I'm not familiar yet with RISC asm, could you please describe why loading value from symbol results in text relocation (e.g. reference to the instruction)? Just interesting :)
Overall it seems to me reasonable and the implementation is nice, LGTM. Let's wait Meta team suggestions though.

I'm not familiar yet with RISC asm, could you please describe why loading value from symbol results in text relocation (e.g. reference to the instruction)? Just interesting :)

To materialize a 32-bit pc-relative address on RISC-V, you need two instruction: one auipc which adds a 20-bit immediate to the upper 20 bits of pc, and another I- or S-type instruction (e.g., ld, addi) to add the remaining 12 bits. The auipc gets a relocation pointing to the symbol you want the address of. The second instruction gets a relocation pointing to the auipc. The reason it has to point there (as opposed to the target symbol) is that the two instructions are not necessarily consecutive so the location of the auipc must be known in order to calculate the correct immediate for the second instruction.

See the psABI for more info.

Thanks! Am I understand it right that this is from linker standpoint? In the final binary ld/addi would have just an imm operand.
But since we need lo12 offset between 1 instruction and the symbol we're addressing the 1st instruction (the second might have other HI address) and the linker knowing where we're addressing would find the 1st instruction, it's relocation and it's symbol to complete the lower part of the address.
If I'm right his schematic is soo weird to me. I mean at aarch64 we're doing:
adrp x0, symb // PC-relative high 20 bit of address. I think it is ~ to auipc
// Any count of instructions
add x0, x0, symb // lo-12 part of address is offset in 4k page. Since we're addressing inside the 4k page this offset would never be changed.
So really only the adrp is PC-relative, the second one is page-relative offset. But RISC-V for some reason seems doesn't want to use such schematics and at linker time it "truly" calculates the lower part of the offset using the 1st instruction as a base and it's relocation to find the symbol. I really had to strain my brain to understood this schematic).

Thanks! Am I understand it right that this is from linker standpoint? In the final binary ld/addi would have just an imm operand. But since we need lo12 offset between 1 instruction and the symbol we're addressing the 1st instruction (the second might have other HI address) and the linker knowing where we're addressing would find the 1st instruction, it's relocation and it's symbol to complete the lower part of the address.

That all sounds correct.

If I'm right his schematic is soo weird to me. I mean at aarch64 we're doing:
adrp x0, symb // PC-relative high 20 bit of address. I think it is ~ to auipc

It's similar to auipc but not the same. adrp clear the lower 12 bits while auipc doesn't so the latter doesn't result in a 4KiB-aligned address. This also means that auipc can, for example, be used to calculate the value of PC.

// Any count of instructions add x0, x0, symb // lo-12 part of address is offset in 4k page.

Since we're addressing inside the 4k page this offset would never be changed. So really only the adrp is PC-relative, the second one is page-relative offset. But RISC-V for some reason seems doesn't want to use such schematics and at linker time it "truly" calculates the lower part of the offset using the 1st instruction as a base and it's relocation to find the symbol. I really had to strain my brain to understood this schematic).

As far as I can tell, using something like adrp wouldn't work on RISC-V since the I- and S-type instructions it would need to pair-up with take a signed 12-bit immediate so cannot represent arbitrary page offsets. On AArch64 this can work since these instructions have multiple addressing modes including one with unsigned 12-bit offsets.

Thanks for clarifications, Job! Now it seems to be completely clear to me :)

I've noticed one downside/annoyance with this approach. When emitting loads/stores for instrumentation (e.g., in createInstrIncMemory), I need to attach labels to instructions (same as the example given in the description of this patch). However, createInstrIncMemory is const while setLabel cannot be. Moreover, I really should add an AllocatorIdTy argument to setLabel and this means that createInstrIncMemory also needs one (it's called in the context of runOnEachFunctionWithUniqueAllocId).

None of this is a blocker (I have a working instrumentation implementation using the approach above) but it feels slightly annoying so I'd be interested in thoughts on this.

Is it possible to directly address needed symbol using -4 addend to symbol from the second instruction, since in this case you can be sure they would be emitted one by one?

No, that isn't possible. For one, the linker needs a R_RISCV_PCREL_LO12_I reloc to do its job and the only way to make the backend generate one is to add a MCSymbolRefExpr that refers to the first instruction.

Another issue is that the offset isn't always -4. I'm actually generating code like this:

1: auipc t0, %pcrel_hi(counter)
ld t1, %pcrel_lo(1b)(t0)
addi t1, t1, 1
sd t1, %pcrel_lo(1b)(t0)

So the sd refers to the same auipc as the earlier ld.

Ping

Adding data structures to BinaryFunction class is a bit expensive for us because it increases our memory footprint -- an uninitialized std::map<> will cost 48 bytes, which means an additional 5MB for 100k BinaryFunction objects loaded at runtime. The x86 target primarily deals with very large binaries, so it will be good if this solution could be mindful of that and perhaps reduce the memory footprint for x86 that will likely not use this additional InstructionLabels data structure. Perhaps convert it to an std::optionalstd::map? Or better yet, maybe try to reuse the existing Relocations map that we have in BF and register your relocs there, then fetch that in ::disassemble() to try to fill up your new annotations?

Adding data structures to BinaryFunction class is a bit expensive for us because it increases our memory footprint

Alright, that makes sense. I got rid of BinaryFunction::InstructionLabels as follows:

• While analyzing relocations, simply add instruction references to the Relocations map. This is slightly awkward for two reasons (but still workable imo):
  • We cannot add a symbol to the relocation since we have nowhere to store it. We cannot store in the reloc itself because multiple relocs might want to point to the same symbol. Relocations without symbols didn't happen before (afaict) so I had to add a null-check to an unrelated debug output.
  • In order to be able to reconstruct the symbol reference later, we need to know the address the reloc points to. This is typically calculated by extracting the value. However, in case of instruction-referencing relocs like PCREL_LO* on RISC-V, the extracted value is unrelated to the referenced symbol. I simply set the value of the reloc to the address of the symbol it points to to solve this.
• While disassembling, keep track of instruction labels in a map:
  • Whenever we encounter and instruction with an instruction-referencing reloc, look up the label it points in the map (or create a new one) and replace its immediate with a symbol ref as usual.
  • After having disassembled all instructions, iterate the map to add the labels to the corresponding instructions.

So basically, the InstructionLabels map is moved to the stack of disassemble() at the cost of a slightly awkward representation of some relocs.