1 //===- bolt/Core/BinaryFunction.cpp - Low-level function ------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file implements the BinaryFunction class. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "bolt/Core/BinaryFunction.h" 14 #include "bolt/Core/BinaryBasicBlock.h" 15 #include "bolt/Core/DynoStats.h" 16 #include "bolt/Core/HashUtilities.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "bolt/Utils/NameResolver.h" 19 #include "bolt/Utils/NameShortener.h" 20 #include "bolt/Utils/Utils.h" 21 #include "llvm/ADT/STLExtras.h" 22 #include "llvm/ADT/SmallSet.h" 23 #include "llvm/ADT/StringExtras.h" 24 #include "llvm/ADT/StringRef.h" 25 #include "llvm/Demangle/Demangle.h" 26 #include "llvm/MC/MCAsmInfo.h" 27 #include "llvm/MC/MCContext.h" 28 #include "llvm/MC/MCDisassembler/MCDisassembler.h" 29 #include "llvm/MC/MCExpr.h" 30 #include "llvm/MC/MCInst.h" 31 #include "llvm/MC/MCInstPrinter.h" 32 #include "llvm/MC/MCRegisterInfo.h" 33 #include "llvm/MC/MCSymbol.h" 34 #include "llvm/Object/ObjectFile.h" 35 #include "llvm/Support/CommandLine.h" 36 #include "llvm/Support/Debug.h" 37 #include "llvm/Support/GenericDomTreeConstruction.h" 38 #include "llvm/Support/GenericLoopInfoImpl.h" 39 #include "llvm/Support/GraphWriter.h" 40 #include "llvm/Support/LEB128.h" 41 #include "llvm/Support/Regex.h" 42 #include "llvm/Support/Timer.h" 43 #include "llvm/Support/raw_ostream.h" 44 #include "llvm/Support/xxhash.h" 45 #include <functional> 46 #include <limits> 47 #include <numeric> 48 #include <stack> 49 #include <string> 50 51 #define DEBUG_TYPE "bolt" 52 53 using namespace llvm; 54 using namespace bolt; 55 56 namespace opts { 57 58 extern cl::OptionCategory BoltCategory; 59 extern cl::OptionCategory BoltOptCategory; 60 61 extern cl::opt<bool> EnableBAT; 62 extern cl::opt<bool> Instrument; 63 extern cl::opt<bool> StrictMode; 64 extern cl::opt<bool> UpdateDebugSections; 65 extern cl::opt<unsigned> Verbosity; 66 67 extern bool processAllFunctions(); 68 69 cl::opt<bool> CheckEncoding( 70 "check-encoding", 71 cl::desc("perform verification of LLVM instruction encoding/decoding. " 72 "Every instruction in the input is decoded and re-encoded. " 73 "If the resulting bytes do not match the input, a warning message " 74 "is printed."), 75 cl::Hidden, cl::cat(BoltCategory)); 76 77 static cl::opt<bool> DotToolTipCode( 78 "dot-tooltip-code", 79 cl::desc("add basic block instructions as tool tips on nodes"), cl::Hidden, 80 cl::cat(BoltCategory)); 81 82 cl::opt<JumpTableSupportLevel> 83 JumpTables("jump-tables", 84 cl::desc("jump tables support (default=basic)"), 85 cl::init(JTS_BASIC), 86 cl::values( 87 clEnumValN(JTS_NONE, "none", 88 "do not optimize functions with jump tables"), 89 clEnumValN(JTS_BASIC, "basic", 90 "optimize functions with jump tables"), 91 clEnumValN(JTS_MOVE, "move", 92 "move jump tables to a separate section"), 93 clEnumValN(JTS_SPLIT, "split", 94 "split jump tables section into hot and cold based on " 95 "function execution frequency"), 96 clEnumValN(JTS_AGGRESSIVE, "aggressive", 97 "aggressively split jump tables section based on usage " 98 "of the tables")), 99 cl::ZeroOrMore, 100 cl::cat(BoltOptCategory)); 101 102 static cl::opt<bool> NoScan( 103 "no-scan", 104 cl::desc( 105 "do not scan cold functions for external references (may result in " 106 "slower binary)"), 107 cl::Hidden, cl::cat(BoltOptCategory)); 108 109 cl::opt<bool> 110 PreserveBlocksAlignment("preserve-blocks-alignment", 111 cl::desc("try to preserve basic block alignment"), 112 cl::cat(BoltOptCategory)); 113 114 static cl::opt<bool> PrintOutputAddressRange( 115 "print-output-address-range", 116 cl::desc( 117 "print output address range for each basic block in the function when" 118 "BinaryFunction::print is called"), 119 cl::Hidden, cl::cat(BoltOptCategory)); 120 121 cl::opt<bool> 122 PrintDynoStats("dyno-stats", 123 cl::desc("print execution info based on profile"), 124 cl::cat(BoltCategory)); 125 126 static cl::opt<bool> 127 PrintDynoStatsOnly("print-dyno-stats-only", 128 cl::desc("while printing functions output dyno-stats and skip instructions"), 129 cl::init(false), 130 cl::Hidden, 131 cl::cat(BoltCategory)); 132 133 static cl::list<std::string> 134 PrintOnly("print-only", 135 cl::CommaSeparated, 136 cl::desc("list of functions to print"), 137 cl::value_desc("func1,func2,func3,..."), 138 cl::Hidden, 139 cl::cat(BoltCategory)); 140 141 cl::opt<bool> 142 TimeBuild("time-build", 143 cl::desc("print time spent constructing binary functions"), 144 cl::Hidden, cl::cat(BoltCategory)); 145 146 cl::opt<bool> 147 TrapOnAVX512("trap-avx512", 148 cl::desc("in relocation mode trap upon entry to any function that uses " 149 "AVX-512 instructions"), 150 cl::init(false), 151 cl::ZeroOrMore, 152 cl::Hidden, 153 cl::cat(BoltCategory)); 154 155 bool shouldPrint(const BinaryFunction &Function) { 156 if (Function.isIgnored()) 157 return false; 158 159 if (PrintOnly.empty()) 160 return true; 161 162 for (std::string &Name : opts::PrintOnly) { 163 if (Function.hasNameRegex(Name)) { 164 return true; 165 } 166 } 167 168 std::optional<StringRef> Origin = Function.getOriginSectionName(); 169 if (Origin && llvm::any_of(opts::PrintOnly, [&](const std::string &Name) { 170 return Name == *Origin; 171 })) 172 return true; 173 174 return false; 175 } 176 177 } // namespace opts 178 179 namespace llvm { 180 namespace bolt { 181 182 template <typename R> static bool emptyRange(const R &Range) { 183 return Range.begin() == Range.end(); 184 } 185 186 /// Gets debug line information for the instruction located at the given 187 /// address in the original binary. The SMLoc's pointer is used 188 /// to point to this information, which is represented by a 189 /// DebugLineTableRowRef. The returned pointer is null if no debug line 190 /// information for this instruction was found. 191 static SMLoc findDebugLineInformationForInstructionAt( 192 uint64_t Address, DWARFUnit *Unit, 193 const DWARFDebugLine::LineTable *LineTable) { 194 // We use the pointer in SMLoc to store an instance of DebugLineTableRowRef, 195 // which occupies 64 bits. Thus, we can only proceed if the struct fits into 196 // the pointer itself. 197 static_assert( 198 sizeof(decltype(SMLoc().getPointer())) >= sizeof(DebugLineTableRowRef), 199 "Cannot fit instruction debug line information into SMLoc's pointer"); 200 201 SMLoc NullResult = DebugLineTableRowRef::NULL_ROW.toSMLoc(); 202 uint32_t RowIndex = LineTable->lookupAddress( 203 {Address, object::SectionedAddress::UndefSection}); 204 if (RowIndex == LineTable->UnknownRowIndex) 205 return NullResult; 206 207 assert(RowIndex < LineTable->Rows.size() && 208 "Line Table lookup returned invalid index."); 209 210 decltype(SMLoc().getPointer()) Ptr; 211 DebugLineTableRowRef *InstructionLocation = 212 reinterpret_cast<DebugLineTableRowRef *>(&Ptr); 213 214 InstructionLocation->DwCompileUnitIndex = Unit->getOffset(); 215 InstructionLocation->RowIndex = RowIndex + 1; 216 217 return SMLoc::getFromPointer(Ptr); 218 } 219 220 static std::string buildSectionName(StringRef Prefix, StringRef Name, 221 const BinaryContext &BC) { 222 if (BC.isELF()) 223 return (Prefix + Name).str(); 224 static NameShortener NS; 225 return (Prefix + Twine(NS.getID(Name))).str(); 226 } 227 228 static raw_ostream &operator<<(raw_ostream &OS, 229 const BinaryFunction::State State) { 230 switch (State) { 231 case BinaryFunction::State::Empty: OS << "empty"; break; 232 case BinaryFunction::State::Disassembled: OS << "disassembled"; break; 233 case BinaryFunction::State::CFG: OS << "CFG constructed"; break; 234 case BinaryFunction::State::CFG_Finalized: OS << "CFG finalized"; break; 235 case BinaryFunction::State::EmittedCFG: OS << "emitted with CFG"; break; 236 case BinaryFunction::State::Emitted: OS << "emitted"; break; 237 } 238 239 return OS; 240 } 241 242 std::string BinaryFunction::buildCodeSectionName(StringRef Name, 243 const BinaryContext &BC) { 244 return buildSectionName(BC.isELF() ? ".local.text." : ".l.text.", Name, BC); 245 } 246 247 std::string BinaryFunction::buildColdCodeSectionName(StringRef Name, 248 const BinaryContext &BC) { 249 return buildSectionName(BC.isELF() ? ".local.cold.text." : ".l.c.text.", Name, 250 BC); 251 } 252 253 uint64_t BinaryFunction::Count = 0; 254 255 std::optional<StringRef> 256 BinaryFunction::hasNameRegex(const StringRef Name) const { 257 const std::string RegexName = (Twine("^") + StringRef(Name) + "$").str(); 258 Regex MatchName(RegexName); 259 return forEachName( 260 [&MatchName](StringRef Name) { return MatchName.match(Name); }); 261 } 262 263 std::optional<StringRef> 264 BinaryFunction::hasRestoredNameRegex(const StringRef Name) const { 265 const std::string RegexName = (Twine("^") + StringRef(Name) + "$").str(); 266 Regex MatchName(RegexName); 267 return forEachName([&MatchName](StringRef Name) { 268 return MatchName.match(NameResolver::restore(Name)); 269 }); 270 } 271 272 std::string BinaryFunction::getDemangledName() const { 273 StringRef MangledName = NameResolver::restore(getOneName()); 274 return demangle(MangledName.str()); 275 } 276 277 BinaryBasicBlock * 278 BinaryFunction::getBasicBlockContainingOffset(uint64_t Offset) { 279 if (Offset > Size) 280 return nullptr; 281 282 if (BasicBlockOffsets.empty()) 283 return nullptr; 284 285 /* 286 * This is commented out because it makes BOLT too slow. 287 * assert(std::is_sorted(BasicBlockOffsets.begin(), 288 * BasicBlockOffsets.end(), 289 * CompareBasicBlockOffsets()))); 290 */ 291 auto I = 292 llvm::upper_bound(BasicBlockOffsets, BasicBlockOffset(Offset, nullptr), 293 CompareBasicBlockOffsets()); 294 assert(I != BasicBlockOffsets.begin() && "first basic block not at offset 0"); 295 --I; 296 BinaryBasicBlock *BB = I->second; 297 return (Offset < BB->getOffset() + BB->getOriginalSize()) ? BB : nullptr; 298 } 299 300 void BinaryFunction::markUnreachableBlocks() { 301 std::stack<BinaryBasicBlock *> Stack; 302 303 for (BinaryBasicBlock &BB : blocks()) 304 BB.markValid(false); 305 306 // Add all entries and landing pads as roots. 307 for (BinaryBasicBlock *BB : BasicBlocks) { 308 if (isEntryPoint(*BB) || BB->isLandingPad()) { 309 Stack.push(BB); 310 BB->markValid(true); 311 continue; 312 } 313 // FIXME: 314 // Also mark BBs with indirect jumps as reachable, since we do not 315 // support removing unused jump tables yet (GH-issue20). 316 for (const MCInst &Inst : *BB) { 317 if (BC.MIB->getJumpTable(Inst)) { 318 Stack.push(BB); 319 BB->markValid(true); 320 break; 321 } 322 } 323 } 324 325 // Determine reachable BBs from the entry point 326 while (!Stack.empty()) { 327 BinaryBasicBlock *BB = Stack.top(); 328 Stack.pop(); 329 for (BinaryBasicBlock *Succ : BB->successors()) { 330 if (Succ->isValid()) 331 continue; 332 Succ->markValid(true); 333 Stack.push(Succ); 334 } 335 } 336 } 337 338 // Any unnecessary fallthrough jumps revealed after calling eraseInvalidBBs 339 // will be cleaned up by fixBranches(). 340 std::pair<unsigned, uint64_t> 341 BinaryFunction::eraseInvalidBBs(const MCCodeEmitter *Emitter) { 342 DenseSet<const BinaryBasicBlock *> InvalidBBs; 343 unsigned Count = 0; 344 uint64_t Bytes = 0; 345 for (BinaryBasicBlock *const BB : BasicBlocks) { 346 if (!BB->isValid()) { 347 assert(!isEntryPoint(*BB) && "all entry blocks must be valid"); 348 InvalidBBs.insert(BB); 349 ++Count; 350 Bytes += BC.computeCodeSize(BB->begin(), BB->end(), Emitter); 351 } 352 } 353 354 Layout.eraseBasicBlocks(InvalidBBs); 355 356 BasicBlockListType NewBasicBlocks; 357 for (auto I = BasicBlocks.begin(), E = BasicBlocks.end(); I != E; ++I) { 358 BinaryBasicBlock *BB = *I; 359 if (InvalidBBs.contains(BB)) { 360 // Make sure the block is removed from the list of predecessors. 361 BB->removeAllSuccessors(); 362 DeletedBasicBlocks.push_back(BB); 363 } else { 364 NewBasicBlocks.push_back(BB); 365 } 366 } 367 BasicBlocks = std::move(NewBasicBlocks); 368 369 assert(BasicBlocks.size() == Layout.block_size()); 370 371 // Update CFG state if needed 372 if (Count > 0) 373 recomputeLandingPads(); 374 375 return std::make_pair(Count, Bytes); 376 } 377 378 bool BinaryFunction::isForwardCall(const MCSymbol *CalleeSymbol) const { 379 // This function should work properly before and after function reordering. 380 // In order to accomplish this, we use the function index (if it is valid). 381 // If the function indices are not valid, we fall back to the original 382 // addresses. This should be ok because the functions without valid indices 383 // should have been ordered with a stable sort. 384 const BinaryFunction *CalleeBF = BC.getFunctionForSymbol(CalleeSymbol); 385 if (CalleeBF) { 386 if (CalleeBF->isInjected()) 387 return true; 388 389 if (hasValidIndex() && CalleeBF->hasValidIndex()) { 390 return getIndex() < CalleeBF->getIndex(); 391 } else if (hasValidIndex() && !CalleeBF->hasValidIndex()) { 392 return true; 393 } else if (!hasValidIndex() && CalleeBF->hasValidIndex()) { 394 return false; 395 } else { 396 return getAddress() < CalleeBF->getAddress(); 397 } 398 } else { 399 // Absolute symbol. 400 ErrorOr<uint64_t> CalleeAddressOrError = BC.getSymbolValue(*CalleeSymbol); 401 assert(CalleeAddressOrError && "unregistered symbol found"); 402 return *CalleeAddressOrError > getAddress(); 403 } 404 } 405 406 void BinaryFunction::dump() const { 407 // getDynoStats calls FunctionLayout::updateLayoutIndices and 408 // BasicBlock::analyzeBranch. The former cannot be const, but should be 409 // removed, the latter should be made const, but seems to require refactoring. 410 // Forcing all callers to have a non-const reference to BinaryFunction to call 411 // dump non-const however is not ideal either. Adding this const_cast is right 412 // now the best solution. It is safe, because BinaryFunction itself is not 413 // modified. Only BinaryBasicBlocks are actually modified (if it all) and we 414 // have mutable pointers to those regardless whether this function is 415 // const-qualified or not. 416 const_cast<BinaryFunction &>(*this).print(dbgs(), ""); 417 } 418 419 void BinaryFunction::print(raw_ostream &OS, std::string Annotation) { 420 if (!opts::shouldPrint(*this)) 421 return; 422 423 StringRef SectionName = 424 OriginSection ? OriginSection->getName() : "<no origin section>"; 425 OS << "Binary Function \"" << *this << "\" " << Annotation << " {"; 426 std::vector<StringRef> AllNames = getNames(); 427 if (AllNames.size() > 1) { 428 OS << "\n All names : "; 429 const char *Sep = ""; 430 for (const StringRef &Name : AllNames) { 431 OS << Sep << Name; 432 Sep = "\n "; 433 } 434 } 435 OS << "\n Number : " << FunctionNumber; 436 OS << "\n State : " << CurrentState; 437 OS << "\n Address : 0x" << Twine::utohexstr(Address); 438 OS << "\n Size : 0x" << Twine::utohexstr(Size); 439 OS << "\n MaxSize : 0x" << Twine::utohexstr(MaxSize); 440 OS << "\n Offset : 0x" << Twine::utohexstr(getFileOffset()); 441 OS << "\n Section : " << SectionName; 442 OS << "\n Orc Section : " << getCodeSectionName(); 443 OS << "\n LSDA : 0x" << Twine::utohexstr(getLSDAAddress()); 444 OS << "\n IsSimple : " << IsSimple; 445 OS << "\n IsMultiEntry: " << isMultiEntry(); 446 OS << "\n IsSplit : " << isSplit(); 447 OS << "\n BB Count : " << size(); 448 449 if (HasUnknownControlFlow) 450 OS << "\n Unknown CF : true"; 451 if (getPersonalityFunction()) 452 OS << "\n Personality : " << getPersonalityFunction()->getName(); 453 if (IsFragment) 454 OS << "\n IsFragment : true"; 455 if (isFolded()) 456 OS << "\n FoldedInto : " << *getFoldedIntoFunction(); 457 for (BinaryFunction *ParentFragment : ParentFragments) 458 OS << "\n Parent : " << *ParentFragment; 459 if (!Fragments.empty()) { 460 OS << "\n Fragments : "; 461 ListSeparator LS; 462 for (BinaryFunction *Frag : Fragments) 463 OS << LS << *Frag; 464 } 465 if (hasCFG()) 466 OS << "\n Hash : " << Twine::utohexstr(computeHash()); 467 if (isMultiEntry()) { 468 OS << "\n Secondary Entry Points : "; 469 ListSeparator LS; 470 for (const auto &KV : SecondaryEntryPoints) 471 OS << LS << KV.second->getName(); 472 } 473 if (FrameInstructions.size()) 474 OS << "\n CFI Instrs : " << FrameInstructions.size(); 475 if (!Layout.block_empty()) { 476 OS << "\n BB Layout : "; 477 ListSeparator LS; 478 for (const BinaryBasicBlock *BB : Layout.blocks()) 479 OS << LS << BB->getName(); 480 } 481 if (getImageAddress()) 482 OS << "\n Image : 0x" << Twine::utohexstr(getImageAddress()); 483 if (ExecutionCount != COUNT_NO_PROFILE) { 484 OS << "\n Exec Count : " << ExecutionCount; 485 OS << "\n Branch Count: " << RawBranchCount; 486 OS << "\n Profile Acc : " << format("%.1f%%", ProfileMatchRatio * 100.0f); 487 } 488 489 if (opts::PrintDynoStats && !getLayout().block_empty()) { 490 OS << '\n'; 491 DynoStats dynoStats = getDynoStats(*this); 492 OS << dynoStats; 493 } 494 495 OS << "\n}\n"; 496 497 if (opts::PrintDynoStatsOnly || !BC.InstPrinter) 498 return; 499 500 // Offset of the instruction in function. 501 uint64_t Offset = 0; 502 503 if (BasicBlocks.empty() && !Instructions.empty()) { 504 // Print before CFG was built. 505 for (const std::pair<const uint32_t, MCInst> &II : Instructions) { 506 Offset = II.first; 507 508 // Print label if exists at this offset. 509 auto LI = Labels.find(Offset); 510 if (LI != Labels.end()) { 511 if (const MCSymbol *EntrySymbol = 512 getSecondaryEntryPointSymbol(LI->second)) 513 OS << EntrySymbol->getName() << " (Entry Point):\n"; 514 OS << LI->second->getName() << ":\n"; 515 } 516 517 BC.printInstruction(OS, II.second, Offset, this); 518 } 519 } 520 521 StringRef SplitPointMsg = ""; 522 for (const FunctionFragment &FF : Layout.fragments()) { 523 OS << SplitPointMsg; 524 SplitPointMsg = "------- HOT-COLD SPLIT POINT -------\n\n"; 525 for (const BinaryBasicBlock *BB : FF) { 526 OS << BB->getName() << " (" << BB->size() 527 << " instructions, align : " << BB->getAlignment() << ")\n"; 528 529 if (opts::PrintOutputAddressRange) 530 OS << formatv(" Output Address Range: [{0:x}, {1:x}) ({2} bytes)\n", 531 BB->getOutputAddressRange().first, 532 BB->getOutputAddressRange().second, BB->getOutputSize()); 533 534 if (isEntryPoint(*BB)) { 535 if (MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB)) 536 OS << " Secondary Entry Point: " << EntrySymbol->getName() << '\n'; 537 else 538 OS << " Entry Point\n"; 539 } 540 541 if (BB->isLandingPad()) 542 OS << " Landing Pad\n"; 543 544 uint64_t BBExecCount = BB->getExecutionCount(); 545 if (hasValidProfile()) { 546 OS << " Exec Count : "; 547 if (BB->getExecutionCount() != BinaryBasicBlock::COUNT_NO_PROFILE) 548 OS << BBExecCount << '\n'; 549 else 550 OS << "<unknown>\n"; 551 } 552 if (hasCFI()) 553 OS << " CFI State : " << BB->getCFIState() << '\n'; 554 if (opts::EnableBAT) { 555 OS << " Input offset: 0x" << Twine::utohexstr(BB->getInputOffset()) 556 << "\n"; 557 } 558 if (!BB->pred_empty()) { 559 OS << " Predecessors: "; 560 ListSeparator LS; 561 for (BinaryBasicBlock *Pred : BB->predecessors()) 562 OS << LS << Pred->getName(); 563 OS << '\n'; 564 } 565 if (!BB->throw_empty()) { 566 OS << " Throwers: "; 567 ListSeparator LS; 568 for (BinaryBasicBlock *Throw : BB->throwers()) 569 OS << LS << Throw->getName(); 570 OS << '\n'; 571 } 572 573 Offset = alignTo(Offset, BB->getAlignment()); 574 575 // Note: offsets are imprecise since this is happening prior to 576 // relaxation. 577 Offset = BC.printInstructions(OS, BB->begin(), BB->end(), Offset, this); 578 579 if (!BB->succ_empty()) { 580 OS << " Successors: "; 581 // For more than 2 successors, sort them based on frequency. 582 std::vector<uint64_t> Indices(BB->succ_size()); 583 std::iota(Indices.begin(), Indices.end(), 0); 584 if (BB->succ_size() > 2 && BB->getKnownExecutionCount()) { 585 llvm::stable_sort(Indices, [&](const uint64_t A, const uint64_t B) { 586 return BB->BranchInfo[B] < BB->BranchInfo[A]; 587 }); 588 } 589 ListSeparator LS; 590 for (unsigned I = 0; I < Indices.size(); ++I) { 591 BinaryBasicBlock *Succ = BB->Successors[Indices[I]]; 592 const BinaryBasicBlock::BinaryBranchInfo &BI = 593 BB->BranchInfo[Indices[I]]; 594 OS << LS << Succ->getName(); 595 if (ExecutionCount != COUNT_NO_PROFILE && 596 BI.MispredictedCount != BinaryBasicBlock::COUNT_INFERRED) { 597 OS << " (mispreds: " << BI.MispredictedCount 598 << ", count: " << BI.Count << ")"; 599 } else if (ExecutionCount != COUNT_NO_PROFILE && 600 BI.Count != BinaryBasicBlock::COUNT_NO_PROFILE) { 601 OS << " (inferred count: " << BI.Count << ")"; 602 } 603 } 604 OS << '\n'; 605 } 606 607 if (!BB->lp_empty()) { 608 OS << " Landing Pads: "; 609 ListSeparator LS; 610 for (BinaryBasicBlock *LP : BB->landing_pads()) { 611 OS << LS << LP->getName(); 612 if (ExecutionCount != COUNT_NO_PROFILE) { 613 OS << " (count: " << LP->getExecutionCount() << ")"; 614 } 615 } 616 OS << '\n'; 617 } 618 619 // In CFG_Finalized state we can miscalculate CFI state at exit. 620 if (CurrentState == State::CFG && hasCFI()) { 621 const int32_t CFIStateAtExit = BB->getCFIStateAtExit(); 622 if (CFIStateAtExit >= 0) 623 OS << " CFI State: " << CFIStateAtExit << '\n'; 624 } 625 626 OS << '\n'; 627 } 628 } 629 630 // Dump new exception ranges for the function. 631 if (!CallSites.empty()) { 632 OS << "EH table:\n"; 633 for (const FunctionFragment &FF : getLayout().fragments()) { 634 for (const auto &FCSI : getCallSites(FF.getFragmentNum())) { 635 const CallSite &CSI = FCSI.second; 636 OS << " [" << *CSI.Start << ", " << *CSI.End << ") landing pad : "; 637 if (CSI.LP) 638 OS << *CSI.LP; 639 else 640 OS << "0"; 641 OS << ", action : " << CSI.Action << '\n'; 642 } 643 } 644 OS << '\n'; 645 } 646 647 // Print all jump tables. 648 for (const std::pair<const uint64_t, JumpTable *> &JTI : JumpTables) 649 JTI.second->print(OS); 650 651 OS << "DWARF CFI Instructions:\n"; 652 if (OffsetToCFI.size()) { 653 // Pre-buildCFG information 654 for (const std::pair<const uint32_t, uint32_t> &Elmt : OffsetToCFI) { 655 OS << format(" %08x:\t", Elmt.first); 656 assert(Elmt.second < FrameInstructions.size() && "Incorrect CFI offset"); 657 BinaryContext::printCFI(OS, FrameInstructions[Elmt.second]); 658 OS << "\n"; 659 } 660 } else { 661 // Post-buildCFG information 662 for (uint32_t I = 0, E = FrameInstructions.size(); I != E; ++I) { 663 const MCCFIInstruction &CFI = FrameInstructions[I]; 664 OS << format(" %d:\t", I); 665 BinaryContext::printCFI(OS, CFI); 666 OS << "\n"; 667 } 668 } 669 if (FrameInstructions.empty()) 670 OS << " <empty>\n"; 671 672 OS << "End of Function \"" << *this << "\"\n\n"; 673 } 674 675 void BinaryFunction::printRelocations(raw_ostream &OS, uint64_t Offset, 676 uint64_t Size) const { 677 const char *Sep = " # Relocs: "; 678 679 auto RI = Relocations.lower_bound(Offset); 680 while (RI != Relocations.end() && RI->first < Offset + Size) { 681 OS << Sep << "(R: " << RI->second << ")"; 682 Sep = ", "; 683 ++RI; 684 } 685 } 686 687 static std::string mutateDWARFExpressionTargetReg(const MCCFIInstruction &Instr, 688 MCPhysReg NewReg) { 689 StringRef ExprBytes = Instr.getValues(); 690 assert(ExprBytes.size() > 1 && "DWARF expression CFI is too short"); 691 uint8_t Opcode = ExprBytes[0]; 692 assert((Opcode == dwarf::DW_CFA_expression || 693 Opcode == dwarf::DW_CFA_val_expression) && 694 "invalid DWARF expression CFI"); 695 (void)Opcode; 696 const uint8_t *const Start = 697 reinterpret_cast<const uint8_t *>(ExprBytes.drop_front(1).data()); 698 const uint8_t *const End = 699 reinterpret_cast<const uint8_t *>(Start + ExprBytes.size() - 1); 700 unsigned Size = 0; 701 decodeULEB128(Start, &Size, End); 702 assert(Size > 0 && "Invalid reg encoding for DWARF expression CFI"); 703 SmallString<8> Tmp; 704 raw_svector_ostream OSE(Tmp); 705 encodeULEB128(NewReg, OSE); 706 return Twine(ExprBytes.slice(0, 1)) 707 .concat(OSE.str()) 708 .concat(ExprBytes.drop_front(1 + Size)) 709 .str(); 710 } 711 712 void BinaryFunction::mutateCFIRegisterFor(const MCInst &Instr, 713 MCPhysReg NewReg) { 714 const MCCFIInstruction *OldCFI = getCFIFor(Instr); 715 assert(OldCFI && "invalid CFI instr"); 716 switch (OldCFI->getOperation()) { 717 default: 718 llvm_unreachable("Unexpected instruction"); 719 case MCCFIInstruction::OpDefCfa: 720 setCFIFor(Instr, MCCFIInstruction::cfiDefCfa(nullptr, NewReg, 721 OldCFI->getOffset())); 722 break; 723 case MCCFIInstruction::OpDefCfaRegister: 724 setCFIFor(Instr, MCCFIInstruction::createDefCfaRegister(nullptr, NewReg)); 725 break; 726 case MCCFIInstruction::OpOffset: 727 setCFIFor(Instr, MCCFIInstruction::createOffset(nullptr, NewReg, 728 OldCFI->getOffset())); 729 break; 730 case MCCFIInstruction::OpRegister: 731 setCFIFor(Instr, MCCFIInstruction::createRegister(nullptr, NewReg, 732 OldCFI->getRegister2())); 733 break; 734 case MCCFIInstruction::OpSameValue: 735 setCFIFor(Instr, MCCFIInstruction::createSameValue(nullptr, NewReg)); 736 break; 737 case MCCFIInstruction::OpEscape: 738 setCFIFor(Instr, 739 MCCFIInstruction::createEscape( 740 nullptr, 741 StringRef(mutateDWARFExpressionTargetReg(*OldCFI, NewReg)))); 742 break; 743 case MCCFIInstruction::OpRestore: 744 setCFIFor(Instr, MCCFIInstruction::createRestore(nullptr, NewReg)); 745 break; 746 case MCCFIInstruction::OpUndefined: 747 setCFIFor(Instr, MCCFIInstruction::createUndefined(nullptr, NewReg)); 748 break; 749 } 750 } 751 752 const MCCFIInstruction *BinaryFunction::mutateCFIOffsetFor(const MCInst &Instr, 753 int64_t NewOffset) { 754 const MCCFIInstruction *OldCFI = getCFIFor(Instr); 755 assert(OldCFI && "invalid CFI instr"); 756 switch (OldCFI->getOperation()) { 757 default: 758 llvm_unreachable("Unexpected instruction"); 759 case MCCFIInstruction::OpDefCfaOffset: 760 setCFIFor(Instr, MCCFIInstruction::cfiDefCfaOffset(nullptr, NewOffset)); 761 break; 762 case MCCFIInstruction::OpAdjustCfaOffset: 763 setCFIFor(Instr, 764 MCCFIInstruction::createAdjustCfaOffset(nullptr, NewOffset)); 765 break; 766 case MCCFIInstruction::OpDefCfa: 767 setCFIFor(Instr, MCCFIInstruction::cfiDefCfa(nullptr, OldCFI->getRegister(), 768 NewOffset)); 769 break; 770 case MCCFIInstruction::OpOffset: 771 setCFIFor(Instr, MCCFIInstruction::createOffset( 772 nullptr, OldCFI->getRegister(), NewOffset)); 773 break; 774 } 775 return getCFIFor(Instr); 776 } 777 778 IndirectBranchType 779 BinaryFunction::processIndirectBranch(MCInst &Instruction, unsigned Size, 780 uint64_t Offset, 781 uint64_t &TargetAddress) { 782 const unsigned PtrSize = BC.AsmInfo->getCodePointerSize(); 783 784 // The instruction referencing memory used by the branch instruction. 785 // It could be the branch instruction itself or one of the instructions 786 // setting the value of the register used by the branch. 787 MCInst *MemLocInstr; 788 789 // The instruction loading the fixed PIC jump table entry value. 790 MCInst *FixedEntryLoadInstr; 791 792 // Address of the table referenced by MemLocInstr. Could be either an 793 // array of function pointers, or a jump table. 794 uint64_t ArrayStart = 0; 795 796 unsigned BaseRegNum, IndexRegNum; 797 int64_t DispValue; 798 const MCExpr *DispExpr; 799 800 // In AArch, identify the instruction adding the PC-relative offset to 801 // jump table entries to correctly decode it. 802 MCInst *PCRelBaseInstr; 803 uint64_t PCRelAddr = 0; 804 805 auto Begin = Instructions.begin(); 806 if (BC.isAArch64()) { 807 PreserveNops = BC.HasRelocations; 808 // Start at the last label as an approximation of the current basic block. 809 // This is a heuristic, since the full set of labels have yet to be 810 // determined 811 for (const uint32_t Offset : 812 llvm::make_first_range(llvm::reverse(Labels))) { 813 auto II = Instructions.find(Offset); 814 if (II != Instructions.end()) { 815 Begin = II; 816 break; 817 } 818 } 819 } 820 821 IndirectBranchType BranchType = BC.MIB->analyzeIndirectBranch( 822 Instruction, Begin, Instructions.end(), PtrSize, MemLocInstr, BaseRegNum, 823 IndexRegNum, DispValue, DispExpr, PCRelBaseInstr, FixedEntryLoadInstr); 824 825 if (BranchType == IndirectBranchType::UNKNOWN && !MemLocInstr) 826 return BranchType; 827 828 if (MemLocInstr != &Instruction) 829 IndexRegNum = BC.MIB->getNoRegister(); 830 831 if (BC.isAArch64()) { 832 const MCSymbol *Sym = BC.MIB->getTargetSymbol(*PCRelBaseInstr, 1); 833 assert(Sym && "Symbol extraction failed"); 834 ErrorOr<uint64_t> SymValueOrError = BC.getSymbolValue(*Sym); 835 if (SymValueOrError) { 836 PCRelAddr = *SymValueOrError; 837 } else { 838 for (std::pair<const uint32_t, MCSymbol *> &Elmt : Labels) { 839 if (Elmt.second == Sym) { 840 PCRelAddr = Elmt.first + getAddress(); 841 break; 842 } 843 } 844 } 845 uint64_t InstrAddr = 0; 846 for (auto II = Instructions.rbegin(); II != Instructions.rend(); ++II) { 847 if (&II->second == PCRelBaseInstr) { 848 InstrAddr = II->first + getAddress(); 849 break; 850 } 851 } 852 assert(InstrAddr != 0 && "instruction not found"); 853 // We do this to avoid spurious references to code locations outside this 854 // function (for example, if the indirect jump lives in the last basic 855 // block of the function, it will create a reference to the next function). 856 // This replaces a symbol reference with an immediate. 857 BC.MIB->replaceMemOperandDisp(*PCRelBaseInstr, 858 MCOperand::createImm(PCRelAddr - InstrAddr)); 859 // FIXME: Disable full jump table processing for AArch64 until we have a 860 // proper way of determining the jump table limits. 861 return IndirectBranchType::UNKNOWN; 862 } 863 864 auto getExprValue = [&](const MCExpr *Expr) { 865 const MCSymbol *TargetSym; 866 uint64_t TargetOffset; 867 std::tie(TargetSym, TargetOffset) = BC.MIB->getTargetSymbolInfo(Expr); 868 ErrorOr<uint64_t> SymValueOrError = BC.getSymbolValue(*TargetSym); 869 assert(SymValueOrError && "Global symbol needs a value"); 870 return *SymValueOrError + TargetOffset; 871 }; 872 873 // RIP-relative addressing should be converted to symbol form by now 874 // in processed instructions (but not in jump). 875 if (DispExpr) { 876 ArrayStart = getExprValue(DispExpr); 877 BaseRegNum = BC.MIB->getNoRegister(); 878 if (BC.isAArch64()) { 879 ArrayStart &= ~0xFFFULL; 880 ArrayStart += DispValue & 0xFFFULL; 881 } 882 } else { 883 ArrayStart = static_cast<uint64_t>(DispValue); 884 } 885 886 if (BaseRegNum == BC.MRI->getProgramCounter()) 887 ArrayStart += getAddress() + Offset + Size; 888 889 if (FixedEntryLoadInstr) { 890 assert(BranchType == IndirectBranchType::POSSIBLE_PIC_FIXED_BRANCH && 891 "Invalid IndirectBranch type"); 892 MCInst::iterator FixedEntryDispOperand = 893 BC.MIB->getMemOperandDisp(*FixedEntryLoadInstr); 894 assert(FixedEntryDispOperand != FixedEntryLoadInstr->end() && 895 "Invalid memory instruction"); 896 const MCExpr *FixedEntryDispExpr = FixedEntryDispOperand->getExpr(); 897 const uint64_t EntryAddress = getExprValue(FixedEntryDispExpr); 898 uint64_t EntrySize = BC.getJumpTableEntrySize(JumpTable::JTT_PIC); 899 ErrorOr<int64_t> Value = 900 BC.getSignedValueAtAddress(EntryAddress, EntrySize); 901 if (!Value) 902 return IndirectBranchType::UNKNOWN; 903 904 BC.outs() << "BOLT-INFO: fixed PIC indirect branch detected in " << *this 905 << " at 0x" << Twine::utohexstr(getAddress() + Offset) 906 << " referencing data at 0x" << Twine::utohexstr(EntryAddress) 907 << " the destination value is 0x" 908 << Twine::utohexstr(ArrayStart + *Value) << '\n'; 909 910 TargetAddress = ArrayStart + *Value; 911 912 // Remove spurious JumpTable at EntryAddress caused by PIC reference from 913 // the load instruction. 914 BC.deleteJumpTable(EntryAddress); 915 916 // Replace FixedEntryDispExpr used in target address calculation with outer 917 // jump table reference. 918 JumpTable *JT = BC.getJumpTableContainingAddress(ArrayStart); 919 assert(JT && "Must have a containing jump table for PIC fixed branch"); 920 BC.MIB->replaceMemOperandDisp(*FixedEntryLoadInstr, JT->getFirstLabel(), 921 EntryAddress - ArrayStart, &*BC.Ctx); 922 923 return BranchType; 924 } 925 926 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: addressed memory is 0x" 927 << Twine::utohexstr(ArrayStart) << '\n'); 928 929 ErrorOr<BinarySection &> Section = BC.getSectionForAddress(ArrayStart); 930 if (!Section) { 931 // No section - possibly an absolute address. Since we don't allow 932 // internal function addresses to escape the function scope - we 933 // consider it a tail call. 934 if (opts::Verbosity >= 1) { 935 BC.errs() << "BOLT-WARNING: no section for address 0x" 936 << Twine::utohexstr(ArrayStart) << " referenced from function " 937 << *this << '\n'; 938 } 939 return IndirectBranchType::POSSIBLE_TAIL_CALL; 940 } 941 if (Section->isVirtual()) { 942 // The contents are filled at runtime. 943 return IndirectBranchType::POSSIBLE_TAIL_CALL; 944 } 945 946 if (BranchType == IndirectBranchType::POSSIBLE_FIXED_BRANCH) { 947 ErrorOr<uint64_t> Value = BC.getPointerAtAddress(ArrayStart); 948 if (!Value) 949 return IndirectBranchType::UNKNOWN; 950 951 if (BC.getSectionForAddress(ArrayStart)->isWritable()) 952 return IndirectBranchType::UNKNOWN; 953 954 BC.outs() << "BOLT-INFO: fixed indirect branch detected in " << *this 955 << " at 0x" << Twine::utohexstr(getAddress() + Offset) 956 << " referencing data at 0x" << Twine::utohexstr(ArrayStart) 957 << " the destination value is 0x" << Twine::utohexstr(*Value) 958 << '\n'; 959 960 TargetAddress = *Value; 961 return BranchType; 962 } 963 964 // Check if there's already a jump table registered at this address. 965 MemoryContentsType MemType; 966 if (JumpTable *JT = BC.getJumpTableContainingAddress(ArrayStart)) { 967 switch (JT->Type) { 968 case JumpTable::JTT_NORMAL: 969 MemType = MemoryContentsType::POSSIBLE_JUMP_TABLE; 970 break; 971 case JumpTable::JTT_PIC: 972 MemType = MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE; 973 break; 974 } 975 } else { 976 MemType = BC.analyzeMemoryAt(ArrayStart, *this); 977 } 978 979 // Check that jump table type in instruction pattern matches memory contents. 980 JumpTable::JumpTableType JTType; 981 if (BranchType == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE) { 982 if (MemType != MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE) 983 return IndirectBranchType::UNKNOWN; 984 JTType = JumpTable::JTT_PIC; 985 } else { 986 if (MemType == MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE) 987 return IndirectBranchType::UNKNOWN; 988 989 if (MemType == MemoryContentsType::UNKNOWN) 990 return IndirectBranchType::POSSIBLE_TAIL_CALL; 991 992 BranchType = IndirectBranchType::POSSIBLE_JUMP_TABLE; 993 JTType = JumpTable::JTT_NORMAL; 994 } 995 996 // Convert the instruction into jump table branch. 997 const MCSymbol *JTLabel = BC.getOrCreateJumpTable(*this, ArrayStart, JTType); 998 BC.MIB->replaceMemOperandDisp(*MemLocInstr, JTLabel, BC.Ctx.get()); 999 BC.MIB->setJumpTable(Instruction, ArrayStart, IndexRegNum); 1000 1001 JTSites.emplace_back(Offset, ArrayStart); 1002 1003 return BranchType; 1004 } 1005 1006 MCSymbol *BinaryFunction::getOrCreateLocalLabel(uint64_t Address, 1007 bool CreatePastEnd) { 1008 const uint64_t Offset = Address - getAddress(); 1009 1010 if ((Offset == getSize()) && CreatePastEnd) 1011 return getFunctionEndLabel(); 1012 1013 auto LI = Labels.find(Offset); 1014 if (LI != Labels.end()) 1015 return LI->second; 1016 1017 // For AArch64, check if this address is part of a constant island. 1018 if (BC.isAArch64()) { 1019 if (MCSymbol *IslandSym = getOrCreateIslandAccess(Address)) 1020 return IslandSym; 1021 } 1022 1023 MCSymbol *Label = BC.Ctx->createNamedTempSymbol(); 1024 Labels[Offset] = Label; 1025 1026 return Label; 1027 } 1028 1029 ErrorOr<ArrayRef<uint8_t>> BinaryFunction::getData() const { 1030 BinarySection &Section = *getOriginSection(); 1031 assert(Section.containsRange(getAddress(), getMaxSize()) && 1032 "wrong section for function"); 1033 1034 if (!Section.isText() || Section.isVirtual() || !Section.getSize()) 1035 return std::make_error_code(std::errc::bad_address); 1036 1037 StringRef SectionContents = Section.getContents(); 1038 1039 assert(SectionContents.size() == Section.getSize() && 1040 "section size mismatch"); 1041 1042 // Function offset from the section start. 1043 uint64_t Offset = getAddress() - Section.getAddress(); 1044 auto *Bytes = reinterpret_cast<const uint8_t *>(SectionContents.data()); 1045 return ArrayRef<uint8_t>(Bytes + Offset, getMaxSize()); 1046 } 1047 1048 size_t BinaryFunction::getSizeOfDataInCodeAt(uint64_t Offset) const { 1049 if (!Islands) 1050 return 0; 1051 1052 if (!llvm::is_contained(Islands->DataOffsets, Offset)) 1053 return 0; 1054 1055 auto Iter = Islands->CodeOffsets.upper_bound(Offset); 1056 if (Iter != Islands->CodeOffsets.end()) 1057 return *Iter - Offset; 1058 return getSize() - Offset; 1059 } 1060 1061 bool BinaryFunction::isZeroPaddingAt(uint64_t Offset) const { 1062 ArrayRef<uint8_t> FunctionData = *getData(); 1063 uint64_t EndOfCode = getSize(); 1064 if (Islands) { 1065 auto Iter = Islands->DataOffsets.upper_bound(Offset); 1066 if (Iter != Islands->DataOffsets.end()) 1067 EndOfCode = *Iter; 1068 } 1069 for (uint64_t I = Offset; I < EndOfCode; ++I) 1070 if (FunctionData[I] != 0) 1071 return false; 1072 1073 return true; 1074 } 1075 1076 Error BinaryFunction::handlePCRelOperand(MCInst &Instruction, uint64_t Address, 1077 uint64_t Size) { 1078 auto &MIB = BC.MIB; 1079 uint64_t TargetAddress = 0; 1080 if (!MIB->evaluateMemOperandTarget(Instruction, TargetAddress, Address, 1081 Size)) { 1082 std::string Msg; 1083 raw_string_ostream SS(Msg); 1084 SS << "BOLT-ERROR: PC-relative operand can't be evaluated:\n"; 1085 BC.InstPrinter->printInst(&Instruction, 0, "", *BC.STI, SS); 1086 SS << '\n'; 1087 Instruction.dump_pretty(SS, BC.InstPrinter.get()); 1088 SS << '\n'; 1089 SS << "BOLT-ERROR: cannot handle PC-relative operand at 0x" 1090 << Twine::utohexstr(Address) << ". Skipping function " << *this << ".\n"; 1091 if (BC.HasRelocations) 1092 return createFatalBOLTError(Msg); 1093 IsSimple = false; 1094 return createNonFatalBOLTError(Msg); 1095 } 1096 if (TargetAddress == 0 && opts::Verbosity >= 1) { 1097 BC.outs() << "BOLT-INFO: PC-relative operand is zero in function " << *this 1098 << '\n'; 1099 } 1100 1101 const MCSymbol *TargetSymbol; 1102 uint64_t TargetOffset; 1103 std::tie(TargetSymbol, TargetOffset) = 1104 BC.handleAddressRef(TargetAddress, *this, /*IsPCRel*/ true); 1105 1106 bool ReplaceSuccess = MIB->replaceMemOperandDisp( 1107 Instruction, TargetSymbol, static_cast<int64_t>(TargetOffset), &*BC.Ctx); 1108 (void)ReplaceSuccess; 1109 assert(ReplaceSuccess && "Failed to replace mem operand with symbol+off."); 1110 return Error::success(); 1111 } 1112 1113 MCSymbol *BinaryFunction::handleExternalReference(MCInst &Instruction, 1114 uint64_t Size, 1115 uint64_t Offset, 1116 uint64_t TargetAddress, 1117 bool &IsCall) { 1118 auto &MIB = BC.MIB; 1119 1120 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1121 BC.addInterproceduralReference(this, TargetAddress); 1122 if (opts::Verbosity >= 2 && !IsCall && Size == 2 && !BC.HasRelocations) { 1123 BC.errs() << "BOLT-WARNING: relaxed tail call detected at 0x" 1124 << Twine::utohexstr(AbsoluteInstrAddr) << " in function " << *this 1125 << ". Code size will be increased.\n"; 1126 } 1127 1128 assert(!MIB->isTailCall(Instruction) && 1129 "synthetic tail call instruction found"); 1130 1131 // This is a call regardless of the opcode. 1132 // Assign proper opcode for tail calls, so that they could be 1133 // treated as calls. 1134 if (!IsCall) { 1135 if (!MIB->convertJmpToTailCall(Instruction)) { 1136 assert(MIB->isConditionalBranch(Instruction) && 1137 "unknown tail call instruction"); 1138 if (opts::Verbosity >= 2) { 1139 BC.errs() << "BOLT-WARNING: conditional tail call detected in " 1140 << "function " << *this << " at 0x" 1141 << Twine::utohexstr(AbsoluteInstrAddr) << ".\n"; 1142 } 1143 } 1144 IsCall = true; 1145 } 1146 1147 if (opts::Verbosity >= 2 && TargetAddress == 0) { 1148 // We actually see calls to address 0 in presence of weak 1149 // symbols originating from libraries. This code is never meant 1150 // to be executed. 1151 BC.outs() << "BOLT-INFO: Function " << *this 1152 << " has a call to address zero.\n"; 1153 } 1154 1155 return BC.getOrCreateGlobalSymbol(TargetAddress, "FUNCat"); 1156 } 1157 1158 void BinaryFunction::handleIndirectBranch(MCInst &Instruction, uint64_t Size, 1159 uint64_t Offset) { 1160 auto &MIB = BC.MIB; 1161 uint64_t IndirectTarget = 0; 1162 IndirectBranchType Result = 1163 processIndirectBranch(Instruction, Size, Offset, IndirectTarget); 1164 switch (Result) { 1165 default: 1166 llvm_unreachable("unexpected result"); 1167 case IndirectBranchType::POSSIBLE_TAIL_CALL: { 1168 bool Result = MIB->convertJmpToTailCall(Instruction); 1169 (void)Result; 1170 assert(Result); 1171 break; 1172 } 1173 case IndirectBranchType::POSSIBLE_JUMP_TABLE: 1174 case IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE: 1175 case IndirectBranchType::POSSIBLE_PIC_FIXED_BRANCH: 1176 if (opts::JumpTables == JTS_NONE) 1177 IsSimple = false; 1178 break; 1179 case IndirectBranchType::POSSIBLE_FIXED_BRANCH: { 1180 if (containsAddress(IndirectTarget)) { 1181 const MCSymbol *TargetSymbol = getOrCreateLocalLabel(IndirectTarget); 1182 Instruction.clear(); 1183 MIB->createUncondBranch(Instruction, TargetSymbol, BC.Ctx.get()); 1184 TakenBranches.emplace_back(Offset, IndirectTarget - getAddress()); 1185 addEntryPointAtOffset(IndirectTarget - getAddress()); 1186 } else { 1187 MIB->convertJmpToTailCall(Instruction); 1188 BC.addInterproceduralReference(this, IndirectTarget); 1189 } 1190 break; 1191 } 1192 case IndirectBranchType::UNKNOWN: 1193 // Keep processing. We'll do more checks and fixes in 1194 // postProcessIndirectBranches(). 1195 UnknownIndirectBranchOffsets.emplace(Offset); 1196 break; 1197 } 1198 } 1199 1200 void BinaryFunction::handleAArch64IndirectCall(MCInst &Instruction, 1201 const uint64_t Offset) { 1202 auto &MIB = BC.MIB; 1203 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1204 MCInst *TargetHiBits, *TargetLowBits; 1205 uint64_t TargetAddress, Count; 1206 Count = MIB->matchLinkerVeneer(Instructions.begin(), Instructions.end(), 1207 AbsoluteInstrAddr, Instruction, TargetHiBits, 1208 TargetLowBits, TargetAddress); 1209 if (Count) { 1210 MIB->addAnnotation(Instruction, "AArch64Veneer", true); 1211 --Count; 1212 for (auto It = std::prev(Instructions.end()); Count != 0; 1213 It = std::prev(It), --Count) { 1214 MIB->addAnnotation(It->second, "AArch64Veneer", true); 1215 } 1216 1217 BC.addAdrpAddRelocAArch64(*this, *TargetLowBits, *TargetHiBits, 1218 TargetAddress); 1219 } 1220 } 1221 1222 std::optional<MCInst> 1223 BinaryFunction::disassembleInstructionAtOffset(uint64_t Offset) const { 1224 assert(CurrentState == State::Empty && "Function should not be disassembled"); 1225 assert(Offset < MaxSize && "Invalid offset"); 1226 ErrorOr<ArrayRef<unsigned char>> FunctionData = getData(); 1227 assert(FunctionData && "Cannot get function as data"); 1228 MCInst Instr; 1229 uint64_t InstrSize = 0; 1230 const uint64_t InstrAddress = getAddress() + Offset; 1231 if (BC.DisAsm->getInstruction(Instr, InstrSize, FunctionData->slice(Offset), 1232 InstrAddress, nulls())) 1233 return Instr; 1234 return std::nullopt; 1235 } 1236 1237 Error BinaryFunction::disassemble() { 1238 NamedRegionTimer T("disassemble", "Disassemble function", "buildfuncs", 1239 "Build Binary Functions", opts::TimeBuild); 1240 ErrorOr<ArrayRef<uint8_t>> ErrorOrFunctionData = getData(); 1241 assert(ErrorOrFunctionData && "function data is not available"); 1242 ArrayRef<uint8_t> FunctionData = *ErrorOrFunctionData; 1243 assert(FunctionData.size() == getMaxSize() && 1244 "function size does not match raw data size"); 1245 1246 auto &Ctx = BC.Ctx; 1247 auto &MIB = BC.MIB; 1248 1249 BC.SymbolicDisAsm->setSymbolizer(MIB->createTargetSymbolizer(*this)); 1250 1251 // Insert a label at the beginning of the function. This will be our first 1252 // basic block. 1253 Labels[0] = Ctx->createNamedTempSymbol("BB0"); 1254 1255 // Map offsets in the function to a label that should always point to the 1256 // corresponding instruction. This is used for labels that shouldn't point to 1257 // the start of a basic block but always to a specific instruction. This is 1258 // used, for example, on RISC-V where %pcrel_lo relocations point to the 1259 // corresponding %pcrel_hi. 1260 LabelsMapType InstructionLabels; 1261 1262 uint64_t Size = 0; // instruction size 1263 for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) { 1264 MCInst Instruction; 1265 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1266 1267 // Check for data inside code and ignore it 1268 if (const size_t DataInCodeSize = getSizeOfDataInCodeAt(Offset)) { 1269 Size = DataInCodeSize; 1270 continue; 1271 } 1272 1273 if (!BC.SymbolicDisAsm->getInstruction(Instruction, Size, 1274 FunctionData.slice(Offset), 1275 AbsoluteInstrAddr, nulls())) { 1276 // Functions with "soft" boundaries, e.g. coming from assembly source, 1277 // can have 0-byte padding at the end. 1278 if (isZeroPaddingAt(Offset)) 1279 break; 1280 1281 BC.errs() 1282 << "BOLT-WARNING: unable to disassemble instruction at offset 0x" 1283 << Twine::utohexstr(Offset) << " (address 0x" 1284 << Twine::utohexstr(AbsoluteInstrAddr) << ") in function " << *this 1285 << '\n'; 1286 // Some AVX-512 instructions could not be disassembled at all. 1287 if (BC.HasRelocations && opts::TrapOnAVX512 && BC.isX86()) { 1288 setTrapOnEntry(); 1289 BC.TrappedFunctions.push_back(this); 1290 } else { 1291 setIgnored(); 1292 } 1293 1294 break; 1295 } 1296 1297 // Check integrity of LLVM assembler/disassembler. 1298 if (opts::CheckEncoding && !BC.MIB->isBranch(Instruction) && 1299 !BC.MIB->isCall(Instruction) && !BC.MIB->isNoop(Instruction)) { 1300 if (!BC.validateInstructionEncoding(FunctionData.slice(Offset, Size))) { 1301 BC.errs() << "BOLT-WARNING: mismatching LLVM encoding detected in " 1302 << "function " << *this << " for instruction :\n"; 1303 BC.printInstruction(BC.errs(), Instruction, AbsoluteInstrAddr); 1304 BC.errs() << '\n'; 1305 } 1306 } 1307 1308 // Special handling for AVX-512 instructions. 1309 if (MIB->hasEVEXEncoding(Instruction)) { 1310 if (BC.HasRelocations && opts::TrapOnAVX512) { 1311 setTrapOnEntry(); 1312 BC.TrappedFunctions.push_back(this); 1313 break; 1314 } 1315 1316 if (!BC.validateInstructionEncoding(FunctionData.slice(Offset, Size))) { 1317 BC.errs() << "BOLT-WARNING: internal assembler/disassembler error " 1318 "detected for AVX512 instruction:\n"; 1319 BC.printInstruction(BC.errs(), Instruction, AbsoluteInstrAddr); 1320 BC.errs() << " in function " << *this << '\n'; 1321 setIgnored(); 1322 break; 1323 } 1324 } 1325 1326 bool IsUnsupported = BC.MIB->isUnsupportedInstruction(Instruction); 1327 if (IsUnsupported) 1328 setIgnored(); 1329 1330 if (MIB->isBranch(Instruction) || MIB->isCall(Instruction)) { 1331 uint64_t TargetAddress = 0; 1332 if (MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size, 1333 TargetAddress)) { 1334 // Check if the target is within the same function. Otherwise it's 1335 // a call, possibly a tail call. 1336 // 1337 // If the target *is* the function address it could be either a branch 1338 // or a recursive call. 1339 bool IsCall = MIB->isCall(Instruction); 1340 const bool IsCondBranch = MIB->isConditionalBranch(Instruction); 1341 MCSymbol *TargetSymbol = nullptr; 1342 1343 if (IsUnsupported) 1344 if (auto *TargetFunc = 1345 BC.getBinaryFunctionContainingAddress(TargetAddress)) 1346 TargetFunc->setIgnored(); 1347 1348 if (IsCall && TargetAddress == getAddress()) { 1349 // A recursive call. Calls to internal blocks are handled by 1350 // ValidateInternalCalls pass. 1351 TargetSymbol = getSymbol(); 1352 } 1353 1354 if (!TargetSymbol) { 1355 // Create either local label or external symbol. 1356 if (containsAddress(TargetAddress)) { 1357 TargetSymbol = getOrCreateLocalLabel(TargetAddress); 1358 } else { 1359 if (TargetAddress == getAddress() + getSize() && 1360 TargetAddress < getAddress() + getMaxSize() && 1361 !(BC.isAArch64() && 1362 BC.handleAArch64Veneer(TargetAddress, /*MatchOnly*/ true))) { 1363 // Result of __builtin_unreachable(). 1364 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: jump past end detected at 0x" 1365 << Twine::utohexstr(AbsoluteInstrAddr) 1366 << " in function " << *this 1367 << " : replacing with nop.\n"); 1368 BC.MIB->createNoop(Instruction); 1369 if (IsCondBranch) { 1370 // Register branch offset for profile validation. 1371 IgnoredBranches.emplace_back(Offset, Offset + Size); 1372 } 1373 goto add_instruction; 1374 } 1375 // May update Instruction and IsCall 1376 TargetSymbol = handleExternalReference(Instruction, Size, Offset, 1377 TargetAddress, IsCall); 1378 } 1379 } 1380 1381 if (!IsCall) { 1382 // Add taken branch info. 1383 TakenBranches.emplace_back(Offset, TargetAddress - getAddress()); 1384 } 1385 BC.MIB->replaceBranchTarget(Instruction, TargetSymbol, &*Ctx); 1386 1387 // Mark CTC. 1388 if (IsCondBranch && IsCall) 1389 MIB->setConditionalTailCall(Instruction, TargetAddress); 1390 } else { 1391 // Could not evaluate branch. Should be an indirect call or an 1392 // indirect branch. Bail out on the latter case. 1393 if (MIB->isIndirectBranch(Instruction)) 1394 handleIndirectBranch(Instruction, Size, Offset); 1395 // Indirect call. We only need to fix it if the operand is RIP-relative. 1396 if (IsSimple && MIB->hasPCRelOperand(Instruction)) { 1397 if (auto NewE = handleErrors( 1398 handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size), 1399 [&](const BOLTError &E) -> Error { 1400 if (E.isFatal()) 1401 return Error(std::make_unique<BOLTError>(std::move(E))); 1402 if (!E.getMessage().empty()) 1403 E.log(BC.errs()); 1404 return Error::success(); 1405 })) { 1406 return Error(std::move(NewE)); 1407 } 1408 } 1409 1410 if (BC.isAArch64()) 1411 handleAArch64IndirectCall(Instruction, Offset); 1412 } 1413 } else if (BC.isAArch64() || BC.isRISCV()) { 1414 // Check if there's a relocation associated with this instruction. 1415 bool UsedReloc = false; 1416 for (auto Itr = Relocations.lower_bound(Offset), 1417 ItrE = Relocations.lower_bound(Offset + Size); 1418 Itr != ItrE; ++Itr) { 1419 const Relocation &Relocation = Itr->second; 1420 MCSymbol *Symbol = Relocation.Symbol; 1421 1422 if (Relocation::isInstructionReference(Relocation.Type)) { 1423 uint64_t RefOffset = Relocation.Value - getAddress(); 1424 LabelsMapType::iterator LI = InstructionLabels.find(RefOffset); 1425 1426 if (LI == InstructionLabels.end()) { 1427 Symbol = BC.Ctx->createNamedTempSymbol(); 1428 InstructionLabels.emplace(RefOffset, Symbol); 1429 } else { 1430 Symbol = LI->second; 1431 } 1432 } 1433 1434 int64_t Value = Relocation.Value; 1435 const bool Result = BC.MIB->replaceImmWithSymbolRef( 1436 Instruction, Symbol, Relocation.Addend, Ctx.get(), Value, 1437 Relocation.Type); 1438 (void)Result; 1439 assert(Result && "cannot replace immediate with relocation"); 1440 1441 // For aarch64, if we replaced an immediate with a symbol from a 1442 // relocation, we mark it so we do not try to further process a 1443 // pc-relative operand. All we need is the symbol. 1444 UsedReloc = true; 1445 } 1446 1447 if (!BC.isRISCV() && MIB->hasPCRelOperand(Instruction) && !UsedReloc) { 1448 if (auto NewE = handleErrors( 1449 handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size), 1450 [&](const BOLTError &E) -> Error { 1451 if (E.isFatal()) 1452 return Error(std::make_unique<BOLTError>(std::move(E))); 1453 if (!E.getMessage().empty()) 1454 E.log(BC.errs()); 1455 return Error::success(); 1456 })) 1457 return Error(std::move(NewE)); 1458 } 1459 } 1460 1461 add_instruction: 1462 if (getDWARFLineTable()) { 1463 Instruction.setLoc(findDebugLineInformationForInstructionAt( 1464 AbsoluteInstrAddr, getDWARFUnit(), getDWARFLineTable())); 1465 } 1466 1467 // Record offset of the instruction for profile matching. 1468 if (BC.keepOffsetForInstruction(Instruction)) 1469 MIB->setOffset(Instruction, static_cast<uint32_t>(Offset)); 1470 1471 if (BC.isX86() && BC.MIB->isNoop(Instruction)) { 1472 // NOTE: disassembly loses the correct size information for noops on x86. 1473 // E.g. nopw 0x0(%rax,%rax,1) is 9 bytes, but re-encoded it's only 1474 // 5 bytes. Preserve the size info using annotations. 1475 MIB->setSize(Instruction, Size); 1476 } 1477 1478 addInstruction(Offset, std::move(Instruction)); 1479 } 1480 1481 for (auto [Offset, Label] : InstructionLabels) { 1482 InstrMapType::iterator II = Instructions.find(Offset); 1483 assert(II != Instructions.end() && "reference to non-existing instruction"); 1484 1485 BC.MIB->setInstLabel(II->second, Label); 1486 } 1487 1488 // Reset symbolizer for the disassembler. 1489 BC.SymbolicDisAsm->setSymbolizer(nullptr); 1490 1491 if (uint64_t Offset = getFirstInstructionOffset()) 1492 Labels[Offset] = BC.Ctx->createNamedTempSymbol(); 1493 1494 clearList(Relocations); 1495 1496 if (!IsSimple) { 1497 clearList(Instructions); 1498 return createNonFatalBOLTError(""); 1499 } 1500 1501 updateState(State::Disassembled); 1502 1503 return Error::success(); 1504 } 1505 1506 MCSymbol *BinaryFunction::registerBranch(uint64_t Src, uint64_t Dst) { 1507 assert(CurrentState == State::Disassembled && 1508 "Cannot register branch unless function is in disassembled state."); 1509 assert(containsAddress(Src) && containsAddress(Dst) && 1510 "Cannot register external branch."); 1511 MCSymbol *Target = getOrCreateLocalLabel(Dst); 1512 TakenBranches.emplace_back(Src - getAddress(), Dst - getAddress()); 1513 return Target; 1514 } 1515 1516 bool BinaryFunction::scanExternalRefs() { 1517 bool Success = true; 1518 bool DisassemblyFailed = false; 1519 1520 // Ignore pseudo functions. 1521 if (isPseudo()) 1522 return Success; 1523 1524 if (opts::NoScan) { 1525 clearList(Relocations); 1526 clearList(ExternallyReferencedOffsets); 1527 1528 return false; 1529 } 1530 1531 // List of external references for this function. 1532 std::vector<Relocation> FunctionRelocations; 1533 1534 static BinaryContext::IndependentCodeEmitter Emitter = 1535 BC.createIndependentMCCodeEmitter(); 1536 1537 ErrorOr<ArrayRef<uint8_t>> ErrorOrFunctionData = getData(); 1538 assert(ErrorOrFunctionData && "function data is not available"); 1539 ArrayRef<uint8_t> FunctionData = *ErrorOrFunctionData; 1540 assert(FunctionData.size() == getMaxSize() && 1541 "function size does not match raw data size"); 1542 1543 BC.SymbolicDisAsm->setSymbolizer( 1544 BC.MIB->createTargetSymbolizer(*this, /*CreateSymbols*/ false)); 1545 1546 // Disassemble contents of the function. Detect code entry points and create 1547 // relocations for references to code that will be moved. 1548 uint64_t Size = 0; // instruction size 1549 for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) { 1550 // Check for data inside code and ignore it 1551 if (const size_t DataInCodeSize = getSizeOfDataInCodeAt(Offset)) { 1552 Size = DataInCodeSize; 1553 continue; 1554 } 1555 1556 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1557 MCInst Instruction; 1558 if (!BC.SymbolicDisAsm->getInstruction(Instruction, Size, 1559 FunctionData.slice(Offset), 1560 AbsoluteInstrAddr, nulls())) { 1561 if (opts::Verbosity >= 1 && !isZeroPaddingAt(Offset)) { 1562 BC.errs() 1563 << "BOLT-WARNING: unable to disassemble instruction at offset 0x" 1564 << Twine::utohexstr(Offset) << " (address 0x" 1565 << Twine::utohexstr(AbsoluteInstrAddr) << ") in function " << *this 1566 << '\n'; 1567 } 1568 Success = false; 1569 DisassemblyFailed = true; 1570 break; 1571 } 1572 1573 // Return true if we can skip handling the Target function reference. 1574 auto ignoreFunctionRef = [&](const BinaryFunction &Target) { 1575 if (&Target == this) 1576 return true; 1577 1578 // Note that later we may decide not to emit Target function. In that 1579 // case, we conservatively create references that will be ignored or 1580 // resolved to the same function. 1581 if (!BC.shouldEmit(Target)) 1582 return true; 1583 1584 return false; 1585 }; 1586 1587 // Return true if we can ignore reference to the symbol. 1588 auto ignoreReference = [&](const MCSymbol *TargetSymbol) { 1589 if (!TargetSymbol) 1590 return true; 1591 1592 if (BC.forceSymbolRelocations(TargetSymbol->getName())) 1593 return false; 1594 1595 BinaryFunction *TargetFunction = BC.getFunctionForSymbol(TargetSymbol); 1596 if (!TargetFunction) 1597 return true; 1598 1599 return ignoreFunctionRef(*TargetFunction); 1600 }; 1601 1602 // Handle calls and branches separately as symbolization doesn't work for 1603 // them yet. 1604 MCSymbol *BranchTargetSymbol = nullptr; 1605 if (BC.MIB->isCall(Instruction) || BC.MIB->isBranch(Instruction)) { 1606 uint64_t TargetAddress = 0; 1607 BC.MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size, 1608 TargetAddress); 1609 1610 // Create an entry point at reference address if needed. 1611 BinaryFunction *TargetFunction = 1612 BC.getBinaryFunctionContainingAddress(TargetAddress); 1613 1614 if (!TargetFunction || ignoreFunctionRef(*TargetFunction)) 1615 continue; 1616 1617 const uint64_t FunctionOffset = 1618 TargetAddress - TargetFunction->getAddress(); 1619 BranchTargetSymbol = 1620 FunctionOffset ? TargetFunction->addEntryPointAtOffset(FunctionOffset) 1621 : TargetFunction->getSymbol(); 1622 } 1623 1624 // Can't find more references. Not creating relocations since we are not 1625 // moving code. 1626 if (!BC.HasRelocations) 1627 continue; 1628 1629 if (BranchTargetSymbol) { 1630 BC.MIB->replaceBranchTarget(Instruction, BranchTargetSymbol, 1631 Emitter.LocalCtx.get()); 1632 } else if (!llvm::any_of(Instruction, 1633 [](const MCOperand &Op) { return Op.isExpr(); })) { 1634 // Skip assembly if the instruction may not have any symbolic operands. 1635 continue; 1636 } 1637 1638 // Emit the instruction using temp emitter and generate relocations. 1639 SmallString<256> Code; 1640 SmallVector<MCFixup, 4> Fixups; 1641 Emitter.MCE->encodeInstruction(Instruction, Code, Fixups, *BC.STI); 1642 1643 // Create relocation for every fixup. 1644 for (const MCFixup &Fixup : Fixups) { 1645 std::optional<Relocation> Rel = BC.MIB->createRelocation(Fixup, *BC.MAB); 1646 if (!Rel) { 1647 Success = false; 1648 continue; 1649 } 1650 1651 if (ignoreReference(Rel->Symbol)) 1652 continue; 1653 1654 if (Relocation::getSizeForType(Rel->Type) < 4) { 1655 // If the instruction uses a short form, then we might not be able 1656 // to handle the rewrite without relaxation, and hence cannot reliably 1657 // create an external reference relocation. 1658 Success = false; 1659 continue; 1660 } 1661 Rel->Offset += getAddress() - getOriginSection()->getAddress() + Offset; 1662 FunctionRelocations.push_back(*Rel); 1663 } 1664 1665 if (!Success) 1666 break; 1667 } 1668 1669 // Reset symbolizer for the disassembler. 1670 BC.SymbolicDisAsm->setSymbolizer(nullptr); 1671 1672 // Add relocations unless disassembly failed for this function. 1673 if (!DisassemblyFailed) 1674 for (Relocation &Rel : FunctionRelocations) 1675 getOriginSection()->addPendingRelocation(Rel); 1676 1677 // Inform BinaryContext that this function symbols will not be defined and 1678 // relocations should not be created against them. 1679 if (BC.HasRelocations) { 1680 for (std::pair<const uint32_t, MCSymbol *> &LI : Labels) 1681 BC.UndefinedSymbols.insert(LI.second); 1682 for (MCSymbol *const EndLabel : FunctionEndLabels) 1683 if (EndLabel) 1684 BC.UndefinedSymbols.insert(EndLabel); 1685 } 1686 1687 clearList(Relocations); 1688 clearList(ExternallyReferencedOffsets); 1689 1690 if (Success && BC.HasRelocations) 1691 HasExternalRefRelocations = true; 1692 1693 if (opts::Verbosity >= 1 && !Success) 1694 BC.outs() << "BOLT-INFO: failed to scan refs for " << *this << '\n'; 1695 1696 return Success; 1697 } 1698 1699 void BinaryFunction::postProcessEntryPoints() { 1700 if (!isSimple()) 1701 return; 1702 1703 for (auto &KV : Labels) { 1704 MCSymbol *Label = KV.second; 1705 if (!getSecondaryEntryPointSymbol(Label)) 1706 continue; 1707 1708 // In non-relocation mode there's potentially an external undetectable 1709 // reference to the entry point and hence we cannot move this entry 1710 // point. Optimizing without moving could be difficult. 1711 // In BAT mode, register any known entry points for CFG construction. 1712 if (!BC.HasRelocations && !BC.HasBATSection) 1713 setSimple(false); 1714 1715 const uint32_t Offset = KV.first; 1716 1717 // If we are at Offset 0 and there is no instruction associated with it, 1718 // this means this is an empty function. Just ignore. If we find an 1719 // instruction at this offset, this entry point is valid. 1720 if (!Offset || getInstructionAtOffset(Offset)) 1721 continue; 1722 1723 // On AArch64 there are legitimate reasons to have references past the 1724 // end of the function, e.g. jump tables. 1725 if (BC.isAArch64() && Offset == getSize()) 1726 continue; 1727 1728 BC.errs() << "BOLT-WARNING: reference in the middle of instruction " 1729 "detected in function " 1730 << *this << " at offset 0x" << Twine::utohexstr(Offset) << '\n'; 1731 if (BC.HasRelocations) 1732 setIgnored(); 1733 setSimple(false); 1734 return; 1735 } 1736 } 1737 1738 void BinaryFunction::postProcessJumpTables() { 1739 // Create labels for all entries. 1740 for (auto &JTI : JumpTables) { 1741 JumpTable &JT = *JTI.second; 1742 if (JT.Type == JumpTable::JTT_PIC && opts::JumpTables == JTS_BASIC) { 1743 opts::JumpTables = JTS_MOVE; 1744 BC.outs() << "BOLT-INFO: forcing -jump-tables=move as PIC jump table was " 1745 "detected in function " 1746 << *this << '\n'; 1747 } 1748 const uint64_t BDSize = 1749 BC.getBinaryDataAtAddress(JT.getAddress())->getSize(); 1750 if (!BDSize) { 1751 BC.setBinaryDataSize(JT.getAddress(), JT.getSize()); 1752 } else { 1753 assert(BDSize >= JT.getSize() && 1754 "jump table cannot be larger than the containing object"); 1755 } 1756 if (!JT.Entries.empty()) 1757 continue; 1758 1759 bool HasOneParent = (JT.Parents.size() == 1); 1760 for (uint64_t EntryAddress : JT.EntriesAsAddress) { 1761 // builtin_unreachable does not belong to any function 1762 // Need to handle separately 1763 bool IsBuiltinUnreachable = 1764 llvm::any_of(JT.Parents, [&](const BinaryFunction *Parent) { 1765 return EntryAddress == Parent->getAddress() + Parent->getSize(); 1766 }); 1767 if (IsBuiltinUnreachable) { 1768 MCSymbol *Label = getOrCreateLocalLabel(EntryAddress, true); 1769 JT.Entries.push_back(Label); 1770 continue; 1771 } 1772 // Create a local label for targets that cannot be reached by other 1773 // fragments. Otherwise, create a secondary entry point in the target 1774 // function. 1775 BinaryFunction *TargetBF = 1776 BC.getBinaryFunctionContainingAddress(EntryAddress); 1777 MCSymbol *Label; 1778 if (HasOneParent && TargetBF == this) { 1779 Label = getOrCreateLocalLabel(EntryAddress, true); 1780 } else { 1781 const uint64_t Offset = EntryAddress - TargetBF->getAddress(); 1782 Label = Offset ? TargetBF->addEntryPointAtOffset(Offset) 1783 : TargetBF->getSymbol(); 1784 } 1785 JT.Entries.push_back(Label); 1786 } 1787 } 1788 1789 // Add TakenBranches from JumpTables. 1790 // 1791 // We want to do it after initial processing since we don't know jump tables' 1792 // boundaries until we process them all. 1793 for (auto &JTSite : JTSites) { 1794 const uint64_t JTSiteOffset = JTSite.first; 1795 const uint64_t JTAddress = JTSite.second; 1796 const JumpTable *JT = getJumpTableContainingAddress(JTAddress); 1797 assert(JT && "cannot find jump table for address"); 1798 1799 uint64_t EntryOffset = JTAddress - JT->getAddress(); 1800 while (EntryOffset < JT->getSize()) { 1801 uint64_t EntryAddress = JT->EntriesAsAddress[EntryOffset / JT->EntrySize]; 1802 uint64_t TargetOffset = EntryAddress - getAddress(); 1803 if (TargetOffset < getSize()) { 1804 TakenBranches.emplace_back(JTSiteOffset, TargetOffset); 1805 1806 if (opts::StrictMode) 1807 registerReferencedOffset(TargetOffset); 1808 } 1809 1810 EntryOffset += JT->EntrySize; 1811 1812 // A label at the next entry means the end of this jump table. 1813 if (JT->Labels.count(EntryOffset)) 1814 break; 1815 } 1816 } 1817 clearList(JTSites); 1818 1819 // Conservatively populate all possible destinations for unknown indirect 1820 // branches. 1821 if (opts::StrictMode && hasInternalReference()) { 1822 for (uint64_t Offset : UnknownIndirectBranchOffsets) { 1823 for (uint64_t PossibleDestination : ExternallyReferencedOffsets) { 1824 // Ignore __builtin_unreachable(). 1825 if (PossibleDestination == getSize()) 1826 continue; 1827 TakenBranches.emplace_back(Offset, PossibleDestination); 1828 } 1829 } 1830 } 1831 } 1832 1833 bool BinaryFunction::validateExternallyReferencedOffsets() { 1834 SmallPtrSet<MCSymbol *, 4> JTTargets; 1835 for (const JumpTable *JT : llvm::make_second_range(JumpTables)) 1836 JTTargets.insert(JT->Entries.begin(), JT->Entries.end()); 1837 1838 bool HasUnclaimedReference = false; 1839 for (uint64_t Destination : ExternallyReferencedOffsets) { 1840 // Ignore __builtin_unreachable(). 1841 if (Destination == getSize()) 1842 continue; 1843 // Ignore constant islands 1844 if (isInConstantIsland(Destination + getAddress())) 1845 continue; 1846 1847 if (BinaryBasicBlock *BB = getBasicBlockAtOffset(Destination)) { 1848 // Check if the externally referenced offset is a recognized jump table 1849 // target. 1850 if (JTTargets.contains(BB->getLabel())) 1851 continue; 1852 1853 if (opts::Verbosity >= 1) { 1854 BC.errs() << "BOLT-WARNING: unclaimed data to code reference (possibly " 1855 << "an unrecognized jump table entry) to " << BB->getName() 1856 << " in " << *this << "\n"; 1857 } 1858 auto L = BC.scopeLock(); 1859 addEntryPoint(*BB); 1860 } else { 1861 BC.errs() << "BOLT-WARNING: unknown data to code reference to offset " 1862 << Twine::utohexstr(Destination) << " in " << *this << "\n"; 1863 setIgnored(); 1864 } 1865 HasUnclaimedReference = true; 1866 } 1867 return !HasUnclaimedReference; 1868 } 1869 1870 bool BinaryFunction::postProcessIndirectBranches( 1871 MCPlusBuilder::AllocatorIdTy AllocId) { 1872 auto addUnknownControlFlow = [&](BinaryBasicBlock &BB) { 1873 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: adding unknown control flow in " << *this 1874 << " for " << BB.getName() << "\n"); 1875 HasUnknownControlFlow = true; 1876 BB.removeAllSuccessors(); 1877 for (uint64_t PossibleDestination : ExternallyReferencedOffsets) 1878 if (BinaryBasicBlock *SuccBB = getBasicBlockAtOffset(PossibleDestination)) 1879 BB.addSuccessor(SuccBB); 1880 }; 1881 1882 uint64_t NumIndirectJumps = 0; 1883 MCInst *LastIndirectJump = nullptr; 1884 BinaryBasicBlock *LastIndirectJumpBB = nullptr; 1885 uint64_t LastJT = 0; 1886 uint16_t LastJTIndexReg = BC.MIB->getNoRegister(); 1887 for (BinaryBasicBlock &BB : blocks()) { 1888 for (BinaryBasicBlock::iterator II = BB.begin(); II != BB.end(); ++II) { 1889 MCInst &Instr = *II; 1890 if (!BC.MIB->isIndirectBranch(Instr)) 1891 continue; 1892 1893 // If there's an indirect branch in a single-block function - 1894 // it must be a tail call. 1895 if (BasicBlocks.size() == 1) { 1896 BC.MIB->convertJmpToTailCall(Instr); 1897 return true; 1898 } 1899 1900 ++NumIndirectJumps; 1901 1902 if (opts::StrictMode && !hasInternalReference()) { 1903 BC.MIB->convertJmpToTailCall(Instr); 1904 break; 1905 } 1906 1907 // Validate the tail call or jump table assumptions now that we know 1908 // basic block boundaries. 1909 if (BC.MIB->isTailCall(Instr) || BC.MIB->getJumpTable(Instr)) { 1910 const unsigned PtrSize = BC.AsmInfo->getCodePointerSize(); 1911 MCInst *MemLocInstr; 1912 unsigned BaseRegNum, IndexRegNum; 1913 int64_t DispValue; 1914 const MCExpr *DispExpr; 1915 MCInst *PCRelBaseInstr; 1916 MCInst *FixedEntryLoadInstr; 1917 IndirectBranchType Type = BC.MIB->analyzeIndirectBranch( 1918 Instr, BB.begin(), II, PtrSize, MemLocInstr, BaseRegNum, 1919 IndexRegNum, DispValue, DispExpr, PCRelBaseInstr, 1920 FixedEntryLoadInstr); 1921 if (Type != IndirectBranchType::UNKNOWN || MemLocInstr != nullptr) 1922 continue; 1923 1924 if (!opts::StrictMode) 1925 return false; 1926 1927 if (BC.MIB->isTailCall(Instr)) { 1928 BC.MIB->convertTailCallToJmp(Instr); 1929 } else { 1930 LastIndirectJump = &Instr; 1931 LastIndirectJumpBB = &BB; 1932 LastJT = BC.MIB->getJumpTable(Instr); 1933 LastJTIndexReg = BC.MIB->getJumpTableIndexReg(Instr); 1934 BC.MIB->unsetJumpTable(Instr); 1935 1936 JumpTable *JT = BC.getJumpTableContainingAddress(LastJT); 1937 if (JT->Type == JumpTable::JTT_NORMAL) { 1938 // Invalidating the jump table may also invalidate other jump table 1939 // boundaries. Until we have/need a support for this, mark the 1940 // function as non-simple. 1941 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: rejected jump table reference" 1942 << JT->getName() << " in " << *this << '\n'); 1943 return false; 1944 } 1945 } 1946 1947 addUnknownControlFlow(BB); 1948 continue; 1949 } 1950 1951 // If this block contains an epilogue code and has an indirect branch, 1952 // then most likely it's a tail call. Otherwise, we cannot tell for sure 1953 // what it is and conservatively reject the function's CFG. 1954 bool IsEpilogue = llvm::any_of(BB, [&](const MCInst &Instr) { 1955 return BC.MIB->isLeave(Instr) || BC.MIB->isPop(Instr); 1956 }); 1957 if (IsEpilogue) { 1958 BC.MIB->convertJmpToTailCall(Instr); 1959 BB.removeAllSuccessors(); 1960 continue; 1961 } 1962 1963 if (opts::Verbosity >= 2) { 1964 BC.outs() << "BOLT-INFO: rejected potential indirect tail call in " 1965 << "function " << *this << " in basic block " << BB.getName() 1966 << ".\n"; 1967 LLVM_DEBUG(BC.printInstructions(dbgs(), BB.begin(), BB.end(), 1968 BB.getOffset(), this, true)); 1969 } 1970 1971 if (!opts::StrictMode) 1972 return false; 1973 1974 addUnknownControlFlow(BB); 1975 } 1976 } 1977 1978 if (HasInternalLabelReference) 1979 return false; 1980 1981 // If there's only one jump table, and one indirect jump, and no other 1982 // references, then we should be able to derive the jump table even if we 1983 // fail to match the pattern. 1984 if (HasUnknownControlFlow && NumIndirectJumps == 1 && 1985 JumpTables.size() == 1 && LastIndirectJump && 1986 !BC.getJumpTableContainingAddress(LastJT)->IsSplit) { 1987 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: unsetting unknown control flow in " 1988 << *this << '\n'); 1989 BC.MIB->setJumpTable(*LastIndirectJump, LastJT, LastJTIndexReg, AllocId); 1990 HasUnknownControlFlow = false; 1991 1992 LastIndirectJumpBB->updateJumpTableSuccessors(); 1993 } 1994 1995 // Validate that all data references to function offsets are claimed by 1996 // recognized jump tables. Register externally referenced blocks as entry 1997 // points. 1998 if (!opts::StrictMode && hasInternalReference()) { 1999 if (!validateExternallyReferencedOffsets()) 2000 return false; 2001 } 2002 2003 if (HasUnknownControlFlow && !BC.HasRelocations) 2004 return false; 2005 2006 return true; 2007 } 2008 2009 void BinaryFunction::recomputeLandingPads() { 2010 updateBBIndices(0); 2011 2012 for (BinaryBasicBlock *BB : BasicBlocks) { 2013 BB->LandingPads.clear(); 2014 BB->Throwers.clear(); 2015 } 2016 2017 for (BinaryBasicBlock *BB : BasicBlocks) { 2018 std::unordered_set<const BinaryBasicBlock *> BBLandingPads; 2019 for (MCInst &Instr : *BB) { 2020 if (!BC.MIB->isInvoke(Instr)) 2021 continue; 2022 2023 const std::optional<MCPlus::MCLandingPad> EHInfo = 2024 BC.MIB->getEHInfo(Instr); 2025 if (!EHInfo || !EHInfo->first) 2026 continue; 2027 2028 BinaryBasicBlock *LPBlock = getBasicBlockForLabel(EHInfo->first); 2029 if (!BBLandingPads.count(LPBlock)) { 2030 BBLandingPads.insert(LPBlock); 2031 BB->LandingPads.emplace_back(LPBlock); 2032 LPBlock->Throwers.emplace_back(BB); 2033 } 2034 } 2035 } 2036 } 2037 2038 Error BinaryFunction::buildCFG(MCPlusBuilder::AllocatorIdTy AllocatorId) { 2039 auto &MIB = BC.MIB; 2040 2041 if (!isSimple()) { 2042 assert(!BC.HasRelocations && 2043 "cannot process file with non-simple function in relocs mode"); 2044 return createNonFatalBOLTError(""); 2045 } 2046 2047 if (CurrentState != State::Disassembled) 2048 return createNonFatalBOLTError(""); 2049 2050 assert(BasicBlocks.empty() && "basic block list should be empty"); 2051 assert((Labels.find(getFirstInstructionOffset()) != Labels.end()) && 2052 "first instruction should always have a label"); 2053 2054 // Create basic blocks in the original layout order: 2055 // 2056 // * Every instruction with associated label marks 2057 // the beginning of a basic block. 2058 // * Conditional instruction marks the end of a basic block, 2059 // except when the following instruction is an 2060 // unconditional branch, and the unconditional branch is not 2061 // a destination of another branch. In the latter case, the 2062 // basic block will consist of a single unconditional branch 2063 // (missed "double-jump" optimization). 2064 // 2065 // Created basic blocks are sorted in layout order since they are 2066 // created in the same order as instructions, and instructions are 2067 // sorted by offsets. 2068 BinaryBasicBlock *InsertBB = nullptr; 2069 BinaryBasicBlock *PrevBB = nullptr; 2070 bool IsLastInstrNop = false; 2071 // Offset of the last non-nop instruction. 2072 uint64_t LastInstrOffset = 0; 2073 2074 auto addCFIPlaceholders = [this](uint64_t CFIOffset, 2075 BinaryBasicBlock *InsertBB) { 2076 for (auto FI = OffsetToCFI.lower_bound(CFIOffset), 2077 FE = OffsetToCFI.upper_bound(CFIOffset); 2078 FI != FE; ++FI) { 2079 addCFIPseudo(InsertBB, InsertBB->end(), FI->second); 2080 } 2081 }; 2082 2083 // For profiling purposes we need to save the offset of the last instruction 2084 // in the basic block. 2085 // NOTE: nops always have an Offset annotation. Annotate the last non-nop as 2086 // older profiles ignored nops. 2087 auto updateOffset = [&](uint64_t Offset) { 2088 assert(PrevBB && PrevBB != InsertBB && "invalid previous block"); 2089 MCInst *LastNonNop = nullptr; 2090 for (BinaryBasicBlock::reverse_iterator RII = PrevBB->getLastNonPseudo(), 2091 E = PrevBB->rend(); 2092 RII != E; ++RII) { 2093 if (!BC.MIB->isPseudo(*RII) && !BC.MIB->isNoop(*RII)) { 2094 LastNonNop = &*RII; 2095 break; 2096 } 2097 } 2098 if (LastNonNop && !MIB->getOffset(*LastNonNop)) 2099 MIB->setOffset(*LastNonNop, static_cast<uint32_t>(Offset)); 2100 }; 2101 2102 for (auto I = Instructions.begin(), E = Instructions.end(); I != E; ++I) { 2103 const uint32_t Offset = I->first; 2104 MCInst &Instr = I->second; 2105 2106 auto LI = Labels.find(Offset); 2107 if (LI != Labels.end()) { 2108 // Always create new BB at branch destination. 2109 PrevBB = InsertBB ? InsertBB : PrevBB; 2110 InsertBB = addBasicBlockAt(LI->first, LI->second); 2111 if (opts::PreserveBlocksAlignment && IsLastInstrNop) 2112 InsertBB->setDerivedAlignment(); 2113 2114 if (PrevBB) 2115 updateOffset(LastInstrOffset); 2116 } 2117 2118 // Mark all nops with Offset for profile tracking purposes. 2119 if (MIB->isNoop(Instr) && !MIB->getOffset(Instr)) { 2120 // If "Offset" annotation is not present, set it and mark the nop for 2121 // deletion. 2122 MIB->setOffset(Instr, static_cast<uint32_t>(Offset)); 2123 // Annotate ordinary nops, so we can safely delete them if required. 2124 MIB->addAnnotation(Instr, "NOP", static_cast<uint32_t>(1), AllocatorId); 2125 } 2126 2127 if (!InsertBB) { 2128 // It must be a fallthrough or unreachable code. Create a new block unless 2129 // we see an unconditional branch following a conditional one. The latter 2130 // should not be a conditional tail call. 2131 assert(PrevBB && "no previous basic block for a fall through"); 2132 MCInst *PrevInstr = PrevBB->getLastNonPseudoInstr(); 2133 assert(PrevInstr && "no previous instruction for a fall through"); 2134 if (MIB->isUnconditionalBranch(Instr) && 2135 !MIB->isIndirectBranch(*PrevInstr) && 2136 !MIB->isUnconditionalBranch(*PrevInstr) && 2137 !MIB->getConditionalTailCall(*PrevInstr) && 2138 !MIB->isReturn(*PrevInstr)) { 2139 // Temporarily restore inserter basic block. 2140 InsertBB = PrevBB; 2141 } else { 2142 MCSymbol *Label; 2143 { 2144 auto L = BC.scopeLock(); 2145 Label = BC.Ctx->createNamedTempSymbol("FT"); 2146 } 2147 InsertBB = addBasicBlockAt(Offset, Label); 2148 if (opts::PreserveBlocksAlignment && IsLastInstrNop) 2149 InsertBB->setDerivedAlignment(); 2150 updateOffset(LastInstrOffset); 2151 } 2152 } 2153 if (Offset == getFirstInstructionOffset()) { 2154 // Add associated CFI pseudos in the first offset 2155 addCFIPlaceholders(Offset, InsertBB); 2156 } 2157 2158 const bool IsBlockEnd = MIB->isTerminator(Instr); 2159 IsLastInstrNop = MIB->isNoop(Instr); 2160 if (!IsLastInstrNop) 2161 LastInstrOffset = Offset; 2162 InsertBB->addInstruction(std::move(Instr)); 2163 2164 // Add associated CFI instrs. We always add the CFI instruction that is 2165 // located immediately after this instruction, since the next CFI 2166 // instruction reflects the change in state caused by this instruction. 2167 auto NextInstr = std::next(I); 2168 uint64_t CFIOffset; 2169 if (NextInstr != E) 2170 CFIOffset = NextInstr->first; 2171 else 2172 CFIOffset = getSize(); 2173 2174 // Note: this potentially invalidates instruction pointers/iterators. 2175 addCFIPlaceholders(CFIOffset, InsertBB); 2176 2177 if (IsBlockEnd) { 2178 PrevBB = InsertBB; 2179 InsertBB = nullptr; 2180 } 2181 } 2182 2183 if (BasicBlocks.empty()) { 2184 setSimple(false); 2185 return createNonFatalBOLTError(""); 2186 } 2187 2188 // Intermediate dump. 2189 LLVM_DEBUG(print(dbgs(), "after creating basic blocks")); 2190 2191 // TODO: handle properly calls to no-return functions, 2192 // e.g. exit(3), etc. Otherwise we'll see a false fall-through 2193 // blocks. 2194 2195 // Remove duplicates branches. We can get a bunch of them from jump tables. 2196 // Without doing jump table value profiling we don't have a use for extra 2197 // (duplicate) branches. 2198 llvm::sort(TakenBranches); 2199 auto NewEnd = std::unique(TakenBranches.begin(), TakenBranches.end()); 2200 TakenBranches.erase(NewEnd, TakenBranches.end()); 2201 2202 for (std::pair<uint32_t, uint32_t> &Branch : TakenBranches) { 2203 LLVM_DEBUG(dbgs() << "registering branch [0x" 2204 << Twine::utohexstr(Branch.first) << "] -> [0x" 2205 << Twine::utohexstr(Branch.second) << "]\n"); 2206 BinaryBasicBlock *FromBB = getBasicBlockContainingOffset(Branch.first); 2207 BinaryBasicBlock *ToBB = getBasicBlockAtOffset(Branch.second); 2208 if (!FromBB || !ToBB) { 2209 if (!FromBB) 2210 BC.errs() << "BOLT-ERROR: cannot find BB containing the branch.\n"; 2211 if (!ToBB) 2212 BC.errs() 2213 << "BOLT-ERROR: cannot find BB containing branch destination.\n"; 2214 return createFatalBOLTError(BC.generateBugReportMessage( 2215 "disassembly failed - inconsistent branch found.", *this)); 2216 } 2217 2218 FromBB->addSuccessor(ToBB); 2219 } 2220 2221 // Add fall-through branches. 2222 PrevBB = nullptr; 2223 bool IsPrevFT = false; // Is previous block a fall-through. 2224 for (BinaryBasicBlock *BB : BasicBlocks) { 2225 if (IsPrevFT) 2226 PrevBB->addSuccessor(BB); 2227 2228 if (BB->empty()) { 2229 IsPrevFT = true; 2230 PrevBB = BB; 2231 continue; 2232 } 2233 2234 MCInst *LastInstr = BB->getLastNonPseudoInstr(); 2235 assert(LastInstr && 2236 "should have non-pseudo instruction in non-empty block"); 2237 2238 if (BB->succ_size() == 0) { 2239 // Since there's no existing successors, we know the last instruction is 2240 // not a conditional branch. Thus if it's a terminator, it shouldn't be a 2241 // fall-through. 2242 // 2243 // Conditional tail call is a special case since we don't add a taken 2244 // branch successor for it. 2245 IsPrevFT = !MIB->isTerminator(*LastInstr) || 2246 MIB->getConditionalTailCall(*LastInstr); 2247 } else if (BB->succ_size() == 1) { 2248 IsPrevFT = MIB->isConditionalBranch(*LastInstr); 2249 } else { 2250 IsPrevFT = false; 2251 } 2252 2253 PrevBB = BB; 2254 } 2255 2256 // Assign landing pads and throwers info. 2257 recomputeLandingPads(); 2258 2259 // Assign CFI information to each BB entry. 2260 annotateCFIState(); 2261 2262 // Annotate invoke instructions with GNU_args_size data. 2263 propagateGnuArgsSizeInfo(AllocatorId); 2264 2265 // Set the basic block layout to the original order and set end offsets. 2266 PrevBB = nullptr; 2267 for (BinaryBasicBlock *BB : BasicBlocks) { 2268 Layout.addBasicBlock(BB); 2269 if (PrevBB) 2270 PrevBB->setEndOffset(BB->getOffset()); 2271 PrevBB = BB; 2272 } 2273 PrevBB->setEndOffset(getSize()); 2274 2275 Layout.updateLayoutIndices(); 2276 2277 normalizeCFIState(); 2278 2279 // Clean-up memory taken by intermediate structures. 2280 // 2281 // NB: don't clear Labels list as we may need them if we mark the function 2282 // as non-simple later in the process of discovering extra entry points. 2283 clearList(Instructions); 2284 clearList(OffsetToCFI); 2285 clearList(TakenBranches); 2286 2287 // Update the state. 2288 CurrentState = State::CFG; 2289 2290 // Make any necessary adjustments for indirect branches. 2291 if (!postProcessIndirectBranches(AllocatorId)) { 2292 if (opts::Verbosity) { 2293 BC.errs() << "BOLT-WARNING: failed to post-process indirect branches for " 2294 << *this << '\n'; 2295 } 2296 // In relocation mode we want to keep processing the function but avoid 2297 // optimizing it. 2298 setSimple(false); 2299 } 2300 2301 clearList(ExternallyReferencedOffsets); 2302 clearList(UnknownIndirectBranchOffsets); 2303 2304 return Error::success(); 2305 } 2306 2307 void BinaryFunction::postProcessCFG() { 2308 if (isSimple() && !BasicBlocks.empty()) { 2309 // Convert conditional tail call branches to conditional branches that jump 2310 // to a tail call. 2311 removeConditionalTailCalls(); 2312 2313 postProcessProfile(); 2314 2315 // Eliminate inconsistencies between branch instructions and CFG. 2316 postProcessBranches(); 2317 } 2318 2319 // The final cleanup of intermediate structures. 2320 clearList(IgnoredBranches); 2321 2322 // Remove "Offset" annotations, unless we need an address-translation table 2323 // later. This has no cost, since annotations are allocated by a bumpptr 2324 // allocator and won't be released anyway until late in the pipeline. 2325 if (!requiresAddressTranslation() && !opts::Instrument) { 2326 for (BinaryBasicBlock &BB : blocks()) 2327 for (MCInst &Inst : BB) 2328 BC.MIB->clearOffset(Inst); 2329 } 2330 2331 assert((!isSimple() || validateCFG()) && 2332 "invalid CFG detected after post-processing"); 2333 } 2334 2335 void BinaryFunction::removeTagsFromProfile() { 2336 for (BinaryBasicBlock *BB : BasicBlocks) { 2337 if (BB->ExecutionCount == BinaryBasicBlock::COUNT_NO_PROFILE) 2338 BB->ExecutionCount = 0; 2339 for (BinaryBasicBlock::BinaryBranchInfo &BI : BB->branch_info()) { 2340 if (BI.Count != BinaryBasicBlock::COUNT_NO_PROFILE && 2341 BI.MispredictedCount != BinaryBasicBlock::COUNT_NO_PROFILE) 2342 continue; 2343 BI.Count = 0; 2344 BI.MispredictedCount = 0; 2345 } 2346 } 2347 } 2348 2349 void BinaryFunction::removeConditionalTailCalls() { 2350 // Blocks to be appended at the end. 2351 std::vector<std::unique_ptr<BinaryBasicBlock>> NewBlocks; 2352 2353 for (auto BBI = begin(); BBI != end(); ++BBI) { 2354 BinaryBasicBlock &BB = *BBI; 2355 MCInst *CTCInstr = BB.getLastNonPseudoInstr(); 2356 if (!CTCInstr) 2357 continue; 2358 2359 std::optional<uint64_t> TargetAddressOrNone = 2360 BC.MIB->getConditionalTailCall(*CTCInstr); 2361 if (!TargetAddressOrNone) 2362 continue; 2363 2364 // Gather all necessary information about CTC instruction before 2365 // annotations are destroyed. 2366 const int32_t CFIStateBeforeCTC = BB.getCFIStateAtInstr(CTCInstr); 2367 uint64_t CTCTakenCount = BinaryBasicBlock::COUNT_NO_PROFILE; 2368 uint64_t CTCMispredCount = BinaryBasicBlock::COUNT_NO_PROFILE; 2369 if (hasValidProfile()) { 2370 CTCTakenCount = BC.MIB->getAnnotationWithDefault<uint64_t>( 2371 *CTCInstr, "CTCTakenCount"); 2372 CTCMispredCount = BC.MIB->getAnnotationWithDefault<uint64_t>( 2373 *CTCInstr, "CTCMispredCount"); 2374 } 2375 2376 // Assert that the tail call does not throw. 2377 assert(!BC.MIB->getEHInfo(*CTCInstr) && 2378 "found tail call with associated landing pad"); 2379 2380 // Create a basic block with an unconditional tail call instruction using 2381 // the same destination. 2382 const MCSymbol *CTCTargetLabel = BC.MIB->getTargetSymbol(*CTCInstr); 2383 assert(CTCTargetLabel && "symbol expected for conditional tail call"); 2384 MCInst TailCallInstr; 2385 BC.MIB->createTailCall(TailCallInstr, CTCTargetLabel, BC.Ctx.get()); 2386 2387 // Move offset from CTCInstr to TailCallInstr. 2388 if (const std::optional<uint32_t> Offset = BC.MIB->getOffset(*CTCInstr)) { 2389 BC.MIB->setOffset(TailCallInstr, *Offset); 2390 BC.MIB->clearOffset(*CTCInstr); 2391 } 2392 2393 // Link new BBs to the original input offset of the BB where the CTC 2394 // is, so we can map samples recorded in new BBs back to the original BB 2395 // seem in the input binary (if using BAT) 2396 std::unique_ptr<BinaryBasicBlock> TailCallBB = 2397 createBasicBlock(BC.Ctx->createNamedTempSymbol("TC")); 2398 TailCallBB->setOffset(BB.getInputOffset()); 2399 TailCallBB->addInstruction(TailCallInstr); 2400 TailCallBB->setCFIState(CFIStateBeforeCTC); 2401 2402 // Add CFG edge with profile info from BB to TailCallBB. 2403 BB.addSuccessor(TailCallBB.get(), CTCTakenCount, CTCMispredCount); 2404 2405 // Add execution count for the block. 2406 TailCallBB->setExecutionCount(CTCTakenCount); 2407 2408 BC.MIB->convertTailCallToJmp(*CTCInstr); 2409 2410 BC.MIB->replaceBranchTarget(*CTCInstr, TailCallBB->getLabel(), 2411 BC.Ctx.get()); 2412 2413 // Add basic block to the list that will be added to the end. 2414 NewBlocks.emplace_back(std::move(TailCallBB)); 2415 2416 // Swap edges as the TailCallBB corresponds to the taken branch. 2417 BB.swapConditionalSuccessors(); 2418 2419 // This branch is no longer a conditional tail call. 2420 BC.MIB->unsetConditionalTailCall(*CTCInstr); 2421 } 2422 2423 insertBasicBlocks(std::prev(end()), std::move(NewBlocks), 2424 /* UpdateLayout */ true, 2425 /* UpdateCFIState */ false); 2426 } 2427 2428 uint64_t BinaryFunction::getFunctionScore() const { 2429 if (FunctionScore != -1) 2430 return FunctionScore; 2431 2432 if (!isSimple() || !hasValidProfile()) { 2433 FunctionScore = 0; 2434 return FunctionScore; 2435 } 2436 2437 uint64_t TotalScore = 0ULL; 2438 for (const BinaryBasicBlock &BB : blocks()) { 2439 uint64_t BBExecCount = BB.getExecutionCount(); 2440 if (BBExecCount == BinaryBasicBlock::COUNT_NO_PROFILE) 2441 continue; 2442 TotalScore += BBExecCount * BB.getNumNonPseudos(); 2443 } 2444 FunctionScore = TotalScore; 2445 return FunctionScore; 2446 } 2447 2448 void BinaryFunction::annotateCFIState() { 2449 assert(CurrentState == State::Disassembled && "unexpected function state"); 2450 assert(!BasicBlocks.empty() && "basic block list should not be empty"); 2451 2452 // This is an index of the last processed CFI in FDE CFI program. 2453 uint32_t State = 0; 2454 2455 // This is an index of RememberState CFI reflecting effective state right 2456 // after execution of RestoreState CFI. 2457 // 2458 // It differs from State iff the CFI at (State-1) 2459 // was RestoreState (modulo GNU_args_size CFIs, which are ignored). 2460 // 2461 // This allows us to generate shorter replay sequences when producing new 2462 // CFI programs. 2463 uint32_t EffectiveState = 0; 2464 2465 // For tracking RememberState/RestoreState sequences. 2466 std::stack<uint32_t> StateStack; 2467 2468 for (BinaryBasicBlock *BB : BasicBlocks) { 2469 BB->setCFIState(EffectiveState); 2470 2471 for (const MCInst &Instr : *BB) { 2472 const MCCFIInstruction *CFI = getCFIFor(Instr); 2473 if (!CFI) 2474 continue; 2475 2476 ++State; 2477 2478 switch (CFI->getOperation()) { 2479 case MCCFIInstruction::OpRememberState: 2480 StateStack.push(EffectiveState); 2481 EffectiveState = State; 2482 break; 2483 case MCCFIInstruction::OpRestoreState: 2484 assert(!StateStack.empty() && "corrupt CFI stack"); 2485 EffectiveState = StateStack.top(); 2486 StateStack.pop(); 2487 break; 2488 case MCCFIInstruction::OpGnuArgsSize: 2489 // OpGnuArgsSize CFIs do not affect the CFI state. 2490 break; 2491 default: 2492 // Any other CFI updates the state. 2493 EffectiveState = State; 2494 break; 2495 } 2496 } 2497 } 2498 2499 if (opts::Verbosity >= 1 && !StateStack.empty()) { 2500 BC.errs() << "BOLT-WARNING: non-empty CFI stack at the end of " << *this 2501 << '\n'; 2502 } 2503 } 2504 2505 namespace { 2506 2507 /// Our full interpretation of a DWARF CFI machine state at a given point 2508 struct CFISnapshot { 2509 /// CFA register number and offset defining the canonical frame at this 2510 /// point, or the number of a rule (CFI state) that computes it with a 2511 /// DWARF expression. This number will be negative if it refers to a CFI 2512 /// located in the CIE instead of the FDE. 2513 uint32_t CFAReg; 2514 int32_t CFAOffset; 2515 int32_t CFARule; 2516 /// Mapping of rules (CFI states) that define the location of each 2517 /// register. If absent, no rule defining the location of such register 2518 /// was ever read. This number will be negative if it refers to a CFI 2519 /// located in the CIE instead of the FDE. 2520 DenseMap<int32_t, int32_t> RegRule; 2521 2522 /// References to CIE, FDE and expanded instructions after a restore state 2523 const BinaryFunction::CFIInstrMapType &CIE; 2524 const BinaryFunction::CFIInstrMapType &FDE; 2525 const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents; 2526 2527 /// Current FDE CFI number representing the state where the snapshot is at 2528 int32_t CurState; 2529 2530 /// Used when we don't have information about which state/rule to apply 2531 /// to recover the location of either the CFA or a specific register 2532 constexpr static int32_t UNKNOWN = std::numeric_limits<int32_t>::min(); 2533 2534 private: 2535 /// Update our snapshot by executing a single CFI 2536 void update(const MCCFIInstruction &Instr, int32_t RuleNumber) { 2537 switch (Instr.getOperation()) { 2538 case MCCFIInstruction::OpSameValue: 2539 case MCCFIInstruction::OpRelOffset: 2540 case MCCFIInstruction::OpOffset: 2541 case MCCFIInstruction::OpRestore: 2542 case MCCFIInstruction::OpUndefined: 2543 case MCCFIInstruction::OpRegister: 2544 RegRule[Instr.getRegister()] = RuleNumber; 2545 break; 2546 case MCCFIInstruction::OpDefCfaRegister: 2547 CFAReg = Instr.getRegister(); 2548 CFARule = UNKNOWN; 2549 2550 // This shouldn't happen according to the spec but GNU binutils on RISC-V 2551 // emits a DW_CFA_def_cfa_register in CIE's which leaves the offset 2552 // unspecified. Both readelf and llvm-dwarfdump interpret the offset as 0 2553 // in this case so let's do the same. 2554 if (CFAOffset == UNKNOWN) 2555 CFAOffset = 0; 2556 break; 2557 case MCCFIInstruction::OpDefCfaOffset: 2558 CFAOffset = Instr.getOffset(); 2559 CFARule = UNKNOWN; 2560 break; 2561 case MCCFIInstruction::OpDefCfa: 2562 CFAReg = Instr.getRegister(); 2563 CFAOffset = Instr.getOffset(); 2564 CFARule = UNKNOWN; 2565 break; 2566 case MCCFIInstruction::OpEscape: { 2567 std::optional<uint8_t> Reg = 2568 readDWARFExpressionTargetReg(Instr.getValues()); 2569 // Handle DW_CFA_def_cfa_expression 2570 if (!Reg) { 2571 CFARule = RuleNumber; 2572 break; 2573 } 2574 RegRule[*Reg] = RuleNumber; 2575 break; 2576 } 2577 case MCCFIInstruction::OpAdjustCfaOffset: 2578 case MCCFIInstruction::OpWindowSave: 2579 case MCCFIInstruction::OpNegateRAState: 2580 case MCCFIInstruction::OpNegateRAStateWithPC: 2581 case MCCFIInstruction::OpLLVMDefAspaceCfa: 2582 case MCCFIInstruction::OpLabel: 2583 llvm_unreachable("unsupported CFI opcode"); 2584 break; 2585 case MCCFIInstruction::OpRememberState: 2586 case MCCFIInstruction::OpRestoreState: 2587 case MCCFIInstruction::OpGnuArgsSize: 2588 // do not affect CFI state 2589 break; 2590 } 2591 } 2592 2593 public: 2594 /// Advance state reading FDE CFI instructions up to State number 2595 void advanceTo(int32_t State) { 2596 for (int32_t I = CurState, E = State; I != E; ++I) { 2597 const MCCFIInstruction &Instr = FDE[I]; 2598 if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) { 2599 update(Instr, I); 2600 continue; 2601 } 2602 // If restore state instruction, fetch the equivalent CFIs that have 2603 // the same effect of this restore. This is used to ensure remember- 2604 // restore pairs are completely removed. 2605 auto Iter = FrameRestoreEquivalents.find(I); 2606 if (Iter == FrameRestoreEquivalents.end()) 2607 continue; 2608 for (int32_t RuleNumber : Iter->second) 2609 update(FDE[RuleNumber], RuleNumber); 2610 } 2611 2612 assert(((CFAReg != (uint32_t)UNKNOWN && CFAOffset != UNKNOWN) || 2613 CFARule != UNKNOWN) && 2614 "CIE did not define default CFA?"); 2615 2616 CurState = State; 2617 } 2618 2619 /// Interpret all CIE and FDE instructions up until CFI State number and 2620 /// populate this snapshot 2621 CFISnapshot( 2622 const BinaryFunction::CFIInstrMapType &CIE, 2623 const BinaryFunction::CFIInstrMapType &FDE, 2624 const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents, 2625 int32_t State) 2626 : CIE(CIE), FDE(FDE), FrameRestoreEquivalents(FrameRestoreEquivalents) { 2627 CFAReg = UNKNOWN; 2628 CFAOffset = UNKNOWN; 2629 CFARule = UNKNOWN; 2630 CurState = 0; 2631 2632 for (int32_t I = 0, E = CIE.size(); I != E; ++I) { 2633 const MCCFIInstruction &Instr = CIE[I]; 2634 update(Instr, -I); 2635 } 2636 2637 advanceTo(State); 2638 } 2639 }; 2640 2641 /// A CFI snapshot with the capability of checking if incremental additions to 2642 /// it are redundant. This is used to ensure we do not emit two CFI instructions 2643 /// back-to-back that are doing the same state change, or to avoid emitting a 2644 /// CFI at all when the state at that point would not be modified after that CFI 2645 struct CFISnapshotDiff : public CFISnapshot { 2646 bool RestoredCFAReg{false}; 2647 bool RestoredCFAOffset{false}; 2648 DenseMap<int32_t, bool> RestoredRegs; 2649 2650 CFISnapshotDiff(const CFISnapshot &S) : CFISnapshot(S) {} 2651 2652 CFISnapshotDiff( 2653 const BinaryFunction::CFIInstrMapType &CIE, 2654 const BinaryFunction::CFIInstrMapType &FDE, 2655 const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents, 2656 int32_t State) 2657 : CFISnapshot(CIE, FDE, FrameRestoreEquivalents, State) {} 2658 2659 /// Return true if applying Instr to this state is redundant and can be 2660 /// dismissed. 2661 bool isRedundant(const MCCFIInstruction &Instr) { 2662 switch (Instr.getOperation()) { 2663 case MCCFIInstruction::OpSameValue: 2664 case MCCFIInstruction::OpRelOffset: 2665 case MCCFIInstruction::OpOffset: 2666 case MCCFIInstruction::OpRestore: 2667 case MCCFIInstruction::OpUndefined: 2668 case MCCFIInstruction::OpRegister: 2669 case MCCFIInstruction::OpEscape: { 2670 uint32_t Reg; 2671 if (Instr.getOperation() != MCCFIInstruction::OpEscape) { 2672 Reg = Instr.getRegister(); 2673 } else { 2674 std::optional<uint8_t> R = 2675 readDWARFExpressionTargetReg(Instr.getValues()); 2676 // Handle DW_CFA_def_cfa_expression 2677 if (!R) { 2678 if (RestoredCFAReg && RestoredCFAOffset) 2679 return true; 2680 RestoredCFAReg = true; 2681 RestoredCFAOffset = true; 2682 return false; 2683 } 2684 Reg = *R; 2685 } 2686 if (RestoredRegs[Reg]) 2687 return true; 2688 RestoredRegs[Reg] = true; 2689 const int32_t CurRegRule = RegRule.contains(Reg) ? RegRule[Reg] : UNKNOWN; 2690 if (CurRegRule == UNKNOWN) { 2691 if (Instr.getOperation() == MCCFIInstruction::OpRestore || 2692 Instr.getOperation() == MCCFIInstruction::OpSameValue) 2693 return true; 2694 return false; 2695 } 2696 const MCCFIInstruction &LastDef = 2697 CurRegRule < 0 ? CIE[-CurRegRule] : FDE[CurRegRule]; 2698 return LastDef == Instr; 2699 } 2700 case MCCFIInstruction::OpDefCfaRegister: 2701 if (RestoredCFAReg) 2702 return true; 2703 RestoredCFAReg = true; 2704 return CFAReg == Instr.getRegister(); 2705 case MCCFIInstruction::OpDefCfaOffset: 2706 if (RestoredCFAOffset) 2707 return true; 2708 RestoredCFAOffset = true; 2709 return CFAOffset == Instr.getOffset(); 2710 case MCCFIInstruction::OpDefCfa: 2711 if (RestoredCFAReg && RestoredCFAOffset) 2712 return true; 2713 RestoredCFAReg = true; 2714 RestoredCFAOffset = true; 2715 return CFAReg == Instr.getRegister() && CFAOffset == Instr.getOffset(); 2716 case MCCFIInstruction::OpAdjustCfaOffset: 2717 case MCCFIInstruction::OpWindowSave: 2718 case MCCFIInstruction::OpNegateRAState: 2719 case MCCFIInstruction::OpNegateRAStateWithPC: 2720 case MCCFIInstruction::OpLLVMDefAspaceCfa: 2721 case MCCFIInstruction::OpLabel: 2722 llvm_unreachable("unsupported CFI opcode"); 2723 return false; 2724 case MCCFIInstruction::OpRememberState: 2725 case MCCFIInstruction::OpRestoreState: 2726 case MCCFIInstruction::OpGnuArgsSize: 2727 // do not affect CFI state 2728 return true; 2729 } 2730 return false; 2731 } 2732 }; 2733 2734 } // end anonymous namespace 2735 2736 bool BinaryFunction::replayCFIInstrs(int32_t FromState, int32_t ToState, 2737 BinaryBasicBlock *InBB, 2738 BinaryBasicBlock::iterator InsertIt) { 2739 if (FromState == ToState) 2740 return true; 2741 assert(FromState < ToState && "can only replay CFIs forward"); 2742 2743 CFISnapshotDiff CFIDiff(CIEFrameInstructions, FrameInstructions, 2744 FrameRestoreEquivalents, FromState); 2745 2746 std::vector<uint32_t> NewCFIs; 2747 for (int32_t CurState = FromState; CurState < ToState; ++CurState) { 2748 MCCFIInstruction *Instr = &FrameInstructions[CurState]; 2749 if (Instr->getOperation() == MCCFIInstruction::OpRestoreState) { 2750 auto Iter = FrameRestoreEquivalents.find(CurState); 2751 assert(Iter != FrameRestoreEquivalents.end()); 2752 NewCFIs.insert(NewCFIs.end(), Iter->second.begin(), Iter->second.end()); 2753 // RestoreState / Remember will be filtered out later by CFISnapshotDiff, 2754 // so we might as well fall-through here. 2755 } 2756 NewCFIs.push_back(CurState); 2757 } 2758 2759 // Replay instructions while avoiding duplicates 2760 for (int32_t State : llvm::reverse(NewCFIs)) { 2761 if (CFIDiff.isRedundant(FrameInstructions[State])) 2762 continue; 2763 InsertIt = addCFIPseudo(InBB, InsertIt, State); 2764 } 2765 2766 return true; 2767 } 2768 2769 SmallVector<int32_t, 4> 2770 BinaryFunction::unwindCFIState(int32_t FromState, int32_t ToState, 2771 BinaryBasicBlock *InBB, 2772 BinaryBasicBlock::iterator &InsertIt) { 2773 SmallVector<int32_t, 4> NewStates; 2774 2775 CFISnapshot ToCFITable(CIEFrameInstructions, FrameInstructions, 2776 FrameRestoreEquivalents, ToState); 2777 CFISnapshotDiff FromCFITable(ToCFITable); 2778 FromCFITable.advanceTo(FromState); 2779 2780 auto undoStateDefCfa = [&]() { 2781 if (ToCFITable.CFARule == CFISnapshot::UNKNOWN) { 2782 FrameInstructions.emplace_back(MCCFIInstruction::cfiDefCfa( 2783 nullptr, ToCFITable.CFAReg, ToCFITable.CFAOffset)); 2784 if (FromCFITable.isRedundant(FrameInstructions.back())) { 2785 FrameInstructions.pop_back(); 2786 return; 2787 } 2788 NewStates.push_back(FrameInstructions.size() - 1); 2789 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size() - 1); 2790 ++InsertIt; 2791 } else if (ToCFITable.CFARule < 0) { 2792 if (FromCFITable.isRedundant(CIEFrameInstructions[-ToCFITable.CFARule])) 2793 return; 2794 NewStates.push_back(FrameInstructions.size()); 2795 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size()); 2796 ++InsertIt; 2797 FrameInstructions.emplace_back(CIEFrameInstructions[-ToCFITable.CFARule]); 2798 } else if (!FromCFITable.isRedundant( 2799 FrameInstructions[ToCFITable.CFARule])) { 2800 NewStates.push_back(ToCFITable.CFARule); 2801 InsertIt = addCFIPseudo(InBB, InsertIt, ToCFITable.CFARule); 2802 ++InsertIt; 2803 } 2804 }; 2805 2806 auto undoState = [&](const MCCFIInstruction &Instr) { 2807 switch (Instr.getOperation()) { 2808 case MCCFIInstruction::OpRememberState: 2809 case MCCFIInstruction::OpRestoreState: 2810 break; 2811 case MCCFIInstruction::OpSameValue: 2812 case MCCFIInstruction::OpRelOffset: 2813 case MCCFIInstruction::OpOffset: 2814 case MCCFIInstruction::OpRestore: 2815 case MCCFIInstruction::OpUndefined: 2816 case MCCFIInstruction::OpEscape: 2817 case MCCFIInstruction::OpRegister: { 2818 uint32_t Reg; 2819 if (Instr.getOperation() != MCCFIInstruction::OpEscape) { 2820 Reg = Instr.getRegister(); 2821 } else { 2822 std::optional<uint8_t> R = 2823 readDWARFExpressionTargetReg(Instr.getValues()); 2824 // Handle DW_CFA_def_cfa_expression 2825 if (!R) { 2826 undoStateDefCfa(); 2827 return; 2828 } 2829 Reg = *R; 2830 } 2831 2832 if (!ToCFITable.RegRule.contains(Reg)) { 2833 FrameInstructions.emplace_back( 2834 MCCFIInstruction::createRestore(nullptr, Reg)); 2835 if (FromCFITable.isRedundant(FrameInstructions.back())) { 2836 FrameInstructions.pop_back(); 2837 break; 2838 } 2839 NewStates.push_back(FrameInstructions.size() - 1); 2840 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size() - 1); 2841 ++InsertIt; 2842 break; 2843 } 2844 const int32_t Rule = ToCFITable.RegRule[Reg]; 2845 if (Rule < 0) { 2846 if (FromCFITable.isRedundant(CIEFrameInstructions[-Rule])) 2847 break; 2848 NewStates.push_back(FrameInstructions.size()); 2849 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size()); 2850 ++InsertIt; 2851 FrameInstructions.emplace_back(CIEFrameInstructions[-Rule]); 2852 break; 2853 } 2854 if (FromCFITable.isRedundant(FrameInstructions[Rule])) 2855 break; 2856 NewStates.push_back(Rule); 2857 InsertIt = addCFIPseudo(InBB, InsertIt, Rule); 2858 ++InsertIt; 2859 break; 2860 } 2861 case MCCFIInstruction::OpDefCfaRegister: 2862 case MCCFIInstruction::OpDefCfaOffset: 2863 case MCCFIInstruction::OpDefCfa: 2864 undoStateDefCfa(); 2865 break; 2866 case MCCFIInstruction::OpAdjustCfaOffset: 2867 case MCCFIInstruction::OpWindowSave: 2868 case MCCFIInstruction::OpNegateRAState: 2869 case MCCFIInstruction::OpNegateRAStateWithPC: 2870 case MCCFIInstruction::OpLLVMDefAspaceCfa: 2871 case MCCFIInstruction::OpLabel: 2872 llvm_unreachable("unsupported CFI opcode"); 2873 break; 2874 case MCCFIInstruction::OpGnuArgsSize: 2875 // do not affect CFI state 2876 break; 2877 } 2878 }; 2879 2880 // Undo all modifications from ToState to FromState 2881 for (int32_t I = ToState, E = FromState; I != E; ++I) { 2882 const MCCFIInstruction &Instr = FrameInstructions[I]; 2883 if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) { 2884 undoState(Instr); 2885 continue; 2886 } 2887 auto Iter = FrameRestoreEquivalents.find(I); 2888 if (Iter == FrameRestoreEquivalents.end()) 2889 continue; 2890 for (int32_t State : Iter->second) 2891 undoState(FrameInstructions[State]); 2892 } 2893 2894 return NewStates; 2895 } 2896 2897 void BinaryFunction::normalizeCFIState() { 2898 // Reordering blocks with remember-restore state instructions can be specially 2899 // tricky. When rewriting the CFI, we omit remember-restore state instructions 2900 // entirely. For restore state, we build a map expanding each restore to the 2901 // equivalent unwindCFIState sequence required at that point to achieve the 2902 // same effect of the restore. All remember state are then just ignored. 2903 std::stack<int32_t> Stack; 2904 for (BinaryBasicBlock *CurBB : Layout.blocks()) { 2905 for (auto II = CurBB->begin(); II != CurBB->end(); ++II) { 2906 if (const MCCFIInstruction *CFI = getCFIFor(*II)) { 2907 if (CFI->getOperation() == MCCFIInstruction::OpRememberState) { 2908 Stack.push(II->getOperand(0).getImm()); 2909 continue; 2910 } 2911 if (CFI->getOperation() == MCCFIInstruction::OpRestoreState) { 2912 const int32_t RememberState = Stack.top(); 2913 const int32_t CurState = II->getOperand(0).getImm(); 2914 FrameRestoreEquivalents[CurState] = 2915 unwindCFIState(CurState, RememberState, CurBB, II); 2916 Stack.pop(); 2917 } 2918 } 2919 } 2920 } 2921 } 2922 2923 bool BinaryFunction::finalizeCFIState() { 2924 LLVM_DEBUG( 2925 dbgs() << "Trying to fix CFI states for each BB after reordering.\n"); 2926 LLVM_DEBUG(dbgs() << "This is the list of CFI states for each BB of " << *this 2927 << ": "); 2928 2929 const char *Sep = ""; 2930 (void)Sep; 2931 for (FunctionFragment &FF : Layout.fragments()) { 2932 // Hot-cold border: at start of each region (with a different FDE) we need 2933 // to reset the CFI state. 2934 int32_t State = 0; 2935 2936 for (BinaryBasicBlock *BB : FF) { 2937 const int32_t CFIStateAtExit = BB->getCFIStateAtExit(); 2938 2939 // We need to recover the correct state if it doesn't match expected 2940 // state at BB entry point. 2941 if (BB->getCFIState() < State) { 2942 // In this case, State is currently higher than what this BB expect it 2943 // to be. To solve this, we need to insert CFI instructions to undo 2944 // the effect of all CFI from BB's state to current State. 2945 auto InsertIt = BB->begin(); 2946 unwindCFIState(State, BB->getCFIState(), BB, InsertIt); 2947 } else if (BB->getCFIState() > State) { 2948 // If BB's CFI state is greater than State, it means we are behind in 2949 // the state. Just emit all instructions to reach this state at the 2950 // beginning of this BB. If this sequence of instructions involve 2951 // remember state or restore state, bail out. 2952 if (!replayCFIInstrs(State, BB->getCFIState(), BB, BB->begin())) 2953 return false; 2954 } 2955 2956 State = CFIStateAtExit; 2957 LLVM_DEBUG(dbgs() << Sep << State; Sep = ", "); 2958 } 2959 } 2960 LLVM_DEBUG(dbgs() << "\n"); 2961 2962 for (BinaryBasicBlock &BB : blocks()) { 2963 for (auto II = BB.begin(); II != BB.end();) { 2964 const MCCFIInstruction *CFI = getCFIFor(*II); 2965 if (CFI && (CFI->getOperation() == MCCFIInstruction::OpRememberState || 2966 CFI->getOperation() == MCCFIInstruction::OpRestoreState)) { 2967 II = BB.eraseInstruction(II); 2968 } else { 2969 ++II; 2970 } 2971 } 2972 } 2973 2974 return true; 2975 } 2976 2977 bool BinaryFunction::requiresAddressTranslation() const { 2978 return opts::EnableBAT || hasSDTMarker() || hasPseudoProbe(); 2979 } 2980 2981 bool BinaryFunction::requiresAddressMap() const { 2982 if (isInjected()) 2983 return false; 2984 2985 return opts::UpdateDebugSections || isMultiEntry() || 2986 requiresAddressTranslation(); 2987 } 2988 2989 uint64_t BinaryFunction::getInstructionCount() const { 2990 uint64_t Count = 0; 2991 for (const BinaryBasicBlock &BB : blocks()) 2992 Count += BB.getNumNonPseudos(); 2993 return Count; 2994 } 2995 2996 void BinaryFunction::clearDisasmState() { 2997 clearList(Instructions); 2998 clearList(IgnoredBranches); 2999 clearList(TakenBranches); 3000 3001 if (BC.HasRelocations) { 3002 for (std::pair<const uint32_t, MCSymbol *> &LI : Labels) 3003 BC.UndefinedSymbols.insert(LI.second); 3004 for (MCSymbol *const EndLabel : FunctionEndLabels) 3005 if (EndLabel) 3006 BC.UndefinedSymbols.insert(EndLabel); 3007 } 3008 } 3009 3010 void BinaryFunction::setTrapOnEntry() { 3011 clearDisasmState(); 3012 3013 forEachEntryPoint([&](uint64_t Offset, const MCSymbol *Label) -> bool { 3014 MCInst TrapInstr; 3015 BC.MIB->createTrap(TrapInstr); 3016 addInstruction(Offset, std::move(TrapInstr)); 3017 return true; 3018 }); 3019 3020 TrapsOnEntry = true; 3021 } 3022 3023 void BinaryFunction::setIgnored() { 3024 if (opts::processAllFunctions()) { 3025 // We can accept ignored functions before they've been disassembled. 3026 // In that case, they would still get disassembled and emited, but not 3027 // optimized. 3028 assert(CurrentState == State::Empty && 3029 "cannot ignore non-empty functions in current mode"); 3030 IsIgnored = true; 3031 return; 3032 } 3033 3034 clearDisasmState(); 3035 3036 // Clear CFG state too. 3037 if (hasCFG()) { 3038 releaseCFG(); 3039 3040 for (BinaryBasicBlock *BB : BasicBlocks) 3041 delete BB; 3042 clearList(BasicBlocks); 3043 3044 for (BinaryBasicBlock *BB : DeletedBasicBlocks) 3045 delete BB; 3046 clearList(DeletedBasicBlocks); 3047 3048 Layout.clear(); 3049 } 3050 3051 CurrentState = State::Empty; 3052 3053 IsIgnored = true; 3054 IsSimple = false; 3055 LLVM_DEBUG(dbgs() << "Ignoring " << getPrintName() << '\n'); 3056 } 3057 3058 void BinaryFunction::duplicateConstantIslands() { 3059 assert(Islands && "function expected to have constant islands"); 3060 3061 for (BinaryBasicBlock *BB : getLayout().blocks()) { 3062 if (!BB->isCold()) 3063 continue; 3064 3065 for (MCInst &Inst : *BB) { 3066 int OpNum = 0; 3067 for (MCOperand &Operand : Inst) { 3068 if (!Operand.isExpr()) { 3069 ++OpNum; 3070 continue; 3071 } 3072 const MCSymbol *Symbol = BC.MIB->getTargetSymbol(Inst, OpNum); 3073 // Check if this is an island symbol 3074 if (!Islands->Symbols.count(Symbol) && 3075 !Islands->ProxySymbols.count(Symbol)) 3076 continue; 3077 3078 // Create cold symbol, if missing 3079 auto ISym = Islands->ColdSymbols.find(Symbol); 3080 MCSymbol *ColdSymbol; 3081 if (ISym != Islands->ColdSymbols.end()) { 3082 ColdSymbol = ISym->second; 3083 } else { 3084 ColdSymbol = BC.Ctx->getOrCreateSymbol(Symbol->getName() + ".cold"); 3085 Islands->ColdSymbols[Symbol] = ColdSymbol; 3086 // Check if this is a proxy island symbol and update owner proxy map 3087 if (Islands->ProxySymbols.count(Symbol)) { 3088 BinaryFunction *Owner = Islands->ProxySymbols[Symbol]; 3089 auto IProxiedSym = Owner->Islands->Proxies[this].find(Symbol); 3090 Owner->Islands->ColdProxies[this][IProxiedSym->second] = ColdSymbol; 3091 } 3092 } 3093 3094 // Update instruction reference 3095 Operand = MCOperand::createExpr(BC.MIB->getTargetExprFor( 3096 Inst, 3097 MCSymbolRefExpr::create(ColdSymbol, MCSymbolRefExpr::VK_None, 3098 *BC.Ctx), 3099 *BC.Ctx, 0)); 3100 ++OpNum; 3101 } 3102 } 3103 } 3104 } 3105 3106 #ifndef MAX_PATH 3107 #define MAX_PATH 255 3108 #endif 3109 3110 static std::string constructFilename(std::string Filename, 3111 std::string Annotation, 3112 std::string Suffix) { 3113 std::replace(Filename.begin(), Filename.end(), '/', '-'); 3114 if (!Annotation.empty()) 3115 Annotation.insert(0, "-"); 3116 if (Filename.size() + Annotation.size() + Suffix.size() > MAX_PATH) { 3117 assert(Suffix.size() + Annotation.size() <= MAX_PATH); 3118 Filename.resize(MAX_PATH - (Suffix.size() + Annotation.size())); 3119 } 3120 Filename += Annotation; 3121 Filename += Suffix; 3122 return Filename; 3123 } 3124 3125 static std::string formatEscapes(const std::string &Str) { 3126 std::string Result; 3127 for (unsigned I = 0; I < Str.size(); ++I) { 3128 char C = Str[I]; 3129 switch (C) { 3130 case '\n': 3131 Result += " "; 3132 break; 3133 case '"': 3134 break; 3135 default: 3136 Result += C; 3137 break; 3138 } 3139 } 3140 return Result; 3141 } 3142 3143 void BinaryFunction::dumpGraph(raw_ostream &OS) const { 3144 OS << "digraph \"" << getPrintName() << "\" {\n" 3145 << "node [fontname=courier, shape=box, style=filled, colorscheme=brbg9]\n"; 3146 uint64_t Offset = Address; 3147 for (BinaryBasicBlock *BB : BasicBlocks) { 3148 auto LayoutPos = find(Layout.blocks(), BB); 3149 unsigned LayoutIndex = LayoutPos - Layout.block_begin(); 3150 const char *ColdStr = BB->isCold() ? " (cold)" : ""; 3151 std::vector<std::string> Attrs; 3152 // Bold box for entry points 3153 if (isEntryPoint(*BB)) 3154 Attrs.push_back("penwidth=2"); 3155 if (BLI && BLI->getLoopFor(BB)) { 3156 // Distinguish innermost loops 3157 const BinaryLoop *Loop = BLI->getLoopFor(BB); 3158 if (Loop->isInnermost()) 3159 Attrs.push_back("fillcolor=6"); 3160 else // some outer loop 3161 Attrs.push_back("fillcolor=4"); 3162 } else { // non-loopy code 3163 Attrs.push_back("fillcolor=5"); 3164 } 3165 ListSeparator LS; 3166 OS << "\"" << BB->getName() << "\" ["; 3167 for (StringRef Attr : Attrs) 3168 OS << LS << Attr; 3169 OS << "]\n"; 3170 OS << format("\"%s\" [label=\"%s%s\\n(C:%lu,O:%lu,I:%u,L:%u,CFI:%u)\\n", 3171 BB->getName().data(), BB->getName().data(), ColdStr, 3172 BB->getKnownExecutionCount(), BB->getOffset(), getIndex(BB), 3173 LayoutIndex, BB->getCFIState()); 3174 3175 if (opts::DotToolTipCode) { 3176 std::string Str; 3177 raw_string_ostream CS(Str); 3178 Offset = BC.printInstructions(CS, BB->begin(), BB->end(), Offset, this, 3179 /* PrintMCInst = */ false, 3180 /* PrintMemData = */ false, 3181 /* PrintRelocations = */ false, 3182 /* Endl = */ R"(\\l)"); 3183 OS << formatEscapes(CS.str()) << '\n'; 3184 } 3185 OS << "\"]\n"; 3186 3187 // analyzeBranch is just used to get the names of the branch 3188 // opcodes. 3189 const MCSymbol *TBB = nullptr; 3190 const MCSymbol *FBB = nullptr; 3191 MCInst *CondBranch = nullptr; 3192 MCInst *UncondBranch = nullptr; 3193 const bool Success = BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch); 3194 3195 const MCInst *LastInstr = BB->getLastNonPseudoInstr(); 3196 const bool IsJumpTable = LastInstr && BC.MIB->getJumpTable(*LastInstr); 3197 3198 auto BI = BB->branch_info_begin(); 3199 for (BinaryBasicBlock *Succ : BB->successors()) { 3200 std::string Branch; 3201 if (Success) { 3202 if (Succ == BB->getConditionalSuccessor(true)) { 3203 Branch = CondBranch ? std::string(BC.InstPrinter->getOpcodeName( 3204 CondBranch->getOpcode())) 3205 : "TB"; 3206 } else if (Succ == BB->getConditionalSuccessor(false)) { 3207 Branch = UncondBranch ? std::string(BC.InstPrinter->getOpcodeName( 3208 UncondBranch->getOpcode())) 3209 : "FB"; 3210 } else { 3211 Branch = "FT"; 3212 } 3213 } 3214 if (IsJumpTable) 3215 Branch = "JT"; 3216 OS << format("\"%s\" -> \"%s\" [label=\"%s", BB->getName().data(), 3217 Succ->getName().data(), Branch.c_str()); 3218 3219 if (BB->getExecutionCount() != COUNT_NO_PROFILE && 3220 BI->MispredictedCount != BinaryBasicBlock::COUNT_INFERRED) { 3221 OS << "\\n(C:" << BI->Count << ",M:" << BI->MispredictedCount << ")"; 3222 } else if (ExecutionCount != COUNT_NO_PROFILE && 3223 BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE) { 3224 OS << "\\n(IC:" << BI->Count << ")"; 3225 } 3226 OS << "\"]\n"; 3227 3228 ++BI; 3229 } 3230 for (BinaryBasicBlock *LP : BB->landing_pads()) { 3231 OS << format("\"%s\" -> \"%s\" [constraint=false style=dashed]\n", 3232 BB->getName().data(), LP->getName().data()); 3233 } 3234 } 3235 OS << "}\n"; 3236 } 3237 3238 void BinaryFunction::viewGraph() const { 3239 SmallString<MAX_PATH> Filename; 3240 if (std::error_code EC = 3241 sys::fs::createTemporaryFile("bolt-cfg", "dot", Filename)) { 3242 BC.errs() << "BOLT-ERROR: " << EC.message() << ", unable to create " 3243 << " bolt-cfg-XXXXX.dot temporary file.\n"; 3244 return; 3245 } 3246 dumpGraphToFile(std::string(Filename)); 3247 if (DisplayGraph(Filename)) 3248 BC.errs() << "BOLT-ERROR: Can't display " << Filename 3249 << " with graphviz.\n"; 3250 if (std::error_code EC = sys::fs::remove(Filename)) { 3251 BC.errs() << "BOLT-WARNING: " << EC.message() << ", failed to remove " 3252 << Filename << "\n"; 3253 } 3254 } 3255 3256 void BinaryFunction::dumpGraphForPass(std::string Annotation) const { 3257 if (!opts::shouldPrint(*this)) 3258 return; 3259 3260 std::string Filename = constructFilename(getPrintName(), Annotation, ".dot"); 3261 if (opts::Verbosity >= 1) 3262 BC.outs() << "BOLT-INFO: dumping CFG to " << Filename << "\n"; 3263 dumpGraphToFile(Filename); 3264 } 3265 3266 void BinaryFunction::dumpGraphToFile(std::string Filename) const { 3267 std::error_code EC; 3268 raw_fd_ostream of(Filename, EC, sys::fs::OF_None); 3269 if (EC) { 3270 if (opts::Verbosity >= 1) { 3271 BC.errs() << "BOLT-WARNING: " << EC.message() << ", unable to open " 3272 << Filename << " for output.\n"; 3273 } 3274 return; 3275 } 3276 dumpGraph(of); 3277 } 3278 3279 bool BinaryFunction::validateCFG() const { 3280 // Skip the validation of CFG after it is finalized 3281 if (CurrentState == State::CFG_Finalized) 3282 return true; 3283 3284 for (BinaryBasicBlock *BB : BasicBlocks) 3285 if (!BB->validateSuccessorInvariants()) 3286 return false; 3287 3288 // Make sure all blocks in CFG are valid. 3289 auto validateBlock = [this](const BinaryBasicBlock *BB, StringRef Desc) { 3290 if (!BB->isValid()) { 3291 BC.errs() << "BOLT-ERROR: deleted " << Desc << " " << BB->getName() 3292 << " detected in:\n"; 3293 this->dump(); 3294 return false; 3295 } 3296 return true; 3297 }; 3298 for (const BinaryBasicBlock *BB : BasicBlocks) { 3299 if (!validateBlock(BB, "block")) 3300 return false; 3301 for (const BinaryBasicBlock *PredBB : BB->predecessors()) 3302 if (!validateBlock(PredBB, "predecessor")) 3303 return false; 3304 for (const BinaryBasicBlock *SuccBB : BB->successors()) 3305 if (!validateBlock(SuccBB, "successor")) 3306 return false; 3307 for (const BinaryBasicBlock *LP : BB->landing_pads()) 3308 if (!validateBlock(LP, "landing pad")) 3309 return false; 3310 for (const BinaryBasicBlock *Thrower : BB->throwers()) 3311 if (!validateBlock(Thrower, "thrower")) 3312 return false; 3313 } 3314 3315 for (const BinaryBasicBlock *BB : BasicBlocks) { 3316 std::unordered_set<const BinaryBasicBlock *> BBLandingPads; 3317 for (const BinaryBasicBlock *LP : BB->landing_pads()) { 3318 if (BBLandingPads.count(LP)) { 3319 BC.errs() << "BOLT-ERROR: duplicate landing pad detected in" 3320 << BB->getName() << " in function " << *this << '\n'; 3321 return false; 3322 } 3323 BBLandingPads.insert(LP); 3324 } 3325 3326 std::unordered_set<const BinaryBasicBlock *> BBThrowers; 3327 for (const BinaryBasicBlock *Thrower : BB->throwers()) { 3328 if (BBThrowers.count(Thrower)) { 3329 BC.errs() << "BOLT-ERROR: duplicate thrower detected in" 3330 << BB->getName() << " in function " << *this << '\n'; 3331 return false; 3332 } 3333 BBThrowers.insert(Thrower); 3334 } 3335 3336 for (const BinaryBasicBlock *LPBlock : BB->landing_pads()) { 3337 if (!llvm::is_contained(LPBlock->throwers(), BB)) { 3338 BC.errs() << "BOLT-ERROR: inconsistent landing pad detected in " 3339 << *this << ": " << BB->getName() 3340 << " is in LandingPads but not in " << LPBlock->getName() 3341 << " Throwers\n"; 3342 return false; 3343 } 3344 } 3345 for (const BinaryBasicBlock *Thrower : BB->throwers()) { 3346 if (!llvm::is_contained(Thrower->landing_pads(), BB)) { 3347 BC.errs() << "BOLT-ERROR: inconsistent thrower detected in " << *this 3348 << ": " << BB->getName() << " is in Throwers list but not in " 3349 << Thrower->getName() << " LandingPads\n"; 3350 return false; 3351 } 3352 } 3353 } 3354 3355 return true; 3356 } 3357 3358 void BinaryFunction::fixBranches() { 3359 auto &MIB = BC.MIB; 3360 MCContext *Ctx = BC.Ctx.get(); 3361 3362 for (BinaryBasicBlock *BB : BasicBlocks) { 3363 const MCSymbol *TBB = nullptr; 3364 const MCSymbol *FBB = nullptr; 3365 MCInst *CondBranch = nullptr; 3366 MCInst *UncondBranch = nullptr; 3367 if (!BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch)) 3368 continue; 3369 3370 // We will create unconditional branch with correct destination if needed. 3371 if (UncondBranch) 3372 BB->eraseInstruction(BB->findInstruction(UncondBranch)); 3373 3374 // Basic block that follows the current one in the final layout. 3375 const BinaryBasicBlock *const NextBB = 3376 Layout.getBasicBlockAfter(BB, /*IgnoreSplits=*/false); 3377 3378 if (BB->succ_size() == 1) { 3379 // __builtin_unreachable() could create a conditional branch that 3380 // falls-through into the next function - hence the block will have only 3381 // one valid successor. Since behaviour is undefined - we replace 3382 // the conditional branch with an unconditional if required. 3383 if (CondBranch) 3384 BB->eraseInstruction(BB->findInstruction(CondBranch)); 3385 if (BB->getSuccessor() == NextBB) 3386 continue; 3387 BB->addBranchInstruction(BB->getSuccessor()); 3388 } else if (BB->succ_size() == 2) { 3389 assert(CondBranch && "conditional branch expected"); 3390 const BinaryBasicBlock *TSuccessor = BB->getConditionalSuccessor(true); 3391 const BinaryBasicBlock *FSuccessor = BB->getConditionalSuccessor(false); 3392 3393 // Eliminate unnecessary conditional branch. 3394 if (TSuccessor == FSuccessor) { 3395 // FIXME: at the moment, we cannot safely remove static key branches. 3396 if (MIB->isDynamicBranch(*CondBranch)) { 3397 if (opts::Verbosity) { 3398 BC.outs() 3399 << "BOLT-INFO: unable to remove redundant dynamic branch in " 3400 << *this << '\n'; 3401 } 3402 continue; 3403 } 3404 3405 BB->removeDuplicateConditionalSuccessor(CondBranch); 3406 if (TSuccessor != NextBB) 3407 BB->addBranchInstruction(TSuccessor); 3408 continue; 3409 } 3410 3411 // Reverse branch condition and swap successors. 3412 auto swapSuccessors = [&]() { 3413 if (!MIB->isReversibleBranch(*CondBranch)) { 3414 if (opts::Verbosity) { 3415 BC.outs() << "BOLT-INFO: unable to swap successors in " << *this 3416 << '\n'; 3417 } 3418 return false; 3419 } 3420 std::swap(TSuccessor, FSuccessor); 3421 BB->swapConditionalSuccessors(); 3422 auto L = BC.scopeLock(); 3423 MIB->reverseBranchCondition(*CondBranch, TSuccessor->getLabel(), Ctx); 3424 return true; 3425 }; 3426 3427 // Check whether the next block is a "taken" target and try to swap it 3428 // with a "fall-through" target. 3429 if (TSuccessor == NextBB && swapSuccessors()) 3430 continue; 3431 3432 // Update conditional branch destination if needed. 3433 if (MIB->getTargetSymbol(*CondBranch) != TSuccessor->getLabel()) { 3434 auto L = BC.scopeLock(); 3435 MIB->replaceBranchTarget(*CondBranch, TSuccessor->getLabel(), Ctx); 3436 } 3437 3438 // No need for the unconditional branch. 3439 if (FSuccessor == NextBB) 3440 continue; 3441 3442 if (BC.isX86()) { 3443 // We are going to generate two branches. Check if their targets are in 3444 // the same fragment as this block. If only one target is in the same 3445 // fragment, make it the destination of the conditional branch. There 3446 // is a chance it will be a short branch which takes 4 bytes fewer than 3447 // a long conditional branch. For unconditional branch, the difference 3448 // is 3 bytes. 3449 if (BB->getFragmentNum() != TSuccessor->getFragmentNum() && 3450 BB->getFragmentNum() == FSuccessor->getFragmentNum()) 3451 swapSuccessors(); 3452 } 3453 3454 BB->addBranchInstruction(FSuccessor); 3455 } 3456 // Cases where the number of successors is 0 (block ends with a 3457 // terminator) or more than 2 (switch table) don't require branch 3458 // instruction adjustments. 3459 } 3460 assert((!isSimple() || validateCFG()) && 3461 "Invalid CFG detected after fixing branches"); 3462 } 3463 3464 void BinaryFunction::propagateGnuArgsSizeInfo( 3465 MCPlusBuilder::AllocatorIdTy AllocId) { 3466 assert(CurrentState == State::Disassembled && "unexpected function state"); 3467 3468 if (!hasEHRanges() || !usesGnuArgsSize()) 3469 return; 3470 3471 // The current value of DW_CFA_GNU_args_size affects all following 3472 // invoke instructions until the next CFI overrides it. 3473 // It is important to iterate basic blocks in the original order when 3474 // assigning the value. 3475 uint64_t CurrentGnuArgsSize = 0; 3476 for (BinaryBasicBlock *BB : BasicBlocks) { 3477 for (auto II = BB->begin(); II != BB->end();) { 3478 MCInst &Instr = *II; 3479 if (BC.MIB->isCFI(Instr)) { 3480 const MCCFIInstruction *CFI = getCFIFor(Instr); 3481 if (CFI->getOperation() == MCCFIInstruction::OpGnuArgsSize) { 3482 CurrentGnuArgsSize = CFI->getOffset(); 3483 // Delete DW_CFA_GNU_args_size instructions and only regenerate 3484 // during the final code emission. The information is embedded 3485 // inside call instructions. 3486 II = BB->erasePseudoInstruction(II); 3487 continue; 3488 } 3489 } else if (BC.MIB->isInvoke(Instr)) { 3490 // Add the value of GNU_args_size as an extra operand to invokes. 3491 BC.MIB->addGnuArgsSize(Instr, CurrentGnuArgsSize); 3492 } 3493 ++II; 3494 } 3495 } 3496 } 3497 3498 void BinaryFunction::postProcessBranches() { 3499 if (!isSimple()) 3500 return; 3501 for (BinaryBasicBlock &BB : blocks()) { 3502 auto LastInstrRI = BB.getLastNonPseudo(); 3503 if (BB.succ_size() == 1) { 3504 if (LastInstrRI != BB.rend() && 3505 BC.MIB->isConditionalBranch(*LastInstrRI)) { 3506 // __builtin_unreachable() could create a conditional branch that 3507 // falls-through into the next function - hence the block will have only 3508 // one valid successor. Such behaviour is undefined and thus we remove 3509 // the conditional branch while leaving a valid successor. 3510 BB.eraseInstruction(std::prev(LastInstrRI.base())); 3511 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: erasing conditional branch in " 3512 << BB.getName() << " in function " << *this << '\n'); 3513 } 3514 } else if (BB.succ_size() == 0) { 3515 // Ignore unreachable basic blocks. 3516 if (BB.pred_size() == 0 || BB.isLandingPad()) 3517 continue; 3518 3519 // If it's the basic block that does not end up with a terminator - we 3520 // insert a return instruction unless it's a call instruction. 3521 if (LastInstrRI == BB.rend()) { 3522 LLVM_DEBUG( 3523 dbgs() << "BOLT-DEBUG: at least one instruction expected in BB " 3524 << BB.getName() << " in function " << *this << '\n'); 3525 continue; 3526 } 3527 if (!BC.MIB->isTerminator(*LastInstrRI) && 3528 !BC.MIB->isCall(*LastInstrRI)) { 3529 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: adding return to basic block " 3530 << BB.getName() << " in function " << *this << '\n'); 3531 MCInst ReturnInstr; 3532 BC.MIB->createReturn(ReturnInstr); 3533 BB.addInstruction(ReturnInstr); 3534 } 3535 } 3536 } 3537 assert(validateCFG() && "invalid CFG"); 3538 } 3539 3540 MCSymbol *BinaryFunction::addEntryPointAtOffset(uint64_t Offset) { 3541 assert(Offset && "cannot add primary entry point"); 3542 assert(CurrentState == State::Empty || CurrentState == State::Disassembled); 3543 3544 const uint64_t EntryPointAddress = getAddress() + Offset; 3545 MCSymbol *LocalSymbol = getOrCreateLocalLabel(EntryPointAddress); 3546 3547 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(LocalSymbol); 3548 if (EntrySymbol) 3549 return EntrySymbol; 3550 3551 if (BinaryData *EntryBD = BC.getBinaryDataAtAddress(EntryPointAddress)) { 3552 EntrySymbol = EntryBD->getSymbol(); 3553 } else { 3554 EntrySymbol = BC.getOrCreateGlobalSymbol( 3555 EntryPointAddress, Twine("__ENTRY_") + getOneName() + "@"); 3556 } 3557 SecondaryEntryPoints[LocalSymbol] = EntrySymbol; 3558 3559 BC.setSymbolToFunctionMap(EntrySymbol, this); 3560 3561 return EntrySymbol; 3562 } 3563 3564 MCSymbol *BinaryFunction::addEntryPoint(const BinaryBasicBlock &BB) { 3565 assert(CurrentState == State::CFG && 3566 "basic block can be added as an entry only in a function with CFG"); 3567 3568 if (&BB == BasicBlocks.front()) 3569 return getSymbol(); 3570 3571 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(BB); 3572 if (EntrySymbol) 3573 return EntrySymbol; 3574 3575 EntrySymbol = 3576 BC.Ctx->getOrCreateSymbol("__ENTRY_" + BB.getLabel()->getName()); 3577 3578 SecondaryEntryPoints[BB.getLabel()] = EntrySymbol; 3579 3580 BC.setSymbolToFunctionMap(EntrySymbol, this); 3581 3582 return EntrySymbol; 3583 } 3584 3585 MCSymbol *BinaryFunction::getSymbolForEntryID(uint64_t EntryID) { 3586 if (EntryID == 0) 3587 return getSymbol(); 3588 3589 if (!isMultiEntry()) 3590 return nullptr; 3591 3592 uint64_t NumEntries = 1; 3593 if (hasCFG()) { 3594 for (BinaryBasicBlock *BB : BasicBlocks) { 3595 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB); 3596 if (!EntrySymbol) 3597 continue; 3598 if (NumEntries == EntryID) 3599 return EntrySymbol; 3600 ++NumEntries; 3601 } 3602 } else { 3603 for (std::pair<const uint32_t, MCSymbol *> &KV : Labels) { 3604 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second); 3605 if (!EntrySymbol) 3606 continue; 3607 if (NumEntries == EntryID) 3608 return EntrySymbol; 3609 ++NumEntries; 3610 } 3611 } 3612 3613 return nullptr; 3614 } 3615 3616 uint64_t BinaryFunction::getEntryIDForSymbol(const MCSymbol *Symbol) const { 3617 if (!isMultiEntry()) 3618 return 0; 3619 3620 for (const MCSymbol *FunctionSymbol : getSymbols()) 3621 if (FunctionSymbol == Symbol) 3622 return 0; 3623 3624 // Check all secondary entries available as either basic blocks or lables. 3625 uint64_t NumEntries = 1; 3626 for (const BinaryBasicBlock *BB : BasicBlocks) { 3627 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB); 3628 if (!EntrySymbol) 3629 continue; 3630 if (EntrySymbol == Symbol) 3631 return NumEntries; 3632 ++NumEntries; 3633 } 3634 NumEntries = 1; 3635 for (const std::pair<const uint32_t, MCSymbol *> &KV : Labels) { 3636 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second); 3637 if (!EntrySymbol) 3638 continue; 3639 if (EntrySymbol == Symbol) 3640 return NumEntries; 3641 ++NumEntries; 3642 } 3643 3644 llvm_unreachable("symbol not found"); 3645 } 3646 3647 bool BinaryFunction::forEachEntryPoint(EntryPointCallbackTy Callback) const { 3648 bool Status = Callback(0, getSymbol()); 3649 if (!isMultiEntry()) 3650 return Status; 3651 3652 for (const std::pair<const uint32_t, MCSymbol *> &KV : Labels) { 3653 if (!Status) 3654 break; 3655 3656 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second); 3657 if (!EntrySymbol) 3658 continue; 3659 3660 Status = Callback(KV.first, EntrySymbol); 3661 } 3662 3663 return Status; 3664 } 3665 3666 BinaryFunction::BasicBlockListType BinaryFunction::dfs() const { 3667 BasicBlockListType DFS; 3668 std::stack<BinaryBasicBlock *> Stack; 3669 std::set<BinaryBasicBlock *> Visited; 3670 3671 // Push entry points to the stack in reverse order. 3672 // 3673 // NB: we rely on the original order of entries to match. 3674 SmallVector<BinaryBasicBlock *> EntryPoints; 3675 llvm::copy_if(BasicBlocks, std::back_inserter(EntryPoints), 3676 [&](const BinaryBasicBlock *const BB) { return isEntryPoint(*BB); }); 3677 // Sort entry points by their offset to make sure we got them in the right 3678 // order. 3679 llvm::stable_sort(EntryPoints, [](const BinaryBasicBlock *const A, 3680 const BinaryBasicBlock *const B) { 3681 return A->getOffset() < B->getOffset(); 3682 }); 3683 for (BinaryBasicBlock *const BB : reverse(EntryPoints)) 3684 Stack.push(BB); 3685 3686 while (!Stack.empty()) { 3687 BinaryBasicBlock *BB = Stack.top(); 3688 Stack.pop(); 3689 3690 if (!Visited.insert(BB).second) 3691 continue; 3692 DFS.push_back(BB); 3693 3694 for (BinaryBasicBlock *SuccBB : BB->landing_pads()) { 3695 Stack.push(SuccBB); 3696 } 3697 3698 const MCSymbol *TBB = nullptr; 3699 const MCSymbol *FBB = nullptr; 3700 MCInst *CondBranch = nullptr; 3701 MCInst *UncondBranch = nullptr; 3702 if (BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch) && CondBranch && 3703 BB->succ_size() == 2) { 3704 if (BC.MIB->getCanonicalBranchCondCode(BC.MIB->getCondCode( 3705 *CondBranch)) == BC.MIB->getCondCode(*CondBranch)) { 3706 Stack.push(BB->getConditionalSuccessor(true)); 3707 Stack.push(BB->getConditionalSuccessor(false)); 3708 } else { 3709 Stack.push(BB->getConditionalSuccessor(false)); 3710 Stack.push(BB->getConditionalSuccessor(true)); 3711 } 3712 } else { 3713 for (BinaryBasicBlock *SuccBB : BB->successors()) { 3714 Stack.push(SuccBB); 3715 } 3716 } 3717 } 3718 3719 return DFS; 3720 } 3721 3722 size_t BinaryFunction::computeHash(bool UseDFS, HashFunction HashFunction, 3723 OperandHashFuncTy OperandHashFunc) const { 3724 LLVM_DEBUG({ 3725 dbgs() << "BOLT-DEBUG: computeHash " << getPrintName() << ' ' 3726 << (UseDFS ? "dfs" : "bin") << " order " 3727 << (HashFunction == HashFunction::StdHash ? "std::hash" : "xxh3") 3728 << '\n'; 3729 }); 3730 3731 if (size() == 0) 3732 return 0; 3733 3734 assert(hasCFG() && "function is expected to have CFG"); 3735 3736 SmallVector<const BinaryBasicBlock *, 0> Order; 3737 if (UseDFS) 3738 llvm::copy(dfs(), std::back_inserter(Order)); 3739 else 3740 llvm::copy(Layout.blocks(), std::back_inserter(Order)); 3741 3742 // The hash is computed by creating a string of all instruction opcodes and 3743 // possibly their operands and then hashing that string with std::hash. 3744 std::string HashString; 3745 for (const BinaryBasicBlock *BB : Order) 3746 HashString.append(hashBlock(BC, *BB, OperandHashFunc)); 3747 3748 switch (HashFunction) { 3749 case HashFunction::StdHash: 3750 return Hash = std::hash<std::string>{}(HashString); 3751 case HashFunction::XXH3: 3752 return Hash = llvm::xxh3_64bits(HashString); 3753 } 3754 llvm_unreachable("Unhandled HashFunction"); 3755 } 3756 3757 void BinaryFunction::insertBasicBlocks( 3758 BinaryBasicBlock *Start, 3759 std::vector<std::unique_ptr<BinaryBasicBlock>> &&NewBBs, 3760 const bool UpdateLayout, const bool UpdateCFIState, 3761 const bool RecomputeLandingPads) { 3762 const int64_t StartIndex = Start ? getIndex(Start) : -1LL; 3763 const size_t NumNewBlocks = NewBBs.size(); 3764 3765 BasicBlocks.insert(BasicBlocks.begin() + (StartIndex + 1), NumNewBlocks, 3766 nullptr); 3767 3768 int64_t I = StartIndex + 1; 3769 for (std::unique_ptr<BinaryBasicBlock> &BB : NewBBs) { 3770 assert(!BasicBlocks[I]); 3771 BasicBlocks[I++] = BB.release(); 3772 } 3773 3774 if (RecomputeLandingPads) 3775 recomputeLandingPads(); 3776 else 3777 updateBBIndices(0); 3778 3779 if (UpdateLayout) 3780 updateLayout(Start, NumNewBlocks); 3781 3782 if (UpdateCFIState) 3783 updateCFIState(Start, NumNewBlocks); 3784 } 3785 3786 BinaryFunction::iterator BinaryFunction::insertBasicBlocks( 3787 BinaryFunction::iterator StartBB, 3788 std::vector<std::unique_ptr<BinaryBasicBlock>> &&NewBBs, 3789 const bool UpdateLayout, const bool UpdateCFIState, 3790 const bool RecomputeLandingPads) { 3791 const unsigned StartIndex = getIndex(&*StartBB); 3792 const size_t NumNewBlocks = NewBBs.size(); 3793 3794 BasicBlocks.insert(BasicBlocks.begin() + StartIndex + 1, NumNewBlocks, 3795 nullptr); 3796 auto RetIter = BasicBlocks.begin() + StartIndex + 1; 3797 3798 unsigned I = StartIndex + 1; 3799 for (std::unique_ptr<BinaryBasicBlock> &BB : NewBBs) { 3800 assert(!BasicBlocks[I]); 3801 BasicBlocks[I++] = BB.release(); 3802 } 3803 3804 if (RecomputeLandingPads) 3805 recomputeLandingPads(); 3806 else 3807 updateBBIndices(0); 3808 3809 if (UpdateLayout) 3810 updateLayout(*std::prev(RetIter), NumNewBlocks); 3811 3812 if (UpdateCFIState) 3813 updateCFIState(*std::prev(RetIter), NumNewBlocks); 3814 3815 return RetIter; 3816 } 3817 3818 void BinaryFunction::updateBBIndices(const unsigned StartIndex) { 3819 for (unsigned I = StartIndex; I < BasicBlocks.size(); ++I) 3820 BasicBlocks[I]->Index = I; 3821 } 3822 3823 void BinaryFunction::updateCFIState(BinaryBasicBlock *Start, 3824 const unsigned NumNewBlocks) { 3825 const int32_t CFIState = Start->getCFIStateAtExit(); 3826 const unsigned StartIndex = getIndex(Start) + 1; 3827 for (unsigned I = 0; I < NumNewBlocks; ++I) 3828 BasicBlocks[StartIndex + I]->setCFIState(CFIState); 3829 } 3830 3831 void BinaryFunction::updateLayout(BinaryBasicBlock *Start, 3832 const unsigned NumNewBlocks) { 3833 BasicBlockListType::iterator Begin; 3834 BasicBlockListType::iterator End; 3835 3836 // If start not provided copy new blocks from the beginning of BasicBlocks 3837 if (!Start) { 3838 Begin = BasicBlocks.begin(); 3839 End = BasicBlocks.begin() + NumNewBlocks; 3840 } else { 3841 unsigned StartIndex = getIndex(Start); 3842 Begin = std::next(BasicBlocks.begin(), StartIndex + 1); 3843 End = std::next(BasicBlocks.begin(), StartIndex + NumNewBlocks + 1); 3844 } 3845 3846 // Insert new blocks in the layout immediately after Start. 3847 Layout.insertBasicBlocks(Start, {Begin, End}); 3848 Layout.updateLayoutIndices(); 3849 } 3850 3851 bool BinaryFunction::checkForAmbiguousJumpTables() { 3852 SmallSet<uint64_t, 4> JumpTables; 3853 for (BinaryBasicBlock *&BB : BasicBlocks) { 3854 for (MCInst &Inst : *BB) { 3855 if (!BC.MIB->isIndirectBranch(Inst)) 3856 continue; 3857 uint64_t JTAddress = BC.MIB->getJumpTable(Inst); 3858 if (!JTAddress) 3859 continue; 3860 // This address can be inside another jump table, but we only consider 3861 // it ambiguous when the same start address is used, not the same JT 3862 // object. 3863 if (!JumpTables.count(JTAddress)) { 3864 JumpTables.insert(JTAddress); 3865 continue; 3866 } 3867 return true; 3868 } 3869 } 3870 return false; 3871 } 3872 3873 void BinaryFunction::disambiguateJumpTables( 3874 MCPlusBuilder::AllocatorIdTy AllocId) { 3875 assert((opts::JumpTables != JTS_BASIC && isSimple()) || !BC.HasRelocations); 3876 SmallPtrSet<JumpTable *, 4> JumpTables; 3877 for (BinaryBasicBlock *&BB : BasicBlocks) { 3878 for (MCInst &Inst : *BB) { 3879 if (!BC.MIB->isIndirectBranch(Inst)) 3880 continue; 3881 JumpTable *JT = getJumpTable(Inst); 3882 if (!JT) 3883 continue; 3884 if (JumpTables.insert(JT).second) 3885 continue; 3886 // This instruction is an indirect jump using a jump table, but it is 3887 // using the same jump table of another jump. Try all our tricks to 3888 // extract the jump table symbol and make it point to a new, duplicated JT 3889 MCPhysReg BaseReg1; 3890 uint64_t Scale; 3891 const MCSymbol *Target; 3892 // In case we match if our first matcher, first instruction is the one to 3893 // patch 3894 MCInst *JTLoadInst = &Inst; 3895 // Try a standard indirect jump matcher, scale 8 3896 std::unique_ptr<MCPlusBuilder::MCInstMatcher> IndJmpMatcher = 3897 BC.MIB->matchIndJmp(BC.MIB->matchReg(BaseReg1), 3898 BC.MIB->matchImm(Scale), BC.MIB->matchReg(), 3899 /*Offset=*/BC.MIB->matchSymbol(Target)); 3900 if (!IndJmpMatcher->match( 3901 *BC.MRI, *BC.MIB, 3902 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) || 3903 BaseReg1 != BC.MIB->getNoRegister() || Scale != 8) { 3904 MCPhysReg BaseReg2; 3905 uint64_t Offset; 3906 // Standard JT matching failed. Trying now: 3907 // movq "jt.2397/1"(,%rax,8), %rax 3908 // jmpq *%rax 3909 std::unique_ptr<MCPlusBuilder::MCInstMatcher> LoadMatcherOwner = 3910 BC.MIB->matchLoad(BC.MIB->matchReg(BaseReg1), 3911 BC.MIB->matchImm(Scale), BC.MIB->matchReg(), 3912 /*Offset=*/BC.MIB->matchSymbol(Target)); 3913 MCPlusBuilder::MCInstMatcher *LoadMatcher = LoadMatcherOwner.get(); 3914 std::unique_ptr<MCPlusBuilder::MCInstMatcher> IndJmpMatcher2 = 3915 BC.MIB->matchIndJmp(std::move(LoadMatcherOwner)); 3916 if (!IndJmpMatcher2->match( 3917 *BC.MRI, *BC.MIB, 3918 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) || 3919 BaseReg1 != BC.MIB->getNoRegister() || Scale != 8) { 3920 // JT matching failed. Trying now: 3921 // PIC-style matcher, scale 4 3922 // addq %rdx, %rsi 3923 // addq %rdx, %rdi 3924 // leaq DATAat0x402450(%rip), %r11 3925 // movslq (%r11,%rdx,4), %rcx 3926 // addq %r11, %rcx 3927 // jmpq *%rcx # JUMPTABLE @0x402450 3928 std::unique_ptr<MCPlusBuilder::MCInstMatcher> PICIndJmpMatcher = 3929 BC.MIB->matchIndJmp(BC.MIB->matchAdd( 3930 BC.MIB->matchReg(BaseReg1), 3931 BC.MIB->matchLoad(BC.MIB->matchReg(BaseReg2), 3932 BC.MIB->matchImm(Scale), BC.MIB->matchReg(), 3933 BC.MIB->matchImm(Offset)))); 3934 std::unique_ptr<MCPlusBuilder::MCInstMatcher> LEAMatcherOwner = 3935 BC.MIB->matchLoadAddr(BC.MIB->matchSymbol(Target)); 3936 MCPlusBuilder::MCInstMatcher *LEAMatcher = LEAMatcherOwner.get(); 3937 std::unique_ptr<MCPlusBuilder::MCInstMatcher> PICBaseAddrMatcher = 3938 BC.MIB->matchIndJmp(BC.MIB->matchAdd(std::move(LEAMatcherOwner), 3939 BC.MIB->matchAnyOperand())); 3940 if (!PICIndJmpMatcher->match( 3941 *BC.MRI, *BC.MIB, 3942 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) || 3943 Scale != 4 || BaseReg1 != BaseReg2 || Offset != 0 || 3944 !PICBaseAddrMatcher->match( 3945 *BC.MRI, *BC.MIB, 3946 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1)) { 3947 llvm_unreachable("Failed to extract jump table base"); 3948 continue; 3949 } 3950 // Matched PIC, identify the instruction with the reference to the JT 3951 JTLoadInst = LEAMatcher->CurInst; 3952 } else { 3953 // Matched non-PIC 3954 JTLoadInst = LoadMatcher->CurInst; 3955 } 3956 } 3957 3958 uint64_t NewJumpTableID = 0; 3959 const MCSymbol *NewJTLabel; 3960 std::tie(NewJumpTableID, NewJTLabel) = 3961 BC.duplicateJumpTable(*this, JT, Target); 3962 { 3963 auto L = BC.scopeLock(); 3964 BC.MIB->replaceMemOperandDisp(*JTLoadInst, NewJTLabel, BC.Ctx.get()); 3965 } 3966 // We use a unique ID with the high bit set as address for this "injected" 3967 // jump table (not originally in the input binary). 3968 BC.MIB->setJumpTable(Inst, NewJumpTableID, 0, AllocId); 3969 } 3970 } 3971 } 3972 3973 bool BinaryFunction::replaceJumpTableEntryIn(BinaryBasicBlock *BB, 3974 BinaryBasicBlock *OldDest, 3975 BinaryBasicBlock *NewDest) { 3976 MCInst *Instr = BB->getLastNonPseudoInstr(); 3977 if (!Instr || !BC.MIB->isIndirectBranch(*Instr)) 3978 return false; 3979 uint64_t JTAddress = BC.MIB->getJumpTable(*Instr); 3980 assert(JTAddress && "Invalid jump table address"); 3981 JumpTable *JT = getJumpTableContainingAddress(JTAddress); 3982 assert(JT && "No jump table structure for this indirect branch"); 3983 bool Patched = JT->replaceDestination(JTAddress, OldDest->getLabel(), 3984 NewDest->getLabel()); 3985 (void)Patched; 3986 assert(Patched && "Invalid entry to be replaced in jump table"); 3987 return true; 3988 } 3989 3990 BinaryBasicBlock *BinaryFunction::splitEdge(BinaryBasicBlock *From, 3991 BinaryBasicBlock *To) { 3992 // Create intermediate BB 3993 MCSymbol *Tmp; 3994 { 3995 auto L = BC.scopeLock(); 3996 Tmp = BC.Ctx->createNamedTempSymbol("SplitEdge"); 3997 } 3998 // Link new BBs to the original input offset of the From BB, so we can map 3999 // samples recorded in new BBs back to the original BB seem in the input 4000 // binary (if using BAT) 4001 std::unique_ptr<BinaryBasicBlock> NewBB = createBasicBlock(Tmp); 4002 NewBB->setOffset(From->getInputOffset()); 4003 BinaryBasicBlock *NewBBPtr = NewBB.get(); 4004 4005 // Update "From" BB 4006 auto I = From->succ_begin(); 4007 auto BI = From->branch_info_begin(); 4008 for (; I != From->succ_end(); ++I) { 4009 if (*I == To) 4010 break; 4011 ++BI; 4012 } 4013 assert(I != From->succ_end() && "Invalid CFG edge in splitEdge!"); 4014 uint64_t OrigCount = BI->Count; 4015 uint64_t OrigMispreds = BI->MispredictedCount; 4016 replaceJumpTableEntryIn(From, To, NewBBPtr); 4017 From->replaceSuccessor(To, NewBBPtr, OrigCount, OrigMispreds); 4018 4019 NewBB->addSuccessor(To, OrigCount, OrigMispreds); 4020 NewBB->setExecutionCount(OrigCount); 4021 NewBB->setIsCold(From->isCold()); 4022 4023 // Update CFI and BB layout with new intermediate BB 4024 std::vector<std::unique_ptr<BinaryBasicBlock>> NewBBs; 4025 NewBBs.emplace_back(std::move(NewBB)); 4026 insertBasicBlocks(From, std::move(NewBBs), true, true, 4027 /*RecomputeLandingPads=*/false); 4028 return NewBBPtr; 4029 } 4030 4031 void BinaryFunction::deleteConservativeEdges() { 4032 // Our goal is to aggressively remove edges from the CFG that we believe are 4033 // wrong. This is used for instrumentation, where it is safe to remove 4034 // fallthrough edges because we won't reorder blocks. 4035 for (auto I = BasicBlocks.begin(), E = BasicBlocks.end(); I != E; ++I) { 4036 BinaryBasicBlock *BB = *I; 4037 if (BB->succ_size() != 1 || BB->size() == 0) 4038 continue; 4039 4040 auto NextBB = std::next(I); 4041 MCInst *Last = BB->getLastNonPseudoInstr(); 4042 // Fallthrough is a landing pad? Delete this edge (as long as we don't 4043 // have a direct jump to it) 4044 if ((*BB->succ_begin())->isLandingPad() && NextBB != E && 4045 *BB->succ_begin() == *NextBB && Last && !BC.MIB->isBranch(*Last)) { 4046 BB->removeAllSuccessors(); 4047 continue; 4048 } 4049 4050 // Look for suspicious calls at the end of BB where gcc may optimize it and 4051 // remove the jump to the epilogue when it knows the call won't return. 4052 if (!Last || !BC.MIB->isCall(*Last)) 4053 continue; 4054 4055 const MCSymbol *CalleeSymbol = BC.MIB->getTargetSymbol(*Last); 4056 if (!CalleeSymbol) 4057 continue; 4058 4059 StringRef CalleeName = CalleeSymbol->getName(); 4060 if (CalleeName != "__cxa_throw@PLT" && CalleeName != "_Unwind_Resume@PLT" && 4061 CalleeName != "__cxa_rethrow@PLT" && CalleeName != "exit@PLT" && 4062 CalleeName != "abort@PLT") 4063 continue; 4064 4065 BB->removeAllSuccessors(); 4066 } 4067 } 4068 4069 bool BinaryFunction::isSymbolValidInScope(const SymbolRef &Symbol, 4070 uint64_t SymbolSize) const { 4071 // If this symbol is in a different section from the one where the 4072 // function symbol is, don't consider it as valid. 4073 if (!getOriginSection()->containsAddress( 4074 cantFail(Symbol.getAddress(), "cannot get symbol address"))) 4075 return false; 4076 4077 // Some symbols are tolerated inside function bodies, others are not. 4078 // The real function boundaries may not be known at this point. 4079 if (BC.isMarker(Symbol)) 4080 return true; 4081 4082 // It's okay to have a zero-sized symbol in the middle of non-zero-sized 4083 // function. 4084 if (SymbolSize == 0 && containsAddress(cantFail(Symbol.getAddress()))) 4085 return true; 4086 4087 if (cantFail(Symbol.getType()) != SymbolRef::ST_Unknown) 4088 return false; 4089 4090 if (cantFail(Symbol.getFlags()) & SymbolRef::SF_Global) 4091 return false; 4092 4093 return true; 4094 } 4095 4096 void BinaryFunction::adjustExecutionCount(uint64_t Count) { 4097 if (getKnownExecutionCount() == 0 || Count == 0) 4098 return; 4099 4100 if (ExecutionCount < Count) 4101 Count = ExecutionCount; 4102 4103 double AdjustmentRatio = ((double)ExecutionCount - Count) / ExecutionCount; 4104 if (AdjustmentRatio < 0.0) 4105 AdjustmentRatio = 0.0; 4106 4107 for (BinaryBasicBlock &BB : blocks()) 4108 BB.adjustExecutionCount(AdjustmentRatio); 4109 4110 ExecutionCount -= Count; 4111 } 4112 4113 BinaryFunction::~BinaryFunction() { 4114 for (BinaryBasicBlock *BB : BasicBlocks) 4115 delete BB; 4116 for (BinaryBasicBlock *BB : DeletedBasicBlocks) 4117 delete BB; 4118 } 4119 4120 void BinaryFunction::constructDomTree() { 4121 BDT.reset(new BinaryDominatorTree); 4122 BDT->recalculate(*this); 4123 } 4124 4125 void BinaryFunction::calculateLoopInfo() { 4126 if (!hasDomTree()) 4127 constructDomTree(); 4128 // Discover loops. 4129 BLI.reset(new BinaryLoopInfo()); 4130 BLI->analyze(getDomTree()); 4131 4132 // Traverse discovered loops and add depth and profile information. 4133 std::stack<BinaryLoop *> St; 4134 for (auto I = BLI->begin(), E = BLI->end(); I != E; ++I) { 4135 St.push(*I); 4136 ++BLI->OuterLoops; 4137 } 4138 4139 while (!St.empty()) { 4140 BinaryLoop *L = St.top(); 4141 St.pop(); 4142 ++BLI->TotalLoops; 4143 BLI->MaximumDepth = std::max(L->getLoopDepth(), BLI->MaximumDepth); 4144 4145 // Add nested loops in the stack. 4146 for (BinaryLoop::iterator I = L->begin(), E = L->end(); I != E; ++I) 4147 St.push(*I); 4148 4149 // Skip if no valid profile is found. 4150 if (!hasValidProfile()) { 4151 L->EntryCount = COUNT_NO_PROFILE; 4152 L->ExitCount = COUNT_NO_PROFILE; 4153 L->TotalBackEdgeCount = COUNT_NO_PROFILE; 4154 continue; 4155 } 4156 4157 // Compute back edge count. 4158 SmallVector<BinaryBasicBlock *, 1> Latches; 4159 L->getLoopLatches(Latches); 4160 4161 for (BinaryBasicBlock *Latch : Latches) { 4162 auto BI = Latch->branch_info_begin(); 4163 for (BinaryBasicBlock *Succ : Latch->successors()) { 4164 if (Succ == L->getHeader()) { 4165 assert(BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE && 4166 "profile data not found"); 4167 L->TotalBackEdgeCount += BI->Count; 4168 } 4169 ++BI; 4170 } 4171 } 4172 4173 // Compute entry count. 4174 L->EntryCount = L->getHeader()->getExecutionCount() - L->TotalBackEdgeCount; 4175 4176 // Compute exit count. 4177 SmallVector<BinaryLoop::Edge, 1> ExitEdges; 4178 L->getExitEdges(ExitEdges); 4179 for (BinaryLoop::Edge &Exit : ExitEdges) { 4180 const BinaryBasicBlock *Exiting = Exit.first; 4181 const BinaryBasicBlock *ExitTarget = Exit.second; 4182 auto BI = Exiting->branch_info_begin(); 4183 for (BinaryBasicBlock *Succ : Exiting->successors()) { 4184 if (Succ == ExitTarget) { 4185 assert(BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE && 4186 "profile data not found"); 4187 L->ExitCount += BI->Count; 4188 } 4189 ++BI; 4190 } 4191 } 4192 } 4193 } 4194 4195 void BinaryFunction::updateOutputValues(const BOLTLinker &Linker) { 4196 if (!isEmitted()) { 4197 assert(!isInjected() && "injected function should be emitted"); 4198 setOutputAddress(getAddress()); 4199 setOutputSize(getSize()); 4200 return; 4201 } 4202 4203 const auto SymbolInfo = Linker.lookupSymbolInfo(getSymbol()->getName()); 4204 assert(SymbolInfo && "Cannot find function entry symbol"); 4205 setOutputAddress(SymbolInfo->Address); 4206 setOutputSize(SymbolInfo->Size); 4207 4208 if (BC.HasRelocations || isInjected()) { 4209 if (hasConstantIsland()) { 4210 const auto DataAddress = 4211 Linker.lookupSymbol(getFunctionConstantIslandLabel()->getName()); 4212 assert(DataAddress && "Cannot find function CI symbol"); 4213 setOutputDataAddress(*DataAddress); 4214 for (auto It : Islands->Offsets) { 4215 const uint64_t OldOffset = It.first; 4216 BinaryData *BD = BC.getBinaryDataAtAddress(getAddress() + OldOffset); 4217 if (!BD) 4218 continue; 4219 4220 MCSymbol *Symbol = It.second; 4221 const auto NewAddress = Linker.lookupSymbol(Symbol->getName()); 4222 assert(NewAddress && "Cannot find CI symbol"); 4223 auto &Section = *getCodeSection(); 4224 const auto NewOffset = *NewAddress - Section.getOutputAddress(); 4225 BD->setOutputLocation(Section, NewOffset); 4226 } 4227 } 4228 if (isSplit()) { 4229 for (FunctionFragment &FF : getLayout().getSplitFragments()) { 4230 ErrorOr<BinarySection &> ColdSection = 4231 getCodeSection(FF.getFragmentNum()); 4232 // If fragment is empty, cold section might not exist 4233 if (FF.empty() && ColdSection.getError()) 4234 continue; 4235 4236 const MCSymbol *ColdStartSymbol = getSymbol(FF.getFragmentNum()); 4237 // If fragment is empty, symbol might have not been emitted 4238 if (FF.empty() && (!ColdStartSymbol || !ColdStartSymbol->isDefined()) && 4239 !hasConstantIsland()) 4240 continue; 4241 assert(ColdStartSymbol && ColdStartSymbol->isDefined() && 4242 "split function should have defined cold symbol"); 4243 const auto ColdStartSymbolInfo = 4244 Linker.lookupSymbolInfo(ColdStartSymbol->getName()); 4245 assert(ColdStartSymbolInfo && "Cannot find cold start symbol"); 4246 FF.setAddress(ColdStartSymbolInfo->Address); 4247 FF.setImageSize(ColdStartSymbolInfo->Size); 4248 if (hasConstantIsland()) { 4249 const auto DataAddress = Linker.lookupSymbol( 4250 getFunctionColdConstantIslandLabel()->getName()); 4251 assert(DataAddress && "Cannot find cold CI symbol"); 4252 setOutputColdDataAddress(*DataAddress); 4253 } 4254 } 4255 } 4256 } 4257 4258 // Update basic block output ranges for the debug info, if we have 4259 // secondary entry points in the symbol table to update or if writing BAT. 4260 if (!requiresAddressMap()) 4261 return; 4262 4263 // AArch64 may have functions that only contains a constant island (no code). 4264 if (getLayout().block_empty()) 4265 return; 4266 4267 for (FunctionFragment &FF : getLayout().fragments()) { 4268 if (FF.empty()) 4269 continue; 4270 4271 const uint64_t FragmentBaseAddress = 4272 getCodeSection(isSimple() ? FF.getFragmentNum() : FragmentNum::main()) 4273 ->getOutputAddress(); 4274 4275 BinaryBasicBlock *PrevBB = nullptr; 4276 for (BinaryBasicBlock *const BB : FF) { 4277 assert(BB->getLabel()->isDefined() && "symbol should be defined"); 4278 if (!BC.HasRelocations) { 4279 if (BB->isSplit()) 4280 assert(FragmentBaseAddress == FF.getAddress()); 4281 else 4282 assert(FragmentBaseAddress == getOutputAddress()); 4283 (void)FragmentBaseAddress; 4284 } 4285 4286 // Injected functions likely will fail lookup, as they have no 4287 // input range. Just assign the BB the output address of the 4288 // function. 4289 auto MaybeBBAddress = BC.getIOAddressMap().lookup(BB->getLabel()); 4290 const uint64_t BBAddress = MaybeBBAddress ? *MaybeBBAddress 4291 : BB->isSplit() ? FF.getAddress() 4292 : getOutputAddress(); 4293 BB->setOutputStartAddress(BBAddress); 4294 4295 if (PrevBB) { 4296 assert(PrevBB->getOutputAddressRange().first <= BBAddress && 4297 "Bad output address for basic block."); 4298 assert((PrevBB->getOutputAddressRange().first != BBAddress || 4299 !hasInstructions() || !PrevBB->getNumNonPseudos()) && 4300 "Bad output address for basic block."); 4301 PrevBB->setOutputEndAddress(BBAddress); 4302 } 4303 PrevBB = BB; 4304 } 4305 4306 PrevBB->setOutputEndAddress(PrevBB->isSplit() 4307 ? FF.getAddress() + FF.getImageSize() 4308 : getOutputAddress() + getOutputSize()); 4309 } 4310 4311 // Reset output addresses for deleted blocks. 4312 for (BinaryBasicBlock *BB : DeletedBasicBlocks) { 4313 BB->setOutputStartAddress(0); 4314 BB->setOutputEndAddress(0); 4315 } 4316 } 4317 4318 DebugAddressRangesVector BinaryFunction::getOutputAddressRanges() const { 4319 DebugAddressRangesVector OutputRanges; 4320 4321 if (isFolded()) 4322 return OutputRanges; 4323 4324 if (IsFragment) 4325 return OutputRanges; 4326 4327 OutputRanges.emplace_back(getOutputAddress(), 4328 getOutputAddress() + getOutputSize()); 4329 if (isSplit()) { 4330 assert(isEmitted() && "split function should be emitted"); 4331 for (const FunctionFragment &FF : getLayout().getSplitFragments()) 4332 OutputRanges.emplace_back(FF.getAddress(), 4333 FF.getAddress() + FF.getImageSize()); 4334 } 4335 4336 if (isSimple()) 4337 return OutputRanges; 4338 4339 for (BinaryFunction *Frag : Fragments) { 4340 assert(!Frag->isSimple() && 4341 "fragment of non-simple function should also be non-simple"); 4342 OutputRanges.emplace_back(Frag->getOutputAddress(), 4343 Frag->getOutputAddress() + Frag->getOutputSize()); 4344 } 4345 4346 return OutputRanges; 4347 } 4348 4349 uint64_t BinaryFunction::translateInputToOutputAddress(uint64_t Address) const { 4350 if (isFolded()) 4351 return 0; 4352 4353 // If the function hasn't changed return the same address. 4354 if (!isEmitted()) 4355 return Address; 4356 4357 if (Address < getAddress()) 4358 return 0; 4359 4360 // Check if the address is associated with an instruction that is tracked 4361 // by address translation. 4362 if (auto OutputAddress = BC.getIOAddressMap().lookup(Address)) 4363 return *OutputAddress; 4364 4365 // FIXME: #18950828 - we rely on relative offsets inside basic blocks to stay 4366 // intact. Instead we can use pseudo instructions and/or annotations. 4367 const uint64_t Offset = Address - getAddress(); 4368 const BinaryBasicBlock *BB = getBasicBlockContainingOffset(Offset); 4369 if (!BB) { 4370 // Special case for address immediately past the end of the function. 4371 if (Offset == getSize()) 4372 return getOutputAddress() + getOutputSize(); 4373 4374 return 0; 4375 } 4376 4377 return std::min(BB->getOutputAddressRange().first + Offset - BB->getOffset(), 4378 BB->getOutputAddressRange().second); 4379 } 4380 4381 DebugAddressRangesVector 4382 BinaryFunction::translateInputToOutputRange(DebugAddressRange InRange) const { 4383 DebugAddressRangesVector OutRanges; 4384 4385 // The function was removed from the output. Return an empty range. 4386 if (isFolded()) 4387 return OutRanges; 4388 4389 // If the function hasn't changed return the same range. 4390 if (!isEmitted()) { 4391 OutRanges.emplace_back(InRange); 4392 return OutRanges; 4393 } 4394 4395 if (!containsAddress(InRange.LowPC)) 4396 return OutRanges; 4397 4398 // Special case of an empty range [X, X). Some tools expect X to be updated. 4399 if (InRange.LowPC == InRange.HighPC) { 4400 if (uint64_t NewPC = translateInputToOutputAddress(InRange.LowPC)) 4401 OutRanges.push_back(DebugAddressRange{NewPC, NewPC}); 4402 return OutRanges; 4403 } 4404 4405 uint64_t InputOffset = InRange.LowPC - getAddress(); 4406 const uint64_t InputEndOffset = 4407 std::min(InRange.HighPC - getAddress(), getSize()); 4408 4409 auto BBI = llvm::upper_bound(BasicBlockOffsets, 4410 BasicBlockOffset(InputOffset, nullptr), 4411 CompareBasicBlockOffsets()); 4412 assert(BBI != BasicBlockOffsets.begin()); 4413 4414 // Iterate over blocks in the input order using BasicBlockOffsets. 4415 for (--BBI; InputOffset < InputEndOffset && BBI != BasicBlockOffsets.end(); 4416 InputOffset = BBI->second->getEndOffset(), ++BBI) { 4417 const BinaryBasicBlock &BB = *BBI->second; 4418 if (InputOffset < BB.getOffset() || InputOffset >= BB.getEndOffset()) { 4419 LLVM_DEBUG( 4420 dbgs() << "BOLT-DEBUG: invalid debug address range detected for " 4421 << *this << " : [0x" << Twine::utohexstr(InRange.LowPC) 4422 << ", 0x" << Twine::utohexstr(InRange.HighPC) << "]\n"); 4423 break; 4424 } 4425 4426 // Skip the block if it wasn't emitted. 4427 if (!BB.getOutputAddressRange().first) 4428 continue; 4429 4430 // Find output address for an instruction with an offset greater or equal 4431 // to /p Offset. The output address should fall within the same basic 4432 // block boundaries. 4433 auto translateBlockOffset = [&](const uint64_t Offset) { 4434 const uint64_t OutAddress = BB.getOutputAddressRange().first + Offset; 4435 return std::min(OutAddress, BB.getOutputAddressRange().second); 4436 }; 4437 4438 uint64_t OutLowPC = BB.getOutputAddressRange().first; 4439 if (InputOffset > BB.getOffset()) 4440 OutLowPC = translateBlockOffset(InputOffset - BB.getOffset()); 4441 4442 uint64_t OutHighPC = BB.getOutputAddressRange().second; 4443 if (InputEndOffset < BB.getEndOffset()) { 4444 assert(InputEndOffset >= BB.getOffset()); 4445 OutHighPC = translateBlockOffset(InputEndOffset - BB.getOffset()); 4446 } 4447 4448 // Check if we can expand the last translated range. 4449 if (!OutRanges.empty() && OutRanges.back().HighPC == OutLowPC) 4450 OutRanges.back().HighPC = std::max(OutRanges.back().HighPC, OutHighPC); 4451 else 4452 OutRanges.emplace_back(OutLowPC, std::max(OutLowPC, OutHighPC)); 4453 } 4454 4455 LLVM_DEBUG({ 4456 dbgs() << "BOLT-DEBUG: translated address range " << InRange << " -> "; 4457 for (const DebugAddressRange &R : OutRanges) 4458 dbgs() << R << ' '; 4459 dbgs() << '\n'; 4460 }); 4461 4462 return OutRanges; 4463 } 4464 4465 MCInst *BinaryFunction::getInstructionAtOffset(uint64_t Offset) { 4466 if (CurrentState == State::Disassembled) { 4467 auto II = Instructions.find(Offset); 4468 return (II == Instructions.end()) ? nullptr : &II->second; 4469 } else if (CurrentState == State::CFG) { 4470 BinaryBasicBlock *BB = getBasicBlockContainingOffset(Offset); 4471 if (!BB) 4472 return nullptr; 4473 4474 for (MCInst &Inst : *BB) { 4475 constexpr uint32_t InvalidOffset = std::numeric_limits<uint32_t>::max(); 4476 if (Offset == BC.MIB->getOffsetWithDefault(Inst, InvalidOffset)) 4477 return &Inst; 4478 } 4479 4480 if (MCInst *LastInstr = BB->getLastNonPseudoInstr()) { 4481 if (std::optional<uint32_t> Size = BC.MIB->getSize(*LastInstr)) { 4482 if (BB->getEndOffset() - Offset == Size) { 4483 return LastInstr; 4484 } 4485 } 4486 } 4487 4488 return nullptr; 4489 } else { 4490 llvm_unreachable("invalid CFG state to use getInstructionAtOffset()"); 4491 } 4492 } 4493 4494 MCInst *BinaryFunction::getInstructionContainingOffset(uint64_t Offset) { 4495 assert(CurrentState == State::Disassembled && "Wrong function state"); 4496 4497 if (Offset > Size) 4498 return nullptr; 4499 4500 auto II = Instructions.upper_bound(Offset); 4501 assert(II != Instructions.begin() && "First instruction not at offset 0"); 4502 --II; 4503 return &II->second; 4504 } 4505 4506 void BinaryFunction::printLoopInfo(raw_ostream &OS) const { 4507 if (!opts::shouldPrint(*this)) 4508 return; 4509 4510 OS << "Loop Info for Function \"" << *this << "\""; 4511 if (hasValidProfile()) 4512 OS << " (count: " << getExecutionCount() << ")"; 4513 OS << "\n"; 4514 4515 std::stack<BinaryLoop *> St; 4516 for (BinaryLoop *L : *BLI) 4517 St.push(L); 4518 while (!St.empty()) { 4519 BinaryLoop *L = St.top(); 4520 St.pop(); 4521 4522 for (BinaryLoop *Inner : *L) 4523 St.push(Inner); 4524 4525 if (!hasValidProfile()) 4526 continue; 4527 4528 OS << (L->getLoopDepth() > 1 ? "Nested" : "Outer") 4529 << " loop header: " << L->getHeader()->getName(); 4530 OS << "\n"; 4531 OS << "Loop basic blocks: "; 4532 ListSeparator LS; 4533 for (BinaryBasicBlock *BB : L->blocks()) 4534 OS << LS << BB->getName(); 4535 OS << "\n"; 4536 if (hasValidProfile()) { 4537 OS << "Total back edge count: " << L->TotalBackEdgeCount << "\n"; 4538 OS << "Loop entry count: " << L->EntryCount << "\n"; 4539 OS << "Loop exit count: " << L->ExitCount << "\n"; 4540 if (L->EntryCount > 0) { 4541 OS << "Average iters per entry: " 4542 << format("%.4lf", (double)L->TotalBackEdgeCount / L->EntryCount) 4543 << "\n"; 4544 } 4545 } 4546 OS << "----\n"; 4547 } 4548 4549 OS << "Total number of loops: " << BLI->TotalLoops << "\n"; 4550 OS << "Number of outer loops: " << BLI->OuterLoops << "\n"; 4551 OS << "Maximum nested loop depth: " << BLI->MaximumDepth << "\n\n"; 4552 } 4553 4554 bool BinaryFunction::isAArch64Veneer() const { 4555 if (empty() || hasIslandsInfo()) 4556 return false; 4557 4558 BinaryBasicBlock &BB = **BasicBlocks.begin(); 4559 for (MCInst &Inst : BB) 4560 if (!BC.MIB->hasAnnotation(Inst, "AArch64Veneer")) 4561 return false; 4562 4563 for (auto I = BasicBlocks.begin() + 1, E = BasicBlocks.end(); I != E; ++I) { 4564 for (MCInst &Inst : **I) 4565 if (!BC.MIB->isNoop(Inst)) 4566 return false; 4567 } 4568 4569 return true; 4570 } 4571 4572 void BinaryFunction::addRelocation(uint64_t Address, MCSymbol *Symbol, 4573 uint64_t RelType, uint64_t Addend, 4574 uint64_t Value) { 4575 assert(Address >= getAddress() && Address < getAddress() + getMaxSize() && 4576 "address is outside of the function"); 4577 uint64_t Offset = Address - getAddress(); 4578 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: addRelocation in " 4579 << formatv("{0}@{1:x} against {2}\n", *this, Offset, 4580 (Symbol ? Symbol->getName() : "<undef>"))); 4581 bool IsCI = BC.isAArch64() && isInConstantIsland(Address); 4582 std::map<uint64_t, Relocation> &Rels = 4583 IsCI ? Islands->Relocations : Relocations; 4584 if (BC.MIB->shouldRecordCodeRelocation(RelType)) 4585 Rels[Offset] = Relocation{Offset, Symbol, RelType, Addend, Value}; 4586 } 4587 4588 } // namespace bolt 4589 } // namespace llvm 4590