[RuntimeDyld][ELF][AArch64] Fix resolveAArch64ShortBranch.

[al45tair]

We don't know the load addresses when this function is called, so it shouldn't be trying to use them to determine whether or not the branch is short. Notably, this will fail in the case where the code is being loaded into a target in such a way that the section offsets differ between the process generating the code and the target process.

rdar://127673408

[adrian-prantl]

I know this is causing some existing tests to fail, but is there any way to test this separately?

[al45tair]

I know this is causing some existing tests to fail, but is there any way to test this separately?

I guess in principle we might be able to add something to the ExecutionEngine tests. I should really have thought of that, but I've been rather focused on fixing the problem quickly to un-break the Swift build :-)

[al45tair]

I've added a test that doing a cross-section branch on AArch64 doesn't result in a direct reference but instead goes via a stub.

[al45tair]

@adrian-prantl This all passed, but I don't have merge rights in the LLVM repo (I'm assuming you do :-)).

[vvereschaka]

@adrian-prantl would you merge this PR?

[DavidSpickett]

Well the good news is we have some unexpected passes now! https://lab.llvm.org/buildbot/#/builders/96/builds/58232

I'll update the xfails.

[al45tair]

Well the good news is we have some unexpected passes now! https://lab.llvm.org/buildbot/#/builders/96/builds/58232

I'll update the xfails.

Thank-you. I think you're right that this will fix FreeBSD also; the problem here was architecture and object format but not OS specific, so it would have been broken for any AArch64 ELF platform and should now be fixed for the same.

[mgorny]

The added LLVM test is failing for me when performing 32-bit x86 build. Presumably it fails on all 32-bit systems:

FAIL: LLVM :: ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s (28964 of 52814)
******************** TEST 'LLVM :: ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s' FAILED ********************
Exit Code: 134

Command Output (stderr):
--
RUN: at line 1: /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-mc -triple=arm64-none-linux-gnu -filetype=obj -o /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s
+ /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-mc -triple=arm64-none-linux-gnu -filetype=obj -o /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s
RUN: at line 2: /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-rtdyld -triple=arm64-none-linux-gnu -verify -check=/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp
+ /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-rtdyld -triple=arm64-none-linux-gnu -verify -check=/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp
llvm-rtdyld: /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:497: void llvm::RuntimeDyldELF::resolveAArch64Relocation(const llvm::SectionEntry&, uint64_t, uint64_t, uint32_t, int64_t): Assertion `isInt<28>(BranchImm)' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-rtdyld -triple=arm64-none-linux-gnu -verify -check=/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp
 #0 0xffffffffee4b67ee llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f+0xd517ee)
 #1 0xffffffffee4b6cef PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #2 0xffffffffee4b3995 llvm::sys::RunSignalHandlers() (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f+0xd4e995)
 #3 0xffffffffee4b3b23 SignalHandler(int) Signals.cpp:0:0
 #4 0xfffffffff7fb3590 (linux-gate.so.1+0x590)
 #5 0xfffffffff7fb3579 (linux-gate.so.1+0x579)
 #6 0xffffffffed302347 (/usr/lib/libc.so.6+0x93347)
 #7 0xffffffffed2a72f1 raise (/usr/lib/libc.so.6+0x382f1)
 #8 0xffffffffed28e2b8 abort (/usr/lib/libc.so.6+0x1f2b8)
 #9 0xffffffffed28e1be (/usr/lib/libc.so.6+0x1f1be)
#10 0xffffffffed29f32b (/usr/lib/libc.so.6+0x3032b)
#11 0xfffffffff144c1e4 .L1696 RuntimeDyldELF.cpp:0:0
#12 0xfffffffff14510ff llvm::RuntimeDyldELF::resolveAArch64Branch(unsigned int, llvm::RelocationValueRef const&, llvm::object::content_iterator<llvm::object::RelocationRef>, std::map<llvm::RelocationValueRef, unsigned int, std::less<llvm::RelocationValueRef>, std::allocator<std::pair<llvm::RelocationValueRef const, unsigned int>>>&) (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f+0x3cec0ff)
#13 0xfffffffff1451b7c .L3815 RuntimeDyldELF.cpp:0:0
#14 0xfffffffff142e678 llvm::RuntimeDyldImpl::loadObjectImpl(llvm::object::ObjectFile const&) (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f+0x3cc9678)
#15 0xfffffffff1450076 llvm::RuntimeDyldELF::loadObject(llvm::object::ObjectFile const&) (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f+0x3ceb076)
#16 0xfffffffff1425906 llvm::RuntimeDyld::loadObject(llvm::object::ObjectFile const&) (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f+0x3cc0906)
#17 0x565910c7 linkAndVerify() (.isra.0) llvm-rtdyld.cpp:0:0
#18 0x565807ba .L4257 llvm-rtdyld.cpp:0:0
#19 0xffffffffed28fe23 (/usr/lib/libc.so.6+0x20e23)
#20 0xffffffffed28fee8 __libc_start_main (/usr/lib/libc.so.6+0x20ee8)
#21 0x565821d7 _start (/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-rtdyld+0xa1d7)
/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.script: line 2: 154586 Aborted                 (core dumped) /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/bin/llvm-rtdyld -triple=arm64-none-linux-gnu -verify -check=/var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s /var/tmp/portage/sys-devel/llvm-19.0.0_pre20240601/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp

--

********************

[al45tair]

@mgorny Could you get a symbolicated backtrace for the test failure? Or run the offending test under gdb/lldb and get a backtrace that way? (I don't have a 32-bit machine handy to test this; I could set something up, but it'll take a while, and if you've got a system set up already and we can work out why it's failing for you, that would be easier.)

[mgorny]

Sure, I'll try to get something later today. That said, I don't really have a 32-bit system — just a regular amd64 multilib. Hopefully ccache's still warm.

[mgorny]

(gdb) run
Starting program: /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/llvm-rtdyld -triple=arm64-none-linux-gnu -verify -check=/var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/test/ExecutionEngine/RuntimeDyld/AArch64/ELF_ARM64_xsec_branch.s /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/test/ExecutionEngine/RuntimeDyld/AArch64/Output/ELF_ARM64_xsec_branch.s.tmp
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
llvm-rtdyld: /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:497: void llvm::RuntimeDyldELF::resolveAArch64Relocation(const llvm::SectionEntry&, uint64_t, uint64_t, uint32_t, int64_t): Assertion `isInt<28>(BranchImm)' failed.

Program received signal SIGABRT, Aborted.
0xf7fc6579 in __kernel_vsyscall ()
(gdb) bt
#0  0xf7fc6579 in __kernel_vsyscall ()
#1  0xf1577347 in ?? () from /usr/lib/libc.so.6
#2  0xf151c2f1 in raise () from /usr/lib/libc.so.6
#3  0xf15032b8 in abort () from /usr/lib/libc.so.6
#4  0xf15031be in ?? () from /usr/lib/libc.so.6
#5  0xf151432b in __assert_fail () from /usr/lib/libc.so.6
#6  0xf478a70e in llvm::RuntimeDyldELF::resolveAArch64Relocation(llvm::SectionEntry const&, unsigned long long, unsigned long long, unsigned int, long long) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#7  0xf478ab1d in llvm::RuntimeDyldELF::resolveRelocation(llvm::SectionEntry const&, unsigned long long, unsigned long long, unsigned int, long long, unsigned long long, unsigned int) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#8  0xf478b427 in llvm::RuntimeDyldELF::resolveAArch64Branch(unsigned int, llvm::RelocationValueRef const&, llvm::object::content_iterator<llvm::object::RelocationRef>, std::map<llvm::RelocationValueRef, unsigned int, std::less<llvm::RelocationValueRef>, std::allocator<std::pair<llvm::RelocationValueRef const, unsigned int> > >&) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#9  0xf478e83d in llvm::RuntimeDyldELF::processRelocationRef(unsigned int, llvm::object::content_iterator<llvm::object::RelocationRef>, llvm::object::ObjectFile const&, std::map<llvm::object::SectionRef, unsigned int, std::less<llvm::object::SectionRef>, std::allocator<std::pair<llvm::object::SectionRef const, unsigned int> > >&, std::map<llvm::RelocationValueRef, unsigned int, std::less<llvm::RelocationValueRef>, std::allocator<std::pair<llvm::RelocationValueRef const, unsigned int> > >&) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#10 0xf4775a4a in llvm::RuntimeDyldImpl::loadObjectImpl(llvm::object::ObjectFile const&) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#11 0xf478c175 in llvm::RuntimeDyldELF::loadObject(llvm::object::ObjectFile const&) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#12 0xf476bd55 in llvm::RuntimeDyld::loadObject(llvm::object::ObjectFile const&) ()
   from /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm_build-abi_x86_32.x86/bin/../lib/libLLVM.so.19.0git1af0778f
#13 0x5656b776 in linkAndVerify() ()
#14 0x5656ebb3 in main ()

[mgorny]

Ping. Do you need anything else from me? This is blocking testing for us.

[al45tair]

Ping. Do you need anything else from me? This is blocking testing for us.

It looks like the LLVM you were using didn't have line numbers, which is what I was hoping we'd get here (addresses aren't meaningful because of ASLR, and I think the assertion in question has been inlined from somewhere into resolveAArch64Relocation).

Mostly what I need is to find the time to look at it. I suspect once we know what the assertion failure was, it'll be obvious what the problem is.

[mgorny]

Ah, sorry, I guess I forgot to add -g. Lemme get a fresh backtrace.

[mgorny]

(gdb) bt
#0  0xf7fc6579 in __kernel_vsyscall ()
#1  0xf1577347 in ?? () from /usr/lib/libc.so.6
#2  0xf151c2f1 in raise () from /usr/lib/libc.so.6
#3  0xf15032b8 in abort () from /usr/lib/libc.so.6
#4  0xf15031be in ?? () from /usr/lib/libc.so.6
#5  0xf151432b in __assert_fail () from /usr/lib/libc.so.6
#6  0xf478a70e in llvm::RuntimeDyldELF::resolveAArch64Relocation (this=0x565c73a0, Section=..., Offset=0, Value=18446744073468444676, 
    Type=282, Addend=0)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:497
#7  0xf478ab1d in llvm::RuntimeDyldELF::resolveRelocation (this=0x565c73a0, Section=..., Offset=0, Value=18446744073468444676, 
    Type=282, Addend=0, SymOffset=0, SectionID=0)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:1056
#8  0xf478b427 in llvm::RuntimeDyldELF::resolveAArch64Branch (this=0x565c73a0, SectionID=1, Value=..., RelI=..., 
    Stubs=std::map with 1 element = {...})
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:1219
#9  0xf478e83d in llvm::RuntimeDyldELF::processRelocationRef (this=<optimized out>, SectionID=<optimized out>, RelI=..., O=..., 
    ObjSectionToID=..., Stubs=...)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:1327
#10 0xf4775a4a in llvm::RuntimeDyldImpl::loadObjectImpl (this=<optimized out>, Obj=...)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyld.cpp:393
#11 0xf478c175 in llvm::RuntimeDyldELF::loadObject (this=0x565c73a0, O=...)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:250
#12 0xf476bd55 in llvm::RuntimeDyld::loadObject (this=0xffffbbd8, Obj=...)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyld.cpp:1369
#13 0x5656b776 in linkAndVerify () at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/tools/llvm-rtdyld/llvm-rtdyld.cpp:995
#14 0x5656ebb3 in main (argc=<optimized out>, argv=<optimized out>)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/tools/llvm-rtdyld/llvm-rtdyld.cpp:1053

These numbers are as of 1af0778.

#6  0xf478a70e in llvm::RuntimeDyldELF::resolveAArch64Relocation (this=0x565c73a0, Section=..., Offset=0, Value=18446744073468444676, 
    Type=282, Addend=0)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:497
497         assert(isInt<28>(BranchImm));
(gdb) p BranchImm
$1 = <optimized out>
(gdb) l
492         // Operation: S+A-P. Set Call or B immediate value to bits fff_fffc of the
493         // calculation.
494         uint64_t BranchImm = Value + Addend - FinalAddress;
495
496         // "Check that -2^27 <= result < 2^27".
497         assert(isInt<28>(BranchImm));
498         or32le(TargetPtr, (BranchImm & 0x0FFFFFFC) >> 2);
499         break;
500       }
501       case ELF::R_AARCH64_MOVW_UABS_G3:
(gdb) p Value
$2 = 18446744073468444676
(gdb) p Addend
$3 = 0
(gdb) p FinalAddress
$4 = 4053860352
(gdb) up
#7  0xf478ab1d in llvm::RuntimeDyldELF::resolveRelocation (this=0x565c73a0, Section=..., Offset=0, Value=18446744073468444676, 
    Type=282, Addend=0, SymOffset=0, SectionID=0)
    at /var/tmp/portage/sys-devel/llvm-19.0.0.9999/work/llvm/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp:1056
1056        resolveAArch64Relocation(Section, Offset, Value, Type, Addend);
(gdb) p Section
$5 = (const llvm::SectionEntry &) @0x565c88a4: {Name = ".text.main", Address = 0xf1a10000 "", Size = 4, LoadAddress = 4053860352, 
  StubOffset = 4, AllocationSize = 24, ObjAddress = 1448898324}
(gdb) p Offset
$6 = 0
(gdb) p Value
$7 = 18446744073468444676
(gdb) p Type
$8 = 282
(gdb) p Addend
$9 = 0

[al45tair]

That's extremely suspicious. Value should point at the stub here, but it's 0xfffffffff1a10004 rather than 0xf1a10004. i.e. it's been sign-extended.

[al45tair]

I don't see how that could happen. There are two calls to resolveRelocation() in resolveAArch64Branch(). Both of them set Value to Section.getAddressWithOffset(Section.getStubOffset()), and we can see that Section.Address is 0xf1a10000 while Section.StubOffset is 4, so

  /// Return the address of this section with an offset.
  uint8_t *getAddressWithOffset(unsigned OffsetBytes) const {
    assert(OffsetBytes <= AllocationSize && "Offset out of bounds!");
    return Address + OffsetBytes;
  }

will return 0xf1a10004, as expected, as a 32-bit uint8_t pointer.

Any chance you could set a breakpoint on resolveAArch64Branch and step until you get to the resolveRelocation call itself, then print Section.getAddressWithOffset(Section.getStubOffset()) and see what you get?

[al45tair]

Oh, hang on a minute… I'm looking at an older copy of the LLVM repository. Let me update and take another look.

[al45tair]

No, updating didn't change anything that would affect this.

[al45tair]

OK, I've reproduce the sign extension problem. Just trying to work out why it's happening. (It's an existing bug, nothing to do with the code I added…)

[mgorny]

Thanks. I've tried to step to get the value you've asked for but apparently it got optimized out. Do you need me to try with -O0 or will you handle it from here?

[al45tair]

No, it's OK, I know what the problem is now. It's a bug, and it's all over the file. It'll affect building code for 64-bit targets from 32-bit hosts in various combinations :-(

(The fundamental issue is that addresses are often regarded as signed… so before extending to 64-bit, you need to cast them to an unsigned type first. Otherwise you get sign extension, but only if the address is 32-bit to start with.)

[al45tair]

I've filed #94478 with an explanation of the problem. Since my test exposes it, I guess I'll raise a PR to fix it too.