1 //===- bolt/Core/BinaryFunction.cpp - Low-level function ------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file implements the BinaryFunction class. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "bolt/Core/BinaryFunction.h" 14 #include "bolt/Core/BinaryBasicBlock.h" 15 #include "bolt/Core/DynoStats.h" 16 #include "bolt/Core/HashUtilities.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "bolt/Utils/NameResolver.h" 19 #include "bolt/Utils/NameShortener.h" 20 #include "bolt/Utils/Utils.h" 21 #include "llvm/ADT/STLExtras.h" 22 #include "llvm/ADT/SmallSet.h" 23 #include "llvm/ADT/StringExtras.h" 24 #include "llvm/ADT/StringRef.h" 25 #include "llvm/Demangle/Demangle.h" 26 #include "llvm/MC/MCAsmInfo.h" 27 #include "llvm/MC/MCContext.h" 28 #include "llvm/MC/MCDisassembler/MCDisassembler.h" 29 #include "llvm/MC/MCExpr.h" 30 #include "llvm/MC/MCInst.h" 31 #include "llvm/MC/MCInstPrinter.h" 32 #include "llvm/MC/MCRegisterInfo.h" 33 #include "llvm/MC/MCSymbol.h" 34 #include "llvm/Object/ObjectFile.h" 35 #include "llvm/Support/CommandLine.h" 36 #include "llvm/Support/Debug.h" 37 #include "llvm/Support/GenericDomTreeConstruction.h" 38 #include "llvm/Support/GenericLoopInfoImpl.h" 39 #include "llvm/Support/GraphWriter.h" 40 #include "llvm/Support/LEB128.h" 41 #include "llvm/Support/Regex.h" 42 #include "llvm/Support/Timer.h" 43 #include "llvm/Support/raw_ostream.h" 44 #include "llvm/Support/xxhash.h" 45 #include <functional> 46 #include <limits> 47 #include <numeric> 48 #include <stack> 49 #include <string> 50 51 #define DEBUG_TYPE "bolt" 52 53 using namespace llvm; 54 using namespace bolt; 55 56 namespace opts { 57 58 extern cl::OptionCategory BoltCategory; 59 extern cl::OptionCategory BoltOptCategory; 60 61 extern cl::opt<bool> EnableBAT; 62 extern cl::opt<bool> Instrument; 63 extern cl::opt<bool> StrictMode; 64 extern cl::opt<bool> UpdateDebugSections; 65 extern cl::opt<unsigned> Verbosity; 66 67 extern bool processAllFunctions(); 68 69 cl::opt<bool> CheckEncoding( 70 "check-encoding", 71 cl::desc("perform verification of LLVM instruction encoding/decoding. " 72 "Every instruction in the input is decoded and re-encoded. " 73 "If the resulting bytes do not match the input, a warning message " 74 "is printed."), 75 cl::Hidden, cl::cat(BoltCategory)); 76 77 static cl::opt<bool> DotToolTipCode( 78 "dot-tooltip-code", 79 cl::desc("add basic block instructions as tool tips on nodes"), cl::Hidden, 80 cl::cat(BoltCategory)); 81 82 cl::opt<JumpTableSupportLevel> 83 JumpTables("jump-tables", 84 cl::desc("jump tables support (default=basic)"), 85 cl::init(JTS_BASIC), 86 cl::values( 87 clEnumValN(JTS_NONE, "none", 88 "do not optimize functions with jump tables"), 89 clEnumValN(JTS_BASIC, "basic", 90 "optimize functions with jump tables"), 91 clEnumValN(JTS_MOVE, "move", 92 "move jump tables to a separate section"), 93 clEnumValN(JTS_SPLIT, "split", 94 "split jump tables section into hot and cold based on " 95 "function execution frequency"), 96 clEnumValN(JTS_AGGRESSIVE, "aggressive", 97 "aggressively split jump tables section based on usage " 98 "of the tables")), 99 cl::ZeroOrMore, 100 cl::cat(BoltOptCategory)); 101 102 static cl::opt<bool> NoScan( 103 "no-scan", 104 cl::desc( 105 "do not scan cold functions for external references (may result in " 106 "slower binary)"), 107 cl::Hidden, cl::cat(BoltOptCategory)); 108 109 cl::opt<bool> 110 PreserveBlocksAlignment("preserve-blocks-alignment", 111 cl::desc("try to preserve basic block alignment"), 112 cl::cat(BoltOptCategory)); 113 114 static cl::opt<bool> PrintOutputAddressRange( 115 "print-output-address-range", 116 cl::desc( 117 "print output address range for each basic block in the function when" 118 "BinaryFunction::print is called"), 119 cl::Hidden, cl::cat(BoltOptCategory)); 120 121 cl::opt<bool> 122 PrintDynoStats("dyno-stats", 123 cl::desc("print execution info based on profile"), 124 cl::cat(BoltCategory)); 125 126 static cl::opt<bool> 127 PrintDynoStatsOnly("print-dyno-stats-only", 128 cl::desc("while printing functions output dyno-stats and skip instructions"), 129 cl::init(false), 130 cl::Hidden, 131 cl::cat(BoltCategory)); 132 133 static cl::list<std::string> 134 PrintOnly("print-only", 135 cl::CommaSeparated, 136 cl::desc("list of functions to print"), 137 cl::value_desc("func1,func2,func3,..."), 138 cl::Hidden, 139 cl::cat(BoltCategory)); 140 141 cl::opt<bool> 142 TimeBuild("time-build", 143 cl::desc("print time spent constructing binary functions"), 144 cl::Hidden, cl::cat(BoltCategory)); 145 146 cl::opt<bool> 147 TrapOnAVX512("trap-avx512", 148 cl::desc("in relocation mode trap upon entry to any function that uses " 149 "AVX-512 instructions"), 150 cl::init(false), 151 cl::ZeroOrMore, 152 cl::Hidden, 153 cl::cat(BoltCategory)); 154 155 bool shouldPrint(const BinaryFunction &Function) { 156 if (Function.isIgnored()) 157 return false; 158 159 if (PrintOnly.empty()) 160 return true; 161 162 for (std::string &Name : opts::PrintOnly) { 163 if (Function.hasNameRegex(Name)) { 164 return true; 165 } 166 } 167 168 return false; 169 } 170 171 } // namespace opts 172 173 namespace llvm { 174 namespace bolt { 175 176 template <typename R> static bool emptyRange(const R &Range) { 177 return Range.begin() == Range.end(); 178 } 179 180 /// Gets debug line information for the instruction located at the given 181 /// address in the original binary. The SMLoc's pointer is used 182 /// to point to this information, which is represented by a 183 /// DebugLineTableRowRef. The returned pointer is null if no debug line 184 /// information for this instruction was found. 185 static SMLoc findDebugLineInformationForInstructionAt( 186 uint64_t Address, DWARFUnit *Unit, 187 const DWARFDebugLine::LineTable *LineTable) { 188 // We use the pointer in SMLoc to store an instance of DebugLineTableRowRef, 189 // which occupies 64 bits. Thus, we can only proceed if the struct fits into 190 // the pointer itself. 191 static_assert( 192 sizeof(decltype(SMLoc().getPointer())) >= sizeof(DebugLineTableRowRef), 193 "Cannot fit instruction debug line information into SMLoc's pointer"); 194 195 SMLoc NullResult = DebugLineTableRowRef::NULL_ROW.toSMLoc(); 196 uint32_t RowIndex = LineTable->lookupAddress( 197 {Address, object::SectionedAddress::UndefSection}); 198 if (RowIndex == LineTable->UnknownRowIndex) 199 return NullResult; 200 201 assert(RowIndex < LineTable->Rows.size() && 202 "Line Table lookup returned invalid index."); 203 204 decltype(SMLoc().getPointer()) Ptr; 205 DebugLineTableRowRef *InstructionLocation = 206 reinterpret_cast<DebugLineTableRowRef *>(&Ptr); 207 208 InstructionLocation->DwCompileUnitIndex = Unit->getOffset(); 209 InstructionLocation->RowIndex = RowIndex + 1; 210 211 return SMLoc::getFromPointer(Ptr); 212 } 213 214 static std::string buildSectionName(StringRef Prefix, StringRef Name, 215 const BinaryContext &BC) { 216 if (BC.isELF()) 217 return (Prefix + Name).str(); 218 static NameShortener NS; 219 return (Prefix + Twine(NS.getID(Name))).str(); 220 } 221 222 static raw_ostream &operator<<(raw_ostream &OS, 223 const BinaryFunction::State State) { 224 switch (State) { 225 case BinaryFunction::State::Empty: OS << "empty"; break; 226 case BinaryFunction::State::Disassembled: OS << "disassembled"; break; 227 case BinaryFunction::State::CFG: OS << "CFG constructed"; break; 228 case BinaryFunction::State::CFG_Finalized: OS << "CFG finalized"; break; 229 case BinaryFunction::State::EmittedCFG: OS << "emitted with CFG"; break; 230 case BinaryFunction::State::Emitted: OS << "emitted"; break; 231 } 232 233 return OS; 234 } 235 236 std::string BinaryFunction::buildCodeSectionName(StringRef Name, 237 const BinaryContext &BC) { 238 return buildSectionName(BC.isELF() ? ".local.text." : ".l.text.", Name, BC); 239 } 240 241 std::string BinaryFunction::buildColdCodeSectionName(StringRef Name, 242 const BinaryContext &BC) { 243 return buildSectionName(BC.isELF() ? ".local.cold.text." : ".l.c.text.", Name, 244 BC); 245 } 246 247 uint64_t BinaryFunction::Count = 0; 248 249 std::optional<StringRef> 250 BinaryFunction::hasNameRegex(const StringRef Name) const { 251 const std::string RegexName = (Twine("^") + StringRef(Name) + "$").str(); 252 Regex MatchName(RegexName); 253 return forEachName( 254 [&MatchName](StringRef Name) { return MatchName.match(Name); }); 255 } 256 257 std::optional<StringRef> 258 BinaryFunction::hasRestoredNameRegex(const StringRef Name) const { 259 const std::string RegexName = (Twine("^") + StringRef(Name) + "$").str(); 260 Regex MatchName(RegexName); 261 return forEachName([&MatchName](StringRef Name) { 262 return MatchName.match(NameResolver::restore(Name)); 263 }); 264 } 265 266 std::string BinaryFunction::getDemangledName() const { 267 StringRef MangledName = NameResolver::restore(getOneName()); 268 return demangle(MangledName.str()); 269 } 270 271 BinaryBasicBlock * 272 BinaryFunction::getBasicBlockContainingOffset(uint64_t Offset) { 273 if (Offset > Size) 274 return nullptr; 275 276 if (BasicBlockOffsets.empty()) 277 return nullptr; 278 279 /* 280 * This is commented out because it makes BOLT too slow. 281 * assert(std::is_sorted(BasicBlockOffsets.begin(), 282 * BasicBlockOffsets.end(), 283 * CompareBasicBlockOffsets()))); 284 */ 285 auto I = 286 llvm::upper_bound(BasicBlockOffsets, BasicBlockOffset(Offset, nullptr), 287 CompareBasicBlockOffsets()); 288 assert(I != BasicBlockOffsets.begin() && "first basic block not at offset 0"); 289 --I; 290 BinaryBasicBlock *BB = I->second; 291 return (Offset < BB->getOffset() + BB->getOriginalSize()) ? BB : nullptr; 292 } 293 294 void BinaryFunction::markUnreachableBlocks() { 295 std::stack<BinaryBasicBlock *> Stack; 296 297 for (BinaryBasicBlock &BB : blocks()) 298 BB.markValid(false); 299 300 // Add all entries and landing pads as roots. 301 for (BinaryBasicBlock *BB : BasicBlocks) { 302 if (isEntryPoint(*BB) || BB->isLandingPad()) { 303 Stack.push(BB); 304 BB->markValid(true); 305 continue; 306 } 307 // FIXME: 308 // Also mark BBs with indirect jumps as reachable, since we do not 309 // support removing unused jump tables yet (GH-issue20). 310 for (const MCInst &Inst : *BB) { 311 if (BC.MIB->getJumpTable(Inst)) { 312 Stack.push(BB); 313 BB->markValid(true); 314 break; 315 } 316 } 317 } 318 319 // Determine reachable BBs from the entry point 320 while (!Stack.empty()) { 321 BinaryBasicBlock *BB = Stack.top(); 322 Stack.pop(); 323 for (BinaryBasicBlock *Succ : BB->successors()) { 324 if (Succ->isValid()) 325 continue; 326 Succ->markValid(true); 327 Stack.push(Succ); 328 } 329 } 330 } 331 332 // Any unnecessary fallthrough jumps revealed after calling eraseInvalidBBs 333 // will be cleaned up by fixBranches(). 334 std::pair<unsigned, uint64_t> 335 BinaryFunction::eraseInvalidBBs(const MCCodeEmitter *Emitter) { 336 DenseSet<const BinaryBasicBlock *> InvalidBBs; 337 unsigned Count = 0; 338 uint64_t Bytes = 0; 339 for (BinaryBasicBlock *const BB : BasicBlocks) { 340 if (!BB->isValid()) { 341 assert(!isEntryPoint(*BB) && "all entry blocks must be valid"); 342 InvalidBBs.insert(BB); 343 ++Count; 344 Bytes += BC.computeCodeSize(BB->begin(), BB->end(), Emitter); 345 } 346 } 347 348 Layout.eraseBasicBlocks(InvalidBBs); 349 350 BasicBlockListType NewBasicBlocks; 351 for (auto I = BasicBlocks.begin(), E = BasicBlocks.end(); I != E; ++I) { 352 BinaryBasicBlock *BB = *I; 353 if (InvalidBBs.contains(BB)) { 354 // Make sure the block is removed from the list of predecessors. 355 BB->removeAllSuccessors(); 356 DeletedBasicBlocks.push_back(BB); 357 } else { 358 NewBasicBlocks.push_back(BB); 359 } 360 } 361 BasicBlocks = std::move(NewBasicBlocks); 362 363 assert(BasicBlocks.size() == Layout.block_size()); 364 365 // Update CFG state if needed 366 if (Count > 0) 367 recomputeLandingPads(); 368 369 return std::make_pair(Count, Bytes); 370 } 371 372 bool BinaryFunction::isForwardCall(const MCSymbol *CalleeSymbol) const { 373 // This function should work properly before and after function reordering. 374 // In order to accomplish this, we use the function index (if it is valid). 375 // If the function indices are not valid, we fall back to the original 376 // addresses. This should be ok because the functions without valid indices 377 // should have been ordered with a stable sort. 378 const BinaryFunction *CalleeBF = BC.getFunctionForSymbol(CalleeSymbol); 379 if (CalleeBF) { 380 if (CalleeBF->isInjected()) 381 return true; 382 383 if (hasValidIndex() && CalleeBF->hasValidIndex()) { 384 return getIndex() < CalleeBF->getIndex(); 385 } else if (hasValidIndex() && !CalleeBF->hasValidIndex()) { 386 return true; 387 } else if (!hasValidIndex() && CalleeBF->hasValidIndex()) { 388 return false; 389 } else { 390 return getAddress() < CalleeBF->getAddress(); 391 } 392 } else { 393 // Absolute symbol. 394 ErrorOr<uint64_t> CalleeAddressOrError = BC.getSymbolValue(*CalleeSymbol); 395 assert(CalleeAddressOrError && "unregistered symbol found"); 396 return *CalleeAddressOrError > getAddress(); 397 } 398 } 399 400 void BinaryFunction::dump() const { 401 // getDynoStats calls FunctionLayout::updateLayoutIndices and 402 // BasicBlock::analyzeBranch. The former cannot be const, but should be 403 // removed, the latter should be made const, but seems to require refactoring. 404 // Forcing all callers to have a non-const reference to BinaryFunction to call 405 // dump non-const however is not ideal either. Adding this const_cast is right 406 // now the best solution. It is safe, because BinaryFunction itself is not 407 // modified. Only BinaryBasicBlocks are actually modified (if it all) and we 408 // have mutable pointers to those regardless whether this function is 409 // const-qualified or not. 410 const_cast<BinaryFunction &>(*this).print(dbgs(), ""); 411 } 412 413 void BinaryFunction::print(raw_ostream &OS, std::string Annotation) { 414 if (!opts::shouldPrint(*this)) 415 return; 416 417 StringRef SectionName = 418 OriginSection ? OriginSection->getName() : "<no origin section>"; 419 OS << "Binary Function \"" << *this << "\" " << Annotation << " {"; 420 std::vector<StringRef> AllNames = getNames(); 421 if (AllNames.size() > 1) { 422 OS << "\n All names : "; 423 const char *Sep = ""; 424 for (const StringRef &Name : AllNames) { 425 OS << Sep << Name; 426 Sep = "\n "; 427 } 428 } 429 OS << "\n Number : " << FunctionNumber; 430 OS << "\n State : " << CurrentState; 431 OS << "\n Address : 0x" << Twine::utohexstr(Address); 432 OS << "\n Size : 0x" << Twine::utohexstr(Size); 433 OS << "\n MaxSize : 0x" << Twine::utohexstr(MaxSize); 434 OS << "\n Offset : 0x" << Twine::utohexstr(getFileOffset()); 435 OS << "\n Section : " << SectionName; 436 OS << "\n Orc Section : " << getCodeSectionName(); 437 OS << "\n LSDA : 0x" << Twine::utohexstr(getLSDAAddress()); 438 OS << "\n IsSimple : " << IsSimple; 439 OS << "\n IsMultiEntry: " << isMultiEntry(); 440 OS << "\n IsSplit : " << isSplit(); 441 OS << "\n BB Count : " << size(); 442 443 if (HasUnknownControlFlow) 444 OS << "\n Unknown CF : true"; 445 if (getPersonalityFunction()) 446 OS << "\n Personality : " << getPersonalityFunction()->getName(); 447 if (IsFragment) 448 OS << "\n IsFragment : true"; 449 if (isFolded()) 450 OS << "\n FoldedInto : " << *getFoldedIntoFunction(); 451 for (BinaryFunction *ParentFragment : ParentFragments) 452 OS << "\n Parent : " << *ParentFragment; 453 if (!Fragments.empty()) { 454 OS << "\n Fragments : "; 455 ListSeparator LS; 456 for (BinaryFunction *Frag : Fragments) 457 OS << LS << *Frag; 458 } 459 if (hasCFG()) 460 OS << "\n Hash : " << Twine::utohexstr(computeHash()); 461 if (isMultiEntry()) { 462 OS << "\n Secondary Entry Points : "; 463 ListSeparator LS; 464 for (const auto &KV : SecondaryEntryPoints) 465 OS << LS << KV.second->getName(); 466 } 467 if (FrameInstructions.size()) 468 OS << "\n CFI Instrs : " << FrameInstructions.size(); 469 if (!Layout.block_empty()) { 470 OS << "\n BB Layout : "; 471 ListSeparator LS; 472 for (const BinaryBasicBlock *BB : Layout.blocks()) 473 OS << LS << BB->getName(); 474 } 475 if (getImageAddress()) 476 OS << "\n Image : 0x" << Twine::utohexstr(getImageAddress()); 477 if (ExecutionCount != COUNT_NO_PROFILE) { 478 OS << "\n Exec Count : " << ExecutionCount; 479 OS << "\n Branch Count: " << RawBranchCount; 480 OS << "\n Profile Acc : " << format("%.1f%%", ProfileMatchRatio * 100.0f); 481 } 482 483 if (opts::PrintDynoStats && !getLayout().block_empty()) { 484 OS << '\n'; 485 DynoStats dynoStats = getDynoStats(*this); 486 OS << dynoStats; 487 } 488 489 OS << "\n}\n"; 490 491 if (opts::PrintDynoStatsOnly || !BC.InstPrinter) 492 return; 493 494 // Offset of the instruction in function. 495 uint64_t Offset = 0; 496 497 if (BasicBlocks.empty() && !Instructions.empty()) { 498 // Print before CFG was built. 499 for (const std::pair<const uint32_t, MCInst> &II : Instructions) { 500 Offset = II.first; 501 502 // Print label if exists at this offset. 503 auto LI = Labels.find(Offset); 504 if (LI != Labels.end()) { 505 if (const MCSymbol *EntrySymbol = 506 getSecondaryEntryPointSymbol(LI->second)) 507 OS << EntrySymbol->getName() << " (Entry Point):\n"; 508 OS << LI->second->getName() << ":\n"; 509 } 510 511 BC.printInstruction(OS, II.second, Offset, this); 512 } 513 } 514 515 StringRef SplitPointMsg = ""; 516 for (const FunctionFragment &FF : Layout.fragments()) { 517 OS << SplitPointMsg; 518 SplitPointMsg = "------- HOT-COLD SPLIT POINT -------\n\n"; 519 for (const BinaryBasicBlock *BB : FF) { 520 OS << BB->getName() << " (" << BB->size() 521 << " instructions, align : " << BB->getAlignment() << ")\n"; 522 523 if (opts::PrintOutputAddressRange) 524 OS << formatv(" Output Address Range: [{0:x}, {1:x}) ({2} bytes)\n", 525 BB->getOutputAddressRange().first, 526 BB->getOutputAddressRange().second, BB->getOutputSize()); 527 528 if (isEntryPoint(*BB)) { 529 if (MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB)) 530 OS << " Secondary Entry Point: " << EntrySymbol->getName() << '\n'; 531 else 532 OS << " Entry Point\n"; 533 } 534 535 if (BB->isLandingPad()) 536 OS << " Landing Pad\n"; 537 538 uint64_t BBExecCount = BB->getExecutionCount(); 539 if (hasValidProfile()) { 540 OS << " Exec Count : "; 541 if (BB->getExecutionCount() != BinaryBasicBlock::COUNT_NO_PROFILE) 542 OS << BBExecCount << '\n'; 543 else 544 OS << "<unknown>\n"; 545 } 546 if (hasCFI()) 547 OS << " CFI State : " << BB->getCFIState() << '\n'; 548 if (opts::EnableBAT) { 549 OS << " Input offset: 0x" << Twine::utohexstr(BB->getInputOffset()) 550 << "\n"; 551 } 552 if (!BB->pred_empty()) { 553 OS << " Predecessors: "; 554 ListSeparator LS; 555 for (BinaryBasicBlock *Pred : BB->predecessors()) 556 OS << LS << Pred->getName(); 557 OS << '\n'; 558 } 559 if (!BB->throw_empty()) { 560 OS << " Throwers: "; 561 ListSeparator LS; 562 for (BinaryBasicBlock *Throw : BB->throwers()) 563 OS << LS << Throw->getName(); 564 OS << '\n'; 565 } 566 567 Offset = alignTo(Offset, BB->getAlignment()); 568 569 // Note: offsets are imprecise since this is happening prior to 570 // relaxation. 571 Offset = BC.printInstructions(OS, BB->begin(), BB->end(), Offset, this); 572 573 if (!BB->succ_empty()) { 574 OS << " Successors: "; 575 // For more than 2 successors, sort them based on frequency. 576 std::vector<uint64_t> Indices(BB->succ_size()); 577 std::iota(Indices.begin(), Indices.end(), 0); 578 if (BB->succ_size() > 2 && BB->getKnownExecutionCount()) { 579 llvm::stable_sort(Indices, [&](const uint64_t A, const uint64_t B) { 580 return BB->BranchInfo[B] < BB->BranchInfo[A]; 581 }); 582 } 583 ListSeparator LS; 584 for (unsigned I = 0; I < Indices.size(); ++I) { 585 BinaryBasicBlock *Succ = BB->Successors[Indices[I]]; 586 const BinaryBasicBlock::BinaryBranchInfo &BI = 587 BB->BranchInfo[Indices[I]]; 588 OS << LS << Succ->getName(); 589 if (ExecutionCount != COUNT_NO_PROFILE && 590 BI.MispredictedCount != BinaryBasicBlock::COUNT_INFERRED) { 591 OS << " (mispreds: " << BI.MispredictedCount 592 << ", count: " << BI.Count << ")"; 593 } else if (ExecutionCount != COUNT_NO_PROFILE && 594 BI.Count != BinaryBasicBlock::COUNT_NO_PROFILE) { 595 OS << " (inferred count: " << BI.Count << ")"; 596 } 597 } 598 OS << '\n'; 599 } 600 601 if (!BB->lp_empty()) { 602 OS << " Landing Pads: "; 603 ListSeparator LS; 604 for (BinaryBasicBlock *LP : BB->landing_pads()) { 605 OS << LS << LP->getName(); 606 if (ExecutionCount != COUNT_NO_PROFILE) { 607 OS << " (count: " << LP->getExecutionCount() << ")"; 608 } 609 } 610 OS << '\n'; 611 } 612 613 // In CFG_Finalized state we can miscalculate CFI state at exit. 614 if (CurrentState == State::CFG && hasCFI()) { 615 const int32_t CFIStateAtExit = BB->getCFIStateAtExit(); 616 if (CFIStateAtExit >= 0) 617 OS << " CFI State: " << CFIStateAtExit << '\n'; 618 } 619 620 OS << '\n'; 621 } 622 } 623 624 // Dump new exception ranges for the function. 625 if (!CallSites.empty()) { 626 OS << "EH table:\n"; 627 for (const FunctionFragment &FF : getLayout().fragments()) { 628 for (const auto &FCSI : getCallSites(FF.getFragmentNum())) { 629 const CallSite &CSI = FCSI.second; 630 OS << " [" << *CSI.Start << ", " << *CSI.End << ") landing pad : "; 631 if (CSI.LP) 632 OS << *CSI.LP; 633 else 634 OS << "0"; 635 OS << ", action : " << CSI.Action << '\n'; 636 } 637 } 638 OS << '\n'; 639 } 640 641 // Print all jump tables. 642 for (const std::pair<const uint64_t, JumpTable *> &JTI : JumpTables) 643 JTI.second->print(OS); 644 645 OS << "DWARF CFI Instructions:\n"; 646 if (OffsetToCFI.size()) { 647 // Pre-buildCFG information 648 for (const std::pair<const uint32_t, uint32_t> &Elmt : OffsetToCFI) { 649 OS << format(" %08x:\t", Elmt.first); 650 assert(Elmt.second < FrameInstructions.size() && "Incorrect CFI offset"); 651 BinaryContext::printCFI(OS, FrameInstructions[Elmt.second]); 652 OS << "\n"; 653 } 654 } else { 655 // Post-buildCFG information 656 for (uint32_t I = 0, E = FrameInstructions.size(); I != E; ++I) { 657 const MCCFIInstruction &CFI = FrameInstructions[I]; 658 OS << format(" %d:\t", I); 659 BinaryContext::printCFI(OS, CFI); 660 OS << "\n"; 661 } 662 } 663 if (FrameInstructions.empty()) 664 OS << " <empty>\n"; 665 666 OS << "End of Function \"" << *this << "\"\n\n"; 667 } 668 669 void BinaryFunction::printRelocations(raw_ostream &OS, uint64_t Offset, 670 uint64_t Size) const { 671 const char *Sep = " # Relocs: "; 672 673 auto RI = Relocations.lower_bound(Offset); 674 while (RI != Relocations.end() && RI->first < Offset + Size) { 675 OS << Sep << "(R: " << RI->second << ")"; 676 Sep = ", "; 677 ++RI; 678 } 679 } 680 681 static std::string mutateDWARFExpressionTargetReg(const MCCFIInstruction &Instr, 682 MCPhysReg NewReg) { 683 StringRef ExprBytes = Instr.getValues(); 684 assert(ExprBytes.size() > 1 && "DWARF expression CFI is too short"); 685 uint8_t Opcode = ExprBytes[0]; 686 assert((Opcode == dwarf::DW_CFA_expression || 687 Opcode == dwarf::DW_CFA_val_expression) && 688 "invalid DWARF expression CFI"); 689 (void)Opcode; 690 const uint8_t *const Start = 691 reinterpret_cast<const uint8_t *>(ExprBytes.drop_front(1).data()); 692 const uint8_t *const End = 693 reinterpret_cast<const uint8_t *>(Start + ExprBytes.size() - 1); 694 unsigned Size = 0; 695 decodeULEB128(Start, &Size, End); 696 assert(Size > 0 && "Invalid reg encoding for DWARF expression CFI"); 697 SmallString<8> Tmp; 698 raw_svector_ostream OSE(Tmp); 699 encodeULEB128(NewReg, OSE); 700 return Twine(ExprBytes.slice(0, 1)) 701 .concat(OSE.str()) 702 .concat(ExprBytes.drop_front(1 + Size)) 703 .str(); 704 } 705 706 void BinaryFunction::mutateCFIRegisterFor(const MCInst &Instr, 707 MCPhysReg NewReg) { 708 const MCCFIInstruction *OldCFI = getCFIFor(Instr); 709 assert(OldCFI && "invalid CFI instr"); 710 switch (OldCFI->getOperation()) { 711 default: 712 llvm_unreachable("Unexpected instruction"); 713 case MCCFIInstruction::OpDefCfa: 714 setCFIFor(Instr, MCCFIInstruction::cfiDefCfa(nullptr, NewReg, 715 OldCFI->getOffset())); 716 break; 717 case MCCFIInstruction::OpDefCfaRegister: 718 setCFIFor(Instr, MCCFIInstruction::createDefCfaRegister(nullptr, NewReg)); 719 break; 720 case MCCFIInstruction::OpOffset: 721 setCFIFor(Instr, MCCFIInstruction::createOffset(nullptr, NewReg, 722 OldCFI->getOffset())); 723 break; 724 case MCCFIInstruction::OpRegister: 725 setCFIFor(Instr, MCCFIInstruction::createRegister(nullptr, NewReg, 726 OldCFI->getRegister2())); 727 break; 728 case MCCFIInstruction::OpSameValue: 729 setCFIFor(Instr, MCCFIInstruction::createSameValue(nullptr, NewReg)); 730 break; 731 case MCCFIInstruction::OpEscape: 732 setCFIFor(Instr, 733 MCCFIInstruction::createEscape( 734 nullptr, 735 StringRef(mutateDWARFExpressionTargetReg(*OldCFI, NewReg)))); 736 break; 737 case MCCFIInstruction::OpRestore: 738 setCFIFor(Instr, MCCFIInstruction::createRestore(nullptr, NewReg)); 739 break; 740 case MCCFIInstruction::OpUndefined: 741 setCFIFor(Instr, MCCFIInstruction::createUndefined(nullptr, NewReg)); 742 break; 743 } 744 } 745 746 const MCCFIInstruction *BinaryFunction::mutateCFIOffsetFor(const MCInst &Instr, 747 int64_t NewOffset) { 748 const MCCFIInstruction *OldCFI = getCFIFor(Instr); 749 assert(OldCFI && "invalid CFI instr"); 750 switch (OldCFI->getOperation()) { 751 default: 752 llvm_unreachable("Unexpected instruction"); 753 case MCCFIInstruction::OpDefCfaOffset: 754 setCFIFor(Instr, MCCFIInstruction::cfiDefCfaOffset(nullptr, NewOffset)); 755 break; 756 case MCCFIInstruction::OpAdjustCfaOffset: 757 setCFIFor(Instr, 758 MCCFIInstruction::createAdjustCfaOffset(nullptr, NewOffset)); 759 break; 760 case MCCFIInstruction::OpDefCfa: 761 setCFIFor(Instr, MCCFIInstruction::cfiDefCfa(nullptr, OldCFI->getRegister(), 762 NewOffset)); 763 break; 764 case MCCFIInstruction::OpOffset: 765 setCFIFor(Instr, MCCFIInstruction::createOffset( 766 nullptr, OldCFI->getRegister(), NewOffset)); 767 break; 768 } 769 return getCFIFor(Instr); 770 } 771 772 IndirectBranchType 773 BinaryFunction::processIndirectBranch(MCInst &Instruction, unsigned Size, 774 uint64_t Offset, 775 uint64_t &TargetAddress) { 776 const unsigned PtrSize = BC.AsmInfo->getCodePointerSize(); 777 778 // The instruction referencing memory used by the branch instruction. 779 // It could be the branch instruction itself or one of the instructions 780 // setting the value of the register used by the branch. 781 MCInst *MemLocInstr; 782 783 // The instruction loading the fixed PIC jump table entry value. 784 MCInst *FixedEntryLoadInstr; 785 786 // Address of the table referenced by MemLocInstr. Could be either an 787 // array of function pointers, or a jump table. 788 uint64_t ArrayStart = 0; 789 790 unsigned BaseRegNum, IndexRegNum; 791 int64_t DispValue; 792 const MCExpr *DispExpr; 793 794 // In AArch, identify the instruction adding the PC-relative offset to 795 // jump table entries to correctly decode it. 796 MCInst *PCRelBaseInstr; 797 uint64_t PCRelAddr = 0; 798 799 auto Begin = Instructions.begin(); 800 if (BC.isAArch64()) { 801 PreserveNops = BC.HasRelocations; 802 // Start at the last label as an approximation of the current basic block. 803 // This is a heuristic, since the full set of labels have yet to be 804 // determined 805 for (const uint32_t Offset : 806 llvm::make_first_range(llvm::reverse(Labels))) { 807 auto II = Instructions.find(Offset); 808 if (II != Instructions.end()) { 809 Begin = II; 810 break; 811 } 812 } 813 } 814 815 IndirectBranchType BranchType = BC.MIB->analyzeIndirectBranch( 816 Instruction, Begin, Instructions.end(), PtrSize, MemLocInstr, BaseRegNum, 817 IndexRegNum, DispValue, DispExpr, PCRelBaseInstr, FixedEntryLoadInstr); 818 819 if (BranchType == IndirectBranchType::UNKNOWN && !MemLocInstr) 820 return BranchType; 821 822 if (MemLocInstr != &Instruction) 823 IndexRegNum = BC.MIB->getNoRegister(); 824 825 if (BC.isAArch64()) { 826 const MCSymbol *Sym = BC.MIB->getTargetSymbol(*PCRelBaseInstr, 1); 827 assert(Sym && "Symbol extraction failed"); 828 ErrorOr<uint64_t> SymValueOrError = BC.getSymbolValue(*Sym); 829 if (SymValueOrError) { 830 PCRelAddr = *SymValueOrError; 831 } else { 832 for (std::pair<const uint32_t, MCSymbol *> &Elmt : Labels) { 833 if (Elmt.second == Sym) { 834 PCRelAddr = Elmt.first + getAddress(); 835 break; 836 } 837 } 838 } 839 uint64_t InstrAddr = 0; 840 for (auto II = Instructions.rbegin(); II != Instructions.rend(); ++II) { 841 if (&II->second == PCRelBaseInstr) { 842 InstrAddr = II->first + getAddress(); 843 break; 844 } 845 } 846 assert(InstrAddr != 0 && "instruction not found"); 847 // We do this to avoid spurious references to code locations outside this 848 // function (for example, if the indirect jump lives in the last basic 849 // block of the function, it will create a reference to the next function). 850 // This replaces a symbol reference with an immediate. 851 BC.MIB->replaceMemOperandDisp(*PCRelBaseInstr, 852 MCOperand::createImm(PCRelAddr - InstrAddr)); 853 // FIXME: Disable full jump table processing for AArch64 until we have a 854 // proper way of determining the jump table limits. 855 return IndirectBranchType::UNKNOWN; 856 } 857 858 auto getExprValue = [&](const MCExpr *Expr) { 859 const MCSymbol *TargetSym; 860 uint64_t TargetOffset; 861 std::tie(TargetSym, TargetOffset) = BC.MIB->getTargetSymbolInfo(Expr); 862 ErrorOr<uint64_t> SymValueOrError = BC.getSymbolValue(*TargetSym); 863 assert(SymValueOrError && "Global symbol needs a value"); 864 return *SymValueOrError + TargetOffset; 865 }; 866 867 // RIP-relative addressing should be converted to symbol form by now 868 // in processed instructions (but not in jump). 869 if (DispExpr) { 870 ArrayStart = getExprValue(DispExpr); 871 BaseRegNum = BC.MIB->getNoRegister(); 872 if (BC.isAArch64()) { 873 ArrayStart &= ~0xFFFULL; 874 ArrayStart += DispValue & 0xFFFULL; 875 } 876 } else { 877 ArrayStart = static_cast<uint64_t>(DispValue); 878 } 879 880 if (BaseRegNum == BC.MRI->getProgramCounter()) 881 ArrayStart += getAddress() + Offset + Size; 882 883 if (FixedEntryLoadInstr) { 884 assert(BranchType == IndirectBranchType::POSSIBLE_PIC_FIXED_BRANCH && 885 "Invalid IndirectBranch type"); 886 MCInst::iterator FixedEntryDispOperand = 887 BC.MIB->getMemOperandDisp(*FixedEntryLoadInstr); 888 assert(FixedEntryDispOperand != FixedEntryLoadInstr->end() && 889 "Invalid memory instruction"); 890 const MCExpr *FixedEntryDispExpr = FixedEntryDispOperand->getExpr(); 891 const uint64_t EntryAddress = getExprValue(FixedEntryDispExpr); 892 uint64_t EntrySize = BC.getJumpTableEntrySize(JumpTable::JTT_PIC); 893 ErrorOr<int64_t> Value = 894 BC.getSignedValueAtAddress(EntryAddress, EntrySize); 895 if (!Value) 896 return IndirectBranchType::UNKNOWN; 897 898 BC.outs() << "BOLT-INFO: fixed PIC indirect branch detected in " << *this 899 << " at 0x" << Twine::utohexstr(getAddress() + Offset) 900 << " referencing data at 0x" << Twine::utohexstr(EntryAddress) 901 << " the destination value is 0x" 902 << Twine::utohexstr(ArrayStart + *Value) << '\n'; 903 904 TargetAddress = ArrayStart + *Value; 905 906 // Remove spurious JumpTable at EntryAddress caused by PIC reference from 907 // the load instruction. 908 BC.deleteJumpTable(EntryAddress); 909 910 // Replace FixedEntryDispExpr used in target address calculation with outer 911 // jump table reference. 912 JumpTable *JT = BC.getJumpTableContainingAddress(ArrayStart); 913 assert(JT && "Must have a containing jump table for PIC fixed branch"); 914 BC.MIB->replaceMemOperandDisp(*FixedEntryLoadInstr, JT->getFirstLabel(), 915 EntryAddress - ArrayStart, &*BC.Ctx); 916 917 return BranchType; 918 } 919 920 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: addressed memory is 0x" 921 << Twine::utohexstr(ArrayStart) << '\n'); 922 923 ErrorOr<BinarySection &> Section = BC.getSectionForAddress(ArrayStart); 924 if (!Section) { 925 // No section - possibly an absolute address. Since we don't allow 926 // internal function addresses to escape the function scope - we 927 // consider it a tail call. 928 if (opts::Verbosity >= 1) { 929 BC.errs() << "BOLT-WARNING: no section for address 0x" 930 << Twine::utohexstr(ArrayStart) << " referenced from function " 931 << *this << '\n'; 932 } 933 return IndirectBranchType::POSSIBLE_TAIL_CALL; 934 } 935 if (Section->isVirtual()) { 936 // The contents are filled at runtime. 937 return IndirectBranchType::POSSIBLE_TAIL_CALL; 938 } 939 940 if (BranchType == IndirectBranchType::POSSIBLE_FIXED_BRANCH) { 941 ErrorOr<uint64_t> Value = BC.getPointerAtAddress(ArrayStart); 942 if (!Value) 943 return IndirectBranchType::UNKNOWN; 944 945 if (BC.getSectionForAddress(ArrayStart)->isWritable()) 946 return IndirectBranchType::UNKNOWN; 947 948 BC.outs() << "BOLT-INFO: fixed indirect branch detected in " << *this 949 << " at 0x" << Twine::utohexstr(getAddress() + Offset) 950 << " referencing data at 0x" << Twine::utohexstr(ArrayStart) 951 << " the destination value is 0x" << Twine::utohexstr(*Value) 952 << '\n'; 953 954 TargetAddress = *Value; 955 return BranchType; 956 } 957 958 // Check if there's already a jump table registered at this address. 959 MemoryContentsType MemType; 960 if (JumpTable *JT = BC.getJumpTableContainingAddress(ArrayStart)) { 961 switch (JT->Type) { 962 case JumpTable::JTT_NORMAL: 963 MemType = MemoryContentsType::POSSIBLE_JUMP_TABLE; 964 break; 965 case JumpTable::JTT_PIC: 966 MemType = MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE; 967 break; 968 } 969 } else { 970 MemType = BC.analyzeMemoryAt(ArrayStart, *this); 971 } 972 973 // Check that jump table type in instruction pattern matches memory contents. 974 JumpTable::JumpTableType JTType; 975 if (BranchType == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE) { 976 if (MemType != MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE) 977 return IndirectBranchType::UNKNOWN; 978 JTType = JumpTable::JTT_PIC; 979 } else { 980 if (MemType == MemoryContentsType::POSSIBLE_PIC_JUMP_TABLE) 981 return IndirectBranchType::UNKNOWN; 982 983 if (MemType == MemoryContentsType::UNKNOWN) 984 return IndirectBranchType::POSSIBLE_TAIL_CALL; 985 986 BranchType = IndirectBranchType::POSSIBLE_JUMP_TABLE; 987 JTType = JumpTable::JTT_NORMAL; 988 } 989 990 // Convert the instruction into jump table branch. 991 const MCSymbol *JTLabel = BC.getOrCreateJumpTable(*this, ArrayStart, JTType); 992 BC.MIB->replaceMemOperandDisp(*MemLocInstr, JTLabel, BC.Ctx.get()); 993 BC.MIB->setJumpTable(Instruction, ArrayStart, IndexRegNum); 994 995 JTSites.emplace_back(Offset, ArrayStart); 996 997 return BranchType; 998 } 999 1000 MCSymbol *BinaryFunction::getOrCreateLocalLabel(uint64_t Address, 1001 bool CreatePastEnd) { 1002 const uint64_t Offset = Address - getAddress(); 1003 1004 if ((Offset == getSize()) && CreatePastEnd) 1005 return getFunctionEndLabel(); 1006 1007 auto LI = Labels.find(Offset); 1008 if (LI != Labels.end()) 1009 return LI->second; 1010 1011 // For AArch64, check if this address is part of a constant island. 1012 if (BC.isAArch64()) { 1013 if (MCSymbol *IslandSym = getOrCreateIslandAccess(Address)) 1014 return IslandSym; 1015 } 1016 1017 MCSymbol *Label = BC.Ctx->createNamedTempSymbol(); 1018 Labels[Offset] = Label; 1019 1020 return Label; 1021 } 1022 1023 ErrorOr<ArrayRef<uint8_t>> BinaryFunction::getData() const { 1024 BinarySection &Section = *getOriginSection(); 1025 assert(Section.containsRange(getAddress(), getMaxSize()) && 1026 "wrong section for function"); 1027 1028 if (!Section.isText() || Section.isVirtual() || !Section.getSize()) 1029 return std::make_error_code(std::errc::bad_address); 1030 1031 StringRef SectionContents = Section.getContents(); 1032 1033 assert(SectionContents.size() == Section.getSize() && 1034 "section size mismatch"); 1035 1036 // Function offset from the section start. 1037 uint64_t Offset = getAddress() - Section.getAddress(); 1038 auto *Bytes = reinterpret_cast<const uint8_t *>(SectionContents.data()); 1039 return ArrayRef<uint8_t>(Bytes + Offset, getMaxSize()); 1040 } 1041 1042 size_t BinaryFunction::getSizeOfDataInCodeAt(uint64_t Offset) const { 1043 if (!Islands) 1044 return 0; 1045 1046 if (!llvm::is_contained(Islands->DataOffsets, Offset)) 1047 return 0; 1048 1049 auto Iter = Islands->CodeOffsets.upper_bound(Offset); 1050 if (Iter != Islands->CodeOffsets.end()) 1051 return *Iter - Offset; 1052 return getSize() - Offset; 1053 } 1054 1055 bool BinaryFunction::isZeroPaddingAt(uint64_t Offset) const { 1056 ArrayRef<uint8_t> FunctionData = *getData(); 1057 uint64_t EndOfCode = getSize(); 1058 if (Islands) { 1059 auto Iter = Islands->DataOffsets.upper_bound(Offset); 1060 if (Iter != Islands->DataOffsets.end()) 1061 EndOfCode = *Iter; 1062 } 1063 for (uint64_t I = Offset; I < EndOfCode; ++I) 1064 if (FunctionData[I] != 0) 1065 return false; 1066 1067 return true; 1068 } 1069 1070 Error BinaryFunction::handlePCRelOperand(MCInst &Instruction, uint64_t Address, 1071 uint64_t Size) { 1072 auto &MIB = BC.MIB; 1073 uint64_t TargetAddress = 0; 1074 if (!MIB->evaluateMemOperandTarget(Instruction, TargetAddress, Address, 1075 Size)) { 1076 std::string Msg; 1077 raw_string_ostream SS(Msg); 1078 SS << "BOLT-ERROR: PC-relative operand can't be evaluated:\n"; 1079 BC.InstPrinter->printInst(&Instruction, 0, "", *BC.STI, SS); 1080 SS << '\n'; 1081 Instruction.dump_pretty(SS, BC.InstPrinter.get()); 1082 SS << '\n'; 1083 SS << "BOLT-ERROR: cannot handle PC-relative operand at 0x" 1084 << Twine::utohexstr(Address) << ". Skipping function " << *this << ".\n"; 1085 if (BC.HasRelocations) 1086 return createFatalBOLTError(Msg); 1087 IsSimple = false; 1088 return createNonFatalBOLTError(Msg); 1089 } 1090 if (TargetAddress == 0 && opts::Verbosity >= 1) { 1091 BC.outs() << "BOLT-INFO: PC-relative operand is zero in function " << *this 1092 << '\n'; 1093 } 1094 1095 const MCSymbol *TargetSymbol; 1096 uint64_t TargetOffset; 1097 std::tie(TargetSymbol, TargetOffset) = 1098 BC.handleAddressRef(TargetAddress, *this, /*IsPCRel*/ true); 1099 1100 bool ReplaceSuccess = MIB->replaceMemOperandDisp( 1101 Instruction, TargetSymbol, static_cast<int64_t>(TargetOffset), &*BC.Ctx); 1102 (void)ReplaceSuccess; 1103 assert(ReplaceSuccess && "Failed to replace mem operand with symbol+off."); 1104 return Error::success(); 1105 } 1106 1107 MCSymbol *BinaryFunction::handleExternalReference(MCInst &Instruction, 1108 uint64_t Size, 1109 uint64_t Offset, 1110 uint64_t TargetAddress, 1111 bool &IsCall) { 1112 auto &MIB = BC.MIB; 1113 1114 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1115 BC.addInterproceduralReference(this, TargetAddress); 1116 if (opts::Verbosity >= 2 && !IsCall && Size == 2 && !BC.HasRelocations) { 1117 BC.errs() << "BOLT-WARNING: relaxed tail call detected at 0x" 1118 << Twine::utohexstr(AbsoluteInstrAddr) << " in function " << *this 1119 << ". Code size will be increased.\n"; 1120 } 1121 1122 assert(!MIB->isTailCall(Instruction) && 1123 "synthetic tail call instruction found"); 1124 1125 // This is a call regardless of the opcode. 1126 // Assign proper opcode for tail calls, so that they could be 1127 // treated as calls. 1128 if (!IsCall) { 1129 if (!MIB->convertJmpToTailCall(Instruction)) { 1130 assert(MIB->isConditionalBranch(Instruction) && 1131 "unknown tail call instruction"); 1132 if (opts::Verbosity >= 2) { 1133 BC.errs() << "BOLT-WARNING: conditional tail call detected in " 1134 << "function " << *this << " at 0x" 1135 << Twine::utohexstr(AbsoluteInstrAddr) << ".\n"; 1136 } 1137 } 1138 IsCall = true; 1139 } 1140 1141 if (opts::Verbosity >= 2 && TargetAddress == 0) { 1142 // We actually see calls to address 0 in presence of weak 1143 // symbols originating from libraries. This code is never meant 1144 // to be executed. 1145 BC.outs() << "BOLT-INFO: Function " << *this 1146 << " has a call to address zero.\n"; 1147 } 1148 1149 return BC.getOrCreateGlobalSymbol(TargetAddress, "FUNCat"); 1150 } 1151 1152 void BinaryFunction::handleIndirectBranch(MCInst &Instruction, uint64_t Size, 1153 uint64_t Offset) { 1154 auto &MIB = BC.MIB; 1155 uint64_t IndirectTarget = 0; 1156 IndirectBranchType Result = 1157 processIndirectBranch(Instruction, Size, Offset, IndirectTarget); 1158 switch (Result) { 1159 default: 1160 llvm_unreachable("unexpected result"); 1161 case IndirectBranchType::POSSIBLE_TAIL_CALL: { 1162 bool Result = MIB->convertJmpToTailCall(Instruction); 1163 (void)Result; 1164 assert(Result); 1165 break; 1166 } 1167 case IndirectBranchType::POSSIBLE_JUMP_TABLE: 1168 case IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE: 1169 case IndirectBranchType::POSSIBLE_PIC_FIXED_BRANCH: 1170 if (opts::JumpTables == JTS_NONE) 1171 IsSimple = false; 1172 break; 1173 case IndirectBranchType::POSSIBLE_FIXED_BRANCH: { 1174 if (containsAddress(IndirectTarget)) { 1175 const MCSymbol *TargetSymbol = getOrCreateLocalLabel(IndirectTarget); 1176 Instruction.clear(); 1177 MIB->createUncondBranch(Instruction, TargetSymbol, BC.Ctx.get()); 1178 TakenBranches.emplace_back(Offset, IndirectTarget - getAddress()); 1179 addEntryPointAtOffset(IndirectTarget - getAddress()); 1180 } else { 1181 MIB->convertJmpToTailCall(Instruction); 1182 BC.addInterproceduralReference(this, IndirectTarget); 1183 } 1184 break; 1185 } 1186 case IndirectBranchType::UNKNOWN: 1187 // Keep processing. We'll do more checks and fixes in 1188 // postProcessIndirectBranches(). 1189 UnknownIndirectBranchOffsets.emplace(Offset); 1190 break; 1191 } 1192 } 1193 1194 void BinaryFunction::handleAArch64IndirectCall(MCInst &Instruction, 1195 const uint64_t Offset) { 1196 auto &MIB = BC.MIB; 1197 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1198 MCInst *TargetHiBits, *TargetLowBits; 1199 uint64_t TargetAddress, Count; 1200 Count = MIB->matchLinkerVeneer(Instructions.begin(), Instructions.end(), 1201 AbsoluteInstrAddr, Instruction, TargetHiBits, 1202 TargetLowBits, TargetAddress); 1203 if (Count) { 1204 MIB->addAnnotation(Instruction, "AArch64Veneer", true); 1205 --Count; 1206 for (auto It = std::prev(Instructions.end()); Count != 0; 1207 It = std::prev(It), --Count) { 1208 MIB->addAnnotation(It->second, "AArch64Veneer", true); 1209 } 1210 1211 BC.addAdrpAddRelocAArch64(*this, *TargetLowBits, *TargetHiBits, 1212 TargetAddress); 1213 } 1214 } 1215 1216 std::optional<MCInst> 1217 BinaryFunction::disassembleInstructionAtOffset(uint64_t Offset) const { 1218 assert(CurrentState == State::Empty && "Function should not be disassembled"); 1219 assert(Offset < MaxSize && "Invalid offset"); 1220 ErrorOr<ArrayRef<unsigned char>> FunctionData = getData(); 1221 assert(FunctionData && "Cannot get function as data"); 1222 MCInst Instr; 1223 uint64_t InstrSize = 0; 1224 const uint64_t InstrAddress = getAddress() + Offset; 1225 if (BC.DisAsm->getInstruction(Instr, InstrSize, FunctionData->slice(Offset), 1226 InstrAddress, nulls())) 1227 return Instr; 1228 return std::nullopt; 1229 } 1230 1231 Error BinaryFunction::disassemble() { 1232 NamedRegionTimer T("disassemble", "Disassemble function", "buildfuncs", 1233 "Build Binary Functions", opts::TimeBuild); 1234 ErrorOr<ArrayRef<uint8_t>> ErrorOrFunctionData = getData(); 1235 assert(ErrorOrFunctionData && "function data is not available"); 1236 ArrayRef<uint8_t> FunctionData = *ErrorOrFunctionData; 1237 assert(FunctionData.size() == getMaxSize() && 1238 "function size does not match raw data size"); 1239 1240 auto &Ctx = BC.Ctx; 1241 auto &MIB = BC.MIB; 1242 1243 BC.SymbolicDisAsm->setSymbolizer(MIB->createTargetSymbolizer(*this)); 1244 1245 // Insert a label at the beginning of the function. This will be our first 1246 // basic block. 1247 Labels[0] = Ctx->createNamedTempSymbol("BB0"); 1248 1249 // Map offsets in the function to a label that should always point to the 1250 // corresponding instruction. This is used for labels that shouldn't point to 1251 // the start of a basic block but always to a specific instruction. This is 1252 // used, for example, on RISC-V where %pcrel_lo relocations point to the 1253 // corresponding %pcrel_hi. 1254 LabelsMapType InstructionLabels; 1255 1256 uint64_t Size = 0; // instruction size 1257 for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) { 1258 MCInst Instruction; 1259 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1260 1261 // Check for data inside code and ignore it 1262 if (const size_t DataInCodeSize = getSizeOfDataInCodeAt(Offset)) { 1263 Size = DataInCodeSize; 1264 continue; 1265 } 1266 1267 if (!BC.SymbolicDisAsm->getInstruction(Instruction, Size, 1268 FunctionData.slice(Offset), 1269 AbsoluteInstrAddr, nulls())) { 1270 // Functions with "soft" boundaries, e.g. coming from assembly source, 1271 // can have 0-byte padding at the end. 1272 if (isZeroPaddingAt(Offset)) 1273 break; 1274 1275 BC.errs() 1276 << "BOLT-WARNING: unable to disassemble instruction at offset 0x" 1277 << Twine::utohexstr(Offset) << " (address 0x" 1278 << Twine::utohexstr(AbsoluteInstrAddr) << ") in function " << *this 1279 << '\n'; 1280 // Some AVX-512 instructions could not be disassembled at all. 1281 if (BC.HasRelocations && opts::TrapOnAVX512 && BC.isX86()) { 1282 setTrapOnEntry(); 1283 BC.TrappedFunctions.push_back(this); 1284 } else { 1285 setIgnored(); 1286 } 1287 1288 break; 1289 } 1290 1291 // Check integrity of LLVM assembler/disassembler. 1292 if (opts::CheckEncoding && !BC.MIB->isBranch(Instruction) && 1293 !BC.MIB->isCall(Instruction) && !BC.MIB->isNoop(Instruction)) { 1294 if (!BC.validateInstructionEncoding(FunctionData.slice(Offset, Size))) { 1295 BC.errs() << "BOLT-WARNING: mismatching LLVM encoding detected in " 1296 << "function " << *this << " for instruction :\n"; 1297 BC.printInstruction(BC.errs(), Instruction, AbsoluteInstrAddr); 1298 BC.errs() << '\n'; 1299 } 1300 } 1301 1302 // Special handling for AVX-512 instructions. 1303 if (MIB->hasEVEXEncoding(Instruction)) { 1304 if (BC.HasRelocations && opts::TrapOnAVX512) { 1305 setTrapOnEntry(); 1306 BC.TrappedFunctions.push_back(this); 1307 break; 1308 } 1309 1310 if (!BC.validateInstructionEncoding(FunctionData.slice(Offset, Size))) { 1311 BC.errs() << "BOLT-WARNING: internal assembler/disassembler error " 1312 "detected for AVX512 instruction:\n"; 1313 BC.printInstruction(BC.errs(), Instruction, AbsoluteInstrAddr); 1314 BC.errs() << " in function " << *this << '\n'; 1315 setIgnored(); 1316 break; 1317 } 1318 } 1319 1320 bool IsUnsupported = BC.MIB->isUnsupportedInstruction(Instruction); 1321 if (IsUnsupported) 1322 setIgnored(); 1323 1324 if (MIB->isBranch(Instruction) || MIB->isCall(Instruction)) { 1325 uint64_t TargetAddress = 0; 1326 if (MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size, 1327 TargetAddress)) { 1328 // Check if the target is within the same function. Otherwise it's 1329 // a call, possibly a tail call. 1330 // 1331 // If the target *is* the function address it could be either a branch 1332 // or a recursive call. 1333 bool IsCall = MIB->isCall(Instruction); 1334 const bool IsCondBranch = MIB->isConditionalBranch(Instruction); 1335 MCSymbol *TargetSymbol = nullptr; 1336 1337 if (IsUnsupported) 1338 if (auto *TargetFunc = 1339 BC.getBinaryFunctionContainingAddress(TargetAddress)) 1340 TargetFunc->setIgnored(); 1341 1342 if (IsCall && TargetAddress == getAddress()) { 1343 // A recursive call. Calls to internal blocks are handled by 1344 // ValidateInternalCalls pass. 1345 TargetSymbol = getSymbol(); 1346 } 1347 1348 if (!TargetSymbol) { 1349 // Create either local label or external symbol. 1350 if (containsAddress(TargetAddress)) { 1351 TargetSymbol = getOrCreateLocalLabel(TargetAddress); 1352 } else { 1353 if (TargetAddress == getAddress() + getSize() && 1354 TargetAddress < getAddress() + getMaxSize() && 1355 !(BC.isAArch64() && 1356 BC.handleAArch64Veneer(TargetAddress, /*MatchOnly*/ true))) { 1357 // Result of __builtin_unreachable(). 1358 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: jump past end detected at 0x" 1359 << Twine::utohexstr(AbsoluteInstrAddr) 1360 << " in function " << *this 1361 << " : replacing with nop.\n"); 1362 BC.MIB->createNoop(Instruction); 1363 if (IsCondBranch) { 1364 // Register branch offset for profile validation. 1365 IgnoredBranches.emplace_back(Offset, Offset + Size); 1366 } 1367 goto add_instruction; 1368 } 1369 // May update Instruction and IsCall 1370 TargetSymbol = handleExternalReference(Instruction, Size, Offset, 1371 TargetAddress, IsCall); 1372 } 1373 } 1374 1375 if (!IsCall) { 1376 // Add taken branch info. 1377 TakenBranches.emplace_back(Offset, TargetAddress - getAddress()); 1378 } 1379 BC.MIB->replaceBranchTarget(Instruction, TargetSymbol, &*Ctx); 1380 1381 // Mark CTC. 1382 if (IsCondBranch && IsCall) 1383 MIB->setConditionalTailCall(Instruction, TargetAddress); 1384 } else { 1385 // Could not evaluate branch. Should be an indirect call or an 1386 // indirect branch. Bail out on the latter case. 1387 if (MIB->isIndirectBranch(Instruction)) 1388 handleIndirectBranch(Instruction, Size, Offset); 1389 // Indirect call. We only need to fix it if the operand is RIP-relative. 1390 if (IsSimple && MIB->hasPCRelOperand(Instruction)) { 1391 if (auto NewE = handleErrors( 1392 handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size), 1393 [&](const BOLTError &E) -> Error { 1394 if (E.isFatal()) 1395 return Error(std::make_unique<BOLTError>(std::move(E))); 1396 if (!E.getMessage().empty()) 1397 E.log(BC.errs()); 1398 return Error::success(); 1399 })) { 1400 return Error(std::move(NewE)); 1401 } 1402 } 1403 1404 if (BC.isAArch64()) 1405 handleAArch64IndirectCall(Instruction, Offset); 1406 } 1407 } else if (BC.isAArch64() || BC.isRISCV()) { 1408 // Check if there's a relocation associated with this instruction. 1409 bool UsedReloc = false; 1410 for (auto Itr = Relocations.lower_bound(Offset), 1411 ItrE = Relocations.lower_bound(Offset + Size); 1412 Itr != ItrE; ++Itr) { 1413 const Relocation &Relocation = Itr->second; 1414 MCSymbol *Symbol = Relocation.Symbol; 1415 1416 if (Relocation::isInstructionReference(Relocation.Type)) { 1417 uint64_t RefOffset = Relocation.Value - getAddress(); 1418 LabelsMapType::iterator LI = InstructionLabels.find(RefOffset); 1419 1420 if (LI == InstructionLabels.end()) { 1421 Symbol = BC.Ctx->createNamedTempSymbol(); 1422 InstructionLabels.emplace(RefOffset, Symbol); 1423 } else { 1424 Symbol = LI->second; 1425 } 1426 } 1427 1428 int64_t Value = Relocation.Value; 1429 const bool Result = BC.MIB->replaceImmWithSymbolRef( 1430 Instruction, Symbol, Relocation.Addend, Ctx.get(), Value, 1431 Relocation.Type); 1432 (void)Result; 1433 assert(Result && "cannot replace immediate with relocation"); 1434 1435 // For aarch64, if we replaced an immediate with a symbol from a 1436 // relocation, we mark it so we do not try to further process a 1437 // pc-relative operand. All we need is the symbol. 1438 UsedReloc = true; 1439 } 1440 1441 if (!BC.isRISCV() && MIB->hasPCRelOperand(Instruction) && !UsedReloc) { 1442 if (auto NewE = handleErrors( 1443 handlePCRelOperand(Instruction, AbsoluteInstrAddr, Size), 1444 [&](const BOLTError &E) -> Error { 1445 if (E.isFatal()) 1446 return Error(std::make_unique<BOLTError>(std::move(E))); 1447 if (!E.getMessage().empty()) 1448 E.log(BC.errs()); 1449 return Error::success(); 1450 })) 1451 return Error(std::move(NewE)); 1452 } 1453 } 1454 1455 add_instruction: 1456 if (getDWARFLineTable()) { 1457 Instruction.setLoc(findDebugLineInformationForInstructionAt( 1458 AbsoluteInstrAddr, getDWARFUnit(), getDWARFLineTable())); 1459 } 1460 1461 // Record offset of the instruction for profile matching. 1462 if (BC.keepOffsetForInstruction(Instruction)) 1463 MIB->setOffset(Instruction, static_cast<uint32_t>(Offset)); 1464 1465 if (BC.isX86() && BC.MIB->isNoop(Instruction)) { 1466 // NOTE: disassembly loses the correct size information for noops on x86. 1467 // E.g. nopw 0x0(%rax,%rax,1) is 9 bytes, but re-encoded it's only 1468 // 5 bytes. Preserve the size info using annotations. 1469 MIB->setSize(Instruction, Size); 1470 } 1471 1472 addInstruction(Offset, std::move(Instruction)); 1473 } 1474 1475 for (auto [Offset, Label] : InstructionLabels) { 1476 InstrMapType::iterator II = Instructions.find(Offset); 1477 assert(II != Instructions.end() && "reference to non-existing instruction"); 1478 1479 BC.MIB->setInstLabel(II->second, Label); 1480 } 1481 1482 // Reset symbolizer for the disassembler. 1483 BC.SymbolicDisAsm->setSymbolizer(nullptr); 1484 1485 if (uint64_t Offset = getFirstInstructionOffset()) 1486 Labels[Offset] = BC.Ctx->createNamedTempSymbol(); 1487 1488 clearList(Relocations); 1489 1490 if (!IsSimple) { 1491 clearList(Instructions); 1492 return createNonFatalBOLTError(""); 1493 } 1494 1495 updateState(State::Disassembled); 1496 1497 return Error::success(); 1498 } 1499 1500 MCSymbol *BinaryFunction::registerBranch(uint64_t Src, uint64_t Dst) { 1501 assert(CurrentState == State::Disassembled && 1502 "Cannot register branch unless function is in disassembled state."); 1503 assert(containsAddress(Src) && containsAddress(Dst) && 1504 "Cannot register external branch."); 1505 MCSymbol *Target = getOrCreateLocalLabel(Dst); 1506 TakenBranches.emplace_back(Src - getAddress(), Dst - getAddress()); 1507 return Target; 1508 } 1509 1510 bool BinaryFunction::scanExternalRefs() { 1511 bool Success = true; 1512 bool DisassemblyFailed = false; 1513 1514 // Ignore pseudo functions. 1515 if (isPseudo()) 1516 return Success; 1517 1518 if (opts::NoScan) { 1519 clearList(Relocations); 1520 clearList(ExternallyReferencedOffsets); 1521 1522 return false; 1523 } 1524 1525 // List of external references for this function. 1526 std::vector<Relocation> FunctionRelocations; 1527 1528 static BinaryContext::IndependentCodeEmitter Emitter = 1529 BC.createIndependentMCCodeEmitter(); 1530 1531 ErrorOr<ArrayRef<uint8_t>> ErrorOrFunctionData = getData(); 1532 assert(ErrorOrFunctionData && "function data is not available"); 1533 ArrayRef<uint8_t> FunctionData = *ErrorOrFunctionData; 1534 assert(FunctionData.size() == getMaxSize() && 1535 "function size does not match raw data size"); 1536 1537 BC.SymbolicDisAsm->setSymbolizer( 1538 BC.MIB->createTargetSymbolizer(*this, /*CreateSymbols*/ false)); 1539 1540 // Disassemble contents of the function. Detect code entry points and create 1541 // relocations for references to code that will be moved. 1542 uint64_t Size = 0; // instruction size 1543 for (uint64_t Offset = 0; Offset < getSize(); Offset += Size) { 1544 // Check for data inside code and ignore it 1545 if (const size_t DataInCodeSize = getSizeOfDataInCodeAt(Offset)) { 1546 Size = DataInCodeSize; 1547 continue; 1548 } 1549 1550 const uint64_t AbsoluteInstrAddr = getAddress() + Offset; 1551 MCInst Instruction; 1552 if (!BC.SymbolicDisAsm->getInstruction(Instruction, Size, 1553 FunctionData.slice(Offset), 1554 AbsoluteInstrAddr, nulls())) { 1555 if (opts::Verbosity >= 1 && !isZeroPaddingAt(Offset)) { 1556 BC.errs() 1557 << "BOLT-WARNING: unable to disassemble instruction at offset 0x" 1558 << Twine::utohexstr(Offset) << " (address 0x" 1559 << Twine::utohexstr(AbsoluteInstrAddr) << ") in function " << *this 1560 << '\n'; 1561 } 1562 Success = false; 1563 DisassemblyFailed = true; 1564 break; 1565 } 1566 1567 // Return true if we can skip handling the Target function reference. 1568 auto ignoreFunctionRef = [&](const BinaryFunction &Target) { 1569 if (&Target == this) 1570 return true; 1571 1572 // Note that later we may decide not to emit Target function. In that 1573 // case, we conservatively create references that will be ignored or 1574 // resolved to the same function. 1575 if (!BC.shouldEmit(Target)) 1576 return true; 1577 1578 return false; 1579 }; 1580 1581 // Return true if we can ignore reference to the symbol. 1582 auto ignoreReference = [&](const MCSymbol *TargetSymbol) { 1583 if (!TargetSymbol) 1584 return true; 1585 1586 if (BC.forceSymbolRelocations(TargetSymbol->getName())) 1587 return false; 1588 1589 BinaryFunction *TargetFunction = BC.getFunctionForSymbol(TargetSymbol); 1590 if (!TargetFunction) 1591 return true; 1592 1593 return ignoreFunctionRef(*TargetFunction); 1594 }; 1595 1596 // Handle calls and branches separately as symbolization doesn't work for 1597 // them yet. 1598 MCSymbol *BranchTargetSymbol = nullptr; 1599 if (BC.MIB->isCall(Instruction) || BC.MIB->isBranch(Instruction)) { 1600 uint64_t TargetAddress = 0; 1601 BC.MIB->evaluateBranch(Instruction, AbsoluteInstrAddr, Size, 1602 TargetAddress); 1603 1604 // Create an entry point at reference address if needed. 1605 BinaryFunction *TargetFunction = 1606 BC.getBinaryFunctionContainingAddress(TargetAddress); 1607 1608 if (!TargetFunction || ignoreFunctionRef(*TargetFunction)) 1609 continue; 1610 1611 const uint64_t FunctionOffset = 1612 TargetAddress - TargetFunction->getAddress(); 1613 BranchTargetSymbol = 1614 FunctionOffset ? TargetFunction->addEntryPointAtOffset(FunctionOffset) 1615 : TargetFunction->getSymbol(); 1616 } 1617 1618 // Can't find more references. Not creating relocations since we are not 1619 // moving code. 1620 if (!BC.HasRelocations) 1621 continue; 1622 1623 if (BranchTargetSymbol) { 1624 BC.MIB->replaceBranchTarget(Instruction, BranchTargetSymbol, 1625 Emitter.LocalCtx.get()); 1626 } else if (!llvm::any_of(Instruction, 1627 [](const MCOperand &Op) { return Op.isExpr(); })) { 1628 // Skip assembly if the instruction may not have any symbolic operands. 1629 continue; 1630 } 1631 1632 // Emit the instruction using temp emitter and generate relocations. 1633 SmallString<256> Code; 1634 SmallVector<MCFixup, 4> Fixups; 1635 Emitter.MCE->encodeInstruction(Instruction, Code, Fixups, *BC.STI); 1636 1637 // Create relocation for every fixup. 1638 for (const MCFixup &Fixup : Fixups) { 1639 std::optional<Relocation> Rel = BC.MIB->createRelocation(Fixup, *BC.MAB); 1640 if (!Rel) { 1641 Success = false; 1642 continue; 1643 } 1644 1645 if (ignoreReference(Rel->Symbol)) 1646 continue; 1647 1648 if (Relocation::getSizeForType(Rel->Type) < 4) { 1649 // If the instruction uses a short form, then we might not be able 1650 // to handle the rewrite without relaxation, and hence cannot reliably 1651 // create an external reference relocation. 1652 Success = false; 1653 continue; 1654 } 1655 Rel->Offset += getAddress() - getOriginSection()->getAddress() + Offset; 1656 FunctionRelocations.push_back(*Rel); 1657 } 1658 1659 if (!Success) 1660 break; 1661 } 1662 1663 // Reset symbolizer for the disassembler. 1664 BC.SymbolicDisAsm->setSymbolizer(nullptr); 1665 1666 // Add relocations unless disassembly failed for this function. 1667 if (!DisassemblyFailed) 1668 for (Relocation &Rel : FunctionRelocations) 1669 getOriginSection()->addPendingRelocation(Rel); 1670 1671 // Inform BinaryContext that this function symbols will not be defined and 1672 // relocations should not be created against them. 1673 if (BC.HasRelocations) { 1674 for (std::pair<const uint32_t, MCSymbol *> &LI : Labels) 1675 BC.UndefinedSymbols.insert(LI.second); 1676 for (MCSymbol *const EndLabel : FunctionEndLabels) 1677 if (EndLabel) 1678 BC.UndefinedSymbols.insert(EndLabel); 1679 } 1680 1681 clearList(Relocations); 1682 clearList(ExternallyReferencedOffsets); 1683 1684 if (Success && BC.HasRelocations) 1685 HasExternalRefRelocations = true; 1686 1687 if (opts::Verbosity >= 1 && !Success) 1688 BC.outs() << "BOLT-INFO: failed to scan refs for " << *this << '\n'; 1689 1690 return Success; 1691 } 1692 1693 void BinaryFunction::postProcessEntryPoints() { 1694 if (!isSimple()) 1695 return; 1696 1697 for (auto &KV : Labels) { 1698 MCSymbol *Label = KV.second; 1699 if (!getSecondaryEntryPointSymbol(Label)) 1700 continue; 1701 1702 // In non-relocation mode there's potentially an external undetectable 1703 // reference to the entry point and hence we cannot move this entry 1704 // point. Optimizing without moving could be difficult. 1705 // In BAT mode, register any known entry points for CFG construction. 1706 if (!BC.HasRelocations && !BC.HasBATSection) 1707 setSimple(false); 1708 1709 const uint32_t Offset = KV.first; 1710 1711 // If we are at Offset 0 and there is no instruction associated with it, 1712 // this means this is an empty function. Just ignore. If we find an 1713 // instruction at this offset, this entry point is valid. 1714 if (!Offset || getInstructionAtOffset(Offset)) 1715 continue; 1716 1717 // On AArch64 there are legitimate reasons to have references past the 1718 // end of the function, e.g. jump tables. 1719 if (BC.isAArch64() && Offset == getSize()) 1720 continue; 1721 1722 BC.errs() << "BOLT-WARNING: reference in the middle of instruction " 1723 "detected in function " 1724 << *this << " at offset 0x" << Twine::utohexstr(Offset) << '\n'; 1725 if (BC.HasRelocations) 1726 setIgnored(); 1727 setSimple(false); 1728 return; 1729 } 1730 } 1731 1732 void BinaryFunction::postProcessJumpTables() { 1733 // Create labels for all entries. 1734 for (auto &JTI : JumpTables) { 1735 JumpTable &JT = *JTI.second; 1736 if (JT.Type == JumpTable::JTT_PIC && opts::JumpTables == JTS_BASIC) { 1737 opts::JumpTables = JTS_MOVE; 1738 BC.outs() << "BOLT-INFO: forcing -jump-tables=move as PIC jump table was " 1739 "detected in function " 1740 << *this << '\n'; 1741 } 1742 const uint64_t BDSize = 1743 BC.getBinaryDataAtAddress(JT.getAddress())->getSize(); 1744 if (!BDSize) { 1745 BC.setBinaryDataSize(JT.getAddress(), JT.getSize()); 1746 } else { 1747 assert(BDSize >= JT.getSize() && 1748 "jump table cannot be larger than the containing object"); 1749 } 1750 if (!JT.Entries.empty()) 1751 continue; 1752 1753 bool HasOneParent = (JT.Parents.size() == 1); 1754 for (uint64_t EntryAddress : JT.EntriesAsAddress) { 1755 // builtin_unreachable does not belong to any function 1756 // Need to handle separately 1757 bool IsBuiltinUnreachable = 1758 llvm::any_of(JT.Parents, [&](const BinaryFunction *Parent) { 1759 return EntryAddress == Parent->getAddress() + Parent->getSize(); 1760 }); 1761 if (IsBuiltinUnreachable) { 1762 MCSymbol *Label = getOrCreateLocalLabel(EntryAddress, true); 1763 JT.Entries.push_back(Label); 1764 continue; 1765 } 1766 // Create a local label for targets that cannot be reached by other 1767 // fragments. Otherwise, create a secondary entry point in the target 1768 // function. 1769 BinaryFunction *TargetBF = 1770 BC.getBinaryFunctionContainingAddress(EntryAddress); 1771 MCSymbol *Label; 1772 if (HasOneParent && TargetBF == this) { 1773 Label = getOrCreateLocalLabel(EntryAddress, true); 1774 } else { 1775 const uint64_t Offset = EntryAddress - TargetBF->getAddress(); 1776 Label = Offset ? TargetBF->addEntryPointAtOffset(Offset) 1777 : TargetBF->getSymbol(); 1778 } 1779 JT.Entries.push_back(Label); 1780 } 1781 } 1782 1783 // Add TakenBranches from JumpTables. 1784 // 1785 // We want to do it after initial processing since we don't know jump tables' 1786 // boundaries until we process them all. 1787 for (auto &JTSite : JTSites) { 1788 const uint64_t JTSiteOffset = JTSite.first; 1789 const uint64_t JTAddress = JTSite.second; 1790 const JumpTable *JT = getJumpTableContainingAddress(JTAddress); 1791 assert(JT && "cannot find jump table for address"); 1792 1793 uint64_t EntryOffset = JTAddress - JT->getAddress(); 1794 while (EntryOffset < JT->getSize()) { 1795 uint64_t EntryAddress = JT->EntriesAsAddress[EntryOffset / JT->EntrySize]; 1796 uint64_t TargetOffset = EntryAddress - getAddress(); 1797 if (TargetOffset < getSize()) { 1798 TakenBranches.emplace_back(JTSiteOffset, TargetOffset); 1799 1800 if (opts::StrictMode) 1801 registerReferencedOffset(TargetOffset); 1802 } 1803 1804 EntryOffset += JT->EntrySize; 1805 1806 // A label at the next entry means the end of this jump table. 1807 if (JT->Labels.count(EntryOffset)) 1808 break; 1809 } 1810 } 1811 clearList(JTSites); 1812 1813 // Conservatively populate all possible destinations for unknown indirect 1814 // branches. 1815 if (opts::StrictMode && hasInternalReference()) { 1816 for (uint64_t Offset : UnknownIndirectBranchOffsets) { 1817 for (uint64_t PossibleDestination : ExternallyReferencedOffsets) { 1818 // Ignore __builtin_unreachable(). 1819 if (PossibleDestination == getSize()) 1820 continue; 1821 TakenBranches.emplace_back(Offset, PossibleDestination); 1822 } 1823 } 1824 } 1825 } 1826 1827 bool BinaryFunction::validateExternallyReferencedOffsets() { 1828 SmallPtrSet<MCSymbol *, 4> JTTargets; 1829 for (const JumpTable *JT : llvm::make_second_range(JumpTables)) 1830 JTTargets.insert(JT->Entries.begin(), JT->Entries.end()); 1831 1832 bool HasUnclaimedReference = false; 1833 for (uint64_t Destination : ExternallyReferencedOffsets) { 1834 // Ignore __builtin_unreachable(). 1835 if (Destination == getSize()) 1836 continue; 1837 // Ignore constant islands 1838 if (isInConstantIsland(Destination + getAddress())) 1839 continue; 1840 1841 if (BinaryBasicBlock *BB = getBasicBlockAtOffset(Destination)) { 1842 // Check if the externally referenced offset is a recognized jump table 1843 // target. 1844 if (JTTargets.contains(BB->getLabel())) 1845 continue; 1846 1847 if (opts::Verbosity >= 1) { 1848 BC.errs() << "BOLT-WARNING: unclaimed data to code reference (possibly " 1849 << "an unrecognized jump table entry) to " << BB->getName() 1850 << " in " << *this << "\n"; 1851 } 1852 auto L = BC.scopeLock(); 1853 addEntryPoint(*BB); 1854 } else { 1855 BC.errs() << "BOLT-WARNING: unknown data to code reference to offset " 1856 << Twine::utohexstr(Destination) << " in " << *this << "\n"; 1857 setIgnored(); 1858 } 1859 HasUnclaimedReference = true; 1860 } 1861 return !HasUnclaimedReference; 1862 } 1863 1864 bool BinaryFunction::postProcessIndirectBranches( 1865 MCPlusBuilder::AllocatorIdTy AllocId) { 1866 auto addUnknownControlFlow = [&](BinaryBasicBlock &BB) { 1867 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: adding unknown control flow in " << *this 1868 << " for " << BB.getName() << "\n"); 1869 HasUnknownControlFlow = true; 1870 BB.removeAllSuccessors(); 1871 for (uint64_t PossibleDestination : ExternallyReferencedOffsets) 1872 if (BinaryBasicBlock *SuccBB = getBasicBlockAtOffset(PossibleDestination)) 1873 BB.addSuccessor(SuccBB); 1874 }; 1875 1876 uint64_t NumIndirectJumps = 0; 1877 MCInst *LastIndirectJump = nullptr; 1878 BinaryBasicBlock *LastIndirectJumpBB = nullptr; 1879 uint64_t LastJT = 0; 1880 uint16_t LastJTIndexReg = BC.MIB->getNoRegister(); 1881 for (BinaryBasicBlock &BB : blocks()) { 1882 for (BinaryBasicBlock::iterator II = BB.begin(); II != BB.end(); ++II) { 1883 MCInst &Instr = *II; 1884 if (!BC.MIB->isIndirectBranch(Instr)) 1885 continue; 1886 1887 // If there's an indirect branch in a single-block function - 1888 // it must be a tail call. 1889 if (BasicBlocks.size() == 1) { 1890 BC.MIB->convertJmpToTailCall(Instr); 1891 return true; 1892 } 1893 1894 ++NumIndirectJumps; 1895 1896 if (opts::StrictMode && !hasInternalReference()) { 1897 BC.MIB->convertJmpToTailCall(Instr); 1898 break; 1899 } 1900 1901 // Validate the tail call or jump table assumptions now that we know 1902 // basic block boundaries. 1903 if (BC.MIB->isTailCall(Instr) || BC.MIB->getJumpTable(Instr)) { 1904 const unsigned PtrSize = BC.AsmInfo->getCodePointerSize(); 1905 MCInst *MemLocInstr; 1906 unsigned BaseRegNum, IndexRegNum; 1907 int64_t DispValue; 1908 const MCExpr *DispExpr; 1909 MCInst *PCRelBaseInstr; 1910 MCInst *FixedEntryLoadInstr; 1911 IndirectBranchType Type = BC.MIB->analyzeIndirectBranch( 1912 Instr, BB.begin(), II, PtrSize, MemLocInstr, BaseRegNum, 1913 IndexRegNum, DispValue, DispExpr, PCRelBaseInstr, 1914 FixedEntryLoadInstr); 1915 if (Type != IndirectBranchType::UNKNOWN || MemLocInstr != nullptr) 1916 continue; 1917 1918 if (!opts::StrictMode) 1919 return false; 1920 1921 if (BC.MIB->isTailCall(Instr)) { 1922 BC.MIB->convertTailCallToJmp(Instr); 1923 } else { 1924 LastIndirectJump = &Instr; 1925 LastIndirectJumpBB = &BB; 1926 LastJT = BC.MIB->getJumpTable(Instr); 1927 LastJTIndexReg = BC.MIB->getJumpTableIndexReg(Instr); 1928 BC.MIB->unsetJumpTable(Instr); 1929 1930 JumpTable *JT = BC.getJumpTableContainingAddress(LastJT); 1931 if (JT->Type == JumpTable::JTT_NORMAL) { 1932 // Invalidating the jump table may also invalidate other jump table 1933 // boundaries. Until we have/need a support for this, mark the 1934 // function as non-simple. 1935 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: rejected jump table reference" 1936 << JT->getName() << " in " << *this << '\n'); 1937 return false; 1938 } 1939 } 1940 1941 addUnknownControlFlow(BB); 1942 continue; 1943 } 1944 1945 // If this block contains an epilogue code and has an indirect branch, 1946 // then most likely it's a tail call. Otherwise, we cannot tell for sure 1947 // what it is and conservatively reject the function's CFG. 1948 bool IsEpilogue = llvm::any_of(BB, [&](const MCInst &Instr) { 1949 return BC.MIB->isLeave(Instr) || BC.MIB->isPop(Instr); 1950 }); 1951 if (IsEpilogue) { 1952 BC.MIB->convertJmpToTailCall(Instr); 1953 BB.removeAllSuccessors(); 1954 continue; 1955 } 1956 1957 if (opts::Verbosity >= 2) { 1958 BC.outs() << "BOLT-INFO: rejected potential indirect tail call in " 1959 << "function " << *this << " in basic block " << BB.getName() 1960 << ".\n"; 1961 LLVM_DEBUG(BC.printInstructions(dbgs(), BB.begin(), BB.end(), 1962 BB.getOffset(), this, true)); 1963 } 1964 1965 if (!opts::StrictMode) 1966 return false; 1967 1968 addUnknownControlFlow(BB); 1969 } 1970 } 1971 1972 if (HasInternalLabelReference) 1973 return false; 1974 1975 // If there's only one jump table, and one indirect jump, and no other 1976 // references, then we should be able to derive the jump table even if we 1977 // fail to match the pattern. 1978 if (HasUnknownControlFlow && NumIndirectJumps == 1 && 1979 JumpTables.size() == 1 && LastIndirectJump && 1980 !BC.getJumpTableContainingAddress(LastJT)->IsSplit) { 1981 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: unsetting unknown control flow in " 1982 << *this << '\n'); 1983 BC.MIB->setJumpTable(*LastIndirectJump, LastJT, LastJTIndexReg, AllocId); 1984 HasUnknownControlFlow = false; 1985 1986 LastIndirectJumpBB->updateJumpTableSuccessors(); 1987 } 1988 1989 // Validate that all data references to function offsets are claimed by 1990 // recognized jump tables. Register externally referenced blocks as entry 1991 // points. 1992 if (!opts::StrictMode && hasInternalReference()) { 1993 if (!validateExternallyReferencedOffsets()) 1994 return false; 1995 } 1996 1997 if (HasUnknownControlFlow && !BC.HasRelocations) 1998 return false; 1999 2000 return true; 2001 } 2002 2003 void BinaryFunction::recomputeLandingPads() { 2004 updateBBIndices(0); 2005 2006 for (BinaryBasicBlock *BB : BasicBlocks) { 2007 BB->LandingPads.clear(); 2008 BB->Throwers.clear(); 2009 } 2010 2011 for (BinaryBasicBlock *BB : BasicBlocks) { 2012 std::unordered_set<const BinaryBasicBlock *> BBLandingPads; 2013 for (MCInst &Instr : *BB) { 2014 if (!BC.MIB->isInvoke(Instr)) 2015 continue; 2016 2017 const std::optional<MCPlus::MCLandingPad> EHInfo = 2018 BC.MIB->getEHInfo(Instr); 2019 if (!EHInfo || !EHInfo->first) 2020 continue; 2021 2022 BinaryBasicBlock *LPBlock = getBasicBlockForLabel(EHInfo->first); 2023 if (!BBLandingPads.count(LPBlock)) { 2024 BBLandingPads.insert(LPBlock); 2025 BB->LandingPads.emplace_back(LPBlock); 2026 LPBlock->Throwers.emplace_back(BB); 2027 } 2028 } 2029 } 2030 } 2031 2032 Error BinaryFunction::buildCFG(MCPlusBuilder::AllocatorIdTy AllocatorId) { 2033 auto &MIB = BC.MIB; 2034 2035 if (!isSimple()) { 2036 assert(!BC.HasRelocations && 2037 "cannot process file with non-simple function in relocs mode"); 2038 return createNonFatalBOLTError(""); 2039 } 2040 2041 if (CurrentState != State::Disassembled) 2042 return createNonFatalBOLTError(""); 2043 2044 assert(BasicBlocks.empty() && "basic block list should be empty"); 2045 assert((Labels.find(getFirstInstructionOffset()) != Labels.end()) && 2046 "first instruction should always have a label"); 2047 2048 // Create basic blocks in the original layout order: 2049 // 2050 // * Every instruction with associated label marks 2051 // the beginning of a basic block. 2052 // * Conditional instruction marks the end of a basic block, 2053 // except when the following instruction is an 2054 // unconditional branch, and the unconditional branch is not 2055 // a destination of another branch. In the latter case, the 2056 // basic block will consist of a single unconditional branch 2057 // (missed "double-jump" optimization). 2058 // 2059 // Created basic blocks are sorted in layout order since they are 2060 // created in the same order as instructions, and instructions are 2061 // sorted by offsets. 2062 BinaryBasicBlock *InsertBB = nullptr; 2063 BinaryBasicBlock *PrevBB = nullptr; 2064 bool IsLastInstrNop = false; 2065 // Offset of the last non-nop instruction. 2066 uint64_t LastInstrOffset = 0; 2067 2068 auto addCFIPlaceholders = [this](uint64_t CFIOffset, 2069 BinaryBasicBlock *InsertBB) { 2070 for (auto FI = OffsetToCFI.lower_bound(CFIOffset), 2071 FE = OffsetToCFI.upper_bound(CFIOffset); 2072 FI != FE; ++FI) { 2073 addCFIPseudo(InsertBB, InsertBB->end(), FI->second); 2074 } 2075 }; 2076 2077 // For profiling purposes we need to save the offset of the last instruction 2078 // in the basic block. 2079 // NOTE: nops always have an Offset annotation. Annotate the last non-nop as 2080 // older profiles ignored nops. 2081 auto updateOffset = [&](uint64_t Offset) { 2082 assert(PrevBB && PrevBB != InsertBB && "invalid previous block"); 2083 MCInst *LastNonNop = nullptr; 2084 for (BinaryBasicBlock::reverse_iterator RII = PrevBB->getLastNonPseudo(), 2085 E = PrevBB->rend(); 2086 RII != E; ++RII) { 2087 if (!BC.MIB->isPseudo(*RII) && !BC.MIB->isNoop(*RII)) { 2088 LastNonNop = &*RII; 2089 break; 2090 } 2091 } 2092 if (LastNonNop && !MIB->getOffset(*LastNonNop)) 2093 MIB->setOffset(*LastNonNop, static_cast<uint32_t>(Offset)); 2094 }; 2095 2096 for (auto I = Instructions.begin(), E = Instructions.end(); I != E; ++I) { 2097 const uint32_t Offset = I->first; 2098 MCInst &Instr = I->second; 2099 2100 auto LI = Labels.find(Offset); 2101 if (LI != Labels.end()) { 2102 // Always create new BB at branch destination. 2103 PrevBB = InsertBB ? InsertBB : PrevBB; 2104 InsertBB = addBasicBlockAt(LI->first, LI->second); 2105 if (opts::PreserveBlocksAlignment && IsLastInstrNop) 2106 InsertBB->setDerivedAlignment(); 2107 2108 if (PrevBB) 2109 updateOffset(LastInstrOffset); 2110 } 2111 2112 // Mark all nops with Offset for profile tracking purposes. 2113 if (MIB->isNoop(Instr) && !MIB->getOffset(Instr)) { 2114 // If "Offset" annotation is not present, set it and mark the nop for 2115 // deletion. 2116 MIB->setOffset(Instr, static_cast<uint32_t>(Offset)); 2117 // Annotate ordinary nops, so we can safely delete them if required. 2118 MIB->addAnnotation(Instr, "NOP", static_cast<uint32_t>(1), AllocatorId); 2119 } 2120 2121 if (!InsertBB) { 2122 // It must be a fallthrough or unreachable code. Create a new block unless 2123 // we see an unconditional branch following a conditional one. The latter 2124 // should not be a conditional tail call. 2125 assert(PrevBB && "no previous basic block for a fall through"); 2126 MCInst *PrevInstr = PrevBB->getLastNonPseudoInstr(); 2127 assert(PrevInstr && "no previous instruction for a fall through"); 2128 if (MIB->isUnconditionalBranch(Instr) && 2129 !MIB->isIndirectBranch(*PrevInstr) && 2130 !MIB->isUnconditionalBranch(*PrevInstr) && 2131 !MIB->getConditionalTailCall(*PrevInstr) && 2132 !MIB->isReturn(*PrevInstr)) { 2133 // Temporarily restore inserter basic block. 2134 InsertBB = PrevBB; 2135 } else { 2136 MCSymbol *Label; 2137 { 2138 auto L = BC.scopeLock(); 2139 Label = BC.Ctx->createNamedTempSymbol("FT"); 2140 } 2141 InsertBB = addBasicBlockAt(Offset, Label); 2142 if (opts::PreserveBlocksAlignment && IsLastInstrNop) 2143 InsertBB->setDerivedAlignment(); 2144 updateOffset(LastInstrOffset); 2145 } 2146 } 2147 if (Offset == getFirstInstructionOffset()) { 2148 // Add associated CFI pseudos in the first offset 2149 addCFIPlaceholders(Offset, InsertBB); 2150 } 2151 2152 const bool IsBlockEnd = MIB->isTerminator(Instr); 2153 IsLastInstrNop = MIB->isNoop(Instr); 2154 if (!IsLastInstrNop) 2155 LastInstrOffset = Offset; 2156 InsertBB->addInstruction(std::move(Instr)); 2157 2158 // Add associated CFI instrs. We always add the CFI instruction that is 2159 // located immediately after this instruction, since the next CFI 2160 // instruction reflects the change in state caused by this instruction. 2161 auto NextInstr = std::next(I); 2162 uint64_t CFIOffset; 2163 if (NextInstr != E) 2164 CFIOffset = NextInstr->first; 2165 else 2166 CFIOffset = getSize(); 2167 2168 // Note: this potentially invalidates instruction pointers/iterators. 2169 addCFIPlaceholders(CFIOffset, InsertBB); 2170 2171 if (IsBlockEnd) { 2172 PrevBB = InsertBB; 2173 InsertBB = nullptr; 2174 } 2175 } 2176 2177 if (BasicBlocks.empty()) { 2178 setSimple(false); 2179 return createNonFatalBOLTError(""); 2180 } 2181 2182 // Intermediate dump. 2183 LLVM_DEBUG(print(dbgs(), "after creating basic blocks")); 2184 2185 // TODO: handle properly calls to no-return functions, 2186 // e.g. exit(3), etc. Otherwise we'll see a false fall-through 2187 // blocks. 2188 2189 // Remove duplicates branches. We can get a bunch of them from jump tables. 2190 // Without doing jump table value profiling we don't have a use for extra 2191 // (duplicate) branches. 2192 llvm::sort(TakenBranches); 2193 auto NewEnd = std::unique(TakenBranches.begin(), TakenBranches.end()); 2194 TakenBranches.erase(NewEnd, TakenBranches.end()); 2195 2196 for (std::pair<uint32_t, uint32_t> &Branch : TakenBranches) { 2197 LLVM_DEBUG(dbgs() << "registering branch [0x" 2198 << Twine::utohexstr(Branch.first) << "] -> [0x" 2199 << Twine::utohexstr(Branch.second) << "]\n"); 2200 BinaryBasicBlock *FromBB = getBasicBlockContainingOffset(Branch.first); 2201 BinaryBasicBlock *ToBB = getBasicBlockAtOffset(Branch.second); 2202 if (!FromBB || !ToBB) { 2203 if (!FromBB) 2204 BC.errs() << "BOLT-ERROR: cannot find BB containing the branch.\n"; 2205 if (!ToBB) 2206 BC.errs() 2207 << "BOLT-ERROR: cannot find BB containing branch destination.\n"; 2208 return createFatalBOLTError(BC.generateBugReportMessage( 2209 "disassembly failed - inconsistent branch found.", *this)); 2210 } 2211 2212 FromBB->addSuccessor(ToBB); 2213 } 2214 2215 // Add fall-through branches. 2216 PrevBB = nullptr; 2217 bool IsPrevFT = false; // Is previous block a fall-through. 2218 for (BinaryBasicBlock *BB : BasicBlocks) { 2219 if (IsPrevFT) 2220 PrevBB->addSuccessor(BB); 2221 2222 if (BB->empty()) { 2223 IsPrevFT = true; 2224 PrevBB = BB; 2225 continue; 2226 } 2227 2228 MCInst *LastInstr = BB->getLastNonPseudoInstr(); 2229 assert(LastInstr && 2230 "should have non-pseudo instruction in non-empty block"); 2231 2232 if (BB->succ_size() == 0) { 2233 // Since there's no existing successors, we know the last instruction is 2234 // not a conditional branch. Thus if it's a terminator, it shouldn't be a 2235 // fall-through. 2236 // 2237 // Conditional tail call is a special case since we don't add a taken 2238 // branch successor for it. 2239 IsPrevFT = !MIB->isTerminator(*LastInstr) || 2240 MIB->getConditionalTailCall(*LastInstr); 2241 } else if (BB->succ_size() == 1) { 2242 IsPrevFT = MIB->isConditionalBranch(*LastInstr); 2243 } else { 2244 IsPrevFT = false; 2245 } 2246 2247 PrevBB = BB; 2248 } 2249 2250 // Assign landing pads and throwers info. 2251 recomputeLandingPads(); 2252 2253 // Assign CFI information to each BB entry. 2254 annotateCFIState(); 2255 2256 // Annotate invoke instructions with GNU_args_size data. 2257 propagateGnuArgsSizeInfo(AllocatorId); 2258 2259 // Set the basic block layout to the original order and set end offsets. 2260 PrevBB = nullptr; 2261 for (BinaryBasicBlock *BB : BasicBlocks) { 2262 Layout.addBasicBlock(BB); 2263 if (PrevBB) 2264 PrevBB->setEndOffset(BB->getOffset()); 2265 PrevBB = BB; 2266 } 2267 PrevBB->setEndOffset(getSize()); 2268 2269 Layout.updateLayoutIndices(); 2270 2271 normalizeCFIState(); 2272 2273 // Clean-up memory taken by intermediate structures. 2274 // 2275 // NB: don't clear Labels list as we may need them if we mark the function 2276 // as non-simple later in the process of discovering extra entry points. 2277 clearList(Instructions); 2278 clearList(OffsetToCFI); 2279 clearList(TakenBranches); 2280 2281 // Update the state. 2282 CurrentState = State::CFG; 2283 2284 // Make any necessary adjustments for indirect branches. 2285 if (!postProcessIndirectBranches(AllocatorId)) { 2286 if (opts::Verbosity) { 2287 BC.errs() << "BOLT-WARNING: failed to post-process indirect branches for " 2288 << *this << '\n'; 2289 } 2290 // In relocation mode we want to keep processing the function but avoid 2291 // optimizing it. 2292 setSimple(false); 2293 } 2294 2295 clearList(ExternallyReferencedOffsets); 2296 clearList(UnknownIndirectBranchOffsets); 2297 2298 return Error::success(); 2299 } 2300 2301 void BinaryFunction::postProcessCFG() { 2302 if (isSimple() && !BasicBlocks.empty()) { 2303 // Convert conditional tail call branches to conditional branches that jump 2304 // to a tail call. 2305 removeConditionalTailCalls(); 2306 2307 postProcessProfile(); 2308 2309 // Eliminate inconsistencies between branch instructions and CFG. 2310 postProcessBranches(); 2311 } 2312 2313 // The final cleanup of intermediate structures. 2314 clearList(IgnoredBranches); 2315 2316 // Remove "Offset" annotations, unless we need an address-translation table 2317 // later. This has no cost, since annotations are allocated by a bumpptr 2318 // allocator and won't be released anyway until late in the pipeline. 2319 if (!requiresAddressTranslation() && !opts::Instrument) { 2320 for (BinaryBasicBlock &BB : blocks()) 2321 for (MCInst &Inst : BB) 2322 BC.MIB->clearOffset(Inst); 2323 } 2324 2325 assert((!isSimple() || validateCFG()) && 2326 "invalid CFG detected after post-processing"); 2327 } 2328 2329 void BinaryFunction::removeTagsFromProfile() { 2330 for (BinaryBasicBlock *BB : BasicBlocks) { 2331 if (BB->ExecutionCount == BinaryBasicBlock::COUNT_NO_PROFILE) 2332 BB->ExecutionCount = 0; 2333 for (BinaryBasicBlock::BinaryBranchInfo &BI : BB->branch_info()) { 2334 if (BI.Count != BinaryBasicBlock::COUNT_NO_PROFILE && 2335 BI.MispredictedCount != BinaryBasicBlock::COUNT_NO_PROFILE) 2336 continue; 2337 BI.Count = 0; 2338 BI.MispredictedCount = 0; 2339 } 2340 } 2341 } 2342 2343 void BinaryFunction::removeConditionalTailCalls() { 2344 // Blocks to be appended at the end. 2345 std::vector<std::unique_ptr<BinaryBasicBlock>> NewBlocks; 2346 2347 for (auto BBI = begin(); BBI != end(); ++BBI) { 2348 BinaryBasicBlock &BB = *BBI; 2349 MCInst *CTCInstr = BB.getLastNonPseudoInstr(); 2350 if (!CTCInstr) 2351 continue; 2352 2353 std::optional<uint64_t> TargetAddressOrNone = 2354 BC.MIB->getConditionalTailCall(*CTCInstr); 2355 if (!TargetAddressOrNone) 2356 continue; 2357 2358 // Gather all necessary information about CTC instruction before 2359 // annotations are destroyed. 2360 const int32_t CFIStateBeforeCTC = BB.getCFIStateAtInstr(CTCInstr); 2361 uint64_t CTCTakenCount = BinaryBasicBlock::COUNT_NO_PROFILE; 2362 uint64_t CTCMispredCount = BinaryBasicBlock::COUNT_NO_PROFILE; 2363 if (hasValidProfile()) { 2364 CTCTakenCount = BC.MIB->getAnnotationWithDefault<uint64_t>( 2365 *CTCInstr, "CTCTakenCount"); 2366 CTCMispredCount = BC.MIB->getAnnotationWithDefault<uint64_t>( 2367 *CTCInstr, "CTCMispredCount"); 2368 } 2369 2370 // Assert that the tail call does not throw. 2371 assert(!BC.MIB->getEHInfo(*CTCInstr) && 2372 "found tail call with associated landing pad"); 2373 2374 // Create a basic block with an unconditional tail call instruction using 2375 // the same destination. 2376 const MCSymbol *CTCTargetLabel = BC.MIB->getTargetSymbol(*CTCInstr); 2377 assert(CTCTargetLabel && "symbol expected for conditional tail call"); 2378 MCInst TailCallInstr; 2379 BC.MIB->createTailCall(TailCallInstr, CTCTargetLabel, BC.Ctx.get()); 2380 2381 // Move offset from CTCInstr to TailCallInstr. 2382 if (const std::optional<uint32_t> Offset = BC.MIB->getOffset(*CTCInstr)) { 2383 BC.MIB->setOffset(TailCallInstr, *Offset); 2384 BC.MIB->clearOffset(*CTCInstr); 2385 } 2386 2387 // Link new BBs to the original input offset of the BB where the CTC 2388 // is, so we can map samples recorded in new BBs back to the original BB 2389 // seem in the input binary (if using BAT) 2390 std::unique_ptr<BinaryBasicBlock> TailCallBB = 2391 createBasicBlock(BC.Ctx->createNamedTempSymbol("TC")); 2392 TailCallBB->setOffset(BB.getInputOffset()); 2393 TailCallBB->addInstruction(TailCallInstr); 2394 TailCallBB->setCFIState(CFIStateBeforeCTC); 2395 2396 // Add CFG edge with profile info from BB to TailCallBB. 2397 BB.addSuccessor(TailCallBB.get(), CTCTakenCount, CTCMispredCount); 2398 2399 // Add execution count for the block. 2400 TailCallBB->setExecutionCount(CTCTakenCount); 2401 2402 BC.MIB->convertTailCallToJmp(*CTCInstr); 2403 2404 BC.MIB->replaceBranchTarget(*CTCInstr, TailCallBB->getLabel(), 2405 BC.Ctx.get()); 2406 2407 // Add basic block to the list that will be added to the end. 2408 NewBlocks.emplace_back(std::move(TailCallBB)); 2409 2410 // Swap edges as the TailCallBB corresponds to the taken branch. 2411 BB.swapConditionalSuccessors(); 2412 2413 // This branch is no longer a conditional tail call. 2414 BC.MIB->unsetConditionalTailCall(*CTCInstr); 2415 } 2416 2417 insertBasicBlocks(std::prev(end()), std::move(NewBlocks), 2418 /* UpdateLayout */ true, 2419 /* UpdateCFIState */ false); 2420 } 2421 2422 uint64_t BinaryFunction::getFunctionScore() const { 2423 if (FunctionScore != -1) 2424 return FunctionScore; 2425 2426 if (!isSimple() || !hasValidProfile()) { 2427 FunctionScore = 0; 2428 return FunctionScore; 2429 } 2430 2431 uint64_t TotalScore = 0ULL; 2432 for (const BinaryBasicBlock &BB : blocks()) { 2433 uint64_t BBExecCount = BB.getExecutionCount(); 2434 if (BBExecCount == BinaryBasicBlock::COUNT_NO_PROFILE) 2435 continue; 2436 TotalScore += BBExecCount * BB.getNumNonPseudos(); 2437 } 2438 FunctionScore = TotalScore; 2439 return FunctionScore; 2440 } 2441 2442 void BinaryFunction::annotateCFIState() { 2443 assert(CurrentState == State::Disassembled && "unexpected function state"); 2444 assert(!BasicBlocks.empty() && "basic block list should not be empty"); 2445 2446 // This is an index of the last processed CFI in FDE CFI program. 2447 uint32_t State = 0; 2448 2449 // This is an index of RememberState CFI reflecting effective state right 2450 // after execution of RestoreState CFI. 2451 // 2452 // It differs from State iff the CFI at (State-1) 2453 // was RestoreState (modulo GNU_args_size CFIs, which are ignored). 2454 // 2455 // This allows us to generate shorter replay sequences when producing new 2456 // CFI programs. 2457 uint32_t EffectiveState = 0; 2458 2459 // For tracking RememberState/RestoreState sequences. 2460 std::stack<uint32_t> StateStack; 2461 2462 for (BinaryBasicBlock *BB : BasicBlocks) { 2463 BB->setCFIState(EffectiveState); 2464 2465 for (const MCInst &Instr : *BB) { 2466 const MCCFIInstruction *CFI = getCFIFor(Instr); 2467 if (!CFI) 2468 continue; 2469 2470 ++State; 2471 2472 switch (CFI->getOperation()) { 2473 case MCCFIInstruction::OpRememberState: 2474 StateStack.push(EffectiveState); 2475 EffectiveState = State; 2476 break; 2477 case MCCFIInstruction::OpRestoreState: 2478 assert(!StateStack.empty() && "corrupt CFI stack"); 2479 EffectiveState = StateStack.top(); 2480 StateStack.pop(); 2481 break; 2482 case MCCFIInstruction::OpGnuArgsSize: 2483 // OpGnuArgsSize CFIs do not affect the CFI state. 2484 break; 2485 default: 2486 // Any other CFI updates the state. 2487 EffectiveState = State; 2488 break; 2489 } 2490 } 2491 } 2492 2493 if (opts::Verbosity >= 1 && !StateStack.empty()) { 2494 BC.errs() << "BOLT-WARNING: non-empty CFI stack at the end of " << *this 2495 << '\n'; 2496 } 2497 } 2498 2499 namespace { 2500 2501 /// Our full interpretation of a DWARF CFI machine state at a given point 2502 struct CFISnapshot { 2503 /// CFA register number and offset defining the canonical frame at this 2504 /// point, or the number of a rule (CFI state) that computes it with a 2505 /// DWARF expression. This number will be negative if it refers to a CFI 2506 /// located in the CIE instead of the FDE. 2507 uint32_t CFAReg; 2508 int32_t CFAOffset; 2509 int32_t CFARule; 2510 /// Mapping of rules (CFI states) that define the location of each 2511 /// register. If absent, no rule defining the location of such register 2512 /// was ever read. This number will be negative if it refers to a CFI 2513 /// located in the CIE instead of the FDE. 2514 DenseMap<int32_t, int32_t> RegRule; 2515 2516 /// References to CIE, FDE and expanded instructions after a restore state 2517 const BinaryFunction::CFIInstrMapType &CIE; 2518 const BinaryFunction::CFIInstrMapType &FDE; 2519 const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents; 2520 2521 /// Current FDE CFI number representing the state where the snapshot is at 2522 int32_t CurState; 2523 2524 /// Used when we don't have information about which state/rule to apply 2525 /// to recover the location of either the CFA or a specific register 2526 constexpr static int32_t UNKNOWN = std::numeric_limits<int32_t>::min(); 2527 2528 private: 2529 /// Update our snapshot by executing a single CFI 2530 void update(const MCCFIInstruction &Instr, int32_t RuleNumber) { 2531 switch (Instr.getOperation()) { 2532 case MCCFIInstruction::OpSameValue: 2533 case MCCFIInstruction::OpRelOffset: 2534 case MCCFIInstruction::OpOffset: 2535 case MCCFIInstruction::OpRestore: 2536 case MCCFIInstruction::OpUndefined: 2537 case MCCFIInstruction::OpRegister: 2538 RegRule[Instr.getRegister()] = RuleNumber; 2539 break; 2540 case MCCFIInstruction::OpDefCfaRegister: 2541 CFAReg = Instr.getRegister(); 2542 CFARule = UNKNOWN; 2543 2544 // This shouldn't happen according to the spec but GNU binutils on RISC-V 2545 // emits a DW_CFA_def_cfa_register in CIE's which leaves the offset 2546 // unspecified. Both readelf and llvm-dwarfdump interpret the offset as 0 2547 // in this case so let's do the same. 2548 if (CFAOffset == UNKNOWN) 2549 CFAOffset = 0; 2550 break; 2551 case MCCFIInstruction::OpDefCfaOffset: 2552 CFAOffset = Instr.getOffset(); 2553 CFARule = UNKNOWN; 2554 break; 2555 case MCCFIInstruction::OpDefCfa: 2556 CFAReg = Instr.getRegister(); 2557 CFAOffset = Instr.getOffset(); 2558 CFARule = UNKNOWN; 2559 break; 2560 case MCCFIInstruction::OpEscape: { 2561 std::optional<uint8_t> Reg = 2562 readDWARFExpressionTargetReg(Instr.getValues()); 2563 // Handle DW_CFA_def_cfa_expression 2564 if (!Reg) { 2565 CFARule = RuleNumber; 2566 break; 2567 } 2568 RegRule[*Reg] = RuleNumber; 2569 break; 2570 } 2571 case MCCFIInstruction::OpAdjustCfaOffset: 2572 case MCCFIInstruction::OpWindowSave: 2573 case MCCFIInstruction::OpNegateRAState: 2574 case MCCFIInstruction::OpLLVMDefAspaceCfa: 2575 case MCCFIInstruction::OpLabel: 2576 llvm_unreachable("unsupported CFI opcode"); 2577 break; 2578 case MCCFIInstruction::OpRememberState: 2579 case MCCFIInstruction::OpRestoreState: 2580 case MCCFIInstruction::OpGnuArgsSize: 2581 // do not affect CFI state 2582 break; 2583 } 2584 } 2585 2586 public: 2587 /// Advance state reading FDE CFI instructions up to State number 2588 void advanceTo(int32_t State) { 2589 for (int32_t I = CurState, E = State; I != E; ++I) { 2590 const MCCFIInstruction &Instr = FDE[I]; 2591 if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) { 2592 update(Instr, I); 2593 continue; 2594 } 2595 // If restore state instruction, fetch the equivalent CFIs that have 2596 // the same effect of this restore. This is used to ensure remember- 2597 // restore pairs are completely removed. 2598 auto Iter = FrameRestoreEquivalents.find(I); 2599 if (Iter == FrameRestoreEquivalents.end()) 2600 continue; 2601 for (int32_t RuleNumber : Iter->second) 2602 update(FDE[RuleNumber], RuleNumber); 2603 } 2604 2605 assert(((CFAReg != (uint32_t)UNKNOWN && CFAOffset != UNKNOWN) || 2606 CFARule != UNKNOWN) && 2607 "CIE did not define default CFA?"); 2608 2609 CurState = State; 2610 } 2611 2612 /// Interpret all CIE and FDE instructions up until CFI State number and 2613 /// populate this snapshot 2614 CFISnapshot( 2615 const BinaryFunction::CFIInstrMapType &CIE, 2616 const BinaryFunction::CFIInstrMapType &FDE, 2617 const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents, 2618 int32_t State) 2619 : CIE(CIE), FDE(FDE), FrameRestoreEquivalents(FrameRestoreEquivalents) { 2620 CFAReg = UNKNOWN; 2621 CFAOffset = UNKNOWN; 2622 CFARule = UNKNOWN; 2623 CurState = 0; 2624 2625 for (int32_t I = 0, E = CIE.size(); I != E; ++I) { 2626 const MCCFIInstruction &Instr = CIE[I]; 2627 update(Instr, -I); 2628 } 2629 2630 advanceTo(State); 2631 } 2632 }; 2633 2634 /// A CFI snapshot with the capability of checking if incremental additions to 2635 /// it are redundant. This is used to ensure we do not emit two CFI instructions 2636 /// back-to-back that are doing the same state change, or to avoid emitting a 2637 /// CFI at all when the state at that point would not be modified after that CFI 2638 struct CFISnapshotDiff : public CFISnapshot { 2639 bool RestoredCFAReg{false}; 2640 bool RestoredCFAOffset{false}; 2641 DenseMap<int32_t, bool> RestoredRegs; 2642 2643 CFISnapshotDiff(const CFISnapshot &S) : CFISnapshot(S) {} 2644 2645 CFISnapshotDiff( 2646 const BinaryFunction::CFIInstrMapType &CIE, 2647 const BinaryFunction::CFIInstrMapType &FDE, 2648 const DenseMap<int32_t, SmallVector<int32_t, 4>> &FrameRestoreEquivalents, 2649 int32_t State) 2650 : CFISnapshot(CIE, FDE, FrameRestoreEquivalents, State) {} 2651 2652 /// Return true if applying Instr to this state is redundant and can be 2653 /// dismissed. 2654 bool isRedundant(const MCCFIInstruction &Instr) { 2655 switch (Instr.getOperation()) { 2656 case MCCFIInstruction::OpSameValue: 2657 case MCCFIInstruction::OpRelOffset: 2658 case MCCFIInstruction::OpOffset: 2659 case MCCFIInstruction::OpRestore: 2660 case MCCFIInstruction::OpUndefined: 2661 case MCCFIInstruction::OpRegister: 2662 case MCCFIInstruction::OpEscape: { 2663 uint32_t Reg; 2664 if (Instr.getOperation() != MCCFIInstruction::OpEscape) { 2665 Reg = Instr.getRegister(); 2666 } else { 2667 std::optional<uint8_t> R = 2668 readDWARFExpressionTargetReg(Instr.getValues()); 2669 // Handle DW_CFA_def_cfa_expression 2670 if (!R) { 2671 if (RestoredCFAReg && RestoredCFAOffset) 2672 return true; 2673 RestoredCFAReg = true; 2674 RestoredCFAOffset = true; 2675 return false; 2676 } 2677 Reg = *R; 2678 } 2679 if (RestoredRegs[Reg]) 2680 return true; 2681 RestoredRegs[Reg] = true; 2682 const int32_t CurRegRule = RegRule.contains(Reg) ? RegRule[Reg] : UNKNOWN; 2683 if (CurRegRule == UNKNOWN) { 2684 if (Instr.getOperation() == MCCFIInstruction::OpRestore || 2685 Instr.getOperation() == MCCFIInstruction::OpSameValue) 2686 return true; 2687 return false; 2688 } 2689 const MCCFIInstruction &LastDef = 2690 CurRegRule < 0 ? CIE[-CurRegRule] : FDE[CurRegRule]; 2691 return LastDef == Instr; 2692 } 2693 case MCCFIInstruction::OpDefCfaRegister: 2694 if (RestoredCFAReg) 2695 return true; 2696 RestoredCFAReg = true; 2697 return CFAReg == Instr.getRegister(); 2698 case MCCFIInstruction::OpDefCfaOffset: 2699 if (RestoredCFAOffset) 2700 return true; 2701 RestoredCFAOffset = true; 2702 return CFAOffset == Instr.getOffset(); 2703 case MCCFIInstruction::OpDefCfa: 2704 if (RestoredCFAReg && RestoredCFAOffset) 2705 return true; 2706 RestoredCFAReg = true; 2707 RestoredCFAOffset = true; 2708 return CFAReg == Instr.getRegister() && CFAOffset == Instr.getOffset(); 2709 case MCCFIInstruction::OpAdjustCfaOffset: 2710 case MCCFIInstruction::OpWindowSave: 2711 case MCCFIInstruction::OpNegateRAState: 2712 case MCCFIInstruction::OpLLVMDefAspaceCfa: 2713 case MCCFIInstruction::OpLabel: 2714 llvm_unreachable("unsupported CFI opcode"); 2715 return false; 2716 case MCCFIInstruction::OpRememberState: 2717 case MCCFIInstruction::OpRestoreState: 2718 case MCCFIInstruction::OpGnuArgsSize: 2719 // do not affect CFI state 2720 return true; 2721 } 2722 return false; 2723 } 2724 }; 2725 2726 } // end anonymous namespace 2727 2728 bool BinaryFunction::replayCFIInstrs(int32_t FromState, int32_t ToState, 2729 BinaryBasicBlock *InBB, 2730 BinaryBasicBlock::iterator InsertIt) { 2731 if (FromState == ToState) 2732 return true; 2733 assert(FromState < ToState && "can only replay CFIs forward"); 2734 2735 CFISnapshotDiff CFIDiff(CIEFrameInstructions, FrameInstructions, 2736 FrameRestoreEquivalents, FromState); 2737 2738 std::vector<uint32_t> NewCFIs; 2739 for (int32_t CurState = FromState; CurState < ToState; ++CurState) { 2740 MCCFIInstruction *Instr = &FrameInstructions[CurState]; 2741 if (Instr->getOperation() == MCCFIInstruction::OpRestoreState) { 2742 auto Iter = FrameRestoreEquivalents.find(CurState); 2743 assert(Iter != FrameRestoreEquivalents.end()); 2744 NewCFIs.insert(NewCFIs.end(), Iter->second.begin(), Iter->second.end()); 2745 // RestoreState / Remember will be filtered out later by CFISnapshotDiff, 2746 // so we might as well fall-through here. 2747 } 2748 NewCFIs.push_back(CurState); 2749 } 2750 2751 // Replay instructions while avoiding duplicates 2752 for (int32_t State : llvm::reverse(NewCFIs)) { 2753 if (CFIDiff.isRedundant(FrameInstructions[State])) 2754 continue; 2755 InsertIt = addCFIPseudo(InBB, InsertIt, State); 2756 } 2757 2758 return true; 2759 } 2760 2761 SmallVector<int32_t, 4> 2762 BinaryFunction::unwindCFIState(int32_t FromState, int32_t ToState, 2763 BinaryBasicBlock *InBB, 2764 BinaryBasicBlock::iterator &InsertIt) { 2765 SmallVector<int32_t, 4> NewStates; 2766 2767 CFISnapshot ToCFITable(CIEFrameInstructions, FrameInstructions, 2768 FrameRestoreEquivalents, ToState); 2769 CFISnapshotDiff FromCFITable(ToCFITable); 2770 FromCFITable.advanceTo(FromState); 2771 2772 auto undoStateDefCfa = [&]() { 2773 if (ToCFITable.CFARule == CFISnapshot::UNKNOWN) { 2774 FrameInstructions.emplace_back(MCCFIInstruction::cfiDefCfa( 2775 nullptr, ToCFITable.CFAReg, ToCFITable.CFAOffset)); 2776 if (FromCFITable.isRedundant(FrameInstructions.back())) { 2777 FrameInstructions.pop_back(); 2778 return; 2779 } 2780 NewStates.push_back(FrameInstructions.size() - 1); 2781 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size() - 1); 2782 ++InsertIt; 2783 } else if (ToCFITable.CFARule < 0) { 2784 if (FromCFITable.isRedundant(CIEFrameInstructions[-ToCFITable.CFARule])) 2785 return; 2786 NewStates.push_back(FrameInstructions.size()); 2787 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size()); 2788 ++InsertIt; 2789 FrameInstructions.emplace_back(CIEFrameInstructions[-ToCFITable.CFARule]); 2790 } else if (!FromCFITable.isRedundant( 2791 FrameInstructions[ToCFITable.CFARule])) { 2792 NewStates.push_back(ToCFITable.CFARule); 2793 InsertIt = addCFIPseudo(InBB, InsertIt, ToCFITable.CFARule); 2794 ++InsertIt; 2795 } 2796 }; 2797 2798 auto undoState = [&](const MCCFIInstruction &Instr) { 2799 switch (Instr.getOperation()) { 2800 case MCCFIInstruction::OpRememberState: 2801 case MCCFIInstruction::OpRestoreState: 2802 break; 2803 case MCCFIInstruction::OpSameValue: 2804 case MCCFIInstruction::OpRelOffset: 2805 case MCCFIInstruction::OpOffset: 2806 case MCCFIInstruction::OpRestore: 2807 case MCCFIInstruction::OpUndefined: 2808 case MCCFIInstruction::OpEscape: 2809 case MCCFIInstruction::OpRegister: { 2810 uint32_t Reg; 2811 if (Instr.getOperation() != MCCFIInstruction::OpEscape) { 2812 Reg = Instr.getRegister(); 2813 } else { 2814 std::optional<uint8_t> R = 2815 readDWARFExpressionTargetReg(Instr.getValues()); 2816 // Handle DW_CFA_def_cfa_expression 2817 if (!R) { 2818 undoStateDefCfa(); 2819 return; 2820 } 2821 Reg = *R; 2822 } 2823 2824 if (!ToCFITable.RegRule.contains(Reg)) { 2825 FrameInstructions.emplace_back( 2826 MCCFIInstruction::createRestore(nullptr, Reg)); 2827 if (FromCFITable.isRedundant(FrameInstructions.back())) { 2828 FrameInstructions.pop_back(); 2829 break; 2830 } 2831 NewStates.push_back(FrameInstructions.size() - 1); 2832 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size() - 1); 2833 ++InsertIt; 2834 break; 2835 } 2836 const int32_t Rule = ToCFITable.RegRule[Reg]; 2837 if (Rule < 0) { 2838 if (FromCFITable.isRedundant(CIEFrameInstructions[-Rule])) 2839 break; 2840 NewStates.push_back(FrameInstructions.size()); 2841 InsertIt = addCFIPseudo(InBB, InsertIt, FrameInstructions.size()); 2842 ++InsertIt; 2843 FrameInstructions.emplace_back(CIEFrameInstructions[-Rule]); 2844 break; 2845 } 2846 if (FromCFITable.isRedundant(FrameInstructions[Rule])) 2847 break; 2848 NewStates.push_back(Rule); 2849 InsertIt = addCFIPseudo(InBB, InsertIt, Rule); 2850 ++InsertIt; 2851 break; 2852 } 2853 case MCCFIInstruction::OpDefCfaRegister: 2854 case MCCFIInstruction::OpDefCfaOffset: 2855 case MCCFIInstruction::OpDefCfa: 2856 undoStateDefCfa(); 2857 break; 2858 case MCCFIInstruction::OpAdjustCfaOffset: 2859 case MCCFIInstruction::OpWindowSave: 2860 case MCCFIInstruction::OpNegateRAState: 2861 case MCCFIInstruction::OpLLVMDefAspaceCfa: 2862 case MCCFIInstruction::OpLabel: 2863 llvm_unreachable("unsupported CFI opcode"); 2864 break; 2865 case MCCFIInstruction::OpGnuArgsSize: 2866 // do not affect CFI state 2867 break; 2868 } 2869 }; 2870 2871 // Undo all modifications from ToState to FromState 2872 for (int32_t I = ToState, E = FromState; I != E; ++I) { 2873 const MCCFIInstruction &Instr = FrameInstructions[I]; 2874 if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) { 2875 undoState(Instr); 2876 continue; 2877 } 2878 auto Iter = FrameRestoreEquivalents.find(I); 2879 if (Iter == FrameRestoreEquivalents.end()) 2880 continue; 2881 for (int32_t State : Iter->second) 2882 undoState(FrameInstructions[State]); 2883 } 2884 2885 return NewStates; 2886 } 2887 2888 void BinaryFunction::normalizeCFIState() { 2889 // Reordering blocks with remember-restore state instructions can be specially 2890 // tricky. When rewriting the CFI, we omit remember-restore state instructions 2891 // entirely. For restore state, we build a map expanding each restore to the 2892 // equivalent unwindCFIState sequence required at that point to achieve the 2893 // same effect of the restore. All remember state are then just ignored. 2894 std::stack<int32_t> Stack; 2895 for (BinaryBasicBlock *CurBB : Layout.blocks()) { 2896 for (auto II = CurBB->begin(); II != CurBB->end(); ++II) { 2897 if (const MCCFIInstruction *CFI = getCFIFor(*II)) { 2898 if (CFI->getOperation() == MCCFIInstruction::OpRememberState) { 2899 Stack.push(II->getOperand(0).getImm()); 2900 continue; 2901 } 2902 if (CFI->getOperation() == MCCFIInstruction::OpRestoreState) { 2903 const int32_t RememberState = Stack.top(); 2904 const int32_t CurState = II->getOperand(0).getImm(); 2905 FrameRestoreEquivalents[CurState] = 2906 unwindCFIState(CurState, RememberState, CurBB, II); 2907 Stack.pop(); 2908 } 2909 } 2910 } 2911 } 2912 } 2913 2914 bool BinaryFunction::finalizeCFIState() { 2915 LLVM_DEBUG( 2916 dbgs() << "Trying to fix CFI states for each BB after reordering.\n"); 2917 LLVM_DEBUG(dbgs() << "This is the list of CFI states for each BB of " << *this 2918 << ": "); 2919 2920 const char *Sep = ""; 2921 (void)Sep; 2922 for (FunctionFragment &FF : Layout.fragments()) { 2923 // Hot-cold border: at start of each region (with a different FDE) we need 2924 // to reset the CFI state. 2925 int32_t State = 0; 2926 2927 for (BinaryBasicBlock *BB : FF) { 2928 const int32_t CFIStateAtExit = BB->getCFIStateAtExit(); 2929 2930 // We need to recover the correct state if it doesn't match expected 2931 // state at BB entry point. 2932 if (BB->getCFIState() < State) { 2933 // In this case, State is currently higher than what this BB expect it 2934 // to be. To solve this, we need to insert CFI instructions to undo 2935 // the effect of all CFI from BB's state to current State. 2936 auto InsertIt = BB->begin(); 2937 unwindCFIState(State, BB->getCFIState(), BB, InsertIt); 2938 } else if (BB->getCFIState() > State) { 2939 // If BB's CFI state is greater than State, it means we are behind in 2940 // the state. Just emit all instructions to reach this state at the 2941 // beginning of this BB. If this sequence of instructions involve 2942 // remember state or restore state, bail out. 2943 if (!replayCFIInstrs(State, BB->getCFIState(), BB, BB->begin())) 2944 return false; 2945 } 2946 2947 State = CFIStateAtExit; 2948 LLVM_DEBUG(dbgs() << Sep << State; Sep = ", "); 2949 } 2950 } 2951 LLVM_DEBUG(dbgs() << "\n"); 2952 2953 for (BinaryBasicBlock &BB : blocks()) { 2954 for (auto II = BB.begin(); II != BB.end();) { 2955 const MCCFIInstruction *CFI = getCFIFor(*II); 2956 if (CFI && (CFI->getOperation() == MCCFIInstruction::OpRememberState || 2957 CFI->getOperation() == MCCFIInstruction::OpRestoreState)) { 2958 II = BB.eraseInstruction(II); 2959 } else { 2960 ++II; 2961 } 2962 } 2963 } 2964 2965 return true; 2966 } 2967 2968 bool BinaryFunction::requiresAddressTranslation() const { 2969 return opts::EnableBAT || hasSDTMarker() || hasPseudoProbe(); 2970 } 2971 2972 bool BinaryFunction::requiresAddressMap() const { 2973 if (isInjected()) 2974 return false; 2975 2976 return opts::UpdateDebugSections || isMultiEntry() || 2977 requiresAddressTranslation(); 2978 } 2979 2980 uint64_t BinaryFunction::getInstructionCount() const { 2981 uint64_t Count = 0; 2982 for (const BinaryBasicBlock &BB : blocks()) 2983 Count += BB.getNumNonPseudos(); 2984 return Count; 2985 } 2986 2987 void BinaryFunction::clearDisasmState() { 2988 clearList(Instructions); 2989 clearList(IgnoredBranches); 2990 clearList(TakenBranches); 2991 2992 if (BC.HasRelocations) { 2993 for (std::pair<const uint32_t, MCSymbol *> &LI : Labels) 2994 BC.UndefinedSymbols.insert(LI.second); 2995 for (MCSymbol *const EndLabel : FunctionEndLabels) 2996 if (EndLabel) 2997 BC.UndefinedSymbols.insert(EndLabel); 2998 } 2999 } 3000 3001 void BinaryFunction::setTrapOnEntry() { 3002 clearDisasmState(); 3003 3004 forEachEntryPoint([&](uint64_t Offset, const MCSymbol *Label) -> bool { 3005 MCInst TrapInstr; 3006 BC.MIB->createTrap(TrapInstr); 3007 addInstruction(Offset, std::move(TrapInstr)); 3008 return true; 3009 }); 3010 3011 TrapsOnEntry = true; 3012 } 3013 3014 void BinaryFunction::setIgnored() { 3015 if (opts::processAllFunctions()) { 3016 // We can accept ignored functions before they've been disassembled. 3017 // In that case, they would still get disassembled and emited, but not 3018 // optimized. 3019 assert(CurrentState == State::Empty && 3020 "cannot ignore non-empty functions in current mode"); 3021 IsIgnored = true; 3022 return; 3023 } 3024 3025 clearDisasmState(); 3026 3027 // Clear CFG state too. 3028 if (hasCFG()) { 3029 releaseCFG(); 3030 3031 for (BinaryBasicBlock *BB : BasicBlocks) 3032 delete BB; 3033 clearList(BasicBlocks); 3034 3035 for (BinaryBasicBlock *BB : DeletedBasicBlocks) 3036 delete BB; 3037 clearList(DeletedBasicBlocks); 3038 3039 Layout.clear(); 3040 } 3041 3042 CurrentState = State::Empty; 3043 3044 IsIgnored = true; 3045 IsSimple = false; 3046 LLVM_DEBUG(dbgs() << "Ignoring " << getPrintName() << '\n'); 3047 } 3048 3049 void BinaryFunction::duplicateConstantIslands() { 3050 assert(Islands && "function expected to have constant islands"); 3051 3052 for (BinaryBasicBlock *BB : getLayout().blocks()) { 3053 if (!BB->isCold()) 3054 continue; 3055 3056 for (MCInst &Inst : *BB) { 3057 int OpNum = 0; 3058 for (MCOperand &Operand : Inst) { 3059 if (!Operand.isExpr()) { 3060 ++OpNum; 3061 continue; 3062 } 3063 const MCSymbol *Symbol = BC.MIB->getTargetSymbol(Inst, OpNum); 3064 // Check if this is an island symbol 3065 if (!Islands->Symbols.count(Symbol) && 3066 !Islands->ProxySymbols.count(Symbol)) 3067 continue; 3068 3069 // Create cold symbol, if missing 3070 auto ISym = Islands->ColdSymbols.find(Symbol); 3071 MCSymbol *ColdSymbol; 3072 if (ISym != Islands->ColdSymbols.end()) { 3073 ColdSymbol = ISym->second; 3074 } else { 3075 ColdSymbol = BC.Ctx->getOrCreateSymbol(Symbol->getName() + ".cold"); 3076 Islands->ColdSymbols[Symbol] = ColdSymbol; 3077 // Check if this is a proxy island symbol and update owner proxy map 3078 if (Islands->ProxySymbols.count(Symbol)) { 3079 BinaryFunction *Owner = Islands->ProxySymbols[Symbol]; 3080 auto IProxiedSym = Owner->Islands->Proxies[this].find(Symbol); 3081 Owner->Islands->ColdProxies[this][IProxiedSym->second] = ColdSymbol; 3082 } 3083 } 3084 3085 // Update instruction reference 3086 Operand = MCOperand::createExpr(BC.MIB->getTargetExprFor( 3087 Inst, 3088 MCSymbolRefExpr::create(ColdSymbol, MCSymbolRefExpr::VK_None, 3089 *BC.Ctx), 3090 *BC.Ctx, 0)); 3091 ++OpNum; 3092 } 3093 } 3094 } 3095 } 3096 3097 #ifndef MAX_PATH 3098 #define MAX_PATH 255 3099 #endif 3100 3101 static std::string constructFilename(std::string Filename, 3102 std::string Annotation, 3103 std::string Suffix) { 3104 std::replace(Filename.begin(), Filename.end(), '/', '-'); 3105 if (!Annotation.empty()) 3106 Annotation.insert(0, "-"); 3107 if (Filename.size() + Annotation.size() + Suffix.size() > MAX_PATH) { 3108 assert(Suffix.size() + Annotation.size() <= MAX_PATH); 3109 Filename.resize(MAX_PATH - (Suffix.size() + Annotation.size())); 3110 } 3111 Filename += Annotation; 3112 Filename += Suffix; 3113 return Filename; 3114 } 3115 3116 static std::string formatEscapes(const std::string &Str) { 3117 std::string Result; 3118 for (unsigned I = 0; I < Str.size(); ++I) { 3119 char C = Str[I]; 3120 switch (C) { 3121 case '\n': 3122 Result += " "; 3123 break; 3124 case '"': 3125 break; 3126 default: 3127 Result += C; 3128 break; 3129 } 3130 } 3131 return Result; 3132 } 3133 3134 void BinaryFunction::dumpGraph(raw_ostream &OS) const { 3135 OS << "digraph \"" << getPrintName() << "\" {\n" 3136 << "node [fontname=courier, shape=box, style=filled, colorscheme=brbg9]\n"; 3137 uint64_t Offset = Address; 3138 for (BinaryBasicBlock *BB : BasicBlocks) { 3139 auto LayoutPos = find(Layout.blocks(), BB); 3140 unsigned LayoutIndex = LayoutPos - Layout.block_begin(); 3141 const char *ColdStr = BB->isCold() ? " (cold)" : ""; 3142 std::vector<std::string> Attrs; 3143 // Bold box for entry points 3144 if (isEntryPoint(*BB)) 3145 Attrs.push_back("penwidth=2"); 3146 if (BLI && BLI->getLoopFor(BB)) { 3147 // Distinguish innermost loops 3148 const BinaryLoop *Loop = BLI->getLoopFor(BB); 3149 if (Loop->isInnermost()) 3150 Attrs.push_back("fillcolor=6"); 3151 else // some outer loop 3152 Attrs.push_back("fillcolor=4"); 3153 } else { // non-loopy code 3154 Attrs.push_back("fillcolor=5"); 3155 } 3156 ListSeparator LS; 3157 OS << "\"" << BB->getName() << "\" ["; 3158 for (StringRef Attr : Attrs) 3159 OS << LS << Attr; 3160 OS << "]\n"; 3161 OS << format("\"%s\" [label=\"%s%s\\n(C:%lu,O:%lu,I:%u,L:%u,CFI:%u)\\n", 3162 BB->getName().data(), BB->getName().data(), ColdStr, 3163 BB->getKnownExecutionCount(), BB->getOffset(), getIndex(BB), 3164 LayoutIndex, BB->getCFIState()); 3165 3166 if (opts::DotToolTipCode) { 3167 std::string Str; 3168 raw_string_ostream CS(Str); 3169 Offset = BC.printInstructions(CS, BB->begin(), BB->end(), Offset, this, 3170 /* PrintMCInst = */ false, 3171 /* PrintMemData = */ false, 3172 /* PrintRelocations = */ false, 3173 /* Endl = */ R"(\\l)"); 3174 OS << formatEscapes(CS.str()) << '\n'; 3175 } 3176 OS << "\"]\n"; 3177 3178 // analyzeBranch is just used to get the names of the branch 3179 // opcodes. 3180 const MCSymbol *TBB = nullptr; 3181 const MCSymbol *FBB = nullptr; 3182 MCInst *CondBranch = nullptr; 3183 MCInst *UncondBranch = nullptr; 3184 const bool Success = BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch); 3185 3186 const MCInst *LastInstr = BB->getLastNonPseudoInstr(); 3187 const bool IsJumpTable = LastInstr && BC.MIB->getJumpTable(*LastInstr); 3188 3189 auto BI = BB->branch_info_begin(); 3190 for (BinaryBasicBlock *Succ : BB->successors()) { 3191 std::string Branch; 3192 if (Success) { 3193 if (Succ == BB->getConditionalSuccessor(true)) { 3194 Branch = CondBranch ? std::string(BC.InstPrinter->getOpcodeName( 3195 CondBranch->getOpcode())) 3196 : "TB"; 3197 } else if (Succ == BB->getConditionalSuccessor(false)) { 3198 Branch = UncondBranch ? std::string(BC.InstPrinter->getOpcodeName( 3199 UncondBranch->getOpcode())) 3200 : "FB"; 3201 } else { 3202 Branch = "FT"; 3203 } 3204 } 3205 if (IsJumpTable) 3206 Branch = "JT"; 3207 OS << format("\"%s\" -> \"%s\" [label=\"%s", BB->getName().data(), 3208 Succ->getName().data(), Branch.c_str()); 3209 3210 if (BB->getExecutionCount() != COUNT_NO_PROFILE && 3211 BI->MispredictedCount != BinaryBasicBlock::COUNT_INFERRED) { 3212 OS << "\\n(C:" << BI->Count << ",M:" << BI->MispredictedCount << ")"; 3213 } else if (ExecutionCount != COUNT_NO_PROFILE && 3214 BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE) { 3215 OS << "\\n(IC:" << BI->Count << ")"; 3216 } 3217 OS << "\"]\n"; 3218 3219 ++BI; 3220 } 3221 for (BinaryBasicBlock *LP : BB->landing_pads()) { 3222 OS << format("\"%s\" -> \"%s\" [constraint=false style=dashed]\n", 3223 BB->getName().data(), LP->getName().data()); 3224 } 3225 } 3226 OS << "}\n"; 3227 } 3228 3229 void BinaryFunction::viewGraph() const { 3230 SmallString<MAX_PATH> Filename; 3231 if (std::error_code EC = 3232 sys::fs::createTemporaryFile("bolt-cfg", "dot", Filename)) { 3233 BC.errs() << "BOLT-ERROR: " << EC.message() << ", unable to create " 3234 << " bolt-cfg-XXXXX.dot temporary file.\n"; 3235 return; 3236 } 3237 dumpGraphToFile(std::string(Filename)); 3238 if (DisplayGraph(Filename)) 3239 BC.errs() << "BOLT-ERROR: Can't display " << Filename 3240 << " with graphviz.\n"; 3241 if (std::error_code EC = sys::fs::remove(Filename)) { 3242 BC.errs() << "BOLT-WARNING: " << EC.message() << ", failed to remove " 3243 << Filename << "\n"; 3244 } 3245 } 3246 3247 void BinaryFunction::dumpGraphForPass(std::string Annotation) const { 3248 if (!opts::shouldPrint(*this)) 3249 return; 3250 3251 std::string Filename = constructFilename(getPrintName(), Annotation, ".dot"); 3252 if (opts::Verbosity >= 1) 3253 BC.outs() << "BOLT-INFO: dumping CFG to " << Filename << "\n"; 3254 dumpGraphToFile(Filename); 3255 } 3256 3257 void BinaryFunction::dumpGraphToFile(std::string Filename) const { 3258 std::error_code EC; 3259 raw_fd_ostream of(Filename, EC, sys::fs::OF_None); 3260 if (EC) { 3261 if (opts::Verbosity >= 1) { 3262 BC.errs() << "BOLT-WARNING: " << EC.message() << ", unable to open " 3263 << Filename << " for output.\n"; 3264 } 3265 return; 3266 } 3267 dumpGraph(of); 3268 } 3269 3270 bool BinaryFunction::validateCFG() const { 3271 // Skip the validation of CFG after it is finalized 3272 if (CurrentState == State::CFG_Finalized) 3273 return true; 3274 3275 for (BinaryBasicBlock *BB : BasicBlocks) 3276 if (!BB->validateSuccessorInvariants()) 3277 return false; 3278 3279 // Make sure all blocks in CFG are valid. 3280 auto validateBlock = [this](const BinaryBasicBlock *BB, StringRef Desc) { 3281 if (!BB->isValid()) { 3282 BC.errs() << "BOLT-ERROR: deleted " << Desc << " " << BB->getName() 3283 << " detected in:\n"; 3284 this->dump(); 3285 return false; 3286 } 3287 return true; 3288 }; 3289 for (const BinaryBasicBlock *BB : BasicBlocks) { 3290 if (!validateBlock(BB, "block")) 3291 return false; 3292 for (const BinaryBasicBlock *PredBB : BB->predecessors()) 3293 if (!validateBlock(PredBB, "predecessor")) 3294 return false; 3295 for (const BinaryBasicBlock *SuccBB : BB->successors()) 3296 if (!validateBlock(SuccBB, "successor")) 3297 return false; 3298 for (const BinaryBasicBlock *LP : BB->landing_pads()) 3299 if (!validateBlock(LP, "landing pad")) 3300 return false; 3301 for (const BinaryBasicBlock *Thrower : BB->throwers()) 3302 if (!validateBlock(Thrower, "thrower")) 3303 return false; 3304 } 3305 3306 for (const BinaryBasicBlock *BB : BasicBlocks) { 3307 std::unordered_set<const BinaryBasicBlock *> BBLandingPads; 3308 for (const BinaryBasicBlock *LP : BB->landing_pads()) { 3309 if (BBLandingPads.count(LP)) { 3310 BC.errs() << "BOLT-ERROR: duplicate landing pad detected in" 3311 << BB->getName() << " in function " << *this << '\n'; 3312 return false; 3313 } 3314 BBLandingPads.insert(LP); 3315 } 3316 3317 std::unordered_set<const BinaryBasicBlock *> BBThrowers; 3318 for (const BinaryBasicBlock *Thrower : BB->throwers()) { 3319 if (BBThrowers.count(Thrower)) { 3320 BC.errs() << "BOLT-ERROR: duplicate thrower detected in" 3321 << BB->getName() << " in function " << *this << '\n'; 3322 return false; 3323 } 3324 BBThrowers.insert(Thrower); 3325 } 3326 3327 for (const BinaryBasicBlock *LPBlock : BB->landing_pads()) { 3328 if (!llvm::is_contained(LPBlock->throwers(), BB)) { 3329 BC.errs() << "BOLT-ERROR: inconsistent landing pad detected in " 3330 << *this << ": " << BB->getName() 3331 << " is in LandingPads but not in " << LPBlock->getName() 3332 << " Throwers\n"; 3333 return false; 3334 } 3335 } 3336 for (const BinaryBasicBlock *Thrower : BB->throwers()) { 3337 if (!llvm::is_contained(Thrower->landing_pads(), BB)) { 3338 BC.errs() << "BOLT-ERROR: inconsistent thrower detected in " << *this 3339 << ": " << BB->getName() << " is in Throwers list but not in " 3340 << Thrower->getName() << " LandingPads\n"; 3341 return false; 3342 } 3343 } 3344 } 3345 3346 return true; 3347 } 3348 3349 void BinaryFunction::fixBranches() { 3350 auto &MIB = BC.MIB; 3351 MCContext *Ctx = BC.Ctx.get(); 3352 3353 for (BinaryBasicBlock *BB : BasicBlocks) { 3354 const MCSymbol *TBB = nullptr; 3355 const MCSymbol *FBB = nullptr; 3356 MCInst *CondBranch = nullptr; 3357 MCInst *UncondBranch = nullptr; 3358 if (!BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch)) 3359 continue; 3360 3361 // We will create unconditional branch with correct destination if needed. 3362 if (UncondBranch) 3363 BB->eraseInstruction(BB->findInstruction(UncondBranch)); 3364 3365 // Basic block that follows the current one in the final layout. 3366 const BinaryBasicBlock *const NextBB = 3367 Layout.getBasicBlockAfter(BB, /*IgnoreSplits=*/false); 3368 3369 if (BB->succ_size() == 1) { 3370 // __builtin_unreachable() could create a conditional branch that 3371 // falls-through into the next function - hence the block will have only 3372 // one valid successor. Since behaviour is undefined - we replace 3373 // the conditional branch with an unconditional if required. 3374 if (CondBranch) 3375 BB->eraseInstruction(BB->findInstruction(CondBranch)); 3376 if (BB->getSuccessor() == NextBB) 3377 continue; 3378 BB->addBranchInstruction(BB->getSuccessor()); 3379 } else if (BB->succ_size() == 2) { 3380 assert(CondBranch && "conditional branch expected"); 3381 const BinaryBasicBlock *TSuccessor = BB->getConditionalSuccessor(true); 3382 const BinaryBasicBlock *FSuccessor = BB->getConditionalSuccessor(false); 3383 3384 // Eliminate unnecessary conditional branch. 3385 if (TSuccessor == FSuccessor) { 3386 // FIXME: at the moment, we cannot safely remove static key branches. 3387 if (MIB->isDynamicBranch(*CondBranch)) { 3388 if (opts::Verbosity) { 3389 BC.outs() 3390 << "BOLT-INFO: unable to remove redundant dynamic branch in " 3391 << *this << '\n'; 3392 } 3393 continue; 3394 } 3395 3396 BB->removeDuplicateConditionalSuccessor(CondBranch); 3397 if (TSuccessor != NextBB) 3398 BB->addBranchInstruction(TSuccessor); 3399 continue; 3400 } 3401 3402 // Reverse branch condition and swap successors. 3403 auto swapSuccessors = [&]() { 3404 if (!MIB->isReversibleBranch(*CondBranch)) { 3405 if (opts::Verbosity) { 3406 BC.outs() << "BOLT-INFO: unable to swap successors in " << *this 3407 << '\n'; 3408 } 3409 return false; 3410 } 3411 std::swap(TSuccessor, FSuccessor); 3412 BB->swapConditionalSuccessors(); 3413 auto L = BC.scopeLock(); 3414 MIB->reverseBranchCondition(*CondBranch, TSuccessor->getLabel(), Ctx); 3415 return true; 3416 }; 3417 3418 // Check whether the next block is a "taken" target and try to swap it 3419 // with a "fall-through" target. 3420 if (TSuccessor == NextBB && swapSuccessors()) 3421 continue; 3422 3423 // Update conditional branch destination if needed. 3424 if (MIB->getTargetSymbol(*CondBranch) != TSuccessor->getLabel()) { 3425 auto L = BC.scopeLock(); 3426 MIB->replaceBranchTarget(*CondBranch, TSuccessor->getLabel(), Ctx); 3427 } 3428 3429 // No need for the unconditional branch. 3430 if (FSuccessor == NextBB) 3431 continue; 3432 3433 if (BC.isX86()) { 3434 // We are going to generate two branches. Check if their targets are in 3435 // the same fragment as this block. If only one target is in the same 3436 // fragment, make it the destination of the conditional branch. There 3437 // is a chance it will be a short branch which takes 4 bytes fewer than 3438 // a long conditional branch. For unconditional branch, the difference 3439 // is 3 bytes. 3440 if (BB->getFragmentNum() != TSuccessor->getFragmentNum() && 3441 BB->getFragmentNum() == FSuccessor->getFragmentNum()) 3442 swapSuccessors(); 3443 } 3444 3445 BB->addBranchInstruction(FSuccessor); 3446 } 3447 // Cases where the number of successors is 0 (block ends with a 3448 // terminator) or more than 2 (switch table) don't require branch 3449 // instruction adjustments. 3450 } 3451 assert((!isSimple() || validateCFG()) && 3452 "Invalid CFG detected after fixing branches"); 3453 } 3454 3455 void BinaryFunction::propagateGnuArgsSizeInfo( 3456 MCPlusBuilder::AllocatorIdTy AllocId) { 3457 assert(CurrentState == State::Disassembled && "unexpected function state"); 3458 3459 if (!hasEHRanges() || !usesGnuArgsSize()) 3460 return; 3461 3462 // The current value of DW_CFA_GNU_args_size affects all following 3463 // invoke instructions until the next CFI overrides it. 3464 // It is important to iterate basic blocks in the original order when 3465 // assigning the value. 3466 uint64_t CurrentGnuArgsSize = 0; 3467 for (BinaryBasicBlock *BB : BasicBlocks) { 3468 for (auto II = BB->begin(); II != BB->end();) { 3469 MCInst &Instr = *II; 3470 if (BC.MIB->isCFI(Instr)) { 3471 const MCCFIInstruction *CFI = getCFIFor(Instr); 3472 if (CFI->getOperation() == MCCFIInstruction::OpGnuArgsSize) { 3473 CurrentGnuArgsSize = CFI->getOffset(); 3474 // Delete DW_CFA_GNU_args_size instructions and only regenerate 3475 // during the final code emission. The information is embedded 3476 // inside call instructions. 3477 II = BB->erasePseudoInstruction(II); 3478 continue; 3479 } 3480 } else if (BC.MIB->isInvoke(Instr)) { 3481 // Add the value of GNU_args_size as an extra operand to invokes. 3482 BC.MIB->addGnuArgsSize(Instr, CurrentGnuArgsSize); 3483 } 3484 ++II; 3485 } 3486 } 3487 } 3488 3489 void BinaryFunction::postProcessBranches() { 3490 if (!isSimple()) 3491 return; 3492 for (BinaryBasicBlock &BB : blocks()) { 3493 auto LastInstrRI = BB.getLastNonPseudo(); 3494 if (BB.succ_size() == 1) { 3495 if (LastInstrRI != BB.rend() && 3496 BC.MIB->isConditionalBranch(*LastInstrRI)) { 3497 // __builtin_unreachable() could create a conditional branch that 3498 // falls-through into the next function - hence the block will have only 3499 // one valid successor. Such behaviour is undefined and thus we remove 3500 // the conditional branch while leaving a valid successor. 3501 BB.eraseInstruction(std::prev(LastInstrRI.base())); 3502 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: erasing conditional branch in " 3503 << BB.getName() << " in function " << *this << '\n'); 3504 } 3505 } else if (BB.succ_size() == 0) { 3506 // Ignore unreachable basic blocks. 3507 if (BB.pred_size() == 0 || BB.isLandingPad()) 3508 continue; 3509 3510 // If it's the basic block that does not end up with a terminator - we 3511 // insert a return instruction unless it's a call instruction. 3512 if (LastInstrRI == BB.rend()) { 3513 LLVM_DEBUG( 3514 dbgs() << "BOLT-DEBUG: at least one instruction expected in BB " 3515 << BB.getName() << " in function " << *this << '\n'); 3516 continue; 3517 } 3518 if (!BC.MIB->isTerminator(*LastInstrRI) && 3519 !BC.MIB->isCall(*LastInstrRI)) { 3520 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: adding return to basic block " 3521 << BB.getName() << " in function " << *this << '\n'); 3522 MCInst ReturnInstr; 3523 BC.MIB->createReturn(ReturnInstr); 3524 BB.addInstruction(ReturnInstr); 3525 } 3526 } 3527 } 3528 assert(validateCFG() && "invalid CFG"); 3529 } 3530 3531 MCSymbol *BinaryFunction::addEntryPointAtOffset(uint64_t Offset) { 3532 assert(Offset && "cannot add primary entry point"); 3533 assert(CurrentState == State::Empty || CurrentState == State::Disassembled); 3534 3535 const uint64_t EntryPointAddress = getAddress() + Offset; 3536 MCSymbol *LocalSymbol = getOrCreateLocalLabel(EntryPointAddress); 3537 3538 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(LocalSymbol); 3539 if (EntrySymbol) 3540 return EntrySymbol; 3541 3542 if (BinaryData *EntryBD = BC.getBinaryDataAtAddress(EntryPointAddress)) { 3543 EntrySymbol = EntryBD->getSymbol(); 3544 } else { 3545 EntrySymbol = BC.getOrCreateGlobalSymbol( 3546 EntryPointAddress, Twine("__ENTRY_") + getOneName() + "@"); 3547 } 3548 SecondaryEntryPoints[LocalSymbol] = EntrySymbol; 3549 3550 BC.setSymbolToFunctionMap(EntrySymbol, this); 3551 3552 return EntrySymbol; 3553 } 3554 3555 MCSymbol *BinaryFunction::addEntryPoint(const BinaryBasicBlock &BB) { 3556 assert(CurrentState == State::CFG && 3557 "basic block can be added as an entry only in a function with CFG"); 3558 3559 if (&BB == BasicBlocks.front()) 3560 return getSymbol(); 3561 3562 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(BB); 3563 if (EntrySymbol) 3564 return EntrySymbol; 3565 3566 EntrySymbol = 3567 BC.Ctx->getOrCreateSymbol("__ENTRY_" + BB.getLabel()->getName()); 3568 3569 SecondaryEntryPoints[BB.getLabel()] = EntrySymbol; 3570 3571 BC.setSymbolToFunctionMap(EntrySymbol, this); 3572 3573 return EntrySymbol; 3574 } 3575 3576 MCSymbol *BinaryFunction::getSymbolForEntryID(uint64_t EntryID) { 3577 if (EntryID == 0) 3578 return getSymbol(); 3579 3580 if (!isMultiEntry()) 3581 return nullptr; 3582 3583 uint64_t NumEntries = 1; 3584 if (hasCFG()) { 3585 for (BinaryBasicBlock *BB : BasicBlocks) { 3586 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB); 3587 if (!EntrySymbol) 3588 continue; 3589 if (NumEntries == EntryID) 3590 return EntrySymbol; 3591 ++NumEntries; 3592 } 3593 } else { 3594 for (std::pair<const uint32_t, MCSymbol *> &KV : Labels) { 3595 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second); 3596 if (!EntrySymbol) 3597 continue; 3598 if (NumEntries == EntryID) 3599 return EntrySymbol; 3600 ++NumEntries; 3601 } 3602 } 3603 3604 return nullptr; 3605 } 3606 3607 uint64_t BinaryFunction::getEntryIDForSymbol(const MCSymbol *Symbol) const { 3608 if (!isMultiEntry()) 3609 return 0; 3610 3611 for (const MCSymbol *FunctionSymbol : getSymbols()) 3612 if (FunctionSymbol == Symbol) 3613 return 0; 3614 3615 // Check all secondary entries available as either basic blocks or lables. 3616 uint64_t NumEntries = 1; 3617 for (const BinaryBasicBlock *BB : BasicBlocks) { 3618 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(*BB); 3619 if (!EntrySymbol) 3620 continue; 3621 if (EntrySymbol == Symbol) 3622 return NumEntries; 3623 ++NumEntries; 3624 } 3625 NumEntries = 1; 3626 for (const std::pair<const uint32_t, MCSymbol *> &KV : Labels) { 3627 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second); 3628 if (!EntrySymbol) 3629 continue; 3630 if (EntrySymbol == Symbol) 3631 return NumEntries; 3632 ++NumEntries; 3633 } 3634 3635 llvm_unreachable("symbol not found"); 3636 } 3637 3638 bool BinaryFunction::forEachEntryPoint(EntryPointCallbackTy Callback) const { 3639 bool Status = Callback(0, getSymbol()); 3640 if (!isMultiEntry()) 3641 return Status; 3642 3643 for (const std::pair<const uint32_t, MCSymbol *> &KV : Labels) { 3644 if (!Status) 3645 break; 3646 3647 MCSymbol *EntrySymbol = getSecondaryEntryPointSymbol(KV.second); 3648 if (!EntrySymbol) 3649 continue; 3650 3651 Status = Callback(KV.first, EntrySymbol); 3652 } 3653 3654 return Status; 3655 } 3656 3657 BinaryFunction::BasicBlockListType BinaryFunction::dfs() const { 3658 BasicBlockListType DFS; 3659 std::stack<BinaryBasicBlock *> Stack; 3660 std::set<BinaryBasicBlock *> Visited; 3661 3662 // Push entry points to the stack in reverse order. 3663 // 3664 // NB: we rely on the original order of entries to match. 3665 SmallVector<BinaryBasicBlock *> EntryPoints; 3666 llvm::copy_if(BasicBlocks, std::back_inserter(EntryPoints), 3667 [&](const BinaryBasicBlock *const BB) { return isEntryPoint(*BB); }); 3668 // Sort entry points by their offset to make sure we got them in the right 3669 // order. 3670 llvm::stable_sort(EntryPoints, [](const BinaryBasicBlock *const A, 3671 const BinaryBasicBlock *const B) { 3672 return A->getOffset() < B->getOffset(); 3673 }); 3674 for (BinaryBasicBlock *const BB : reverse(EntryPoints)) 3675 Stack.push(BB); 3676 3677 while (!Stack.empty()) { 3678 BinaryBasicBlock *BB = Stack.top(); 3679 Stack.pop(); 3680 3681 if (Visited.find(BB) != Visited.end()) 3682 continue; 3683 Visited.insert(BB); 3684 DFS.push_back(BB); 3685 3686 for (BinaryBasicBlock *SuccBB : BB->landing_pads()) { 3687 Stack.push(SuccBB); 3688 } 3689 3690 const MCSymbol *TBB = nullptr; 3691 const MCSymbol *FBB = nullptr; 3692 MCInst *CondBranch = nullptr; 3693 MCInst *UncondBranch = nullptr; 3694 if (BB->analyzeBranch(TBB, FBB, CondBranch, UncondBranch) && CondBranch && 3695 BB->succ_size() == 2) { 3696 if (BC.MIB->getCanonicalBranchCondCode(BC.MIB->getCondCode( 3697 *CondBranch)) == BC.MIB->getCondCode(*CondBranch)) { 3698 Stack.push(BB->getConditionalSuccessor(true)); 3699 Stack.push(BB->getConditionalSuccessor(false)); 3700 } else { 3701 Stack.push(BB->getConditionalSuccessor(false)); 3702 Stack.push(BB->getConditionalSuccessor(true)); 3703 } 3704 } else { 3705 for (BinaryBasicBlock *SuccBB : BB->successors()) { 3706 Stack.push(SuccBB); 3707 } 3708 } 3709 } 3710 3711 return DFS; 3712 } 3713 3714 size_t BinaryFunction::computeHash(bool UseDFS, HashFunction HashFunction, 3715 OperandHashFuncTy OperandHashFunc) const { 3716 LLVM_DEBUG({ 3717 dbgs() << "BOLT-DEBUG: computeHash " << getPrintName() << ' ' 3718 << (UseDFS ? "dfs" : "bin") << " order " 3719 << (HashFunction == HashFunction::StdHash ? "std::hash" : "xxh3") 3720 << '\n'; 3721 }); 3722 3723 if (size() == 0) 3724 return 0; 3725 3726 assert(hasCFG() && "function is expected to have CFG"); 3727 3728 SmallVector<const BinaryBasicBlock *, 0> Order; 3729 if (UseDFS) 3730 llvm::copy(dfs(), std::back_inserter(Order)); 3731 else 3732 llvm::copy(Layout.blocks(), std::back_inserter(Order)); 3733 3734 // The hash is computed by creating a string of all instruction opcodes and 3735 // possibly their operands and then hashing that string with std::hash. 3736 std::string HashString; 3737 for (const BinaryBasicBlock *BB : Order) 3738 HashString.append(hashBlock(BC, *BB, OperandHashFunc)); 3739 3740 switch (HashFunction) { 3741 case HashFunction::StdHash: 3742 return Hash = std::hash<std::string>{}(HashString); 3743 case HashFunction::XXH3: 3744 return Hash = llvm::xxh3_64bits(HashString); 3745 } 3746 llvm_unreachable("Unhandled HashFunction"); 3747 } 3748 3749 void BinaryFunction::insertBasicBlocks( 3750 BinaryBasicBlock *Start, 3751 std::vector<std::unique_ptr<BinaryBasicBlock>> &&NewBBs, 3752 const bool UpdateLayout, const bool UpdateCFIState, 3753 const bool RecomputeLandingPads) { 3754 const int64_t StartIndex = Start ? getIndex(Start) : -1LL; 3755 const size_t NumNewBlocks = NewBBs.size(); 3756 3757 BasicBlocks.insert(BasicBlocks.begin() + (StartIndex + 1), NumNewBlocks, 3758 nullptr); 3759 3760 int64_t I = StartIndex + 1; 3761 for (std::unique_ptr<BinaryBasicBlock> &BB : NewBBs) { 3762 assert(!BasicBlocks[I]); 3763 BasicBlocks[I++] = BB.release(); 3764 } 3765 3766 if (RecomputeLandingPads) 3767 recomputeLandingPads(); 3768 else 3769 updateBBIndices(0); 3770 3771 if (UpdateLayout) 3772 updateLayout(Start, NumNewBlocks); 3773 3774 if (UpdateCFIState) 3775 updateCFIState(Start, NumNewBlocks); 3776 } 3777 3778 BinaryFunction::iterator BinaryFunction::insertBasicBlocks( 3779 BinaryFunction::iterator StartBB, 3780 std::vector<std::unique_ptr<BinaryBasicBlock>> &&NewBBs, 3781 const bool UpdateLayout, const bool UpdateCFIState, 3782 const bool RecomputeLandingPads) { 3783 const unsigned StartIndex = getIndex(&*StartBB); 3784 const size_t NumNewBlocks = NewBBs.size(); 3785 3786 BasicBlocks.insert(BasicBlocks.begin() + StartIndex + 1, NumNewBlocks, 3787 nullptr); 3788 auto RetIter = BasicBlocks.begin() + StartIndex + 1; 3789 3790 unsigned I = StartIndex + 1; 3791 for (std::unique_ptr<BinaryBasicBlock> &BB : NewBBs) { 3792 assert(!BasicBlocks[I]); 3793 BasicBlocks[I++] = BB.release(); 3794 } 3795 3796 if (RecomputeLandingPads) 3797 recomputeLandingPads(); 3798 else 3799 updateBBIndices(0); 3800 3801 if (UpdateLayout) 3802 updateLayout(*std::prev(RetIter), NumNewBlocks); 3803 3804 if (UpdateCFIState) 3805 updateCFIState(*std::prev(RetIter), NumNewBlocks); 3806 3807 return RetIter; 3808 } 3809 3810 void BinaryFunction::updateBBIndices(const unsigned StartIndex) { 3811 for (unsigned I = StartIndex; I < BasicBlocks.size(); ++I) 3812 BasicBlocks[I]->Index = I; 3813 } 3814 3815 void BinaryFunction::updateCFIState(BinaryBasicBlock *Start, 3816 const unsigned NumNewBlocks) { 3817 const int32_t CFIState = Start->getCFIStateAtExit(); 3818 const unsigned StartIndex = getIndex(Start) + 1; 3819 for (unsigned I = 0; I < NumNewBlocks; ++I) 3820 BasicBlocks[StartIndex + I]->setCFIState(CFIState); 3821 } 3822 3823 void BinaryFunction::updateLayout(BinaryBasicBlock *Start, 3824 const unsigned NumNewBlocks) { 3825 BasicBlockListType::iterator Begin; 3826 BasicBlockListType::iterator End; 3827 3828 // If start not provided copy new blocks from the beginning of BasicBlocks 3829 if (!Start) { 3830 Begin = BasicBlocks.begin(); 3831 End = BasicBlocks.begin() + NumNewBlocks; 3832 } else { 3833 unsigned StartIndex = getIndex(Start); 3834 Begin = std::next(BasicBlocks.begin(), StartIndex + 1); 3835 End = std::next(BasicBlocks.begin(), StartIndex + NumNewBlocks + 1); 3836 } 3837 3838 // Insert new blocks in the layout immediately after Start. 3839 Layout.insertBasicBlocks(Start, {Begin, End}); 3840 Layout.updateLayoutIndices(); 3841 } 3842 3843 bool BinaryFunction::checkForAmbiguousJumpTables() { 3844 SmallSet<uint64_t, 4> JumpTables; 3845 for (BinaryBasicBlock *&BB : BasicBlocks) { 3846 for (MCInst &Inst : *BB) { 3847 if (!BC.MIB->isIndirectBranch(Inst)) 3848 continue; 3849 uint64_t JTAddress = BC.MIB->getJumpTable(Inst); 3850 if (!JTAddress) 3851 continue; 3852 // This address can be inside another jump table, but we only consider 3853 // it ambiguous when the same start address is used, not the same JT 3854 // object. 3855 if (!JumpTables.count(JTAddress)) { 3856 JumpTables.insert(JTAddress); 3857 continue; 3858 } 3859 return true; 3860 } 3861 } 3862 return false; 3863 } 3864 3865 void BinaryFunction::disambiguateJumpTables( 3866 MCPlusBuilder::AllocatorIdTy AllocId) { 3867 assert((opts::JumpTables != JTS_BASIC && isSimple()) || !BC.HasRelocations); 3868 SmallPtrSet<JumpTable *, 4> JumpTables; 3869 for (BinaryBasicBlock *&BB : BasicBlocks) { 3870 for (MCInst &Inst : *BB) { 3871 if (!BC.MIB->isIndirectBranch(Inst)) 3872 continue; 3873 JumpTable *JT = getJumpTable(Inst); 3874 if (!JT) 3875 continue; 3876 auto Iter = JumpTables.find(JT); 3877 if (Iter == JumpTables.end()) { 3878 JumpTables.insert(JT); 3879 continue; 3880 } 3881 // This instruction is an indirect jump using a jump table, but it is 3882 // using the same jump table of another jump. Try all our tricks to 3883 // extract the jump table symbol and make it point to a new, duplicated JT 3884 MCPhysReg BaseReg1; 3885 uint64_t Scale; 3886 const MCSymbol *Target; 3887 // In case we match if our first matcher, first instruction is the one to 3888 // patch 3889 MCInst *JTLoadInst = &Inst; 3890 // Try a standard indirect jump matcher, scale 8 3891 std::unique_ptr<MCPlusBuilder::MCInstMatcher> IndJmpMatcher = 3892 BC.MIB->matchIndJmp(BC.MIB->matchReg(BaseReg1), 3893 BC.MIB->matchImm(Scale), BC.MIB->matchReg(), 3894 /*Offset=*/BC.MIB->matchSymbol(Target)); 3895 if (!IndJmpMatcher->match( 3896 *BC.MRI, *BC.MIB, 3897 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) || 3898 BaseReg1 != BC.MIB->getNoRegister() || Scale != 8) { 3899 MCPhysReg BaseReg2; 3900 uint64_t Offset; 3901 // Standard JT matching failed. Trying now: 3902 // movq "jt.2397/1"(,%rax,8), %rax 3903 // jmpq *%rax 3904 std::unique_ptr<MCPlusBuilder::MCInstMatcher> LoadMatcherOwner = 3905 BC.MIB->matchLoad(BC.MIB->matchReg(BaseReg1), 3906 BC.MIB->matchImm(Scale), BC.MIB->matchReg(), 3907 /*Offset=*/BC.MIB->matchSymbol(Target)); 3908 MCPlusBuilder::MCInstMatcher *LoadMatcher = LoadMatcherOwner.get(); 3909 std::unique_ptr<MCPlusBuilder::MCInstMatcher> IndJmpMatcher2 = 3910 BC.MIB->matchIndJmp(std::move(LoadMatcherOwner)); 3911 if (!IndJmpMatcher2->match( 3912 *BC.MRI, *BC.MIB, 3913 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) || 3914 BaseReg1 != BC.MIB->getNoRegister() || Scale != 8) { 3915 // JT matching failed. Trying now: 3916 // PIC-style matcher, scale 4 3917 // addq %rdx, %rsi 3918 // addq %rdx, %rdi 3919 // leaq DATAat0x402450(%rip), %r11 3920 // movslq (%r11,%rdx,4), %rcx 3921 // addq %r11, %rcx 3922 // jmpq *%rcx # JUMPTABLE @0x402450 3923 std::unique_ptr<MCPlusBuilder::MCInstMatcher> PICIndJmpMatcher = 3924 BC.MIB->matchIndJmp(BC.MIB->matchAdd( 3925 BC.MIB->matchReg(BaseReg1), 3926 BC.MIB->matchLoad(BC.MIB->matchReg(BaseReg2), 3927 BC.MIB->matchImm(Scale), BC.MIB->matchReg(), 3928 BC.MIB->matchImm(Offset)))); 3929 std::unique_ptr<MCPlusBuilder::MCInstMatcher> LEAMatcherOwner = 3930 BC.MIB->matchLoadAddr(BC.MIB->matchSymbol(Target)); 3931 MCPlusBuilder::MCInstMatcher *LEAMatcher = LEAMatcherOwner.get(); 3932 std::unique_ptr<MCPlusBuilder::MCInstMatcher> PICBaseAddrMatcher = 3933 BC.MIB->matchIndJmp(BC.MIB->matchAdd(std::move(LEAMatcherOwner), 3934 BC.MIB->matchAnyOperand())); 3935 if (!PICIndJmpMatcher->match( 3936 *BC.MRI, *BC.MIB, 3937 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1) || 3938 Scale != 4 || BaseReg1 != BaseReg2 || Offset != 0 || 3939 !PICBaseAddrMatcher->match( 3940 *BC.MRI, *BC.MIB, 3941 MutableArrayRef<MCInst>(&*BB->begin(), &Inst + 1), -1)) { 3942 llvm_unreachable("Failed to extract jump table base"); 3943 continue; 3944 } 3945 // Matched PIC, identify the instruction with the reference to the JT 3946 JTLoadInst = LEAMatcher->CurInst; 3947 } else { 3948 // Matched non-PIC 3949 JTLoadInst = LoadMatcher->CurInst; 3950 } 3951 } 3952 3953 uint64_t NewJumpTableID = 0; 3954 const MCSymbol *NewJTLabel; 3955 std::tie(NewJumpTableID, NewJTLabel) = 3956 BC.duplicateJumpTable(*this, JT, Target); 3957 { 3958 auto L = BC.scopeLock(); 3959 BC.MIB->replaceMemOperandDisp(*JTLoadInst, NewJTLabel, BC.Ctx.get()); 3960 } 3961 // We use a unique ID with the high bit set as address for this "injected" 3962 // jump table (not originally in the input binary). 3963 BC.MIB->setJumpTable(Inst, NewJumpTableID, 0, AllocId); 3964 } 3965 } 3966 } 3967 3968 bool BinaryFunction::replaceJumpTableEntryIn(BinaryBasicBlock *BB, 3969 BinaryBasicBlock *OldDest, 3970 BinaryBasicBlock *NewDest) { 3971 MCInst *Instr = BB->getLastNonPseudoInstr(); 3972 if (!Instr || !BC.MIB->isIndirectBranch(*Instr)) 3973 return false; 3974 uint64_t JTAddress = BC.MIB->getJumpTable(*Instr); 3975 assert(JTAddress && "Invalid jump table address"); 3976 JumpTable *JT = getJumpTableContainingAddress(JTAddress); 3977 assert(JT && "No jump table structure for this indirect branch"); 3978 bool Patched = JT->replaceDestination(JTAddress, OldDest->getLabel(), 3979 NewDest->getLabel()); 3980 (void)Patched; 3981 assert(Patched && "Invalid entry to be replaced in jump table"); 3982 return true; 3983 } 3984 3985 BinaryBasicBlock *BinaryFunction::splitEdge(BinaryBasicBlock *From, 3986 BinaryBasicBlock *To) { 3987 // Create intermediate BB 3988 MCSymbol *Tmp; 3989 { 3990 auto L = BC.scopeLock(); 3991 Tmp = BC.Ctx->createNamedTempSymbol("SplitEdge"); 3992 } 3993 // Link new BBs to the original input offset of the From BB, so we can map 3994 // samples recorded in new BBs back to the original BB seem in the input 3995 // binary (if using BAT) 3996 std::unique_ptr<BinaryBasicBlock> NewBB = createBasicBlock(Tmp); 3997 NewBB->setOffset(From->getInputOffset()); 3998 BinaryBasicBlock *NewBBPtr = NewBB.get(); 3999 4000 // Update "From" BB 4001 auto I = From->succ_begin(); 4002 auto BI = From->branch_info_begin(); 4003 for (; I != From->succ_end(); ++I) { 4004 if (*I == To) 4005 break; 4006 ++BI; 4007 } 4008 assert(I != From->succ_end() && "Invalid CFG edge in splitEdge!"); 4009 uint64_t OrigCount = BI->Count; 4010 uint64_t OrigMispreds = BI->MispredictedCount; 4011 replaceJumpTableEntryIn(From, To, NewBBPtr); 4012 From->replaceSuccessor(To, NewBBPtr, OrigCount, OrigMispreds); 4013 4014 NewBB->addSuccessor(To, OrigCount, OrigMispreds); 4015 NewBB->setExecutionCount(OrigCount); 4016 NewBB->setIsCold(From->isCold()); 4017 4018 // Update CFI and BB layout with new intermediate BB 4019 std::vector<std::unique_ptr<BinaryBasicBlock>> NewBBs; 4020 NewBBs.emplace_back(std::move(NewBB)); 4021 insertBasicBlocks(From, std::move(NewBBs), true, true, 4022 /*RecomputeLandingPads=*/false); 4023 return NewBBPtr; 4024 } 4025 4026 void BinaryFunction::deleteConservativeEdges() { 4027 // Our goal is to aggressively remove edges from the CFG that we believe are 4028 // wrong. This is used for instrumentation, where it is safe to remove 4029 // fallthrough edges because we won't reorder blocks. 4030 for (auto I = BasicBlocks.begin(), E = BasicBlocks.end(); I != E; ++I) { 4031 BinaryBasicBlock *BB = *I; 4032 if (BB->succ_size() != 1 || BB->size() == 0) 4033 continue; 4034 4035 auto NextBB = std::next(I); 4036 MCInst *Last = BB->getLastNonPseudoInstr(); 4037 // Fallthrough is a landing pad? Delete this edge (as long as we don't 4038 // have a direct jump to it) 4039 if ((*BB->succ_begin())->isLandingPad() && NextBB != E && 4040 *BB->succ_begin() == *NextBB && Last && !BC.MIB->isBranch(*Last)) { 4041 BB->removeAllSuccessors(); 4042 continue; 4043 } 4044 4045 // Look for suspicious calls at the end of BB where gcc may optimize it and 4046 // remove the jump to the epilogue when it knows the call won't return. 4047 if (!Last || !BC.MIB->isCall(*Last)) 4048 continue; 4049 4050 const MCSymbol *CalleeSymbol = BC.MIB->getTargetSymbol(*Last); 4051 if (!CalleeSymbol) 4052 continue; 4053 4054 StringRef CalleeName = CalleeSymbol->getName(); 4055 if (CalleeName != "__cxa_throw@PLT" && CalleeName != "_Unwind_Resume@PLT" && 4056 CalleeName != "__cxa_rethrow@PLT" && CalleeName != "exit@PLT" && 4057 CalleeName != "abort@PLT") 4058 continue; 4059 4060 BB->removeAllSuccessors(); 4061 } 4062 } 4063 4064 bool BinaryFunction::isSymbolValidInScope(const SymbolRef &Symbol, 4065 uint64_t SymbolSize) const { 4066 // If this symbol is in a different section from the one where the 4067 // function symbol is, don't consider it as valid. 4068 if (!getOriginSection()->containsAddress( 4069 cantFail(Symbol.getAddress(), "cannot get symbol address"))) 4070 return false; 4071 4072 // Some symbols are tolerated inside function bodies, others are not. 4073 // The real function boundaries may not be known at this point. 4074 if (BC.isMarker(Symbol)) 4075 return true; 4076 4077 // It's okay to have a zero-sized symbol in the middle of non-zero-sized 4078 // function. 4079 if (SymbolSize == 0 && containsAddress(cantFail(Symbol.getAddress()))) 4080 return true; 4081 4082 if (cantFail(Symbol.getType()) != SymbolRef::ST_Unknown) 4083 return false; 4084 4085 if (cantFail(Symbol.getFlags()) & SymbolRef::SF_Global) 4086 return false; 4087 4088 return true; 4089 } 4090 4091 void BinaryFunction::adjustExecutionCount(uint64_t Count) { 4092 if (getKnownExecutionCount() == 0 || Count == 0) 4093 return; 4094 4095 if (ExecutionCount < Count) 4096 Count = ExecutionCount; 4097 4098 double AdjustmentRatio = ((double)ExecutionCount - Count) / ExecutionCount; 4099 if (AdjustmentRatio < 0.0) 4100 AdjustmentRatio = 0.0; 4101 4102 for (BinaryBasicBlock &BB : blocks()) 4103 BB.adjustExecutionCount(AdjustmentRatio); 4104 4105 ExecutionCount -= Count; 4106 } 4107 4108 BinaryFunction::~BinaryFunction() { 4109 for (BinaryBasicBlock *BB : BasicBlocks) 4110 delete BB; 4111 for (BinaryBasicBlock *BB : DeletedBasicBlocks) 4112 delete BB; 4113 } 4114 4115 void BinaryFunction::constructDomTree() { 4116 BDT.reset(new BinaryDominatorTree); 4117 BDT->recalculate(*this); 4118 } 4119 4120 void BinaryFunction::calculateLoopInfo() { 4121 if (!hasDomTree()) 4122 constructDomTree(); 4123 // Discover loops. 4124 BLI.reset(new BinaryLoopInfo()); 4125 BLI->analyze(getDomTree()); 4126 4127 // Traverse discovered loops and add depth and profile information. 4128 std::stack<BinaryLoop *> St; 4129 for (auto I = BLI->begin(), E = BLI->end(); I != E; ++I) { 4130 St.push(*I); 4131 ++BLI->OuterLoops; 4132 } 4133 4134 while (!St.empty()) { 4135 BinaryLoop *L = St.top(); 4136 St.pop(); 4137 ++BLI->TotalLoops; 4138 BLI->MaximumDepth = std::max(L->getLoopDepth(), BLI->MaximumDepth); 4139 4140 // Add nested loops in the stack. 4141 for (BinaryLoop::iterator I = L->begin(), E = L->end(); I != E; ++I) 4142 St.push(*I); 4143 4144 // Skip if no valid profile is found. 4145 if (!hasValidProfile()) { 4146 L->EntryCount = COUNT_NO_PROFILE; 4147 L->ExitCount = COUNT_NO_PROFILE; 4148 L->TotalBackEdgeCount = COUNT_NO_PROFILE; 4149 continue; 4150 } 4151 4152 // Compute back edge count. 4153 SmallVector<BinaryBasicBlock *, 1> Latches; 4154 L->getLoopLatches(Latches); 4155 4156 for (BinaryBasicBlock *Latch : Latches) { 4157 auto BI = Latch->branch_info_begin(); 4158 for (BinaryBasicBlock *Succ : Latch->successors()) { 4159 if (Succ == L->getHeader()) { 4160 assert(BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE && 4161 "profile data not found"); 4162 L->TotalBackEdgeCount += BI->Count; 4163 } 4164 ++BI; 4165 } 4166 } 4167 4168 // Compute entry count. 4169 L->EntryCount = L->getHeader()->getExecutionCount() - L->TotalBackEdgeCount; 4170 4171 // Compute exit count. 4172 SmallVector<BinaryLoop::Edge, 1> ExitEdges; 4173 L->getExitEdges(ExitEdges); 4174 for (BinaryLoop::Edge &Exit : ExitEdges) { 4175 const BinaryBasicBlock *Exiting = Exit.first; 4176 const BinaryBasicBlock *ExitTarget = Exit.second; 4177 auto BI = Exiting->branch_info_begin(); 4178 for (BinaryBasicBlock *Succ : Exiting->successors()) { 4179 if (Succ == ExitTarget) { 4180 assert(BI->Count != BinaryBasicBlock::COUNT_NO_PROFILE && 4181 "profile data not found"); 4182 L->ExitCount += BI->Count; 4183 } 4184 ++BI; 4185 } 4186 } 4187 } 4188 } 4189 4190 void BinaryFunction::updateOutputValues(const BOLTLinker &Linker) { 4191 if (!isEmitted()) { 4192 assert(!isInjected() && "injected function should be emitted"); 4193 setOutputAddress(getAddress()); 4194 setOutputSize(getSize()); 4195 return; 4196 } 4197 4198 const auto SymbolInfo = Linker.lookupSymbolInfo(getSymbol()->getName()); 4199 assert(SymbolInfo && "Cannot find function entry symbol"); 4200 setOutputAddress(SymbolInfo->Address); 4201 setOutputSize(SymbolInfo->Size); 4202 4203 if (BC.HasRelocations || isInjected()) { 4204 if (hasConstantIsland()) { 4205 const auto DataAddress = 4206 Linker.lookupSymbol(getFunctionConstantIslandLabel()->getName()); 4207 assert(DataAddress && "Cannot find function CI symbol"); 4208 setOutputDataAddress(*DataAddress); 4209 for (auto It : Islands->Offsets) { 4210 const uint64_t OldOffset = It.first; 4211 BinaryData *BD = BC.getBinaryDataAtAddress(getAddress() + OldOffset); 4212 if (!BD) 4213 continue; 4214 4215 MCSymbol *Symbol = It.second; 4216 const auto NewAddress = Linker.lookupSymbol(Symbol->getName()); 4217 assert(NewAddress && "Cannot find CI symbol"); 4218 auto &Section = *getCodeSection(); 4219 const auto NewOffset = *NewAddress - Section.getOutputAddress(); 4220 BD->setOutputLocation(Section, NewOffset); 4221 } 4222 } 4223 if (isSplit()) { 4224 for (FunctionFragment &FF : getLayout().getSplitFragments()) { 4225 ErrorOr<BinarySection &> ColdSection = 4226 getCodeSection(FF.getFragmentNum()); 4227 // If fragment is empty, cold section might not exist 4228 if (FF.empty() && ColdSection.getError()) 4229 continue; 4230 4231 const MCSymbol *ColdStartSymbol = getSymbol(FF.getFragmentNum()); 4232 // If fragment is empty, symbol might have not been emitted 4233 if (FF.empty() && (!ColdStartSymbol || !ColdStartSymbol->isDefined()) && 4234 !hasConstantIsland()) 4235 continue; 4236 assert(ColdStartSymbol && ColdStartSymbol->isDefined() && 4237 "split function should have defined cold symbol"); 4238 const auto ColdStartSymbolInfo = 4239 Linker.lookupSymbolInfo(ColdStartSymbol->getName()); 4240 assert(ColdStartSymbolInfo && "Cannot find cold start symbol"); 4241 FF.setAddress(ColdStartSymbolInfo->Address); 4242 FF.setImageSize(ColdStartSymbolInfo->Size); 4243 if (hasConstantIsland()) { 4244 const auto DataAddress = Linker.lookupSymbol( 4245 getFunctionColdConstantIslandLabel()->getName()); 4246 assert(DataAddress && "Cannot find cold CI symbol"); 4247 setOutputColdDataAddress(*DataAddress); 4248 } 4249 } 4250 } 4251 } 4252 4253 // Update basic block output ranges for the debug info, if we have 4254 // secondary entry points in the symbol table to update or if writing BAT. 4255 if (!requiresAddressMap()) 4256 return; 4257 4258 // AArch64 may have functions that only contains a constant island (no code). 4259 if (getLayout().block_empty()) 4260 return; 4261 4262 for (FunctionFragment &FF : getLayout().fragments()) { 4263 if (FF.empty()) 4264 continue; 4265 4266 const uint64_t FragmentBaseAddress = 4267 getCodeSection(isSimple() ? FF.getFragmentNum() : FragmentNum::main()) 4268 ->getOutputAddress(); 4269 4270 BinaryBasicBlock *PrevBB = nullptr; 4271 for (BinaryBasicBlock *const BB : FF) { 4272 assert(BB->getLabel()->isDefined() && "symbol should be defined"); 4273 if (!BC.HasRelocations) { 4274 if (BB->isSplit()) 4275 assert(FragmentBaseAddress == FF.getAddress()); 4276 else 4277 assert(FragmentBaseAddress == getOutputAddress()); 4278 (void)FragmentBaseAddress; 4279 } 4280 4281 // Injected functions likely will fail lookup, as they have no 4282 // input range. Just assign the BB the output address of the 4283 // function. 4284 auto MaybeBBAddress = BC.getIOAddressMap().lookup(BB->getLabel()); 4285 const uint64_t BBAddress = MaybeBBAddress ? *MaybeBBAddress 4286 : BB->isSplit() ? FF.getAddress() 4287 : getOutputAddress(); 4288 BB->setOutputStartAddress(BBAddress); 4289 4290 if (PrevBB) { 4291 assert(PrevBB->getOutputAddressRange().first <= BBAddress && 4292 "Bad output address for basic block."); 4293 assert((PrevBB->getOutputAddressRange().first != BBAddress || 4294 !hasInstructions() || !PrevBB->getNumNonPseudos()) && 4295 "Bad output address for basic block."); 4296 PrevBB->setOutputEndAddress(BBAddress); 4297 } 4298 PrevBB = BB; 4299 } 4300 4301 PrevBB->setOutputEndAddress(PrevBB->isSplit() 4302 ? FF.getAddress() + FF.getImageSize() 4303 : getOutputAddress() + getOutputSize()); 4304 } 4305 4306 // Reset output addresses for deleted blocks. 4307 for (BinaryBasicBlock *BB : DeletedBasicBlocks) { 4308 BB->setOutputStartAddress(0); 4309 BB->setOutputEndAddress(0); 4310 } 4311 } 4312 4313 DebugAddressRangesVector BinaryFunction::getOutputAddressRanges() const { 4314 DebugAddressRangesVector OutputRanges; 4315 4316 if (isFolded()) 4317 return OutputRanges; 4318 4319 if (IsFragment) 4320 return OutputRanges; 4321 4322 OutputRanges.emplace_back(getOutputAddress(), 4323 getOutputAddress() + getOutputSize()); 4324 if (isSplit()) { 4325 assert(isEmitted() && "split function should be emitted"); 4326 for (const FunctionFragment &FF : getLayout().getSplitFragments()) 4327 OutputRanges.emplace_back(FF.getAddress(), 4328 FF.getAddress() + FF.getImageSize()); 4329 } 4330 4331 if (isSimple()) 4332 return OutputRanges; 4333 4334 for (BinaryFunction *Frag : Fragments) { 4335 assert(!Frag->isSimple() && 4336 "fragment of non-simple function should also be non-simple"); 4337 OutputRanges.emplace_back(Frag->getOutputAddress(), 4338 Frag->getOutputAddress() + Frag->getOutputSize()); 4339 } 4340 4341 return OutputRanges; 4342 } 4343 4344 uint64_t BinaryFunction::translateInputToOutputAddress(uint64_t Address) const { 4345 if (isFolded()) 4346 return 0; 4347 4348 // If the function hasn't changed return the same address. 4349 if (!isEmitted()) 4350 return Address; 4351 4352 if (Address < getAddress()) 4353 return 0; 4354 4355 // Check if the address is associated with an instruction that is tracked 4356 // by address translation. 4357 if (auto OutputAddress = BC.getIOAddressMap().lookup(Address)) 4358 return *OutputAddress; 4359 4360 // FIXME: #18950828 - we rely on relative offsets inside basic blocks to stay 4361 // intact. Instead we can use pseudo instructions and/or annotations. 4362 const uint64_t Offset = Address - getAddress(); 4363 const BinaryBasicBlock *BB = getBasicBlockContainingOffset(Offset); 4364 if (!BB) { 4365 // Special case for address immediately past the end of the function. 4366 if (Offset == getSize()) 4367 return getOutputAddress() + getOutputSize(); 4368 4369 return 0; 4370 } 4371 4372 return std::min(BB->getOutputAddressRange().first + Offset - BB->getOffset(), 4373 BB->getOutputAddressRange().second); 4374 } 4375 4376 DebugAddressRangesVector 4377 BinaryFunction::translateInputToOutputRange(DebugAddressRange InRange) const { 4378 DebugAddressRangesVector OutRanges; 4379 4380 // The function was removed from the output. Return an empty range. 4381 if (isFolded()) 4382 return OutRanges; 4383 4384 // If the function hasn't changed return the same range. 4385 if (!isEmitted()) { 4386 OutRanges.emplace_back(InRange); 4387 return OutRanges; 4388 } 4389 4390 if (!containsAddress(InRange.LowPC)) 4391 return OutRanges; 4392 4393 // Special case of an empty range [X, X). Some tools expect X to be updated. 4394 if (InRange.LowPC == InRange.HighPC) { 4395 if (uint64_t NewPC = translateInputToOutputAddress(InRange.LowPC)) 4396 OutRanges.push_back(DebugAddressRange{NewPC, NewPC}); 4397 return OutRanges; 4398 } 4399 4400 uint64_t InputOffset = InRange.LowPC - getAddress(); 4401 const uint64_t InputEndOffset = 4402 std::min(InRange.HighPC - getAddress(), getSize()); 4403 4404 auto BBI = llvm::upper_bound(BasicBlockOffsets, 4405 BasicBlockOffset(InputOffset, nullptr), 4406 CompareBasicBlockOffsets()); 4407 assert(BBI != BasicBlockOffsets.begin()); 4408 4409 // Iterate over blocks in the input order using BasicBlockOffsets. 4410 for (--BBI; InputOffset < InputEndOffset && BBI != BasicBlockOffsets.end(); 4411 InputOffset = BBI->second->getEndOffset(), ++BBI) { 4412 const BinaryBasicBlock &BB = *BBI->second; 4413 if (InputOffset < BB.getOffset() || InputOffset >= BB.getEndOffset()) { 4414 LLVM_DEBUG( 4415 dbgs() << "BOLT-DEBUG: invalid debug address range detected for " 4416 << *this << " : [0x" << Twine::utohexstr(InRange.LowPC) 4417 << ", 0x" << Twine::utohexstr(InRange.HighPC) << "]\n"); 4418 break; 4419 } 4420 4421 // Skip the block if it wasn't emitted. 4422 if (!BB.getOutputAddressRange().first) 4423 continue; 4424 4425 // Find output address for an instruction with an offset greater or equal 4426 // to /p Offset. The output address should fall within the same basic 4427 // block boundaries. 4428 auto translateBlockOffset = [&](const uint64_t Offset) { 4429 const uint64_t OutAddress = BB.getOutputAddressRange().first + Offset; 4430 return std::min(OutAddress, BB.getOutputAddressRange().second); 4431 }; 4432 4433 uint64_t OutLowPC = BB.getOutputAddressRange().first; 4434 if (InputOffset > BB.getOffset()) 4435 OutLowPC = translateBlockOffset(InputOffset - BB.getOffset()); 4436 4437 uint64_t OutHighPC = BB.getOutputAddressRange().second; 4438 if (InputEndOffset < BB.getEndOffset()) { 4439 assert(InputEndOffset >= BB.getOffset()); 4440 OutHighPC = translateBlockOffset(InputEndOffset - BB.getOffset()); 4441 } 4442 4443 // Check if we can expand the last translated range. 4444 if (!OutRanges.empty() && OutRanges.back().HighPC == OutLowPC) 4445 OutRanges.back().HighPC = std::max(OutRanges.back().HighPC, OutHighPC); 4446 else 4447 OutRanges.emplace_back(OutLowPC, std::max(OutLowPC, OutHighPC)); 4448 } 4449 4450 LLVM_DEBUG({ 4451 dbgs() << "BOLT-DEBUG: translated address range " << InRange << " -> "; 4452 for (const DebugAddressRange &R : OutRanges) 4453 dbgs() << R << ' '; 4454 dbgs() << '\n'; 4455 }); 4456 4457 return OutRanges; 4458 } 4459 4460 MCInst *BinaryFunction::getInstructionAtOffset(uint64_t Offset) { 4461 if (CurrentState == State::Disassembled) { 4462 auto II = Instructions.find(Offset); 4463 return (II == Instructions.end()) ? nullptr : &II->second; 4464 } else if (CurrentState == State::CFG) { 4465 BinaryBasicBlock *BB = getBasicBlockContainingOffset(Offset); 4466 if (!BB) 4467 return nullptr; 4468 4469 for (MCInst &Inst : *BB) { 4470 constexpr uint32_t InvalidOffset = std::numeric_limits<uint32_t>::max(); 4471 if (Offset == BC.MIB->getOffsetWithDefault(Inst, InvalidOffset)) 4472 return &Inst; 4473 } 4474 4475 if (MCInst *LastInstr = BB->getLastNonPseudoInstr()) { 4476 if (std::optional<uint32_t> Size = BC.MIB->getSize(*LastInstr)) { 4477 if (BB->getEndOffset() - Offset == Size) { 4478 return LastInstr; 4479 } 4480 } 4481 } 4482 4483 return nullptr; 4484 } else { 4485 llvm_unreachable("invalid CFG state to use getInstructionAtOffset()"); 4486 } 4487 } 4488 4489 MCInst *BinaryFunction::getInstructionContainingOffset(uint64_t Offset) { 4490 assert(CurrentState == State::Disassembled && "Wrong function state"); 4491 4492 if (Offset > Size) 4493 return nullptr; 4494 4495 auto II = Instructions.upper_bound(Offset); 4496 assert(II != Instructions.begin() && "First instruction not at offset 0"); 4497 --II; 4498 return &II->second; 4499 } 4500 4501 void BinaryFunction::printLoopInfo(raw_ostream &OS) const { 4502 if (!opts::shouldPrint(*this)) 4503 return; 4504 4505 OS << "Loop Info for Function \"" << *this << "\""; 4506 if (hasValidProfile()) 4507 OS << " (count: " << getExecutionCount() << ")"; 4508 OS << "\n"; 4509 4510 std::stack<BinaryLoop *> St; 4511 for (BinaryLoop *L : *BLI) 4512 St.push(L); 4513 while (!St.empty()) { 4514 BinaryLoop *L = St.top(); 4515 St.pop(); 4516 4517 for (BinaryLoop *Inner : *L) 4518 St.push(Inner); 4519 4520 if (!hasValidProfile()) 4521 continue; 4522 4523 OS << (L->getLoopDepth() > 1 ? "Nested" : "Outer") 4524 << " loop header: " << L->getHeader()->getName(); 4525 OS << "\n"; 4526 OS << "Loop basic blocks: "; 4527 ListSeparator LS; 4528 for (BinaryBasicBlock *BB : L->blocks()) 4529 OS << LS << BB->getName(); 4530 OS << "\n"; 4531 if (hasValidProfile()) { 4532 OS << "Total back edge count: " << L->TotalBackEdgeCount << "\n"; 4533 OS << "Loop entry count: " << L->EntryCount << "\n"; 4534 OS << "Loop exit count: " << L->ExitCount << "\n"; 4535 if (L->EntryCount > 0) { 4536 OS << "Average iters per entry: " 4537 << format("%.4lf", (double)L->TotalBackEdgeCount / L->EntryCount) 4538 << "\n"; 4539 } 4540 } 4541 OS << "----\n"; 4542 } 4543 4544 OS << "Total number of loops: " << BLI->TotalLoops << "\n"; 4545 OS << "Number of outer loops: " << BLI->OuterLoops << "\n"; 4546 OS << "Maximum nested loop depth: " << BLI->MaximumDepth << "\n\n"; 4547 } 4548 4549 bool BinaryFunction::isAArch64Veneer() const { 4550 if (empty() || hasIslandsInfo()) 4551 return false; 4552 4553 BinaryBasicBlock &BB = **BasicBlocks.begin(); 4554 for (MCInst &Inst : BB) 4555 if (!BC.MIB->hasAnnotation(Inst, "AArch64Veneer")) 4556 return false; 4557 4558 for (auto I = BasicBlocks.begin() + 1, E = BasicBlocks.end(); I != E; ++I) { 4559 for (MCInst &Inst : **I) 4560 if (!BC.MIB->isNoop(Inst)) 4561 return false; 4562 } 4563 4564 return true; 4565 } 4566 4567 void BinaryFunction::addRelocation(uint64_t Address, MCSymbol *Symbol, 4568 uint64_t RelType, uint64_t Addend, 4569 uint64_t Value) { 4570 assert(Address >= getAddress() && Address < getAddress() + getMaxSize() && 4571 "address is outside of the function"); 4572 uint64_t Offset = Address - getAddress(); 4573 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: addRelocation in " 4574 << formatv("{0}@{1:x} against {2}\n", *this, Offset, 4575 (Symbol ? Symbol->getName() : "<undef>"))); 4576 bool IsCI = BC.isAArch64() && isInConstantIsland(Address); 4577 std::map<uint64_t, Relocation> &Rels = 4578 IsCI ? Islands->Relocations : Relocations; 4579 if (BC.MIB->shouldRecordCodeRelocation(RelType)) 4580 Rels[Offset] = Relocation{Offset, Symbol, RelType, Addend, Value}; 4581 } 4582 4583 } // namespace bolt 4584 } // namespace llvm 4585