https://bugs.llvm.org/show_bug.cgi?id=35819

            Bug ID: 35819
           Summary: lld overwrites first byte of jump table
           Product: lld
           Version: unspecified
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: MachO
          Assignee: unassignedb...@nondot.org
          Reporter: t.sch...@gmx.de
                CC: llvm-bugs@lists.llvm.org

lld seems to overwrite the first byte of the jump table. Consider the following
program

  inline int some_number()
  {
    return 0;
  }

  int main()
  {
    switch (some_number())
    {
      case 0:
        break;
      case 1:
        break;
      case 2:
        break;
      case 3:
        break;
    }
  }

Compiling this results in

 % clang++ -v
Apple LLVM version 8.1.0 (clang-802.0.42)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir:
/Applications/Xcode8.3.3.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
 % clang++ -c -o main.cpp.o main.cpp
 % otool -tV main.cpp.o
build/main.cpp.o:
(__TEXT,__text) section
_main:
0000000000000000  pushq %rbp
...
0000000000000059  nopl  _main(%rax)
000000000000005c  .long 4294967264      @ KIND_JUMP_TABLE32
0000000000000060  .long 4294967269      @ KIND_JUMP_TABLE32
0000000000000064  .long 4294967274      @ KIND_JUMP_TABLE32
0000000000000068  .long 4294967279      @ KIND_JUMP_TABLE32
000000000000006c  nopl  (%rax)

When linking this program with ld I get

 % ld -v
@(#)PROGRAM:ld  PROJECT:ld64-278.4
configured to support archs: armv6 armv7 armv7s arm64 i386 x86_64 x86_64h
armv6m armv7k armv7m armv7em (tvOS)
LTO support using: LLVM version 8.1.0, (clang-802.0.42)
TAPI support using: Apple TAPI version 1.33.11
 % ld -arch x86_64 -o main-ld main.cpp.o -lSystem
 % otool -t main-ld
main-ld:
Contents of (__TEXT,__text) section
0000000100000f20  55 48 89 e5 48 83 ec 20 c7 45 fc 00 00 00 00 e8
0000000100000f30  64 00 00 00 89 c1 89 ca 83 e8 03 48 89 55 f0 89
0000000100000f40  45 ec 0f 87 28 00 00 00 48 8d 05 2d 00 00 00 48
0000000100000f50  8b 4d f0 48 63 14 88 48 01 c2 ff e2 e9 0f 00 00
0000000100000f60  00 e9 0a 00 00 00 e9 05 00 00 00 e9 00 00 00 00
0000000100000f70  8b 45 fc 48 83 c4 20 5d c3 0f 1f 00 e0 ff ff ff
0000000100000f80  e5 ff ff ff ea ff ff ff ef ff ff ff 0f 1f 40 00
0000000100000f90  55 48 89 e5 31 c0 5d c3

The first jump table entry is at 0x100000f20 + 0x5c = 0x100000F7C and has the
value ffffffe0 (or 4294967264 in decimal) which is the value from the object
file.

Now, doing the same with lld I get

 % ~/foreign/llvm-master-install/bin/ld64.lld -arch x86_64 -o main-lld
main.cpp.o -lSystem
 % otool -t main-lld
main-lld:
Contents of (__TEXT,__text) section
0000000100000f30  55 48 89 e5 48 83 ec 20 c7 45 fc 00 00 00 00 e8
0000000100000f40  5c 00 00 00 89 c1 89 ca 83 e8 03 48 89 55 f0 89
0000000100000f50  45 ec 0f 87 28 00 00 00 48 8d 05 2d 00 00 00 48
0000000100000f60  8b 4d f0 48 63 14 88 48 01 c2 ff e2 e9 0f 00 00
0000000100000f70  00 e9 0a 00 00 00 e9 05 00 00 00 e9 00 00 00 00
0000000100000f80  8b 45 fc 48 83 c4 20 5d c3 0f 1f 00 a4 ff ff ff
0000000100000f90  e5 ff ff ff ea ff ff ff ef ff ff ff 90 ff ff ff
0000000100000fa0  55 48 89 e5 31 c0 5d c3

The first jump table entry is at 0x100000f30 + 0x5c = 0x100000F8C and has the
value ffffffa4 (or 4294967204 in decimal) which is NOT the value from the
object file. In particular, the first byte is a4 instead of e0. I'm not sure if
that's a coincidence, but this jumps to the start of the function (and not to
the appropriate case handler).

Note that lld was built from LLVM commit
f494e856dbbecfdc2958a07cd4acc3c6a7ed7533 and lld commit
874cf0193393de7ad4b480d8519a6e40375cf938. Also I only tried this for MachO.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to