16b4eb0b9SAmir Ayupov# This reproduces a bug with BOLT non-reloc mode, during emission, if the user 26b4eb0b9SAmir Ayupov# does not use -update-debug-sections. In this bug, if a function gets too large 36b4eb0b9SAmir Ayupov# to occupy its original location, but it has a jump table, BOLT would skip 46b4eb0b9SAmir Ayupov# rewriting the function but it would still overwrite the jump table in a bogus 56b4eb0b9SAmir Ayupov# file offset (offset zero). This will typically corrupt the .interp section, 66b4eb0b9SAmir Ayupov# which is the first section in the binary, depending on the size of the jump 76b4eb0b9SAmir Ayupov# table that was written. If .interp is corrupted, the binary won't run. 86b4eb0b9SAmir Ayupov 96b4eb0b9SAmir Ayupov# REQUIRES: system-linux 106b4eb0b9SAmir Ayupov 116b4eb0b9SAmir Ayupov# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o 126b4eb0b9SAmir Ayupov# RUN: llvm-strip --strip-unneeded %t.o 13487570fbSAmir Ayupov# RUN: %clang %cflags -no-pie -nostartfiles -nostdlib -lc %t.o -o %t.exe 146b4eb0b9SAmir Ayupov 15*d648aa1bSMaksim Panchenko# RUN: llvm-bolt %t.exe -o %t.exe.bolt --relocs=0 --lite=0 \ 16*d648aa1bSMaksim Panchenko# RUN: --reorder-blocks=reverse 176b4eb0b9SAmir Ayupov 186b4eb0b9SAmir Ayupov# RUN: %t.exe.bolt 1 2 3 196b4eb0b9SAmir Ayupov 206b4eb0b9SAmir Ayupov .file "test.S" 216b4eb0b9SAmir Ayupov .text 226b4eb0b9SAmir Ayupov .globl _start 236b4eb0b9SAmir Ayupov .type _start, @function 246b4eb0b9SAmir Ayupov_start: 256b4eb0b9SAmir Ayupov .cfi_startproc 266b4eb0b9SAmir Ayupov xor %rax,%rax 276b4eb0b9SAmir Ayupov movq (%rsp), %rdi 286b4eb0b9SAmir Ayupov and $0x3,%rdi 296b4eb0b9SAmir Ayupov jmpq *.JT1(,%rdi,8) 306b4eb0b9SAmir Ayupov.LBB1: 316b4eb0b9SAmir Ayupov movl $0x1,%eax 326b4eb0b9SAmir Ayupov jmp .LBB5 336b4eb0b9SAmir Ayupov.LBB2: 346b4eb0b9SAmir Ayupov movl $0x2,%eax 356b4eb0b9SAmir Ayupov jmp .LBB5 366b4eb0b9SAmir Ayupov.LBB3: 376b4eb0b9SAmir Ayupov movl $0x3,%eax 386b4eb0b9SAmir Ayupov jmp .LBB5 396b4eb0b9SAmir Ayupov.LBB4: 406b4eb0b9SAmir Ayupov movl $0x4,%eax 416b4eb0b9SAmir Ayupov.LBB5: 426b4eb0b9SAmir Ayupov callq exit@PLT 436b4eb0b9SAmir Ayupov .cfi_endproc 446b4eb0b9SAmir Ayupov .size _start, .-_start 456b4eb0b9SAmir Ayupov 466b4eb0b9SAmir Ayupov# Make the jump table large enough to force the bug to manifest as .interp 476b4eb0b9SAmir Ayupov# being corrupt. Typically .interp will be at offset 0x1c8, so the jump table 486b4eb0b9SAmir Ayupov# needs to be larger than that. 496b4eb0b9SAmir Ayupov .section .rodata,"a",@progbits 506b4eb0b9SAmir Ayupov .p2align 3 516b4eb0b9SAmir Ayupov.JT1: 526b4eb0b9SAmir Ayupov .quad .LBB1 536b4eb0b9SAmir Ayupov .quad .LBB2 546b4eb0b9SAmir Ayupov .quad .LBB3 556b4eb0b9SAmir Ayupov .quad .LBB4 566b4eb0b9SAmir Ayupov .quad .LBB5 576b4eb0b9SAmir Ayupov .quad .LBB5 586b4eb0b9SAmir Ayupov .rept 100 596b4eb0b9SAmir Ayupov .quad .LBB1 606b4eb0b9SAmir Ayupov .endr 61