1*11791ae7SSayhaan Siddiqui## This reproduces a bug with converting an unknown control flow jump table with 2*11791ae7SSayhaan Siddiqui## entries pointing to code in function and its cold fragment. 31c286acfSAmir Ayupov 41c286acfSAmir Ayupov# REQUIRES: system-linux 51c286acfSAmir Ayupov 61c286acfSAmir Ayupov# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o 71c286acfSAmir Ayupov# RUN: llvm-strip --strip-unneeded %t.o 81c286acfSAmir Ayupov# RUN: %clang %cflags %t.o -o %t.exe -Wl,-q 91c286acfSAmir Ayupov# RUN: llvm-bolt %t.exe -o %t.out --lite=0 -v=1 --strict=1 -print-cfg \ 101c286acfSAmir Ayupov# RUN: -print-only=main 2>&1 | FileCheck %s 111c286acfSAmir Ayupov 121c286acfSAmir Ayupov# CHECK: BOLT-INFO: marking main.cold.1 as a fragment of main 131c286acfSAmir Ayupov# CHECK: Binary Function "main" after building cfg 141c286acfSAmir Ayupov# CHECK: Unknown CF : true 151c286acfSAmir Ayupov# CHECK: jmpq *%r8 # UNKNOWN CONTROL FLOW 161c286acfSAmir Ayupov# CHECK: PIC Jump table JUMP_TABLE for function main 171c286acfSAmir Ayupov# CHECK-NEXT: 0x0000 : .Ltmp0 181c286acfSAmir Ayupov# CHECK-NEXT: 0x0004 : .Ltmp1 191c286acfSAmir Ayupov# CHECK-NEXT: 0x0008 : __ENTRY_main.cold.1 201c286acfSAmir Ayupov# CHECK-NEXT: 0x000c : .Ltmp1 211c286acfSAmir Ayupov .text 221c286acfSAmir Ayupov .globl main 231c286acfSAmir Ayupov .type main, %function 241c286acfSAmir Ayupov .p2align 2 251c286acfSAmir Ayupovmain: 261c286acfSAmir AyupovLBB0: 271c286acfSAmir Ayupov leaq JUMP_TABLE(%rip), %r8 281c286acfSAmir Ayupov andl $0xf, %ecx 291c286acfSAmir Ayupov cmpb $0x4, %cl 30*11791ae7SSayhaan Siddiqui ## exit through abort in main.cold.1, registers cold fragment the regular way 311c286acfSAmir Ayupov ja main.cold.1 321c286acfSAmir Ayupov 33*11791ae7SSayhaan Siddiqui## jump table dispatch, jumping to label indexed by val in %ecx 341c286acfSAmir AyupovLBB1: 351c286acfSAmir Ayupov movzbl %cl, %ecx 361c286acfSAmir Ayupov movslq (%r8,%rcx,4), %rax 371c286acfSAmir Ayupov addq %rax, %r8 381c286acfSAmir Ayupov jmpq *%r8 391c286acfSAmir Ayupov 401c286acfSAmir AyupovLBB2: 411c286acfSAmir Ayupov xorq %rax, %rax 421c286acfSAmir AyupovLBB3: 431c286acfSAmir Ayupov addq $0x8, %rsp 441c286acfSAmir Ayupov ret 451c286acfSAmir Ayupov.size main, .-main 461c286acfSAmir Ayupov 471c286acfSAmir Ayupov .globl main.cold.1 481c286acfSAmir Ayupov .type main.cold.1, %function 491c286acfSAmir Ayupov .p2align 2 501c286acfSAmir Ayupovmain.cold.1: 51*11791ae7SSayhaan Siddiqui ## load bearing nop: pad LBB4 so that it can't be treated 52*11791ae7SSayhaan Siddiqui ## as __builtin_unreachable by analyzeJumpTable 531c286acfSAmir Ayupov nop 541c286acfSAmir AyupovLBB4: 551c286acfSAmir Ayupov callq abort 561c286acfSAmir Ayupov.size main.cold.1, .-main.cold.1 571c286acfSAmir Ayupov 581c286acfSAmir Ayupov .rodata 59*11791ae7SSayhaan Siddiqui## jmp table, entries must be R_X86_64_PC32 relocs 601c286acfSAmir Ayupov .globl JUMP_TABLE 611c286acfSAmir AyupovJUMP_TABLE: 621c286acfSAmir Ayupov .long LBB2-JUMP_TABLE 631c286acfSAmir Ayupov .long LBB3-JUMP_TABLE 641c286acfSAmir Ayupov .long LBB4-JUMP_TABLE 651c286acfSAmir Ayupov .long LBB3-JUMP_TABLE 66