xref: /llvm-project/llvm/test/CodeGen/ARM/cfguard-checks.ll (revision d157a9bc8ba1085cc4808c6941412322a7fd884e) 
1; RUN: llc < %s -mtriple=arm-pc-windows-msvc | FileCheck %s
2; Control Flow Guard is currently only available on Windows
3
4; Test that Control Flow Guard checks are correctly added when required.
5
6
7declare i32 @target_func()
8
9
10; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
11define i32 @func_nocf_checks() #0 {
12entry:
13  %func_ptr = alloca i32 ()*, align 8
14  store i32 ()* @target_func, i32 ()** %func_ptr, align 8
15  %0 = load i32 ()*, i32 ()** %func_ptr, align 8
16  %1 = call arm_aapcs_vfpcc i32 %0()
17  ret i32 %1
18
19  ; CHECK-LABEL: func_nocf_checks
20  ; CHECK:       movw r0, :lower16:target_func
21	; CHECK:       movt r0, :upper16:target_func
22  ; CHECK-NOT:   __guard_check_icall_fptr
23	; CHECK:       blx r0
24}
25attributes #0 = { nocf_check "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
26
27
28; Test that Control Flow Guard checks are added even at -O0.
29define i32 @func_optnone_cf() #1 {
30entry:
31  %func_ptr = alloca i32 ()*, align 8
32  store i32 ()* @target_func, i32 ()** %func_ptr, align 8
33  %0 = load i32 ()*, i32 ()** %func_ptr, align 8
34  %1 = call i32 %0()
35  ret i32 %1
36
37  ; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
38  ; CHECK-LABEL: func_optnone_cf
39	; CHECK:       movw r0, :lower16:target_func
40	; CHECK:       movt r0, :upper16:target_func
41	; CHECK:       str r0, [sp]
42	; CHECK:       ldr r4, [sp]
43	; CHECK:       movw r0, :lower16:__guard_check_icall_fptr
44	; CHECK:       movt r0, :upper16:__guard_check_icall_fptr
45	; CHECK:       ldr r1, [r0]
46	; CHECK:       mov r0, r4
47	; CHECK:       blx r1
48	; CHECK-NEXT:  blx r4
49}
50attributes #1 = { noinline optnone "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
51
52
53; Test that Control Flow Guard checks are correctly added in optimized code (common case).
54define i32 @func_cf() #2 {
55entry:
56  %func_ptr = alloca i32 ()*, align 8
57  store i32 ()* @target_func, i32 ()** %func_ptr, align 8
58  %0 = load i32 ()*, i32 ()** %func_ptr, align 8
59  %1 = call i32 %0()
60  ret i32 %1
61
62  ; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
63  ; CHECK-LABEL: func_cf
64  ; CHECK:       movw r0, :lower16:__guard_check_icall_fptr
65	; CHECK:       movt r0, :upper16:__guard_check_icall_fptr
66	; CHECK:       ldr r1, [r0]
67  ; CHECK:       movw r4, :lower16:target_func
68	; CHECK:       movt r4, :upper16:target_func
69	; CHECK:       mov r0, r4
70	; CHECK:       blx r1
71	; CHECK-NEXT:  blx r4
72}
73attributes #2 = { "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
74
75
76; Test that Control Flow Guard checks are correctly added on invoke instructions.
77define i32 @func_cf_invoke() #2 personality i8* bitcast (void ()* @h to i8*) {
78entry:
79  %0 = alloca i32, align 4
80  %func_ptr = alloca i32 ()*, align 8
81  store i32 ()* @target_func, i32 ()** %func_ptr, align 8
82  %1 = load i32 ()*, i32 ()** %func_ptr, align 8
83  %2 = invoke i32 %1()
84          to label %invoke.cont unwind label %lpad
85invoke.cont:                                      ; preds = %entry
86  ret i32 %2
87
88lpad:                                             ; preds = %entry
89  %tmp = landingpad { i8*, i32 }
90          catch i8* null
91  ret i32 -1
92
93  ; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
94  ; CHECK-LABEL: func_cf_invoke
95  ; CHECK:       movw r0, :lower16:__guard_check_icall_fptr
96	; CHECK:       movt r0, :upper16:__guard_check_icall_fptr
97	; CHECK:       ldr r1, [r0]
98  ; CHECK:       movw r4, :lower16:target_func
99	; CHECK:       movt r4, :upper16:target_func
100	; CHECK:       mov r0, r4
101	; CHECK:       blx r1
102  ; CHECK-NEXT:  $Mtmp0:
103	; CHECK-NEXT:  blx r4
104  ; CHECK:       ; %invoke.cont
105  ; CHECK:       ; %lpad
106}
107
108declare void @h()
109
110
111; Test that longjmp targets have public labels and are included in the .gljmp section.
112%struct._SETJMP_FLOAT128 = type { [2 x i64] }
113@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
114
115define i32 @func_cf_setjmp() #2 {
116  %1 = alloca i32, align 4
117  %2 = alloca i32, align 4
118  store i32 0, i32* %1, align 4
119  store i32 -1, i32* %2, align 4
120  %3 = call i8* @llvm.frameaddress(i32 0)
121  %4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #3
122
123  ; CHECK-LABEL: func_cf_setjmp
124  ; CHECK:       bl _setjmp
125  ; CHECK-NEXT:  $cfgsj_func_cf_setjmp0:
126
127  %5 = call i8* @llvm.frameaddress(i32 0)
128  %6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #3
129
130  ; CHECK:       bl _setjmp
131  ; CHECK-NEXT:  $cfgsj_func_cf_setjmp1:
132
133  store i32 1, i32* %2, align 4
134  %7 = load i32, i32* %2, align 4
135  ret i32 %7
136
137  ; CHECK:       .section .gljmp$y,"dr"
138  ; CHECK-NEXT:  .symidx $cfgsj_func_cf_setjmp0
139  ; CHECK-NEXT:  .symidx $cfgsj_func_cf_setjmp1
140}
141
142declare i8* @llvm.frameaddress(i32)
143
144; Function Attrs: returns_twice
145declare dso_local i32 @_setjmp(i8*, i8*) #3
146
147attributes #3 = { returns_twice }
148
149
150!llvm.module.flags = !{!0}
151!0 = !{i32 2, !"cfguard", i32 2}
152