1 ## Check cases when the first PIC jump table entries of one function can be
2 ## interpreted as valid last entries of the previous function.
4 ## Conditions to trigger the bug: Function A and B have jump tables that
5 ## are adjacent in memory. We run in lite relocation mode. Function B
6 ## is not disassembled because it does not have profile. Function A
7 ## triggers a special conditional that forced BOLT to rewrite its jump
8 ## table in-place (instead of moving it) because it is marked as
9 ## non-simple (in this case, containing unknown control flow). The
10 ## first entry of B's jump table (a PIC offset) happens to be a valid
11 ## address inside A when added to A's jump table base address. In this
12 ## case, BOLT could overwrite B's jump table, corrupting it, thinking
13 ## the first entry of it is actually part of A's jump table.
15 # REQUIRES: system-linux
17 # RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown \
19 # RUN: link_fdata %s %t.o %t.fdata
20 # RUN: llvm-strip --strip-unneeded %t.o
21 # RUN: ld.lld %t.o -o %t.exe -q -T %S/Inputs/jt-pic-linkerscript.ld
22 # RUN: llvm-bolt %t.exe -relocs -o %t.out -data %t.fdata \
24 # RUN: llvm-readelf -S %t.out | FileCheck --check-prefix=CHECK %s
25 # The output binary is runnable, but we check for test success with
26 # readelf. This is another way to check this bug:
29 ## BOLT needs to create a new rodata section, indicating that it
30 ## successfully moved the jump table in _start.
31 # CHECK: [{{.*}}] .bolt.org.rodata
34 .type _start, %function
37 # FDATA: 0 [unknown] 0 1 _start 0 0 1
44 ## Unreachable code, here to mark this function as non-simple
45 ## (containing unknown control flow) with a stray indirect jmp
49 leaq
.LJT1(%rip), %rcx
50 movslq
(%rcx
, %rdi
, 4), %rax
78 .size _start, .-_start
81 .type func_b, %function
89 leaq
.LJT2(%rip), %rcx
90 movslq
(%rcx
, %rdi
, 4), %rax
111 .size func_b, .-func_b
114 str1
: .asciz "Message 1\n"
115 str2
: .asciz "Message 2\n"
116 str3
: .asciz "Message 3\n"
117 str4
: .asciz "Highrange\n"
118 ## Special case where the first .LJT2 entry is a valid offset of
119 ## _start when interpreted with .LJT1 as a base address.