[BOLT] Synchronize BBHashMap and YamlBBs in BAT mode #145124
Conversation
Created using spr 1.3.4
|
Thanks for the fix! I have tried this patch, and it resolves the duplicate BAT issue in the previous scenario I provided. However, the assertion failure in other functions may still occur where BB in the BAT records explicitly contain a hash of 0. So, in addition to the original duplication issue, it seems there are also scenarios where the BAT records explicitly contain a hash of 0(seems this block was optimized and split by first-round BOLT), which also causes infer-stale-profile to crash. Detail: The BAT entry dump: And the corresponding profile.yaml: - name: 'Curl_client_write/sendf.c/1'
fid: 2418135
hash: 0x8072E2E71ADC5D29
exec: 15
nblocks: 57
blocks:
- **bid: 0
insns: 0
exec: 15
calls: [ { off: 0x0, fid: 2418137, cnt: 8 }, { off: 0x0, fid: 2420854, cnt: 2 } ]
succ: [ { bid: 2, cnt: 15 }, { bid: 0, cnt: 8 } ]**
- bid: 2
insns: 0
hash: 0xA267A1A00F48002C
succ: [ { bid: 3, cnt: 12 }, { bid: 27, cnt: 3 } ]
- bid: 3
insns: 0
hash: 0xD3EE0F58CD7D0036
succ: [ { bid: 27, cnt: 12 } ]
- bid: 27
insns: 0
hash: 0x6628E1281741012E
succ: [ { bid: 28, cnt: 15 } ]
- bid: 28
insns: 0
hash: 0x7873E70BCD7D0137
succ: [ { bid: 29, cnt: 15 } ]
- bid: 29
insns: 0
hash: 0x25BFDF28CD7D0145
succ: [ { bid: 33, cnt: 12 }, { bid: 30, cnt: 3 } ]
- bid: 30
insns: 0
hash: 0xEEBF761952370150
succ: [ { bid: 34, cnt: 3 } ]
- bid: 33
insns: 0
hash: 0xEEBFA8387CDE0173
succ: [ { bid: 34, cnt: 12 } ]
- bid: 34
insns: 0
hash: 0x5D1C7A620F48017B
succ: [ { bid: 35, cnt: 12 }, { bid: 36, cnt: 3 } ]
- bid: 35
insns: 0
hash: 0xCD08E23152370181
succ: [ { bid: 39, cnt: 15 } ]
- bid: 36
insns: 0
hash: 0x64EE72E5B8D00185
succ: [ { bid: 37, cnt: 3 } ]
- bid: 37
insns: 0
hash: 0x1CC01C2A375F0192
succ: [ { bid: 35, cnt: 3 } ]
- bid: 39
insns: 0
hash: 0xF039DE9E77A901A5
succ: [ { bid: 40, cnt: 15 } ]
- bid: 40
insns: 0
hash: 0x346CAE04938201BB
succ: [ { bid: 41, cnt: 12 }, { bid: 43, cnt: 3 } ]
- bid: 41
insns: 0
hash: 0x93F050F5206901D1
calls: [ { off: 0x8, fid: 2418136, cnt: 12 } ]
succ: [ { bid: 0, cnt: 2 } ]
- bid: 43
insns: 0
hash: 0x6341D97973E60213
succ: [ { bid: 44, cnt: 3 } ]
- bid: 44
insns: 0
hash: 0xCEB8D75EB8D0021B
succ: [ { bid: 47, cnt: 3 } ]
- bid: 47
insns: 0
hash: 0xA6F1CEE952370279
succ: [ { bid: 56, cnt: 3 } ] |
|
Perhaps another solution would be to figure out how to assign a valid hash to these blocks. (I suspect they might be generated by BOLT rather than being part of the original binary, which would explain why they have no hash?) |
|
Thank you for a detailed report. Can you please share the repro steps to get BAT entries with zero hash? I've tried building and optimizing libcurl but can't get BOLT to output zero hash. We really should never emit zero hashes. |
|
I also seem unable to reproduce this issue with curl in isolation, and the binary from the scenario where it is reproducible is too large to be shared. However, I've added some debug prints in both BoltAddressTranslation::saveMetadata() and BoltAddressTranslation::write(). From the output, I can see that after optimization, BOLT does indeed insert 3 BBs into Curl_client_write, which correspond to the original offset 0x1f1, and the hashes is 0: This seems to confirm that certain optimizations are inserting new BBs (not from the original binary) with a hash value of 0. While these zero-hash BBs might still be meaningful for BAT's purposes (specifically for regular .fdata), for the YAML profile, the lack of a hash value breaks its ability to perform infer-stale-profile. |
If some basic blocks are not present in BAT, blocks in BBHashMap and
YamlBF.Blocks may not come in the same order. Decouple the iteration
during initialization.
Test Plan: TBD