1## This reproduces a bug with converting an unknown control flow jump table with 2## entries pointing to code in function and its cold fragment. 3 4# REQUIRES: system-linux 5 6# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o 7# RUN: llvm-strip --strip-unneeded %t.o 8# RUN: %clang %cflags %t.o -o %t.exe -Wl,-q 9# RUN: llvm-bolt %t.exe -o %t.out --lite=0 -v=1 --strict=1 -print-cfg \ 10# RUN: -print-only=main 2>&1 | FileCheck %s 11 12# CHECK: BOLT-INFO: marking main.cold.1 as a fragment of main 13# CHECK: Binary Function "main" after building cfg 14# CHECK: Unknown CF : true 15# CHECK: jmpq *%r8 # UNKNOWN CONTROL FLOW 16# CHECK: PIC Jump table JUMP_TABLE for function main 17# CHECK-NEXT: 0x0000 : .Ltmp0 18# CHECK-NEXT: 0x0004 : .Ltmp1 19# CHECK-NEXT: 0x0008 : __ENTRY_main.cold.1 20# CHECK-NEXT: 0x000c : .Ltmp1 21 .text 22 .globl main 23 .type main, %function 24 .p2align 2 25main: 26LBB0: 27 leaq JUMP_TABLE(%rip), %r8 28 andl $0xf, %ecx 29 cmpb $0x4, %cl 30 ## exit through abort in main.cold.1, registers cold fragment the regular way 31 ja main.cold.1 32 33## jump table dispatch, jumping to label indexed by val in %ecx 34LBB1: 35 movzbl %cl, %ecx 36 movslq (%r8,%rcx,4), %rax 37 addq %rax, %r8 38 jmpq *%r8 39 40LBB2: 41 xorq %rax, %rax 42LBB3: 43 addq $0x8, %rsp 44 ret 45.size main, .-main 46 47 .globl main.cold.1 48 .type main.cold.1, %function 49 .p2align 2 50main.cold.1: 51 ## load bearing nop: pad LBB4 so that it can't be treated 52 ## as __builtin_unreachable by analyzeJumpTable 53 nop 54LBB4: 55 callq abort 56.size main.cold.1, .-main.cold.1 57 58 .rodata 59## jmp table, entries must be R_X86_64_PC32 relocs 60 .globl JUMP_TABLE 61JUMP_TABLE: 62 .long LBB2-JUMP_TABLE 63 .long LBB3-JUMP_TABLE 64 .long LBB4-JUMP_TABLE 65 .long LBB3-JUMP_TABLE 66