[PPC][BOLT]

In this initial contribution to BOLT PPC I am optimising a simple “puts”
Hello World example. In the latest steps of BOLT rewriting, after handling
the puts method, BOLT branched into a STUB helper method. The STUB was
trying to invoke the GOT (Global Offset Table) but unfortunately assumed
the GOT was part of the same TOC window as the caller (r2 - 0x8000),
which is not true. BOLT's $__GOT is located far outside that window, so
the `ld` (load) instruction retrieved the wrong word (e.g. the TOC base
itself), and the following `bctr` jumped into data, causing a segfault.

To correctly load the real function address of `puts` (callee’s function
address) from $__GOT, I changed the STUB helper method to use absolute
relocation instead.

Author: kostasalv

bolt/include/bolt/Target/PowerPC/PPCMCPlusBuilder.h

@@ -1,8 +1,10 @@
 #pragma once
-
 #include "bolt/Core/MCPlusBuilder.h"
+#include <vector>
 
 namespace llvm {
+class MCInst;
+class MCSymbol;
 namespace bolt {
 
 class PPCMCPlusBuilder : public MCPlusBuilder {
@@ -75,6 +77,14 @@ class PPCMCPlusBuilder : public MCPlusBuilder {
                    const MCAsmBackend &MAB) const override;
 
   bool isTOCRestoreAfterCall(const MCInst &I) const override;
+
+  // Build a PPC64 call-stub as MCInsts; the stub tail-calls Target via CTR.
+  // Out will receive: [std r2,24(r1)] (optional), address materialization into
+  // r12, mtctr r12, bctr. No @toc* fixups are used.
+  void buildCallStubAbsolute(std::vector<llvm::MCInst> &Out,
+                             const llvm::MCSymbol *TargetSym, uint16_t highest,
+                             uint16_t higher, uint16_t half,
+                             uint16_t lower) const;
 };
 
 } // namespace bolt

bolt/lib/Rewrite/RewriteInstance.cpp

@@ -34,6 +34,7 @@
 #include "bolt/Rewrite/MetadataRewriters.h"
 #include "bolt/RuntimeLibs/HugifyRuntimeLibrary.h"
 #include "bolt/RuntimeLibs/InstrumentationRuntimeLibrary.h"
+#include "bolt/Target/PowerPC/PPCMCPlusBuilder.h"
 #include "bolt/Utils/CommandLineOpts.h"
 #include "bolt/Utils/Utils.h"
 #include "llvm/ADT/AddressRanges.h"
@@ -60,10 +61,12 @@
 #include "llvm/Support/ToolOutputFile.h"
 #include "llvm/Support/raw_ostream.h"
 #include <algorithm>
+#include <cstdint>
 #include <fstream>
 #include <memory>
 #include <optional>
 #include <system_error>
+#include <unordered_map>
 
 #undef  DEBUG_TYPE
 #define DEBUG_TYPE "bolt"
@@ -2863,6 +2866,58 @@ void RewriteInstance::readRelocations(const SectionRef &Section) {
     handleRelocation(RelocatedSection, Rel);
 }
 
+static bool shouldUsePPCAbsoluteCallStub(const RelocationRef &Rel,
+                                         MCSymbol *TargetSym) {
+  (void)Rel;
+  (void)TargetSym;
+  return true;
+}
+
+static BinaryFunction *getOrCreatePPCAbsoluteCallStub(BinaryContext &BC,
+                                                      MCSymbol &TargetSym,
+                                                      MCPlusBuilder &MIB) {
+  std::string StubName =
+      ("__bolt_ppc_abs_call_stub." + TargetSym.getName()).str();
+
+  static std::unordered_map<std::string, BinaryFunction *> PPCStubCache;
+  auto It = PPCStubCache.find(StubName);
+  if (It != PPCStubCache.end())
+    return It->second;
+
+  // Create an injected fuction for the stub.
+  auto *StubBF = BC.createInjectedBinaryFunction(StubName);
+  StubBF->setSimple(true);
+  StubBF->setCodeSectionName(".text"); // or a dedicated stubs section
+
+  // Build one basic block
+  BinaryBasicBlock *BB = StubBF->addBasicBlock(/*Label=*/nullptr);
+
+  uint64_t TargetAddr = 0;
+  if (auto *BSym = BC.getBinaryDataByName(TargetSym.getName())) {
+    TargetAddr = BSym->getAddress();
+  }
+
+  assert(TargetAddr && "target symbol address expected");
+
+  auto highest = static_cast<uint16_t>((TargetAddr >> 48) & 0xFFFF);
+  auto higher = static_cast<uint16_t>((TargetAddr >> 32) & 0xFFFF);
+  auto half = static_cast<uint16_t>(((TargetAddr + 0x8000) >> 16) & 0xFFFF);
+  auto lower = static_cast<uint16_t>(TargetAddr & 0xFFFF);
+
+  // Build the stub MCInsts
+  std::vector<MCInst> Seq;
+  auto &PPCBuilder = static_cast<PPCMCPlusBuilder &>(*BC.MIB);
+  PPCBuilder.buildCallStubAbsolute(Seq, &TargetSym, highest, higher, half,
+                                   lower);
+
+  // Append instructions to the basic block
+  for (auto &I : Seq)
+    BB->addInstruction(I);
+
+  PPCStubCache.emplace(StubName, StubBF);
+  return StubBF;
+}
+
 void RewriteInstance::handleRelocation(const SectionRef &RelocatedSection,
                                        const RelocationRef &Rel) {
   const bool IsAArch64 = BC->isAArch64();
@@ -2986,6 +3041,24 @@ void RewriteInstance::handleRelocation(const SectionRef &RelocatedSection,
     }
   }
 
+  if (IsPPC64 && IsFromCode &&
+      (RType == ELF::R_PPC64_REL24 || RType == ELF::R_PPC64_REL24_NOTOC) &&
+      ReferencedSymbol) {
+
+    const StringRef SymName = ReferencedSymbol->getName();
+    const bool AlreadyStub = SymName.starts_with("__bolt_ppc_abs_call_stub.");
+
+    if (!AlreadyStub && shouldUsePPCAbsoluteCallStub(Rel, ReferencedSymbol)) {
+      auto *StubBF =
+          getOrCreatePPCAbsoluteCallStub(*BC, *ReferencedSymbol, *BC->MIB);
+      ReferencedSymbol = StubBF->getSymbol(); // redirect to stub
+      Addend = 0;
+      ExtractedValue = 0;
+    }
+  }
+  BC->addRelocation(Rel.getOffset(), ReferencedSymbol, RType, Addend,
+                    ExtractedValue);
+
   ErrorOr<BinarySection &> ReferencedSection{std::errc::bad_address};
 
   // --- SAFE symbol->section lookup (PPC64 only) ---

bolt/lib/Target/PowerPC/PPCMCPlusBuilder.cpp

@@ -16,11 +16,18 @@
 #include "llvm/BinaryFormat/ELF.h"
 #include "llvm/MC/MCInst.h"
 #include "llvm/MC/MCRegisterInfo.h"
-#include <optional>
-#include <string>
+#include <cstdint>
 #define DEBUG_TYPE "bolt-ppc"
+#include "bolt/Core/BinaryFunction.h"
+#include "llvm/MC/MCAsmBackend.h"
+#include "llvm/MC/MCContext.h"
+#include "llvm/MC/MCExpr.h"
+#include "llvm/MC/MCFixup.h"
+#include "llvm/MC/MCSymbol.h"
 #include "llvm/Support/Debug.h"
 #include "llvm/Support/raw_ostream.h"
+#include <optional>
+#include <string>
 
 using namespace llvm;
 using namespace bolt;
@@ -492,6 +499,96 @@ bool PPCMCPlusBuilder::isTOCRestoreAfterCall(const MCInst &I) const {
   return true;
 }
 
+static inline MCOperand R(unsigned Reg) { return MCOperand::createReg(Reg); }
+static inline MCOperand Imm(int64_t I) { return MCOperand::createImm(I); }
+// Build a 64-bit absolute address of the callee's function address (e.g.
+// "puts") into r12, then tail-call it via BCTR.
+void PPCMCPlusBuilder::buildCallStubAbsolute(std::vector<MCInst> &Out,
+                                             const MCSymbol *TargetSym,
+                                             uint16_t highest, uint16_t higher,
+                                             uint16_t ha, uint16_t l) const {
+  // Registers
+  const unsigned R1 = PPC::X1;   // sp
+  const unsigned R2 = PPC::X2;   // caller TOC
+  const unsigned R12 = PPC::X12; // scratch / entry per ELFv2
+
+  // 1) Optional: save caller TOC in the standard post-call slot 24(r1)
+  // ABI compliant PPC64 code should do this before calls.
+  {
+    MCInst I;
+    I.setOpcode(PPC::STD); // STD rS, D(rA)
+    I.addOperand(R(R2));
+    I.addOperand(R(R1));
+    I.addOperand(Imm(24));
+    Out.push_back(std::move(I));
+  }
+  // Top 32 bits
+  // 2) Materialize absolute 64-bit address into r12 (no @toc*)
+  // addis r12, r0, target@highest. bits (63-48)
+  {
+    MCInst I;
+    I.setOpcode(PPC::ADDIS);
+    I.addOperand(R(R12));
+    I.addOperand(R(PPC::X0));
+    I.addOperand(Imm(highest));
+    Out.push_back(std::move(I));
+  }
+  // ori r12, r12, target@higher. bits (47-32)
+  {
+    MCInst I;
+    I.setOpcode(PPC::ORI);
+    I.addOperand(R(R12));
+    I.addOperand(R(R12));
+    I.addOperand(Imm(higher));
+    Out.push_back(std::move(I));
+  }
+  // rldicr r12, r12, 32, 31   ; aka sldi r12, r12, 32
+  // shift left to make room for lower 32 bits
+  {
+    MCInst I;
+    I.setOpcode(PPC::RLDICR);
+    I.addOperand(R(R12));
+    I.addOperand(R(R12));
+    I.addOperand(Imm(32));
+    I.addOperand(Imm(31));
+    Out.push_back(std::move(I));
+  }
+  // Low 32 bits
+  // addis r12, r12, target@ha
+  {
+    MCInst I;
+    I.setOpcode(PPC::ADDIS);
+    I.addOperand(R(R12));
+    I.addOperand(R(R12));
+    I.addOperand(Imm(ha));
+    Out.push_back(std::move(I));
+  }
+  // ori r12, r12, target@l
+  {
+    MCInst I;
+    I.setOpcode(PPC::ORI);
+    I.addOperand(R(R12));
+    I.addOperand(R(R12));
+    I.addOperand(Imm(l));
+    Out.push_back(std::move(I));
+  }
+  // Now r12 has the full 64-bit address of TargetSym.
+  // 3) mtctr r12 ; bctr
+  // Move address to Counter Register
+  {
+    MCInst I;
+    I.setOpcode(PPC::MTCTR);
+    I.addOperand(R(R12));
+    Out.push_back(std::move(I));
+  }
+  // Branch to the address in CTR (tail call to TargetSym)
+  {
+    MCInst I;
+    I.setOpcode(PPC::BCTR);
+    Out.push_back(std::move(I));
+  }
+}
+
 namespace llvm {
 namespace bolt {