bolt/test/runtime/X86/interp-overwrite-bug.s

   1 # This reproduces a bug with BOLT non-reloc mode, during emission, if the user
   2 # does not use -update-debug-sections. In this bug, if a function gets too large
   3 # to occupy its original location, but it has a jump table, BOLT would skip
   4 # rewriting the function but it would still overwrite the jump table in a bogus
   5 # file offset (offset zero). This will typically corrupt the .interp section,
   6 # which is the first section in the binary, depending on the size of the jump
   7 # table that was written. If .interp is corrupted, the binary won't run.
   8
   9 # REQUIRES: system-linux
  10
  11 # RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
  12 # RUN: llvm-strip --strip-unneeded %t.o
  13 # RUN: %clang %cflags -no-pie -nostartfiles -nostdlib -lc %t.o -o %t.exe
  14
  15 # RUN: llvm-bolt %t.exe -o %t.exe.bolt --relocs=0 --lite=0 \
  16 # RUN:   --reorder-blocks=reverse
  17
  18 # RUN: %t.exe.bolt 1 2 3
  19
  20   .file "test.S"
  21   .text
  22   .globl _start
  23   .type _start, @function
  24 _start:
  25   .cfi_startproc
  26   xor    %rax,%rax
  27   movq   (%rsp), %rdi
  28   and    $0x3,%rdi
  29   jmpq   *.JT1(,%rdi,8)
  30 .LBB1:
  31   movl   $0x1,%eax
  32   jmp    .LBB5
  33 .LBB2:
  34   movl   $0x2,%eax
  35   jmp    .LBB5
  36 .LBB3:
  37   movl   $0x3,%eax
  38   jmp    .LBB5
  39 .LBB4:
  40   movl   $0x4,%eax
  41 .LBB5:
  42   callq exit@PLT
  43   .cfi_endproc
  44   .size _start, .-_start
  45
  46 # Make the jump table large enough to force the bug to manifest as .interp
  47 # being corrupt. Typically .interp will be at offset 0x1c8, so the jump table
  48 # needs to be larger than that.
  49   .section .rodata,"a",@progbits
  50   .p2align 3
  51 .JT1:
  52   .quad .LBB1
  53   .quad .LBB2
  54   .quad .LBB3
  55   .quad .LBB4
  56   .quad .LBB5
  57   .quad .LBB5
  58   .rept 100
  59   .quad .LBB1
  60   .endr