[BOLT] Bugfix: CFIs can be placed before the first Instruction

- This caused a crash when trying to Annotate RAState-changing CFIs
    (RememberState, RestoreState, NegateRAState).
- The fix introduces an InitialRAState for each BinaryFunction.
- If we have a NegateRAState before the first Instr, we set that to
  True.
- In MarkRAStates, we push the InitialRAState to the RAStateStack: as we
  may have omitted the RememberState at the function start, its RestoreState
  pair would try to pop an empty stack otherwise.

Author: bgergely0

bolt/include/bolt/Core/BinaryFunction.h

@@ -148,6 +148,9 @@ class BinaryFunction {
     PF_MEMEVENT = 4, /// Profile has mem events.
   };
 
+  void setInitialRAState(bool State) { InitialRAState = State; }
+  bool getInitialRAState() { return InitialRAState; }
+
   /// Struct for tracking exception handling ranges.
   struct CallSite {
     const MCSymbol *Start;
@@ -221,6 +224,8 @@ class BinaryFunction {
   /// Current state of the function.
   State CurrentState{State::Empty};
 
+  bool InitialRAState{false};
+
   /// A list of symbols associated with the function entry point.
   ///
   /// Multiple symbols would typically result from identical code-folding

bolt/lib/Core/Exceptions.cpp

@@ -569,20 +569,24 @@ bool CFIReaderWriter::fillCFIInfoFor(BinaryFunction &Function) const {
       Function.addCFIInstruction(
           Offset, MCCFIInstruction::createRememberState(nullptr));
 
-      if (Function.getBinaryContext().isAArch64())
+      if (Function.getBinaryContext().isAArch64()) {
         // Support for pointer authentication:
         // We need to annotate instructions that modify the RA State, to work
         // out the state of each instruction in MarkRAStates Pass.
-        Function.setInstModifiesRAState(DW_CFA_remember_state, Offset);
+        if (Offset != 0)
+          Function.setInstModifiesRAState(DW_CFA_remember_state, Offset);
+      }
       break;
     case DW_CFA_restore_state:
       Function.addCFIInstruction(Offset,
                                  MCCFIInstruction::createRestoreState(nullptr));
-      if (Function.getBinaryContext().isAArch64())
+      if (Function.getBinaryContext().isAArch64()) {
         // Support for pointer authentication:
         // We need to annotate instructions that modify the RA State, to work
         // out the state of each instruction in MarkRAStates Pass.
-        Function.setInstModifiesRAState(DW_CFA_restore_state, Offset);
+        if (Offset != 0)
+          Function.setInstModifiesRAState(DW_CFA_restore_state, Offset);
+      }
       break;
     case DW_CFA_def_cfa:
       Function.addCFIInstruction(
@@ -649,7 +653,14 @@ bool CFIReaderWriter::fillCFIInfoFor(BinaryFunction &Function) const {
         // is added to the instruction, to mark that the instruction modifies
         // the RA State. The actual state for instructions are worked out in
         // MarkRAStates based on these annotations.
-        Function.setInstModifiesRAState(DW_CFA_AARCH64_negate_ra_state, Offset);
+        if (Offset != 0)
+          Function.setInstModifiesRAState(DW_CFA_AARCH64_negate_ra_state,
+                                          Offset);
+        else
+          // We cannot Annotate an instruction at Offset == 0.
+          // Instead, we save the initial (Signed) state, and push it to
+          // MarkRAStates' RAStateStack.
+          Function.setInitialRAState(true);
         break;
       }
       if (opts::Verbosity >= 1)

bolt/lib/Passes/MarkRAStates.cpp

@@ -62,8 +62,9 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
     }
   }
 
-  bool RAState = false;
+  bool RAState = BF.getInitialRAState();
   std::stack<bool> RAStateStack;
+  RAStateStack.push(RAState);
 
   for (BinaryBasicBlock &BB : BF) {
     for (auto It = BB.begin(); It != BB.end(); ++It) {