Run DCE after a LoopFlatten test to reduce spurious output [nfc]

[llvm-project.git] / llvm / test / CodeGen / X86 / cfguard-checks.ll

; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefixes=X64,X64_MSVC
; RUN: llc < %s -mtriple=i686-w64-windows-gnu | FileCheck %s -check-prefixes=X32,X32_MINGW
; RUN: llc < %s -mtriple=x86_64-w64-windows-gnu | FileCheck %s -check-prefixes=X64,X64_MINGW
; Control Flow Guard is currently only available on Windows

; Test that Control Flow Guard checks are correctly added when required.


declare i32 @target_func()


; Test that Control Flow Guard checks are not added on calls with the "guard_nocf" attribute.
define i32 @func_guard_nocf() {
entry:
  %func_ptr = alloca ptr, align 8
  store ptr @target_func, ptr %func_ptr, align 8
  %0 = load ptr, ptr %func_ptr, align 8
  %1 = call i32 %0() #0
  ret i32 %1

  ; X32-LABEL: func_guard_nocf
  ; X32:             movl  $_target_func, %eax
  ; X32-NOT: __guard_check_icall_fptr
        ; X32:       calll *%eax

  ; X64-LABEL: func_guard_nocf
  ; X64:       leaq     target_func(%rip), %rax
  ; X64-NOT: __guard_dispatch_icall_fptr
  ; X64:       callq    *%rax
}
attributes #0 = { "guard_nocf" }


; Test that Control Flow Guard checks are added even at -O0.
; FIXME Ideally these checks should be added as a single call instruction, as in the optimized case.
define i32 @func_optnone_cf() #1 {
entry:
  %func_ptr = alloca ptr, align 8
  store ptr @target_func, ptr %func_ptr, align 8
  %0 = load ptr, ptr %func_ptr, align 8
  %1 = call i32 %0()
  ret i32 %1

  ; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
  ; X32-LABEL: func_optnone_cf
        ; X32:       leal  _target_func, %eax
        ; X32:       movl  %eax, (%esp)
        ; X32:       movl  (%esp), %ecx
        ; X32:       calll *___guard_check_icall_fptr
        ; X32-NEXT:  calll *%ecx

  ; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
  ; X64-LABEL: func_optnone_cf
  ; X64:       leaq     target_func(%rip), %rax
  ; X64:       movq __guard_dispatch_icall_fptr(%rip), %rcx
  ; X64:       callq *%rcx
  ; X64-NOT:   callq
}
attributes #1 = { noinline optnone }


; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() {
entry:
  %func_ptr = alloca ptr, align 8
  store ptr @target_func, ptr %func_ptr, align 8
  %0 = load ptr, ptr %func_ptr, align 8
  %1 = call i32 %0()
  ret i32 %1

  ; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
  ; X32-LABEL: func_cf
  ; X32:             movl  $_target_func, %esi
        ; X32:       movl  $_target_func, %ecx
        ; X32:       calll *___guard_check_icall_fptr
        ; X32-NEXT:  calll *%esi

  ; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
  ; X64-LABEL: func_cf
  ; X64:       leaq     target_func(%rip), %rax
  ; X64:       callq *__guard_dispatch_icall_fptr(%rip)
  ; X64-NOT:   callq
}


; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() personality ptr @h {
entry:
  %0 = alloca i32, align 4
  %func_ptr = alloca ptr, align 8
  store ptr @target_func, ptr %func_ptr, align 8
  %1 = load ptr, ptr %func_ptr, align 8
  %2 = invoke i32 %1()
          to label %invoke.cont unwind label %lpad
invoke.cont:                                      ; preds = %entry
  ret i32 %2

lpad:                                             ; preds = %entry
  %tmp = landingpad { ptr, i32 }
          catch ptr null
  ret i32 -1

  ; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
  ; X32-LABEL: func_cf_invoke
  ; X32:             movl  $_target_func, %esi
        ; X32:       movl  $_target_func, %ecx
        ; X32:       calll *___guard_check_icall_fptr
  ; X32_MINGW-NEXT: Ltmp0:
        ; X32-NEXT:  calll *%esi
  ; X32:       # %invoke.cont
  ; X32:       # %lpad

  ; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
  ; X64-LABEL: func_cf_invoke
  ; X64:       leaq     target_func(%rip), %rax
  ; X64:       callq *__guard_dispatch_icall_fptr(%rip)
  ; X64-NOT:   callq
  ; X64:       # %invoke.cont
  ; X64:       # %lpad
}

declare void @h()


; Test that Control Flow Guard preserves floating point arguments.
declare double @target_func_doubles(double, double, double, double)

define double @func_cf_doubles() {
entry:
  %func_ptr = alloca ptr, align 8
  store ptr @target_func_doubles, ptr %func_ptr, align 8
  %0 = load ptr, ptr %func_ptr, align 8
  %1 = call double %0(double 1.000000e+00, double 2.000000e+00, double 3.000000e+00, double 4.000000e+00)
  ret double %1

  ; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
  ; X32-LABEL: func_cf_doubles
  ; X32:             movl  $_target_func_doubles, %esi
        ; X32:       movl  $_target_func_doubles, %ecx
        ; X32:       calll *___guard_check_icall_fptr
        ; X32:       calll *%esi


  ; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
  ; X64-LABEL: func_cf_doubles
  ; X64:       leaq     target_func_doubles(%rip), %rax
  ; X64_MSVC:  movsd __real@3ff0000000000000(%rip), %xmm0
  ; X64_MSVC:  movsd __real@4000000000000000(%rip), %xmm1
  ; X64_MSVC:  movsd __real@4008000000000000(%rip), %xmm2
  ; X64_MSVC:  movsd __real@4010000000000000(%rip), %xmm3
  ; X64_MINGW: movsd .LCPI4_0(%rip), %xmm0
  ; X64_MINGW: movsd .LCPI4_1(%rip), %xmm1
  ; X64_MINGW: movsd .LCPI4_2(%rip), %xmm2
  ; X64_MINGW: movsd .LCPI4_3(%rip), %xmm3
  ; X64:       callq *__guard_dispatch_icall_fptr(%rip)
  ; X64-NOT:   callq

}


; Test that Control Flow Guard checks are correctly added for tail calls.
define i32 @func_cf_tail() {
entry:
  %func_ptr = alloca ptr, align 8
  store ptr @target_func, ptr %func_ptr, align 8
  %0 = load ptr, ptr %func_ptr, align 8
  %1 = musttail call i32 %0()
  ret i32 %1

  ; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
  ; X32-LABEL: func_cf_tail
        ; X32:       movl  $_target_func, %ecx
        ; X32:       calll *___guard_check_icall_fptr
  ; X32:       movl $_target_func, %eax
        ; X32:       jmpl       *%eax                  # TAILCALL
  ; X32-NOT:   calll

  ; X64-LABEL: func_cf_tail
  ; X64:       leaq     target_func(%rip), %rax
  ; X64:       rex64 jmpq *__guard_dispatch_icall_fptr(%rip)         # TAILCALL
  ; X64-NOT:   callq
}


%struct.Foo = type { ptr }

; Test that Control Flow Guard checks are correctly added for variadic musttail
; calls. These are used for MS C++ ABI virtual member pointer thunks.
; PR44049
define i32 @vmptr_thunk(ptr inreg %p) {
entry:
  %vptr = load ptr, ptr %p
  %slot = getelementptr inbounds ptr, ptr %vptr, i32 1
  %vmethod = load ptr, ptr %slot
  %rv = musttail call i32 %vmethod(ptr inreg %p)
  ret i32 %rv

  ; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
  ; X32-LABEL: _vmptr_thunk:
  ; X32:       movl %eax, %esi
  ; X32:       movl (%eax), %eax
  ; X32:       movl 4(%eax), %ecx
  ; X32:       calll *___guard_check_icall_fptr
  ; X32:       movl %esi, %eax
  ; X32:       jmpl       *%ecx                  # TAILCALL
  ; X32-NOT:   calll

  ; Use NEXT here because we previously had an extra instruction in this sequence.
  ; X64-LABEL: vmptr_thunk:
  ; X64:            movq (%rcx), %rax
  ; X64-NEXT:       movq 8(%rax), %rax
  ; X64-NEXT:       movq __guard_dispatch_icall_fptr(%rip), %rdx
  ; X64-NEXT:       rex64 jmpq *%rdx            # TAILCALL
  ; X64-NOT:   callq
}

; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16

define i32 @func_cf_setjmp() {
  %1 = alloca i32, align 4
  %2 = alloca i32, align 4
  store i32 0, ptr %1, align 4
  store i32 -1, ptr %2, align 4
  %3 = call ptr @llvm.frameaddress(i32 0)
  %4 = call i32 @_setjmp(ptr @buf1, ptr %3) #2

  ; X32-LABEL: func_cf_setjmp
  ; X32:       calll __setjmp
  ; X32-NEXT:  $cfgsj_func_cf_setjmp0:

  ; X64-LABEL: func_cf_setjmp
  ; X64:       callq _setjmp
  ; X64-NEXT:  $cfgsj_func_cf_setjmp0:

  %5 = call ptr @llvm.frameaddress(i32 0)
  %6 = call i32 @_setjmp(ptr @buf1, ptr %5) #2

  ; X32:       calll __setjmp
  ; X32-NEXT:  $cfgsj_func_cf_setjmp1:

  ; X64:       callq _setjmp
  ; X64-NEXT:  $cfgsj_func_cf_setjmp1:

  store i32 1, ptr %2, align 4
  %7 = load i32, ptr %2, align 4
  ret i32 %7

  ; X32:       .section .gljmp$y,"dr"
  ; X32-NEXT:  .symidx $cfgsj_func_cf_setjmp0
  ; X32-NEXT:  .symidx $cfgsj_func_cf_setjmp1

  ; X64:       .section .gljmp$y,"dr"
  ; X64-NEXT:  .symidx $cfgsj_func_cf_setjmp0
  ; X64-NEXT:  .symidx $cfgsj_func_cf_setjmp1
}

declare ptr @llvm.frameaddress(i32)

; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(ptr, ptr) #2

attributes #2 = { returns_twice }


!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}