[llvm-dev] where does jump table stores?
333 views
Skip to first unread message
慕冬亮 via llvm-dev
Dec 29, 2015, 1:56:35 AM12/29/15
to llvm-dev
I got the following message from one paper called readactor:
> We found that the LLVM compiler only emits data in the
> executable .text section of x86 binaries when optimizing a
> switch-case statement. LLVM emits the basic block address
> corresponding to each switch-case in a table after the current
> function. As shown in the left part of Figure 6, the switch
> statement is then implemented as a load from this table and
> an indirect branch to the loaded address.
> We found that the LLVM compiler only emits data in the
> executable .text section of x86 binaries when optimizing a
> switch-case statement. LLVM emits the basic block address
> corresponding to each switch-case in a table after the current
> function. As shown in the left part of Figure 6, the switch
> statement is then implemented as a load from this table and
> an indirect branch to the loaded address.
I am curious about why llvm puts this jump table(extrances of cases
for switch). I did the same test for gcc, I found gcc stores it in
rodata. I think rodata section is a good place for those structures to
stay.
If there is any misunderstanding, please inform me.
Thanks.
--
My best regards to you.
No System Is Safe!
mudongliang
_______________________________________________
LLVM Developers mailing list
llvm...@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
Robinson, Paul via llvm-dev
Jan 5, 2016, 9:13:38 PM1/5/16
to 慕冬亮, llvm...@lists.llvm.org, Rafael Espíndola (rafael.espindola@gmail.com
> -----Original Message-----
> From: llvm-dev [mailto:llvm-dev...@lists.llvm.org] On Behalf Of ???
> via llvm-dev
> Sent: Monday, December 28, 2015 10:56 PM
> To: llvm-dev
> Subject: [llvm-dev] where does jump table stores?
>
> I got the following message from one paper called readactor:
> > We found that the LLVM compiler only emits data in the
> > executable .text section of x86 binaries when optimizing a
> > switch-case statement. LLVM emits the basic block address
> > corresponding to each switch-case in a table after the current
> > function. As shown in the left part of Figure 6, the switch
> > statement is then implemented as a load from this table and
> > an indirect branch to the loaded address.
>
> I am curious about why llvm puts this jump table(extrances of cases
> for switch). I did the same test for gcc, I found gcc stores it in
> rodata. I think rodata section is a good place for those structures to
> stay.
> If there is any misunderstanding, please inform me.
> Thanks.
I think in PIC mode it used to do this, and from skimming the paper
> From: llvm-dev [mailto:llvm-dev...@lists.llvm.org] On Behalf Of ???
> via llvm-dev
> Sent: Monday, December 28, 2015 10:56 PM
> To: llvm-dev
> Subject: [llvm-dev] where does jump table stores?
>
> I got the following message from one paper called readactor:
> > We found that the LLVM compiler only emits data in the
> > executable .text section of x86 binaries when optimizing a
> > switch-case statement. LLVM emits the basic block address
> > corresponding to each switch-case in a table after the current
> > function. As shown in the left part of Figure 6, the switch
> > statement is then implemented as a load from this table and
> > an indirect branch to the loaded address.
>
> I am curious about why llvm puts this jump table(extrances of cases
> for switch). I did the same test for gcc, I found gcc stores it in
> rodata. I think rodata section is a good place for those structures to
> stay.
> If there is any misunderstanding, please inform me.
> Thanks.
it looks like they wanted to use ASLR therefore code must be PIC.
I see Rafael made a patch in February to put jump tables in .rodata
consistently, at least for targets using ELF, so that's the behavior
you should see starting probably with LLVM 3.7.
--paulr
Reply all
Reply to author
Forward
0 new messages