1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
use std::ptr;
use cranelift_codegen::binemit::Reloc;
use cranelift_module::{ModuleError, ModuleReloc, ModuleRelocTarget, ModuleResult};
use crate::JITMemoryProvider;
use crate::memory::JITMemoryKind;
const VENEER_SIZE: usize = 24; // ldr + br + pointer
/// Reads a 32bit instruction at `iptr`, and writes it again after
/// being altered by `modifier`
unsafe fn modify_inst32(iptr: *mut u32, modifier: impl FnOnce(u32) -> u32) {
let inst = iptr.read_unaligned();
let new_inst = modifier(inst);
iptr.write_unaligned(new_inst);
}
#[derive(Clone)]
pub(crate) struct CompiledBlob {
ptr: *mut u8,
size: usize,
relocs: Vec<ModuleReloc>,
veneer_count: usize,
#[cfg(feature = "wasmtime-unwinder")]
wasmtime_exception_data: Option<Vec<u8>>,
}
unsafe impl Send for CompiledBlob {}
impl CompiledBlob {
pub(crate) fn new(
memory: &mut dyn JITMemoryProvider,
data: &[u8],
align: u64,
relocs: Vec<ModuleReloc>,
#[cfg(feature = "wasmtime-unwinder")] wasmtime_exception_data: Option<Vec<u8>>,
kind: JITMemoryKind,
) -> ModuleResult<Self> {
// Reserve veneers for all function calls just in case
let mut veneer_count = 0;
for reloc in &relocs {
match reloc.kind {
Reloc::Arm64Call => veneer_count += 1,
_ => {}
}
}
let ptr = memory
.allocate(data.len() + veneer_count * VENEER_SIZE, align, kind)
.map_err(|e| ModuleError::Allocation { err: e })?;
unsafe {
ptr::copy_nonoverlapping(data.as_ptr(), ptr, data.len());
}
Ok(CompiledBlob {
ptr,
size: data.len(),
relocs,
veneer_count,
#[cfg(feature = "wasmtime-unwinder")]
wasmtime_exception_data,
})
}
pub(crate) fn new_zeroed(
memory: &mut dyn JITMemoryProvider,
size: usize,
align: u64,
relocs: Vec<ModuleReloc>,
#[cfg(feature = "wasmtime-unwinder")] wasmtime_exception_data: Option<Vec<u8>>,
kind: JITMemoryKind,
) -> ModuleResult<Self> {
let ptr = memory
.allocate(size, align, kind)
.map_err(|e| ModuleError::Allocation { err: e })?;
unsafe { ptr::write_bytes(ptr, 0, size) };
Ok(CompiledBlob {
ptr,
size,
relocs,
veneer_count: 0,
#[cfg(feature = "wasmtime-unwinder")]
wasmtime_exception_data,
})
}
pub(crate) fn ptr(&self) -> *const u8 {
self.ptr
}
pub(crate) fn size(&self) -> usize {
self.size
}
#[cfg(feature = "wasmtime-unwinder")]
pub(crate) fn wasmtime_exception_data(&self) -> Option<&[u8]> {
self.wasmtime_exception_data.as_deref()
}
pub(crate) fn perform_relocations(
&self,
get_address: impl Fn(&ModuleRelocTarget) -> *const u8,
) {
use std::ptr::write_unaligned;
let mut next_veneer_idx = 0;
for (
i,
&ModuleReloc {
kind,
offset,
ref name,
addend,
},
) in self.relocs.iter().enumerate()
{
debug_assert!((offset as usize) < self.size);
let at = unsafe { self.ptr.offset(isize::try_from(offset).unwrap()) };
match kind {
Reloc::Abs4 => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
unsafe {
write_unaligned(at as *mut u32, u32::try_from(what as usize).unwrap())
};
}
Reloc::Abs8 => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
unsafe {
write_unaligned(at as *mut u64, u64::try_from(what as usize).unwrap())
};
}
Reloc::X86PCRel4 | Reloc::X86CallPCRel4 => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let pcrel = i32::try_from((what as isize) - (at as isize)).unwrap();
unsafe { write_unaligned(at as *mut i32, pcrel) };
}
Reloc::X86GOTPCRel4 => {
panic!("GOT relocation shouldn't be generated when !is_pic");
}
Reloc::X86CallPLTRel4 => {
panic!("PLT relocation shouldn't be generated when !is_pic");
}
Reloc::S390xPCRel32Dbl | Reloc::S390xPLTRel32Dbl => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let pcrel = i32::try_from(((what as isize) - (at as isize)) >> 1).unwrap();
unsafe { write_unaligned(at as *mut i32, pcrel) };
}
Reloc::Arm64Call => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
// The instruction is 32 bits long.
let iptr = at as *mut u32;
// The offset encoded in the `bl` instruction is the
// number of bytes divided by 4.
let diff = ((what as isize) - (at as isize)) >> 2;
// Sign propagating right shift disposes of the
// included bits, so the result is expected to be
// either all sign bits or 0 when in-range, depending
// on if the original value was negative or positive.
if (diff >> 25 == -1) || (diff >> 25 == 0) {
// The lower 26 bits of the `bl` instruction form the
// immediate offset argument.
let chop = 32 - 26;
let imm26 = (diff as u32) << chop >> chop;
unsafe { modify_inst32(iptr, |inst| inst | imm26) };
} else {
// If the target is out of range for a direct call, insert a veneer at the
// end of the function.
let veneer_idx = next_veneer_idx;
next_veneer_idx += 1;
assert!(veneer_idx <= self.veneer_count);
let veneer =
unsafe { self.ptr.byte_add(self.size + veneer_idx * VENEER_SIZE) };
// Write the veneer
// x16 is reserved as scratch register to be used by veneers and PLT entries
unsafe {
write_unaligned(
veneer.cast::<u32>(),
0x58000050, // ldr x16, 0x8
);
write_unaligned(
veneer.byte_add(4).cast::<u32>(),
0xd61f0200, // br x16
);
write_unaligned(veneer.byte_add(8).cast::<u64>(), what.addr() as u64);
};
// Set the veneer as target of the call
let diff = ((veneer as isize) - (at as isize)) >> 2;
assert!((diff >> 25 == -1) || (diff >> 25 == 0));
let chop = 32 - 26;
let imm26 = (diff as u32) << chop >> chop;
unsafe { modify_inst32(iptr, |inst| inst | imm26) };
}
}
Reloc::Aarch64AdrGotPage21 => {
panic!("GOT relocation shouldn't be generated when !is_pic");
}
Reloc::Aarch64Ld64GotLo12Nc => {
panic!("GOT relocation shouldn't be generated when !is_pic");
}
Reloc::Aarch64AdrPrelPgHi21 => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let get_page = |x| x & (!0xfff);
// NOTE: This should technically be i33 given that this relocation type allows
// a range from -4GB to +4GB, not -2GB to +2GB. But this doesn't really matter
// as the target is unlikely to be more than 2GB from the adrp instruction. We
// need to be careful to not cast to an unsigned int until after doing >> 12 to
// compute the upper 21bits of the pcrel address however as otherwise the top
// bit of the 33bit pcrel address would be forced 0 through zero extension
// instead of being sign extended as it should be.
let pcrel =
i32::try_from(get_page(what as isize) - get_page(at as isize)).unwrap();
let iptr = at as *mut u32;
let hi21 = (pcrel >> 12).cast_unsigned();
let lo = (hi21 & 0x3) << 29;
let hi = (hi21 & 0x1ffffc) << 3;
unsafe { modify_inst32(iptr, |inst| inst | lo | hi) };
}
Reloc::Aarch64AddAbsLo12Nc => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let iptr = at as *mut u32;
let imm12 = (what.addr() as u32 & 0xfff) << 10;
unsafe { modify_inst32(iptr, |inst| inst | imm12) };
}
Reloc::RiscvCallPlt => {
// A R_RISCV_CALL_PLT relocation expects auipc+jalr instruction pair.
// It is the equivalent of two relocations:
// 1. R_RISCV_PCREL_HI20 on the `auipc`
// 2. R_RISCV_PCREL_LO12_I on the `jalr`
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let pcrel = i32::try_from((what as isize) - (at as isize)).unwrap() as u32;
// See https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-elf.adoc#pc-relative-symbol-addresses
// for a better explanation of the following code.
//
// Unlike the regular symbol relocations, here both "sub-relocations" point to the same address.
//
// `pcrel` is a signed value (+/- 2GiB range), when splitting it into two parts, we need to
// ensure that `hi20` is close enough to `pcrel` to be able to add `lo12` to it and still
// get a valid address.
//
// `lo12` is also a signed offset (+/- 2KiB range) relative to the `hi20` value.
//
// `hi20` should also be shifted right to be the "true" value. But we also need it
// left shifted for the `lo12` calculation and it also matches the instruction encoding.
let hi20 = pcrel.wrapping_add(0x800) & 0xFFFFF000;
let lo12 = pcrel.wrapping_sub(hi20) & 0xFFF;
unsafe {
// Do a R_RISCV_PCREL_HI20 on the `auipc`
let auipc_addr = at as *mut u32;
modify_inst32(auipc_addr, |auipc| (auipc & 0xFFF) | hi20);
// Do a R_RISCV_PCREL_LO12_I on the `jalr`
let jalr_addr = at.offset(4) as *mut u32;
modify_inst32(jalr_addr, |jalr| (jalr & 0xFFFFF) | (lo12 << 20));
}
}
Reloc::PulleyPcRel => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let pcrel = i32::try_from((what as isize) - (at as isize)).unwrap();
let at = at as *mut i32;
unsafe {
at.write_unaligned(at.read_unaligned().wrapping_add(pcrel));
}
}
// See <https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-elf.adoc#pc-relative-symbol-addresses>
// for why `0x800` is added here.
Reloc::RiscvPCRelHi20 => {
let base = get_address(name);
let what = unsafe { base.offset(isize::try_from(addend).unwrap()) };
let pcrel = i32::try_from((what as isize) - (at as isize) + 0x800)
.unwrap()
.cast_unsigned();
let at = at as *mut u32;
unsafe {
modify_inst32(at, |i| i | (pcrel & 0xfffff000));
}
}
// The target of this relocation is the `auipc` preceding this
// instruction which should be `RiscvPCRelHi20`, and the actual
// target that we're relocating against is the target of that
// relocation. Assume for now that the previous relocation is
// the target of this relocation, and then use that.
Reloc::RiscvPCRelLo12I => {
let prev_reloc = &self.relocs[i - 1];
assert_eq!(prev_reloc.kind, Reloc::RiscvPCRelHi20);
let lo_target = get_address(name);
let hi_address =
unsafe { self.ptr.offset(isize::try_from(prev_reloc.offset).unwrap()) };
assert_eq!(lo_target, hi_address);
let hi_target = get_address(&prev_reloc.name);
let pcrel = i32::try_from((hi_target as isize) - (hi_address as isize))
.unwrap()
.cast_unsigned();
let at = at as *mut u32;
unsafe {
modify_inst32(at, |i| i | ((pcrel & 0xfff) << 20));
}
}
other => unimplemented!("unimplemented reloc {other:?}"),
}
}
}
}