269 lines
8.9 KiB
LLVM
269 lines
8.9 KiB
LLVM
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
|
|
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefixes=X64,X64_MSVC
|
|
; RUN: llc < %s -mtriple=i686-w64-windows-gnu | FileCheck %s -check-prefixes=X32,X32_MINGW
|
|
; RUN: llc < %s -mtriple=x86_64-w64-windows-gnu | FileCheck %s -check-prefixes=X64,X64_MINGW
|
|
; Control Flow Guard is currently only available on Windows
|
|
|
|
; Test that Control Flow Guard checks are correctly added when required.
|
|
|
|
|
|
declare i32 @target_func()
|
|
|
|
|
|
; Test that Control Flow Guard checks are not added on calls with the "guard_nocf" attribute.
|
|
define i32 @func_guard_nocf() {
|
|
entry:
|
|
%func_ptr = alloca ptr, align 8
|
|
store ptr @target_func, ptr %func_ptr, align 8
|
|
%0 = load ptr, ptr %func_ptr, align 8
|
|
%1 = call i32 %0() #0
|
|
ret i32 %1
|
|
|
|
; X32-LABEL: func_guard_nocf
|
|
; X32: movl $_target_func, %eax
|
|
; X32-NOT: __guard_check_icall_fptr
|
|
; X32: calll *%eax
|
|
|
|
; X64-LABEL: func_guard_nocf
|
|
; X64: leaq target_func(%rip), %rax
|
|
; X64-NOT: __guard_dispatch_icall_fptr
|
|
; X64: callq *%rax
|
|
}
|
|
attributes #0 = { "guard_nocf" }
|
|
|
|
|
|
; Test that Control Flow Guard checks are added even at -O0.
|
|
; FIXME Ideally these checks should be added as a single call instruction, as in the optimized case.
|
|
define i32 @func_optnone_cf() #1 {
|
|
entry:
|
|
%func_ptr = alloca ptr, align 8
|
|
store ptr @target_func, ptr %func_ptr, align 8
|
|
%0 = load ptr, ptr %func_ptr, align 8
|
|
%1 = call i32 %0()
|
|
ret i32 %1
|
|
|
|
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
|
|
; X32-LABEL: func_optnone_cf
|
|
; X32: leal _target_func, %eax
|
|
; X32: movl %eax, (%esp)
|
|
; X32: movl (%esp), %ecx
|
|
; X32: calll *___guard_check_icall_fptr
|
|
; X32-NEXT: calll *%ecx
|
|
|
|
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
|
|
; X64-LABEL: func_optnone_cf
|
|
; X64: leaq target_func(%rip), %rax
|
|
; X64: movq __guard_dispatch_icall_fptr(%rip), %rcx
|
|
; X64: callq *%rcx
|
|
; X64-NOT: callq
|
|
}
|
|
attributes #1 = { noinline optnone }
|
|
|
|
|
|
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
|
|
define i32 @func_cf() {
|
|
entry:
|
|
%func_ptr = alloca ptr, align 8
|
|
store ptr @target_func, ptr %func_ptr, align 8
|
|
%0 = load ptr, ptr %func_ptr, align 8
|
|
%1 = call i32 %0()
|
|
ret i32 %1
|
|
|
|
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
|
|
; X32-LABEL: func_cf
|
|
; X32: movl $_target_func, %esi
|
|
; X32: movl $_target_func, %ecx
|
|
; X32: calll *___guard_check_icall_fptr
|
|
; X32-NEXT: calll *%esi
|
|
|
|
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
|
|
; X64-LABEL: func_cf
|
|
; X64: leaq target_func(%rip), %rax
|
|
; X64: callq *__guard_dispatch_icall_fptr(%rip)
|
|
; X64-NOT: callq
|
|
}
|
|
|
|
|
|
; Test that Control Flow Guard checks are correctly added on invoke instructions.
|
|
define i32 @func_cf_invoke() personality ptr @h {
|
|
entry:
|
|
%0 = alloca i32, align 4
|
|
%func_ptr = alloca ptr, align 8
|
|
store ptr @target_func, ptr %func_ptr, align 8
|
|
%1 = load ptr, ptr %func_ptr, align 8
|
|
%2 = invoke i32 %1()
|
|
to label %invoke.cont unwind label %lpad
|
|
invoke.cont: ; preds = %entry
|
|
ret i32 %2
|
|
|
|
lpad: ; preds = %entry
|
|
%tmp = landingpad { ptr, i32 }
|
|
catch ptr null
|
|
ret i32 -1
|
|
|
|
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
|
|
; X32-LABEL: func_cf_invoke
|
|
; X32: movl $_target_func, %esi
|
|
; X32: movl $_target_func, %ecx
|
|
; X32: calll *___guard_check_icall_fptr
|
|
; X32_MINGW-NEXT: Ltmp0:
|
|
; X32-NEXT: calll *%esi
|
|
; X32: # %invoke.cont
|
|
; X32: # %lpad
|
|
|
|
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
|
|
; X64-LABEL: func_cf_invoke
|
|
; X64: leaq target_func(%rip), %rax
|
|
; X64: callq *__guard_dispatch_icall_fptr(%rip)
|
|
; X64-NOT: callq
|
|
; X64: # %invoke.cont
|
|
; X64: # %lpad
|
|
}
|
|
|
|
declare void @h()
|
|
|
|
|
|
; Test that Control Flow Guard preserves floating point arguments.
|
|
declare double @target_func_doubles(double, double, double, double)
|
|
|
|
define double @func_cf_doubles() {
|
|
entry:
|
|
%func_ptr = alloca ptr, align 8
|
|
store ptr @target_func_doubles, ptr %func_ptr, align 8
|
|
%0 = load ptr, ptr %func_ptr, align 8
|
|
%1 = call double %0(double 1.000000e+00, double 2.000000e+00, double 3.000000e+00, double 4.000000e+00)
|
|
ret double %1
|
|
|
|
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
|
|
; X32-LABEL: func_cf_doubles
|
|
; X32: movl $_target_func_doubles, %esi
|
|
; X32: movl $_target_func_doubles, %ecx
|
|
; X32: calll *___guard_check_icall_fptr
|
|
; X32: calll *%esi
|
|
|
|
|
|
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
|
|
; X64-LABEL: func_cf_doubles
|
|
; X64: leaq target_func_doubles(%rip), %rax
|
|
; X64_MSVC: movsd __real@3ff0000000000000(%rip), %xmm0
|
|
; X64_MSVC: movsd __real@4000000000000000(%rip), %xmm1
|
|
; X64_MSVC: movsd __real@4008000000000000(%rip), %xmm2
|
|
; X64_MSVC: movsd __real@4010000000000000(%rip), %xmm3
|
|
; X64_MINGW: movsd .LCPI4_0(%rip), %xmm0
|
|
; X64_MINGW: movsd .LCPI4_1(%rip), %xmm1
|
|
; X64_MINGW: movsd .LCPI4_2(%rip), %xmm2
|
|
; X64_MINGW: movsd .LCPI4_3(%rip), %xmm3
|
|
; X64: callq *__guard_dispatch_icall_fptr(%rip)
|
|
; X64-NOT: callq
|
|
|
|
}
|
|
|
|
|
|
; Test that Control Flow Guard checks are correctly added for tail calls.
|
|
define i32 @func_cf_tail() {
|
|
entry:
|
|
%func_ptr = alloca ptr, align 8
|
|
store ptr @target_func, ptr %func_ptr, align 8
|
|
%0 = load ptr, ptr %func_ptr, align 8
|
|
%1 = musttail call i32 %0()
|
|
ret i32 %1
|
|
|
|
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
|
|
; X32-LABEL: func_cf_tail
|
|
; X32: movl $_target_func, %ecx
|
|
; X32: calll *___guard_check_icall_fptr
|
|
; X32: movl $_target_func, %eax
|
|
; X32: jmpl *%eax # TAILCALL
|
|
; X32-NOT: calll
|
|
|
|
; X64-LABEL: func_cf_tail
|
|
; X64: leaq target_func(%rip), %rax
|
|
; X64: rex64 jmpq *__guard_dispatch_icall_fptr(%rip) # TAILCALL
|
|
; X64-NOT: callq
|
|
}
|
|
|
|
|
|
%struct.Foo = type { ptr }
|
|
|
|
; Test that Control Flow Guard checks are correctly added for variadic musttail
|
|
; calls. These are used for MS C++ ABI virtual member pointer thunks.
|
|
; PR44049
|
|
define i32 @vmptr_thunk(ptr inreg %p) {
|
|
entry:
|
|
%vptr = load ptr, ptr %p
|
|
%slot = getelementptr inbounds ptr, ptr %vptr, i32 1
|
|
%vmethod = load ptr, ptr %slot
|
|
%rv = musttail call i32 %vmethod(ptr inreg %p)
|
|
ret i32 %rv
|
|
|
|
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
|
|
; X32-LABEL: _vmptr_thunk:
|
|
; X32: movl %eax, %esi
|
|
; X32: movl (%eax), %eax
|
|
; X32: movl 4(%eax), %ecx
|
|
; X32: calll *___guard_check_icall_fptr
|
|
; X32: movl %esi, %eax
|
|
; X32: jmpl *%ecx # TAILCALL
|
|
; X32-NOT: calll
|
|
|
|
; Use NEXT here because we previously had an extra instruction in this sequence.
|
|
; X64-LABEL: vmptr_thunk:
|
|
; X64: movq (%rcx), %rax
|
|
; X64-NEXT: movq 8(%rax), %rax
|
|
; X64-NEXT: movq __guard_dispatch_icall_fptr(%rip), %rdx
|
|
; X64-NEXT: rex64 jmpq *%rdx # TAILCALL
|
|
; X64-NOT: callq
|
|
}
|
|
|
|
; Test that longjmp targets have public labels and are included in the .gljmp section.
|
|
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
|
|
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
|
|
|
|
define i32 @func_cf_setjmp() {
|
|
%1 = alloca i32, align 4
|
|
%2 = alloca i32, align 4
|
|
store i32 0, ptr %1, align 4
|
|
store i32 -1, ptr %2, align 4
|
|
%3 = call ptr @llvm.frameaddress(i32 0)
|
|
%4 = call i32 @_setjmp(ptr @buf1, ptr %3) #2
|
|
|
|
; X32-LABEL: func_cf_setjmp
|
|
; X32: calll __setjmp
|
|
; X32-NEXT: $cfgsj_func_cf_setjmp0:
|
|
|
|
; X64-LABEL: func_cf_setjmp
|
|
; X64: callq _setjmp
|
|
; X64-NEXT: $cfgsj_func_cf_setjmp0:
|
|
|
|
%5 = call ptr @llvm.frameaddress(i32 0)
|
|
%6 = call i32 @_setjmp(ptr @buf1, ptr %5) #2
|
|
|
|
; X32: calll __setjmp
|
|
; X32-NEXT: $cfgsj_func_cf_setjmp1:
|
|
|
|
; X64: callq _setjmp
|
|
; X64-NEXT: $cfgsj_func_cf_setjmp1:
|
|
|
|
store i32 1, ptr %2, align 4
|
|
%7 = load i32, ptr %2, align 4
|
|
ret i32 %7
|
|
|
|
; X32: .section .gljmp$y,"dr"
|
|
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp0
|
|
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp1
|
|
|
|
; X64: .section .gljmp$y,"dr"
|
|
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp0
|
|
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp1
|
|
}
|
|
|
|
declare ptr @llvm.frameaddress(i32)
|
|
|
|
; Function Attrs: returns_twice
|
|
declare dso_local i32 @_setjmp(ptr, ptr) #2
|
|
|
|
attributes #2 = { returns_twice }
|
|
|
|
|
|
!llvm.module.flags = !{!0}
|
|
!0 = !{i32 2, !"cfguard", i32 2}
|