|
// what it is and conservatively reject the function's CFG.
|
2022-08-19 15:57:24 -07:00
|
|
|
bool IsEpilogue = llvm::any_of(BB, [&](const MCInst &Instr) {
|
|
|
|
|
return BC.MIB->isLeave(Instr) || BC.MIB->isPop(Instr);
|
|
|
|
|
});
|
2019-06-28 09:21:27 -07:00
|
|
|
if (IsEpilogue) {
|
|
|
|
|
BC.MIB->convertJmpToTailCall(Instr);
|
2022-07-14 12:55:20 -07:00
|
|
|
BB.removeAllSuccessors();
|
2019-06-28 09:21:27 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opts::Verbosity >= 2) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: rejected potential indirect tail call in "
|
|
|
|
|
<< "function " << *this << " in basic block " << BB.getName()
|
|
|
|
|
<< ".\n";
|
2022-07-14 12:55:20 -07:00
|
|
|
LLVM_DEBUG(BC.printInstructions(dbgs(), BB.begin(), BB.end(),
|
|
|
|
|
BB.getOffset(), this, true));
|
2016-08-22 14:24:09 -07:00
|
|
|
}
|
2019-06-28 09:21:27 -07:00
|
|
|
|
|
|
|
|
if (!opts::StrictMode)
|
|
|
|
|
return false;
|
|
|
|
|
|
2022-07-14 12:55:20 -07:00
|
|
|
addUnknownControlFlow(BB);
|
2019-06-28 09:21:27 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (HasInternalLabelReference)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
// If there's only one jump table, and one indirect jump, and no other
|
|
|
|
|
// references, then we should be able to derive the jump table even if we
|
|
|
|
|
// fail to match the pattern.
|
|
|
|
|
if (HasUnknownControlFlow && NumIndirectJumps == 1 &&
|
2023-02-27 15:21:23 -08:00
|
|
|
JumpTables.size() == 1 && LastIndirectJump &&
|
|
|
|
|
!BC.getJumpTableContainingAddress(LastJT)->IsSplit) {
|
|
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: unsetting unknown control flow in "
|
|
|
|
|
<< *this << '\n');
|
2019-07-12 07:25:50 -07:00
|
|
|
BC.MIB->setJumpTable(*LastIndirectJump, LastJT, LastJTIndexReg, AllocId);
|
2019-06-28 09:21:27 -07:00
|
|
|
HasUnknownControlFlow = false;
|
|
|
|
|
|
2022-02-14 10:37:20 -08:00
|
|
|
LastIndirectJumpBB->updateJumpTableSuccessors();
|
2016-08-22 14:24:09 -07:00
|
|
|
}
|
2018-08-06 11:22:45 -07:00
|
|
|
|
2022-09-16 11:43:16 -07:00
|
|
|
// Validate that all data references to function offsets are claimed by
|
|
|
|
|
// recognized jump tables. Register externally referenced blocks as entry
|
|
|
|
|
// points.
|
|
|
|
|
if (!opts::StrictMode && hasInternalReference()) {
|
|
|
|
|
if (!validateExternallyReferencedOffsets())
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-28 09:21:27 -07:00
|
|
|
if (HasUnknownControlFlow && !BC.HasRelocations)
|
|
|
|
|
return false;
|
|
|
|
|
|
2016-08-22 14:24:09 -07:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 18:36:30 -07:00
|
|
|
void BinaryFunction::recomputeLandingPads() {
|
|
|
|
|
updateBBIndices(0);
|
2016-07-23 12:50:34 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2017-10-26 18:36:30 -07:00
|
|
|
BB->LandingPads.clear();
|
|
|
|
|
BB->Throwers.clear();
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2017-12-08 20:27:49 -08:00
|
|
|
std::unordered_set<const BinaryBasicBlock *> BBLandingPads;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (MCInst &Instr : *BB) {
|
2018-03-09 09:45:13 -08:00
|
|
|
if (!BC.MIB->isInvoke(Instr))
|
2017-10-26 18:36:30 -07:00
|
|
|
continue;
|
2016-07-23 12:50:34 -07:00
|
|
|
|
2022-12-06 14:15:54 -08:00
|
|
|
const std::optional<MCPlus::MCLandingPad> EHInfo =
|
|
|
|
|
BC.MIB->getEHInfo(Instr);
|
[BOLT][Refactoring] Isolate changes to MC layer
Summary:
Changes that we made to MCInst, MCOperand, MCExpr, etc. are now all
moved into tools/llvm-bolt. That required a change to the way we handle
annotations and any extra operands for MCInst.
Any MCPlus information is now attached via an extra operand of type
MCInst with an opcode ANNOTATION_LABEL. Since this operand is MCInst, we
attach extra info as operands to this instruction. For first-level
annotations use functions to access the information, such as
getConditionalTailCall() or getEHInfo(), etc. For the rest, optional or
second-class annotations, use a general named-annotation interface such
as getAnnotationAs<uint64_t>(Inst, "Count").
I did a test on HHVM binary, and a memory consumption went down a little
bit while the runtime remained the same.
(cherry picked from FBD7405412)
2018-03-19 18:32:12 -07:00
|
|
|
if (!EHInfo || !EHInfo->first)
|
2017-10-26 18:36:30 -07:00
|
|
|
continue;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *LPBlock = getBasicBlockForLabel(EHInfo->first);
|
2017-12-08 20:27:49 -08:00
|
|
|
if (!BBLandingPads.count(LPBlock)) {
|
|
|
|
|
BBLandingPads.insert(LPBlock);
|
|
|
|
|
BB->LandingPads.emplace_back(LPBlock);
|
|
|
|
|
LPBlock->Throwers.emplace_back(BB);
|
|
|
|
|
}
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
2017-10-26 18:36:30 -07:00
|
|
|
}
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2024-02-12 14:51:15 -08:00
|
|
|
Error BinaryFunction::buildCFG(MCPlusBuilder::AllocatorIdTy AllocatorId) {
|
2018-03-09 09:45:13 -08:00
|
|
|
auto &MIB = BC.MIB;
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2016-09-27 19:09:38 -07:00
|
|
|
if (!isSimple()) {
|
2017-12-09 21:40:39 -08:00
|
|
|
assert(!BC.HasRelocations &&
|
2016-09-27 19:09:38 -07:00
|
|
|
"cannot process file with non-simple function in relocs mode");
|
2024-02-12 14:51:15 -08:00
|
|
|
return createNonFatalBOLTError("");
|
2016-09-27 19:09:38 -07:00
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2019-04-03 22:31:12 -07:00
|
|
|
if (CurrentState != State::Disassembled)
|
2024-02-12 14:51:15 -08:00
|
|
|
return createNonFatalBOLTError("");
|
2015-10-09 17:21:14 -07:00
|
|
|
|
|
|
|
|
assert(BasicBlocks.empty() && "basic block list should be empty");
|
2022-06-08 15:08:31 -07:00
|
|
|
assert((Labels.find(getFirstInstructionOffset()) != Labels.end()) &&
|
2015-10-09 17:21:14 -07:00
|
|
|
"first instruction should always have a label");
|
|
|
|
|
|
|
|
|
|
// Create basic blocks in the original layout order:
|
|
|
|
|
//
|
|
|
|
|
// * Every instruction with associated label marks
|
|
|
|
|
// the beginning of a basic block.
|
|
|
|
|
// * Conditional instruction marks the end of a basic block,
|
|
|
|
|
// except when the following instruction is an
|
|
|
|
|
// unconditional branch, and the unconditional branch is not
|
|
|
|
|
// a destination of another branch. In the latter case, the
|
|
|
|
|
// basic block will consist of a single unconditional branch
|
2017-10-12 14:57:11 -07:00
|
|
|
// (missed "double-jump" optimization).
|
2015-10-09 17:21:14 -07:00
|
|
|
//
|
|
|
|
|
// Created basic blocks are sorted in layout order since they are
|
|
|
|
|
// created in the same order as instructions, and instructions are
|
|
|
|
|
// sorted by offsets.
|
2021-05-13 10:50:47 -07:00
|
|
|
BinaryBasicBlock *InsertBB = nullptr;
|
|
|
|
|
BinaryBasicBlock *PrevBB = nullptr;
|
|
|
|
|
bool IsLastInstrNop = false;
|
2021-12-18 17:05:00 -08:00
|
|
|
// Offset of the last non-nop instruction.
|
2021-05-13 10:50:47 -07:00
|
|
|
uint64_t LastInstrOffset = 0;
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
auto addCFIPlaceholders = [this](uint64_t CFIOffset,
|
|
|
|
|
BinaryBasicBlock *InsertBB) {
|
|
|
|
|
for (auto FI = OffsetToCFI.lower_bound(CFIOffset),
|
|
|
|
|
FE = OffsetToCFI.upper_bound(CFIOffset);
|
|
|
|
|
FI != FE; ++FI) {
|
|
|
|
|
addCFIPseudo(InsertBB, InsertBB->end(), FI->second);
|
|
|
|
|
}
|
|
|
|
|
};
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2018-02-13 11:21:59 -08:00
|
|
|
// For profiling purposes we need to save the offset of the last instruction
|
2021-12-18 17:05:00 -08:00
|
|
|
// in the basic block.
|
|
|
|
|
// NOTE: nops always have an Offset annotation. Annotate the last non-nop as
|
|
|
|
|
// older profiles ignored nops.
|
2018-02-13 11:21:59 -08:00
|
|
|
auto updateOffset = [&](uint64_t Offset) {
|
|
|
|
|
assert(PrevBB && PrevBB != InsertBB && "invalid previous block");
|
2021-12-18 17:05:00 -08:00
|
|
|
MCInst *LastNonNop = nullptr;
|
|
|
|
|
for (BinaryBasicBlock::reverse_iterator RII = PrevBB->getLastNonPseudo(),
|
|
|
|
|
E = PrevBB->rend();
|
|
|
|
|
RII != E; ++RII) {
|
|
|
|
|
if (!BC.MIB->isPseudo(*RII) && !BC.MIB->isNoop(*RII)) {
|
|
|
|
|
LastNonNop = &*RII;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-08-03 17:53:32 -07:00
|
|
|
if (LastNonNop && !MIB->getOffset(*LastNonNop))
|
2023-11-06 12:14:22 -08:00
|
|
|
MIB->setOffset(*LastNonNop, static_cast<uint32_t>(Offset));
|
2018-02-13 11:21:59 -08:00
|
|
|
};
|
|
|
|
|
|
2017-11-04 19:22:05 -07:00
|
|
|
for (auto I = Instructions.begin(), E = Instructions.end(); I != E; ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const uint32_t Offset = I->first;
|
|
|
|
|
MCInst &Instr = I->second;
|
2016-07-13 18:57:40 -07:00
|
|
|
|
|
|
|
|
auto LI = Labels.find(Offset);
|
2015-10-09 17:21:14 -07:00
|
|
|
if (LI != Labels.end()) {
|
|
|
|
|
// Always create new BB at branch destination.
|
2021-12-18 17:05:00 -08:00
|
|
|
PrevBB = InsertBB ? InsertBB : PrevBB;
|
2022-06-15 18:49:39 -07:00
|
|
|
InsertBB = addBasicBlockAt(LI->first, LI->second);
|
|
|
|
|
if (opts::PreserveBlocksAlignment && IsLastInstrNop)
|
|
|
|
|
InsertBB->setDerivedAlignment();
|
|
|
|
|
|
2018-02-13 11:21:59 -08:00
|
|
|
if (PrevBB)
|
|
|
|
|
updateOffset(LastInstrOffset);
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
2019-05-16 12:46:32 -07:00
|
|
|
|
2021-12-18 17:05:00 -08:00
|
|
|
// Mark all nops with Offset for profile tracking purposes.
|
2023-06-28 14:35:05 -07:00
|
|
|
if (MIB->isNoop(Instr) && !MIB->getOffset(Instr)) {
|
2023-06-27 22:56:47 -07:00
|
|
|
// If "Offset" annotation is not present, set it and mark the nop for
|
|
|
|
|
// deletion.
|
2023-11-06 12:14:22 -08:00
|
|
|
MIB->setOffset(Instr, static_cast<uint32_t>(Offset));
|
2023-06-28 14:35:05 -07:00
|
|
|
// Annotate ordinary nops, so we can safely delete them if required.
|
|
|
|
|
MIB->addAnnotation(Instr, "NOP", static_cast<uint32_t>(1), AllocatorId);
|
2019-05-17 07:58:27 -07:00
|
|
|
}
|
2019-05-16 12:46:32 -07:00
|
|
|
|
2015-10-09 17:21:14 -07:00
|
|
|
if (!InsertBB) {
|
2015-10-20 10:17:38 -07:00
|
|
|
// It must be a fallthrough or unreachable code. Create a new block unless
|
2017-10-12 14:57:11 -07:00
|
|
|
// we see an unconditional branch following a conditional one. The latter
|
|
|
|
|
// should not be a conditional tail call.
|
2015-10-09 17:21:14 -07:00
|
|
|
assert(PrevBB && "no previous basic block for a fall through");
|
2021-04-08 00:19:26 -07:00
|
|
|
MCInst *PrevInstr = PrevBB->getLastNonPseudoInstr();
|
2015-10-20 10:17:38 -07:00
|
|
|
assert(PrevInstr && "no previous instruction for a fall through");
|
2018-03-09 09:45:13 -08:00
|
|
|
if (MIB->isUnconditionalBranch(Instr) &&
|
2023-04-11 14:31:16 -07:00
|
|
|
!MIB->isIndirectBranch(*PrevInstr) &&
|
2018-03-09 09:45:13 -08:00
|
|
|
!MIB->isUnconditionalBranch(*PrevInstr) &&
|
2022-01-19 22:06:06 +03:00
|
|
|
!MIB->getConditionalTailCall(*PrevInstr) &&
|
|
|
|
|
!MIB->isReturn(*PrevInstr)) {
|
2015-10-09 17:21:14 -07:00
|
|
|
// Temporarily restore inserter basic block.
|
|
|
|
|
InsertBB = PrevBB;
|
|
|
|
|
} else {
|
2019-07-12 07:25:50 -07:00
|
|
|
MCSymbol *Label;
|
|
|
|
|
{
|
2019-08-07 16:09:50 -07:00
|
|
|
auto L = BC.scopeLock();
|
2020-12-01 16:29:39 -08:00
|
|
|
Label = BC.Ctx->createNamedTempSymbol("FT");
|
2019-07-12 07:25:50 -07:00
|
|
|
}
|
2022-06-15 18:49:39 -07:00
|
|
|
InsertBB = addBasicBlockAt(Offset, Label);
|
|
|
|
|
if (opts::PreserveBlocksAlignment && IsLastInstrNop)
|
|
|
|
|
InsertBB->setDerivedAlignment();
|
2018-02-13 11:21:59 -08:00
|
|
|
updateOffset(LastInstrOffset);
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
}
|
2022-06-08 15:08:31 -07:00
|
|
|
if (Offset == getFirstInstructionOffset()) {
|
|
|
|
|
// Add associated CFI pseudos in the first offset
|
|
|
|
|
addCFIPlaceholders(Offset, InsertBB);
|
2015-11-08 12:23:54 -08:00
|
|
|
}
|
2015-10-20 10:51:17 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
const bool IsBlockEnd = MIB->isTerminator(Instr);
|
2018-03-09 09:45:13 -08:00
|
|
|
IsLastInstrNop = MIB->isNoop(Instr);
|
2021-12-18 17:05:00 -08:00
|
|
|
if (!IsLastInstrNop)
|
|
|
|
|
LastInstrOffset = Offset;
|
2018-02-13 11:21:59 -08:00
|
|
|
InsertBB->addInstruction(std::move(Instr));
|
2016-07-13 18:57:40 -07:00
|
|
|
|
2015-11-08 12:23:54 -08:00
|
|
|
// Add associated CFI instrs. We always add the CFI instruction that is
|
|
|
|
|
// located immediately after this instruction, since the next CFI
|
|
|
|
|
// instruction reflects the change in state caused by this instruction.
|
2016-08-29 21:11:22 -07:00
|
|
|
auto NextInstr = std::next(I);
|
2015-11-08 12:23:54 -08:00
|
|
|
uint64_t CFIOffset;
|
|
|
|
|
if (NextInstr != E)
|
|
|
|
|
CFIOffset = NextInstr->first;
|
|
|
|
|
else
|
|
|
|
|
CFIOffset = getSize();
|
2018-02-13 11:21:59 -08:00
|
|
|
|
|
|
|
|
// Note: this potentially invalidates instruction pointers/iterators.
|
2015-11-08 12:23:54 -08:00
|
|
|
addCFIPlaceholders(CFIOffset, InsertBB);
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2018-02-13 11:21:59 -08:00
|
|
|
if (IsBlockEnd) {
|
2015-10-09 17:21:14 -07:00
|
|
|
PrevBB = InsertBB;
|
|
|
|
|
InsertBB = nullptr;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-12 11:30:05 -07:00
|
|
|
if (BasicBlocks.empty()) {
|
|
|
|
|
setSimple(false);
|
2024-02-12 14:51:15 -08:00
|
|
|
return createNonFatalBOLTError("");
|
2017-03-12 11:30:05 -07:00
|
|
|
}
|
|
|
|
|
|
2015-10-09 17:21:14 -07:00
|
|
|
// Intermediate dump.
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(print(dbgs(), "after creating basic blocks"));
|
2015-10-09 17:21:14 -07:00
|
|
|
|
|
|
|
|
// TODO: handle properly calls to no-return functions,
|
|
|
|
|
// e.g. exit(3), etc. Otherwise we'll see a false fall-through
|
|
|
|
|
// blocks.
|
|
|
|
|
|
2024-02-28 19:51:44 -08:00
|
|
|
// Remove duplicates branches. We can get a bunch of them from jump tables.
|
|
|
|
|
// Without doing jump table value profiling we don't have a use for extra
|
|
|
|
|
// (duplicate) branches.
|
|
|
|
|
llvm::sort(TakenBranches);
|
2025-04-20 18:29:51 -07:00
|
|
|
auto NewEnd = llvm::unique(TakenBranches);
|
2024-02-28 19:51:44 -08:00
|
|
|
TakenBranches.erase(NewEnd, TakenBranches.end());
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (std::pair<uint32_t, uint32_t> &Branch : TakenBranches) {
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "registering branch [0x"
|
|
|
|
|
<< Twine::utohexstr(Branch.first) << "] -> [0x"
|
|
|
|
|
<< Twine::utohexstr(Branch.second) << "]\n");
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *FromBB = getBasicBlockContainingOffset(Branch.first);
|
|
|
|
|
BinaryBasicBlock *ToBB = getBasicBlockAtOffset(Branch.second);
|
2018-06-20 12:03:24 -07:00
|
|
|
if (!FromBB || !ToBB) {
|
|
|
|
|
if (!FromBB)
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: cannot find BB containing the branch.\n";
|
2019-10-21 15:57:36 -07:00
|
|
|
if (!ToBB)
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs()
|
|
|
|
|
<< "BOLT-ERROR: cannot find BB containing branch destination.\n";
|
|
|
|
|
return createFatalBOLTError(BC.generateBugReportMessage(
|
|
|
|
|
"disassembly failed - inconsistent branch found.", *this));
|
2018-06-20 12:03:24 -07:00
|
|
|
}
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
FromBB->addSuccessor(ToBB);
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
// Add fall-through branches.
|
2015-10-09 17:21:14 -07:00
|
|
|
PrevBB = nullptr;
|
|
|
|
|
bool IsPrevFT = false; // Is previous block a fall-through.
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2021-12-20 11:07:46 -08:00
|
|
|
if (IsPrevFT)
|
2017-11-28 09:57:21 -08:00
|
|
|
PrevBB->addSuccessor(BB);
|
2021-12-20 11:07:46 -08:00
|
|
|
|
2016-06-07 16:27:52 -07:00
|
|
|
if (BB->empty()) {
|
2015-10-20 10:51:17 -07:00
|
|
|
IsPrevFT = true;
|
2016-06-07 16:27:52 -07:00
|
|
|
PrevBB = BB;
|
2015-11-08 12:23:54 -08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
MCInst *LastInstr = BB->getLastNonPseudoInstr();
|
2017-10-23 23:32:40 -07:00
|
|
|
assert(LastInstr &&
|
|
|
|
|
"should have non-pseudo instruction in non-empty block");
|
2016-07-13 18:57:40 -07:00
|
|
|
|
2016-06-07 16:27:52 -07:00
|
|
|
if (BB->succ_size() == 0) {
|
2017-11-28 09:57:21 -08:00
|
|
|
// Since there's no existing successors, we know the last instruction is
|
|
|
|
|
// not a conditional branch. Thus if it's a terminator, it shouldn't be a
|
|
|
|
|
// fall-through.
|
|
|
|
|
//
|
|
|
|
|
// Conditional tail call is a special case since we don't add a taken
|
|
|
|
|
// branch successor for it.
|
2018-03-09 09:45:13 -08:00
|
|
|
IsPrevFT = !MIB->isTerminator(*LastInstr) ||
|
|
|
|
|
MIB->getConditionalTailCall(*LastInstr);
|
2016-06-07 16:27:52 -07:00
|
|
|
} else if (BB->succ_size() == 1) {
|
2018-03-09 09:45:13 -08:00
|
|
|
IsPrevFT = MIB->isConditionalBranch(*LastInstr);
|
2015-10-09 17:21:14 -07:00
|
|
|
} else {
|
|
|
|
|
IsPrevFT = false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-07 16:27:52 -07:00
|
|
|
PrevBB = BB;
|
2015-10-09 17:21:14 -07:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
// Assign landing pads and throwers info.
|
2017-10-26 18:36:30 -07:00
|
|
|
recomputeLandingPads();
|
2016-05-24 09:26:25 -07:00
|
|
|
|
2017-02-24 21:59:33 -08:00
|
|
|
// Assign CFI information to each BB entry.
|
|
|
|
|
annotateCFIState();
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
// Annotate invoke instructions with GNU_args_size data.
|
2019-07-12 07:25:50 -07:00
|
|
|
propagateGnuArgsSizeInfo(AllocatorId);
|
2017-11-28 09:57:21 -08:00
|
|
|
|
|
|
|
|
// Set the basic block layout to the original order and set end offsets.
|
2017-05-16 09:27:34 -07:00
|
|
|
PrevBB = nullptr;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2022-07-16 17:23:21 -07:00
|
|
|
Layout.addBasicBlock(BB);
|
2017-05-16 09:27:34 -07:00
|
|
|
if (PrevBB)
|
|
|
|
|
PrevBB->setEndOffset(BB->getOffset());
|
|
|
|
|
PrevBB = BB;
|
2016-07-13 18:57:40 -07:00
|
|
|
}
|
2017-05-16 09:27:34 -07:00
|
|
|
PrevBB->setEndOffset(getSize());
|
2016-07-13 18:57:40 -07:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
Layout.updateLayoutIndices();
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2019-01-31 11:23:02 -08:00
|
|
|
normalizeCFIState();
|
|
|
|
|
|
2018-02-02 14:46:21 -08:00
|
|
|
// Clean-up memory taken by intermediate structures.
|
|
|
|
|
//
|
|
|
|
|
// NB: don't clear Labels list as we may need them if we mark the function
|
|
|
|
|
// as non-simple later in the process of discovering extra entry points.
|
|
|
|
|
clearList(Instructions);
|
|
|
|
|
clearList(OffsetToCFI);
|
|
|
|
|
clearList(TakenBranches);
|
|
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
// Update the state.
|
|
|
|
|
CurrentState = State::CFG;
|
2016-08-22 14:24:09 -07:00
|
|
|
|
2019-05-22 11:26:58 -07:00
|
|
|
// Make any necessary adjustments for indirect branches.
|
2019-07-12 07:25:50 -07:00
|
|
|
if (!postProcessIndirectBranches(AllocatorId)) {
|
2019-05-22 11:26:58 -07:00
|
|
|
if (opts::Verbosity) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: failed to post-process indirect branches for "
|
|
|
|
|
<< *this << '\n';
|
2019-05-22 11:26:58 -07:00
|
|
|
}
|
2025-01-28 11:03:49 -08:00
|
|
|
|
|
|
|
|
if (BC.isAArch64())
|
|
|
|
|
PreserveNops = BC.HasRelocations;
|
|
|
|
|
|
2019-05-22 11:26:58 -07:00
|
|
|
// In relocation mode we want to keep processing the function but avoid
|
|
|
|
|
// optimizing it.
|
|
|
|
|
setSimple(false);
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-28 09:21:27 -07:00
|
|
|
clearList(ExternallyReferencedOffsets);
|
|
|
|
|
clearList(UnknownIndirectBranchOffsets);
|
|
|
|
|
|
2024-02-12 14:51:15 -08:00
|
|
|
return Error::success();
|
2017-11-28 09:57:21 -08:00
|
|
|
}
|
2017-03-03 11:35:41 -08:00
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
void BinaryFunction::postProcessCFG() {
|
|
|
|
|
if (isSimple() && !BasicBlocks.empty()) {
|
|
|
|
|
// Convert conditional tail call branches to conditional branches that jump
|
|
|
|
|
// to a tail call.
|
|
|
|
|
removeConditionalTailCalls();
|
|
|
|
|
|
2019-05-22 11:26:58 -07:00
|
|
|
postProcessProfile();
|
2017-11-28 09:57:21 -08:00
|
|
|
|
2019-05-22 11:26:58 -07:00
|
|
|
// Eliminate inconsistencies between branch instructions and CFG.
|
|
|
|
|
postProcessBranches();
|
2017-11-28 09:57:21 -08:00
|
|
|
}
|
2017-08-02 10:59:33 -07:00
|
|
|
|
2018-02-02 14:46:21 -08:00
|
|
|
// The final cleanup of intermediate structures.
|
2017-04-18 23:32:11 -07:00
|
|
|
clearList(IgnoredBranches);
|
2015-10-09 17:21:14 -07:00
|
|
|
|
2019-11-03 21:57:15 -08:00
|
|
|
// Remove "Offset" annotations, unless we need an address-translation table
|
|
|
|
|
// later. This has no cost, since annotations are allocated by a bumpptr
|
|
|
|
|
// allocator and won't be released anyway until late in the pipeline.
|
2021-12-20 11:07:46 -08:00
|
|
|
if (!requiresAddressTranslation() && !opts::Instrument) {
|
2022-07-14 12:55:20 -07:00
|
|
|
for (BinaryBasicBlock &BB : blocks())
|
|
|
|
|
for (MCInst &Inst : BB)
|
2021-08-03 17:53:32 -07:00
|
|
|
BC.MIB->clearOffset(Inst);
|
2021-12-20 11:07:46 -08:00
|
|
|
}
|
2017-02-27 21:44:38 -08:00
|
|
|
|
2018-04-13 15:46:19 -07:00
|
|
|
assert((!isSimple() || validateCFG()) &&
|
|
|
|
|
"invalid CFG detected after post-processing");
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-02 10:59:33 -07:00
|
|
|
void BinaryFunction::removeTagsFromProfile() {
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2017-08-02 10:59:33 -07:00
|
|
|
if (BB->ExecutionCount == BinaryBasicBlock::COUNT_NO_PROFILE)
|
|
|
|
|
BB->ExecutionCount = 0;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock::BinaryBranchInfo &BI : BB->branch_info()) {
|
2017-08-02 10:59:33 -07:00
|
|
|
if (BI.Count != BinaryBasicBlock::COUNT_NO_PROFILE &&
|
|
|
|
|
BI.MispredictedCount != BinaryBasicBlock::COUNT_NO_PROFILE)
|
|
|
|
|
continue;
|
|
|
|
|
BI.Count = 0;
|
|
|
|
|
BI.MispredictedCount = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-13 18:57:40 -07:00
|
|
|
void BinaryFunction::removeConditionalTailCalls() {
|
2017-10-23 23:32:40 -07:00
|
|
|
// Blocks to be appended at the end.
|
|
|
|
|
std::vector<std::unique_ptr<BinaryBasicBlock>> NewBlocks;
|
|
|
|
|
|
|
|
|
|
for (auto BBI = begin(); BBI != end(); ++BBI) {
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock &BB = *BBI;
|
|
|
|
|
MCInst *CTCInstr = BB.getLastNonPseudoInstr();
|
2017-10-23 23:32:40 -07:00
|
|
|
if (!CTCInstr)
|
2016-07-13 18:57:40 -07:00
|
|
|
continue;
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2022-12-06 14:15:54 -08:00
|
|
|
std::optional<uint64_t> TargetAddressOrNone =
|
2021-04-08 00:19:26 -07:00
|
|
|
BC.MIB->getConditionalTailCall(*CTCInstr);
|
2017-10-23 23:32:40 -07:00
|
|
|
if (!TargetAddressOrNone)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// Gather all necessary information about CTC instruction before
|
|
|
|
|
// annotations are destroyed.
|
2021-04-08 00:19:26 -07:00
|
|
|
const int32_t CFIStateBeforeCTC = BB.getCFIStateAtInstr(CTCInstr);
|
2017-10-23 23:32:40 -07:00
|
|
|
uint64_t CTCTakenCount = BinaryBasicBlock::COUNT_NO_PROFILE;
|
|
|
|
|
uint64_t CTCMispredCount = BinaryBasicBlock::COUNT_NO_PROFILE;
|
|
|
|
|
if (hasValidProfile()) {
|
2021-12-14 16:52:51 -08:00
|
|
|
CTCTakenCount = BC.MIB->getAnnotationWithDefault<uint64_t>(
|
|
|
|
|
*CTCInstr, "CTCTakenCount");
|
|
|
|
|
CTCMispredCount = BC.MIB->getAnnotationWithDefault<uint64_t>(
|
|
|
|
|
*CTCInstr, "CTCMispredCount");
|
2016-07-13 18:57:40 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Assert that the tail call does not throw.
|
[BOLT][Refactoring] Isolate changes to MC layer
Summary:
Changes that we made to MCInst, MCOperand, MCExpr, etc. are now all
moved into tools/llvm-bolt. That required a change to the way we handle
annotations and any extra operands for MCInst.
Any MCPlus information is now attached via an extra operand of type
MCInst with an opcode ANNOTATION_LABEL. Since this operand is MCInst, we
attach extra info as operands to this instruction. For first-level
annotations use functions to access the information, such as
getConditionalTailCall() or getEHInfo(), etc. For the rest, optional or
second-class annotations, use a general named-annotation interface such
as getAnnotationAs<uint64_t>(Inst, "Count").
I did a test on HHVM binary, and a memory consumption went down a little
bit while the runtime remained the same.
(cherry picked from FBD7405412)
2018-03-19 18:32:12 -07:00
|
|
|
assert(!BC.MIB->getEHInfo(*CTCInstr) &&
|
|
|
|
|
"found tail call with associated landing pad");
|
2016-07-13 18:57:40 -07:00
|
|
|
|
2017-10-23 23:32:40 -07:00
|
|
|
// Create a basic block with an unconditional tail call instruction using
|
|
|
|
|
// the same destination.
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCSymbol *CTCTargetLabel = BC.MIB->getTargetSymbol(*CTCInstr);
|
2017-10-23 23:32:40 -07:00
|
|
|
assert(CTCTargetLabel && "symbol expected for conditional tail call");
|
|
|
|
|
MCInst TailCallInstr;
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->createTailCall(TailCallInstr, CTCTargetLabel, BC.Ctx.get());
|
2023-11-06 12:14:22 -08:00
|
|
|
|
|
|
|
|
// Move offset from CTCInstr to TailCallInstr.
|
|
|
|
|
if (const std::optional<uint32_t> Offset = BC.MIB->getOffset(*CTCInstr)) {
|
|
|
|
|
BC.MIB->setOffset(TailCallInstr, *Offset);
|
|
|
|
|
BC.MIB->clearOffset(*CTCInstr);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-12 17:33:46 -07:00
|
|
|
// Link new BBs to the original input offset of the BB where the CTC
|
|
|
|
|
// is, so we can map samples recorded in new BBs back to the original BB
|
|
|
|
|
// seem in the input binary (if using BAT)
|
2022-06-15 18:49:39 -07:00
|
|
|
std::unique_ptr<BinaryBasicBlock> TailCallBB =
|
|
|
|
|
createBasicBlock(BC.Ctx->createNamedTempSymbol("TC"));
|
|
|
|
|
TailCallBB->setOffset(BB.getInputOffset());
|
2017-10-23 23:32:40 -07:00
|
|
|
TailCallBB->addInstruction(TailCallInstr);
|
|
|
|
|
TailCallBB->setCFIState(CFIStateBeforeCTC);
|
2016-08-29 21:11:22 -07:00
|
|
|
|
2017-10-23 23:32:40 -07:00
|
|
|
// Add CFG edge with profile info from BB to TailCallBB.
|
|
|
|
|
BB.addSuccessor(TailCallBB.get(), CTCTakenCount, CTCMispredCount);
|
2016-07-13 18:57:40 -07:00
|
|
|
|
|
|
|
|
// Add execution count for the block.
|
2017-10-23 23:32:40 -07:00
|
|
|
TailCallBB->setExecutionCount(CTCTakenCount);
|
|
|
|
|
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->convertTailCallToJmp(*CTCInstr);
|
2017-11-22 16:17:36 -08:00
|
|
|
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->replaceBranchTarget(*CTCInstr, TailCallBB->getLabel(),
|
2018-02-13 11:21:59 -08:00
|
|
|
BC.Ctx.get());
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2018-02-13 11:21:59 -08:00
|
|
|
// Add basic block to the list that will be added to the end.
|
|
|
|
|
NewBlocks.emplace_back(std::move(TailCallBB));
|
|
|
|
|
|
|
|
|
|
// Swap edges as the TailCallBB corresponds to the taken branch.
|
|
|
|
|
BB.swapConditionalSuccessors();
|
2017-11-28 09:57:21 -08:00
|
|
|
|
|
|
|
|
// This branch is no longer a conditional tail call.
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->unsetConditionalTailCall(*CTCInstr);
|
2016-07-13 18:57:40 -07:00
|
|
|
}
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
insertBasicBlocks(std::prev(end()), std::move(NewBlocks),
|
2017-10-23 23:32:40 -07:00
|
|
|
/* UpdateLayout */ true,
|
|
|
|
|
/* UpdateCFIState */ false);
|
2016-07-13 18:57:40 -07:00
|
|
|
}
|
|
|
|
|
|
2017-12-07 15:00:41 -08:00
|
|
|
uint64_t BinaryFunction::getFunctionScore() const {
|
2015-11-19 17:59:41 -08:00
|
|
|
if (FunctionScore != -1)
|
|
|
|
|
return FunctionScore;
|
|
|
|
|
|
2017-12-13 23:12:01 -08:00
|
|
|
if (!isSimple() || !hasValidProfile()) {
|
|
|
|
|
FunctionScore = 0;
|
|
|
|
|
return FunctionScore;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-13 15:27:59 -08:00
|
|
|
uint64_t TotalScore = 0ULL;
|
2022-07-14 12:55:20 -07:00
|
|
|
for (const BinaryBasicBlock &BB : blocks()) {
|
|
|
|
|
uint64_t BBExecCount = BB.getExecutionCount();
|
2015-11-13 15:27:59 -08:00
|
|
|
if (BBExecCount == BinaryBasicBlock::COUNT_NO_PROFILE)
|
|
|
|
|
continue;
|
2022-07-14 12:55:20 -07:00
|
|
|
TotalScore += BBExecCount * BB.getNumNonPseudos();
|
2015-11-13 15:27:59 -08:00
|
|
|
}
|
2015-11-19 17:59:41 -08:00
|
|
|
FunctionScore = TotalScore;
|
|
|
|
|
return FunctionScore;
|
2015-11-13 15:27:59 -08:00
|
|
|
}
|
|
|
|
|
|
2017-02-24 21:59:33 -08:00
|
|
|
void BinaryFunction::annotateCFIState() {
|
|
|
|
|
assert(CurrentState == State::Disassembled && "unexpected function state");
|
2015-11-08 12:23:54 -08:00
|
|
|
assert(!BasicBlocks.empty() && "basic block list should not be empty");
|
|
|
|
|
|
2017-02-24 21:59:33 -08:00
|
|
|
// This is an index of the last processed CFI in FDE CFI program.
|
2017-10-23 23:32:40 -07:00
|
|
|
uint32_t State = 0;
|
2017-02-24 21:59:33 -08:00
|
|
|
|
|
|
|
|
// This is an index of RememberState CFI reflecting effective state right
|
|
|
|
|
// after execution of RestoreState CFI.
|
|
|
|
|
//
|
|
|
|
|
// It differs from State iff the CFI at (State-1)
|
|
|
|
|
// was RestoreState (modulo GNU_args_size CFIs, which are ignored).
|
|
|
|
|
//
|
|
|
|
|
// This allows us to generate shorter replay sequences when producing new
|
|
|
|
|
// CFI programs.
|
2017-10-23 23:32:40 -07:00
|
|
|
uint32_t EffectiveState = 0;
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2017-02-24 21:59:33 -08:00
|
|
|
// For tracking RememberState/RestoreState sequences.
|
2017-10-23 23:32:40 -07:00
|
|
|
std::stack<uint32_t> StateStack;
|
2017-02-24 21:59:33 -08:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2017-02-24 21:59:33 -08:00
|
|
|
BB->setCFIState(EffectiveState);
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const MCInst &Instr : *BB) {
|
|
|
|
|
const MCCFIInstruction *CFI = getCFIFor(Instr);
|
2017-02-24 21:59:33 -08:00
|
|
|
if (!CFI)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
++State;
|
|
|
|
|
|
2017-10-23 23:32:40 -07:00
|
|
|
switch (CFI->getOperation()) {
|
|
|
|
|
case MCCFIInstruction::OpRememberState:
|
2017-02-24 21:59:33 -08:00
|
|
|
StateStack.push(EffectiveState);
|
2017-11-13 11:05:47 -08:00
|
|
|
EffectiveState = State;
|
2017-10-23 23:32:40 -07:00
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpRestoreState:
|
2017-02-24 21:59:33 -08:00
|
|
|
assert(!StateStack.empty() && "corrupt CFI stack");
|
|
|
|
|
EffectiveState = StateStack.top();
|
2015-11-08 12:23:54 -08:00
|
|
|
StateStack.pop();
|
2017-10-23 23:32:40 -07:00
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpGnuArgsSize:
|
2017-02-24 21:59:33 -08:00
|
|
|
// OpGnuArgsSize CFIs do not affect the CFI state.
|
2017-10-23 23:32:40 -07:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
// Any other CFI updates the state.
|
2017-02-24 21:59:33 -08:00
|
|
|
EffectiveState = State;
|
2017-10-23 23:32:40 -07:00
|
|
|
break;
|
2016-09-07 18:59:23 -07:00
|
|
|
}
|
2015-11-08 12:23:54 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-20 13:41:19 -07:00
|
|
|
if (opts::Verbosity >= 1 && !StateStack.empty()) {
|
2024-08-06 17:23:43 -07:00
|
|
|
BC.errs() << "BOLT-WARNING: non-empty CFI stack at the end of " << *this
|
|
|
|
|
<< '\n';
|
|
|
|
|
}
|
2015-11-08 12:23:54 -08:00
|
|
|
}
|
|
|
|
|
|
2018-09-05 14:36:52 -07:00
|
|
|
namespace {
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2018-09-05 14:36:52 -07:00
|
|
|
/// Our full interpretation of a DWARF CFI machine state at a given point
|
|
|
|
|
struct CFISnapshot {
|
|
|
|
|
/// CFA register number and offset defining the canonical frame at this
|
|
|
|
|
/// point, or the number of a rule (CFI state) that computes it with a
|
|
|
|
|
/// DWARF expression. This number will be negative if it refers to a CFI
|
|
|
|
|
/// located in the CIE instead of the FDE.
|
|
|
|
|
uint32_t CFAReg;
|
|
|
|
|
int32_t CFAOffset;
|
|
|
|
|
int32_t CFARule;
|
|
|
|
|
/// Mapping of rules (CFI states) that define the location of each
|
|
|
|
|
/// register. If absent, no rule defining the location of such register
|
|
|
|
|
/// was ever read. This number will be negative if it refers to a CFI
|
|
|
|
|
/// located in the CIE instead of the FDE.
|
|
|
|
|
DenseMap<int32_t, int32_t> RegRule;
|
|
|
|
|
|
|
|
|
|
/// References to CIE, FDE and expanded instructions after a restore state
|
2021-12-08 22:59:09 -08:00
|
|
|
const BinaryFunction::CFIInstrMapType &CIE;
|
|
|
|
|
const BinaryFunction::CFIInstrMapType &FDE;
|
2018-09-05 14:36:52 -07:00
|
|
|
const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents;
|
|
|
|
|
|
|
|
|
|
/// Current FDE CFI number representing the state where the snapshot is at
|
|
|
|
|
int32_t CurState;
|
|
|
|
|
|
|
|
|
|
/// Used when we don't have information about which state/rule to apply
|
|
|
|
|
/// to recover the location of either the CFA or a specific register
|
|
|
|
|
constexpr static int32_t UNKNOWN = std::numeric_limits<int32_t>::min();
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
/// Update our snapshot by executing a single CFI
|
|
|
|
|
void update(const MCCFIInstruction &Instr, int32_t RuleNumber) {
|
|
|
|
|
switch (Instr.getOperation()) {
|
|
|
|
|
case MCCFIInstruction::OpSameValue:
|
|
|
|
|
case MCCFIInstruction::OpRelOffset:
|
|
|
|
|
case MCCFIInstruction::OpOffset:
|
|
|
|
|
case MCCFIInstruction::OpRestore:
|
|
|
|
|
case MCCFIInstruction::OpUndefined:
|
|
|
|
|
case MCCFIInstruction::OpRegister:
|
|
|
|
|
RegRule[Instr.getRegister()] = RuleNumber;
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpDefCfaRegister:
|
|
|
|
|
CFAReg = Instr.getRegister();
|
|
|
|
|
CFARule = UNKNOWN;
|
2023-10-20 15:49:17 +00:00
|
|
|
|
|
|
|
|
// This shouldn't happen according to the spec but GNU binutils on RISC-V
|
|
|
|
|
// emits a DW_CFA_def_cfa_register in CIE's which leaves the offset
|
|
|
|
|
// unspecified. Both readelf and llvm-dwarfdump interpret the offset as 0
|
|
|
|
|
// in this case so let's do the same.
|
|
|
|
|
if (CFAOffset == UNKNOWN)
|
|
|
|
|
CFAOffset = 0;
|
2018-09-05 14:36:52 -07:00
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpDefCfaOffset:
|
|
|
|
|
CFAOffset = Instr.getOffset();
|
|
|
|
|
CFARule = UNKNOWN;
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpDefCfa:
|
|
|
|
|
CFAReg = Instr.getRegister();
|
|
|
|
|
CFAOffset = Instr.getOffset();
|
|
|
|
|
CFARule = UNKNOWN;
|
|
|
|
|
break;
|
2020-12-01 16:29:39 -08:00
|
|
|
case MCCFIInstruction::OpEscape: {
|
2022-12-11 12:41:57 -08:00
|
|
|
std::optional<uint8_t> Reg =
|
|
|
|
|
readDWARFExpressionTargetReg(Instr.getValues());
|
2020-12-01 16:29:39 -08:00
|
|
|
// Handle DW_CFA_def_cfa_expression
|
|
|
|
|
if (!Reg) {
|
|
|
|
|
CFARule = RuleNumber;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
RegRule[*Reg] = RuleNumber;
|
2018-09-05 14:36:52 -07:00
|
|
|
break;
|
2020-12-01 16:29:39 -08:00
|
|
|
}
|
2018-09-05 14:36:52 -07:00
|
|
|
case MCCFIInstruction::OpAdjustCfaOffset:
|
|
|
|
|
case MCCFIInstruction::OpWindowSave:
|
2024-10-29 13:52:22 -07:00
|
|
|
case MCCFIInstruction::OpNegateRAStateWithPC:
|
2021-09-20 15:16:01 -07:00
|
|
|
case MCCFIInstruction::OpLLVMDefAspaceCfa:
|
2024-07-07 12:41:13 -07:00
|
|
|
case MCCFIInstruction::OpLabel:
|
2024-11-11 11:38:36 -08:00
|
|
|
case MCCFIInstruction::OpValOffset:
|
2018-09-05 14:36:52 -07:00
|
|
|
llvm_unreachable("unsupported CFI opcode");
|
|
|
|
|
break;
|
2025-04-30 14:41:11 +02:00
|
|
|
case MCCFIInstruction::OpNegateRAState:
|
|
|
|
|
if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
|
|
|
|
|
llvm_unreachable("BOLT-ERROR: binaries using pac-ret hardening (e.g. "
|
|
|
|
|
"as produced by '-mbranch-protection=pac-ret') are "
|
|
|
|
|
"currently not supported by BOLT.");
|
|
|
|
|
}
|
|
|
|
|
break;
|
2018-09-05 14:36:52 -07:00
|
|
|
case MCCFIInstruction::OpRememberState:
|
|
|
|
|
case MCCFIInstruction::OpRestoreState:
|
|
|
|
|
case MCCFIInstruction::OpGnuArgsSize:
|
|
|
|
|
// do not affect CFI state
|
|
|
|
|
break;
|
2017-02-24 21:59:33 -08:00
|
|
|
}
|
2018-09-05 14:36:52 -07:00
|
|
|
}
|
2016-01-16 14:58:22 -08:00
|
|
|
|
2018-09-05 14:36:52 -07:00
|
|
|
public:
|
|
|
|
|
/// Advance state reading FDE CFI instructions up to State number
|
|
|
|
|
void advanceTo(int32_t State) {
|
|
|
|
|
for (int32_t I = CurState, E = State; I != E; ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCCFIInstruction &Instr = FDE[I];
|
2018-09-05 14:36:52 -07:00
|
|
|
if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) {
|
|
|
|
|
update(Instr, I);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// If restore state instruction, fetch the equivalent CFIs that have
|
|
|
|
|
// the same effect of this restore. This is used to ensure remember-
|
|
|
|
|
// restore pairs are completely removed.
|
|
|
|
|
auto Iter = FrameRestoreEquivalents.find(I);
|
|
|
|
|
if (Iter == FrameRestoreEquivalents.end())
|
|
|
|
|
continue;
|
2021-12-20 11:07:46 -08:00
|
|
|
for (int32_t RuleNumber : Iter->second)
|
2018-09-05 14:36:52 -07:00
|
|
|
update(FDE[RuleNumber], RuleNumber);
|
2017-02-24 21:59:33 -08:00
|
|
|
}
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2018-09-05 14:36:52 -07:00
|
|
|
assert(((CFAReg != (uint32_t)UNKNOWN && CFAOffset != UNKNOWN) ||
|
|
|
|
|
CFARule != UNKNOWN) &&
|
|
|
|
|
"CIE did not define default CFA?");
|
|
|
|
|
|
|
|
|
|
CurState = State;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Interpret all CIE and FDE instructions up until CFI State number and
|
|
|
|
|
/// populate this snapshot
|
|
|
|
|
CFISnapshot(
|
2021-12-08 22:59:09 -08:00
|
|
|
const BinaryFunction::CFIInstrMapType &CIE,
|
|
|
|
|
const BinaryFunction::CFIInstrMapType &FDE,
|
2018-09-05 14:36:52 -07:00
|
|
|
const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents,
|
|
|
|
|
int32_t State)
|
|
|
|
|
: CIE(CIE), FDE(FDE), FrameRestoreEquivalents(FrameRestoreEquivalents) {
|
|
|
|
|
CFAReg = UNKNOWN;
|
|
|
|
|
CFAOffset = UNKNOWN;
|
|
|
|
|
CFARule = UNKNOWN;
|
|
|
|
|
CurState = 0;
|
|
|
|
|
|
|
|
|
|
for (int32_t I = 0, E = CIE.size(); I != E; ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCCFIInstruction &Instr = CIE[I];
|
2018-09-05 14:36:52 -07:00
|
|
|
update(Instr, -I);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
advanceTo(State);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/// A CFI snapshot with the capability of checking if incremental additions to
|
|
|
|
|
/// it are redundant. This is used to ensure we do not emit two CFI instructions
|
|
|
|
|
/// back-to-back that are doing the same state change, or to avoid emitting a
|
|
|
|
|
/// CFI at all when the state at that point would not be modified after that CFI
|
|
|
|
|
struct CFISnapshotDiff : public CFISnapshot {
|
|
|
|
|
bool RestoredCFAReg{false};
|
|
|
|
|
bool RestoredCFAOffset{false};
|
|
|
|
|
DenseMap<int32_t, bool> RestoredRegs;
|
|
|
|
|
|
|
|
|
|
CFISnapshotDiff(const CFISnapshot &S) : CFISnapshot(S) {}
|
|
|
|
|
|
|
|
|
|
CFISnapshotDiff(
|
2021-12-08 22:59:09 -08:00
|
|
|
const BinaryFunction::CFIInstrMapType &CIE,
|
|
|
|
|
const BinaryFunction::CFIInstrMapType &FDE,
|
2018-09-05 14:36:52 -07:00
|
|
|
const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents,
|
|
|
|
|
int32_t State)
|
|
|
|
|
: CFISnapshot(CIE, FDE, FrameRestoreEquivalents, State) {}
|
|
|
|
|
|
|
|
|
|
/// Return true if applying Instr to this state is redundant and can be
|
|
|
|
|
/// dismissed.
|
|
|
|
|
bool isRedundant(const MCCFIInstruction &Instr) {
|
|
|
|
|
switch (Instr.getOperation()) {
|
|
|
|
|
case MCCFIInstruction::OpSameValue:
|
|
|
|
|
case MCCFIInstruction::OpRelOffset:
|
|
|
|
|
case MCCFIInstruction::OpOffset:
|
|
|
|
|
case MCCFIInstruction::OpRestore:
|
|
|
|
|
case MCCFIInstruction::OpUndefined:
|
|
|
|
|
case MCCFIInstruction::OpRegister:
|
2020-12-01 16:29:39 -08:00
|
|
|
case MCCFIInstruction::OpEscape: {
|
|
|
|
|
uint32_t Reg;
|
|
|
|
|
if (Instr.getOperation() != MCCFIInstruction::OpEscape) {
|
|
|
|
|
Reg = Instr.getRegister();
|
|
|
|
|
} else {
|
2022-12-11 12:41:57 -08:00
|
|
|
std::optional<uint8_t> R =
|
|
|
|
|
readDWARFExpressionTargetReg(Instr.getValues());
|
2020-12-01 16:29:39 -08:00
|
|
|
// Handle DW_CFA_def_cfa_expression
|
|
|
|
|
if (!R) {
|
|
|
|
|
if (RestoredCFAReg && RestoredCFAOffset)
|
|
|
|
|
return true;
|
|
|
|
|
RestoredCFAReg = true;
|
|
|
|
|
RestoredCFAOffset = true;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
Reg = *R;
|
|
|
|
|
}
|
|
|
|
|
if (RestoredRegs[Reg])
|
2018-09-05 14:36:52 -07:00
|
|
|
return true;
|
2020-12-01 16:29:39 -08:00
|
|
|
RestoredRegs[Reg] = true;
|
2023-03-15 22:55:35 -07:00
|
|
|
const int32_t CurRegRule = RegRule.contains(Reg) ? RegRule[Reg] : UNKNOWN;
|
2018-09-05 14:36:52 -07:00
|
|
|
if (CurRegRule == UNKNOWN) {
|
|
|
|
|
if (Instr.getOperation() == MCCFIInstruction::OpRestore ||
|
|
|
|
|
Instr.getOperation() == MCCFIInstruction::OpSameValue)
|
|
|
|
|
return true;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
const MCCFIInstruction &LastDef =
|
|
|
|
|
CurRegRule < 0 ? CIE[-CurRegRule] : FDE[CurRegRule];
|
|
|
|
|
return LastDef == Instr;
|
|
|
|
|
}
|
|
|
|
|
case MCCFIInstruction::OpDefCfaRegister:
|
|
|
|
|
if (RestoredCFAReg)
|
|
|
|
|
return true;
|
|
|
|
|
RestoredCFAReg = true;
|
|
|
|
|
return CFAReg == Instr.getRegister();
|
|
|
|
|
case MCCFIInstruction::OpDefCfaOffset:
|
|
|
|
|
if (RestoredCFAOffset)
|
|
|
|
|
return true;
|
|
|
|
|
RestoredCFAOffset = true;
|
|
|
|
|
return CFAOffset == Instr.getOffset();
|
|
|
|
|
case MCCFIInstruction::OpDefCfa:
|
|
|
|
|
if (RestoredCFAReg && RestoredCFAOffset)
|
|
|
|
|
return true;
|
|
|
|
|
RestoredCFAReg = true;
|
|
|
|
|
RestoredCFAOffset = true;
|
|
|
|
|
return CFAReg == Instr.getRegister() && CFAOffset == Instr.getOffset();
|
|
|
|
|
case MCCFIInstruction::OpAdjustCfaOffset:
|
|
|
|
|
case MCCFIInstruction::OpWindowSave:
|
2024-10-29 13:52:22 -07:00
|
|
|
case MCCFIInstruction::OpNegateRAStateWithPC:
|
2021-09-20 15:16:01 -07:00
|
|
|
case MCCFIInstruction::OpLLVMDefAspaceCfa:
|
2024-07-07 12:41:13 -07:00
|
|
|
case MCCFIInstruction::OpLabel:
|
2024-11-11 11:38:36 -08:00
|
|
|
case MCCFIInstruction::OpValOffset:
|
2018-09-05 14:36:52 -07:00
|
|
|
llvm_unreachable("unsupported CFI opcode");
|
|
|
|
|
return false;
|
2025-04-30 14:41:11 +02:00
|
|
|
case MCCFIInstruction::OpNegateRAState:
|
|
|
|
|
if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
|
|
|
|
|
llvm_unreachable("BOLT-ERROR: binaries using pac-ret hardening (e.g. "
|
|
|
|
|
"as produced by '-mbranch-protection=pac-ret') are "
|
|
|
|
|
"currently not supported by BOLT.");
|
|
|
|
|
}
|
|
|
|
|
break;
|
2018-09-05 14:36:52 -07:00
|
|
|
case MCCFIInstruction::OpRememberState:
|
|
|
|
|
case MCCFIInstruction::OpRestoreState:
|
|
|
|
|
case MCCFIInstruction::OpGnuArgsSize:
|
|
|
|
|
// do not affect CFI state
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} // end anonymous namespace
|
|
|
|
|
|
|
|
|
|
bool BinaryFunction::replayCFIInstrs(int32_t FromState, int32_t ToState,
|
|
|
|
|
BinaryBasicBlock *InBB,
|
|
|
|
|
BinaryBasicBlock::iterator InsertIt) {
|
|
|
|
|
if (FromState == ToState)
|
2017-02-24 21:59:33 -08:00
|
|
|
return true;
|
2018-09-05 14:36:52 -07:00
|
|
|
assert(FromState < ToState && "can only replay CFIs forward");
|
|
|
|
|
|
|
|
|
|
CFISnapshotDiff CFIDiff(CIEFrameInstructions, FrameInstructions,
|
|
|
|
|
FrameRestoreEquivalents, FromState);
|
|
|
|
|
|
|
|
|
|
std::vector<uint32_t> NewCFIs;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (int32_t CurState = FromState; CurState < ToState; ++CurState) {
|
2018-09-05 14:36:52 -07:00
|
|
|
MCCFIInstruction *Instr = &FrameInstructions[CurState];
|
|
|
|
|
if (Instr->getOperation() == MCCFIInstruction::OpRestoreState) {
|
|
|
|
|
auto Iter = FrameRestoreEquivalents.find(CurState);
|
|
|
|
|
assert(Iter != FrameRestoreEquivalents.end());
|
2021-12-14 16:52:51 -08:00
|
|
|
NewCFIs.insert(NewCFIs.end(), Iter->second.begin(), Iter->second.end());
|
2018-09-05 14:36:52 -07:00
|
|
|
// RestoreState / Remember will be filtered out later by CFISnapshotDiff,
|
|
|
|
|
// so we might as well fall-through here.
|
|
|
|
|
}
|
|
|
|
|
NewCFIs.push_back(CurState);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Replay instructions while avoiding duplicates
|
2023-01-03 17:31:44 -08:00
|
|
|
for (int32_t State : llvm::reverse(NewCFIs)) {
|
|
|
|
|
if (CFIDiff.isRedundant(FrameInstructions[State]))
|
2018-09-05 14:36:52 -07:00
|
|
|
continue;
|
2023-01-03 17:31:44 -08:00
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, State);
|
2018-09-05 14:36:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SmallVector<int32_t, 4>
|
|
|
|
|
BinaryFunction::unwindCFIState(int32_t FromState, int32_t ToState,
|
|
|
|
|
BinaryBasicBlock *InBB,
|
|
|
|
|
BinaryBasicBlock::iterator &InsertIt) {
|
|
|
|
|
SmallVector<int32_t, 4> NewStates;
|
|
|
|
|
|
|
|
|
|
CFISnapshot ToCFITable(CIEFrameInstructions, FrameInstructions,
|
2021-12-14 16:52:51 -08:00
|
|
|
FrameRestoreEquivalents, ToState);
|
2018-09-05 14:36:52 -07:00
|
|
|
CFISnapshotDiff FromCFITable(ToCFITable);
|
|
|
|
|
FromCFITable.advanceTo(FromState);
|
|
|
|
|
|
2020-12-01 16:29:39 -08:00
|
|
|
auto undoStateDefCfa = [&]() {
|
|
|
|
|
if (ToCFITable.CFARule == CFISnapshot::UNKNOWN) {
|
|
|
|
|
FrameInstructions.emplace_back(MCCFIInstruction::cfiDefCfa(
|
|
|
|
|
nullptr, ToCFITable.CFAReg, ToCFITable.CFAOffset));
|
|
|
|
|
if (FromCFITable.isRedundant(FrameInstructions.back())) {
|
|
|
|
|
FrameInstructions.pop_back();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
NewStates.push_back(FrameInstructions.size() - 1);
|
|
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size() - 1);
|
|
|
|
|
++InsertIt;
|
|
|
|
|
} else if (ToCFITable.CFARule < 0) {
|
|
|
|
|
if (FromCFITable.isRedundant(CIEFrameInstructions[-ToCFITable.CFARule]))
|
|
|
|
|
return;
|
|
|
|
|
NewStates.push_back(FrameInstructions.size());
|
|
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size());
|
|
|
|
|
++InsertIt;
|
|
|
|
|
FrameInstructions.emplace_back(CIEFrameInstructions[-ToCFITable.CFARule]);
|
|
|
|
|
} else if (!FromCFITable.isRedundant(
|
|
|
|
|
FrameInstructions[ToCFITable.CFARule])) {
|
|
|
|
|
NewStates.push_back(ToCFITable.CFARule);
|
|
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, ToCFITable.CFARule);
|
|
|
|
|
++InsertIt;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2018-09-05 14:36:52 -07:00
|
|
|
auto undoState = [&](const MCCFIInstruction &Instr) {
|
|
|
|
|
switch (Instr.getOperation()) {
|
|
|
|
|
case MCCFIInstruction::OpRememberState:
|
|
|
|
|
case MCCFIInstruction::OpRestoreState:
|
|
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpSameValue:
|
|
|
|
|
case MCCFIInstruction::OpRelOffset:
|
|
|
|
|
case MCCFIInstruction::OpOffset:
|
|
|
|
|
case MCCFIInstruction::OpRestore:
|
|
|
|
|
case MCCFIInstruction::OpUndefined:
|
2020-12-01 16:29:39 -08:00
|
|
|
case MCCFIInstruction::OpEscape:
|
|
|
|
|
case MCCFIInstruction::OpRegister: {
|
|
|
|
|
uint32_t Reg;
|
|
|
|
|
if (Instr.getOperation() != MCCFIInstruction::OpEscape) {
|
|
|
|
|
Reg = Instr.getRegister();
|
|
|
|
|
} else {
|
2022-12-11 12:41:57 -08:00
|
|
|
std::optional<uint8_t> R =
|
|
|
|
|
readDWARFExpressionTargetReg(Instr.getValues());
|
2020-12-01 16:29:39 -08:00
|
|
|
// Handle DW_CFA_def_cfa_expression
|
|
|
|
|
if (!R) {
|
|
|
|
|
undoStateDefCfa();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
Reg = *R;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-15 22:55:35 -07:00
|
|
|
if (!ToCFITable.RegRule.contains(Reg)) {
|
2018-09-05 14:36:52 -07:00
|
|
|
FrameInstructions.emplace_back(
|
2020-12-01 16:29:39 -08:00
|
|
|
MCCFIInstruction::createRestore(nullptr, Reg));
|
2018-09-05 14:36:52 -07:00
|
|
|
if (FromCFITable.isRedundant(FrameInstructions.back())) {
|
|
|
|
|
FrameInstructions.pop_back();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
NewStates.push_back(FrameInstructions.size() - 1);
|
|
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size() - 1);
|
|
|
|
|
++InsertIt;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-12-01 16:29:39 -08:00
|
|
|
const int32_t Rule = ToCFITable.RegRule[Reg];
|
2018-09-05 14:36:52 -07:00
|
|
|
if (Rule < 0) {
|
|
|
|
|
if (FromCFITable.isRedundant(CIEFrameInstructions[-Rule]))
|
|
|
|
|
break;
|
|
|
|
|
NewStates.push_back(FrameInstructions.size());
|
|
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size());
|
|
|
|
|
++InsertIt;
|
|
|
|
|
FrameInstructions.emplace_back(CIEFrameInstructions[-Rule]);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (FromCFITable.isRedundant(FrameInstructions[Rule]))
|
|
|
|
|
break;
|
|
|
|
|
NewStates.push_back(Rule);
|
|
|
|
|
InsertIt = addCFIPseudo(InBB, InsertIt, Rule);
|
|
|
|
|
++InsertIt;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case MCCFIInstruction::OpDefCfaRegister:
|
|
|
|
|
case MCCFIInstruction::OpDefCfaOffset:
|
|
|
|
|
case MCCFIInstruction::OpDefCfa:
|
2020-12-01 16:29:39 -08:00
|
|
|
undoStateDefCfa();
|
2018-09-05 14:36:52 -07:00
|
|
|
break;
|
|
|
|
|
case MCCFIInstruction::OpAdjustCfaOffset:
|
|
|
|
|
case MCCFIInstruction::OpWindowSave:
|
2024-10-29 13:52:22 -07:00
|
|
|
case MCCFIInstruction::OpNegateRAStateWithPC:
|
2021-09-20 15:16:01 -07:00
|
|
|
case MCCFIInstruction::OpLLVMDefAspaceCfa:
|
2024-07-07 12:41:13 -07:00
|
|
|
case MCCFIInstruction::OpLabel:
|
2024-11-11 11:38:36 -08:00
|
|
|
case MCCFIInstruction::OpValOffset:
|
2018-09-05 14:36:52 -07:00
|
|
|
llvm_unreachable("unsupported CFI opcode");
|
|
|
|
|
break;
|
2025-04-30 14:41:11 +02:00
|
|
|
case MCCFIInstruction::OpNegateRAState:
|
|
|
|
|
if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
|
|
|
|
|
llvm_unreachable("BOLT-ERROR: binaries using pac-ret hardening (e.g. "
|
|
|
|
|
"as produced by '-mbranch-protection=pac-ret') are "
|
|
|
|
|
"currently not supported by BOLT.");
|
|
|
|
|
}
|
|
|
|
|
break;
|
2018-09-05 14:36:52 -07:00
|
|
|
case MCCFIInstruction::OpGnuArgsSize:
|
|
|
|
|
// do not affect CFI state
|
|
|
|
|
break;
|
|
|
|
|
}
|
2017-02-24 21:59:33 -08:00
|
|
|
};
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2018-09-05 14:36:52 -07:00
|
|
|
// Undo all modifications from ToState to FromState
|
|
|
|
|
for (int32_t I = ToState, E = FromState; I != E; ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCCFIInstruction &Instr = FrameInstructions[I];
|
2018-09-05 14:36:52 -07:00
|
|
|
if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) {
|
|
|
|
|
undoState(Instr);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
auto Iter = FrameRestoreEquivalents.find(I);
|
|
|
|
|
if (Iter == FrameRestoreEquivalents.end())
|
|
|
|
|
continue;
|
|
|
|
|
for (int32_t State : Iter->second)
|
|
|
|
|
undoState(FrameInstructions[State]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NewStates;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-31 11:23:02 -08:00
|
|
|
void BinaryFunction::normalizeCFIState() {
|
2018-09-05 14:36:52 -07:00
|
|
|
// Reordering blocks with remember-restore state instructions can be specially
|
|
|
|
|
// tricky. When rewriting the CFI, we omit remember-restore state instructions
|
|
|
|
|
// entirely. For restore state, we build a map expanding each restore to the
|
|
|
|
|
// equivalent unwindCFIState sequence required at that point to achieve the
|
|
|
|
|
// same effect of the restore. All remember state are then just ignored.
|
2019-01-31 11:23:02 -08:00
|
|
|
std::stack<int32_t> Stack;
|
2022-07-16 17:23:21 -07:00
|
|
|
for (BinaryBasicBlock *CurBB : Layout.blocks()) {
|
2018-09-05 14:36:52 -07:00
|
|
|
for (auto II = CurBB->begin(); II != CurBB->end(); ++II) {
|
2020-12-01 16:29:39 -08:00
|
|
|
if (const MCCFIInstruction *CFI = getCFIFor(*II)) {
|
2018-09-05 14:36:52 -07:00
|
|
|
if (CFI->getOperation() == MCCFIInstruction::OpRememberState) {
|
|
|
|
|
Stack.push(II->getOperand(0).getImm());
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (CFI->getOperation() == MCCFIInstruction::OpRestoreState) {
|
|
|
|
|
const int32_t RememberState = Stack.top();
|
|
|
|
|
const int32_t CurState = II->getOperand(0).getImm();
|
|
|
|
|
FrameRestoreEquivalents[CurState] =
|
|
|
|
|
unwindCFIState(CurState, RememberState, CurBB, II);
|
|
|
|
|
Stack.pop();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-01-31 11:23:02 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool BinaryFunction::finalizeCFIState() {
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(
|
|
|
|
|
dbgs() << "Trying to fix CFI states for each BB after reordering.\n");
|
|
|
|
|
LLVM_DEBUG(dbgs() << "This is the list of CFI states for each BB of " << *this
|
|
|
|
|
<< ": ");
|
2019-07-02 10:48:43 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
const char *Sep = "";
|
2017-05-25 10:29:38 -07:00
|
|
|
(void)Sep;
|
2022-08-24 17:47:01 -07:00
|
|
|
for (FunctionFragment &FF : Layout.fragments()) {
|
2022-07-16 17:23:21 -07:00
|
|
|
// Hot-cold border: at start of each region (with a different FDE) we need
|
|
|
|
|
// to reset the CFI state.
|
|
|
|
|
int32_t State = 0;
|
2015-11-19 17:59:41 -08:00
|
|
|
|
2022-08-17 14:51:29 -07:00
|
|
|
for (BinaryBasicBlock *BB : FF) {
|
2022-07-16 17:23:21 -07:00
|
|
|
const int32_t CFIStateAtExit = BB->getCFIStateAtExit();
|
2015-11-08 12:23:54 -08:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
// We need to recover the correct state if it doesn't match expected
|
|
|
|
|
// state at BB entry point.
|
|
|
|
|
if (BB->getCFIState() < State) {
|
|
|
|
|
// In this case, State is currently higher than what this BB expect it
|
|
|
|
|
// to be. To solve this, we need to insert CFI instructions to undo
|
|
|
|
|
// the effect of all CFI from BB's state to current State.
|
|
|
|
|
auto InsertIt = BB->begin();
|
|
|
|
|
unwindCFIState(State, BB->getCFIState(), BB, InsertIt);
|
|
|
|
|
} else if (BB->getCFIState() > State) {
|
|
|
|
|
// If BB's CFI state is greater than State, it means we are behind in
|
|
|
|
|
// the state. Just emit all instructions to reach this state at the
|
|
|
|
|
// beginning of this BB. If this sequence of instructions involve
|
|
|
|
|
// remember state or restore state, bail out.
|
|
|
|
|
if (!replayCFIInstrs(State, BB->getCFIState(), BB, BB->begin()))
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
State = CFIStateAtExit;
|
|
|
|
|
LLVM_DEBUG(dbgs() << Sep << State; Sep = ", ");
|
|
|
|
|
}
|
2015-11-08 12:23:54 -08:00
|
|
|
}
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "\n");
|
2018-09-05 14:36:52 -07:00
|
|
|
|
2022-07-14 12:55:20 -07:00
|
|
|
for (BinaryBasicBlock &BB : blocks()) {
|
|
|
|
|
for (auto II = BB.begin(); II != BB.end();) {
|
2020-12-01 16:29:39 -08:00
|
|
|
const MCCFIInstruction *CFI = getCFIFor(*II);
|
2021-12-14 16:52:51 -08:00
|
|
|
if (CFI && (CFI->getOperation() == MCCFIInstruction::OpRememberState ||
|
|
|
|
|
CFI->getOperation() == MCCFIInstruction::OpRestoreState)) {
|
2022-07-14 12:55:20 -07:00
|
|
|
II = BB.eraseInstruction(II);
|
2019-01-31 11:23:02 -08:00
|
|
|
} else {
|
|
|
|
|
++II;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-09-05 14:36:52 -07:00
|
|
|
|
2015-11-08 12:23:54 -08:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-03 21:57:15 -08:00
|
|
|
bool BinaryFunction::requiresAddressTranslation() const {
|
2021-06-25 11:42:58 -07:00
|
|
|
return opts::EnableBAT || hasSDTMarker() || hasPseudoProbe();
|
2019-11-03 21:57:15 -08:00
|
|
|
}
|
|
|
|
|
|
2023-08-21 10:10:48 +02:00
|
|
|
bool BinaryFunction::requiresAddressMap() const {
|
|
|
|
|
if (isInjected())
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return opts::UpdateDebugSections || isMultiEntry() ||
|
|
|
|
|
requiresAddressTranslation();
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-22 11:04:01 -07:00
|
|
|
uint64_t BinaryFunction::getInstructionCount() const {
|
|
|
|
|
uint64_t Count = 0;
|
2022-07-14 12:55:20 -07:00
|
|
|
for (const BinaryBasicBlock &BB : blocks())
|
|
|
|
|
Count += BB.getNumNonPseudos();
|
2017-05-22 11:04:01 -07:00
|
|
|
return Count;
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
void BinaryFunction::clearDisasmState() {
|
2018-02-02 16:07:11 -08:00
|
|
|
clearList(Instructions);
|
|
|
|
|
clearList(IgnoredBranches);
|
|
|
|
|
clearList(TakenBranches);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
|
|
|
|
|
if (BC.HasRelocations) {
|
2021-12-20 11:07:46 -08:00
|
|
|
for (std::pair<const uint32_t, MCSymbol *> &LI : Labels)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
BC.UndefinedSymbols.insert(LI.second);
|
2022-08-18 21:40:00 -07:00
|
|
|
for (MCSymbol *const EndLabel : FunctionEndLabels)
|
|
|
|
|
if (EndLabel)
|
|
|
|
|
BC.UndefinedSymbols.insert(EndLabel);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BinaryFunction::setTrapOnEntry() {
|
|
|
|
|
clearDisasmState();
|
2018-02-02 16:07:11 -08:00
|
|
|
|
2023-02-27 15:40:45 -08:00
|
|
|
forEachEntryPoint([&](uint64_t Offset, const MCSymbol *Label) -> bool {
|
2018-02-02 16:07:11 -08:00
|
|
|
MCInst TrapInstr;
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->createTrap(TrapInstr);
|
2020-04-19 22:29:54 -07:00
|
|
|
addInstruction(Offset, std::move(TrapInstr));
|
2023-02-27 15:40:45 -08:00
|
|
|
return true;
|
|
|
|
|
});
|
2018-02-02 16:07:11 -08:00
|
|
|
|
|
|
|
|
TrapsOnEntry = true;
|
|
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
void BinaryFunction::setIgnored() {
|
|
|
|
|
if (opts::processAllFunctions()) {
|
|
|
|
|
// We can accept ignored functions before they've been disassembled.
|
|
|
|
|
// In that case, they would still get disassembled and emited, but not
|
|
|
|
|
// optimized.
|
|
|
|
|
assert(CurrentState == State::Empty &&
|
|
|
|
|
"cannot ignore non-empty functions in current mode");
|
|
|
|
|
IsIgnored = true;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
clearDisasmState();
|
|
|
|
|
|
|
|
|
|
// Clear CFG state too.
|
|
|
|
|
if (hasCFG()) {
|
|
|
|
|
releaseCFG();
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
delete BB;
|
2020-06-18 20:59:01 -07:00
|
|
|
clearList(BasicBlocks);
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
for (BinaryBasicBlock *BB : DeletedBasicBlocks)
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
delete BB;
|
2020-06-18 20:59:01 -07:00
|
|
|
clearList(DeletedBasicBlocks);
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
Layout.clear();
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CurrentState = State::Empty;
|
|
|
|
|
|
|
|
|
|
IsIgnored = true;
|
|
|
|
|
IsSimple = false;
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "Ignoring " << getPrintName() << '\n');
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
}
|
|
|
|
|
|
2017-11-09 16:59:18 -08:00
|
|
|
void BinaryFunction::duplicateConstantIslands() {
|
2021-10-08 11:31:45 -07:00
|
|
|
assert(Islands && "function expected to have constant islands");
|
|
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
for (BinaryBasicBlock *BB : getLayout().blocks()) {
|
2017-11-09 16:59:18 -08:00
|
|
|
if (!BB->isCold())
|
|
|
|
|
continue;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (MCInst &Inst : *BB) {
|
2017-11-09 16:59:18 -08:00
|
|
|
int OpNum = 0;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (MCOperand &Operand : Inst) {
|
2017-11-09 16:59:18 -08:00
|
|
|
if (!Operand.isExpr()) {
|
|
|
|
|
++OpNum;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCSymbol *Symbol = BC.MIB->getTargetSymbol(Inst, OpNum);
|
2018-05-31 10:33:53 -07:00
|
|
|
// Check if this is an island symbol
|
2021-10-08 11:31:45 -07:00
|
|
|
if (!Islands->Symbols.count(Symbol) &&
|
|
|
|
|
!Islands->ProxySymbols.count(Symbol))
|
2017-11-09 16:59:18 -08:00
|
|
|
continue;
|
2018-05-31 10:33:53 -07:00
|
|
|
|
|
|
|
|
// Create cold symbol, if missing
|
2021-10-08 11:31:45 -07:00
|
|
|
auto ISym = Islands->ColdSymbols.find(Symbol);
|
2018-05-31 10:33:53 -07:00
|
|
|
MCSymbol *ColdSymbol;
|
2021-10-08 11:31:45 -07:00
|
|
|
if (ISym != Islands->ColdSymbols.end()) {
|
2018-05-31 10:33:53 -07:00
|
|
|
ColdSymbol = ISym->second;
|
|
|
|
|
} else {
|
|
|
|
|
ColdSymbol = BC.Ctx->getOrCreateSymbol(Symbol->getName() + ".cold");
|
2021-10-08 11:31:45 -07:00
|
|
|
Islands->ColdSymbols[Symbol] = ColdSymbol;
|
2018-05-31 10:33:53 -07:00
|
|
|
// Check if this is a proxy island symbol and update owner proxy map
|
2021-10-08 11:31:45 -07:00
|
|
|
if (Islands->ProxySymbols.count(Symbol)) {
|
|
|
|
|
BinaryFunction *Owner = Islands->ProxySymbols[Symbol];
|
|
|
|
|
auto IProxiedSym = Owner->Islands->Proxies[this].find(Symbol);
|
|
|
|
|
Owner->Islands->ColdProxies[this][IProxiedSym->second] = ColdSymbol;
|
2018-05-31 10:33:53 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Update instruction reference
|
2018-03-09 09:45:13 -08:00
|
|
|
Operand = MCOperand::createExpr(BC.MIB->getTargetExprFor(
|
2017-11-09 16:59:18 -08:00
|
|
|
Inst,
|
2018-05-31 10:33:53 -07:00
|
|
|
MCSymbolRefExpr::create(ColdSymbol, MCSymbolRefExpr::VK_None,
|
2017-11-09 16:59:18 -08:00
|
|
|
*BC.Ctx),
|
|
|
|
|
*BC.Ctx, 0));
|
|
|
|
|
++OpNum;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-01 08:40:56 -07:00
|
|
|
#ifndef MAX_PATH
|
|
|
|
|
#define MAX_PATH 255
|
|
|
|
|
#endif
|
|
|
|
|
|
2023-02-06 17:38:20 -08:00
|
|
|
static std::string constructFilename(std::string Filename,
|
|
|
|
|
std::string Annotation,
|
|
|
|
|
std::string Suffix) {
|
2016-07-01 08:40:56 -07:00
|
|
|
std::replace(Filename.begin(), Filename.end(), '/', '-');
|
2021-12-20 11:07:46 -08:00
|
|
|
if (!Annotation.empty())
|
2016-07-01 08:40:56 -07:00
|
|
|
Annotation.insert(0, "-");
|
|
|
|
|
if (Filename.size() + Annotation.size() + Suffix.size() > MAX_PATH) {
|
|
|
|
|
assert(Suffix.size() + Annotation.size() <= MAX_PATH);
|
|
|
|
|
Filename.resize(MAX_PATH - (Suffix.size() + Annotation.size()));
|
|
|
|
|
}
|
|
|
|
|
Filename += Annotation;
|
|
|
|
|
Filename += Suffix;
|
|
|
|
|
return Filename;
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-06 17:38:20 -08:00
|
|
|
static std::string formatEscapes(const std::string &Str) {
|
2016-07-29 19:18:37 -07:00
|
|
|
std::string Result;
|
|
|
|
|
for (unsigned I = 0; I < Str.size(); ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
char C = Str[I];
|
2016-07-29 19:18:37 -07:00
|
|
|
switch (C) {
|
|
|
|
|
case '\n':
|
|
|
|
|
Result += " ";
|
|
|
|
|
break;
|
|
|
|
|
case '"':
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
Result += C;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return Result;
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
void BinaryFunction::dumpGraph(raw_ostream &OS) const {
|
2022-06-02 00:26:23 -07:00
|
|
|
OS << "digraph \"" << getPrintName() << "\" {\n"
|
|
|
|
|
<< "node [fontname=courier, shape=box, style=filled, colorscheme=brbg9]\n";
|
2016-07-29 19:18:37 -07:00
|
|
|
uint64_t Offset = Address;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2022-07-16 17:23:21 -07:00
|
|
|
auto LayoutPos = find(Layout.blocks(), BB);
|
|
|
|
|
unsigned LayoutIndex = LayoutPos - Layout.block_begin();
|
2021-12-14 16:52:51 -08:00
|
|
|
const char *ColdStr = BB->isCold() ? " (cold)" : "";
|
2022-06-02 00:26:23 -07:00
|
|
|
std::vector<std::string> Attrs;
|
|
|
|
|
// Bold box for entry points
|
|
|
|
|
if (isEntryPoint(*BB))
|
|
|
|
|
Attrs.push_back("penwidth=2");
|
|
|
|
|
if (BLI && BLI->getLoopFor(BB)) {
|
|
|
|
|
// Distinguish innermost loops
|
|
|
|
|
const BinaryLoop *Loop = BLI->getLoopFor(BB);
|
|
|
|
|
if (Loop->isInnermost())
|
|
|
|
|
Attrs.push_back("fillcolor=6");
|
|
|
|
|
else // some outer loop
|
|
|
|
|
Attrs.push_back("fillcolor=4");
|
|
|
|
|
} else { // non-loopy code
|
|
|
|
|
Attrs.push_back("fillcolor=5");
|
|
|
|
|
}
|
|
|
|
|
ListSeparator LS;
|
|
|
|
|
OS << "\"" << BB->getName() << "\" [";
|
|
|
|
|
for (StringRef Attr : Attrs)
|
|
|
|
|
OS << LS << Attr;
|
|
|
|
|
OS << "]\n";
|
2022-06-01 23:40:55 -07:00
|
|
|
OS << format("\"%s\" [label=\"%s%s\\n(C:%lu,O:%lu,I:%u,L:%u,CFI:%u)\\n",
|
|
|
|
|
BB->getName().data(), BB->getName().data(), ColdStr,
|
|
|
|
|
BB->getKnownExecutionCount(), BB->getOffset(), getIndex(BB),
|
2022-07-16 17:23:21 -07:00
|
|
|
LayoutIndex, BB->getCFIState());
|
2022-06-01 23:40:55 -07:00
|
|
|
|
2016-07-29 19:18:37 -07:00
|
|
|
if (opts::DotToolTipCode) {
|
|
|
|
|
std::string Str;
|
|
|
|
|
raw_string_ostream CS(Str);
|
2022-06-01 23:40:55 -07:00
|
|
|
Offset = BC.printInstructions(CS, BB->begin(), BB->end(), Offset, this,
|
|
|
|
|
/* PrintMCInst = */ false,
|
|
|
|
|
/* PrintMemData = */ false,
|
|
|
|
|
/* PrintRelocations = */ false,
|
|
|
|
|
/* Endl = */ R"(\\l)");
|
|
|
|
|
OS << formatEscapes(CS.str()) << '\n';
|
|
|
|
|
}
|
|
|
|
|
OS << "\"]\n";
|
2016-07-29 19:18:37 -07:00
|
|
|
|
2016-09-13 20:32:12 -07:00
|
|
|
// analyzeBranch is just used to get the names of the branch
|
|
|
|
|
// opcodes.
|
2016-07-29 19:18:37 -07:00
|
|
|
const MCSymbol *TBB = nullptr;
|
|
|
|
|
const MCSymbol *FBB = nullptr;
|
|
|
|
|
MCInst *CondBranch = nullptr;
|
|
|
|
|
MCInst *UncondBranch = nullptr;
|
2021-12-14 16:52:51 -08:00
|
|
|
const bool Success = BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch);
|
2016-07-29 19:18:37 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCInst *LastInstr = BB->getLastNonPseudoInstr();
|
2018-03-09 09:45:13 -08:00
|
|
|
const bool IsJumpTable = LastInstr && BC.MIB->getJumpTable(*LastInstr);
|
2016-09-27 19:09:38 -07:00
|
|
|
|
2016-09-13 17:12:00 -07:00
|
|
|
auto BI = BB->branch_info_begin();
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *Succ : BB->successors()) {
|
2016-07-29 19:18:37 -07:00
|
|
|
std::string Branch;
|
|
|
|
|
if (Success) {
|
2016-09-13 20:32:12 -07:00
|
|
|
if (Succ == BB->getConditionalSuccessor(true)) {
|
2020-12-01 16:29:39 -08:00
|
|
|
Branch = CondBranch ? std::string(BC.InstPrinter->getOpcodeName(
|
|
|
|
|
CondBranch->getOpcode()))
|
|
|
|
|
: "TB";
|
2016-09-13 20:32:12 -07:00
|
|
|
} else if (Succ == BB->getConditionalSuccessor(false)) {
|
2020-12-01 16:29:39 -08:00
|
|
|
Branch = UncondBranch ? std::string(BC.InstPrinter->getOpcodeName(
|
|
|
|
|
UncondBranch->getOpcode()))
|
|
|
|
|
: "FB";
|
2016-07-29 19:18:37 -07:00
|
|
|
} else {
|
|
|
|
|
Branch = "FT";
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-12-20 11:07:46 -08:00
|
|
|
if (IsJumpTable)
|
2016-09-13 20:32:12 -07:00
|
|
|
Branch = "JT";
|
2021-12-14 16:52:51 -08:00
|
|
|
OS << format("\"%s\" -> \"%s\" [label=\"%s", BB->getName().data(),
|
|
|
|
|
Succ->getName().data(), Branch.c_str());
|
2016-07-29 19:18:37 -07:00
|
|
|
|
2016-09-13 17:12:00 -07:00
|
|
|
if (BB->getExecutionCount() != COUNT_NO_PROFILE &&
|
2016-12-21 17:13:56 -08:00
|
|
|
BI->MispredictedCount != BinaryBasicBlock::COUNT_INFERRED) {
|
Indirect call promotion optimization.
Summary:
Perform indirect call promotion optimization in BOLT.
The code scans the instructions during CFG creation for all
indirect calls. Right now indirect tail calls are not handled
since the functions are marked not simple. The offsets of the
indirect calls are stored for later use by the ICP pass.
The indirect call promotion pass visits each indirect call and
examines the BranchData for each. If the most frequent targets
from that callsite exceed the specified threshold (default 90%),
the call is promoted. Otherwise, it is ignored. By default,
only one target is considered at each callsite.
When an candiate callsite is processed, we modify the callsite
to test for the most common call targets before calling through
the original generic call mechanism.
The CFG and layout are modified by ICP.
A few new command line options have been added:
-indirect-call-promotion
-indirect-call-promotion-threshold=<percentage>
-indirect-call-promotion-topn=<int>
The threshold is the minimum frequency of a call target needed
before ICP is triggered.
The topn option controls the number of targets to consider for
each callsite, e.g. ICP is triggered if topn=2 and the total
requency of the top two call targets exceeds the threshold.
Example of ICP:
C++ code:
int B_count = 0;
int C_count = 0;
struct A { virtual void foo() = 0; }
struct B : public A { virtual void foo() { ++B_count; }; };
struct C : public A { virtual void foo() { ++C_count; }; };
A* a = ...
a->foo();
...
original:
400863: 49 8b 07 mov (%r15),%rax
400866: 4c 89 ff mov %r15,%rdi
400869: ff 10 callq *(%rax)
40086b: 41 83 e6 01 and $0x1,%r14d
40086f: 4d 89 e6 mov %r12,%r14
400872: 4c 0f 44 f5 cmove %rbp,%r14
400876: 4c 89 f7 mov %r14,%rdi
...
after ICP:
40085e: 49 8b 07 mov (%r15),%rax
400861: 4c 89 ff mov %r15,%rdi
400864: 49 ba e0 0b 40 00 00 movabs $0x400be0,%r10
40086b: 00 00 00
40086e: 4c 3b 10 cmp (%rax),%r10
400871: 75 29 jne 40089c <main+0x9c>
400873: 41 ff d2 callq *%r10
400876: 41 83 e6 01 and $0x1,%r14d
40087a: 4d 89 e6 mov %r12,%r14
40087d: 4c 0f 44 f5 cmove %rbp,%r14
400881: 4c 89 f7 mov %r14,%rdi
...
40089c: ff 10 callq *(%rax)
40089e: eb d6 jmp 400876 <main+0x76>
(cherry picked from FBD3612218)
2016-09-07 18:59:23 -07:00
|
|
|
OS << "\\n(C:" << BI->Count << ",M:" << BI->MispredictedCount << ")";
|
2016-07-29 19:18:37 -07:00
|
|
|
} else if (ExecutionCount != COUNT_NO_PROFILE &&
|
2016-12-21 17:13:56 -08:00
|
|
|
BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE) {
|
2016-09-13 17:12:00 -07:00
|
|
|
OS << "\\n(IC:" << BI->Count << ")";
|
2016-07-29 19:18:37 -07:00
|
|
|
}
|
|
|
|
|
OS << "\"]\n";
|
|
|
|
|
|
2016-09-13 17:12:00 -07:00
|
|
|
++BI;
|
2016-07-29 19:18:37 -07:00
|
|
|
}
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *LP : BB->landing_pads()) {
|
2016-07-29 19:18:37 -07:00
|
|
|
OS << format("\"%s\" -> \"%s\" [constraint=false style=dashed]\n",
|
2021-12-14 16:52:51 -08:00
|
|
|
BB->getName().data(), LP->getName().data());
|
2016-07-01 08:40:56 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
OS << "}\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BinaryFunction::viewGraph() const {
|
|
|
|
|
SmallString<MAX_PATH> Filename;
|
2021-04-08 00:19:26 -07:00
|
|
|
if (std::error_code EC =
|
|
|
|
|
sys::fs::createTemporaryFile("bolt-cfg", "dot", Filename)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: " << EC.message() << ", unable to create "
|
|
|
|
|
<< " bolt-cfg-XXXXX.dot temporary file.\n";
|
2016-07-01 08:40:56 -07:00
|
|
|
return;
|
|
|
|
|
}
|
2020-12-01 16:29:39 -08:00
|
|
|
dumpGraphToFile(std::string(Filename));
|
2021-12-20 11:07:46 -08:00
|
|
|
if (DisplayGraph(Filename))
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: Can't display " << Filename
|
|
|
|
|
<< " with graphviz.\n";
|
2021-04-08 00:19:26 -07:00
|
|
|
if (std::error_code EC = sys::fs::remove(Filename)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: " << EC.message() << ", failed to remove "
|
|
|
|
|
<< Filename << "\n";
|
2016-07-01 08:40:56 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BinaryFunction::dumpGraphForPass(std::string Annotation) const {
|
2022-06-29 17:01:02 -07:00
|
|
|
if (!opts::shouldPrint(*this))
|
|
|
|
|
return;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
std::string Filename = constructFilename(getPrintName(), Annotation, ".dot");
|
2022-06-29 17:01:02 -07:00
|
|
|
if (opts::Verbosity >= 1)
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.outs() << "BOLT-INFO: dumping CFG to " << Filename << "\n";
|
2016-07-23 08:01:53 -07:00
|
|
|
dumpGraphToFile(Filename);
|
2016-07-01 08:40:56 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BinaryFunction::dumpGraphToFile(std::string Filename) const {
|
|
|
|
|
std::error_code EC;
|
2020-12-01 16:29:39 -08:00
|
|
|
raw_fd_ostream of(Filename, EC, sys::fs::OF_None);
|
2016-07-01 08:40:56 -07:00
|
|
|
if (EC) {
|
2016-09-02 14:15:29 -07:00
|
|
|
if (opts::Verbosity >= 1) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-WARNING: " << EC.message() << ", unable to open "
|
|
|
|
|
<< Filename << " for output.\n";
|
2016-09-02 14:15:29 -07:00
|
|
|
}
|
2016-07-01 08:40:56 -07:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
dumpGraph(of);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 21:44:38 -08:00
|
|
|
bool BinaryFunction::validateCFG() const {
|
2023-09-17 00:07:14 +08:00
|
|
|
// Skip the validation of CFG after it is finalized
|
|
|
|
|
if (CurrentState == State::CFG_Finalized)
|
|
|
|
|
return true;
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks)
|
2024-05-14 09:36:34 -04:00
|
|
|
if (!BB->validateSuccessorInvariants())
|
|
|
|
|
return false;
|
Indirect call promotion optimization.
Summary:
Perform indirect call promotion optimization in BOLT.
The code scans the instructions during CFG creation for all
indirect calls. Right now indirect tail calls are not handled
since the functions are marked not simple. The offsets of the
indirect calls are stored for later use by the ICP pass.
The indirect call promotion pass visits each indirect call and
examines the BranchData for each. If the most frequent targets
from that callsite exceed the specified threshold (default 90%),
the call is promoted. Otherwise, it is ignored. By default,
only one target is considered at each callsite.
When an candiate callsite is processed, we modify the callsite
to test for the most common call targets before calling through
the original generic call mechanism.
The CFG and layout are modified by ICP.
A few new command line options have been added:
-indirect-call-promotion
-indirect-call-promotion-threshold=<percentage>
-indirect-call-promotion-topn=<int>
The threshold is the minimum frequency of a call target needed
before ICP is triggered.
The topn option controls the number of targets to consider for
each callsite, e.g. ICP is triggered if topn=2 and the total
requency of the top two call targets exceeds the threshold.
Example of ICP:
C++ code:
int B_count = 0;
int C_count = 0;
struct A { virtual void foo() = 0; }
struct B : public A { virtual void foo() { ++B_count; }; };
struct C : public A { virtual void foo() { ++C_count; }; };
A* a = ...
a->foo();
...
original:
400863: 49 8b 07 mov (%r15),%rax
400866: 4c 89 ff mov %r15,%rdi
400869: ff 10 callq *(%rax)
40086b: 41 83 e6 01 and $0x1,%r14d
40086f: 4d 89 e6 mov %r12,%r14
400872: 4c 0f 44 f5 cmove %rbp,%r14
400876: 4c 89 f7 mov %r14,%rdi
...
after ICP:
40085e: 49 8b 07 mov (%r15),%rax
400861: 4c 89 ff mov %r15,%rdi
400864: 49 ba e0 0b 40 00 00 movabs $0x400be0,%r10
40086b: 00 00 00
40086e: 4c 3b 10 cmp (%rax),%r10
400871: 75 29 jne 40089c <main+0x9c>
400873: 41 ff d2 callq *%r10
400876: 41 83 e6 01 and $0x1,%r14d
40087a: 4d 89 e6 mov %r12,%r14
40087d: 4c 0f 44 f5 cmove %rbp,%r14
400881: 4c 89 f7 mov %r14,%rdi
...
40089c: ff 10 callq *(%rax)
40089e: eb d6 jmp 400876 <main+0x76>
(cherry picked from FBD3612218)
2016-09-07 18:59:23 -07:00
|
|
|
|
2018-03-30 17:44:14 -07:00
|
|
|
// Make sure all blocks in CFG are valid.
|
|
|
|
|
auto validateBlock = [this](const BinaryBasicBlock *BB, StringRef Desc) {
|
|
|
|
|
if (!BB->isValid()) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: deleted " << Desc << " " << BB->getName()
|
|
|
|
|
<< " detected in:\n";
|
2018-03-30 17:44:14 -07:00
|
|
|
this->dump();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
};
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *BB : BasicBlocks) {
|
2018-03-30 17:44:14 -07:00
|
|
|
if (!validateBlock(BB, "block"))
|
|
|
|
|
return false;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *PredBB : BB->predecessors())
|
2018-03-30 17:44:14 -07:00
|
|
|
if (!validateBlock(PredBB, "predecessor"))
|
|
|
|
|
return false;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *SuccBB : BB->successors())
|
2018-03-30 17:44:14 -07:00
|
|
|
if (!validateBlock(SuccBB, "successor"))
|
|
|
|
|
return false;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *LP : BB->landing_pads())
|
2018-03-30 17:44:14 -07:00
|
|
|
if (!validateBlock(LP, "landing pad"))
|
|
|
|
|
return false;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *Thrower : BB->throwers())
|
2018-03-30 17:44:14 -07:00
|
|
|
if (!validateBlock(Thrower, "thrower"))
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *BB : BasicBlocks) {
|
2017-12-08 20:27:49 -08:00
|
|
|
std::unordered_set<const BinaryBasicBlock *> BBLandingPads;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *LP : BB->landing_pads()) {
|
2017-12-08 20:27:49 -08:00
|
|
|
if (BBLandingPads.count(LP)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: duplicate landing pad detected in"
|
|
|
|
|
<< BB->getName() << " in function " << *this << '\n';
|
2017-12-08 20:27:49 -08:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
BBLandingPads.insert(LP);
|
2017-10-26 18:36:30 -07:00
|
|
|
}
|
2017-12-08 20:27:49 -08:00
|
|
|
|
|
|
|
|
std::unordered_set<const BinaryBasicBlock *> BBThrowers;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *Thrower : BB->throwers()) {
|
2017-12-08 20:27:49 -08:00
|
|
|
if (BBThrowers.count(Thrower)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: duplicate thrower detected in"
|
|
|
|
|
<< BB->getName() << " in function " << *this << '\n';
|
2017-12-08 20:27:49 -08:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
BBThrowers.insert(Thrower);
|
2017-10-26 18:36:30 -07:00
|
|
|
}
|
2017-12-08 20:27:49 -08:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *LPBlock : BB->landing_pads()) {
|
2022-06-23 22:15:47 -07:00
|
|
|
if (!llvm::is_contained(LPBlock->throwers(), BB)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: inconsistent landing pad detected in "
|
|
|
|
|
<< *this << ": " << BB->getName()
|
|
|
|
|
<< " is in LandingPads but not in " << LPBlock->getName()
|
|
|
|
|
<< " Throwers\n";
|
2017-10-26 18:36:30 -07:00
|
|
|
return false;
|
Indirect call promotion optimization.
Summary:
Perform indirect call promotion optimization in BOLT.
The code scans the instructions during CFG creation for all
indirect calls. Right now indirect tail calls are not handled
since the functions are marked not simple. The offsets of the
indirect calls are stored for later use by the ICP pass.
The indirect call promotion pass visits each indirect call and
examines the BranchData for each. If the most frequent targets
from that callsite exceed the specified threshold (default 90%),
the call is promoted. Otherwise, it is ignored. By default,
only one target is considered at each callsite.
When an candiate callsite is processed, we modify the callsite
to test for the most common call targets before calling through
the original generic call mechanism.
The CFG and layout are modified by ICP.
A few new command line options have been added:
-indirect-call-promotion
-indirect-call-promotion-threshold=<percentage>
-indirect-call-promotion-topn=<int>
The threshold is the minimum frequency of a call target needed
before ICP is triggered.
The topn option controls the number of targets to consider for
each callsite, e.g. ICP is triggered if topn=2 and the total
requency of the top two call targets exceeds the threshold.
Example of ICP:
C++ code:
int B_count = 0;
int C_count = 0;
struct A { virtual void foo() = 0; }
struct B : public A { virtual void foo() { ++B_count; }; };
struct C : public A { virtual void foo() { ++C_count; }; };
A* a = ...
a->foo();
...
original:
400863: 49 8b 07 mov (%r15),%rax
400866: 4c 89 ff mov %r15,%rdi
400869: ff 10 callq *(%rax)
40086b: 41 83 e6 01 and $0x1,%r14d
40086f: 4d 89 e6 mov %r12,%r14
400872: 4c 0f 44 f5 cmove %rbp,%r14
400876: 4c 89 f7 mov %r14,%rdi
...
after ICP:
40085e: 49 8b 07 mov (%r15),%rax
400861: 4c 89 ff mov %r15,%rdi
400864: 49 ba e0 0b 40 00 00 movabs $0x400be0,%r10
40086b: 00 00 00
40086e: 4c 3b 10 cmp (%rax),%r10
400871: 75 29 jne 40089c <main+0x9c>
400873: 41 ff d2 callq *%r10
400876: 41 83 e6 01 and $0x1,%r14d
40087a: 4d 89 e6 mov %r12,%r14
40087d: 4c 0f 44 f5 cmove %rbp,%r14
400881: 4c 89 f7 mov %r14,%rdi
...
40089c: ff 10 callq *(%rax)
40089e: eb d6 jmp 400876 <main+0x76>
(cherry picked from FBD3612218)
2016-09-07 18:59:23 -07:00
|
|
|
}
|
|
|
|
|
}
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *Thrower : BB->throwers()) {
|
2022-06-23 22:15:47 -07:00
|
|
|
if (!llvm::is_contained(Thrower->landing_pads(), BB)) {
|
2024-02-12 14:53:53 -08:00
|
|
|
BC.errs() << "BOLT-ERROR: inconsistent thrower detected in " << *this
|
|
|
|
|
<< ": " << BB->getName() << " is in Throwers list but not in "
|
|
|
|
|
<< Thrower->getName() << " LandingPads\n";
|
2017-12-08 20:27:49 -08:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
Indirect call promotion optimization.
Summary:
Perform indirect call promotion optimization in BOLT.
The code scans the instructions during CFG creation for all
indirect calls. Right now indirect tail calls are not handled
since the functions are marked not simple. The offsets of the
indirect calls are stored for later use by the ICP pass.
The indirect call promotion pass visits each indirect call and
examines the BranchData for each. If the most frequent targets
from that callsite exceed the specified threshold (default 90%),
the call is promoted. Otherwise, it is ignored. By default,
only one target is considered at each callsite.
When an candiate callsite is processed, we modify the callsite
to test for the most common call targets before calling through
the original generic call mechanism.
The CFG and layout are modified by ICP.
A few new command line options have been added:
-indirect-call-promotion
-indirect-call-promotion-threshold=<percentage>
-indirect-call-promotion-topn=<int>
The threshold is the minimum frequency of a call target needed
before ICP is triggered.
The topn option controls the number of targets to consider for
each callsite, e.g. ICP is triggered if topn=2 and the total
requency of the top two call targets exceeds the threshold.
Example of ICP:
C++ code:
int B_count = 0;
int C_count = 0;
struct A { virtual void foo() = 0; }
struct B : public A { virtual void foo() { ++B_count; }; };
struct C : public A { virtual void foo() { ++C_count; }; };
A* a = ...
a->foo();
...
original:
400863: 49 8b 07 mov (%r15),%rax
400866: 4c 89 ff mov %r15,%rdi
400869: ff 10 callq *(%rax)
40086b: 41 83 e6 01 and $0x1,%r14d
40086f: 4d 89 e6 mov %r12,%r14
400872: 4c 0f 44 f5 cmove %rbp,%r14
400876: 4c 89 f7 mov %r14,%rdi
...
after ICP:
40085e: 49 8b 07 mov (%r15),%rax
400861: 4c 89 ff mov %r15,%rdi
400864: 49 ba e0 0b 40 00 00 movabs $0x400be0,%r10
40086b: 00 00 00
40086e: 4c 3b 10 cmp (%rax),%r10
400871: 75 29 jne 40089c <main+0x9c>
400873: 41 ff d2 callq *%r10
400876: 41 83 e6 01 and $0x1,%r14d
40087a: 4d 89 e6 mov %r12,%r14
40087d: 4c 0f 44 f5 cmove %rbp,%r14
400881: 4c 89 f7 mov %r14,%rdi
...
40089c: ff 10 callq *(%rax)
40089e: eb d6 jmp 400876 <main+0x76>
(cherry picked from FBD3612218)
2016-09-07 18:59:23 -07:00
|
|
|
}
|
|
|
|
|
|
2024-05-14 09:36:34 -04:00
|
|
|
return true;
|
Indirect call promotion optimization.
Summary:
Perform indirect call promotion optimization in BOLT.
The code scans the instructions during CFG creation for all
indirect calls. Right now indirect tail calls are not handled
since the functions are marked not simple. The offsets of the
indirect calls are stored for later use by the ICP pass.
The indirect call promotion pass visits each indirect call and
examines the BranchData for each. If the most frequent targets
from that callsite exceed the specified threshold (default 90%),
the call is promoted. Otherwise, it is ignored. By default,
only one target is considered at each callsite.
When an candiate callsite is processed, we modify the callsite
to test for the most common call targets before calling through
the original generic call mechanism.
The CFG and layout are modified by ICP.
A few new command line options have been added:
-indirect-call-promotion
-indirect-call-promotion-threshold=<percentage>
-indirect-call-promotion-topn=<int>
The threshold is the minimum frequency of a call target needed
before ICP is triggered.
The topn option controls the number of targets to consider for
each callsite, e.g. ICP is triggered if topn=2 and the total
requency of the top two call targets exceeds the threshold.
Example of ICP:
C++ code:
int B_count = 0;
int C_count = 0;
struct A { virtual void foo() = 0; }
struct B : public A { virtual void foo() { ++B_count; }; };
struct C : public A { virtual void foo() { ++C_count; }; };
A* a = ...
a->foo();
...
original:
400863: 49 8b 07 mov (%r15),%rax
400866: 4c 89 ff mov %r15,%rdi
400869: ff 10 callq *(%rax)
40086b: 41 83 e6 01 and $0x1,%r14d
40086f: 4d 89 e6 mov %r12,%r14
400872: 4c 0f 44 f5 cmove %rbp,%r14
400876: 4c 89 f7 mov %r14,%rdi
...
after ICP:
40085e: 49 8b 07 mov (%r15),%rax
400861: 4c 89 ff mov %r15,%rdi
400864: 49 ba e0 0b 40 00 00 movabs $0x400be0,%r10
40086b: 00 00 00
40086e: 4c 3b 10 cmp (%rax),%r10
400871: 75 29 jne 40089c <main+0x9c>
400873: 41 ff d2 callq *%r10
400876: 41 83 e6 01 and $0x1,%r14d
40087a: 4d 89 e6 mov %r12,%r14
40087d: 4c 0f 44 f5 cmove %rbp,%r14
400881: 4c 89 f7 mov %r14,%rdi
...
40089c: ff 10 callq *(%rax)
40089e: eb d6 jmp 400876 <main+0x76>
(cherry picked from FBD3612218)
2016-09-07 18:59:23 -07:00
|
|
|
}
|
|
|
|
|
|
2015-10-16 09:49:04 -07:00
|
|
|
void BinaryFunction::fixBranches() {
|
2018-03-09 09:45:13 -08:00
|
|
|
auto &MIB = BC.MIB;
|
2021-04-08 00:19:26 -07:00
|
|
|
MCContext *Ctx = BC.Ctx.get();
|
2015-10-16 09:49:04 -07:00
|
|
|
|
2022-07-16 17:23:21 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2015-10-16 09:49:04 -07:00
|
|
|
const MCSymbol *TBB = nullptr;
|
|
|
|
|
const MCSymbol *FBB = nullptr;
|
|
|
|
|
MCInst *CondBranch = nullptr;
|
|
|
|
|
MCInst *UncondBranch = nullptr;
|
2016-09-13 17:12:00 -07:00
|
|
|
if (!BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch))
|
2015-10-16 09:49:04 -07:00
|
|
|
continue;
|
|
|
|
|
|
2016-08-29 21:11:22 -07:00
|
|
|
// We will create unconditional branch with correct destination if needed.
|
|
|
|
|
if (UncondBranch)
|
2019-01-31 11:23:02 -08:00
|
|
|
BB->eraseInstruction(BB->findInstruction(UncondBranch));
|
2015-10-16 09:49:04 -07:00
|
|
|
|
2016-08-29 21:11:22 -07:00
|
|
|
// Basic block that follows the current one in the final layout.
|
2023-11-29 16:24:16 -08:00
|
|
|
const BinaryBasicBlock *const NextBB =
|
2022-07-16 17:23:21 -07:00
|
|
|
Layout.getBasicBlockAfter(BB, /*IgnoreSplits=*/false);
|
2016-08-29 21:11:22 -07:00
|
|
|
|
|
|
|
|
if (BB->succ_size() == 1) {
|
|
|
|
|
// __builtin_unreachable() could create a conditional branch that
|
|
|
|
|
// falls-through into the next function - hence the block will have only
|
2016-09-27 19:09:38 -07:00
|
|
|
// one valid successor. Since behaviour is undefined - we replace
|
2016-08-29 21:11:22 -07:00
|
|
|
// the conditional branch with an unconditional if required.
|
|
|
|
|
if (CondBranch)
|
2019-01-31 11:23:02 -08:00
|
|
|
BB->eraseInstruction(BB->findInstruction(CondBranch));
|
2016-08-29 21:11:22 -07:00
|
|
|
if (BB->getSuccessor() == NextBB)
|
2015-10-16 09:49:04 -07:00
|
|
|
continue;
|
2016-08-29 21:11:22 -07:00
|
|
|
BB->addBranchInstruction(BB->getSuccessor());
|
|
|
|
|
} else if (BB->succ_size() == 2) {
|
|
|
|
|
assert(CondBranch && "conditional branch expected");
|
2021-04-08 00:19:26 -07:00
|
|
|
const BinaryBasicBlock *TSuccessor = BB->getConditionalSuccessor(true);
|
|
|
|
|
const BinaryBasicBlock *FSuccessor = BB->getConditionalSuccessor(false);
|
2023-11-29 16:24:16 -08:00
|
|
|
|
|
|
|
|
// Eliminate unnecessary conditional branch.
|
|
|
|
|
if (TSuccessor == FSuccessor) {
|
2024-03-21 14:05:21 -07:00
|
|
|
// FIXME: at the moment, we cannot safely remove static key branches.
|
|
|
|
|
if (MIB->isDynamicBranch(*CondBranch)) {
|
|
|
|
|
if (opts::Verbosity) {
|
|
|
|
|
BC.outs()
|
|
|
|
|
<< "BOLT-INFO: unable to remove redundant dynamic branch in "
|
|
|
|
|
<< *this << '\n';
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-29 16:24:16 -08:00
|
|
|
BB->removeDuplicateConditionalSuccessor(CondBranch);
|
|
|
|
|
if (TSuccessor != NextBB)
|
|
|
|
|
BB->addBranchInstruction(TSuccessor);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Reverse branch condition and swap successors.
|
|
|
|
|
auto swapSuccessors = [&]() {
|
2024-05-17 15:40:40 -04:00
|
|
|
if (!MIB->isReversibleBranch(*CondBranch)) {
|
2024-03-21 14:05:21 -07:00
|
|
|
if (opts::Verbosity) {
|
|
|
|
|
BC.outs() << "BOLT-INFO: unable to swap successors in " << *this
|
|
|
|
|
<< '\n';
|
|
|
|
|
}
|
2023-11-29 16:24:16 -08:00
|
|
|
return false;
|
2024-03-21 14:05:21 -07:00
|
|
|
}
|
2016-08-29 21:11:22 -07:00
|
|
|
std::swap(TSuccessor, FSuccessor);
|
|
|
|
|
BB->swapConditionalSuccessors();
|
2023-11-29 16:24:16 -08:00
|
|
|
auto L = BC.scopeLock();
|
|
|
|
|
MIB->reverseBranchCondition(*CondBranch, TSuccessor->getLabel(), Ctx);
|
|
|
|
|
return true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Check whether the next block is a "taken" target and try to swap it
|
|
|
|
|
// with a "fall-through" target.
|
|
|
|
|
if (TSuccessor == NextBB && swapSuccessors())
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// Update conditional branch destination if needed.
|
|
|
|
|
if (MIB->getTargetSymbol(*CondBranch) != TSuccessor->getLabel()) {
|
2019-08-07 16:09:50 -07:00
|
|
|
auto L = BC.scopeLock();
|
2018-03-09 09:45:13 -08:00
|
|
|
MIB->replaceBranchTarget(*CondBranch, TSuccessor->getLabel(), Ctx);
|
2015-10-16 09:49:04 -07:00
|
|
|
}
|
2023-11-29 16:24:16 -08:00
|
|
|
|
|
|
|
|
// No need for the unconditional branch.
|
|
|
|
|
if (FSuccessor == NextBB)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (BC.isX86()) {
|
|
|
|
|
// We are going to generate two branches. Check if their targets are in
|
|
|
|
|
// the same fragment as this block. If only one target is in the same
|
|
|
|
|
// fragment, make it the destination of the conditional branch. There
|
2023-11-30 14:31:38 -08:00
|
|
|
// is a chance it will be a short branch which takes 4 bytes fewer than
|
2023-11-29 16:24:16 -08:00
|
|
|
// a long conditional branch. For unconditional branch, the difference
|
2023-11-30 14:31:38 -08:00
|
|
|
// is 3 bytes.
|
2023-11-29 16:24:16 -08:00
|
|
|
if (BB->getFragmentNum() != TSuccessor->getFragmentNum() &&
|
|
|
|
|
BB->getFragmentNum() == FSuccessor->getFragmentNum())
|
|
|
|
|
swapSuccessors();
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
2023-11-29 16:24:16 -08:00
|
|
|
|
|
|
|
|
BB->addBranchInstruction(FSuccessor);
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
2016-08-29 21:11:22 -07:00
|
|
|
// Cases where the number of successors is 0 (block ends with a
|
|
|
|
|
// terminator) or more than 2 (switch table) don't require branch
|
|
|
|
|
// instruction adjustments.
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
2021-12-14 16:52:51 -08:00
|
|
|
assert((!isSimple() || validateCFG()) &&
|
|
|
|
|
"Invalid CFG detected after fixing branches");
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
|
|
|
|
|
2019-07-12 07:25:50 -07:00
|
|
|
void BinaryFunction::propagateGnuArgsSizeInfo(
|
|
|
|
|
MCPlusBuilder::AllocatorIdTy AllocId) {
|
2017-11-28 09:57:21 -08:00
|
|
|
assert(CurrentState == State::Disassembled && "unexpected function state");
|
2016-04-19 22:00:29 -07:00
|
|
|
|
|
|
|
|
if (!hasEHRanges() || !usesGnuArgsSize())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// The current value of DW_CFA_GNU_args_size affects all following
|
2016-04-20 15:31:11 -07:00
|
|
|
// invoke instructions until the next CFI overrides it.
|
2016-04-19 22:00:29 -07:00
|
|
|
// It is important to iterate basic blocks in the original order when
|
|
|
|
|
// assigning the value.
|
|
|
|
|
uint64_t CurrentGnuArgsSize = 0;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
2021-12-14 16:52:51 -08:00
|
|
|
for (auto II = BB->begin(); II != BB->end();) {
|
2021-04-08 00:19:26 -07:00
|
|
|
MCInst &Instr = *II;
|
2018-03-09 09:45:13 -08:00
|
|
|
if (BC.MIB->isCFI(Instr)) {
|
2020-12-01 16:29:39 -08:00
|
|
|
const MCCFIInstruction *CFI = getCFIFor(Instr);
|
2016-04-19 22:00:29 -07:00
|
|
|
if (CFI->getOperation() == MCCFIInstruction::OpGnuArgsSize) {
|
|
|
|
|
CurrentGnuArgsSize = CFI->getOffset();
|
|
|
|
|
// Delete DW_CFA_GNU_args_size instructions and only regenerate
|
|
|
|
|
// during the final code emission. The information is embedded
|
|
|
|
|
// inside call instructions.
|
2016-08-29 21:11:22 -07:00
|
|
|
II = BB->erasePseudoInstruction(II);
|
2016-09-27 19:09:38 -07:00
|
|
|
continue;
|
2016-04-19 22:00:29 -07:00
|
|
|
}
|
2018-03-09 09:45:13 -08:00
|
|
|
} else if (BC.MIB->isInvoke(Instr)) {
|
2016-09-27 19:09:38 -07:00
|
|
|
// Add the value of GNU_args_size as an extra operand to invokes.
|
2023-11-06 12:14:22 -08:00
|
|
|
BC.MIB->addGnuArgsSize(Instr, CurrentGnuArgsSize);
|
2016-04-19 22:00:29 -07:00
|
|
|
}
|
|
|
|
|
++II;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-03 11:35:41 -08:00
|
|
|
void BinaryFunction::postProcessBranches() {
|
|
|
|
|
if (!isSimple())
|
|
|
|
|
return;
|
2022-07-14 12:55:20 -07:00
|
|
|
for (BinaryBasicBlock &BB : blocks()) {
|
|
|
|
|
auto LastInstrRI = BB.getLastNonPseudo();
|
|
|
|
|
if (BB.succ_size() == 1) {
|
|
|
|
|
if (LastInstrRI != BB.rend() &&
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->isConditionalBranch(*LastInstrRI)) {
|
2017-03-03 11:35:41 -08:00
|
|
|
// __builtin_unreachable() could create a conditional branch that
|
|
|
|
|
// falls-through into the next function - hence the block will have only
|
|
|
|
|
// one valid successor. Such behaviour is undefined and thus we remove
|
|
|
|
|
// the conditional branch while leaving a valid successor.
|
2022-07-14 12:55:20 -07:00
|
|
|
BB.eraseInstruction(std::prev(LastInstrRI.base()));
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: erasing conditional branch in "
|
2022-07-14 12:55:20 -07:00
|
|
|
<< BB.getName() << " in function " << *this << '\n');
|
2017-03-03 11:35:41 -08:00
|
|
|
}
|
2022-07-14 12:55:20 -07:00
|
|
|
} else if (BB.succ_size() == 0) {
|
2017-03-03 11:35:41 -08:00
|
|
|
// Ignore unreachable basic blocks.
|
2022-07-14 12:55:20 -07:00
|
|
|
if (BB.pred_size() == 0 || BB.isLandingPad())
|
2017-03-03 11:35:41 -08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// If it's the basic block that does not end up with a terminator - we
|
|
|
|
|
// insert a return instruction unless it's a call instruction.
|
2022-07-14 12:55:20 -07:00
|
|
|
if (LastInstrRI == BB.rend()) {
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(
|
|
|
|
|
dbgs() << "BOLT-DEBUG: at least one instruction expected in BB "
|
2022-07-14 12:55:20 -07:00
|
|
|
<< BB.getName() << " in function " << *this << '\n');
|
2017-03-03 11:35:41 -08:00
|
|
|
continue;
|
|
|
|
|
}
|
2018-03-09 09:45:13 -08:00
|
|
|
if (!BC.MIB->isTerminator(*LastInstrRI) &&
|
|
|
|
|
!BC.MIB->isCall(*LastInstrRI)) {
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: adding return to basic block "
|
2022-07-14 12:55:20 -07:00
|
|
|
<< BB.getName() << " in function " << *this << '\n');
|
2017-03-03 11:35:41 -08:00
|
|
|
MCInst ReturnInstr;
|
2018-03-09 09:45:13 -08:00
|
|
|
BC.MIB->createReturn(ReturnInstr);
|
2022-07-14 12:55:20 -07:00
|
|
|
BB.addInstruction(ReturnInstr);
|
2017-03-03 11:35:41 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
assert(validateCFG() && "invalid CFG");
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-27 13:40:53 -07:00
|
|
|
MCSymbol *BinaryFunction::addEntryPointAtOffset(uint64_t Offset) {
|
|
|
|
|
assert(Offset && "cannot add primary entry point");
|
|
|
|
|
assert(CurrentState == State::Empty || CurrentState == State::Disassembled);
|
|
|
|
|
|
|
|
|
|
const uint64_t EntryPointAddress = getAddress() + Offset;
|
|
|
|
|
MCSymbol *LocalSymbol = getOrCreateLocalLabel(EntryPointAddress);
|
|
|
|
|
|
|
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(LocalSymbol);
|
|
|
|
|
if (EntrySymbol)
|
|
|
|
|
return EntrySymbol;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
if (BinaryData *EntryBD = BC.getBinaryDataAtAddress(EntryPointAddress)) {
|
2020-04-27 13:40:53 -07:00
|
|
|
EntrySymbol = EntryBD->getSymbol();
|
|
|
|
|
} else {
|
2021-12-14 16:52:51 -08:00
|
|
|
EntrySymbol = BC.getOrCreateGlobalSymbol(
|
|
|
|
|
EntryPointAddress, Twine("__ENTRY_") + getOneName() + "@");
|
2020-04-27 13:40:53 -07:00
|
|
|
}
|
|
|
|
|
SecondaryEntryPoints[LocalSymbol] = EntrySymbol;
|
|
|
|
|
|
|
|
|
|
BC.setSymbolToFunctionMap(EntrySymbol, this);
|
|
|
|
|
|
|
|
|
|
return EntrySymbol;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MCSymbol *BinaryFunction::addEntryPoint(const BinaryBasicBlock &BB) {
|
|
|
|
|
assert(CurrentState == State::CFG &&
|
|
|
|
|
"basic block can be added as an entry only in a function with CFG");
|
|
|
|
|
|
|
|
|
|
if (&BB == BasicBlocks.front())
|
|
|
|
|
return getSymbol();
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(BB);
|
2020-04-27 13:40:53 -07:00
|
|
|
if (EntrySymbol)
|
|
|
|
|
return EntrySymbol;
|
|
|
|
|
|
|
|
|
|
EntrySymbol =
|
2021-12-14 16:52:51 -08:00
|
|
|
BC.Ctx->getOrCreateSymbol("__ENTRY_" + BB.getLabel()->getName());
|
2020-04-27 13:40:53 -07:00
|
|
|
|
|
|
|
|
SecondaryEntryPoints[BB.getLabel()] = EntrySymbol;
|
|
|
|
|
|
|
|
|
|
BC.setSymbolToFunctionMap(EntrySymbol, this);
|
|
|
|
|
|
|
|
|
|
return EntrySymbol;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-14 17:34:20 -07:00
|
|
|
MCSymbol *BinaryFunction::getSymbolForEntryID(uint64_t EntryID) {
|
2020-04-19 22:29:54 -07:00
|
|
|
if (EntryID == 0)
|
2017-12-13 23:12:01 -08:00
|
|
|
return getSymbol();
|
|
|
|
|
|
|
|
|
|
if (!isMultiEntry())
|
|
|
|
|
return nullptr;
|
|
|
|
|
|
2024-03-27 15:23:49 -07:00
|
|
|
uint64_t NumEntries = 1;
|
2020-01-06 14:57:15 -08:00
|
|
|
if (hasCFG()) {
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks) {
|
|
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB);
|
2020-04-19 22:29:54 -07:00
|
|
|
if (!EntrySymbol)
|
2020-01-06 14:57:15 -08:00
|
|
|
continue;
|
2020-04-19 22:29:54 -07:00
|
|
|
if (NumEntries == EntryID)
|
|
|
|
|
return EntrySymbol;
|
2020-01-06 14:57:15 -08:00
|
|
|
++NumEntries;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2021-04-08 00:19:26 -07:00
|
|
|
for (std::pair<const uint32_t, MCSymbol *> &KV : Labels) {
|
|
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second);
|
2020-04-19 22:29:54 -07:00
|
|
|
if (!EntrySymbol)
|
|
|
|
|
continue;
|
|
|
|
|
if (NumEntries == EntryID)
|
|
|
|
|
return EntrySymbol;
|
2020-01-06 14:57:15 -08:00
|
|
|
++NumEntries;
|
|
|
|
|
}
|
2017-12-13 23:12:01 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-19 22:29:54 -07:00
|
|
|
uint64_t BinaryFunction::getEntryIDForSymbol(const MCSymbol *Symbol) const {
|
2020-01-06 14:57:15 -08:00
|
|
|
if (!isMultiEntry())
|
|
|
|
|
return 0;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const MCSymbol *FunctionSymbol : getSymbols())
|
2020-04-19 22:29:54 -07:00
|
|
|
if (FunctionSymbol == Symbol)
|
2020-01-13 11:56:59 -08:00
|
|
|
return 0;
|
2017-12-13 23:12:01 -08:00
|
|
|
|
2020-01-13 11:56:59 -08:00
|
|
|
// Check all secondary entries available as either basic blocks or lables.
|
2024-03-27 15:23:49 -07:00
|
|
|
uint64_t NumEntries = 1;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const BinaryBasicBlock *BB : BasicBlocks) {
|
|
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB);
|
2020-04-19 22:29:54 -07:00
|
|
|
if (!EntrySymbol)
|
2020-01-13 11:56:59 -08:00
|
|
|
continue;
|
2020-04-19 22:29:54 -07:00
|
|
|
if (EntrySymbol == Symbol)
|
2020-01-13 11:56:59 -08:00
|
|
|
return NumEntries;
|
|
|
|
|
++NumEntries;
|
|
|
|
|
}
|
2024-03-27 15:23:49 -07:00
|
|
|
NumEntries = 1;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const std::pair<const uint32_t, MCSymbol *> &KV : Labels) {
|
|
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second);
|
2020-04-19 22:29:54 -07:00
|
|
|
if (!EntrySymbol)
|
|
|
|
|
continue;
|
|
|
|
|
if (EntrySymbol == Symbol)
|
2020-01-13 11:56:59 -08:00
|
|
|
return NumEntries;
|
|
|
|
|
++NumEntries;
|
2017-12-13 23:12:01 -08:00
|
|
|
}
|
|
|
|
|
|
2020-01-13 11:56:59 -08:00
|
|
|
llvm_unreachable("symbol not found");
|
2017-12-13 23:12:01 -08:00
|
|
|
}
|
|
|
|
|
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
bool BinaryFunction::forEachEntryPoint(EntryPointCallbackTy Callback) const {
|
|
|
|
|
bool Status = Callback(0, getSymbol());
|
|
|
|
|
if (!isMultiEntry())
|
|
|
|
|
return Status;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (const std::pair<const uint32_t, MCSymbol *> &KV : Labels) {
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!Status)
|
|
|
|
|
break;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second);
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!EntrySymbol)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
Status = Callback(KV.first, EntrySymbol);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-14 12:55:20 -07:00
|
|
|
BinaryFunction::BasicBlockListType BinaryFunction::dfs() const {
|
|
|
|
|
BasicBlockListType DFS;
|
2016-12-21 17:13:56 -08:00
|
|
|
std::stack<BinaryBasicBlock *> Stack;
|
2024-05-31 11:52:22 -07:00
|
|
|
std::set<BinaryBasicBlock *> Visited;
|
2016-06-09 11:36:55 -07:00
|
|
|
|
2016-12-21 17:13:56 -08:00
|
|
|
// Push entry points to the stack in reverse order.
|
|
|
|
|
//
|
|
|
|
|
// NB: we rely on the original order of entries to match.
|
2022-07-14 12:55:20 -07:00
|
|
|
SmallVector<BinaryBasicBlock *> EntryPoints;
|
|
|
|
|
llvm::copy_if(BasicBlocks, std::back_inserter(EntryPoints),
|
|
|
|
|
[&](const BinaryBasicBlock *const BB) { return isEntryPoint(*BB); });
|
|
|
|
|
// Sort entry points by their offset to make sure we got them in the right
|
|
|
|
|
// order.
|
|
|
|
|
llvm::stable_sort(EntryPoints, [](const BinaryBasicBlock *const A,
|
|
|
|
|
const BinaryBasicBlock *const B) {
|
|
|
|
|
return A->getOffset() < B->getOffset();
|
|
|
|
|
});
|
|
|
|
|
for (BinaryBasicBlock *const BB : reverse(EntryPoints))
|
|
|
|
|
Stack.push(BB);
|
|
|
|
|
|
2016-12-21 17:13:56 -08:00
|
|
|
while (!Stack.empty()) {
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *BB = Stack.top();
|
2016-12-21 17:13:56 -08:00
|
|
|
Stack.pop();
|
2016-06-09 11:36:55 -07:00
|
|
|
|
2024-10-12 22:06:49 -07:00
|
|
|
if (!Visited.insert(BB).second)
|
2016-06-09 11:36:55 -07:00
|
|
|
continue;
|
2016-12-21 17:13:56 -08:00
|
|
|
DFS.push_back(BB);
|
2016-06-09 11:36:55 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *SuccBB : BB->landing_pads()) {
|
2016-12-21 17:13:56 -08:00
|
|
|
Stack.push(SuccBB);
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-13 23:12:01 -08:00
|
|
|
const MCSymbol *TBB = nullptr;
|
|
|
|
|
const MCSymbol *FBB = nullptr;
|
|
|
|
|
MCInst *CondBranch = nullptr;
|
|
|
|
|
MCInst *UncondBranch = nullptr;
|
2021-12-14 16:52:51 -08:00
|
|
|
if (BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch) && CondBranch &&
|
|
|
|
|
BB->succ_size() == 2) {
|
2020-12-01 16:29:39 -08:00
|
|
|
if (BC.MIB->getCanonicalBranchCondCode(BC.MIB->getCondCode(
|
|
|
|
|
*CondBranch)) == BC.MIB->getCondCode(*CondBranch)) {
|
2017-12-13 23:12:01 -08:00
|
|
|
Stack.push(BB->getConditionalSuccessor(true));
|
|
|
|
|
Stack.push(BB->getConditionalSuccessor(false));
|
|
|
|
|
} else {
|
|
|
|
|
Stack.push(BB->getConditionalSuccessor(false));
|
|
|
|
|
Stack.push(BB->getConditionalSuccessor(true));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *SuccBB : BB->successors()) {
|
2017-12-13 23:12:01 -08:00
|
|
|
Stack.push(SuccBB);
|
|
|
|
|
}
|
2016-12-21 17:13:56 -08:00
|
|
|
}
|
2016-06-09 11:36:55 -07:00
|
|
|
}
|
|
|
|
|
|
2016-12-21 17:13:56 -08:00
|
|
|
return DFS;
|
2016-06-09 11:36:55 -07:00
|
|
|
}
|
|
|
|
|
|
2023-12-11 12:27:32 -08:00
|
|
|
size_t BinaryFunction::computeHash(bool UseDFS, HashFunction HashFunction,
|
2020-04-07 00:21:37 -07:00
|
|
|
OperandHashFuncTy OperandHashFunc) const {
|
2024-05-24 14:00:03 -07:00
|
|
|
LLVM_DEBUG({
|
|
|
|
|
dbgs() << "BOLT-DEBUG: computeHash " << getPrintName() << ' '
|
|
|
|
|
<< (UseDFS ? "dfs" : "bin") << " order "
|
|
|
|
|
<< (HashFunction == HashFunction::StdHash ? "std::hash" : "xxh3")
|
|
|
|
|
<< '\n';
|
|
|
|
|
});
|
|
|
|
|
|
2017-12-13 23:12:01 -08:00
|
|
|
if (size() == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2017-02-24 21:59:33 -08:00
|
|
|
assert(hasCFG() && "function is expected to have CFG");
|
2016-06-09 11:36:55 -07:00
|
|
|
|
2022-08-24 15:56:02 -07:00
|
|
|
SmallVector<const BinaryBasicBlock *, 0> Order;
|
2022-07-16 17:23:21 -07:00
|
|
|
if (UseDFS)
|
2022-08-24 15:56:02 -07:00
|
|
|
llvm::copy(dfs(), std::back_inserter(Order));
|
2022-07-16 17:23:21 -07:00
|
|
|
else
|
|
|
|
|
llvm::copy(Layout.blocks(), std::back_inserter(Order));
|
2016-12-21 17:13:56 -08:00
|
|
|
|
2020-04-07 00:21:37 -07:00
|
|
|
// The hash is computed by creating a string of all instruction opcodes and
|
|
|
|
|
// possibly their operands and then hashing that string with std::hash.
|
|
|
|
|
std::string HashString;
|
2023-02-16 10:52:04 -08:00
|
|
|
for (const BinaryBasicBlock *BB : Order)
|
|
|
|
|
HashString.append(hashBlock(BC, *BB, OperandHashFunc));
|
2016-06-09 11:36:55 -07:00
|
|
|
|
2023-12-11 12:27:32 -08:00
|
|
|
switch (HashFunction) {
|
|
|
|
|
case HashFunction::StdHash:
|
|
|
|
|
return Hash = std::hash<std::string>{}(HashString);
|
|
|
|
|
case HashFunction::XXH3:
|
|
|
|
|
return Hash = llvm::xxh3_64bits(HashString);
|
|
|
|
|
}
|
|
|
|
|
llvm_unreachable("Unhandled HashFunction");
|
2023-02-16 10:52:04 -08:00
|
|
|
}
|
2020-04-07 00:21:37 -07:00
|
|
|
|
2016-07-23 12:50:34 -07:00
|
|
|
void BinaryFunction::insertBasicBlocks(
|
2017-10-23 23:32:40 -07:00
|
|
|
BinaryBasicBlock *Start,
|
|
|
|
|
std::vector<std::unique_ptr<BinaryBasicBlock>> &&NewBBs,
|
2021-12-14 16:52:51 -08:00
|
|
|
const bool UpdateLayout, const bool UpdateCFIState,
|
2019-07-02 16:56:41 -07:00
|
|
|
const bool RecomputeLandingPads) {
|
2021-04-08 23:31:12 -07:00
|
|
|
const int64_t StartIndex = Start ? getIndex(Start) : -1LL;
|
2021-04-08 00:19:26 -07:00
|
|
|
const size_t NumNewBlocks = NewBBs.size();
|
2016-07-23 12:50:34 -07:00
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
BasicBlocks.insert(BasicBlocks.begin() + (StartIndex + 1), NumNewBlocks,
|
2016-07-23 12:50:34 -07:00
|
|
|
nullptr);
|
|
|
|
|
|
2021-04-08 23:31:12 -07:00
|
|
|
int64_t I = StartIndex + 1;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (std::unique_ptr<BinaryBasicBlock> &BB : NewBBs) {
|
2016-07-23 12:50:34 -07:00
|
|
|
assert(!BasicBlocks[I]);
|
|
|
|
|
BasicBlocks[I++] = BB.release();
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (RecomputeLandingPads)
|
2019-07-02 16:56:41 -07:00
|
|
|
recomputeLandingPads();
|
2021-12-20 11:07:46 -08:00
|
|
|
else
|
2019-07-02 16:56:41 -07:00
|
|
|
updateBBIndices(0);
|
2016-09-07 18:59:23 -07:00
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (UpdateLayout)
|
2016-09-07 18:59:23 -07:00
|
|
|
updateLayout(Start, NumNewBlocks);
|
2016-07-23 12:50:34 -07:00
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (UpdateCFIState)
|
2016-09-07 18:59:23 -07:00
|
|
|
updateCFIState(Start, NumNewBlocks);
|
|
|
|
|
}
|
2016-07-23 12:50:34 -07:00
|
|
|
|
2017-10-23 23:32:40 -07:00
|
|
|
BinaryFunction::iterator BinaryFunction::insertBasicBlocks(
|
|
|
|
|
BinaryFunction::iterator StartBB,
|
|
|
|
|
std::vector<std::unique_ptr<BinaryBasicBlock>> &&NewBBs,
|
2021-12-14 16:52:51 -08:00
|
|
|
const bool UpdateLayout, const bool UpdateCFIState,
|
2019-07-02 16:56:41 -07:00
|
|
|
const bool RecomputeLandingPads) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const unsigned StartIndex = getIndex(&*StartBB);
|
|
|
|
|
const size_t NumNewBlocks = NewBBs.size();
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
BasicBlocks.insert(BasicBlocks.begin() + StartIndex + 1, NumNewBlocks,
|
|
|
|
|
nullptr);
|
2018-04-13 15:34:09 -07:00
|
|
|
auto RetIter = BasicBlocks.begin() + StartIndex + 1;
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
unsigned I = StartIndex + 1;
|
|
|
|
|
for (std::unique_ptr<BinaryBasicBlock> &BB : NewBBs) {
|
2017-10-23 23:32:40 -07:00
|
|
|
assert(!BasicBlocks[I]);
|
|
|
|
|
BasicBlocks[I++] = BB.release();
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (RecomputeLandingPads)
|
2019-07-02 16:56:41 -07:00
|
|
|
recomputeLandingPads();
|
2021-12-20 11:07:46 -08:00
|
|
|
else
|
2019-07-02 16:56:41 -07:00
|
|
|
updateBBIndices(0);
|
2017-10-23 23:32:40 -07:00
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (UpdateLayout)
|
2017-10-23 23:32:40 -07:00
|
|
|
updateLayout(*std::prev(RetIter), NumNewBlocks);
|
|
|
|
|
|
2021-12-20 11:07:46 -08:00
|
|
|
if (UpdateCFIState)
|
2017-10-23 23:32:40 -07:00
|
|
|
updateCFIState(*std::prev(RetIter), NumNewBlocks);
|
|
|
|
|
|
|
|
|
|
return RetIter;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-07 18:59:23 -07:00
|
|
|
void BinaryFunction::updateBBIndices(const unsigned StartIndex) {
|
2021-12-20 11:07:46 -08:00
|
|
|
for (unsigned I = StartIndex; I < BasicBlocks.size(); ++I)
|
2016-09-07 18:59:23 -07:00
|
|
|
BasicBlocks[I]->Index = I;
|
|
|
|
|
}
|
2016-07-23 12:50:34 -07:00
|
|
|
|
2016-09-07 18:59:23 -07:00
|
|
|
void BinaryFunction::updateCFIState(BinaryBasicBlock *Start,
|
|
|
|
|
const unsigned NumNewBlocks) {
|
2021-04-08 00:19:26 -07:00
|
|
|
const int32_t CFIState = Start->getCFIStateAtExit();
|
|
|
|
|
const unsigned StartIndex = getIndex(Start) + 1;
|
2021-12-20 11:07:46 -08:00
|
|
|
for (unsigned I = 0; I < NumNewBlocks; ++I)
|
2017-02-24 21:59:33 -08:00
|
|
|
BasicBlocks[StartIndex + I]->setCFIState(CFIState);
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-08 12:14:08 -07:00
|
|
|
void BinaryFunction::updateLayout(BinaryBasicBlock *Start,
|
2016-07-23 12:50:34 -07:00
|
|
|
const unsigned NumNewBlocks) {
|
2022-07-16 17:23:21 -07:00
|
|
|
BasicBlockListType::iterator Begin;
|
|
|
|
|
BasicBlockListType::iterator End;
|
|
|
|
|
|
|
|
|
|
// If start not provided copy new blocks from the beginning of BasicBlocks
|
2018-07-08 12:14:08 -07:00
|
|
|
if (!Start) {
|
2022-07-16 17:23:21 -07:00
|
|
|
Begin = BasicBlocks.begin();
|
|
|
|
|
End = BasicBlocks.begin() + NumNewBlocks;
|
|
|
|
|
} else {
|
|
|
|
|
unsigned StartIndex = getIndex(Start);
|
|
|
|
|
Begin = std::next(BasicBlocks.begin(), StartIndex + 1);
|
|
|
|
|
End = std::next(BasicBlocks.begin(), StartIndex + NumNewBlocks + 1);
|
2018-07-08 12:14:08 -07:00
|
|
|
}
|
|
|
|
|
|
2016-07-23 12:50:34 -07:00
|
|
|
// Insert new blocks in the layout immediately after Start.
|
2022-07-16 17:23:21 -07:00
|
|
|
Layout.insertBasicBlocks(Start, {Begin, End});
|
|
|
|
|
Layout.updateLayoutIndices();
|
2016-07-23 12:50:34 -07:00
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:56:41 -07:00
|
|
|
bool BinaryFunction::checkForAmbiguousJumpTables() {
|
2019-09-20 11:29:35 -07:00
|
|
|
SmallSet<uint64_t, 4> JumpTables;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *&BB : BasicBlocks) {
|
|
|
|
|
for (MCInst &Inst : *BB) {
|
2019-07-02 16:56:41 -07:00
|
|
|
if (!BC.MIB->isIndirectBranch(Inst))
|
|
|
|
|
continue;
|
2021-04-08 00:19:26 -07:00
|
|
|
uint64_t JTAddress = BC.MIB->getJumpTable(Inst);
|
2019-07-02 16:56:41 -07:00
|
|
|
if (!JTAddress)
|
|
|
|
|
continue;
|
|
|
|
|
// This address can be inside another jump table, but we only consider
|
|
|
|
|
// it ambiguous when the same start address is used, not the same JT
|
|
|
|
|
// object.
|
2019-09-20 11:29:35 -07:00
|
|
|
if (!JumpTables.count(JTAddress)) {
|
2019-07-02 16:56:41 -07:00
|
|
|
JumpTables.insert(JTAddress);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-07 16:09:50 -07:00
|
|
|
void BinaryFunction::disambiguateJumpTables(
|
|
|
|
|
MCPlusBuilder::AllocatorIdTy AllocId) {
|
2021-03-15 16:34:25 -07:00
|
|
|
assert((opts::JumpTables != JTS_BASIC && isSimple()) || !BC.HasRelocations);
|
2019-07-02 16:56:41 -07:00
|
|
|
SmallPtrSet<JumpTable *, 4> JumpTables;
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryBasicBlock *&BB : BasicBlocks) {
|
|
|
|
|
for (MCInst &Inst : *BB) {
|
2019-07-02 16:56:41 -07:00
|
|
|
if (!BC.MIB->isIndirectBranch(Inst))
|
|
|
|
|
continue;
|
2021-04-08 00:19:26 -07:00
|
|
|
JumpTable *JT = getJumpTable(Inst);
|
2019-07-02 16:56:41 -07:00
|
|
|
if (!JT)
|
|
|
|
|
continue;
|
2024-10-12 22:06:49 -07:00
|
|
|
if (JumpTables.insert(JT).second)
|
2019-07-02 16:56:41 -07:00
|
|
|
continue;
|
|
|
|
|
// This instruction is an indirect jump using a jump table, but it is
|
|
|
|
|
// using the same jump table of another jump. Try all our tricks to
|
|
|
|
|
// extract the jump table symbol and make it point to a new, duplicated JT
|
2021-03-15 16:34:25 -07:00
|
|
|
MCPhysReg BaseReg1;
|
2019-07-02 16:56:41 -07:00
|
|
|
uint64_t Scale;
|
|
|
|
|
const MCSymbol *Target;
|
2021-03-15 16:34:25 -07:00
|
|
|
// In case we match if our first matcher, first instruction is the one to
|
|
|
|
|
// patch
|
2019-07-02 16:56:41 -07:00
|
|
|
MCInst *JTLoadInst = &Inst;
|
|
|
|
|
// Try a standard indirect jump matcher, scale 8
|
2021-04-08 00:19:26 -07:00
|
|
|
std::unique_ptr<MCPlusBuilder::MCInstMatcher> IndJmpMatcher =
|
2021-03-15 16:34:25 -07:00
|
|
|
BC.MIB->matchIndJmp(BC.MIB->matchReg(BaseReg1),
|
|
|
|
|
BC.MIB->matchImm(Scale), BC.MIB->matchReg(),
|
|
|
|
|
/*Offset=*/BC.MIB->matchSymbol(Target));
|
|
|
|
|
if (!IndJmpMatcher->match(
|
2019-07-02 16:56:41 -07:00
|
|
|
*BC.MRI, *BC.MIB,
|
|
|
|
|
MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) ||
|
2021-12-14 16:52:51 -08:00
|
|
|
BaseReg1 != BC.MIB->getNoRegister() || Scale != 8) {
|
2019-07-02 16:56:41 -07:00
|
|
|
MCPhysReg BaseReg2;
|
|
|
|
|
uint64_t Offset;
|
2021-03-15 16:34:25 -07:00
|
|
|
// Standard JT matching failed. Trying now:
|
|
|
|
|
// movq "jt.2397/1"(,%rax,8), %rax
|
|
|
|
|
// jmpq *%rax
|
2021-04-08 00:19:26 -07:00
|
|
|
std::unique_ptr<MCPlusBuilder::MCInstMatcher> LoadMatcherOwner =
|
|
|
|
|
BC.MIB->matchLoad(BC.MIB->matchReg(BaseReg1),
|
|
|
|
|
BC.MIB->matchImm(Scale), BC.MIB->matchReg(),
|
|
|
|
|
/*Offset=*/BC.MIB->matchSymbol(Target));
|
|
|
|
|
MCPlusBuilder::MCInstMatcher *LoadMatcher = LoadMatcherOwner.get();
|
|
|
|
|
std::unique_ptr<MCPlusBuilder::MCInstMatcher> IndJmpMatcher2 =
|
|
|
|
|
BC.MIB->matchIndJmp(std::move(LoadMatcherOwner));
|
2021-03-15 16:34:25 -07:00
|
|
|
if (!IndJmpMatcher2->match(
|
2019-07-02 16:56:41 -07:00
|
|
|
*BC.MRI, *BC.MIB,
|
|
|
|
|
MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) ||
|
2021-03-15 16:34:25 -07:00
|
|
|
BaseReg1 != BC.MIB->getNoRegister() || Scale != 8) {
|
|
|
|
|
// JT matching failed. Trying now:
|
|
|
|
|
// PIC-style matcher, scale 4
|
|
|
|
|
// addq %rdx, %rsi
|
|
|
|
|
// addq %rdx, %rdi
|
|
|
|
|
// leaq DATAat0x402450(%rip), %r11
|
|
|
|
|
// movslq (%r11,%rdx,4), %rcx
|
|
|
|
|
// addq %r11, %rcx
|
|
|
|
|
// jmpq *%rcx # JUMPTABLE @0x402450
|
2021-04-08 00:19:26 -07:00
|
|
|
std::unique_ptr<MCPlusBuilder::MCInstMatcher> PICIndJmpMatcher =
|
|
|
|
|
BC.MIB->matchIndJmp(BC.MIB->matchAdd(
|
|
|
|
|
BC.MIB->matchReg(BaseReg1),
|
|
|
|
|
BC.MIB->matchLoad(BC.MIB->matchReg(BaseReg2),
|
|
|
|
|
BC.MIB->matchImm(Scale), BC.MIB->matchReg(),
|
|
|
|
|
BC.MIB->matchImm(Offset))));
|
|
|
|
|
std::unique_ptr<MCPlusBuilder::MCInstMatcher> LEAMatcherOwner =
|
2021-03-15 16:34:25 -07:00
|
|
|
BC.MIB->matchLoadAddr(BC.MIB->matchSymbol(Target));
|
2021-04-08 00:19:26 -07:00
|
|
|
MCPlusBuilder::MCInstMatcher *LEAMatcher = LEAMatcherOwner.get();
|
|
|
|
|
std::unique_ptr<MCPlusBuilder::MCInstMatcher> PICBaseAddrMatcher =
|
|
|
|
|
BC.MIB->matchIndJmp(BC.MIB->matchAdd(std::move(LEAMatcherOwner),
|
|
|
|
|
BC.MIB->matchAnyOperand()));
|
2021-03-15 16:34:25 -07:00
|
|
|
if (!PICIndJmpMatcher->match(
|
|
|
|
|
*BC.MRI, *BC.MIB,
|
|
|
|
|
MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) ||
|
|
|
|
|
Scale != 4 || BaseReg1 != BaseReg2 || Offset != 0 ||
|
|
|
|
|
!PICBaseAddrMatcher->match(
|
|
|
|
|
*BC.MRI, *BC.MIB,
|
|
|
|
|
MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1)) {
|
|
|
|
|
llvm_unreachable("Failed to extract jump table base");
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// Matched PIC, identify the instruction with the reference to the JT
|
|
|
|
|
JTLoadInst = LEAMatcher->CurInst;
|
|
|
|
|
} else {
|
|
|
|
|
// Matched non-PIC
|
|
|
|
|
JTLoadInst = LoadMatcher->CurInst;
|
2019-07-02 16:56:41 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 10:50:47 -07:00
|
|
|
uint64_t NewJumpTableID = 0;
|
2019-07-02 16:56:41 -07:00
|
|
|
const MCSymbol *NewJTLabel;
|
|
|
|
|
std::tie(NewJumpTableID, NewJTLabel) =
|
|
|
|
|
BC.duplicateJumpTable(*this, JT, Target);
|
2019-08-07 16:09:50 -07:00
|
|
|
{
|
|
|
|
|
auto L = BC.scopeLock();
|
|
|
|
|
BC.MIB->replaceMemOperandDisp(*JTLoadInst, NewJTLabel, BC.Ctx.get());
|
|
|
|
|
}
|
2019-07-02 16:56:41 -07:00
|
|
|
// We use a unique ID with the high bit set as address for this "injected"
|
|
|
|
|
// jump table (not originally in the input binary).
|
2019-08-07 16:09:50 -07:00
|
|
|
BC.MIB->setJumpTable(Inst, NewJumpTableID, 0, AllocId);
|
2019-07-02 16:56:41 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-01 16:52:54 -07:00
|
|
|
bool BinaryFunction::replaceJumpTableEntryIn(BinaryBasicBlock *BB,
|
|
|
|
|
BinaryBasicBlock *OldDest,
|
|
|
|
|
BinaryBasicBlock *NewDest) {
|
2021-04-08 00:19:26 -07:00
|
|
|
MCInst *Instr = BB->getLastNonPseudoInstr();
|
2018-03-09 09:45:13 -08:00
|
|
|
if (!Instr || !BC.MIB->isIndirectBranch(*Instr))
|
2017-05-01 16:52:54 -07:00
|
|
|
return false;
|
2021-04-08 00:19:26 -07:00
|
|
|
uint64_t JTAddress = BC.MIB->getJumpTable(*Instr);
|
2017-05-01 16:52:54 -07:00
|
|
|
assert(JTAddress && "Invalid jump table address");
|
2021-04-08 00:19:26 -07:00
|
|
|
JumpTable *JT = getJumpTableContainingAddress(JTAddress);
|
2017-05-01 16:52:54 -07:00
|
|
|
assert(JT && "No jump table structure for this indirect branch");
|
|
|
|
|
bool Patched = JT->replaceDestination(JTAddress, OldDest->getLabel(),
|
|
|
|
|
NewDest->getLabel());
|
2021-06-29 12:11:56 -07:00
|
|
|
(void)Patched;
|
2017-05-01 16:52:54 -07:00
|
|
|
assert(Patched && "Invalid entry to be replaced in jump table");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BinaryBasicBlock *BinaryFunction::splitEdge(BinaryBasicBlock *From,
|
|
|
|
|
BinaryBasicBlock *To) {
|
|
|
|
|
// Create intermediate BB
|
2019-07-02 10:48:43 -07:00
|
|
|
MCSymbol *Tmp;
|
|
|
|
|
{
|
2019-08-07 16:09:50 -07:00
|
|
|
auto L = BC.scopeLock();
|
2020-12-01 16:29:39 -08:00
|
|
|
Tmp = BC.Ctx->createNamedTempSymbol("SplitEdge");
|
2019-07-02 10:48:43 -07:00
|
|
|
}
|
2019-04-12 17:33:46 -07:00
|
|
|
// Link new BBs to the original input offset of the From BB, so we can map
|
|
|
|
|
// samples recorded in new BBs back to the original BB seem in the input
|
|
|
|
|
// binary (if using BAT)
|
2022-06-15 18:49:39 -07:00
|
|
|
std::unique_ptr<BinaryBasicBlock> NewBB = createBasicBlock(Tmp);
|
|
|
|
|
NewBB->setOffset(From->getInputOffset());
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *NewBBPtr = NewBB.get();
|
2017-05-01 16:52:54 -07:00
|
|
|
|
|
|
|
|
// Update "From" BB
|
|
|
|
|
auto I = From->succ_begin();
|
|
|
|
|
auto BI = From->branch_info_begin();
|
|
|
|
|
for (; I != From->succ_end(); ++I) {
|
|
|
|
|
if (*I == To)
|
|
|
|
|
break;
|
|
|
|
|
++BI;
|
|
|
|
|
}
|
|
|
|
|
assert(I != From->succ_end() && "Invalid CFG edge in splitEdge!");
|
2021-05-13 10:50:47 -07:00
|
|
|
uint64_t OrigCount = BI->Count;
|
|
|
|
|
uint64_t OrigMispreds = BI->MispredictedCount;
|
2017-05-01 16:52:54 -07:00
|
|
|
replaceJumpTableEntryIn(From, To, NewBBPtr);
|
|
|
|
|
From->replaceSuccessor(To, NewBBPtr, OrigCount, OrigMispreds);
|
|
|
|
|
|
|
|
|
|
NewBB->addSuccessor(To, OrigCount, OrigMispreds);
|
|
|
|
|
NewBB->setExecutionCount(OrigCount);
|
|
|
|
|
NewBB->setIsCold(From->isCold());
|
|
|
|
|
|
|
|
|
|
// Update CFI and BB layout with new intermediate BB
|
|
|
|
|
std::vector<std::unique_ptr<BinaryBasicBlock>> NewBBs;
|
|
|
|
|
NewBBs.emplace_back(std::move(NewBB));
|
2019-07-02 16:56:41 -07:00
|
|
|
insertBasicBlocks(From, std::move(NewBBs), true, true,
|
|
|
|
|
/*RecomputeLandingPads=*/false);
|
2017-05-01 16:52:54 -07:00
|
|
|
return NewBBPtr;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-13 17:27:03 -08:00
|
|
|
void BinaryFunction::deleteConservativeEdges() {
|
|
|
|
|
// Our goal is to aggressively remove edges from the CFG that we believe are
|
|
|
|
|
// wrong. This is used for instrumentation, where it is safe to remove
|
|
|
|
|
// fallthrough edges because we won't reorder blocks.
|
|
|
|
|
for (auto I = BasicBlocks.begin(), E = BasicBlocks.end(); I != E; ++I) {
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *BB = *I;
|
2019-12-13 17:27:03 -08:00
|
|
|
if (BB->succ_size() != 1 || BB->size() == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
auto NextBB = std::next(I);
|
2021-12-14 16:52:51 -08:00
|
|
|
MCInst *Last = BB->getLastNonPseudoInstr();
|
2019-12-13 17:27:03 -08:00
|
|
|
// Fallthrough is a landing pad? Delete this edge (as long as we don't
|
|
|
|
|
// have a direct jump to it)
|
|
|
|
|
if ((*BB->succ_begin())->isLandingPad() && NextBB != E &&
|
|
|
|
|
*BB->succ_begin() == *NextBB && Last && !BC.MIB->isBranch(*Last)) {
|
|
|
|
|
BB->removeAllSuccessors();
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Look for suspicious calls at the end of BB where gcc may optimize it and
|
|
|
|
|
// remove the jump to the epilogue when it knows the call won't return.
|
|
|
|
|
if (!Last || !BC.MIB->isCall(*Last))
|
|
|
|
|
continue;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
const MCSymbol *CalleeSymbol = BC.MIB->getTargetSymbol(*Last);
|
2019-12-13 17:27:03 -08:00
|
|
|
if (!CalleeSymbol)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
StringRef CalleeName = CalleeSymbol->getName();
|
2021-12-14 16:52:51 -08:00
|
|
|
if (CalleeName != "__cxa_throw@PLT" && CalleeName != "_Unwind_Resume@PLT" &&
|
|
|
|
|
CalleeName != "__cxa_rethrow@PLT" && CalleeName != "exit@PLT" &&
|
|
|
|
|
CalleeName != "abort@PLT")
|
2019-12-13 17:27:03 -08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
BB->removeAllSuccessors();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-29 11:19:06 -07:00
|
|
|
bool BinaryFunction::isSymbolValidInScope(const SymbolRef &Symbol,
|
|
|
|
|
uint64_t SymbolSize) const {
|
2019-04-16 14:35:29 -07:00
|
|
|
// If this symbol is in a different section from the one where the
|
|
|
|
|
// function symbol is, don't consider it as valid.
|
2020-10-09 16:06:27 -07:00
|
|
|
if (!getOriginSection()->containsAddress(
|
2019-04-16 14:35:29 -07:00
|
|
|
cantFail(Symbol.getAddress(), "cannot get symbol address")))
|
|
|
|
|
return false;
|
|
|
|
|
|
2016-09-29 11:19:06 -07:00
|
|
|
// Some symbols are tolerated inside function bodies, others are not.
|
|
|
|
|
// The real function boundaries may not be known at this point.
|
2022-05-31 11:50:59 -07:00
|
|
|
if (BC.isMarker(Symbol))
|
2017-09-20 10:43:01 -07:00
|
|
|
return true;
|
2016-09-29 11:19:06 -07:00
|
|
|
|
|
|
|
|
// It's okay to have a zero-sized symbol in the middle of non-zero-sized
|
|
|
|
|
// function.
|
[BOLT rebase] Rebase fixes on top of LLVM Feb2018
Summary:
This commit includes all code necessary to make BOLT working again
after the rebase. This includes a redesign of the EHFrame work,
cherry-pick of the 3dnow disassembly work, compilation error fixes,
and port of the debug_info work. The macroop fusion feature is not
ported yet.
The rebased version has minor changes to the "executed instructions"
dynostats counter because REP prefixes are considered a part of the
instruction it applies to. Also, some X86 instructions had the "mayLoad"
tablegen property removed, which BOLT uses to identify and account
for loads, thus reducing the total number of loads reported by
dynostats. This was observed in X86::MOVDQUmr. TRAP instructions are
not terminators anymore, changing our CFG. This commit adds compensation
to preserve this old behavior and minimize tests changes. debug_info
sections are now slightly larger. The discriminator field in the line
table is slightly different due to a change upstream. New profiles
generated with the other bolt are incompatible with this version
because of different hash values calculated for functions, so they will
be considered 100% stale. This commit changes the corresponding test
to XFAIL so it can be updated. The hash function changes because it
relies on raw opcode values, which change according to the opcodes
described in the X86 tablegen files. When processing HHVM, bolt was
observed to be using about 800MB more memory in the rebased version
and being about 5% slower.
(cherry picked from FBD7078072)
2018-02-06 15:00:23 -08:00
|
|
|
if (SymbolSize == 0 && containsAddress(cantFail(Symbol.getAddress())))
|
2016-09-29 11:19:06 -07:00
|
|
|
return true;
|
|
|
|
|
|
[BOLT rebase] Rebase fixes on top of LLVM Feb2018
Summary:
This commit includes all code necessary to make BOLT working again
after the rebase. This includes a redesign of the EHFrame work,
cherry-pick of the 3dnow disassembly work, compilation error fixes,
and port of the debug_info work. The macroop fusion feature is not
ported yet.
The rebased version has minor changes to the "executed instructions"
dynostats counter because REP prefixes are considered a part of the
instruction it applies to. Also, some X86 instructions had the "mayLoad"
tablegen property removed, which BOLT uses to identify and account
for loads, thus reducing the total number of loads reported by
dynostats. This was observed in X86::MOVDQUmr. TRAP instructions are
not terminators anymore, changing our CFG. This commit adds compensation
to preserve this old behavior and minimize tests changes. debug_info
sections are now slightly larger. The discriminator field in the line
table is slightly different due to a change upstream. New profiles
generated with the other bolt are incompatible with this version
because of different hash values calculated for functions, so they will
be considered 100% stale. This commit changes the corresponding test
to XFAIL so it can be updated. The hash function changes because it
relies on raw opcode values, which change according to the opcodes
described in the X86 tablegen files. When processing HHVM, bolt was
observed to be using about 800MB more memory in the rebased version
and being about 5% slower.
(cherry picked from FBD7078072)
2018-02-06 15:00:23 -08:00
|
|
|
if (cantFail(Symbol.getType()) != SymbolRef::ST_Unknown)
|
2016-09-29 11:19:06 -07:00
|
|
|
return false;
|
|
|
|
|
|
2020-12-01 16:29:39 -08:00
|
|
|
if (cantFail(Symbol.getFlags()) & SymbolRef::SF_Global)
|
2016-09-29 11:19:06 -07:00
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-31 11:23:02 -08:00
|
|
|
void BinaryFunction::adjustExecutionCount(uint64_t Count) {
|
|
|
|
|
if (getKnownExecutionCount() == 0 || Count == 0)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (ExecutionCount < Count)
|
|
|
|
|
Count = ExecutionCount;
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
double AdjustmentRatio = ((double)ExecutionCount - Count) / ExecutionCount;
|
2019-01-31 11:23:02 -08:00
|
|
|
if (AdjustmentRatio < 0.0)
|
|
|
|
|
AdjustmentRatio = 0.0;
|
|
|
|
|
|
2022-07-14 12:55:20 -07:00
|
|
|
for (BinaryBasicBlock &BB : blocks())
|
|
|
|
|
BB.adjustExecutionCount(AdjustmentRatio);
|
2019-01-31 11:23:02 -08:00
|
|
|
|
|
|
|
|
ExecutionCount -= Count;
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-07 16:27:52 -07:00
|
|
|
BinaryFunction::~BinaryFunction() {
|
2021-12-20 11:07:46 -08:00
|
|
|
for (BinaryBasicBlock *BB : BasicBlocks)
|
2016-06-07 16:27:52 -07:00
|
|
|
delete BB;
|
2021-12-20 11:07:46 -08:00
|
|
|
for (BinaryBasicBlock *BB : DeletedBasicBlocks)
|
2016-09-07 18:59:23 -07:00
|
|
|
delete BB;
|
2016-06-07 16:27:52 -07:00
|
|
|
}
|
|
|
|
|
|
2024-03-31 06:24:19 -07:00
|
|
|
void BinaryFunction::constructDomTree() {
|
|
|
|
|
BDT.reset(new BinaryDominatorTree);
|
|
|
|
|
BDT->recalculate(*this);
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-26 10:58:01 -07:00
|
|
|
void BinaryFunction::calculateLoopInfo() {
|
2024-03-31 06:24:19 -07:00
|
|
|
if (!hasDomTree())
|
|
|
|
|
constructDomTree();
|
2016-05-26 10:58:01 -07:00
|
|
|
// Discover loops.
|
|
|
|
|
BLI.reset(new BinaryLoopInfo());
|
2024-03-31 06:24:19 -07:00
|
|
|
BLI->analyze(getDomTree());
|
2016-05-26 10:58:01 -07:00
|
|
|
|
|
|
|
|
// Traverse discovered loops and add depth and profile information.
|
|
|
|
|
std::stack<BinaryLoop *> St;
|
|
|
|
|
for (auto I = BLI->begin(), E = BLI->end(); I != E; ++I) {
|
|
|
|
|
St.push(*I);
|
|
|
|
|
++BLI->OuterLoops;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (!St.empty()) {
|
|
|
|
|
BinaryLoop *L = St.top();
|
|
|
|
|
St.pop();
|
|
|
|
|
++BLI->TotalLoops;
|
|
|
|
|
BLI->MaximumDepth = std::max(L->getLoopDepth(), BLI->MaximumDepth);
|
|
|
|
|
|
|
|
|
|
// Add nested loops in the stack.
|
2021-12-20 11:07:46 -08:00
|
|
|
for (BinaryLoop::iterator I = L->begin(), E = L->end(); I != E; ++I)
|
2016-05-26 10:58:01 -07:00
|
|
|
St.push(*I);
|
|
|
|
|
|
|
|
|
|
// Skip if no valid profile is found.
|
|
|
|
|
if (!hasValidProfile()) {
|
|
|
|
|
L->EntryCount = COUNT_NO_PROFILE;
|
|
|
|
|
L->ExitCount = COUNT_NO_PROFILE;
|
|
|
|
|
L->TotalBackEdgeCount = COUNT_NO_PROFILE;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Compute back edge count.
|
|
|
|
|
SmallVector<BinaryBasicBlock *, 1> Latches;
|
|
|
|
|
L->getLoopLatches(Latches);
|
|
|
|
|
|
|
|
|
|
for (BinaryBasicBlock *Latch : Latches) {
|
2016-09-13 17:12:00 -07:00
|
|
|
auto BI = Latch->branch_info_begin();
|
2016-05-26 10:58:01 -07:00
|
|
|
for (BinaryBasicBlock *Succ : Latch->successors()) {
|
|
|
|
|
if (Succ == L->getHeader()) {
|
2016-12-21 17:13:56 -08:00
|
|
|
assert(BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE &&
|
2016-05-26 10:58:01 -07:00
|
|
|
"profile data not found");
|
|
|
|
|
L->TotalBackEdgeCount += BI->Count;
|
|
|
|
|
}
|
|
|
|
|
++BI;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Compute entry count.
|
|
|
|
|
L->EntryCount = L->getHeader()->getExecutionCount() - L->TotalBackEdgeCount;
|
|
|
|
|
|
|
|
|
|
// Compute exit count.
|
|
|
|
|
SmallVector<BinaryLoop::Edge, 1> ExitEdges;
|
|
|
|
|
L->getExitEdges(ExitEdges);
|
|
|
|
|
for (BinaryLoop::Edge &Exit : ExitEdges) {
|
|
|
|
|
const BinaryBasicBlock *Exiting = Exit.first;
|
|
|
|
|
const BinaryBasicBlock *ExitTarget = Exit.second;
|
2016-09-13 17:12:00 -07:00
|
|
|
auto BI = Exiting->branch_info_begin();
|
2016-05-26 10:58:01 -07:00
|
|
|
for (BinaryBasicBlock *Succ : Exiting->successors()) {
|
|
|
|
|
if (Succ == ExitTarget) {
|
2016-12-21 17:13:56 -08:00
|
|
|
assert(BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE &&
|
2016-05-26 10:58:01 -07:00
|
|
|
"profile data not found");
|
|
|
|
|
L->ExitCount += BI->Count;
|
|
|
|
|
}
|
|
|
|
|
++BI;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-28 10:04:02 +02:00
|
|
|
void BinaryFunction::updateOutputValues(const BOLTLinker &Linker) {
|
2019-11-03 21:57:15 -08:00
|
|
|
if (!isEmitted()) {
|
|
|
|
|
assert(!isInjected() && "injected function should be emitted");
|
|
|
|
|
setOutputAddress(getAddress());
|
|
|
|
|
setOutputSize(getSize());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-28 10:04:02 +02:00
|
|
|
const auto SymbolInfo = Linker.lookupSymbolInfo(getSymbol()->getName());
|
|
|
|
|
assert(SymbolInfo && "Cannot find function entry symbol");
|
|
|
|
|
setOutputAddress(SymbolInfo->Address);
|
|
|
|
|
setOutputSize(SymbolInfo->Size);
|
|
|
|
|
|
2019-11-03 21:57:15 -08:00
|
|
|
if (BC.HasRelocations || isInjected()) {
|
|
|
|
|
if (hasConstantIsland()) {
|
2025-02-20 17:14:33 -08:00
|
|
|
const auto IslandLabelSymInfo =
|
|
|
|
|
Linker.lookupSymbolInfo(getFunctionConstantIslandLabel()->getName());
|
|
|
|
|
assert(IslandLabelSymInfo && "Cannot find function CI symbol");
|
|
|
|
|
setOutputDataAddress(IslandLabelSymInfo->Address);
|
2023-02-10 17:09:03 +04:00
|
|
|
for (auto It : Islands->Offsets) {
|
|
|
|
|
const uint64_t OldOffset = It.first;
|
|
|
|
|
BinaryData *BD = BC.getBinaryDataAtAddress(getAddress() + OldOffset);
|
|
|
|
|
if (!BD)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
MCSymbol *Symbol = It.second;
|
2025-02-20 17:14:33 -08:00
|
|
|
const auto SymInfo = Linker.lookupSymbolInfo(Symbol->getName());
|
|
|
|
|
assert(SymInfo && "Cannot find CI symbol");
|
2023-08-28 10:04:02 +02:00
|
|
|
auto &Section = *getCodeSection();
|
2025-02-20 17:14:33 -08:00
|
|
|
const auto NewOffset = SymInfo->Address - Section.getOutputAddress();
|
2023-08-28 10:04:02 +02:00
|
|
|
BD->setOutputLocation(Section, NewOffset);
|
2023-02-10 17:09:03 +04:00
|
|
|
}
|
2019-11-03 21:57:15 -08:00
|
|
|
}
|
|
|
|
|
if (isSplit()) {
|
2022-08-24 18:07:06 -07:00
|
|
|
for (FunctionFragment &FF : getLayout().getSplitFragments()) {
|
2022-08-18 21:48:19 -07:00
|
|
|
ErrorOr<BinarySection &> ColdSection =
|
|
|
|
|
getCodeSection(FF.getFragmentNum());
|
|
|
|
|
// If fragment is empty, cold section might not exist
|
|
|
|
|
if (FF.empty() && ColdSection.getError())
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
const MCSymbol *ColdStartSymbol = getSymbol(FF.getFragmentNum());
|
|
|
|
|
// If fragment is empty, symbol might have not been emitted
|
|
|
|
|
if (FF.empty() && (!ColdStartSymbol || !ColdStartSymbol->isDefined()) &&
|
|
|
|
|
!hasConstantIsland())
|
|
|
|
|
continue;
|
|
|
|
|
assert(ColdStartSymbol && ColdStartSymbol->isDefined() &&
|
|
|
|
|
"split function should have defined cold symbol");
|
2023-08-28 10:04:02 +02:00
|
|
|
const auto ColdStartSymbolInfo =
|
|
|
|
|
Linker.lookupSymbolInfo(ColdStartSymbol->getName());
|
|
|
|
|
assert(ColdStartSymbolInfo && "Cannot find cold start symbol");
|
|
|
|
|
FF.setAddress(ColdStartSymbolInfo->Address);
|
|
|
|
|
FF.setImageSize(ColdStartSymbolInfo->Size);
|
2022-08-18 21:48:19 -07:00
|
|
|
if (hasConstantIsland()) {
|
2025-02-20 17:14:33 -08:00
|
|
|
const auto SymInfo = Linker.lookupSymbolInfo(
|
2023-08-28 10:04:02 +02:00
|
|
|
getFunctionColdConstantIslandLabel()->getName());
|
2025-02-20 17:14:33 -08:00
|
|
|
assert(SymInfo && "Cannot find cold CI symbol");
|
|
|
|
|
setOutputColdDataAddress(SymInfo->Address);
|
2022-08-18 21:48:19 -07:00
|
|
|
}
|
2019-11-03 21:57:15 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Update basic block output ranges for the debug info, if we have
|
|
|
|
|
// secondary entry points in the symbol table to update or if writing BAT.
|
2023-08-28 10:04:02 +02:00
|
|
|
if (!requiresAddressMap())
|
2019-11-03 21:57:15 -08:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// AArch64 may have functions that only contains a constant island (no code).
|
2022-07-16 17:23:21 -07:00
|
|
|
if (getLayout().block_empty())
|
2019-11-03 21:57:15 -08:00
|
|
|
return;
|
|
|
|
|
|
2022-08-24 17:47:01 -07:00
|
|
|
for (FunctionFragment &FF : getLayout().fragments()) {
|
2022-08-24 18:07:06 -07:00
|
|
|
if (FF.empty())
|
|
|
|
|
continue;
|
|
|
|
|
|
2022-08-18 21:48:19 -07:00
|
|
|
const uint64_t FragmentBaseAddress =
|
|
|
|
|
getCodeSection(isSimple() ? FF.getFragmentNum() : FragmentNum::main())
|
|
|
|
|
->getOutputAddress();
|
2022-08-24 18:07:06 -07:00
|
|
|
|
|
|
|
|
BinaryBasicBlock *PrevBB = nullptr;
|
2022-08-18 21:48:19 -07:00
|
|
|
for (BinaryBasicBlock *const BB : FF) {
|
|
|
|
|
assert(BB->getLabel()->isDefined() && "symbol should be defined");
|
|
|
|
|
if (!BC.HasRelocations) {
|
2022-08-24 18:07:06 -07:00
|
|
|
if (BB->isSplit())
|
|
|
|
|
assert(FragmentBaseAddress == FF.getAddress());
|
|
|
|
|
else
|
2022-08-18 21:48:19 -07:00
|
|
|
assert(FragmentBaseAddress == getOutputAddress());
|
2023-08-21 07:57:18 -07:00
|
|
|
(void)FragmentBaseAddress;
|
2019-11-03 21:57:15 -08:00
|
|
|
}
|
2022-08-24 18:07:06 -07:00
|
|
|
|
2023-08-23 16:36:54 -07:00
|
|
|
// Injected functions likely will fail lookup, as they have no
|
|
|
|
|
// input range. Just assign the BB the output address of the
|
|
|
|
|
// function.
|
2023-10-24 12:22:43 -07:00
|
|
|
auto MaybeBBAddress = BC.getIOAddressMap().lookup(BB->getLabel());
|
2023-08-23 16:36:54 -07:00
|
|
|
const uint64_t BBAddress = MaybeBBAddress ? *MaybeBBAddress
|
|
|
|
|
: BB->isSplit() ? FF.getAddress()
|
|
|
|
|
: getOutputAddress();
|
2022-08-18 21:48:19 -07:00
|
|
|
BB->setOutputStartAddress(BBAddress);
|
|
|
|
|
|
2023-10-24 12:22:43 -07:00
|
|
|
if (PrevBB) {
|
|
|
|
|
assert(PrevBB->getOutputAddressRange().first <= BBAddress &&
|
|
|
|
|
"Bad output address for basic block.");
|
|
|
|
|
assert((PrevBB->getOutputAddressRange().first != BBAddress ||
|
2023-11-08 10:53:36 -08:00
|
|
|
!hasInstructions() || !PrevBB->getNumNonPseudos()) &&
|
2023-10-24 12:22:43 -07:00
|
|
|
"Bad output address for basic block.");
|
2022-08-24 18:07:06 -07:00
|
|
|
PrevBB->setOutputEndAddress(BBAddress);
|
2023-10-24 12:22:43 -07:00
|
|
|
}
|
2022-08-18 21:48:19 -07:00
|
|
|
PrevBB = BB;
|
|
|
|
|
}
|
2022-08-24 18:07:06 -07:00
|
|
|
|
|
|
|
|
PrevBB->setOutputEndAddress(PrevBB->isSplit()
|
|
|
|
|
? FF.getAddress() + FF.getImageSize()
|
|
|
|
|
: getOutputAddress() + getOutputSize());
|
2019-11-03 21:57:15 -08:00
|
|
|
}
|
2023-11-25 23:23:47 -08:00
|
|
|
|
|
|
|
|
// Reset output addresses for deleted blocks.
|
|
|
|
|
for (BinaryBasicBlock *BB : DeletedBasicBlocks) {
|
|
|
|
|
BB->setOutputStartAddress(0);
|
|
|
|
|
BB->setOutputEndAddress(0);
|
|
|
|
|
}
|
2019-11-03 21:57:15 -08:00
|
|
|
}
|
|
|
|
|
|
2019-03-29 14:22:54 -07:00
|
|
|
DebugAddressRangesVector BinaryFunction::getOutputAddressRanges() const {
|
|
|
|
|
DebugAddressRangesVector OutputRanges;
|
2017-05-16 09:27:34 -07:00
|
|
|
|
2020-10-16 00:11:24 -07:00
|
|
|
if (isFolded())
|
|
|
|
|
return OutputRanges;
|
|
|
|
|
|
[BOLT] Basic support for split functions
Summary:
This adds very basic and limited support for split functions.
In non-relocation mode, split functions are ignored, while their debug
info is properly updated. No support in the relocation mode yet.
Split functions consist of a main body and one or more fragments.
For fragments, the main part is called their parent. Any fragment
could only be entered via its parent or another fragment.
The short-term goal is to correctly update debug information for split
functions, while the long-term goal is to have a complete support
including full optimization. Note that if we don't detect split
bodies, we would have to add multiple entry points via tail calls,
which we would rather avoid.
Parent functions and fragments are represented by a `BinaryFunction`
and are marked accordingly. For now they are marked as non-simple, and
thus only supported in non-relocation mode. Once we start building a
CFG, it should be a common graph (i.e. the one that includes all
fragments) in the parent function.
The function discovery is unchanged, except for the detection of
`\.cold\.` pattern in the function name, which automatically marks the
function as a fragment of another function.
Because of the local function name ambiguity, we cannot rely on the
function name to establish child fragment and parent relationship.
Instead we rely on disassembly processing.
`BinaryContext::getBinaryFunctionContainingAddress()` now returns a
parent function if an address from its fragment is passed.
There's no jump table support at the moment. Jump tables can have
source and destinations in both fragment and parent.
Parent functions that enter their fragments via C++ exception handling
mechanism are not yet supported.
(cherry picked from FBD14970569)
2019-04-16 10:24:34 -07:00
|
|
|
if (IsFragment)
|
|
|
|
|
return OutputRanges;
|
|
|
|
|
|
2017-05-16 09:27:34 -07:00
|
|
|
OutputRanges.emplace_back(getOutputAddress(),
|
|
|
|
|
getOutputAddress() + getOutputSize());
|
|
|
|
|
if (isSplit()) {
|
|
|
|
|
assert(isEmitted() && "split function should be emitted");
|
2022-08-24 18:07:06 -07:00
|
|
|
for (const FunctionFragment &FF : getLayout().getSplitFragments())
|
|
|
|
|
OutputRanges.emplace_back(FF.getAddress(),
|
|
|
|
|
FF.getAddress() + FF.getImageSize());
|
2017-05-16 09:27:34 -07:00
|
|
|
}
|
|
|
|
|
|
[BOLT] Basic support for split functions
Summary:
This adds very basic and limited support for split functions.
In non-relocation mode, split functions are ignored, while their debug
info is properly updated. No support in the relocation mode yet.
Split functions consist of a main body and one or more fragments.
For fragments, the main part is called their parent. Any fragment
could only be entered via its parent or another fragment.
The short-term goal is to correctly update debug information for split
functions, while the long-term goal is to have a complete support
including full optimization. Note that if we don't detect split
bodies, we would have to add multiple entry points via tail calls,
which we would rather avoid.
Parent functions and fragments are represented by a `BinaryFunction`
and are marked accordingly. For now they are marked as non-simple, and
thus only supported in non-relocation mode. Once we start building a
CFG, it should be a common graph (i.e. the one that includes all
fragments) in the parent function.
The function discovery is unchanged, except for the detection of
`\.cold\.` pattern in the function name, which automatically marks the
function as a fragment of another function.
Because of the local function name ambiguity, we cannot rely on the
function name to establish child fragment and parent relationship.
Instead we rely on disassembly processing.
`BinaryContext::getBinaryFunctionContainingAddress()` now returns a
parent function if an address from its fragment is passed.
There's no jump table support at the moment. Jump tables can have
source and destinations in both fragment and parent.
Parent functions that enter their fragments via C++ exception handling
mechanism are not yet supported.
(cherry picked from FBD14970569)
2019-04-16 10:24:34 -07:00
|
|
|
if (isSimple())
|
|
|
|
|
return OutputRanges;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (BinaryFunction *Frag : Fragments) {
|
[BOLT] Basic support for split functions
Summary:
This adds very basic and limited support for split functions.
In non-relocation mode, split functions are ignored, while their debug
info is properly updated. No support in the relocation mode yet.
Split functions consist of a main body and one or more fragments.
For fragments, the main part is called their parent. Any fragment
could only be entered via its parent or another fragment.
The short-term goal is to correctly update debug information for split
functions, while the long-term goal is to have a complete support
including full optimization. Note that if we don't detect split
bodies, we would have to add multiple entry points via tail calls,
which we would rather avoid.
Parent functions and fragments are represented by a `BinaryFunction`
and are marked accordingly. For now they are marked as non-simple, and
thus only supported in non-relocation mode. Once we start building a
CFG, it should be a common graph (i.e. the one that includes all
fragments) in the parent function.
The function discovery is unchanged, except for the detection of
`\.cold\.` pattern in the function name, which automatically marks the
function as a fragment of another function.
Because of the local function name ambiguity, we cannot rely on the
function name to establish child fragment and parent relationship.
Instead we rely on disassembly processing.
`BinaryContext::getBinaryFunctionContainingAddress()` now returns a
parent function if an address from its fragment is passed.
There's no jump table support at the moment. Jump tables can have
source and destinations in both fragment and parent.
Parent functions that enter their fragments via C++ exception handling
mechanism are not yet supported.
(cherry picked from FBD14970569)
2019-04-16 10:24:34 -07:00
|
|
|
assert(!Frag->isSimple() &&
|
|
|
|
|
"fragment of non-simple function should also be non-simple");
|
|
|
|
|
OutputRanges.emplace_back(Frag->getOutputAddress(),
|
|
|
|
|
Frag->getOutputAddress() + Frag->getOutputSize());
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-16 09:27:34 -07:00
|
|
|
return OutputRanges;
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-31 09:36:49 -07:00
|
|
|
uint64_t BinaryFunction::translateInputToOutputAddress(uint64_t Address) const {
|
2020-10-16 00:11:24 -07:00
|
|
|
if (isFolded())
|
|
|
|
|
return 0;
|
|
|
|
|
|
2017-05-31 09:36:49 -07:00
|
|
|
// If the function hasn't changed return the same address.
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!isEmitted())
|
2017-05-31 09:36:49 -07:00
|
|
|
return Address;
|
|
|
|
|
|
|
|
|
|
if (Address < getAddress())
|
|
|
|
|
return 0;
|
|
|
|
|
|
2019-11-03 21:57:15 -08:00
|
|
|
// Check if the address is associated with an instruction that is tracked
|
|
|
|
|
// by address translation.
|
2023-08-21 10:10:48 +02:00
|
|
|
if (auto OutputAddress = BC.getIOAddressMap().lookup(Address))
|
|
|
|
|
return *OutputAddress;
|
2019-11-03 21:57:15 -08:00
|
|
|
|
2017-05-31 09:36:49 -07:00
|
|
|
// FIXME: #18950828 - we rely on relative offsets inside basic blocks to stay
|
|
|
|
|
// intact. Instead we can use pseudo instructions and/or annotations.
|
2021-04-08 00:19:26 -07:00
|
|
|
const uint64_t Offset = Address - getAddress();
|
|
|
|
|
const BinaryBasicBlock *BB = getBasicBlockContainingOffset(Offset);
|
2017-05-31 09:36:49 -07:00
|
|
|
if (!BB) {
|
|
|
|
|
// Special case for address immediately past the end of the function.
|
|
|
|
|
if (Offset == getSize())
|
|
|
|
|
return getOutputAddress() + getOutputSize();
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return std::min(BB->getOutputAddressRange().first + Offset - BB->getOffset(),
|
|
|
|
|
BB->getOutputAddressRange().second);
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
DebugAddressRangesVector
|
|
|
|
|
BinaryFunction::translateInputToOutputRange(DebugAddressRange InRange) const {
|
|
|
|
|
DebugAddressRangesVector OutRanges;
|
2019-03-29 14:22:54 -07:00
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
// The function was removed from the output. Return an empty range.
|
2020-10-16 00:11:24 -07:00
|
|
|
if (isFolded())
|
2023-11-06 11:10:20 -08:00
|
|
|
return OutRanges;
|
2020-10-16 00:11:24 -07:00
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
// If the function hasn't changed return the same range.
|
[BOLT] Support for lite mode with relocations
Summary:
Add '-lite' support for relocations for improved processing time,
memory consumption, and more resilient processing of binaries with
embedded assembly code.
In lite relocation mode, BOLT will skip full processing of functions
without a profile. It will run scanExternalRefs() on such functions
to discover external references and to create internal relocations
to update references to optimized functions.
Note that we could have relied on the compiler/linker to provide
relocations for function references. However, there's no assurance
that all such references are reported. E.g., the compiler can resolve
inter-procedural references internally, leaving no relocations
for the linker.
The scan process takes about <10 seconds per 100MB of code on modern
hardware. It's a reasonable overhead to live with considering the
flexibility it provides.
If BOLT fails to scan or disassemble a function, .e.g., due to a data
object embedded in code, or an unsupported instruction, it enables a
patching mode to guarantee that the failed function will call
optimized/moved versions of functions. The patching happens at original
function entry points.
'-skip=<func1,func2,...>' option now can be used to skip processing of
arbitrary functions in the relocation mode.
With '-use-old-text' or '-strict' we require all functions to be
processed. As such, it is incompatible with '-lite' option,
and '-skip' option will only disable optimizations of listed
functions, not their disassembly and emission.
(cherry picked from FBD22040717)
2020-06-15 00:15:47 -07:00
|
|
|
if (!isEmitted()) {
|
2023-11-06 11:10:20 -08:00
|
|
|
OutRanges.emplace_back(InRange);
|
|
|
|
|
return OutRanges;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!containsAddress(InRange.LowPC))
|
|
|
|
|
return OutRanges;
|
|
|
|
|
|
|
|
|
|
// Special case of an empty range [X, X). Some tools expect X to be updated.
|
|
|
|
|
if (InRange.LowPC == InRange.HighPC) {
|
|
|
|
|
if (uint64_t NewPC = translateInputToOutputAddress(InRange.LowPC))
|
|
|
|
|
OutRanges.push_back(DebugAddressRange{NewPC, NewPC});
|
|
|
|
|
return OutRanges;
|
2019-03-29 14:22:54 -07:00
|
|
|
}
|
2017-05-16 09:27:34 -07:00
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
uint64_t InputOffset = InRange.LowPC - getAddress();
|
|
|
|
|
const uint64_t InputEndOffset =
|
|
|
|
|
std::min(InRange.HighPC - getAddress(), getSize());
|
|
|
|
|
|
|
|
|
|
auto BBI = llvm::upper_bound(BasicBlockOffsets,
|
|
|
|
|
BasicBlockOffset(InputOffset, nullptr),
|
|
|
|
|
CompareBasicBlockOffsets());
|
|
|
|
|
assert(BBI != BasicBlockOffsets.begin());
|
|
|
|
|
|
|
|
|
|
// Iterate over blocks in the input order using BasicBlockOffsets.
|
|
|
|
|
for (--BBI; InputOffset < InputEndOffset && BBI != BasicBlockOffsets.end();
|
|
|
|
|
InputOffset = BBI->second->getEndOffset(), ++BBI) {
|
|
|
|
|
const BinaryBasicBlock &BB = *BBI->second;
|
|
|
|
|
if (InputOffset < BB.getOffset() || InputOffset >= BB.getEndOffset()) {
|
2020-12-01 16:29:39 -08:00
|
|
|
LLVM_DEBUG(
|
|
|
|
|
dbgs() << "BOLT-DEBUG: invalid debug address range detected for "
|
2023-11-06 11:10:20 -08:00
|
|
|
<< *this << " : [0x" << Twine::utohexstr(InRange.LowPC)
|
|
|
|
|
<< ", 0x" << Twine::utohexstr(InRange.HighPC) << "]\n");
|
|
|
|
|
break;
|
2017-05-16 09:27:34 -07:00
|
|
|
}
|
|
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
// Skip the block if it wasn't emitted.
|
|
|
|
|
if (!BB.getOutputAddressRange().first)
|
|
|
|
|
continue;
|
2017-05-16 09:27:34 -07:00
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
// Find output address for an instruction with an offset greater or equal
|
|
|
|
|
// to /p Offset. The output address should fall within the same basic
|
|
|
|
|
// block boundaries.
|
|
|
|
|
auto translateBlockOffset = [&](const uint64_t Offset) {
|
|
|
|
|
const uint64_t OutAddress = BB.getOutputAddressRange().first + Offset;
|
2023-11-09 09:55:49 -08:00
|
|
|
return std::min(OutAddress, BB.getOutputAddressRange().second);
|
2023-11-06 11:10:20 -08:00
|
|
|
};
|
2017-05-16 09:27:34 -07:00
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
uint64_t OutLowPC = BB.getOutputAddressRange().first;
|
|
|
|
|
if (InputOffset > BB.getOffset())
|
|
|
|
|
OutLowPC = translateBlockOffset(InputOffset - BB.getOffset());
|
|
|
|
|
|
|
|
|
|
uint64_t OutHighPC = BB.getOutputAddressRange().second;
|
|
|
|
|
if (InputEndOffset < BB.getEndOffset()) {
|
|
|
|
|
assert(InputEndOffset >= BB.getOffset());
|
|
|
|
|
OutHighPC = translateBlockOffset(InputEndOffset - BB.getOffset());
|
2017-05-24 15:20:27 -07:00
|
|
|
}
|
2023-11-06 11:10:20 -08:00
|
|
|
|
|
|
|
|
// Check if we can expand the last translated range.
|
|
|
|
|
if (!OutRanges.empty() && OutRanges.back().HighPC == OutLowPC)
|
|
|
|
|
OutRanges.back().HighPC = std::max(OutRanges.back().HighPC, OutHighPC);
|
|
|
|
|
else
|
|
|
|
|
OutRanges.emplace_back(OutLowPC, std::max(OutLowPC, OutHighPC));
|
2017-05-24 15:20:27 -07:00
|
|
|
}
|
|
|
|
|
|
2023-11-06 11:10:20 -08:00
|
|
|
LLVM_DEBUG({
|
|
|
|
|
dbgs() << "BOLT-DEBUG: translated address range " << InRange << " -> ";
|
|
|
|
|
for (const DebugAddressRange &R : OutRanges)
|
|
|
|
|
dbgs() << R << ' ';
|
|
|
|
|
dbgs() << '\n';
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return OutRanges;
|
2017-05-16 09:27:34 -07:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
MCInst *BinaryFunction::getInstructionAtOffset(uint64_t Offset) {
|
|
|
|
|
if (CurrentState == State::Disassembled) {
|
|
|
|
|
auto II = Instructions.find(Offset);
|
|
|
|
|
return (II == Instructions.end()) ? nullptr : &II->second;
|
|
|
|
|
} else if (CurrentState == State::CFG) {
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock *BB = getBasicBlockContainingOffset(Offset);
|
2017-11-28 09:57:21 -08:00
|
|
|
if (!BB)
|
|
|
|
|
return nullptr;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
for (MCInst &Inst : *BB) {
|
|
|
|
|
constexpr uint32_t InvalidOffset = std::numeric_limits<uint32_t>::max();
|
2021-08-03 17:53:32 -07:00
|
|
|
if (Offset == BC.MIB->getOffsetWithDefault(Inst, InvalidOffset))
|
2017-11-28 09:57:21 -08:00
|
|
|
return &Inst;
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-18 17:05:00 -08:00
|
|
|
if (MCInst *LastInstr = BB->getLastNonPseudoInstr()) {
|
2023-11-13 14:33:39 -08:00
|
|
|
if (std::optional<uint32_t> Size = BC.MIB->getSize(*LastInstr)) {
|
|
|
|
|
if (BB->getEndOffset() - Offset == Size) {
|
|
|
|
|
return LastInstr;
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-12-18 17:05:00 -08:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 09:57:21 -08:00
|
|
|
return nullptr;
|
|
|
|
|
} else {
|
|
|
|
|
llvm_unreachable("invalid CFG state to use getInstructionAtOffset()");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-27 19:26:11 -07:00
|
|
|
MCInst *BinaryFunction::getInstructionContainingOffset(uint64_t Offset) {
|
|
|
|
|
assert(CurrentState == State::Disassembled && "Wrong function state");
|
|
|
|
|
|
|
|
|
|
if (Offset > Size)
|
|
|
|
|
return nullptr;
|
|
|
|
|
|
|
|
|
|
auto II = Instructions.upper_bound(Offset);
|
|
|
|
|
assert(II != Instructions.begin() && "First instruction not at offset 0");
|
|
|
|
|
--II;
|
|
|
|
|
return &II->second;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-26 10:58:01 -07:00
|
|
|
void BinaryFunction::printLoopInfo(raw_ostream &OS) const {
|
2022-06-29 17:01:02 -07:00
|
|
|
if (!opts::shouldPrint(*this))
|
|
|
|
|
return;
|
|
|
|
|
|
2016-08-07 12:35:23 -07:00
|
|
|
OS << "Loop Info for Function \"" << *this << "\"";
|
2021-12-20 11:07:46 -08:00
|
|
|
if (hasValidProfile())
|
2016-05-26 10:58:01 -07:00
|
|
|
OS << " (count: " << getExecutionCount() << ")";
|
|
|
|
|
OS << "\n";
|
|
|
|
|
|
|
|
|
|
std::stack<BinaryLoop *> St;
|
2022-09-03 11:17:32 -07:00
|
|
|
for (BinaryLoop *L : *BLI)
|
|
|
|
|
St.push(L);
|
2016-05-26 10:58:01 -07:00
|
|
|
while (!St.empty()) {
|
|
|
|
|
BinaryLoop *L = St.top();
|
|
|
|
|
St.pop();
|
|
|
|
|
|
2022-09-03 11:17:32 -07:00
|
|
|
for (BinaryLoop *Inner : *L)
|
|
|
|
|
St.push(Inner);
|
2016-05-26 10:58:01 -07:00
|
|
|
|
|
|
|
|
if (!hasValidProfile())
|
|
|
|
|
continue;
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
OS << (L->getLoopDepth() > 1 ? "Nested" : "Outer")
|
|
|
|
|
<< " loop header: " << L->getHeader()->getName();
|
2016-05-26 10:58:01 -07:00
|
|
|
OS << "\n";
|
|
|
|
|
OS << "Loop basic blocks: ";
|
2022-05-24 18:28:42 -07:00
|
|
|
ListSeparator LS;
|
|
|
|
|
for (BinaryBasicBlock *BB : L->blocks())
|
|
|
|
|
OS << LS << BB->getName();
|
2016-05-26 10:58:01 -07:00
|
|
|
OS << "\n";
|
|
|
|
|
if (hasValidProfile()) {
|
|
|
|
|
OS << "Total back edge count: " << L->TotalBackEdgeCount << "\n";
|
|
|
|
|
OS << "Loop entry count: " << L->EntryCount << "\n";
|
|
|
|
|
OS << "Loop exit count: " << L->ExitCount << "\n";
|
|
|
|
|
if (L->EntryCount > 0) {
|
|
|
|
|
OS << "Average iters per entry: "
|
|
|
|
|
<< format("%.4lf", (double)L->TotalBackEdgeCount / L->EntryCount)
|
|
|
|
|
<< "\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
OS << "----\n";
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-14 16:52:51 -08:00
|
|
|
OS << "Total number of loops: " << BLI->TotalLoops << "\n";
|
2016-05-26 10:58:01 -07:00
|
|
|
OS << "Number of outer loops: " << BLI->OuterLoops << "\n";
|
|
|
|
|
OS << "Maximum nested loop depth: " << BLI->MaximumDepth << "\n\n";
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-07 11:10:37 -07:00
|
|
|
bool BinaryFunction::isAArch64Veneer() const {
|
2022-07-29 09:01:00 -04:00
|
|
|
if (empty() || hasIslandsInfo())
|
2018-06-07 11:10:37 -07:00
|
|
|
return false;
|
|
|
|
|
|
2021-04-08 00:19:26 -07:00
|
|
|
BinaryBasicBlock &BB = **BasicBlocks.begin();
|
2021-12-20 11:07:46 -08:00
|
|
|
for (MCInst &Inst : BB)
|
2018-06-07 11:10:37 -07:00
|
|
|
if (!BC.MIB->hasAnnotation(Inst, "AArch64Veneer"))
|
|
|
|
|
return false;
|
|
|
|
|
|
2022-07-07 00:01:33 +03:00
|
|
|
for (auto I = BasicBlocks.begin() + 1, E = BasicBlocks.end(); I != E; ++I) {
|
|
|
|
|
for (MCInst &Inst : **I)
|
|
|
|
|
if (!BC.MIB->isNoop(Inst))
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-07 11:10:37 -07:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-14 17:29:23 -07:00
|
|
|
void BinaryFunction::addRelocation(uint64_t Address, MCSymbol *Symbol,
|
2025-03-14 18:15:59 +00:00
|
|
|
uint32_t RelType, uint64_t Addend,
|
2023-03-14 17:29:23 -07:00
|
|
|
uint64_t Value) {
|
|
|
|
|
assert(Address >= getAddress() && Address < getAddress() + getMaxSize() &&
|
|
|
|
|
"address is outside of the function");
|
|
|
|
|
uint64_t Offset = Address - getAddress();
|
|
|
|
|
LLVM_DEBUG(dbgs() << "BOLT-DEBUG: addRelocation in "
|
2023-06-06 15:49:00 -07:00
|
|
|
<< formatv("{0}@{1:x} against {2}\n", *this, Offset,
|
[BOLT] Improve handling of relocations targeting specific instructions (#66395)
On RISC-V, there are certain relocations that target a specific
instruction instead of a more abstract location like a function or basic
block. Take the following example that loads a value from symbol `foo`:
```
nop
1: auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(1b)(t0)
```
This results in two relocation:
- auipc: `R_RISCV_PCREL_HI20` referencing `foo`;
- ld: `R_RISCV_PCREL_LO12_I` referencing to local label `1` which points
to the auipc instruction.
It is of utmost importance that the `R_RISCV_PCREL_LO12_I` keeps
referring to the auipc instruction; if not, the program will fail to
assemble. However, BOLT currently does not guarantee this.
BOLT currently assumes that all local symbols are jump targets and
always starts a new basic block at symbol locations. The example above
results in a CFG the looks like this:
```
.BB0:
nop
.BB1:
auipc t0, %pcrel_hi(foo)
ld t0, %pcrel_lo(.BB1)(t0)
```
While this currently works (i.e., the `R_RISCV_PCREL_LO12_I` relocation
points to the correct instruction), it has two downsides:
- Too many basic blocks are created (the example above is logically only
one yet two are created);
- If instructions are inserted in `.BB1` (e.g., by instrumentation),
things will break since the label will not point to the auipc anymore.
This patch proposes to fix this issue by teaching BOLT to track labels
that should always point to a specific instruction. This is implemented
as follows:
- Add a new annotation type (`kLabel`) that allows us to annotate
instructions with an `MCSymbol *`;
- Whenever we encounter a relocation type that is used to refer to a
specific instruction (`Relocation::isInstructionReference`), we
register it without a symbol;
- During disassembly, whenever we encounter an instruction with such a
relocation, create a symbol for its target and store it in an offset
to symbol map (to ensure multiple relocations referencing the same
instruction use the same label);
- After disassembly, iterate this map to attach labels to instructions
via the new annotation type;
- During emission, emit these labels right before the instruction.
I believe the use of annotations works quite well for this use case as
it allows us to reliably track instruction labels. If we were to store
them as offsets in basic blocks, it would be error prone to keep them
updated whenever instructions are inserted or removed.
I have chosen to add labels as first-class annotations (as opposed to a
generic one) because the documentation of `MCAnnotation` suggests that
generic annotations are to be used for optional metadata that can be
discarded without affecting correctness. As this is not the case for
labels, a first-class annotation seemed more appropriate.
2023-10-06 06:46:16 +00:00
|
|
|
(Symbol ? Symbol->getName() : "<undef>")));
|
2023-03-14 17:29:23 -07:00
|
|
|
bool IsCI = BC.isAArch64() && isInConstantIsland(Address);
|
|
|
|
|
std::map<uint64_t, Relocation> &Rels =
|
|
|
|
|
IsCI ? Islands->Relocations : Relocations;
|
|
|
|
|
if (BC.MIB->shouldRecordCodeRelocation(RelType))
|
|
|
|
|
Rels[Offset] = Relocation{Offset, Symbol, RelType, Addend, Value};
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-05 14:42:04 -08:00
|
|
|
} // namespace bolt
|
2015-10-09 17:21:14 -07:00
|
|
|
} // namespace llvm
|
