BOLT may never run the tentative code layout for cold BBs.

However, it might later require the addresses of cold BBs to compute
PC-relative jumps between hot and cold fragments of a function. Since
the addresses were never estimated, it uses 0x0 for cold BBs, resulting
in incorrect estimated addresses for any instructions within them.

As a result, LongJump often expands a branch that would otherwise fit in
a single instruction into a short jump.

For example, `relaxStub` might expand from:
```armasm
b       .Ltmp1234
```

to:
```armasm
adrp    x16, .Ltmp1234
add     x16, x16, :lo12:.Ltmp1234
br      x16
```

While this expansion is not wrong, it is unnecessary. Moreover, in some
large binaries this expansion has lead to runtime crashes. This should
be investigated further, as such expansions should not cause crashes.

Author: paschalis-mpeis

bolt/lib/Passes/LongJmp.cpp

@@ -382,6 +382,11 @@ uint64_t LongJmpPass::tentativeLayoutRelocMode(
     DotAddress += Func->estimateConstantIslandSize();
     ++CurrentIndex;
   }
+
+  if (!ColdLayoutDone)
+    assert(ColdLayoutDone &&
+           "Did not perform tentative code layout for cold blocks.");
+
   // BBs
   for (BinaryFunction *Func : SortedFunctions)
     tentativeBBLayout(*Func);

bolt/test/AArch64/split-funcs-lite.test

@@ -0,0 +1,14 @@
+// This test checks that tentative code layout for cold basic blocks runs
+// at least once, even when each function after the hot/cold frontier is not
+// emittable. This is done by ignoring each function using the 'skip-funcs' flag.
+// In a realistic scenario, this may happen when lite mode is enabled along
+// with a bolt profile.
+
+REQUIRES: system-linux
+
+RUN: %clang %cflags %p/../Inputs/asm_main.c -Wl,-q -o %t
+
+RUN: not --crash llvm-bolt %t -o %t.bolt -lite=1 -split-functions -split-all-cold \
+RUN: --skip-funcs="main,foo" 2>&1 | FileCheck %s
+
+CHECK: Did not perform tentative code layout for cold blocks.