[aarch64-port-dev ] RFR: 8144498: aarch64: large code cache generates SEGV
Andrew Haley
aph at redhat.com
Mon Dec 7 14:20:37 UTC 2015
On 12/07/2015 12:22 PM, Edward Nevill wrote:
> I cannot see what prevents one of these BLs from being followed and
> since they may have been copied but not relocated then they may end
> up pointing somewhere random in the code buffer which just happens
> to look like a trampoline. Admittedly, the probability of failure is
> vastly reduced because there are no genuine trampolines for it to
> latch on to.
You must look inside get_trampoline(). It checks for this.
> Second, I am not such that your assertion
>
>> (When a trampoline call is first created it is a call to self; the
>> reloc is the only way to find the trampoline. For this reason, you
>> must use nativeCall_at(addr())->get_trampoline().)
>
> is correct. In MacroAssembler::trampoline_call I see
>
> if (Assembler::reachable_from_branch_at(pc(), entry.target())) {
> bl(entry.target());
> } else {
> bl(pc());
> }
>
> so it only creates a call to self if the branch does not reach and
> as before you could have a dangling BL when this is copied.
It doesn't matter, because get_trampoline() checks for BLs outside
the current method.
> I believe it would be possible to replace the above code section
> with simply
>
> bl(pc());
> since it will always be relocated and therefore you can always
> generate the call to self.
True. There are some other tidy-ups which could also be made in this
area, but none of it is terribly important as far as I can see.
> Maybe we could just get rid of trampolines?
There's no need. In the commonest case we BL directly to the
destination, which is optimal. Your ADRP/ADD examples aren't
patchable; if you are going to compare trampolines with something
else, whatever else you choose must be patchable, and it will be
slower and/or larger than BL.
Andrew.
More information about the aarch64-port-dev
mailing list