cfguard-checks.ll
9.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added on calls with the "guard_nocf" attribute.
define i32 @func_guard_nocf() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0() #0
ret i32 %1
; X32-LABEL: func_guard_nocf
; X32: movl $_target_func, %eax
; X32-NOT: __guard_check_icall_fptr
; X32: calll *%eax
; X64-LABEL: func_guard_nocf
; X64: leaq target_func(%rip), %rax
; X64-NOT: __guard_dispatch_icall_fptr
; X64: callq *%rax
}
attributes #0 = { "guard_nocf" }
; Test that Control Flow Guard checks are added even at -O0.
; FIXME Ideally these checks should be added as a single call instruction, as in the optimized case.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_optnone_cf
; X32: leal _target_func, %eax
; X32: movl %eax, (%esp)
; X32: movl (%esp), %ecx
; X32: movl ___guard_check_icall_fptr, %eax
; X32: calll *%eax
; X32-NEXT: calll *%ecx
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_optnone_cf
; X64: leaq target_func(%rip), %rax
; X64: movq __guard_dispatch_icall_fptr(%rip), %rcx
; X64: callq *%rcx
; X64-NOT: callq
}
attributes #1 = { noinline optnone }
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf
; X32: movl $_target_func, %esi
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32-NEXT: calll *%esi
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf
; X64: leaq target_func(%rip), %rax
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_invoke
; X32: movl $_target_func, %esi
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32-NEXT: calll *%esi
; X32: # %invoke.cont
; X32: # %lpad
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf_invoke
; X64: leaq target_func(%rip), %rax
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
; X64: # %invoke.cont
; X64: # %lpad
}
declare void @h()
; Test that Control Flow Guard preserves floating point arguments.
declare double @target_func_doubles(double, double, double, double)
define double @func_cf_doubles() {
entry:
%func_ptr = alloca double (double, double, double, double)*, align 8
store double (double, double, double, double)* @target_func_doubles, double (double, double, double, double)** %func_ptr, align 8
%0 = load double (double, double, double, double)*, double (double, double, double, double)** %func_ptr, align 8
%1 = call double %0(double 1.000000e+00, double 2.000000e+00, double 3.000000e+00, double 4.000000e+00)
ret double %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_doubles
; X32: movl $_target_func_doubles, %esi
; X32: movl $_target_func_doubles, %ecx
; X32: calll *___guard_check_icall_fptr
; X32: calll *%esi
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf_doubles
; X64: leaq target_func_doubles(%rip), %rax
; X64: movsd __real@3ff0000000000000(%rip), %xmm0
; X64: movsd __real@4000000000000000(%rip), %xmm1
; X64: movsd __real@4008000000000000(%rip), %xmm2
; X64: movsd __real@4010000000000000(%rip), %xmm3
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
; Test that Control Flow Guard checks are correctly added for tail calls.
define i32 @func_cf_tail() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = musttail call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_tail
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32: movl $_target_func, %eax
; X32: jmpl *%eax # TAILCALL
; X32-NOT: calll
; X64-LABEL: func_cf_tail
; X64: leaq target_func(%rip), %rax
; X64: rex64 jmpq *__guard_dispatch_icall_fptr(%rip) # TAILCALL
; X64-NOT: callq
}
%struct.Foo = type { i32 (%struct.Foo*)** }
; Test that Control Flow Guard checks are correctly added for variadic musttail
; calls. These are used for MS C++ ABI virtual member pointer thunks.
; PR44049
define i32 @vmptr_thunk(%struct.Foo* inreg %p) {
entry:
%vptr.addr = getelementptr inbounds %struct.Foo, %struct.Foo* %p, i32 0, i32 0
%vptr = load i32 (%struct.Foo*)**, i32 (%struct.Foo*)*** %vptr.addr
%slot = getelementptr inbounds i32 (%struct.Foo*)*, i32 (%struct.Foo*)** %vptr, i32 1
%vmethod = load i32 (%struct.Foo*)*, i32 (%struct.Foo*)** %slot
%rv = musttail call i32 %vmethod(%struct.Foo* inreg %p)
ret i32 %rv
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: _vmptr_thunk:
; X32: movl %eax, %esi
; X32: movl (%eax), %eax
; X32: movl 4(%eax), %ecx
; X32: calll *___guard_check_icall_fptr
; X32: movl %esi, %eax
; X32: jmpl *%ecx # TAILCALL
; X32-NOT: calll
; Use NEXT here because we previously had an extra instruction in this sequence.
; X64-LABEL: vmptr_thunk:
; X64: movq (%rcx), %rax
; X64-NEXT: movq 8(%rax), %rax
; X64-NEXT: movq __guard_dispatch_icall_fptr(%rip), %rdx
; X64-NEXT: rex64 jmpq *%rdx # TAILCALL
; X64-NOT: callq
}
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #2
; X32-LABEL: func_cf_setjmp
; X32: calll __setjmp
; X32-NEXT: $cfgsj_func_cf_setjmp0:
; X64-LABEL: func_cf_setjmp
; X64: callq _setjmp
; X64-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #2
; X32: calll __setjmp
; X32-NEXT: $cfgsj_func_cf_setjmp1:
; X64: callq _setjmp
; X64-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; X32: .section .gljmp$y,"dr"
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp0
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp1
; X64: .section .gljmp$y,"dr"
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp0
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #2
attributes #2 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}