Revert "[BOLT] Ignore functions accessing false positive jump tables"

This diff uncovers an ASAN leak in getOrCreateJumpTable: ``` Indirect leak of 264 byte(s) in 1 object(s) allocated from: #1 0x4f6e48c in llvm::bolt::BinaryContext::getOrCreateJumpTable ... ``` The removal of an assertion needs to be accompanied by proper deallocation of a `JumpTable` object for which `analyzeJumpTable` was unsuccessful. This reverts commit 52cd00c.
tstellar · Jul 30, 2022 · 468d4f6 · 468d4f6
1 parent 12b2990
commit 468d4f6
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 71 deletions.
diff --git a/bolt/lib/Core/BinaryContext.cpp b/bolt/lib/Core/BinaryContext.cpp
@@ -622,10 +622,6 @@ bool BinaryContext::analyzeJumpTable(
 void BinaryContext::populateJumpTables() {
   LLVM_DEBUG(dbgs() << "DataPCRelocations: " << DataPCRelocations.size()
                     << '\n');
-
-  // Collect jump tables that pass the analyzeJumpTable's first check,
-  // but fail the analyzeJumpTable's second check
-  SmallVector<JumpTable *, 1> AbortedJTs;
   for (auto JTI = JumpTables.begin(), JTE = JumpTables.end(); JTI != JTE;
        ++JTI) {
     JumpTable *JT = JTI->second;
@@ -644,13 +640,6 @@ void BinaryContext::populateJumpTables() {
     const bool Success =
         analyzeJumpTable(JT->getAddress(), JT->Type, *(JT->Parents[0]),
                          NextJTAddress, &JT->EntriesAsAddress);
-    // !Success means a false positive from earlier analysis run due to
-    // different context. A possible culprit is instruction bounds check.
-    // Previous run happens during disassembly. If the target function
-    // is not disassembled, the check will be skipped, leading to a false
-    // positive
-    //
-    // Solution: Ignore fragments accessing JT that fails the check
     if (!Success) {
       LLVM_DEBUG(ListSeparator LS;
                  dbgs() << "failed to analyze jump table in function ";
@@ -670,8 +659,7 @@ void BinaryContext::populateJumpTables() {
                    dbgs() << "\n";);
         NextJTI->second->print(dbgs());
       }
-      AbortedJTs.push_back(JT);
-      continue;
+      llvm_unreachable("jump table heuristic failure");
     }
     for (BinaryFunction *Frag : JT->Parents) {
       for (uint64_t EntryAddress : JT->EntriesAsAddress)
@@ -701,15 +689,6 @@ void BinaryContext::populateJumpTables() {
         addFragmentsToSkip(Frag);
   }
 
-  // Ignore fragments accessing JT that fails analyzeJumpTable check
-  for (JumpTable *JT : AbortedJTs) {
-    for (BinaryFunction *Frag : JT->Parents) {
-      Frag->setIgnored();
-      Frag->JumpTables.erase(Frag->JumpTables.find(JT->getAddress()));
-    }
-    JumpTables.erase(JumpTables.find(JT->getAddress()));
-  }
-
   if (opts::StrictMode && DataPCRelocations.size()) {
     LLVM_DEBUG({
       dbgs() << DataPCRelocations.size()

diff --git a/bolt/test/X86/fake_jump_table.s b/bolt/test/X86/fake_jump_table.s