This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
docs/
1/1
ReleaseNotes.rst
-
UndefinedBehaviorSanitizer.rst
-
include/clang/Basic/
-
clang/
-
Basic/
-
Sanitizers.def
-
lib/
-
CodeGen/
1/6
CGCall.cpp
-
CGCleanup.h
-
CGCleanup.cpp
-
CGException.cpp
-
CGExpr.cpp
3/3
CodeGenFunction.h
-
CodeGenFunction.cpp
-
EHScopeStack.h
-
Driver/
-
SanitizerArgs.cpp
-
test/
-
CodeGen/
5/7
windows-seh-EHa-CppCondiTemps.cpp
-
CodeGenCXX/
-
catch-exception-escape.cpp
-
exception-escape-as-ub-cleanups.cpp
-
Driver/
-
fsanitize.c
-
compiler-rt/
-
lib/
-
ubsan/
-
ubsan_checks.inc
-
ubsan_handlers.h
-
ubsan_handlers.cpp
-
ubsan_minimal/
-
ubsan_minimal_handlers.cpp
-
test/
-
ubsan/TestCases/Misc/
-
TestCases/
-
Misc/
-
exception-escape.cpp
-
ubsan_minimal/TestCases/
-
TestCases/
-
exception-escape.cpp

Differential D137381

[clang][compiler-rt] Exception escape out of an non-unwinding function is an undefined behaviour
Needs ReviewPublic

Authored by lebedev.ri on Nov 3 2022, 6:45 PM.

Download Raw Diff

Details

Reviewers

rjmccall
morehouse
aaron.ballman
dvyukov
MaskRay
vsk
jyknight
efriedma
vitalybuka

Group Reviewers

Restricted Project

Summary

I've stumbled into this in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52989&q=label%3AProj-librawspeed
which manifested as an obscure leak, and originated from a seemingly simple refactoring:
https://github.com/darktable-org/rawspeed/commit/1fd09b9cffbddc65753eb523f7ba5528d35fe34d#diff-c832cc8366d36ca1165ecef7f4a256a2643ec09c4405a1238222a4529df619a1R172-R174

Reduced, this should look like: (actual repro in progress)

#include <vector>

std::vector<int> handle() {
  std::vector<int> v(42, 42); // this somehow leaks
  return v;
}

__attribute__((pure)) // double yikes
std::vector<int> footgun(int argc) {
  std::vector<int> v(24, 24);
  if(argc != 42)
    throw int(0); // yikes
  return v;
}

int main(int argc, char* argv[]) {
    try {
        auto v = handle();
        auto v2 = footgun(argc);
    } catch(...) {}
    return 0;
}

https://godbolt.org/z/zdavdKnfa

Surprisingly, we did not handle it before.
I'm not yet sure if we can pretty-print the actual exception on compiler-rt side.

(I may need to update a couple tests still)

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	710 ms	x64 debian > AddressSanitizer-x86_64-linux.TestCases/Linux::interface_symbols_linux.cpp
	1,200 ms	x64 debian > UBSan-AddressSanitizer-x86_64.TestCases/Misc::exception-escape.cpp
	1,120 ms	x64 debian > UBSan-MemorySanitizer-x86_64.TestCases/Misc::exception-escape.cpp
	890 ms	x64 debian > UBSan-Standalone-x86_64.TestCases/Misc::exception-escape.cpp
	1,690 ms	x64 debian > UBSan-ThreadSanitizer-x86_64.TestCases/Misc::exception-escape.cpp

Event Timeline

lebedev.ri created this revision.Nov 3 2022, 6:45 PM

Herald added a project: Restricted Project. · View Herald TranscriptNov 3 2022, 6:45 PM

Herald added subscribers: Enna1, StephenFan, dberris. · View Herald Transcript

lebedev.ri requested review of this revision.Nov 3 2022, 6:45 PM

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptNov 3 2022, 6:45 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

(also, this needs a bit more work around irgen, will look in a bit.)

Harbormaster completed remote builds in B196044: Diff 473097.Nov 3 2022, 7:26 PM

In your example, clang++ a.cc; ./a.out gives a libstdc++ error:

terminate called after throwing an instance of 'int'

libc++'s is similar.

footgun is nounwind (due to the GNU pure attribute), so Clang uses call instead of invoke and the function call is described by a call site entry with a zero action_record_offset (i.e. not a handler) in .gcc_except_table.
In _Unwind_RaiseException called by __cxa_throw, the missing exception handler causes __terminate.

g++ a.cc; ./a.out succeeds, because its footgun call is caught by catch (...). (Perhaps GCC doesn't have Clang's nounwind optimization.)

The patch doesn't implement the runtime correctly (I get a linker error) so I cannot try it out. How expensive is your instrumentation?
Does it work with -fno-exceptions intermediate functions? (Unwinding through such functions should fail as well). Note that this check can be done today,without any instrumentation: just use -fno-asynchronous-unwind-tables (for some targets which default to async unwind tables (aarch64,x86,etc)).
If the process installs a SIGABRT signal handler, the stack trace can be printed when __terminate calls abort.

In D137381#3907104, @MaskRay wrote:
In your example, clang++ a.cc; ./a.out gives a libstdc++ error:
terminate called after throwing an instance of 'int'
libc++'s is similar.

That's great, but just a symptom of misreduced testcase.
The whole problem is that in the original bug *no* abort happened at runtime,
the program terminated successfully, with a mysterious leak.

footgun is nounwind (due to the GNU pure attribute), so Clang uses call instead of invoke and the function call is described by a call site entry with a zero action_record_offset (i.e. not a handler) in .gcc_except_table.
In _Unwind_RaiseException called by __cxa_throw, the missing exception handler causes __terminate.

g++ a.cc; ./a.out succeeds, because its footgun call is caught by catch (...). (Perhaps GCC doesn't have Clang's nounwind optimization.)

The patch doesn't implement the runtime correctly (I get a linker error) so I cannot try it out. How expensive is your instrumentation?
Does it work with -fno-exceptions intermediate functions? (Unwinding through such functions should fail as well). Note that this check can be done today,without any instrumentation: just use -fno-asynchronous-unwind-tables (for some targets which default to async unwind tables (aarch64,x86,etc)).
If the process installs a SIGABRT signal handler, the stack trace can be printed when __terminate calls abort.

I find this comment non-welcoming and discouraging.
I just wanted to get something posted when i had something to post already. All of this needs a bit more time.

In D137381#3907799, @lebedev.ri wrote:
In D137381#3907104, @MaskRay wrote:
In your example, clang++ a.cc; ./a.out gives a libstdc++ error:
terminate called after throwing an instance of 'int'
libc++'s is similar.
That's great, but just a symptom of misreduced testcase.
The whole problem is that in the original bug *no* abort happened at runtime,
the program terminated successfully, with a mysterious leak.

footgun is nounwind (due to the GNU pure attribute), so Clang uses call instead of invoke and the function call is described by a call site entry with a zero action_record_offset (i.e. not a handler) in .gcc_except_table.
In _Unwind_RaiseException called by __cxa_throw, the missing exception handler causes __terminate.

g++ a.cc; ./a.out succeeds, because its footgun call is caught by catch (...). (Perhaps GCC doesn't have Clang's nounwind optimization.)

FWIW, i now have a standalone reproducer (~3MiB filesize),
and without sanitizers there's no abort regardless of optimization level,
with sanitizers there's only the leak report, and no mention of the exception.

I've already reduced it, but something gone wrong, and for some inexplicable reason,
creduce succeeded with a repro that does not pass the interestingness test
(this is not an error in said interestingness test.) So i will need to re-reduce.

But as as i have expected, the problem will likely end up being more fundamental,
because, not unexpectedly, this new diagnostic does not show up either.

TLDR:

Macro thisisfine:

The patch doesn't implement the runtime correctly (I get a linker error) so I cannot try it out.

I believe this should now be fixed.
I did not update getRecoverableKind(), which, conveniently, duplicates Unrecoverable from SanitizerArgs.cpp...

How expensive is your instrumentation?
Does it work with -fno-exceptions intermediate functions? (Unwinding through such functions should fail as well). Note that this check can be done today,without any instrumentation: just use -fno-asynchronous-unwind-tables (for some targets which default to async unwind tables (aarch64,x86,etc)).
If the process installs a SIGABRT signal handler, the stack trace can be printed when __terminate calls abort.

As you can see, at least right now, this quite literally relies on
the existing CodeGenFunction::getTerminateLandingPad() handling infra,
so it is as cheap as it will be. But has the same bugs as it already has.

The obvious alternative implementation could be to, when emitting nounwing function body F,
emit it as a thunk with an an invoke of an actual function, but without nounwind,
but that is undesirable because we lose all source debug information.

This is UB, and it should be handled by UBSan, not somewhere else,
especially because that will result in best error messages.

I find this comment non-welcoming and discouraging.
I just wanted to get something posted when i had something to post already. All of this needs a bit more time.

Herald added a subscriber: mstorsjo. · View Herald TranscriptNov 6 2022, 5:52 PM

Harbormaster completed remote builds in B196381: Diff 473529.Nov 6 2022, 6:52 PM

lebedev.ri mentioned this in D137901: [Clang] `nothrow`-implying attributes should actually manifest `nothrow` attribute (PR58798).Nov 12 2022, 6:05 PM

I think improving diagnostic is useful but -fsanitize= is probably not a good place. Instrumenting call sites with callq __ubsan_handle_exception_escape@PLT wastes code size. The functionality is better handled somewhere in libc++abi personality related code with possible improvement to exception handling related LLVM IR.

void bar(); void foo() { bar(); }

clang++ -fno-exceptions -fsanitize=exception-escape -c b.cc does not instrument the potentially-throwing-and-propagating bar() so an error cannot be caught.
However, for -fno-exceptions code, instrumenting every call site is going to greatly increase code size and suppress optimizations.

I wish that I capture the compiler and runtime behavior well in https://maskray.me/blog/2020-12-12-c++-exception-handling-abi#compiler-behavior. https://discourse.llvm.org/t/catching-exceptions-while-unwinding-through-fno-exceptions-code/57151 is a proposal to improve the diagnostics.

Can someone from @Sanitizers please comment? :) @vitalybuka ? @glider ? @rsmith ?

In D137381#3923911, @MaskRay wrote:

I think improving diagnostic is useful but -fsanitize= is probably not a good place.

Instrumenting call sites with callq __ubsan_handle_exception_escape@PLT wastes code size.

Can you please explain why replacing one call with another somehow makes things worse?

The functionality is better handled somewhere in libc++abi personality related code

That would not be helpful, i'm not using libc++.
It seems obviously wrong to me to require every used C++ ABI library
to implement "some improvements", instead, you know,
the clang irgen + clang ubsan lib.

If we do this, we have native source location info for the location of the call site
out of which the exception has escaped, that causes the "abort".
I do not know if that will be possible with less native approach.

The reason i'm doing this, is because recently i had to deal with a few of these bugs,
and i never got any kind of backtrace, so the situation can't not be made better.

with possible improvement to exception handling related LLVM IR.

void bar(); void foo() { bar(); }
clang++ -fno-exceptions -fsanitize=exception-escape -c b.cc does not instrument the potentially-throwing-and-propagating bar() so an error cannot be caught.

i'm only looking at -fexceptions side of things, i'm not sure how
mixing -fno-exceptions and -fexceptions code is supposed to work.
It is not oblivious to me why not dealing with some other situation
means we can't deal with the situation we can deal with.

However, for -fno-exceptions code, instrumenting every call site is going to greatly increase code size and suppress optimizations.

Citation needed/define "greatly"?
We have a single "termination" landing pad per function,
and we seem to end up with just a single extra jmp per call.
https://godbolt.org/z/Td3jWM1oh

But yes, that's the known and expected nature of sanitization.

I wish that I capture the compiler and runtime behavior well in https://maskray.me/blog/2020-12-12-c++-exception-handling-abi#compiler-behavior. https://discourse.llvm.org/t/catching-exceptions-while-unwinding-through-fno-exceptions-code/57151 is a proposal to improve the diagnostics.

Thanks. That explains current behavior, but does not tell why it must be enshrined and never changed.

In D137381#3924698, @lebedev.ri wrote:

Can someone from @Sanitizers please comment? :) @vitalybuka ? @glider ? @rsmith ?

In D137381#3923911, @MaskRay wrote:

I think improving diagnostic is useful but -fsanitize= is probably not a good place.

@MaskRay Seems find to me. Why do you think so?

Instrumenting call sites with callq __ubsan_handle_exception_escape@PLT wastes code size.

Can you please explain why replacing one call with another somehow makes things worse?

Would be nice to see some measuraments? E.g. CTMark.

The functionality is better handled somewhere in libc++abi personality related code

That would not be helpful, i'm not using libc++.
It seems obviously wrong to me to require every used C++ ABI library
to implement "some improvements", instead, you know,
the clang irgen + clang ubsan lib.

If we do this, we have native source location info for the location of the call site
out of which the exception has escaped, that causes the "abort".
I do not know if that will be possible with less native approach.

The reason i'm doing this, is because recently i had to deal with a few of these bugs,
and i never got any kind of backtrace, so the situation can't not be made better.

with possible improvement to exception handling related LLVM IR.
void bar(); void foo() { bar(); }
clang++ -fno-exceptions -fsanitize=exception-escape -c b.cc does not instrument the potentially-throwing-and-propagating bar() so an error cannot be caught.
i'm only looking at -fexceptions side of things, i'm not sure how
mixing -fno-exceptions and -fexceptions code is supposed to work.

Handling this case would be usefull.

It is not oblivious to me why not dealing with some other situation
means we can't deal with the situation we can deal with.

However, for -fno-exceptions code, instrumenting every call site is going to greatly increase code size and suppress optimizations.

Citation needed/define "greatly"?
We have a single "termination" landing pad per function,
and we seem to end up with just a single extra jmp per call.
https://godbolt.org/z/Td3jWM1oh

But yes, that's the known and expected nature of sanitization.

I wish that I capture the compiler and runtime behavior well in https://maskray.me/blog/2020-12-12-c++-exception-handling-abi#compiler-behavior. https://discourse.llvm.org/t/catching-exceptions-while-unwinding-through-fno-exceptions-code/57151 is a proposal to improve the diagnostics.

Thanks. That explains current behavior, but does not tell why it must be enshrined and never changed.

clang/docs/ReleaseNotes.rst
877

I don't have a problem with adding a sanitizer like this. IIRC, though, there's a review process for adding new sanitizers; I don't remember if this is the normal RFC process or something more streamlined. Also, I know @jyknight is interested in a mode that checks -fno-exceptions more efficiently, which is of direct relevance to what you're trying here; that was discussed in a forums thread (https://discourse.llvm.org/t/rfc-add-call-unwindabort-to-llvm-ir/62543).

The implementation and tests here don't seem to match the stated problem, though. Trying to throw out of a noexcept function is actually well-defined — the function has to catch the exception and call std::terminate, and we do actually generate code that way. Your patch is just adding a check at the start of the handler we emit, which means it's not catching anything we're not already catching; also, again, this is a well-defined execution path, so it doesn't seem appropriate to trigger UBSan on it.

IIRC, there are really only two potential sources of UB with noexcept. The first is that you can declare a function noexcept(true) but implement it as noexcept(false), which is in a class of problems (ODR violations) that I think UBSan doesn't normally try to diagnose. The second is that I think it's possible to get a noexcept(true) function pointer for a noexcept(false) function, maybe via some chain of casts; that would be a little closer to what UBSan normally diagnoses.

Meanwhile, your original test case has nothing to do with noexcept. __attribute__((pure)) (like nothrow and -fno-exceptions) really does introduce a novel UB rule which it would be reasonable to ask the compiler to check under UBSan.

I think the right way to handle what you're trying to handle would be to introduce some different kind of scope, a "it's UB to unwind out of this" scope, and then push that scope around calls and implementations of functions that use one of the UB-to-throw attributes. You could also potentially push that scope around calls to nounwind functions if you want to catch those ODR / function-pointer cases.

clang/lib/CodeGen/CodeGenFunction.h
2028	I'm not sure why this has a default argument.
2035	The purpose of `getInvokeDestImpl` is to outline the slow path, and this definitely belongs in the slow path.

@vitalybuka @rjmccall thank you for taking a look!
Since posting this, there has been a conversation in #llvm with @jyknight,
where it was established that the situation is even worse than i though.
Essentially, there are two situations:

exception escape out of non-unwinding function is guaranteed to cause program termination. That happens for:
- the C++ noexcept
- __attribute__((nothrow)) (for some non-obvious reason)
- OpenMP region lowering (even though it's not mandated by the standard)
exception escape out of non-unwinding function is wild UB, this is the semantics of
- __attribute__((pure))/__attribute__((const)).

It is possible that __attribute__((nothrow)) should also be in UB category,
otherwise what benefit does it bring over C++'s noexcept?

So, i have correctly felt that there is a problem, but the fix is going in the wrong way.
While i still think that we should handle case 1. in UBSan, let's first deal with 2.

In D137381#3926121, @rjmccall wrote:

I don't have a problem with adding a sanitizer like this. IIRC, though, there's a review process for adding new sanitizers; I don't remember if this is the normal RFC process or something more streamlined.

For the record, i have added the entirety of -fsanitize=implicit-conversion (part of -fsanitize=integer)
and -fsanitize=alignment, and this is the first time i'm hearing of an RFC process.

Also, I know @jyknight is interested in a mode that checks -fno-exceptions more efficiently, which is of direct relevance to what you're trying here; that was discussed in a forums thread (https://discourse.llvm.org/t/rfc-add-call-unwindabort-to-llvm-ir/62543).

Yes, we've talked in #llvm about that a bit.

The implementation and tests here don't seem to match the stated problem, though. Trying to throw out of a noexcept function is actually well-defined — the function has to catch the exception and call std::terminate, and we do actually generate code that way. Your patch is just adding a check at the start of the handler we emit, which means it's not catching anything we're not already catching; also, again, this is a well-defined execution path, so it doesn't seem appropriate to trigger UBSan on it.

IIRC, there are really only two potential sources of UB with noexcept. The first is that you can declare a function noexcept(true) but implement it as noexcept(false), which is in a class of problems (ODR violations) that I think UBSan doesn't normally try to diagnose. The second is that I think it's possible to get a noexcept(true) function pointer for a noexcept(false) function, maybe via some chain of casts; that would be a little closer to what UBSan normally diagnoses.

Meanwhile, your original test case has nothing to do with noexcept. __attribute__((pure)) (like nothrow and -fno-exceptions) really does introduce a novel UB rule which it would be reasonable to ask the compiler to check under UBSan.

I think the right way to handle what you're trying to handle would be to introduce some different kind of scope, a "it's UB to unwind out of this" scope, and then push that scope around calls and implementations of functions that use one of the UB-to-throw attributes. You could also potentially push that scope around calls to nounwind functions if you want to catch those ODR / function-pointer cases.

Yes. Somehow i did not think that those attributes introduce UB, and not are just handled incorrectly,
and tried to solve this the wrong way around. That being said, this diff is not incorrect.
I would like to have a sanitizer for the "exception escape is guaranteed to cause program termination" mode,
because all of the bugs with that mode i had to deal with had rather bad diagnostic,
but that can be done afterwards.

Thanks!

lebedev.ri added a reviewer: jyknight.Nov 15 2022, 8:51 AM

@rjmccall thank you for taking a look!
I do believe this now does the right thing.

I would like to keep this patch minimal.
I have not looked into -fno-exceptions,
and i'm not sure about funclets.
I will need to double-check tests.

lebedev.ri marked an inline comment as done.Nov 15 2022, 5:55 PM

lebedev.ri added inline comments.

clang/lib/CodeGen/CodeGenFunction.h
2035	The problem is that we aggressively cache all the EH stuff. I will take a second look, maybe this can be done less intrusively.

Harbormaster completed remote builds in B197887: Diff 475649.Nov 15 2022, 6:34 PM

Update tests.

lebedev.ri marked an inline comment as done.Nov 16 2022, 12:47 PM

lebedev.ri added inline comments.

clang/lib/CodeGen/CGCall.cpp
5406–5415	@rjmccall So there are two issues: `getInvokeDest()` isn't necessarily called just before creating an `invoke`, see e.g. `-EHa` handling in `CodeGenFunction::PopCleanupBlock()` Even if we ignore that, we need to do this for every `invoke`, not just those going to the our UB landing pad, consider: https://godbolt.org/z/qTeKor41a <- the invoke leads to a normal landing pad, yet we immediately rethrow the just-caught exception, and now end up in the UB landing pad. So i'm not really seeing an alternative path here?

Harbormaster completed remote builds in B198051: Diff 475894.Nov 16 2022, 1:33 PM

ping

clang/lib/CodeGen/CGCall.cpp
5406–5415	@rjmccall do you agree with my reasoning here? Perhaps there is some other solution that i'm not seeing, other than not having the source location?

ping. We need to get this going, reminder, this was caught because it caused a visible miscompilation.
@rjmccall are you satisfied with the way we emit srcloc info?
@aaron.ballman thoughts on the docs changes?

One unanswered question i have, is if we can get the exception's underlying C++ type as a string,
and print it. Also, is it useful to pass Exn into the handler? Can we do anything useful with it?

In D137381#3953178, @lebedev.ri wrote:

ping. We need to get this going, reminder, this was caught because it caused a visible miscompilation.

I'm sorry, I caught COVID-19 during the LLVM conference and have not had a lot of energy recently, plus last week was the Thanksgiving holiday in the US.

Please don't describe this as a miscompilation. It may not match what you want as a user, but what the the compiler is doing is not incorrect. What you're doing is adding a mitigation to try to protect against a source of UB that recently affected you, which is commendable but doesn't have the same level of urgency.

clang/lib/CodeGen/CGCall.cpp
5406–5415	I think there are four interesting questions posed by your example. The first is whether we should make an effort to report the original source location for the call to `maybe_throws` instead of the rethrow location. To me, the answer is no, and the main reason is that the user is explicitly acknowledging the possibility of an exception and is (probably) trying to handle it. That means that the proximate source of programmer error is now that their attempt to handle it failed, not that an exception was raised in the first place. That might seem weird for your example specifically, The second is what source location we should report for invokes that don't have an obvious source location. The answer is that I think we should always try to have a source location, even if it might be an imperfect one. Synthesized code almost always has a source location that triggered the synthesis. Cleanups are typically associated with some variable or temporary that itself should have a source location. Even things like `__cxa_end_catch` are associated with the `catch` clause. Hopefully UBSan has a flexible enough schema in how source locations are expressed to it for us to communicate these things down to the runtime, like "synthesized code at Foo.cpp:18" or "cleanup for variable at Bar.cpp:107". The third is the more general question of whether we need to store a source location before every `invoke`. To ensure that this variable is meaningfully initialized, we need to store a source location before every invoke that can lead to a UB scope. But the variable is stateful, so it's equally important that we not emit stores that might overwrite the source location that we actually want to report. For example, we want the source location reported in your example to be the source location for the `throw;`, not something associated with the `__cxa_end_catch` cleanup. This basically boils down to not doing stores within a landing pad before it enters a `catch` handler. Fortunately, landing pad code like that should always be in a terminate scope, so I think you can just look at the current EH stack and see whether the landing pad can possibly reach a UB scope. (You might need some save-and-restore logic around `@finally` blocks in ObjC.) The final question is whether we need to emit cleanups on paths that lead to UB scopes at all. In the simplest cases, I think we don't. The standard says that it's implementation-specified whether the stack is unwound on an exception path that leads to termination. That rule doesn't technically apply here, but only because we're dealing with a language extension that makes unwinding UB in the first place. Since we have room to choose the semantics, the standard gives us pretty strong cover to be just as aggressive about skipping cleanups in contexts where throwing is UB as it is in contexts where throwing terminates. That, in turn, means that the landing pad in these contexts will usually just be a UB scope with no cleanups in it. So even if we did need to worry about cleanups overwriting the source location, it usually won't be possible because we won't be running cleanups. In fact, if there's a catch-all or a terminate scope, the UB scope won't be reachable, so the only situation where we have to worry about cleanups being run before we reach a UB scope is if there are cleanups inside a partial catch clause, like `catch (const std::exception &e)`. And in principle we have the information up front from the EH selector to know whether we're going to end up in a catch handler, so we could actually just check immediately at the start of the landing pad and then trigger UBSan.

@rjmccall thank you for taking a look!

In D137381#3955100, @rjmccall wrote:

In D137381#3953178, @lebedev.ri wrote:

ping. We need to get this going, reminder, this was caught because it caused a visible miscompilation.

I'm sorry, I caught COVID-19 during the LLVM conference and have not had a lot of energy recently,

I'm sorry.

plus last week was the Thanksgiving holiday in the US.

Please don't describe this as a miscompilation. It may not match what you want as a user, but what the the compiler is doing is not incorrect.

Right.

What you're doing is adding a mitigation to try to protect against a source of UB that recently affected you, which is commendable but doesn't have the same level of urgency.

I'm mainly worried that there are likely other "miscompilations" in the wild.
Also, after this, we might want to reevaluate which clang attribute does what,

clang/lib/CodeGen/CGCall.cpp
5406–5415	The final question is whether we need to emit cleanups on paths that lead to UB scopes at all. In the simplest cases, I think we don't. The standard says that it's implementation-specified whether the stack is unwound on an exception path that leads to termination. That rule doesn't technically apply here, but only because we're dealing with a language extension that makes unwinding UB in the first place. Since we have room to choose the semantics, the standard gives us pretty strong cover to be just as aggressive about skipping cleanups in contexts where throwing is UB as it is in contexts where throwing terminates. That, in turn, means that the landing pad in these contexts will usually just be a UB scope with no cleanups in it. So even if we did need to worry about cleanups overwriting the source location, it usually won't be possible because we won't be running cleanups. In fact, if there's a catch-all or a terminate scope, the UB scope won't be reachable, so the only situation where we have to worry about cleanups being run before we reach a UB scope is if there are cleanups inside a partial catch clause, like catch (const std::exception &e). And in principle we have the information up front from the EH selector to know whether we're going to end up in a catch handler, so we could actually just check immediately at the start of the landing pad and then trigger UBSan. The more i stare at this. The more worried i am. Is the idea that, when we are in termination/UB EH scope, we no longer have to play by the RAII rules, and destructors, for the moment, are no-ops and are side-effect free? Consider: #include <cstdlib> #include <cstdio> void will_throw() { throw int(42); } void might_throw() { } struct abort_on_dtor { abort_on_dtor() {} [[noreturn]] ~abort_on_dtor() { printf("in ~abort_on_dtor()\n"); abort(); } }; void test0() noexcept { abort_on_dtor scope; will_throw(); might_throw(); } __attribute__ ((pure)) void test1() { abort_on_dtor scope; will_throw(); might_throw(); } int main(int argc, char* argv[]) { printf("argc = %i\n", argc); if(argc == 1) abort_on_dtor scope; if(argc == 2) test0(); if(argc == 3) test1(); return 0; } You'd think, if call to `test0()`/`test1()` unwinds, we'd first destruct `abort_on_dtor`, and termination/UB no longer happens. But i guess termination/UB time-traveled/"happened" the moment `test0()`/`test1()` unwinds?

@rjmccall thank you for taking a look!
Only addressing the final (out of 4) points.
Rest to follow, did not look into them yet.

clang/lib/CodeGen/CGCall.cpp
5406–5415	The final question is whether we need to emit cleanups on paths that lead to UB scopes at all. In the simplest cases I believe, i have implemented these semantics, i.e. no cleanups in UB EH scope, just like how we deal with Terminate scope when in UB EH scope, and not sanitizing, all callees are implicitly nounwind If `catch()` blocks don't catch the exception, and we get to UB scope, we go into `unreachable` block. Did i understand you correctly? (test suite does not pass, there are a few bugs to deal with)

The more i stare at this. The more worried i am. Is the idea that, when we are in termination/UB EH scope, we no longer have to play by the RAII rules, and destructors, for the moment, are no-ops and are side-effect free?

Termination is allowed to happen as soon as the implementation detects that unwinding will only avoid termination if a cleanup does something non-terminating, like infinite loop or abort. This does enable some amount of code-size optimization, but the main purpose (as I understand it) is to improve debugging of what's presumed to be a programmer error by allowing the runtime to trigger termination with the faulting context still intact instead of requiring the stack to be unwound just to, like, deallocate a temporary std::string ten frames up.

The important thing for us is that the standard explicitly blesses this presumption: it has been decided that C++ programmers should not be relying on destructors being called when their programs throw in a context where the implementation has no choice but to terminate, and if they really need unwinding to happen, they should be handling exceptions properly. I don't think that's an unreasonable rule. (Note that it is limited to failures to formally handle exceptions, not some sort of post-domination by std::terminate. If you catch an exception and then call std::terminate yourself, the rule does not apply, and the stack is required to be unwound to the catch.) Also, it's a rule that Clang already takes advantage of within terminate scopes, which are otherwise well-defined, so I do think it would be fairly absurd to act like these UB scopes need stricter rules about running cleanups.

Harbormaster completed remote builds in B199912: Diff 478430.Nov 28 2022, 7:20 PM

lebedev.ri mentioned this in D138958: [clang] Better UX for Clang’s unwind-affecting attributes.Nov 29 2022, 3:53 PM

aeubanks added a subscriber: aeubanks.Dec 2 2022, 4:19 PM

@rjmccall thank you for taking a look!

Always add UB scope for nounwind functions
When popping the EH scopes, do that in backwards order :)
Ensure that check-clang actually passes (it wasn't in last patch)
Correctly annotate call's in UB scope as nounwinding
Now, this point is uncomfortably overlapped with the D138958: i believe, the attribute that specifies that unwind is UB, takes priority over the exception specification / noexcept.
When looking into all this, an interesting question appeared: what about dynamic exception specification, EHFilterScope? If the outermost scope is UB, and exception is listed in EHFilterScope, then it will hit UB scope, and if it is not, then the function std::unexpected is called. The default function calls std::terminate, but it may be replaced by a user-provided function. Should we do something here?
I'm a bit lost about your 3'rd point in https://reviews.llvm.org/D137381#inline-1339891, about not overriding the src loc with something that is irrelevant. I think i need a C++ example in order to handle this. Right now it seems like those calls wouldn't actually go throught CodeGenFunction::EmitCall(), and thus wouldn't cause a proble.

Herald added subscribers: kbarton, aheejin, nemanjai, dschuff. · View Herald TranscriptDec 3 2022, 2:10 PM

lebedev.ri added a subscriber: tentzen.Dec 3 2022, 2:13 PM

lebedev.ri added inline comments.

clang/lib/CodeGen/CGCall.cpp
5406–5415	Ok, trying to continue looking into this The first is whether we should make an effort to report the original source location for the call to maybe_throws instead of the rethrow location. To me, the answer is no, Sure, seems reasonable. The second is what source location we should report for invokes that don't have an obvious source location. The answer is that I think we should always try to have a source location, even if it might be an imperfect one. It seems like this point is non-actionable. We simply always emit the source location, and if it is invalid, well, then that is a more general problem. The third is the more general question of whether we need to store a source location before every invoke. To ensure that this variable is meaningfully initialized, we need to store a source location before every invoke that can lead to a UB scope. But the variable is stateful, so it's equally important that we not emit stores that might overwrite the source location that we actually want to report. For example, we want the source location reported in your example to be the source location for the throw;, not something associated with the __cxa_end_catch cleanup. This basically boils down to not doing stores within a landing pad before it enters a catch handler. Fortunately, landing pad code like that should always be in a terminate scope, so I think you can just look at the current EH stack and see whether the landing pad can possibly reach a UB scope. (You might need some save-and-restore logic around @finally blocks in ObjC.) I've fixed source location for `throw`, but i'm not quite following the rest of the comment here. Can you perhaps give a self-contained example where we'd end up with wrong line? I'm not sure about ObjC, so i'll ignore that bit for a moment at least.
clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	This test broke once we always started adding (outermost) UB scope for nounwind functions. I don't quite get what is going wrong. It could be a bug in SEH handling. Can someone who has some idea about that code take a look and suggest a fix? @tentzen ?

Harbormaster completed remote builds in B200935: Diff 479869.Dec 3 2022, 3:33 PM

tentzen added inline comments.Dec 4 2022, 6:39 PM

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	By definition, non-unwind function I think is for Synchronous EH. So this Sanitizer check should exclude Asynchronous EH functions, those with option -fasync-exceptions.

lebedev.ri added inline comments.Dec 5 2022, 5:46 AM

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	I do not understand. If the function can unwind, then why is it marked `nounwind`? This kind of thing is exactly what i was afraid of with those SEH patches.

efriedma added inline comments.Dec 5 2022, 9:45 AM

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	clang should not be marking functions "nounwind" in -fasync-exceptions mode; if it is, I'd consider that a bug. (I assume someone just forgot to add a check to some code that adds nounwind.)

lebedev.ri marked 2 inline comments as done.Dec 5 2022, 11:45 AM

lebedev.ri added inline comments.

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	My thoughts precisely. @tentzen please fix :)

tentzen added inline comments.Dec 6 2022, 8:42 PM

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	This is copied from LLVM reference manual: nounwind This function attribute indicates that the function never raises an exception. If the function does raise an exception, its runtime behavior is undefined. However, functions marked nounwind may still trap or generate asynchronous exceptions. Exception handling schemes that are recognized by LLVM to handle asynchronous exceptions, such as SEH, will still provide their implementation defined semantics. So I think nounwind only implies no synchronous/software unwind, not HW traps etc.

lebedev.ri marked an inline comment as done.Dec 7 2022, 6:45 AM

lebedev.ri added inline comments.

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp
3	Ok, good point. But i'm still not quite sure why the test is getting miscompiled.

Last(?) ping of the year?

ping

I am unfamiliar with Clang codegen so I am just commenting about what a user may feel about this feature.

compiler-rt/test/ubsan/TestCases/Misc/exception-escape.cpp cannot demonstrate the value of the new UBSan check -fsanitize=exception-escape, as the executable will fail without the option (Clang emits call instead of invoke for a nounwind function call, and there is no LSDA information, libgcc/libunwind will call terminate; it's trivial to get more diagnostic with a SIBABRT signal handler).
To demonstrate the value, footgun and its caller need to be in different TUs and the caller does not know footgun is nounwind.
In such a setup, I think people likely care more about -fno-exceptions/-fexceptions exception propagation instead of __attribute__((pure)) and find -fsanitize=exception-escape not do what it may advertise.

The more common -fno-exceptions/-fexceptions exception propagation dilemma can be detected today with -fno-asynchronous-unwind-tables.

In D137381#4038716, @MaskRay wrote:

I am unfamiliar with Clang codegen so I am just commenting about what a user may feel about this feature.

compiler-rt/test/ubsan/TestCases/Misc/exception-escape.cpp cannot demonstrate the value of the new UBSan check -fsanitize=exception-escape, as the executable will fail without the option (Clang emits call instead of invoke for a nounwind function call, and there is no LSDA information, libgcc/libunwind will call terminate; it's trivial to get more diagnostic with a SIBABRT signal handler).
To demonstrate the value, footgun and its caller need to be in different TUs and the caller does not know footgun is nounwind.
In such a setup, I think people likely care more about -fno-exceptions/-fexceptions exception propagation instead of __attribute__((pure)) and find -fsanitize=exception-escape not do what it may advertise.

The more common -fno-exceptions/-fexceptions exception propagation dilemma can be detected today with -fno-asynchronous-unwind-tables.

Thank you for taking a look. I'm afraid this review comment is not based on reality, so i'm forced to ignore it.
The whole point of the clang change is to *NOT* lower such calls that we "know" will not unwind to a call, but into an invoke, with sanitization in the landingpad.

lebedev.ri mentioned this in D141561: [clang] True `noexcept` (`-fstrict-noexcept` language dialect).Jan 11 2023, 6:06 PM

vitalybuka resigned from this revision.Aug 27 2023, 10:17 PM

Revision Contents

Path

Size

clang/

docs/

ReleaseNotes.rst

5 lines

UndefinedBehaviorSanitizer.rst

2 lines

include/

clang/

Basic/

Sanitizers.def

3 lines

lib/

CodeGen/

20 lines

39 lines

47 lines

361 lines

3 lines

29 lines

3 lines

17 lines

Driver/

SanitizerArgs.cpp

5 lines

test/

CodeGen/

windows-seh-EHa-CppCondiTemps.cpp

3 lines

CodeGenCXX/

catch-exception-escape.cpp

1258 lines

exception-escape-as-ub-cleanups.cpp

776 lines

Driver/

fsanitize.c

18 lines

compiler-rt/

lib/

ubsan/

ubsan_checks.inc

1 line

ubsan_handlers.h

7 lines

ubsan_handlers.cpp

11 lines

ubsan_minimal/

ubsan_minimal_handlers.cpp

1 line

test/

ubsan/

TestCases/

Misc/

exception-escape.cpp

104 lines

ubsan_minimal/

TestCases/

exception-escape.cpp

48 lines

Diff 479869

clang/docs/ReleaseNotes.rst

Show First 20 Lines • Show All 867 Lines • ▼ Show 20 Lines

Sanitizers

----------

- ``-fsanitize-memory-param-retval`` is turned on by default. With

``-fsanitize=memory``, passing uninitialized variables to functions and

returning uninitialized variables from functions is more aggressively

reported. ``-fno-sanitize-memory-param-retval`` restores the previous

behavior.

- A new Undefined Behavior Sanitizer check has been implemented:

``-fsanitize=exception-escape`` (part of ``-fsanitize=undefined``),

vitalybukaUnsubmitted

Done

- A new Undefined Behavior Sanitizer check has been implemented:

- ``-fsanitize-exception-escape`` (part of ``-fsanitize=undefined``),

+ ``-fsanitize=exception-escape`` (part of ``-fsanitize=undefined``),

which catches cases of C++ exceptions trying to unwind

vitalybuka:

which catches cases of C++ exceptions trying to unwind

out of non-unwindable functions.

Core Analysis Improvements

==========================

- ...

New Issues Found

================

Show All 26 Lines

clang/docs/UndefinedBehaviorSanitizer.rst

Show First 20 Lines • Show All 174 Lines • ▼ Show 20 Lines	- ``-fsanitize=unsigned-integer-overflow``: Unsigned integer overflow, where
(see ``-fsanitize=implicit-conversion``).		(see ``-fsanitize=implicit-conversion``).
- ``-fsanitize=vla-bound``: A variable-length array whose bound		- ``-fsanitize=vla-bound``: A variable-length array whose bound
does not evaluate to a positive value.		does not evaluate to a positive value.
- ``-fsanitize=vptr``: Use of an object whose vptr indicates that it is of		- ``-fsanitize=vptr``: Use of an object whose vptr indicates that it is of
the wrong dynamic type, or that its lifetime has not begun or has ended.		the wrong dynamic type, or that its lifetime has not begun or has ended.
Incompatible with ``-fno-rtti``. Link must be performed by ``clang++``, not		Incompatible with ``-fno-rtti``. Link must be performed by ``clang++``, not
``clang``, to make sure C++-specific parts of the runtime library and C++		``clang``, to make sure C++-specific parts of the runtime library and C++
standard libraries are present.		standard libraries are present.
		- ``-fsanitize=exception-escape``: A C++ exception unwinding out of an
		non-unwind function is an undefined behavior. This catches such situations.

You can also use the following check groups:		You can also use the following check groups:
- ``-fsanitize=undefined``: All of the checks listed above other than		- ``-fsanitize=undefined``: All of the checks listed above other than
``float-divide-by-zero``, ``unsigned-integer-overflow``,		``float-divide-by-zero``, ``unsigned-integer-overflow``,
``implicit-conversion``, ``local-bounds`` and the ``nullability-*`` group		``implicit-conversion``, ``local-bounds`` and the ``nullability-*`` group
of checks.		of checks.
- ``-fsanitize=undefined-trap``: Deprecated alias of		- ``-fsanitize=undefined-trap``: Deprecated alias of
``-fsanitize=undefined``.		``-fsanitize=undefined``.
▲ Show 20 Lines • Show All 181 Lines • Show Last 20 Lines

clang/include/clang/Basic/Sanitizers.def

	Show First 20 Lines • Show All 101 Lines • ▼ Show 20 Lines
	SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute)			SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute)
	SANITIZER("shift-base", ShiftBase)			SANITIZER("shift-base", ShiftBase)
	SANITIZER("shift-exponent", ShiftExponent)			SANITIZER("shift-exponent", ShiftExponent)
	SANITIZER_GROUP("shift", Shift, ShiftBase \| ShiftExponent)			SANITIZER_GROUP("shift", Shift, ShiftBase \| ShiftExponent)
	SANITIZER("signed-integer-overflow", SignedIntegerOverflow)			SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
	SANITIZER("unreachable", Unreachable)			SANITIZER("unreachable", Unreachable)
	SANITIZER("vla-bound", VLABound)			SANITIZER("vla-bound", VLABound)
	SANITIZER("vptr", Vptr)			SANITIZER("vptr", Vptr)
				SANITIZER("exception-escape", ExceptionEscape)

	// IntegerSanitizer			// IntegerSanitizer
	SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)			SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
	SANITIZER("unsigned-shift-base", UnsignedShiftBase)			SANITIZER("unsigned-shift-base", UnsignedShiftBase)

	// DataFlowSanitizer			// DataFlowSanitizer
	SANITIZER("dataflow", DataFlow)			SANITIZER("dataflow", DataFlow)

	Show All 21 Lines
	// -fsanitize=undefined includes all the sanitizers which have low overhead, no			// -fsanitize=undefined includes all the sanitizers which have low overhead, no
	// ABI or address space layout implications, and only catch undefined behavior.			// ABI or address space layout implications, and only catch undefined behavior.
	SANITIZER_GROUP("undefined", Undefined,			SANITIZER_GROUP("undefined", Undefined,
	Alignment \| Bool \| Builtin \| ArrayBounds \| Enum \|			Alignment \| Bool \| Builtin \| ArrayBounds \| Enum \|
	FloatCastOverflow \|			FloatCastOverflow \|
	IntegerDivideByZero \| NonnullAttribute \| Null \| ObjectSize \|			IntegerDivideByZero \| NonnullAttribute \| Null \| ObjectSize \|
	PointerOverflow \| Return \| ReturnsNonnullAttribute \| Shift \|			PointerOverflow \| Return \| ReturnsNonnullAttribute \| Shift \|
	SignedIntegerOverflow \| Unreachable \| VLABound \| Function \|			SignedIntegerOverflow \| Unreachable \| VLABound \| Function \|
	Vptr)			Vptr \| ExceptionEscape)

	// -fsanitize=undefined-trap is an alias for -fsanitize=undefined.			// -fsanitize=undefined-trap is an alias for -fsanitize=undefined.
	SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined)			SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined)

	// ImplicitConversionSanitizer			// ImplicitConversionSanitizer
	SANITIZER("implicit-unsigned-integer-truncation",			SANITIZER("implicit-unsigned-integer-truncation",
	ImplicitUnsignedIntegerTruncation)			ImplicitUnsignedIntegerTruncation)
	SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation)			SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation)
	Show All 40 Lines

clang/lib/CodeGen/CGCall.cpp

Show First 20 Lines • Show All 5,393 Lines • ▼ Show 20 Lines	#endif

AllocAlignAttrEmitter AllocAlignAttrEmitter(*this, TargetDecl, CallArgs);		AllocAlignAttrEmitter AllocAlignAttrEmitter(*this, TargetDecl, CallArgs);
Attrs = AllocAlignAttrEmitter.TryEmitAsCallSiteAttribute(Attrs);		Attrs = AllocAlignAttrEmitter.TryEmitAsCallSiteAttribute(Attrs);

// Emit the actual call/invoke instruction.		// Emit the actual call/invoke instruction.
llvm::CallBase *CI;		llvm::CallBase *CI;
if (!InvokeDest) {		if (!InvokeDest) {
CI = Builder.CreateCall(IRFuncTy, CalleePtr, IRCallArgs, BundleList);		CI = Builder.CreateCall(IRFuncTy, CalleePtr, IRCallArgs, BundleList);
} else {		if (EHStack.wouldUnwindBeUB())
		Attrs = Attrs.addFnAttribute(getLLVMContext(),
		llvm::Attribute::AttrKind::NoUnwind);
		} else {
		assert((!EHStack.wouldUnwindBeUB() \|\|
		SanOpts.has(SanitizerKind::ExceptionEscape)) &&
		"If unwind would be UB, we should be here only if sanitizing");
		MaybeRecordCurrLocForExceptionEscapeUBSan(Loc);
llvm::BasicBlock *Cont = createBasicBlock("invoke.cont");		llvm::BasicBlock *Cont = createBasicBlock("invoke.cont");
CI = Builder.CreateInvoke(IRFuncTy, CalleePtr, Cont, InvokeDest, IRCallArgs,		CI = Builder.CreateInvoke(IRFuncTy, CalleePtr, Cont, InvokeDest, IRCallArgs,
BundleList);		BundleList);
EmitBlock(Cont);		EmitBlock(Cont);
}		}
if (callOrInvoke)		if (callOrInvoke)
		lebedev.riAuthorUnsubmitted Not Done Reply Inline Actions @rjmccall So there are two issues: `getInvokeDest()` isn't necessarily called just before creating an `invoke`, see e.g. `-EHa` handling in `CodeGenFunction::PopCleanupBlock()` Even if we ignore that, we need to do this for every `invoke`, not just those going to the our UB landing pad, consider: https://godbolt.org/z/qTeKor41a <- the invoke leads to a normal landing pad, yet we immediately rethrow the just-caught exception, and now end up in the UB landing pad. So i'm not really seeing an alternative path here? lebedev.ri: @rjmccall So there are two issues: 1. `getInvokeDest()` isn't necessarily called just before…
		lebedev.riAuthorUnsubmitted Not Done Reply Inline Actions @rjmccall do you agree with my reasoning here? Perhaps there is some other solution that i'm not seeing, other than not having the source location? lebedev.ri: @rjmccall do you agree with my reasoning here? Perhaps there is some other solution that i'm…
		rjmccallUnsubmitted Not Done Reply Inline Actions I think there are four interesting questions posed by your example. The first is whether we should make an effort to report the original source location for the call to `maybe_throws` instead of the rethrow location. To me, the answer is no, and the main reason is that the user is explicitly acknowledging the possibility of an exception and is (probably) trying to handle it. That means that the proximate source of programmer error is now that their attempt to handle it failed, not that an exception was raised in the first place. That might seem weird for your example specifically, The second is what source location we should report for invokes that don't have an obvious source location. The answer is that I think we should always try to have a source location, even if it might be an imperfect one. Synthesized code almost always has a source location that triggered the synthesis. Cleanups are typically associated with some variable or temporary that itself should have a source location. Even things like `__cxa_end_catch` are associated with the `catch` clause. Hopefully UBSan has a flexible enough schema in how source locations are expressed to it for us to communicate these things down to the runtime, like "synthesized code at Foo.cpp:18" or "cleanup for variable at Bar.cpp:107". The third is the more general question of whether we need to store a source location before every `invoke`. To ensure that this variable is meaningfully initialized, we need to store a source location before every invoke that can lead to a UB scope. But the variable is stateful, so it's equally important that we not emit stores that might overwrite the source location that we actually want to report. For example, we want the source location reported in your example to be the source location for the `throw;`, not something associated with the `__cxa_end_catch` cleanup. This basically boils down to not doing stores within a landing pad before it enters a `catch` handler. Fortunately, landing pad code like that should always be in a terminate scope, so I think you can just look at the current EH stack and see whether the landing pad can possibly reach a UB scope. (You might need some save-and-restore logic around `@finally` blocks in ObjC.) The final question is whether we need to emit cleanups on paths that lead to UB scopes at all. In the simplest cases, I think we don't. The standard says that it's implementation-specified whether the stack is unwound on an exception path that leads to termination. That rule doesn't technically apply here, but only because we're dealing with a language extension that makes unwinding UB in the first place. Since we have room to choose the semantics, the standard gives us pretty strong cover to be just as aggressive about skipping cleanups in contexts where throwing is UB as it is in contexts where throwing terminates. That, in turn, means that the landing pad in these contexts will usually just be a UB scope with no cleanups in it. So even if we did need to worry about cleanups overwriting the source location, it usually won't be possible because we won't be running cleanups. In fact, if there's a catch-all or a terminate scope, the UB scope won't be reachable, so the only situation where we have to worry about cleanups being run before we reach a UB scope is if there are cleanups inside a partial catch clause, like `catch (const std::exception &e)`. And in principle we have the information up front from the EH selector to know whether we're going to end up in a catch handler, so we could actually just check immediately at the start of the landing pad and then trigger UBSan. rjmccall: I think there are four interesting questions posed by your example. The first is whether we…
		lebedev.riAuthorUnsubmitted Not Done Reply Inline Actions The final question is whether we need to emit cleanups on paths that lead to UB scopes at all. In the simplest cases, I think we don't. The standard says that it's implementation-specified whether the stack is unwound on an exception path that leads to termination. That rule doesn't technically apply here, but only because we're dealing with a language extension that makes unwinding UB in the first place. Since we have room to choose the semantics, the standard gives us pretty strong cover to be just as aggressive about skipping cleanups in contexts where throwing is UB as it is in contexts where throwing terminates. That, in turn, means that the landing pad in these contexts will usually just be a UB scope with no cleanups in it. So even if we did need to worry about cleanups overwriting the source location, it usually won't be possible because we won't be running cleanups. In fact, if there's a catch-all or a terminate scope, the UB scope won't be reachable, so the only situation where we have to worry about cleanups being run before we reach a UB scope is if there are cleanups inside a partial catch clause, like catch (const std::exception &e). And in principle we have the information up front from the EH selector to know whether we're going to end up in a catch handler, so we could actually just check immediately at the start of the landing pad and then trigger UBSan. The more i stare at this. The more worried i am. Is the idea that, when we are in termination/UB EH scope, we no longer have to play by the RAII rules, and destructors, for the moment, are no-ops and are side-effect free? Consider: #include <cstdlib> #include <cstdio> void will_throw() { throw int(42); } void might_throw() { } struct abort_on_dtor { abort_on_dtor() {} [[noreturn]] ~abort_on_dtor() { printf("in ~abort_on_dtor()\n"); abort(); } }; void test0() noexcept { abort_on_dtor scope; will_throw(); might_throw(); } __attribute__ ((pure)) void test1() { abort_on_dtor scope; will_throw(); might_throw(); } int main(int argc, char* argv[]) { printf("argc = %i\n", argc); if(argc == 1) abort_on_dtor scope; if(argc == 2) test0(); if(argc == 3) test1(); return 0; } You'd think, if call to `test0()`/`test1()` unwinds, we'd first destruct `abort_on_dtor`, and termination/UB no longer happens. But i guess termination/UB time-traveled/"happened" the moment `test0()`/`test1()` unwinds? lebedev.ri: > The final question is whether we need to emit cleanups on paths that lead to UB scopes at all.
		lebedev.riAuthorUnsubmitted Not Done Reply Inline Actions The final question is whether we need to emit cleanups on paths that lead to UB scopes at all. In the simplest cases I believe, i have implemented these semantics, i.e. no cleanups in UB EH scope, just like how we deal with Terminate scope when in UB EH scope, and not sanitizing, all callees are implicitly nounwind If `catch()` blocks don't catch the exception, and we get to UB scope, we go into `unreachable` block. Did i understand you correctly? (test suite does not pass, there are a few bugs to deal with) lebedev.ri: > The final question is whether we need to emit cleanups on paths that lead to UB scopes at all.
		lebedev.riAuthorUnsubmitted Done Reply Inline Actions Ok, trying to continue looking into this The first is whether we should make an effort to report the original source location for the call to maybe_throws instead of the rethrow location. To me, the answer is no, Sure, seems reasonable. The second is what source location we should report for invokes that don't have an obvious source location. The answer is that I think we should always try to have a source location, even if it might be an imperfect one. It seems like this point is non-actionable. We simply always emit the source location, and if it is invalid, well, then that is a more general problem. The third is the more general question of whether we need to store a source location before every invoke. To ensure that this variable is meaningfully initialized, we need to store a source location before every invoke that can lead to a UB scope. But the variable is stateful, so it's equally important that we not emit stores that might overwrite the source location that we actually want to report. For example, we want the source location reported in your example to be the source location for the throw;, not something associated with the __cxa_end_catch cleanup. This basically boils down to not doing stores within a landing pad before it enters a catch handler. Fortunately, landing pad code like that should always be in a terminate scope, so I think you can just look at the current EH stack and see whether the landing pad can possibly reach a UB scope. (You might need some save-and-restore logic around @finally blocks in ObjC.) I've fixed source location for `throw`, but i'm not quite following the rest of the comment here. Can you perhaps give a self-contained example where we'd end up with wrong line? I'm not sure about ObjC, so i'll ignore that bit for a moment at least. lebedev.ri: Ok, trying to continue looking into this > The first is whether we should make an effort to…
*callOrInvoke = CI;		*callOrInvoke = CI;

// If this is within a function that has the guard(nocf) attribute and is an		// If this is within a function that has the guard(nocf) attribute and is an
// indirect call, add the "guard_nocf" attribute to this call to indicate that		// indirect call, add the "guard_nocf" attribute to this call to indicate that
// Control Flow Guard checks should not be added, even if the call is inlined.		// Control Flow Guard checks should not be added, even if the call is inlined.
if (const auto *FD = dyn_cast_or_null<FunctionDecl>(CurFuncDecl)) {		if (const auto *FD = dyn_cast_or_null<FunctionDecl>(CurFuncDecl)) {
if (const auto *A = FD->getAttr<CFGuardAttr>()) {		if (const auto *A = FD->getAttr<CFGuardAttr>()) {
if (A->getGuard() == CFGuardAttr::GuardArg::nocf && !CI->getCalledFunction())		if (A->getGuard() == CFGuardAttr::GuardArg::nocf && !CI->getCalledFunction())
▲ Show 20 Lines • Show All 235 Lines • ▼ Show 20 Lines	#endif
if (!ReturnValue.isExternallyDestructed() &&		if (!ReturnValue.isExternallyDestructed() &&
RetTy.isDestructedType() == QualType::DK_nontrivial_c_struct)		RetTy.isDestructedType() == QualType::DK_nontrivial_c_struct)
pushDestroy(QualType::DK_nontrivial_c_struct, Ret.getAggregateAddress(),		pushDestroy(QualType::DK_nontrivial_c_struct, Ret.getAggregateAddress(),
RetTy);		RetTy);

return Ret;		return Ret;
}		}

		void CodeGenFunction::MaybeRecordCurrLocForExceptionEscapeUBSan(
		SourceLocation Loc) {
		if (!SanOpts.has(SanitizerKind::ExceptionEscape) \|\|
		!ExceptionEscapeUBLastInvokeSrcLoc)
		return;
		llvm::Constant *CheckSourceLocation = EmitCheckSourceLocation(Loc);
		Builder.CreateStore(
		CheckSourceLocation,
		Address(ExceptionEscapeUBLastInvokeSrcLoc, CheckSourceLocation->getType(),
		CharUnits::fromQuantity(
		ExceptionEscapeUBLastInvokeSrcLoc->getAlign().value())));
		}

CGCallee CGCallee::prepareConcreteCallee(CodeGenFunction &CGF) const {		CGCallee CGCallee::prepareConcreteCallee(CodeGenFunction &CGF) const {
if (isVirtual()) {		if (isVirtual()) {
const CallExpr *CE = getVirtualCallExpr();		const CallExpr *CE = getVirtualCallExpr();
return CGF.CGM.getCXXABI().getVirtualFunctionPointer(		return CGF.CGM.getCXXABI().getVirtualFunctionPointer(
CGF, getVirtualMethodDecl(), getThisAddress(), getVirtualFunctionType(),		CGF, getVirtualMethodDecl(), getThisAddress(), getVirtualFunctionType(),
CE ? CE->getBeginLoc() : SourceLocation());		CE ? CE->getBeginLoc() : SourceLocation());
}		}

Show All 14 Lines

clang/lib/CodeGen/CGCleanup.h

Show First 20 Lines • Show All 80 Lines • ▼ Show 20 Lines	class CleanupBitFields {
/// Whether the EH cleanup should test the activation flag.		/// Whether the EH cleanup should test the activation flag.
unsigned TestFlagInEHCleanup : 1;		unsigned TestFlagInEHCleanup : 1;

/// The amount of extra storage needed by the Cleanup.		/// The amount of extra storage needed by the Cleanup.
/// Always a multiple of the scope-stack alignment.		/// Always a multiple of the scope-stack alignment.
unsigned CleanupSize : 12;		unsigned CleanupSize : 12;
};		};

		class UBBitFields {
		friend class EHUBScope;
		unsigned : NumCommonBits;

		unsigned IsSanitized : 32 - NumCommonBits;
		};

class FilterBitFields {		class FilterBitFields {
friend class EHFilterScope;		friend class EHFilterScope;
unsigned : NumCommonBits;		unsigned : NumCommonBits;

unsigned NumFilters : 32 - NumCommonBits;		unsigned NumFilters : 32 - NumCommonBits;
};		};

union {		union {
CommonBitFields CommonBits;		CommonBitFields CommonBits;
CatchBitFields CatchBits;		CatchBitFields CatchBits;
CleanupBitFields CleanupBits;		CleanupBitFields CleanupBits;
		UBBitFields UBBits;
FilterBitFields FilterBits;		FilterBitFields FilterBits;
};		};

public:		public:
enum Kind { Cleanup, Catch, Terminate, Filter };		enum Kind { Cleanup, Catch, Terminate, UB, Filter };

EHScope(Kind kind, EHScopeStack::stable_iterator enclosingEHScope)		EHScope(Kind kind, EHScopeStack::stable_iterator enclosingEHScope)
: CachedLandingPad(nullptr), CachedEHDispatchBlock(nullptr),		: CachedLandingPad(nullptr), CachedEHDispatchBlock(nullptr),
EnclosingEHScope(enclosingEHScope) {		EnclosingEHScope(enclosingEHScope) {
CommonBits.Kind = kind;		CommonBits.Kind = kind;
		assert(CommonBits.Kind == kind && "Kind overflow?");
}		}

Kind getKind() const { return static_cast<Kind>(CommonBits.Kind); }		Kind getKind() const { return static_cast<Kind>(CommonBits.Kind); }

llvm::BasicBlock *getCachedLandingPad() const {		llvm::BasicBlock *getCachedLandingPad() const {
return CachedLandingPad;		return CachedLandingPad;
}		}

▲ Show 20 Lines • Show All 364 Lines • ▼ Show 20 Lines	EHTerminateScope(EHScopeStack::stable_iterator enclosingEHScope)
: EHScope(Terminate, enclosingEHScope) {}		: EHScope(Terminate, enclosingEHScope) {}
static size_t getSize() { return sizeof(EHTerminateScope); }		static size_t getSize() { return sizeof(EHTerminateScope); }

static bool classof(const EHScope *scope) {		static bool classof(const EHScope *scope) {
return scope->getKind() == Terminate;		return scope->getKind() == Terminate;
}		}
};		};

		/// An exceptions scope which causes UB if any exception reaches it.
		class EHUBScope : public EHScope {
		public:
		EHUBScope(bool isSanitized, EHScopeStack::stable_iterator enclosingEHScope)
		: EHScope(UB, enclosingEHScope) {
		UBBits.IsSanitized = isSanitized;
		assert(UBBits.IsSanitized == isSanitized && "IsSanitized overflow?");
		}

		bool getIsSanitized() const { return UBBits.IsSanitized; }

		static size_t getSize() { return sizeof(EHUBScope); }

		static bool classof(const EHScope *scope) { return scope->getKind() == UB; }
		};

/// A non-stable pointer into the scope stack.		/// A non-stable pointer into the scope stack.
class EHScopeStack::iterator {		class EHScopeStack::iterator {
char *Ptr;		char *Ptr;

friend class EHScopeStack;		friend class EHScopeStack;
explicit iterator(char *Ptr) : Ptr(Ptr) {}		explicit iterator(char *Ptr) : Ptr(Ptr) {}

public:		public:
Show All 21 Lines	iterator &operator++() {

case EHScope::Cleanup:		case EHScope::Cleanup:
Size = static_cast<const EHCleanupScope *>(get())->getAllocatedSize();		Size = static_cast<const EHCleanupScope *>(get())->getAllocatedSize();
break;		break;

case EHScope::Terminate:		case EHScope::Terminate:
Size = EHTerminateScope::getSize();		Size = EHTerminateScope::getSize();
break;		break;

		case EHScope::UB:
		Size = EHUBScope::getSize();
		break;
}		}
Ptr += llvm::alignTo(Size, ScopeStackAlignment);		Ptr += llvm::alignTo(Size, ScopeStackAlignment);
return *this;		return *this;
}		}

iterator next() {		iterator next() {
iterator copy = *this;		iterator copy = *this;
++copy;		++copy;
Show All 32 Lines
inline void EHScopeStack::popTerminate() {		inline void EHScopeStack::popTerminate() {
assert(!empty() && "popping exception stack when not empty");		assert(!empty() && "popping exception stack when not empty");

EHTerminateScope &scope = cast<EHTerminateScope>(*begin());		EHTerminateScope &scope = cast<EHTerminateScope>(*begin());
InnermostEHScope = scope.getEnclosingEHScope();		InnermostEHScope = scope.getEnclosingEHScope();
deallocate(EHTerminateScope::getSize());		deallocate(EHTerminateScope::getSize());
}		}

		inline void EHScopeStack::popUB() {
		assert(!empty() && "popping exception stack when not empty");

		EHUBScope &scope = cast<EHUBScope>(*begin());
		InnermostEHScope = scope.getEnclosingEHScope();
		deallocate(EHUBScope::getSize());
		}

inline EHScopeStack::iterator EHScopeStack::find(stable_iterator sp) const {		inline EHScopeStack::iterator EHScopeStack::find(stable_iterator sp) const {
assert(sp.isValid() && "finding invalid savepoint");		assert(sp.isValid() && "finding invalid savepoint");
assert(sp.Size <= stable_begin().Size && "finding savepoint after pop");		assert(sp.Size <= stable_begin().Size && "finding savepoint after pop");
return iterator(EndOfBuffer - sp.Size);		return iterator(EndOfBuffer - sp.Size);
}		}

inline EHScopeStack::stable_iterator		inline EHScopeStack::stable_iterator
EHScopeStack::stabilize(iterator ir) const {		EHScopeStack::stabilize(iterator ir) const {
▲ Show 20 Lines • Show All 53 Lines • Show Last 20 Lines

clang/lib/CodeGen/CGCleanup.cpp

Show First 20 Lines • Show All 146 Lines • ▼ Show 20 Lines	for (EHScopeStack::iterator it = begin(); stabilize(it) != Old; it++) {
EHCleanupScope cleanup = dyn_cast<EHCleanupScope>(&it);		EHCleanupScope cleanup = dyn_cast<EHCleanupScope>(&it);
if (!cleanup \|\| !cleanup->isLifetimeMarker())		if (!cleanup \|\| !cleanup->isLifetimeMarker())
return false;		return false;
}		}

return true;		return true;
}		}

bool EHScopeStack::requiresLandingPad() const {		EHScopeStack::iterator EHScopeStack::getInnermostEHScopeForUnwind() const {
for (stable_iterator si = getInnermostEHScope(); si != stable_end(); ) {		for (stable_iterator si = getInnermostEHScope(); si != stable_end(); ) {
// Skip lifetime markers.		// Skip lifetime markers.
if (auto cleanup = dyn_cast<EHCleanupScope>(&find(si)))		if (auto cleanup = dyn_cast<EHCleanupScope>(&find(si)))
if (cleanup->isLifetimeMarker()) {		if (cleanup->isLifetimeMarker()) {
si = cleanup->getEnclosingEHScope();		si = cleanup->getEnclosingEHScope();
continue;		continue;
}		}
return true;		return find(si);
		}

		return end();
}		}

		bool EHScopeStack::wouldUnwindBeUB() const {
		EHScopeStack::iterator it = getInnermostEHScopeForUnwind();
		if (it == end())
return false;		return false;

		// If we are in exception scope which causes UB if any exception reaches it,
		// and we are not sanitizing for that UB, then the unwind would indeed be UB.
		// because the callee will not unwind and the landing pad won't be reached.
		auto ub = dyn_cast<EHUBScope>(&it);
		return ub && !ub->getIsSanitized();
		}

		bool EHScopeStack::requiresLandingPad() const {
		EHScopeStack::iterator it = getInnermostEHScopeForUnwind();
		if (it == end())
		return false;

		return !wouldUnwindBeUB();
}		}

EHScopeStack::stable_iterator		EHScopeStack::stable_iterator
EHScopeStack::getInnermostActiveNormalCleanup() const {		EHScopeStack::getInnermostActiveNormalCleanup() const {
for (stable_iterator si = getInnermostNormalCleanup(), se = stable_end();		for (stable_iterator si = getInnermostNormalCleanup(), se = stable_end();
si != se; ) {		si != se; ) {
EHCleanupScope &cleanup = cast<EHCleanupScope>(*find(si));		EHCleanupScope &cleanup = cast<EHCleanupScope>(*find(si));
if (cleanup.isActive()) return si;		if (cleanup.isActive()) return si;
si = cleanup.getEnclosingNormalCleanup();		si = cleanup.getEnclosingNormalCleanup();
}		}
return stable_end();		return stable_end();
}		}


void *EHScopeStack::pushCleanup(CleanupKind Kind, size_t Size) {		void *EHScopeStack::pushCleanup(CleanupKind Kind, size_t Size) {
char *Buffer = allocate(EHCleanupScope::getSizeForCleanupSize(Size));		char *Buffer = allocate(EHCleanupScope::getSizeForCleanupSize(Size));
bool IsNormalCleanup = Kind & NormalCleanup;		bool IsNormalCleanup = Kind & NormalCleanup;
bool IsEHCleanup = Kind & EHCleanup;		bool IsEHCleanup = Kind & EHCleanup;
bool IsLifetimeMarker = Kind & LifetimeMarker;		bool IsLifetimeMarker = Kind & LifetimeMarker;

// Per C++ [except.terminate], it is implementation-defined whether none,		// Per C++ [except.terminate], it is implementation-defined whether none,
// some, or all cleanups are called before std::terminate. Thus, when		// some, or all cleanups are called before std::terminate. Thus, when
// terminate is the current EH scope, we may skip adding any EH cleanup		// terminate is the current EH scope, we may skip adding any EH cleanup
// scopes.		// scopes.
if (InnermostEHScope != stable_end() &&		//
find(InnermostEHScope)->getKind() == EHScope::Terminate)		// Likewise, if the exception escaping out of the function would be UB,
		// skip adding any EH cleanup scopes.
		if (InnermostEHScope != stable_end()) {
		if (EHScope::Kind InnermostEHScopeKind = find(InnermostEHScope)->getKind();
		InnermostEHScopeKind == EHScope::Terminate \|\|
		InnermostEHScopeKind == EHScope::UB)
IsEHCleanup = false;		IsEHCleanup = false;
		}

EHCleanupScope *Scope =		EHCleanupScope *Scope =
new (Buffer) EHCleanupScope(IsNormalCleanup,		new (Buffer) EHCleanupScope(IsNormalCleanup,
IsEHCleanup,		IsEHCleanup,
Size,		Size,
BranchFixups.size(),		BranchFixups.size(),
InnermostNormalCleanup,		InnermostNormalCleanup,
InnermostEHScope);		InnermostEHScope);
Show All 33 Lines	if (!BranchFixups.empty()) {

// Otherwise we can still trim out unnecessary nulls.		// Otherwise we can still trim out unnecessary nulls.
else		else
popNullFixups();		popNullFixups();
}		}
}		}

EHFilterScope *EHScopeStack::pushFilter(unsigned numFilters) {		EHFilterScope *EHScopeStack::pushFilter(unsigned numFilters) {
assert(getInnermostEHScope() == stable_end());		assert(getInnermostEHScope() == stable_end() \|\|
		isa<EHUBScope>(*find(getInnermostEHScope())));
char *buffer = allocate(EHFilterScope::getSizeForNumFilters(numFilters));		char *buffer = allocate(EHFilterScope::getSizeForNumFilters(numFilters));
EHFilterScope *filter = new (buffer) EHFilterScope(numFilters);		EHFilterScope *filter = new (buffer) EHFilterScope(numFilters);
InnermostEHScope = stable_begin();		InnermostEHScope = stable_begin();
return filter;		return filter;
}		}

void EHScopeStack::popFilter() {		void EHScopeStack::popFilter() {
assert(!empty() && "popping exception stack when not empty");		assert(!empty() && "popping exception stack when not empty");
Show All 13 Lines
}		}

void EHScopeStack::pushTerminate() {		void EHScopeStack::pushTerminate() {
char *Buffer = allocate(EHTerminateScope::getSize());		char *Buffer = allocate(EHTerminateScope::getSize());
new (Buffer) EHTerminateScope(InnermostEHScope);		new (Buffer) EHTerminateScope(InnermostEHScope);
InnermostEHScope = stable_begin();		InnermostEHScope = stable_begin();
}		}

		void EHScopeStack::pushUB(bool isSanitized) {
		char *Buffer = allocate(EHUBScope::getSize());
		new (Buffer) EHUBScope(isSanitized, InnermostEHScope);
		InnermostEHScope = stable_begin();
		}

/// Remove any 'null' fixups on the stack. However, we can't pop more		/// Remove any 'null' fixups on the stack. However, we can't pop more
/// fixups than the fixup depth on the innermost normal cleanup, or		/// fixups than the fixup depth on the innermost normal cleanup, or
/// else fixups that we try to add to that cleanup will end up in the		/// else fixups that we try to add to that cleanup will end up in the
/// wrong place. We could try to shrink fixup depths, but that's		/// wrong place. We could try to shrink fixup depths, but that's
/// actually a lot of work for little benefit.		/// actually a lot of work for little benefit.
void EHScopeStack::popNullFixups() {		void EHScopeStack::popNullFixups() {
// We expect this to only be called when there's still an innermost		// We expect this to only be called when there's still an innermost
// normal cleanup; otherwise there really shouldn't be any fixups.		// normal cleanup; otherwise there really shouldn't be any fixups.
▲ Show 20 Lines • Show All 1,101 Lines • Show Last 20 Lines

clang/lib/CodeGen/CGException.cpp

Show First 20 Lines • Show All 434 Lines • ▼ Show 20 Lines
}		}

llvm::Value *CodeGenFunction::getSelectorFromSlot() {		llvm::Value *CodeGenFunction::getSelectorFromSlot() {
return Builder.CreateLoad(getEHSelectorSlot(), "sel");		return Builder.CreateLoad(getEHSelectorSlot(), "sel");
}		}

void CodeGenFunction::EmitCXXThrowExpr(const CXXThrowExpr *E,		void CodeGenFunction::EmitCXXThrowExpr(const CXXThrowExpr *E,
bool KeepInsertionPoint) {		bool KeepInsertionPoint) {
		MaybeRecordCurrLocForExceptionEscapeUBSan(E->getBeginLoc());
if (const Expr *SubExpr = E->getSubExpr()) {		if (const Expr *SubExpr = E->getSubExpr()) {
QualType ThrowType = SubExpr->getType();		QualType ThrowType = SubExpr->getType();
if (ThrowType->isObjCObjectPointerType()) {		if (ThrowType->isObjCObjectPointerType()) {
const Stmt *ThrowStmt = E->getSubExpr();		const Stmt *ThrowStmt = E->getSubExpr();
const ObjCAtThrowStmt S(E->getExprLoc(), const_cast<Stmt *>(ThrowStmt));		const ObjCAtThrowStmt S(E->getExprLoc(), const_cast<Stmt *>(ThrowStmt));
CGM.getObjCRuntime().EmitThrowStmt(*this, S, false);		CGM.getObjCRuntime().EmitThrowStmt(*this, S, false);
} else {		} else {
CGM.getCXXABI().emitThrow(*this, E);		CGM.getCXXABI().emitThrow(*this, E);
}		}
} else {		} else {
CGM.getCXXABI().emitRethrow(this, /isNoReturn=*/true);		CGM.getCXXABI().emitRethrow(this, /isNoReturn=*/true);
}		}

// throw is an expression, and the expression emitters expect us		// throw is an expression, and the expression emitters expect us
// to leave ourselves at a valid insertion point.		// to leave ourselves at a valid insertion point.
if (KeepInsertionPoint)		if (KeepInsertionPoint)
EmitBlock(createBasicBlock("throw.cont"));		EmitBlock(createBasicBlock("throw.cont"));
}		}

void CodeGenFunction::EmitStartEHSpec(const Decl *D) {		/// Emit the dispatch block for a filter scope if necessary.
if (!CGM.getLangOpts().CXXExceptions)		static void emitFilterDispatchBlock(CodeGenFunction &CGF,
		EHFilterScope &filterScope) {
		llvm::BasicBlock *dispatchBlock = filterScope.getCachedEHDispatchBlock();
		if (!dispatchBlock)
return;		return;
		if (dispatchBlock->use_empty()) {
		delete dispatchBlock;
		return;
		}

		CGF.EmitBlockAfterUses(dispatchBlock);

		// If this isn't a catch-all filter, we need to check whether we got
		// here because the filter triggered.
		if (filterScope.getNumFilters()) {
		// Load the selector value.
		llvm::Value *selector = CGF.getSelectorFromSlot();
		llvm::BasicBlock *unexpectedBB = CGF.createBasicBlock("ehspec.unexpected");

		llvm::Value *zero = CGF.Builder.getInt32(0);
		llvm::Value *failsFilter =
		CGF.Builder.CreateICmpSLT(selector, zero, "ehspec.fails");
		CGF.Builder.CreateCondBr(failsFilter, unexpectedBB,
		CGF.getEHResumeBlock(false));

		CGF.EmitBlock(unexpectedBB);
		}

		// Call __cxa_call_unexpected. This doesn't need to be an invoke
		// because __cxa_call_unexpected magically filters exceptions
		// according to the last landing pad the exception was thrown
		// into. Seriously.
		llvm::Value *exn = CGF.getExceptionFromSlot();
		CGF.EmitRuntimeCall(getUnexpectedFn(CGF.CGM), exn)->setDoesNotReturn();
		CGF.Builder.CreateUnreachable();
		}

		bool CodeGenFunction::ExceptionEscapeIsProgramTermination(const Decl *D,
		bool IsStart) {
		assert(CGM.getLangOpts().CXXExceptions && "Only for CXX-Exceptions mode.");

const FunctionDecl* FD = dyn_cast_or_null<FunctionDecl>(D);		const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D);
if (!FD) {		if (!FD) {
// Check if CapturedDecl is nothrow and create terminate scope for it.		// Check if CapturedDecl is nothrow and create terminate scope for it.
if (const CapturedDecl* CD = dyn_cast_or_null<CapturedDecl>(D)) {		if (const CapturedDecl *CD = dyn_cast_or_null<CapturedDecl>(D)) {
if (CD->isNothrow())		if (CD->isNothrow())
EHStack.pushTerminate();		return true;
}		}
return;		return false;
}		}

		// As an extension, we define that functions annotated with pure/const attrs
		// exibit UB on throw, so we don't need to terminate the program.
		if (FD->hasAttr<PureAttr>() \|\| FD->hasAttr<ConstAttr>())
		return false;

const FunctionProtoType *Proto = FD->getType()->getAs<FunctionProtoType>();		const FunctionProtoType *Proto = FD->getType()->getAs<FunctionProtoType>();
if (!Proto)		if (!Proto)
return;		return false;

ExceptionSpecificationType EST = Proto->getExceptionSpecType();		ExceptionSpecificationType EST = Proto->getExceptionSpecType();
// In C++17 and later, 'throw()' aka EST_DynamicNone is treated the same way		// In C++17 and later, 'throw()' aka EST_DynamicNone is treated the same way
// as noexcept. In earlier standards, it is handled in this block, along with		// as noexcept. In earlier standards, it is handled in this block, along with
// 'throw(X...)'.		// 'throw(X...)'.
if (EST == EST_Dynamic \|\|		if (EST == EST_Dynamic \|\|
(EST == EST_DynamicNone && !getLangOpts().CPlusPlus17)) {		(EST == EST_DynamicNone && !getLangOpts().CPlusPlus17)) {
// TODO: Revisit exception specifications for the MS ABI. There is a way to		// TODO: Revisit exception specifications for the MS ABI. There is a way to
// encode these in an object file but MSVC doesn't do anything with it.		// encode these in an object file but MSVC doesn't do anything with it.
if (getTarget().getCXXABI().isMicrosoft())		if (getTarget().getCXXABI().isMicrosoft())
return;		return false;
// In Wasm EH we currently treat 'throw()' in the same way as 'noexcept'. In		// In Wasm EH we currently treat 'throw()' in the same way as 'noexcept'. In
// case of throw with types, we ignore it and print a warning for now.		// case of throw with types, we ignore it and print a warning for now.
// TODO Correctly handle exception specification in Wasm EH		// TODO Correctly handle exception specification in Wasm EH
if (CGM.getLangOpts().hasWasmExceptions()) {		if (CGM.getLangOpts().hasWasmExceptions()) {
if (EST == EST_DynamicNone)		if (EST == EST_DynamicNone)
EHStack.pushTerminate();		return true;
else		else if (IsStart)
CGM.getDiags().Report(D->getLocation(),		CGM.getDiags().Report(D->getLocation(),
diag::warn_wasm_dynamic_exception_spec_ignored)		diag::warn_wasm_dynamic_exception_spec_ignored)
<< FD->getExceptionSpecSourceRange();		<< FD->getExceptionSpecSourceRange();
return;		return false;
}		}
// Currently Emscripten EH only handles 'throw()' but not 'throw' with		// Currently Emscripten EH only handles 'throw()' but not 'throw' with
// types. 'throw()' handling will be done in JS glue code so we don't need		// types. 'throw()' handling will be done in JS glue code so we don't need
// to do anything in that case. Just print a warning message in case of		// to do anything in that case. Just print a warning message in case of
// throw with types.		// throw with types.
// TODO Correctly handle exception specification in Emscripten EH		// TODO Correctly handle exception specification in Emscripten EH
if (getTarget().getCXXABI() == TargetCXXABI::WebAssembly &&		if (getTarget().getCXXABI() == TargetCXXABI::WebAssembly &&
CGM.getLangOpts().getExceptionHandling() ==		CGM.getLangOpts().getExceptionHandling() ==
LangOptions::ExceptionHandlingKind::None &&		LangOptions::ExceptionHandlingKind::None &&
EST == EST_Dynamic)		EST == EST_Dynamic && IsStart)
CGM.getDiags().Report(D->getLocation(),		CGM.getDiags().Report(D->getLocation(),
diag::warn_wasm_dynamic_exception_spec_ignored)		diag::warn_wasm_dynamic_exception_spec_ignored)
<< FD->getExceptionSpecSourceRange();		<< FD->getExceptionSpecSourceRange();

		if (IsStart) {
unsigned NumExceptions = Proto->getNumExceptions();		unsigned NumExceptions = Proto->getNumExceptions();
EHFilterScope *Filter = EHStack.pushFilter(NumExceptions);		EHFilterScope *Filter = EHStack.pushFilter(NumExceptions);

for (unsigned I = 0; I != NumExceptions; ++I) {		for (unsigned I = 0; I != NumExceptions; ++I) {
QualType Ty = Proto->getExceptionType(I);		QualType Ty = Proto->getExceptionType(I);
QualType ExceptType = Ty.getNonReferenceType().getUnqualifiedType();		QualType ExceptType = Ty.getNonReferenceType().getUnqualifiedType();
llvm::Value *EHType = CGM.GetAddrOfRTTIDescriptor(ExceptType,		llvm::Value *EHType = CGM.GetAddrOfRTTIDescriptor(ExceptType,
/ForEH=/true);		/ForEH=/true);
Filter->setFilter(I, EHType);		Filter->setFilter(I, EHType);
}		}
		} else {
		EHFilterScope &filterScope = cast<EHFilterScope>(*EHStack.begin());
		emitFilterDispatchBlock(*this, filterScope);
		EHStack.popFilter();
		}
} else if (Proto->canThrow() == CT_Cannot) {		} else if (Proto->canThrow() == CT_Cannot) {
// noexcept functions are simple terminate scopes.		// noexcept functions are simple terminate scopes.
if (!getLangOpts().EHAsynch) // -EHa: HW exception still can occur		if (!getLangOpts().EHAsynch) // -EHa: HW exception still can occur
EHStack.pushTerminate();		return true;
}		}
		return false;
}		}

/// Emit the dispatch block for a filter scope if necessary.		void CodeGenFunction::EmitStartEHSpec(const Decl *D) {
static void emitFilterDispatchBlock(CodeGenFunction &CGF,		if (!CGM.getLangOpts().CXXExceptions)
EHFilterScope &filterScope) {
llvm::BasicBlock *dispatchBlock = filterScope.getCachedEHDispatchBlock();
if (!dispatchBlock) return;
if (dispatchBlock->use_empty()) {
delete dispatchBlock;
return;		return;
}

CGF.EmitBlockAfterUses(dispatchBlock);

// If this isn't a catch-all filter, we need to check whether we got
// here because the filter triggered.
if (filterScope.getNumFilters()) {
// Load the selector value.
llvm::Value *selector = CGF.getSelectorFromSlot();
llvm::BasicBlock *unexpectedBB = CGF.createBasicBlock("ehspec.unexpected");

llvm::Value *zero = CGF.Builder.getInt32(0);		// If the LLVM IR function is marked as non-unwinding,
llvm::Value *failsFilter =		// then exception escape is UB. UBSan might be interested in this.
CGF.Builder.CreateICmpSLT(selector, zero, "ehspec.fails");		if (CurFn->hasFnAttribute(llvm::Attribute::NoUnwind))
CGF.Builder.CreateCondBr(failsFilter, unexpectedBB,		EHStack.pushUB(/isSanitized=/SanOpts.has(SanitizerKind::ExceptionEscape));
CGF.getEHResumeBlock(false));
		// Does the EH Specification for the current function mandate that the
CGF.EmitBlock(unexpectedBB);		// exception escaping out of the current function is required to cause
		// program termination?
		if (ExceptionEscapeIsProgramTermination(D, /IsStart=/true)) {
		assert(CurFn->hasFnAttribute(llvm::Attribute::NoUnwind) &&
		"Forgot to manifest nounwind function attribute in LLVM IR.");
		EHStack.pushTerminate();
}		}

// Call __cxa_call_unexpected. This doesn't need to be an invoke
// because __cxa_call_unexpected magically filters exceptions
// according to the last landing pad the exception was thrown
// into. Seriously.
llvm::Value *exn = CGF.getExceptionFromSlot();
CGF.EmitRuntimeCall(getUnexpectedFn(CGF.CGM), exn)
->setDoesNotReturn();
CGF.Builder.CreateUnreachable();
}		}

void CodeGenFunction::EmitEndEHSpec(const Decl *D) {		void CodeGenFunction::EmitEndEHSpec(const Decl *D) {
if (!CGM.getLangOpts().CXXExceptions)		if (!CGM.getLangOpts().CXXExceptions)
return;		return;

const FunctionDecl* FD = dyn_cast_or_null<FunctionDecl>(D);		// Does the EH Specification for the current function mandate that the
if (!FD) {		// exception escaping out of the current function is required to cause
// Check if CapturedDecl is nothrow and pop terminate scope for it.		// program termination?
if (const CapturedDecl* CD = dyn_cast_or_null<CapturedDecl>(D)) {		if (ExceptionEscapeIsProgramTermination(D, /IsStart=/false)) {
if (CD->isNothrow() && !EHStack.empty())		assert(CurFn->hasFnAttribute(llvm::Attribute::NoUnwind) &&
		"Forgot to manifest nounwind function attribute in LLVM IR.");
EHStack.popTerminate();		EHStack.popTerminate();
}		}
return;
}
const FunctionProtoType *Proto = FD->getType()->getAs<FunctionProtoType>();
if (!Proto)
return;

ExceptionSpecificationType EST = Proto->getExceptionSpecType();		// If the LLVM IR function is marked as non-unwinding,
if (EST == EST_Dynamic \|\|		// then exception escape is UB. UBSan might be interested in this.
(EST == EST_DynamicNone && !getLangOpts().CPlusPlus17)) {		if (CurFn->hasFnAttribute(llvm::Attribute::NoUnwind))
// TODO: Revisit exception specifications for the MS ABI. There is a way to		EHStack.popUB();
// encode these in an object file but MSVC doesn't do anything with it.
if (getTarget().getCXXABI().isMicrosoft())
return;
// In wasm we currently treat 'throw()' in the same way as 'noexcept'. In
// case of throw with types, we ignore it and print a warning for now.
// TODO Correctly handle exception specification in wasm
if (CGM.getLangOpts().hasWasmExceptions()) {
if (EST == EST_DynamicNone)
EHStack.popTerminate();
return;
}
EHFilterScope &filterScope = cast<EHFilterScope>(*EHStack.begin());
emitFilterDispatchBlock(*this, filterScope);
EHStack.popFilter();
} else if (Proto->canThrow() == CT_Cannot &&
/* possible empty when under async exceptions */
!EHStack.empty()) {
EHStack.popTerminate();
}
}		}

void CodeGenFunction::EmitCXXTryStmt(const CXXTryStmt &S) {		void CodeGenFunction::EmitCXXTryStmt(const CXXTryStmt &S) {
EnterCXXTryStmt(S);		EnterCXXTryStmt(S);
EmitStmt(S.getTryBlock());		EmitStmt(S.getTryBlock());
ExitCXXTryStmt(S);		ExitCXXTryStmt(S);
}		}

▲ Show 20 Lines • Show All 70 Lines • ▼ Show 20 Lines	if (!dispatchBlock) {

case EHScope::Filter:		case EHScope::Filter:
dispatchBlock = createBasicBlock("filter.dispatch");		dispatchBlock = createBasicBlock("filter.dispatch");
break;		break;

case EHScope::Terminate:		case EHScope::Terminate:
dispatchBlock = getTerminateHandler();		dispatchBlock = getTerminateHandler();
break;		break;

		case EHScope::UB:
		if (!cast<EHUBScope>(scope).getIsSanitized())
		dispatchBlock = getUnreachableBlock();
		else
		dispatchBlock = getExceptionEscapeUBHandler();
		break;
}		}
scope.setCachedEHDispatchBlock(dispatchBlock);		scope.setCachedEHDispatchBlock(dispatchBlock);
}		}
return dispatchBlock;		return dispatchBlock;
}		}

llvm::BasicBlock *		llvm::BasicBlock *
CodeGenFunction::getFuncletEHDispatchBlock(EHScopeStack::stable_iterator SI) {		CodeGenFunction::getFuncletEHDispatchBlock(EHScopeStack::stable_iterator SI) {
Show All 25 Lines	case EHScope::Cleanup:
break;		break;

case EHScope::Filter:		case EHScope::Filter:
llvm_unreachable("exception specifications not handled yet!");		llvm_unreachable("exception specifications not handled yet!");

case EHScope::Terminate:		case EHScope::Terminate:
DispatchBlock->setName("terminate");		DispatchBlock->setName("terminate");
break;		break;

		case EHScope::UB:
		assert(cast<EHUBScope>(EHS).getIsSanitized() && "Only when sanitizing");
		DispatchBlock->setName("ub");
		break;
}		}
EHS.setCachedEHDispatchBlock(DispatchBlock);		EHS.setCachedEHDispatchBlock(DispatchBlock);
return DispatchBlock;		return DispatchBlock;
}		}

/// Check whether this is a non-EH scope, i.e. a scope which doesn't		/// Check whether this is a non-EH scope, i.e. a scope which doesn't
/// affect exception handling. Currently, the only non-EH scopes are		/// affect exception handling. Currently, the only non-EH scopes are
/// normal-only cleanup scopes.		/// normal-only cleanup scopes.
static bool isNonEHScope(const EHScope &S) {		static bool isNonEHScope(const EHScope &S) {
switch (S.getKind()) {		switch (S.getKind()) {
case EHScope::Cleanup:		case EHScope::Cleanup:
return !cast<EHCleanupScope>(S).isEHCleanup();		return !cast<EHCleanupScope>(S).isEHCleanup();
case EHScope::Filter:		case EHScope::Filter:
case EHScope::Catch:		case EHScope::Catch:
case EHScope::Terminate:		case EHScope::Terminate:
		case EHScope::UB:
return false;		return false;
}		}

llvm_unreachable("Invalid EHScope Kind!");		llvm_unreachable("Invalid EHScope Kind!");
}		}

llvm::BasicBlock *CodeGenFunction::getInvokeDestImpl() {		llvm::BasicBlock *CodeGenFunction::getInvokeDestImpl() {
assert(EHStack.requiresLandingPad());		assert(EHStack.requiresLandingPad());
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines	llvm::BasicBlock *CodeGenFunction::EmitLandingPad() {
assert(EHStack.requiresLandingPad());		assert(EHStack.requiresLandingPad());
assert(!CGM.getLangOpts().IgnoreExceptions &&		assert(!CGM.getLangOpts().IgnoreExceptions &&
"LandingPad should not be emitted when -fignore-exceptions are in "		"LandingPad should not be emitted when -fignore-exceptions are in "
"effect.");		"effect.");
EHScope &innermostEHScope = *EHStack.find(EHStack.getInnermostEHScope());		EHScope &innermostEHScope = *EHStack.find(EHStack.getInnermostEHScope());
switch (innermostEHScope.getKind()) {		switch (innermostEHScope.getKind()) {
case EHScope::Terminate:		case EHScope::Terminate:
return getTerminateLandingPad();		return getTerminateLandingPad();
		case EHScope::UB:
		assert(cast<EHUBScope>(innermostEHScope).getIsSanitized() &&
		"Only when sanitizing");
		return getExceptionEscapeUBLandingPad();

case EHScope::Catch:		case EHScope::Catch:
case EHScope::Cleanup:		case EHScope::Cleanup:
case EHScope::Filter:		case EHScope::Filter:
if (llvm::BasicBlock *lpad = innermostEHScope.getCachedLandingPad())		if (llvm::BasicBlock *lpad = innermostEHScope.getCachedLandingPad())
return lpad;		return lpad;
}		}

Show All 29 Lines	for (EHScopeStack::iterator I = EHStack.begin(), E = EHStack.end(); I != E;

switch (I->getKind()) {		switch (I->getKind()) {
case EHScope::Cleanup:		case EHScope::Cleanup:
// If we have a cleanup, remember that.		// If we have a cleanup, remember that.
hasCleanup = (hasCleanup \|\| cast<EHCleanupScope>(*I).isEHCleanup());		hasCleanup = (hasCleanup \|\| cast<EHCleanupScope>(*I).isEHCleanup());
continue;		continue;

case EHScope::Filter: {		case EHScope::Filter: {
assert(I.next() == EHStack.end() && "EH filter is not end of EH stack");		assert((I.next() == EHStack.end() \|\| isa<EHUBScope>(*I.next())) &&
		"EH filter is not end of EH stack");
assert(!hasCatchAll && "EH filter reached after catch-all");		assert(!hasCatchAll && "EH filter reached after catch-all");

// Filter scopes get added to the landingpad in weird ways.		// Filter scopes get added to the landingpad in weird ways.
EHFilterScope &filter = cast<EHFilterScope>(*I);		EHFilterScope &filter = cast<EHFilterScope>(*I);
hasFilter = true;		hasFilter = true;

// Add all the filter values.		// Add all the filter values.
for (unsigned i = 0, e = filter.getNumFilters(); i != e; ++i)		for (unsigned i = 0, e = filter.getNumFilters(); i != e; ++i)
filterTypes.push_back(filter.getFilter(i));		filterTypes.push_back(filter.getFilter(i));
goto done;		goto done;
}		}

case EHScope::Terminate:		case EHScope::Terminate:
// Terminate scopes are basically catch-alls.		case EHScope::UB:
		// Terminate/UB scopes are basically catch-alls.
assert(!hasCatchAll);		assert(!hasCatchAll);
hasCatchAll = true;		hasCatchAll = true;
goto done;		goto done;

case EHScope::Catch:		case EHScope::Catch:
break;		break;
}		}

▲ Show 20 Lines • Show All 54 Lines • ▼ Show 20 Lines	done:

// Tell the backend how to generate the landing pad.		// Tell the backend how to generate the landing pad.
Builder.CreateBr(getEHDispatchBlock(EHStack.getInnermostEHScope()));		Builder.CreateBr(getEHDispatchBlock(EHStack.getInnermostEHScope()));

// Restore the old IR generation state.		// Restore the old IR generation state.
Builder.restoreIP(savedIP);		Builder.restoreIP(savedIP);

return lpad;		return lpad;
}		}

static void emitCatchPadBlock(CodeGenFunction &CGF, EHCatchScope &CatchScope) {		static void emitCatchPadBlock(CodeGenFunction &CGF, EHCatchScope &CatchScope) {
llvm::BasicBlock *DispatchBlock = CatchScope.getCachedEHDispatchBlock();		llvm::BasicBlock *DispatchBlock = CatchScope.getCachedEHDispatchBlock();
assert(DispatchBlock);		assert(DispatchBlock);

CGBuilderTy::InsertPoint SavedIP = CGF.Builder.saveIP();		CGBuilderTy::InsertPoint SavedIP = CGF.Builder.saveIP();
CGF.EmitBlockAfterUses(DispatchBlock);		CGF.EmitBlockAfterUses(DispatchBlock);

▲ Show 20 Lines • Show All 638 Lines • ▼ Show 20 Lines	llvm::BasicBlock *CodeGenFunction::getTerminateFunclet() {
Builder.CreateUnreachable();		Builder.CreateUnreachable();

// Restore the saved insertion state.		// Restore the saved insertion state.
Builder.restoreIP(SavedIP);		Builder.restoreIP(SavedIP);

return TerminateFunclet;		return TerminateFunclet;
}		}

		llvm::BasicBlock *CodeGenFunction::getExceptionEscapeUBSanitizerBB() {
		assert(SanOpts.has(SanitizerKind::ExceptionEscape) &&
		"Should only get here if the Exception Escape Sanitizer is enabled.");

		if (ExceptionEscapeUBSanitizerBB)
		return ExceptionEscapeUBSanitizerBB;

		SanitizerScope SanScope(this);

		CGBuilderTy::InsertPoint SavedIP = Builder.saveAndClearIP();

		// This will get inserted at the end of the function.
		ExceptionEscapeUBSanitizerBB =
		createBasicBlock("exception-escape.sanitization");
		Builder.SetInsertPoint(ExceptionEscapeUBSanitizerBB);

		llvm::Value *Exn = getExceptionFromSlot();

		llvm::Type *SourceLocationTy =
		EmitCheckSourceLocation(SourceLocation())->getType();
		ExceptionEscapeUBLastInvokeSrcLoc =
		CreateTempAlloca(SourceLocationTy, "invoke.srcloc");
		// The callers are responsible with populating this with relevant information.

		llvm::Value *InvokeSrcLoc = Builder.CreateLoad(
		Address(ExceptionEscapeUBLastInvokeSrcLoc, SourceLocationTy,
		CharUnits::fromQuantity(
		ExceptionEscapeUBLastInvokeSrcLoc->getAlign().value())),
		"curr.invoke.srcloc");

		llvm::Value *DynamicData[] = {InvokeSrcLoc, Exn};
		// FIXME: can we do anything interesting with `Exn`?
		EmitCheck({std::make_pair(llvm::ConstantInt::getFalse(getLLVMContext()),
		SanitizerKind::ExceptionEscape)},
		SanitizerHandler::ExceptionEscape, /StaticData=/{}, DynamicData);

		Builder.CreateUnreachable();

		// Restore the saved insertion state.
		Builder.restoreIP(SavedIP);

		return ExceptionEscapeUBSanitizerBB;
		}

		llvm::BasicBlock *CodeGenFunction::getExceptionEscapeUBLandingPad() {
		assert(SanOpts.has(SanitizerKind::ExceptionEscape) &&
		"Should only get here if the Exception Escape Sanitizer is enabled.");

		if (ExceptionEscapeUBLandingPad)
		return ExceptionEscapeUBLandingPad;

		llvm::BasicBlock *SanBB = getExceptionEscapeUBSanitizerBB();

		SanitizerScope SanScope(this);

		CGBuilderTy::InsertPoint SavedIP = Builder.saveAndClearIP();

		// This will get inserted at the end of the function.
		ExceptionEscapeUBLandingPad = createBasicBlock("exception-escape.lpad");
		Builder.SetInsertPoint(ExceptionEscapeUBLandingPad);

		// Tell the backend that this is a landing pad.
		const EHPersonality &Personality = EHPersonality::get(*this);

		if (!CurFn->hasPersonalityFn())
		CurFn->setPersonalityFn(getOpaquePersonalityFn(CGM, Personality));

		llvm::LandingPadInst *LPadInst =
		Builder.CreateLandingPad(llvm::StructType::get(Int8PtrTy, Int32Ty), 0);
		LPadInst->addClause(getCatchAllValue(*this));

		llvm::Value *Exn = nullptr;
		if (getLangOpts().CPlusPlus)
		Exn = Builder.CreateExtractValue(LPadInst, 0);
		Builder.CreateStore(Exn, getExceptionSlot());

		// And just fall through into the actual sanitizer block.
		Builder.CreateBr(SanBB);

		// Restore the saved insertion state.
		Builder.restoreIP(SavedIP);

		return ExceptionEscapeUBLandingPad;
		}

		llvm::BasicBlock *CodeGenFunction::getExceptionEscapeUBHandler() {
		assert(SanOpts.has(SanitizerKind::ExceptionEscape) &&
		"Should only get here if the Exception Escape Sanitizer is enabled.");

		if (ExceptionEscapeUBHandler)
		return ExceptionEscapeUBHandler;

		llvm::BasicBlock *SanBB = getExceptionEscapeUBSanitizerBB();

		// Set up the UB handler. This block is inserted at the very
		// end of the function by FinishFunction.
		ExceptionEscapeUBHandler = createBasicBlock("exception-escape.handler");
		CGBuilderTy::InsertPoint SavedIP = Builder.saveAndClearIP();
		Builder.SetInsertPoint(ExceptionEscapeUBHandler);

		// For C++, the exception is already in the slot, otherwise we need to store
		// null.
		if (!getLangOpts().CPlusPlus)
		Builder.CreateStore(/Exn=/nullptr, getExceptionSlot());

		// And just fall through into the actual sanitizer block.
		Builder.CreateBr(SanBB);

		// Restore the saved insertion state.
		Builder.restoreIP(SavedIP);

		return ExceptionEscapeUBHandler;
		}

llvm::BasicBlock *CodeGenFunction::getEHResumeBlock(bool isCleanup) {		llvm::BasicBlock *CodeGenFunction::getEHResumeBlock(bool isCleanup) {
if (EHResumeBlock) return EHResumeBlock;		if (EHResumeBlock) return EHResumeBlock;

CGBuilderTy::InsertPoint SavedIP = Builder.saveIP();		CGBuilderTy::InsertPoint SavedIP = Builder.saveIP();

// We emit a jump to a notional label at the outermost unwind state.		// We emit a jump to a notional label at the outermost unwind state.
EHResumeBlock = createBasicBlock("eh.resume");		EHResumeBlock = createBasicBlock("eh.resume");
Builder.SetInsertPoint(EHResumeBlock);		Builder.SetInsertPoint(EHResumeBlock);
▲ Show 20 Lines • Show All 674 Lines • Show Last 20 Lines

clang/lib/CodeGen/CGExpr.cpp

Show First 20 Lines • Show All 3,184 Lines • ▼ Show 20 Lines	enum class CheckRecoverableKind {
AlwaysRecoverable		AlwaysRecoverable
};		};
}		}

static CheckRecoverableKind getRecoverableKind(SanitizerMask Kind) {		static CheckRecoverableKind getRecoverableKind(SanitizerMask Kind) {
assert(Kind.countPopulation() == 1);		assert(Kind.countPopulation() == 1);
if (Kind == SanitizerKind::Function \|\| Kind == SanitizerKind::Vptr)		if (Kind == SanitizerKind::Function \|\| Kind == SanitizerKind::Vptr)
return CheckRecoverableKind::AlwaysRecoverable;		return CheckRecoverableKind::AlwaysRecoverable;
else if (Kind == SanitizerKind::Return \|\| Kind == SanitizerKind::Unreachable)		else if (Kind == SanitizerKind::ExceptionEscape \|\|
		Kind == SanitizerKind::Return \|\| Kind == SanitizerKind::Unreachable)
return CheckRecoverableKind::Unrecoverable;		return CheckRecoverableKind::Unrecoverable;
else		else
return CheckRecoverableKind::Recoverable;		return CheckRecoverableKind::Recoverable;
}		}

namespace {		namespace {
struct SanitizerHandlerInfo {		struct SanitizerHandlerInfo {
char const *const Name;		char const *const Name;
▲ Show 20 Lines • Show All 2,436 Lines • Show Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.h

Show First 20 Lines • Show All 128 Lines • ▼ Show 20 Lines	#define LIST_SANITIZER_CHECKS \
SANITIZER_CHECK(NonnullArg, nonnull_arg, 0) \		SANITIZER_CHECK(NonnullArg, nonnull_arg, 0) \
SANITIZER_CHECK(NonnullReturn, nonnull_return, 1) \		SANITIZER_CHECK(NonnullReturn, nonnull_return, 1) \
SANITIZER_CHECK(OutOfBounds, out_of_bounds, 0) \		SANITIZER_CHECK(OutOfBounds, out_of_bounds, 0) \
SANITIZER_CHECK(PointerOverflow, pointer_overflow, 0) \		SANITIZER_CHECK(PointerOverflow, pointer_overflow, 0) \
SANITIZER_CHECK(ShiftOutOfBounds, shift_out_of_bounds, 0) \		SANITIZER_CHECK(ShiftOutOfBounds, shift_out_of_bounds, 0) \
SANITIZER_CHECK(SubOverflow, sub_overflow, 0) \		SANITIZER_CHECK(SubOverflow, sub_overflow, 0) \
SANITIZER_CHECK(TypeMismatch, type_mismatch, 1) \		SANITIZER_CHECK(TypeMismatch, type_mismatch, 1) \
SANITIZER_CHECK(AlignmentAssumption, alignment_assumption, 0) \		SANITIZER_CHECK(AlignmentAssumption, alignment_assumption, 0) \
SANITIZER_CHECK(VLABoundNotPositive, vla_bound_not_positive, 0)		SANITIZER_CHECK(VLABoundNotPositive, vla_bound_not_positive, 0) \
		SANITIZER_CHECK(ExceptionEscape, exception_escape, 0)

enum SanitizerHandler {		enum SanitizerHandler {
#define SANITIZER_CHECK(Enum, Name, Version) Enum,		#define SANITIZER_CHECK(Enum, Name, Version) Enum,
LIST_SANITIZER_CHECKS		LIST_SANITIZER_CHECKS
#undef SANITIZER_CHECK		#undef SANITIZER_CHECK
};		};

/// Helper class with most of the code for saving a value for a		/// Helper class with most of the code for saving a value for a
▲ Show 20 Lines • Show All 1,808 Lines • ▼ Show 20 Lines	private:
/// runtime return value checks.		/// runtime return value checks.
Address ReturnLocation = Address::invalid();		Address ReturnLocation = Address::invalid();

/// Check if the return value of this function requires sanitization.		/// Check if the return value of this function requires sanitization.
bool requiresReturnValueCheck() const;		bool requiresReturnValueCheck() const;

llvm::BasicBlock *TerminateLandingPad = nullptr;		llvm::BasicBlock *TerminateLandingPad = nullptr;
llvm::BasicBlock *TerminateHandler = nullptr;		llvm::BasicBlock *TerminateHandler = nullptr;

		llvm::BasicBlock *ExceptionEscapeUBSanitizerBB = nullptr;
		llvm::BasicBlock *ExceptionEscapeUBLandingPad = nullptr;
		llvm::BasicBlock *ExceptionEscapeUBHandler = nullptr;

llvm::SmallVector<llvm::BasicBlock *, 2> TrapBBs;		llvm::SmallVector<llvm::BasicBlock *, 2> TrapBBs;

/// Terminate funclets keyed by parent funclet pad.		/// Terminate funclets keyed by parent funclet pad.
llvm::MapVector<llvm::Value , llvm::BasicBlock > TerminateFunclets;		llvm::MapVector<llvm::Value , llvm::BasicBlock > TerminateFunclets;

		llvm::BasicBlock *UBLandingPad = nullptr;
		llvm::AllocaInst *ExceptionEscapeUBLastInvokeSrcLoc = nullptr;

/// Largest vector width used in ths function. Will be used to create a		/// Largest vector width used in ths function. Will be used to create a
/// function attribute.		/// function attribute.
unsigned LargestVectorWidth = 0;		unsigned LargestVectorWidth = 0;

/// True if we need emit the life-time markers. This is initially set in		/// True if we need emit the life-time markers. This is initially set in
/// the constructor, but could be overwritten to true if this is a coroutine.		/// the constructor, but could be overwritten to true if this is a coroutine.
bool ShouldEmitLifetimeMarkers;		bool ShouldEmitLifetimeMarkers;

Show All 36 Lines	public:
llvm::BasicBlock *getUnreachableBlock() {		llvm::BasicBlock *getUnreachableBlock() {
if (!UnreachableBlock) {		if (!UnreachableBlock) {
UnreachableBlock = createBasicBlock("unreachable");		UnreachableBlock = createBasicBlock("unreachable");
new llvm::UnreachableInst(getLLVMContext(), UnreachableBlock);		new llvm::UnreachableInst(getLLVMContext(), UnreachableBlock);
}		}
return UnreachableBlock;		return UnreachableBlock;
}		}

llvm::BasicBlock *getInvokeDest() {		llvm::BasicBlock *getInvokeDest() {
		rjmccallUnsubmitted Done Reply Inline Actions I'm not sure why this has a default argument. rjmccall: I'm not sure why this has a default argument.
if (!EHStack.requiresLandingPad()) return nullptr;		if (!EHStack.requiresLandingPad()) return nullptr;
return getInvokeDestImpl();		return getInvokeDestImpl();
}		}

bool currentFunctionUsesSEHTry() const { return !!CurSEHParent; }		bool currentFunctionUsesSEHTry() const { return !!CurSEHParent; }

const TargetInfo &getTarget() const { return Target; }		const TargetInfo &getTarget() const { return Target; }
		rjmccallUnsubmitted Done Reply Inline Actions The purpose of `getInvokeDestImpl` is to outline the slow path, and this definitely belongs in the slow path. rjmccall: The purpose of `getInvokeDestImpl` is to outline the slow path, and this definitely belongs in…
		lebedev.riAuthorUnsubmitted Done Reply Inline Actions The problem is that we aggressively cache all the EH stuff. I will take a second look, maybe this can be done less intrusively. lebedev.ri: The problem is that we aggressively cache all the EH stuff. I will take a second look, maybe…
llvm::LLVMContext &getLLVMContext() { return CGM.getLLVMContext(); }		llvm::LLVMContext &getLLVMContext() { return CGM.getLLVMContext(); }
const TargetCodeGenInfo &getTargetHooks() const {		const TargetCodeGenInfo &getTargetHooks() const {
return CGM.getTargetCodeGenInfo();		return CGM.getTargetCodeGenInfo();
}		}

//===--------------------------------------------------------------------===//		//===--------------------------------------------------------------------===//
// Cleanups		// Cleanups
//===--------------------------------------------------------------------===//		//===--------------------------------------------------------------------===//
▲ Show 20 Lines • Show All 342 Lines • ▼ Show 20 Lines	public:
/// EmitFunctionEpilog - Emit the target specific LLVM code to return the		/// EmitFunctionEpilog - Emit the target specific LLVM code to return the
/// given temporary.		/// given temporary.
void EmitFunctionEpilog(const CGFunctionInfo &FI, bool EmitRetDbgLoc,		void EmitFunctionEpilog(const CGFunctionInfo &FI, bool EmitRetDbgLoc,
SourceLocation EndLoc);		SourceLocation EndLoc);

/// Emit a test that checks if the return value \p RV is nonnull.		/// Emit a test that checks if the return value \p RV is nonnull.
void EmitReturnValueCheck(llvm::Value *RV);		void EmitReturnValueCheck(llvm::Value *RV);

		/// Internal to `EmitStartEHSpec()`/`EmitEndEHSpec()`, do not use directly.
		bool ExceptionEscapeIsProgramTermination(const Decl *D, bool IsStart);

/// EmitStartEHSpec - Emit the start of the exception spec.		/// EmitStartEHSpec - Emit the start of the exception spec.
void EmitStartEHSpec(const Decl *D);		void EmitStartEHSpec(const Decl *D);

/// EmitEndEHSpec - Emit the end of the exception spec.		/// EmitEndEHSpec - Emit the end of the exception spec.
void EmitEndEHSpec(const Decl *D);		void EmitEndEHSpec(const Decl *D);

		/// getExceptionEscapeUBLandingPad - Return a simple basic block
		/// that just calls the ubsan handler, if enabled.
		llvm::BasicBlock *getExceptionEscapeUBSanitizerBB();

/// getTerminateLandingPad - Return a landing pad that just calls terminate.		/// getTerminateLandingPad - Return a landing pad that just calls terminate.
llvm::BasicBlock *getTerminateLandingPad();		llvm::BasicBlock *getTerminateLandingPad();

		/// getExceptionEscapeUBLandingPad - Return a landing pad that just calls
		/// ubsan handler, if enabled.
		llvm::BasicBlock *getExceptionEscapeUBLandingPad();

/// getTerminateLandingPad - Return a cleanup funclet that just calls		/// getTerminateLandingPad - Return a cleanup funclet that just calls
/// terminate.		/// terminate.
llvm::BasicBlock *getTerminateFunclet();		llvm::BasicBlock *getTerminateFunclet();

/// getTerminateHandler - Return a handler (not a landing pad, just		/// getTerminateHandler - Return a handler (not a landing pad, just
/// a catch handler) that just calls terminate. This is used when		/// a catch handler) that just calls terminate. This is used when
/// a terminate scope encloses a try.		/// a terminate scope encloses a try.
llvm::BasicBlock *getTerminateHandler();		llvm::BasicBlock *getTerminateHandler();

		/// getExceptionEscapeUBHandler - Return a handler (not a landing pad, just
		/// a catch handler) that just calls ubsan check, if it is enabled.
		/// This is used when a UB scope encloses a try.
		llvm::BasicBlock *getExceptionEscapeUBHandler();

llvm::Type *ConvertTypeForMem(QualType T);		llvm::Type *ConvertTypeForMem(QualType T);
llvm::Type *ConvertType(QualType T);		llvm::Type *ConvertType(QualType T);
llvm::Type ConvertType(const TypeDecl T) {		llvm::Type ConvertType(const TypeDecl T) {
return ConvertType(getContext().getTypeDeclType(T));		return ConvertType(getContext().getTypeDeclType(T));
}		}

/// LoadObjCSelf - Load the value of self. This function is only valid while		/// LoadObjCSelf - Load the value of self. This function is only valid while
/// generating code for an Objective-C method.		/// generating code for an Objective-C method.
▲ Show 20 Lines • Show All 1,589 Lines • ▼ Show 20 Lines	public:
LValue EmitPointerToDataMemberBinaryExpr(const BinaryOperator *E);		LValue EmitPointerToDataMemberBinaryExpr(const BinaryOperator *E);
LValue EmitObjCSelectorLValue(const ObjCSelectorExpr *E);		LValue EmitObjCSelectorLValue(const ObjCSelectorExpr *E);
void EmitDeclRefExprDbgValue(const DeclRefExpr *E, const APValue &Init);		void EmitDeclRefExprDbgValue(const DeclRefExpr *E, const APValue &Init);

//===--------------------------------------------------------------------===//		//===--------------------------------------------------------------------===//
// Scalar Expression Emission		// Scalar Expression Emission
//===--------------------------------------------------------------------===//		//===--------------------------------------------------------------------===//

		void MaybeRecordCurrLocForExceptionEscapeUBSan(SourceLocation Loc);

/// EmitCall - Generate a call of the given function, expecting the given		/// EmitCall - Generate a call of the given function, expecting the given
/// result type, and using the given argument list which specifies both the		/// result type, and using the given argument list which specifies both the
/// LLVM arguments and the types they were derived from.		/// LLVM arguments and the types they were derived from.
RValue EmitCall(const CGFunctionInfo &CallInfo, const CGCallee &Callee,		RValue EmitCall(const CGFunctionInfo &CallInfo, const CGCallee &Callee,
ReturnValueSlot ReturnValue, const CallArgList &Args,		ReturnValueSlot ReturnValue, const CallArgList &Args,
llvm::CallBase **callOrInvoke, bool IsMustTail,		llvm::CallBase **callOrInvoke, bool IsMustTail,
SourceLocation Loc);		SourceLocation Loc);
RValue EmitCall(const CGFunctionInfo &CallInfo, const CGCallee &Callee,		RValue EmitCall(const CGFunctionInfo &CallInfo, const CGCallee &Callee,
▲ Show 20 Lines • Show All 856 Lines • Show Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 Lines • Show All 440 Lines • ▼ Show 20 Lines	if (PN->getNumIncomingValues() == 0) {
PN->eraseFromParent();		PN->eraseFromParent();
}		}
}		}

EmitIfUsed(*this, EHResumeBlock);		EmitIfUsed(*this, EHResumeBlock);
EmitIfUsed(*this, TerminateLandingPad);		EmitIfUsed(*this, TerminateLandingPad);
EmitIfUsed(*this, TerminateHandler);		EmitIfUsed(*this, TerminateHandler);
EmitIfUsed(*this, UnreachableBlock);		EmitIfUsed(*this, UnreachableBlock);
		EmitIfUsed(*this, ExceptionEscapeUBSanitizerBB);
		EmitIfUsed(*this, ExceptionEscapeUBLandingPad);
		EmitIfUsed(*this, ExceptionEscapeUBHandler);

for (const auto &FuncletAndParent : TerminateFunclets)		for (const auto &FuncletAndParent : TerminateFunclets)
EmitIfUsed(*this, FuncletAndParent.second);		EmitIfUsed(*this, FuncletAndParent.second);

if (CGM.getCodeGenOpts().EmitDeclMetadata)		if (CGM.getCodeGenOpts().EmitDeclMetadata)
EmitDeclMetadata();		EmitDeclMetadata();

for (const auto &R : DeferredReplacements) {		for (const auto &R : DeferredReplacements) {
▲ Show 20 Lines • Show All 2,346 Lines • Show Last 20 Lines

clang/lib/CodeGen/EHScopeStack.h

Show First 20 Lines • Show All 336 Lines • ▼ Show 20 Lines	public:
void popFilter();		void popFilter();

/// Push a terminate handler on the stack.		/// Push a terminate handler on the stack.
void pushTerminate();		void pushTerminate();

/// Pops a terminate handler off the stack.		/// Pops a terminate handler off the stack.
void popTerminate();		void popTerminate();

		/// Push a UB handler on the stack.
		void pushUB(bool isSanitized);

		/// Pops a UB handler off the stack.
		void popUB();

// Returns true iff the current scope is either empty or contains only		// Returns true iff the current scope is either empty or contains only
// lifetime markers, i.e. no real cleanup code		// lifetime markers, i.e. no real cleanup code
bool containsOnlyLifetimeMarkers(stable_iterator Old) const;		bool containsOnlyLifetimeMarkers(stable_iterator Old) const;

/// Determines whether the exception-scopes stack is empty.		/// Determines whether the exception-scopes stack is empty.
bool empty() const { return StartOfData == EndOfBuffer; }		bool empty() const { return StartOfData == EndOfBuffer; }

		/// An unstable reference to a scope-stack depth. Invalidated by
		/// pushes but not pops.
		class iterator;

		EHScopeStack::iterator getInnermostEHScopeForUnwind() const;
		bool wouldUnwindBeUB() const;
bool requiresLandingPad() const;		bool requiresLandingPad() const;

/// Determines whether there are any normal cleanups on the stack.		/// Determines whether there are any normal cleanups on the stack.
bool hasNormalCleanups() const {		bool hasNormalCleanups() const {
return InnermostNormalCleanup != stable_end();		return InnermostNormalCleanup != stable_end();
}		}

/// Returns the innermost normal cleanup on the stack, or		/// Returns the innermost normal cleanup on the stack, or
/// stable_end() if there are no normal cleanups.		/// stable_end() if there are no normal cleanups.
stable_iterator getInnermostNormalCleanup() const {		stable_iterator getInnermostNormalCleanup() const {
return InnermostNormalCleanup;		return InnermostNormalCleanup;
}		}
stable_iterator getInnermostActiveNormalCleanup() const;		stable_iterator getInnermostActiveNormalCleanup() const;

stable_iterator getInnermostEHScope() const {		stable_iterator getInnermostEHScope() const {
return InnermostEHScope;		return InnermostEHScope;
}		}


/// An unstable reference to a scope-stack depth. Invalidated by
/// pushes but not pops.
class iterator;

/// Returns an iterator pointing to the innermost EH scope.		/// Returns an iterator pointing to the innermost EH scope.
iterator begin() const;		iterator begin() const;

/// Returns an iterator pointing to the outermost EH scope.		/// Returns an iterator pointing to the outermost EH scope.
iterator end() const;		iterator end() const;

/// Create a stable reference to the top of the EH stack. The		/// Create a stable reference to the top of the EH stack. The
/// returned reference is valid until that scope is popped off the		/// returned reference is valid until that scope is popped off the
▲ Show 20 Lines • Show All 44 Lines • Show Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines	static const SanitizerMask SupportsCoverage =
SanitizerKind::DataFlow \| SanitizerKind::Fuzzer \|		SanitizerKind::DataFlow \| SanitizerKind::Fuzzer \|
SanitizerKind::FuzzerNoLink \| SanitizerKind::FloatDivideByZero \|		SanitizerKind::FuzzerNoLink \| SanitizerKind::FloatDivideByZero \|
SanitizerKind::SafeStack \| SanitizerKind::ShadowCallStack \|		SanitizerKind::SafeStack \| SanitizerKind::ShadowCallStack \|
SanitizerKind::Thread \| SanitizerKind::ObjCCast \| SanitizerKind::KCFI;		SanitizerKind::Thread \| SanitizerKind::ObjCCast \| SanitizerKind::KCFI;
static const SanitizerMask RecoverableByDefault =		static const SanitizerMask RecoverableByDefault =
SanitizerKind::Undefined \| SanitizerKind::Integer \|		SanitizerKind::Undefined \| SanitizerKind::Integer \|
SanitizerKind::ImplicitConversion \| SanitizerKind::Nullability \|		SanitizerKind::ImplicitConversion \| SanitizerKind::Nullability \|
SanitizerKind::FloatDivideByZero \| SanitizerKind::ObjCCast;		SanitizerKind::FloatDivideByZero \| SanitizerKind::ObjCCast;
static const SanitizerMask Unrecoverable =		static const SanitizerMask Unrecoverable = SanitizerKind::Unreachable \|
SanitizerKind::Unreachable \| SanitizerKind::Return;		SanitizerKind::Return \|
		SanitizerKind::ExceptionEscape;
static const SanitizerMask AlwaysRecoverable = SanitizerKind::KernelAddress \|		static const SanitizerMask AlwaysRecoverable = SanitizerKind::KernelAddress \|
SanitizerKind::KernelHWAddress \|		SanitizerKind::KernelHWAddress \|
SanitizerKind::KCFI;		SanitizerKind::KCFI;
static const SanitizerMask NeedsLTO = SanitizerKind::CFI;		static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
static const SanitizerMask TrappingSupported =		static const SanitizerMask TrappingSupported =
(SanitizerKind::Undefined & ~SanitizerKind::Vptr) \| SanitizerKind::Integer \|		(SanitizerKind::Undefined & ~SanitizerKind::Vptr) \| SanitizerKind::Integer \|
SanitizerKind::Nullability \| SanitizerKind::LocalBounds \|		SanitizerKind::Nullability \| SanitizerKind::LocalBounds \|
SanitizerKind::CFI \| SanitizerKind::FloatDivideByZero \|		SanitizerKind::CFI \| SanitizerKind::FloatDivideByZero \|
▲ Show 20 Lines • Show All 1,379 Lines • Show Last 20 Lines

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp

// RUN: %clang_cc1 -triple x86_64-windows -fasync-exceptions -fcxx-exceptions -fexceptions -fms-extensions -x c++ -Wno-implicit-function-declaration -S -emit-llvm %s -o - \| FileCheck %s		// RUN: %clang_cc1 -triple x86_64-windows -fasync-exceptions -fcxx-exceptions -fexceptions -fms-extensions -x c++ -Wno-implicit-function-declaration -S -emit-llvm %s -o - \| FileCheck %s

		// FIXME: this check appears to be miscompiled?
		lebedev.riAuthorUnsubmitted Done Reply Inline Actions This test broke once we always started adding (outermost) UB scope for nounwind functions. I don't quite get what is going wrong. It could be a bug in SEH handling. Can someone who has some idea about that code take a look and suggest a fix? @tentzen ? lebedev.ri: This test broke once we always started adding (outermost) UB scope for nounwind functions. I…
		tentzenUnsubmitted Done Reply Inline Actions By definition, non-unwind function I think is for Synchronous EH. So this Sanitizer check should exclude Asynchronous EH functions, those with option -fasync-exceptions. tentzen: By definition, non-unwind function I think is for Synchronous EH. So this Sanitizer check…
		lebedev.riAuthorUnsubmitted Done Reply Inline Actions I do not understand. If the function can unwind, then why is it marked `nounwind`? This kind of thing is exactly what i was afraid of with those SEH patches. lebedev.ri: I do not understand. If the function can unwind, then why is it marked `nounwind`? This kind of…
		efriedmaUnsubmitted Done Reply Inline Actions clang should not be marking functions "nounwind" in -fasync-exceptions mode; if it is, I'd consider that a bug. (I assume someone just forgot to add a check to some code that adds nounwind.) efriedma: clang should not be marking functions "nounwind" in -fasync-exceptions mode; if it is, I'd…
		lebedev.riAuthorUnsubmitted Done Reply Inline Actions My thoughts precisely. @tentzen please fix :) lebedev.ri: My thoughts precisely. @tentzen please fix :)
		tentzenUnsubmitted Not Done Reply Inline Actions This is copied from LLVM reference manual: nounwind This function attribute indicates that the function never raises an exception. If the function does raise an exception, its runtime behavior is undefined. However, functions marked nounwind may still trap or generate asynchronous exceptions. Exception handling schemes that are recognized by LLVM to handle asynchronous exceptions, such as SEH, will still provide their implementation defined semantics. So I think nounwind only implies no synchronous/software unwind, not HW traps etc. tentzen: This is copied from LLVM reference manual: nounwind This function attribute indicates that the…
		lebedev.riAuthorUnsubmitted Not Done Reply Inline Actions Ok, good point. But i'm still not quite sure why the test is getting miscompiled. lebedev.ri: Ok, good point. But i'm still not quite sure why the test is getting miscompiled.
		// XFAIL: *

// CHECK: define dso_local noundef i32 @"?bar@@YAHHVB1@@VB2@@@Z"		// CHECK: define dso_local noundef i32 @"?bar@@YAHHVB1@@VB2@@@Z"
// CHECK: %coerce.dive1 = getelementptr inbounds %class.B2		// CHECK: %coerce.dive1 = getelementptr inbounds %class.B2
// CHECK: %coerce.dive2 = getelementptr inbounds %class.B1		// CHECK: %coerce.dive2 = getelementptr inbounds %class.B1
// ----- scope begin of two passed-by-value temps		// ----- scope begin of two passed-by-value temps
// CHECK: invoke void @llvm.seh.scope.begin()		// CHECK: invoke void @llvm.seh.scope.begin()
// CHECK: invoke void @llvm.seh.scope.begin()		// CHECK: invoke void @llvm.seh.scope.begin()
// CHECK: invoke void @llvm.seh.scope.end()		// CHECK: invoke void @llvm.seh.scope.end()
// CHECK: call void @"??1B1@@QEAA@XZ"		// CHECK: call void @"??1B1@@QEAA@XZ"
▲ Show 20 Lines • Show All 111 Lines • ▼ Show 20 Lines	int main() {

// Test: returned by value		// Test: returned by value
// Per Windows ABI, caller allocate a temp in stack, then ctored by callee,		// Per Windows ABI, caller allocate a temp in stack, then ctored by callee,
// finally dtored in caller after consumed		// finally dtored in caller after consumed
class B1 b1fromgoo = goo(i);		class B1 b1fromgoo = goo(i);

return m + b1fromgoo.data + b3inmain.data;		return m + b1fromgoo.data + b3inmain.data;
}		}
No newline at end of file		No newline at end of file

clang/test/CodeGenCXX/catch-exception-escape.cpp

This file was added.

				// NOTE: Assertions have been autogenerated by utils/update_cc_test_checks.py UTC_ARGS: --function-signature --check-attributes --check-globals
				// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-NO-EXCEPTIONS
				// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu -fexceptions -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-NOSANITIZE
				// RUN: %clang_cc1 -fsanitize=exception-escape -emit-llvm %s -o - -triple x86_64-linux-gnu -fexceptions -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-SANITIZE-NORECOVER
				// RUN: %clang_cc1 -fsanitize=exception-escape -fno-sanitize-recover=exception-escape -emit-llvm %s -o - -triple x86_64-linux-gnu -fexceptions -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-SANITIZE-NORECOVER
				// RUN: %clang_cc1 -fsanitize=exception-escape -fsanitize-trap=exception-escape -emit-llvm %s -o - -triple x86_64-linux-gnu -fexceptions -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-SANITIZE-TRAP

				void will_throw(int line = __builtin_LINE());
				void might_throw(int line = __builtin_LINE());
				void will_not_throw(int line = __builtin_LINE()) noexcept;

				// CHECK-NO-EXCEPTIONS: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-NO-EXCEPTIONS-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-NO-EXCEPTIONS-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] {
				// CHECK-NO-EXCEPTIONS-NEXT: entry:
				// CHECK-NO-EXCEPTIONS-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NO-EXCEPTIONS-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NO-EXCEPTIONS: if.then:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 100) #[[ATTR4:[0-9]+]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END]]
				// CHECK-NO-EXCEPTIONS: if.end:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-NO-EXCEPTIONS: if.then2:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 300) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END3]]
				// CHECK-NO-EXCEPTIONS: if.end3:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END6:%.]]
				// CHECK-NO-EXCEPTIONS: if.then5:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 500)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END6]]
				// CHECK-NO-EXCEPTIONS: if.end6:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP3:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP7:%.*]] = icmp eq i32 [[TMP3]], 5
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP7]], label [[IF_THEN8:%.]], label [[IF_END9:%.]]
				// CHECK-NO-EXCEPTIONS: if.then8:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 900)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END9]]
				// CHECK-NO-EXCEPTIONS: if.end9:
				// CHECK-NO-EXCEPTIONS-NEXT: ret void
				//
				// CHECK-NOSANITIZE: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-NOSANITIZE-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-NOSANITIZE-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-NOSANITIZE-NEXT: entry:
				// CHECK-NOSANITIZE-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-NOSANITIZE-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[X12:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NOSANITIZE: if.then:
				// CHECK-NOSANITIZE-NEXT: call void @_Z10will_throwi(i32 noundef 100) #[[ATTR7:[0-9]+]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END]]
				// CHECK-NOSANITIZE: if.end:
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-NOSANITIZE: if.then2:
				// CHECK-NOSANITIZE-NEXT: call void @_Z10will_throwi(i32 noundef 300) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END3]]
				// CHECK-NOSANITIZE: if.end3:
				// CHECK-NOSANITIZE-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END6:%.]]
				// CHECK-NOSANITIZE: if.then5:
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-NOSANITIZE: lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH:%.*]]
				// CHECK-NOSANITIZE: catch:
				// CHECK-NOSANITIZE-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: call void @_Z11might_throwi(i32 noundef 700) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: call void @__cxa_rethrow() #[[ATTR8:[0-9]+]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: try.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END6]]
				// CHECK-NOSANITIZE: if.end6:
				// CHECK-NOSANITIZE-NEXT: [[TMP7:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP7:%.*]] = icmp eq i32 [[TMP7]], 5
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP7]], label [[IF_THEN8:%.]], label [[IF_END15:%.]]
				// CHECK-NOSANITIZE: if.then8:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT10:%.]] unwind label [[LPAD9:%.]]
				// CHECK-NOSANITIZE: invoke.cont10:
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT14:%.*]]
				// CHECK-NOSANITIZE: lpad9:
				// CHECK-NOSANITIZE-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr @_ZTIi
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-NOSANITIZE: catch.dispatch:
				// CHECK-NOSANITIZE-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP11:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP11]]
				// CHECK-NOSANITIZE-NEXT: br i1 [[MATCHES]], label [[CATCH11:%.]], label [[UNREACHABLE:%.]]
				// CHECK-NOSANITIZE: catch11:
				// CHECK-NOSANITIZE-NEXT: [[EXN13:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP12:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN13]]) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP13:%.*]] = load i32, ptr [[TMP12]], align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP13]], ptr [[X12]], align 4
				// CHECK-NOSANITIZE-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP14:%.*]] = load i32, ptr [[X12]], align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP14]], ptr [[EXCEPTION]], align 16
				// CHECK-NOSANITIZE-NEXT: call void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR8]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: try.cont14:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END15]]
				// CHECK-NOSANITIZE: if.end15:
				// CHECK-NOSANITIZE-NEXT: ret void
				// CHECK-NOSANITIZE: unreachable:
				// CHECK-NOSANITIZE-NEXT: unreachable
				//
				// CHECK-SANITIZE-NORECOVER: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-SANITIZE-NORECOVER-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-SANITIZE-NORECOVER-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-NORECOVER-NEXT: entry:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[INVOKE_SRCLOC:%.*]] = alloca { ptr, i32, i32 }, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP:%.*]] = alloca { ptr, i32, i32 }, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 100, i32 5 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 100)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[EXCEPTION_ESCAPE_LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-NORECOVER: handler.exception_escape:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } [[CURR_INVOKE_SRCLOC:%.*]], ptr [[TMP]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP1:%.*]] = ptrtoint ptr [[TMP]] to i64, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP2:%.]] = ptrtoint ptr [[EXN19:%.]] to i64, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_exception_escape(i64 [[TMP1]], i64 [[TMP2]]) #[[ATTR8:[0-9]+]], !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: if.end:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR9:[0-9]+]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP3:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP3]], 3
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then2:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 300, i32 5 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 300)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT3:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont3:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END4]]
				// CHECK-SANITIZE-NORECOVER: if.end4:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP4:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP4]], 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END9:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then6:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 500, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont7:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP5:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP6]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP7:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP7]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: catch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP8:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 700, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT8:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont8:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 800, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_rethrow() #[[ATTR10:[0-9]+]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: try.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END9]]
				// CHECK-SANITIZE-NORECOVER: if.end9:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP9:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP9]], 5
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END18:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then11:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 900, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont13:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT17:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad12:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP10:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr @_ZTIi
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP11:%.*]] = extractvalue { ptr, i32 } [[TMP10]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP11]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP12:%.*]] = extractvalue { ptr, i32 } [[TMP10]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP12]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: catch.dispatch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP13:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP13]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.]], label [[EXCEPTION_ESCAPE_HANDLER:%.]]
				// CHECK-SANITIZE-NORECOVER: catch14:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP14:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP15:%.*]] = load i32, ptr [[TMP14]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP15]], ptr [[X15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 1000, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP16:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP16]], ptr [[EXCEPTION]], align 16
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR10]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: try.cont17:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END18]]
				// CHECK-SANITIZE-NORECOVER: if.end18:
				// CHECK-SANITIZE-NORECOVER-NEXT: ret void
				// CHECK-SANITIZE-NORECOVER: unreachable:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: exception-escape.sanitization:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN19]] = load ptr, ptr [[EXN_SLOT]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CURR_INVOKE_SRCLOC]] = load { ptr, i32, i32 }, ptr [[INVOKE_SRCLOC]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 false, label [[CONT:%.]], label [[HANDLER_EXCEPTION_ESCAPE:%.]], !prof [[PROF3:![0-9]+]], !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: exception-escape.lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP17:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP18:%.*]] = extractvalue { ptr, i32 } [[TMP17]], 0, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP18]], ptr [[EXN_SLOT]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EXCEPTION_ESCAPE_SANITIZATION:%.*]], !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: exception-escape.handler:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EXCEPTION_ESCAPE_SANITIZATION]]
				//
				// CHECK-SANITIZE-TRAP: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-SANITIZE-TRAP-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-SANITIZE-TRAP-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-TRAP-NEXT: entry:
				// CHECK-SANITIZE-TRAP-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[INVOKE_SRCLOC:%.*]] = alloca { ptr, i32, i32 }, align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-TRAP: if.then:
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 100, i32 5 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 100)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[EXCEPTION_ESCAPE_LPAD:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-TRAP: trap:
				// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.ubsantrap(i8 25) #[[ATTR8:[0-9]+]], !nosanitize !2
				// CHECK-SANITIZE-TRAP-NEXT: unreachable, !nosanitize !2
				// CHECK-SANITIZE-TRAP: cont:
				// CHECK-SANITIZE-TRAP-NEXT: unreachable, !nosanitize !2
				// CHECK-SANITIZE-TRAP: if.end:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR9:[0-9]+]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-SANITIZE-TRAP: if.then2:
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 300, i32 5 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 300)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT3:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-TRAP: invoke.cont3:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END4]]
				// CHECK-SANITIZE-TRAP: if.end4:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END9:%.]]
				// CHECK-SANITIZE-TRAP: if.then6:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 500, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont7:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-TRAP: lpad:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-TRAP: catch:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 700, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT8:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-TRAP: invoke.cont8:
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 800, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_rethrow() #[[ATTR10:[0-9]+]]
				// CHECK-SANITIZE-TRAP-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-TRAP: try.cont:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END9]]
				// CHECK-SANITIZE-TRAP: if.end9:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP7:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP7]], 5
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END18:%.]]
				// CHECK-SANITIZE-TRAP: if.then11:
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 900, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont13:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[TRY_CONT17:%.*]]
				// CHECK-SANITIZE-TRAP: lpad12:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr @_ZTIi
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-SANITIZE-TRAP: catch.dispatch:
				// CHECK-SANITIZE-TRAP-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP11:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP11]]
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.]], label [[EXCEPTION_ESCAPE_HANDLER:%.]]
				// CHECK-SANITIZE-TRAP: catch14:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP12:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP13:%.*]] = load i32, ptr [[TMP12]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP13]], ptr [[X15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 1000, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP14:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP14]], ptr [[EXCEPTION]], align 16
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR10]]
				// CHECK-SANITIZE-TRAP-NEXT: to label [[UNREACHABLE]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-TRAP: try.cont17:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END18]]
				// CHECK-SANITIZE-TRAP: if.end18:
				// CHECK-SANITIZE-TRAP-NEXT: ret void
				// CHECK-SANITIZE-TRAP: unreachable:
				// CHECK-SANITIZE-TRAP-NEXT: unreachable
				// CHECK-SANITIZE-TRAP: exception-escape.sanitization:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN19:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8, !nosanitize !2
				// CHECK-SANITIZE-TRAP-NEXT: [[CURR_INVOKE_SRCLOC:%.*]] = load { ptr, i32, i32 }, ptr [[INVOKE_SRCLOC]], align 8, !nosanitize !2
				// CHECK-SANITIZE-TRAP-NEXT: br i1 false, label [[CONT:%.]], label [[TRAP:%.]], !nosanitize !2
				// CHECK-SANITIZE-TRAP: exception-escape.lpad:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP15:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null, !nosanitize !2
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP16:%.*]] = extractvalue { ptr, i32 } [[TMP15]], 0, !nosanitize !2
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP16]], ptr [[EXN_SLOT]], align 8, !nosanitize !2
				// CHECK-SANITIZE-TRAP-NEXT: br label [[EXCEPTION_ESCAPE_SANITIZATION:%.*]], !nosanitize !2
				// CHECK-SANITIZE-TRAP: exception-escape.handler:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[EXCEPTION_ESCAPE_SANITIZATION]]
				//
				void __attribute__((pure)) footgun_exception_escape_is_ub(int x) {
				if (x == 2) {
				#line 100
				will_throw();
				}
				#line 200
				will_not_throw();
				if (x == 3) {
				#line 300
				will_throw();
				}
				if (x == 4) {
				try {
				#line 400
				will_not_throw();
				#line 500
				will_throw();
				} catch (...) {
				#line 600
				will_not_throw();
				#line 700
				might_throw();
				#line 800
				throw;
				}
				}
				if (x == 5) {
				try {
				#line 900
				will_throw();
				} catch (int x) {
				#line 1000
				throw x;
				}
				}
				}

				// CHECK-NO-EXCEPTIONS: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-NO-EXCEPTIONS-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-NO-EXCEPTIONS-SAME: (i32 noundef [[X:%.*]]) #[[ATTR3:[0-9]+]] {
				// CHECK-NO-EXCEPTIONS-NEXT: entry:
				// CHECK-NO-EXCEPTIONS-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NO-EXCEPTIONS-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NO-EXCEPTIONS: if.then:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 100)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END]]
				// CHECK-NO-EXCEPTIONS: if.end:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-NO-EXCEPTIONS: if.then2:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 300)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END3]]
				// CHECK-NO-EXCEPTIONS: if.end3:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END6:%.]]
				// CHECK-NO-EXCEPTIONS: if.then5:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 500)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END6]]
				// CHECK-NO-EXCEPTIONS: if.end6:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP3:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP7:%.*]] = icmp eq i32 [[TMP3]], 5
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP7]], label [[IF_THEN8:%.]], label [[IF_END9:%.]]
				// CHECK-NO-EXCEPTIONS: if.then8:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 900)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END9]]
				// CHECK-NO-EXCEPTIONS: if.end9:
				// CHECK-NO-EXCEPTIONS-NEXT: ret void
				//
				// CHECK-NOSANITIZE: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-NOSANITIZE-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-NOSANITIZE-SAME: (i32 noundef [[X:%.*]]) #[[ATTR4:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-NOSANITIZE-NEXT: entry:
				// CHECK-NOSANITIZE-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-NOSANITIZE-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NOSANITIZE: if.then:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 100)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END]]
				// CHECK-NOSANITIZE: if.end:
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-NOSANITIZE: if.then2:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 300)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT3:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: invoke.cont3:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END4]]
				// CHECK-NOSANITIZE: if.end4:
				// CHECK-NOSANITIZE-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END9:%.]]
				// CHECK-NOSANITIZE: if.then6:
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont7:
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-NOSANITIZE: lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH:%.*]]
				// CHECK-NOSANITIZE: catch:
				// CHECK-NOSANITIZE-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT8:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: invoke.cont8:
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_rethrow() #[[ATTR8]]
				// CHECK-NOSANITIZE-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: try.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END9]]
				// CHECK-NOSANITIZE: if.end9:
				// CHECK-NOSANITIZE-NEXT: [[TMP7:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP7]], 5
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END18:%.]]
				// CHECK-NOSANITIZE: if.then11:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-NOSANITIZE: invoke.cont13:
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT17:%.*]]
				// CHECK-NOSANITIZE: lpad12:
				// CHECK-NOSANITIZE-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr @_ZTIi
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-NOSANITIZE: catch.dispatch:
				// CHECK-NOSANITIZE-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP11:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP11]]
				// CHECK-NOSANITIZE-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.]], label [[TERMINATE_HANDLER:%.]]
				// CHECK-NOSANITIZE: catch14:
				// CHECK-NOSANITIZE-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP12:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP13:%.*]] = load i32, ptr [[TMP12]], align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP13]], ptr [[X15]], align 4
				// CHECK-NOSANITIZE-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP14:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP14]], ptr [[EXCEPTION]], align 16
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR8]]
				// CHECK-NOSANITIZE-NEXT: to label [[UNREACHABLE]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: try.cont17:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END18]]
				// CHECK-NOSANITIZE: if.end18:
				// CHECK-NOSANITIZE-NEXT: ret void
				// CHECK-NOSANITIZE: terminate.lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP15:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP16:%.*]] = extractvalue { ptr, i32 } [[TMP15]], 0
				// CHECK-NOSANITIZE-NEXT: call void @__clang_call_terminate(ptr [[TMP16]]) #[[ATTR9:[0-9]+]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: terminate.handler:
				// CHECK-NOSANITIZE-NEXT: [[EXN19:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: call void @__clang_call_terminate(ptr [[EXN19]]) #[[ATTR9]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: unreachable:
				// CHECK-NOSANITIZE-NEXT: unreachable
				//
				// CHECK-SANITIZE-NORECOVER: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-SANITIZE-NORECOVER-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-SANITIZE-NORECOVER-SAME: (i32 noundef [[X:%.*]]) #[[ATTR5:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-NORECOVER-NEXT: entry:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 100)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-NORECOVER: if.end:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then2:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 300)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT3:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont3:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END4]]
				// CHECK-SANITIZE-NORECOVER: if.end4:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END9:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then6:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont7:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: catch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT8:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont8:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_rethrow() #[[ATTR10]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: try.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END9]]
				// CHECK-SANITIZE-NORECOVER: if.end9:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP7:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP7]], 5
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END18:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then11:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont13:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT17:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad12:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr @_ZTIi
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: catch.dispatch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP11:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP11]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.]], label [[TERMINATE_HANDLER:%.]]
				// CHECK-SANITIZE-NORECOVER: catch14:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP12:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP13:%.*]] = load i32, ptr [[TMP12]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP13]], ptr [[X15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP14:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP14]], ptr [[EXCEPTION]], align 16
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR10]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: try.cont17:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END18]]
				// CHECK-SANITIZE-NORECOVER: if.end18:
				// CHECK-SANITIZE-NORECOVER-NEXT: ret void
				// CHECK-SANITIZE-NORECOVER: terminate.lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP15:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP16:%.*]] = extractvalue { ptr, i32 } [[TMP15]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__clang_call_terminate(ptr [[TMP16]]) #[[ATTR8]]
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: terminate.handler:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN19:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__clang_call_terminate(ptr [[EXN19]]) #[[ATTR8]]
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: unreachable:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				//
				// CHECK-SANITIZE-TRAP: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-SANITIZE-TRAP-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-SANITIZE-TRAP-SAME: (i32 noundef [[X:%.*]]) #[[ATTR5:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-TRAP-NEXT: entry:
				// CHECK-SANITIZE-TRAP-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-TRAP: if.then:
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 100)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-TRAP: if.end:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-SANITIZE-TRAP: if.then2:
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 300)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT3:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-TRAP: invoke.cont3:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END4]]
				// CHECK-SANITIZE-TRAP: if.end4:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END9:%.]]
				// CHECK-SANITIZE-TRAP: if.then6:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont7:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-TRAP: lpad:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-TRAP: catch:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT8:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-TRAP: invoke.cont8:
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_rethrow() #[[ATTR10]]
				// CHECK-SANITIZE-TRAP-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-TRAP: try.cont:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END9]]
				// CHECK-SANITIZE-TRAP: if.end9:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP7:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP7]], 5
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END18:%.]]
				// CHECK-SANITIZE-TRAP: if.then11:
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont13:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[TRY_CONT17:%.*]]
				// CHECK-SANITIZE-TRAP: lpad12:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr @_ZTIi
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-SANITIZE-TRAP: catch.dispatch:
				// CHECK-SANITIZE-TRAP-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP11:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP11]]
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.]], label [[TERMINATE_HANDLER:%.]]
				// CHECK-SANITIZE-TRAP: catch14:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP12:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP13:%.*]] = load i32, ptr [[TMP12]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP13]], ptr [[X15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP14:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP14]], ptr [[EXCEPTION]], align 16
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR10]]
				// CHECK-SANITIZE-TRAP-NEXT: to label [[UNREACHABLE]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-TRAP: try.cont17:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END18]]
				// CHECK-SANITIZE-TRAP: if.end18:
				// CHECK-SANITIZE-TRAP-NEXT: ret void
				// CHECK-SANITIZE-TRAP: terminate.lpad:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP15:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP16:%.*]] = extractvalue { ptr, i32 } [[TMP15]], 0
				// CHECK-SANITIZE-TRAP-NEXT: call void @__clang_call_terminate(ptr [[TMP16]]) #[[ATTR8]]
				// CHECK-SANITIZE-TRAP-NEXT: unreachable
				// CHECK-SANITIZE-TRAP: terminate.handler:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN19:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: call void @__clang_call_terminate(ptr [[EXN19]]) #[[ATTR8]]
				// CHECK-SANITIZE-TRAP-NEXT: unreachable
				// CHECK-SANITIZE-TRAP: unreachable:
				// CHECK-SANITIZE-TRAP-NEXT: unreachable
				//
				void exception_escape_is_program_termination(int x) noexcept {
				if (x == 2) {
				#line 100
				will_throw();
				}
				#line 200
				will_not_throw();
				if (x == 3) {
				#line 300
				will_throw();
				}
				if (x == 4) {
				try {
				#line 400
				will_not_throw();
				#line 500
				will_throw();
				} catch (...) {
				#line 600
				will_not_throw();
				#line 700
				might_throw();
				#line 800
				throw;
				}
				}
				if (x == 5) {
				try {
				#line 900
				will_throw();
				} catch (int x) {
				#line 1000
				throw x;
				}
				}
				}

				// CHECK-NO-EXCEPTIONS: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-NO-EXCEPTIONS-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-NO-EXCEPTIONS-SAME: (i32 noundef [[X:%.*]]) #[[ATTR3]] {
				// CHECK-NO-EXCEPTIONS-NEXT: entry:
				// CHECK-NO-EXCEPTIONS-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NO-EXCEPTIONS-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NO-EXCEPTIONS: if.then:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 100)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END]]
				// CHECK-NO-EXCEPTIONS: if.end:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-NO-EXCEPTIONS: if.then2:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 300)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END3]]
				// CHECK-NO-EXCEPTIONS: if.end3:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END6:%.]]
				// CHECK-NO-EXCEPTIONS: if.then5:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 500)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END6]]
				// CHECK-NO-EXCEPTIONS: if.end6:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP3:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP7:%.*]] = icmp eq i32 [[TMP3]], 5
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP7]], label [[IF_THEN8:%.]], label [[IF_END9:%.]]
				// CHECK-NO-EXCEPTIONS: if.then8:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 900)
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END9]]
				// CHECK-NO-EXCEPTIONS: if.end9:
				// CHECK-NO-EXCEPTIONS-NEXT: ret void
				//
				// CHECK-NOSANITIZE: Function Attrs: mustprogress noinline optnone
				// CHECK-NOSANITIZE-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-NOSANITIZE-SAME: (i32 noundef [[X:%.*]]) #[[ATTR6:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-NOSANITIZE-NEXT: entry:
				// CHECK-NOSANITIZE-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-NOSANITIZE-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NOSANITIZE: if.then:
				// CHECK-NOSANITIZE-NEXT: call void @_Z10will_throwi(i32 noundef 100)
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END]]
				// CHECK-NOSANITIZE: if.end:
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-NOSANITIZE: if.then2:
				// CHECK-NOSANITIZE-NEXT: call void @_Z10will_throwi(i32 noundef 300)
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END3]]
				// CHECK-NOSANITIZE: if.end3:
				// CHECK-NOSANITIZE-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END9:%.]]
				// CHECK-NOSANITIZE: if.then5:
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-NOSANITIZE: lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH:%.*]]
				// CHECK-NOSANITIZE: catch:
				// CHECK-NOSANITIZE-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-NOSANITIZE: invoke.cont7:
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_rethrow() #[[ATTR8]]
				// CHECK-NOSANITIZE-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[LPAD6]]
				// CHECK-NOSANITIZE: lpad6:
				// CHECK-NOSANITIZE-NEXT: [[TMP7:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: cleanup
				// CHECK-NOSANITIZE-NEXT: [[TMP8:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP8]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP9]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_end_catch()
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT8:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont8:
				// CHECK-NOSANITIZE-NEXT: br label [[EH_RESUME:%.*]]
				// CHECK-NOSANITIZE: try.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END9]]
				// CHECK-NOSANITIZE: if.end9:
				// CHECK-NOSANITIZE-NEXT: [[TMP10:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP10]], 5
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END19:%.]]
				// CHECK-NOSANITIZE: if.then11:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-NOSANITIZE: invoke.cont13:
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT18:%.*]]
				// CHECK-NOSANITIZE: lpad12:
				// CHECK-NOSANITIZE-NEXT: [[TMP11:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr @_ZTIi
				// CHECK-NOSANITIZE-NEXT: [[TMP12:%.*]] = extractvalue { ptr, i32 } [[TMP11]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP12]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP13:%.*]] = extractvalue { ptr, i32 } [[TMP11]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP13]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-NOSANITIZE: catch.dispatch:
				// CHECK-NOSANITIZE-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP14:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP14]]
				// CHECK-NOSANITIZE-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.*]], label [[EH_RESUME]]
				// CHECK-NOSANITIZE: catch14:
				// CHECK-NOSANITIZE-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP15:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP16:%.*]] = load i32, ptr [[TMP15]], align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP16]], ptr [[X15]], align 4
				// CHECK-NOSANITIZE-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: [[TMP17:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP17]], ptr [[EXCEPTION]], align 16
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR8]]
				// CHECK-NOSANITIZE-NEXT: to label [[UNREACHABLE]] unwind label [[LPAD17:%.*]]
				// CHECK-NOSANITIZE: lpad17:
				// CHECK-NOSANITIZE-NEXT: [[TMP18:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: cleanup
				// CHECK-NOSANITIZE-NEXT: [[TMP19:%.*]] = extractvalue { ptr, i32 } [[TMP18]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP19]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP20:%.*]] = extractvalue { ptr, i32 } [[TMP18]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP20]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: call void @__cxa_end_catch() #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: br label [[EH_RESUME]]
				// CHECK-NOSANITIZE: try.cont18:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END19]]
				// CHECK-NOSANITIZE: if.end19:
				// CHECK-NOSANITIZE-NEXT: ret void
				// CHECK-NOSANITIZE: eh.resume:
				// CHECK-NOSANITIZE-NEXT: [[EXN20:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[SEL21:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: [[LPAD_VAL:%.*]] = insertvalue { ptr, i32 } undef, ptr [[EXN20]], 0
				// CHECK-NOSANITIZE-NEXT: [[LPAD_VAL22:%.*]] = insertvalue { ptr, i32 } [[LPAD_VAL]], i32 [[SEL21]], 1
				// CHECK-NOSANITIZE-NEXT: resume { ptr, i32 } [[LPAD_VAL22]]
				// CHECK-NOSANITIZE: terminate.lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP21:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP22:%.*]] = extractvalue { ptr, i32 } [[TMP21]], 0
				// CHECK-NOSANITIZE-NEXT: call void @__clang_call_terminate(ptr [[TMP22]]) #[[ATTR9]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: unreachable:
				// CHECK-NOSANITIZE-NEXT: unreachable
				//
				// CHECK-SANITIZE-NORECOVER: Function Attrs: mustprogress noinline optnone
				// CHECK-SANITIZE-NORECOVER-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-SANITIZE-NORECOVER-SAME: (i32 noundef [[X:%.*]]) #[[ATTR7:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-NORECOVER-NEXT: entry:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z10will_throwi(i32 noundef 100)
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-NORECOVER: if.end:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then2:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z10will_throwi(i32 noundef 300)
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END3]]
				// CHECK-SANITIZE-NORECOVER: if.end3:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END9:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then5:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: catch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont7:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_rethrow() #[[ATTR10]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[LPAD6]]
				// CHECK-SANITIZE-NORECOVER: lpad6:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP7:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: cleanup
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP8:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP8]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP9]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_end_catch()
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT8:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont8:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EH_RESUME:%.*]]
				// CHECK-SANITIZE-NORECOVER: try.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END9]]
				// CHECK-SANITIZE-NORECOVER: if.end9:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP10:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP10]], 5
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END19:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then11:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont13:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT18:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad12:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP11:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr @_ZTIi
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP12:%.*]] = extractvalue { ptr, i32 } [[TMP11]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP12]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP13:%.*]] = extractvalue { ptr, i32 } [[TMP11]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP13]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: catch.dispatch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP14:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP14]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.*]], label [[EH_RESUME]]
				// CHECK-SANITIZE-NORECOVER: catch14:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP15:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP16:%.*]] = load i32, ptr [[TMP15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP16]], ptr [[X15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP17:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP17]], ptr [[EXCEPTION]], align 16
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR10]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE]] unwind label [[LPAD17:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad17:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP18:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: cleanup
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP19:%.*]] = extractvalue { ptr, i32 } [[TMP18]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP19]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP20:%.*]] = extractvalue { ptr, i32 } [[TMP18]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP20]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__cxa_end_catch() #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EH_RESUME]]
				// CHECK-SANITIZE-NORECOVER: try.cont18:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END19]]
				// CHECK-SANITIZE-NORECOVER: if.end19:
				// CHECK-SANITIZE-NORECOVER-NEXT: ret void
				// CHECK-SANITIZE-NORECOVER: eh.resume:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN20:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[SEL21:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[LPAD_VAL:%.*]] = insertvalue { ptr, i32 } undef, ptr [[EXN20]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: [[LPAD_VAL22:%.*]] = insertvalue { ptr, i32 } [[LPAD_VAL]], i32 [[SEL21]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: resume { ptr, i32 } [[LPAD_VAL22]]
				// CHECK-SANITIZE-NORECOVER: terminate.lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP21:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP22:%.*]] = extractvalue { ptr, i32 } [[TMP21]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__clang_call_terminate(ptr [[TMP22]]) #[[ATTR8]]
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: unreachable:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				//
				// CHECK-SANITIZE-TRAP: Function Attrs: mustprogress noinline optnone
				// CHECK-SANITIZE-TRAP-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-SANITIZE-TRAP-SAME: (i32 noundef [[X:%.*]]) #[[ATTR7:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-TRAP-NEXT: entry:
				// CHECK-SANITIZE-TRAP-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[X15:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 2
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-TRAP: if.then:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z10will_throwi(i32 noundef 100)
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-TRAP: if.end:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 200) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 3
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END3:%.]]
				// CHECK-SANITIZE-TRAP: if.then2:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z10will_throwi(i32 noundef 300)
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END3]]
				// CHECK-SANITIZE-TRAP: if.end3:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP4:%.*]] = icmp eq i32 [[TMP2]], 4
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP4]], label [[IF_THEN5:%.]], label [[IF_END9:%.]]
				// CHECK-SANITIZE-TRAP: if.then5:
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 400) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 500)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-TRAP: lpad:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP3:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP4]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP3]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP5]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-TRAP: catch:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP6:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: call void @_Z14will_not_throwi(i32 noundef 600) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z11might_throwi(i32 noundef 700)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont7:
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_rethrow() #[[ATTR10]]
				// CHECK-SANITIZE-TRAP-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[LPAD6]]
				// CHECK-SANITIZE-TRAP: lpad6:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP7:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: cleanup
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP8:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP8]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP9]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_end_catch()
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT8:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont8:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[EH_RESUME:%.*]]
				// CHECK-SANITIZE-TRAP: try.cont:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END9]]
				// CHECK-SANITIZE-TRAP: if.end9:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP10:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[CMP10:%.*]] = icmp eq i32 [[TMP10]], 5
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[CMP10]], label [[IF_THEN11:%.]], label [[IF_END19:%.]]
				// CHECK-SANITIZE-TRAP: if.then11:
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @_Z10will_throwi(i32 noundef 900)
				// CHECK-SANITIZE-TRAP-NEXT: to label [[INVOKE_CONT13:%.]] unwind label [[LPAD12:%.]]
				// CHECK-SANITIZE-TRAP: invoke.cont13:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[TRY_CONT18:%.*]]
				// CHECK-SANITIZE-TRAP: lpad12:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP11:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr @_ZTIi
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP12:%.*]] = extractvalue { ptr, i32 } [[TMP11]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP12]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP13:%.*]] = extractvalue { ptr, i32 } [[TMP11]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP13]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: br label [[CATCH_DISPATCH:%.*]]
				// CHECK-SANITIZE-TRAP: catch.dispatch:
				// CHECK-SANITIZE-TRAP-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP14:%.*]] = call i32 @llvm.eh.typeid.for(ptr @_ZTIi) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[MATCHES:%.*]] = icmp eq i32 [[SEL]], [[TMP14]]
				// CHECK-SANITIZE-TRAP-NEXT: br i1 [[MATCHES]], label [[CATCH14:%.*]], label [[EH_RESUME]]
				// CHECK-SANITIZE-TRAP: catch14:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN16:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP15:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN16]]) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP16:%.*]] = load i32, ptr [[TMP15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP16]], ptr [[X15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[EXCEPTION:%.*]] = call ptr @__cxa_allocate_exception(i64 4) #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP17:%.*]] = load i32, ptr [[X15]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP17]], ptr [[EXCEPTION]], align 16
				// CHECK-SANITIZE-TRAP-NEXT: invoke void @__cxa_throw(ptr [[EXCEPTION]], ptr @_ZTIi, ptr null) #[[ATTR10]]
				// CHECK-SANITIZE-TRAP-NEXT: to label [[UNREACHABLE]] unwind label [[LPAD17:%.*]]
				// CHECK-SANITIZE-TRAP: lpad17:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP18:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: cleanup
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP19:%.*]] = extractvalue { ptr, i32 } [[TMP18]], 0
				// CHECK-SANITIZE-TRAP-NEXT: store ptr [[TMP19]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP20:%.*]] = extractvalue { ptr, i32 } [[TMP18]], 1
				// CHECK-SANITIZE-TRAP-NEXT: store i32 [[TMP20]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: call void @__cxa_end_catch() #[[ATTR9]]
				// CHECK-SANITIZE-TRAP-NEXT: br label [[EH_RESUME]]
				// CHECK-SANITIZE-TRAP: try.cont18:
				// CHECK-SANITIZE-TRAP-NEXT: br label [[IF_END19]]
				// CHECK-SANITIZE-TRAP: if.end19:
				// CHECK-SANITIZE-TRAP-NEXT: ret void
				// CHECK-SANITIZE-TRAP: eh.resume:
				// CHECK-SANITIZE-TRAP-NEXT: [[EXN20:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-TRAP-NEXT: [[SEL21:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-TRAP-NEXT: [[LPAD_VAL:%.*]] = insertvalue { ptr, i32 } undef, ptr [[EXN20]], 0
				// CHECK-SANITIZE-TRAP-NEXT: [[LPAD_VAL22:%.*]] = insertvalue { ptr, i32 } [[LPAD_VAL]], i32 [[SEL21]], 1
				// CHECK-SANITIZE-TRAP-NEXT: resume { ptr, i32 } [[LPAD_VAL22]]
				// CHECK-SANITIZE-TRAP: terminate.lpad:
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP21:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-TRAP-NEXT: catch ptr null
				// CHECK-SANITIZE-TRAP-NEXT: [[TMP22:%.*]] = extractvalue { ptr, i32 } [[TMP21]], 0
				// CHECK-SANITIZE-TRAP-NEXT: call void @__clang_call_terminate(ptr [[TMP22]]) #[[ATTR8]]
				// CHECK-SANITIZE-TRAP-NEXT: unreachable
				// CHECK-SANITIZE-TRAP: unreachable:
				// CHECK-SANITIZE-TRAP-NEXT: unreachable
				//
				void exception_escape_is_ok(int x) {
				if (x == 2) {
				#line 100
				will_throw();
				}
				#line 200
				will_not_throw();
				if (x == 3) {
				#line 300
				will_throw();
				}
				if (x == 4) {
				try {
				#line 400
				will_not_throw();
				#line 500
				will_throw();
				} catch (...) {
				#line 600
				will_not_throw();
				#line 700
				might_throw();
				#line 800
				throw;
				}
				}
				if (x == 5) {
				try {
				#line 900
				will_throw();
				} catch (int x) {
				#line 1000
				throw x;
				}
				}
				}

clang/test/CodeGenCXX/exception-escape-as-ub-cleanups.cpp

This file was added.

				// NOTE: Assertions have been autogenerated by utils/update_cc_test_checks.py UTC_ARGS: --function-signature --check-attributes --check-globals
				// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-NO-EXCEPTIONS
				// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu -fexceptions -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-NOSANITIZE
				// RUN: %clang_cc1 -fsanitize=exception-escape -emit-llvm %s -o - -triple x86_64-linux-gnu -fexceptions -fcxx-exceptions \| FileCheck %s --check-prefixes=CHECK-SANITIZE-NORECOVER

				void will_throw(int line = __builtin_LINE());
				void might_throw(int line = __builtin_LINE());
				void will_not_throw(int line = __builtin_LINE()) noexcept;

				struct S {
				S(int line = __builtin_LINE());
				~S();
				};

				// CHECK-NO-EXCEPTIONS: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-NO-EXCEPTIONS-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-NO-EXCEPTIONS-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] {
				// CHECK-NO-EXCEPTIONS-NEXT: entry:
				// CHECK-NO-EXCEPTIONS-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE3:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE7:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NO-EXCEPTIONS: if.then:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100) #[[ATTR4:[0-9]+]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z11might_throwi(i32 noundef 200) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END]]
				// CHECK-NO-EXCEPTIONS: if.end:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 1
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-NO-EXCEPTIONS: if.then2:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]], i32 noundef 300)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z11might_throwi(i32 noundef 400)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END4]]
				// CHECK-NO-EXCEPTIONS: if.end4:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 2
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END8:%.]]
				// CHECK-NO-EXCEPTIONS: if.then6:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE7]], i32 noundef 600) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 700) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE7]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END8]]
				// CHECK-NO-EXCEPTIONS: if.end8:
				// CHECK-NO-EXCEPTIONS-NEXT: ret void
				//
				// CHECK-NOSANITIZE: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-NOSANITIZE-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-NOSANITIZE-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-NOSANITIZE-NEXT: entry:
				// CHECK-NOSANITIZE-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-NOSANITIZE-NEXT: [[STATE3:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NOSANITIZE-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-NOSANITIZE-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[STATE9:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NOSANITIZE: if.then:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100) #[[ATTR6:[0-9]+]]
				// CHECK-NOSANITIZE-NEXT: call void @_Z11might_throwi(i32 noundef 200) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END]]
				// CHECK-NOSANITIZE: if.end:
				// CHECK-NOSANITIZE-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 1
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END6:%.]]
				// CHECK-NOSANITIZE: if.then2:
				// CHECK-NOSANITIZE-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]], i32 noundef 300)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 400)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT5:%.]] unwind label [[LPAD4:%.]]
				// CHECK-NOSANITIZE: invoke.cont5:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-NOSANITIZE: lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP2:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP3:%.*]] = extractvalue { ptr, i32 } [[TMP2]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP3]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP2]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP4]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH:%.*]]
				// CHECK-NOSANITIZE: lpad4:
				// CHECK-NOSANITIZE-NEXT: [[TMP5:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP6]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP7:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP7]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH]]
				// CHECK-NOSANITIZE: catch:
				// CHECK-NOSANITIZE-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP8:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: call void @__cxa_rethrow() #[[ATTR7:[0-9]+]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: try.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END6]]
				// CHECK-NOSANITIZE: if.end6:
				// CHECK-NOSANITIZE-NEXT: [[TMP9:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP7:%.*]] = icmp eq i32 [[TMP9]], 2
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP7]], label [[IF_THEN8:%.]], label [[IF_END10:%.]]
				// CHECK-NOSANITIZE: if.then8:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE9]], i32 noundef 600) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: call void @_Z10will_throwi(i32 noundef 700) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE9]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END10]]
				// CHECK-NOSANITIZE: if.end10:
				// CHECK-NOSANITIZE-NEXT: ret void
				//
				// CHECK-SANITIZE-NORECOVER: Function Attrs: mustprogress noinline nounwind optnone willreturn memory(read)
				// CHECK-SANITIZE-NORECOVER-LABEL: define {{[^@]+}}@_Z30footgun_exception_escape_is_ubi
				// CHECK-SANITIZE-NORECOVER-SAME: (i32 noundef [[X:%.*]]) #[[ATTR0:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-NORECOVER-NEXT: entry:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[INVOKE_SRCLOC:%.*]] = alloca { ptr, i32, i32 }, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP:%.*]] = alloca { ptr, i32, i32 }, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE4:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE11:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 100, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[EXCEPTION_ESCAPE_LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 200, i32 5 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 200)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT1:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont1:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR7:[0-9]+]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-NORECOVER: handler.exception_escape:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } [[CURR_INVOKE_SRCLOC:%.*]], ptr [[TMP]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP1:%.*]] = ptrtoint ptr [[TMP]] to i64, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP2:%.]] = ptrtoint ptr [[EXN15:%.]] to i64, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_exception_escape(i64 [[TMP1]], i64 [[TMP2]]) #[[ATTR8:[0-9]+]], !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: if.end:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP3:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP2:%.*]] = icmp eq i32 [[TMP3]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP2]], label [[IF_THEN3:%.]], label [[IF_END8:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then3:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 300, i32 9 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]], i32 noundef 300)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT5:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont5:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 400, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 400)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont7:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP4:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP5:%.*]] = extractvalue { ptr, i32 } [[TMP4]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP5]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP4]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP6]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad6:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP7:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP8:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP8]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP7]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP9]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH]]
				// CHECK-SANITIZE-NORECOVER: catch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP10:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 500, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_rethrow() #[[ATTR9:[0-9]+]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: try.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END8]]
				// CHECK-SANITIZE-NORECOVER: if.end8:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP11:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP9:%.*]] = icmp eq i32 [[TMP11]], 2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP9]], label [[IF_THEN10:%.]], label [[IF_END14:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then10:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 600, i32 7 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE11]], i32 noundef 600)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT12:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont12:
				// CHECK-SANITIZE-NORECOVER-NEXT: store { ptr, i32, i32 } { ptr @.src, i32 700, i32 5 }, ptr [[INVOKE_SRCLOC]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 700)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT13:%.*]] unwind label [[EXCEPTION_ESCAPE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont13:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE11]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END14]]
				// CHECK-SANITIZE-NORECOVER: if.end14:
				// CHECK-SANITIZE-NORECOVER-NEXT: ret void
				// CHECK-SANITIZE-NORECOVER: unreachable:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: exception-escape.sanitization:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN15]] = load ptr, ptr [[EXN_SLOT]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CURR_INVOKE_SRCLOC]] = load { ptr, i32, i32 }, ptr [[INVOKE_SRCLOC]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 false, label [[CONT:%.]], label [[HANDLER_EXCEPTION_ESCAPE:%.]], !prof [[PROF3:![0-9]+]], !nosanitize !2
				// CHECK-SANITIZE-NORECOVER: exception-escape.lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP12:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP13:%.*]] = extractvalue { ptr, i32 } [[TMP12]], 0, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP13]], ptr [[EXN_SLOT]], align 8, !nosanitize !2
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EXCEPTION_ESCAPE_SANITIZATION:%.*]], !nosanitize !2
				//
				void __attribute__((pure)) footgun_exception_escape_is_ub(int x) {
				if(x == 0) {
				#line 100
				S state;
				#line 200
				might_throw();
				}
				if(x == 1) {
				try {
				#line 300
				S state;
				#line 400
				might_throw();
				} catch (...) {
				#line 500
				throw;
				}
				}
				if(x == 2) {
				#line 600
				S state;
				#line 700
				will_throw();
				}
				}

				// CHECK-NO-EXCEPTIONS: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-NO-EXCEPTIONS-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-NO-EXCEPTIONS-SAME: (i32 noundef [[X:%.*]]) #[[ATTR3:[0-9]+]] {
				// CHECK-NO-EXCEPTIONS-NEXT: entry:
				// CHECK-NO-EXCEPTIONS-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE3:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE7:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NO-EXCEPTIONS: if.then:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z11might_throwi(i32 noundef 200)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END]]
				// CHECK-NO-EXCEPTIONS: if.end:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 1
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-NO-EXCEPTIONS: if.then2:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]], i32 noundef 300)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z11might_throwi(i32 noundef 400)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END4]]
				// CHECK-NO-EXCEPTIONS: if.end4:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 2
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END8:%.]]
				// CHECK-NO-EXCEPTIONS: if.then6:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE7]], i32 noundef 600)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 700)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE7]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END8]]
				// CHECK-NO-EXCEPTIONS: if.end8:
				// CHECK-NO-EXCEPTIONS-NEXT: ret void
				//
				// CHECK-NOSANITIZE: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-NOSANITIZE-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-NOSANITIZE-SAME: (i32 noundef [[X:%.*]]) #[[ATTR3:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-NOSANITIZE-NEXT: entry:
				// CHECK-NOSANITIZE-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-NOSANITIZE-NEXT: [[STATE4:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NOSANITIZE-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-NOSANITIZE-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[STATE11:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NOSANITIZE: if.then:
				// CHECK-NOSANITIZE-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 200)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT1:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: invoke.cont1:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END]]
				// CHECK-NOSANITIZE: if.end:
				// CHECK-NOSANITIZE-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP2:%.*]] = icmp eq i32 [[TMP1]], 1
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP2]], label [[IF_THEN3:%.]], label [[IF_END8:%.]]
				// CHECK-NOSANITIZE: if.then3:
				// CHECK-NOSANITIZE-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]], i32 noundef 300)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT5:%.]] unwind label [[LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont5:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 400)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-NOSANITIZE: invoke.cont7:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-NOSANITIZE: lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP2:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP3:%.*]] = extractvalue { ptr, i32 } [[TMP2]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP3]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP2]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP4]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH:%.*]]
				// CHECK-NOSANITIZE: lpad6:
				// CHECK-NOSANITIZE-NEXT: [[TMP5:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP6]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP7:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP7]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH]]
				// CHECK-NOSANITIZE: catch:
				// CHECK-NOSANITIZE-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP8:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_rethrow() #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: try.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END8]]
				// CHECK-NOSANITIZE: if.end8:
				// CHECK-NOSANITIZE-NEXT: [[TMP9:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP9:%.*]] = icmp eq i32 [[TMP9]], 2
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP9]], label [[IF_THEN10:%.]], label [[IF_END14:%.]]
				// CHECK-NOSANITIZE: if.then10:
				// CHECK-NOSANITIZE-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE11]], i32 noundef 600)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT12:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: invoke.cont12:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 700)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT13:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-NOSANITIZE: invoke.cont13:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE11]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END14]]
				// CHECK-NOSANITIZE: if.end14:
				// CHECK-NOSANITIZE-NEXT: ret void
				// CHECK-NOSANITIZE: terminate.lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP10:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP11:%.*]] = extractvalue { ptr, i32 } [[TMP10]], 0
				// CHECK-NOSANITIZE-NEXT: call void @__clang_call_terminate(ptr [[TMP11]]) #[[ATTR8:[0-9]+]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: unreachable:
				// CHECK-NOSANITIZE-NEXT: unreachable
				//
				// CHECK-SANITIZE-NORECOVER: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-SANITIZE-NORECOVER-LABEL: define {{[^@]+}}@_Z39exception_escape_is_program_terminationi
				// CHECK-SANITIZE-NORECOVER-SAME: (i32 noundef [[X:%.*]]) #[[ATTR4:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-NORECOVER-NEXT: entry:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE4:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE11:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 200)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT1:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont1:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-NORECOVER: if.end:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP2:%.*]] = icmp eq i32 [[TMP1]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP2]], label [[IF_THEN3:%.]], label [[IF_END8:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then3:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]], i32 noundef 300)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT5:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont5:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 400)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont7:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP2:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP3:%.*]] = extractvalue { ptr, i32 } [[TMP2]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP3]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP4:%.*]] = extractvalue { ptr, i32 } [[TMP2]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP4]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad6:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP5:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP6]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP7:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP7]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE4]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH]]
				// CHECK-SANITIZE-NORECOVER: catch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP8:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_rethrow() #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: try.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END8]]
				// CHECK-SANITIZE-NORECOVER: if.end8:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP9:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP9:%.*]] = icmp eq i32 [[TMP9]], 2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP9]], label [[IF_THEN10:%.]], label [[IF_END14:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then10:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE11]], i32 noundef 600)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT12:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont12:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 700)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT13:%.*]] unwind label [[TERMINATE_LPAD]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont13:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE11]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END14]]
				// CHECK-SANITIZE-NORECOVER: if.end14:
				// CHECK-SANITIZE-NORECOVER-NEXT: ret void
				// CHECK-SANITIZE-NORECOVER: terminate.lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP10:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP11:%.*]] = extractvalue { ptr, i32 } [[TMP10]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__clang_call_terminate(ptr [[TMP11]]) #[[ATTR8]]
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: unreachable:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				//
				void exception_escape_is_program_termination(int x) noexcept {
				if(x == 0) {
				#line 100
				S state;
				#line 200
				might_throw();
				}
				if(x == 1) {
				try {
				#line 300
				S state;
				#line 400
				might_throw();
				} catch (...) {
				#line 500
				throw;
				}
				}
				if(x == 2) {
				#line 600
				S state;
				#line 700
				will_throw();
				}
				}

				// CHECK-NO-EXCEPTIONS: Function Attrs: mustprogress noinline nounwind optnone
				// CHECK-NO-EXCEPTIONS-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-NO-EXCEPTIONS-SAME: (i32 noundef [[X:%.*]]) #[[ATTR3]] {
				// CHECK-NO-EXCEPTIONS-NEXT: entry:
				// CHECK-NO-EXCEPTIONS-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE3:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: [[STATE7:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NO-EXCEPTIONS-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NO-EXCEPTIONS: if.then:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z11might_throwi(i32 noundef 200)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END]]
				// CHECK-NO-EXCEPTIONS: if.end:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP1:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP1]], 1
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END4:%.]]
				// CHECK-NO-EXCEPTIONS: if.then2:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]], i32 noundef 300)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z11might_throwi(i32 noundef 400)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END4]]
				// CHECK-NO-EXCEPTIONS: if.end4:
				// CHECK-NO-EXCEPTIONS-NEXT: [[TMP2:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NO-EXCEPTIONS-NEXT: [[CMP5:%.*]] = icmp eq i32 [[TMP2]], 2
				// CHECK-NO-EXCEPTIONS-NEXT: br i1 [[CMP5]], label [[IF_THEN6:%.]], label [[IF_END8:%.]]
				// CHECK-NO-EXCEPTIONS: if.then6:
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE7]], i32 noundef 600)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_Z10will_throwi(i32 noundef 700)
				// CHECK-NO-EXCEPTIONS-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE7]]) #[[ATTR4]]
				// CHECK-NO-EXCEPTIONS-NEXT: br label [[IF_END8]]
				// CHECK-NO-EXCEPTIONS: if.end8:
				// CHECK-NO-EXCEPTIONS-NEXT: ret void
				//
				// CHECK-NOSANITIZE: Function Attrs: mustprogress noinline optnone
				// CHECK-NOSANITIZE-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-NOSANITIZE-SAME: (i32 noundef [[X:%.*]]) #[[ATTR5:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-NOSANITIZE-NEXT: entry:
				// CHECK-NOSANITIZE-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-NOSANITIZE-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-NOSANITIZE-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-NOSANITIZE-NEXT: [[STATE3:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NOSANITIZE-NEXT: [[STATE13:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-NOSANITIZE: if.then:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 200)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END]]
				// CHECK-NOSANITIZE: lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP1:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: cleanup
				// CHECK-NOSANITIZE-NEXT: [[TMP2:%.*]] = extractvalue { ptr, i32 } [[TMP1]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP2]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP3:%.*]] = extractvalue { ptr, i32 } [[TMP1]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP3]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[EH_RESUME:%.*]]
				// CHECK-NOSANITIZE: if.end:
				// CHECK-NOSANITIZE-NEXT: [[TMP4:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP4]], 1
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END10:%.]]
				// CHECK-NOSANITIZE: if.then2:
				// CHECK-NOSANITIZE-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]], i32 noundef 300)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT5:%.]] unwind label [[LPAD4:%.]]
				// CHECK-NOSANITIZE: invoke.cont5:
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z11might_throwi(i32 noundef 400)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-NOSANITIZE: invoke.cont7:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-NOSANITIZE: lpad4:
				// CHECK-NOSANITIZE-NEXT: [[TMP5:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP6]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP7:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP7]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH:%.*]]
				// CHECK-NOSANITIZE: lpad6:
				// CHECK-NOSANITIZE-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[CATCH]]
				// CHECK-NOSANITIZE: catch:
				// CHECK-NOSANITIZE-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP11:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_rethrow() #[[ATTR7]]
				// CHECK-NOSANITIZE-NEXT: to label [[UNREACHABLE:%.]] unwind label [[LPAD8:%.]]
				// CHECK-NOSANITIZE: lpad8:
				// CHECK-NOSANITIZE-NEXT: [[TMP12:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: cleanup
				// CHECK-NOSANITIZE-NEXT: [[TMP13:%.*]] = extractvalue { ptr, i32 } [[TMP12]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP13]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP14:%.*]] = extractvalue { ptr, i32 } [[TMP12]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP14]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: invoke void @__cxa_end_catch()
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT9:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-NOSANITIZE: invoke.cont9:
				// CHECK-NOSANITIZE-NEXT: br label [[EH_RESUME]]
				// CHECK-NOSANITIZE: try.cont:
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END10]]
				// CHECK-NOSANITIZE: if.end10:
				// CHECK-NOSANITIZE-NEXT: [[TMP15:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-NOSANITIZE-NEXT: [[CMP11:%.*]] = icmp eq i32 [[TMP15]], 2
				// CHECK-NOSANITIZE-NEXT: br i1 [[CMP11]], label [[IF_THEN12:%.]], label [[IF_END16:%.]]
				// CHECK-NOSANITIZE: if.then12:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE13]], i32 noundef 600)
				// CHECK-NOSANITIZE-NEXT: invoke void @_Z10will_throwi(i32 noundef 700)
				// CHECK-NOSANITIZE-NEXT: to label [[INVOKE_CONT15:%.]] unwind label [[LPAD14:%.]]
				// CHECK-NOSANITIZE: invoke.cont15:
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE13]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[IF_END16]]
				// CHECK-NOSANITIZE: lpad14:
				// CHECK-NOSANITIZE-NEXT: [[TMP16:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: cleanup
				// CHECK-NOSANITIZE-NEXT: [[TMP17:%.*]] = extractvalue { ptr, i32 } [[TMP16]], 0
				// CHECK-NOSANITIZE-NEXT: store ptr [[TMP17]], ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[TMP18:%.*]] = extractvalue { ptr, i32 } [[TMP16]], 1
				// CHECK-NOSANITIZE-NEXT: store i32 [[TMP18]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE13]]) #[[ATTR6]]
				// CHECK-NOSANITIZE-NEXT: br label [[EH_RESUME]]
				// CHECK-NOSANITIZE: if.end16:
				// CHECK-NOSANITIZE-NEXT: ret void
				// CHECK-NOSANITIZE: eh.resume:
				// CHECK-NOSANITIZE-NEXT: [[EXN17:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-NOSANITIZE-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-NOSANITIZE-NEXT: [[LPAD_VAL:%.*]] = insertvalue { ptr, i32 } undef, ptr [[EXN17]], 0
				// CHECK-NOSANITIZE-NEXT: [[LPAD_VAL18:%.*]] = insertvalue { ptr, i32 } [[LPAD_VAL]], i32 [[SEL]], 1
				// CHECK-NOSANITIZE-NEXT: resume { ptr, i32 } [[LPAD_VAL18]]
				// CHECK-NOSANITIZE: terminate.lpad:
				// CHECK-NOSANITIZE-NEXT: [[TMP19:%.*]] = landingpad { ptr, i32 }
				// CHECK-NOSANITIZE-NEXT: catch ptr null
				// CHECK-NOSANITIZE-NEXT: [[TMP20:%.*]] = extractvalue { ptr, i32 } [[TMP19]], 0
				// CHECK-NOSANITIZE-NEXT: call void @__clang_call_terminate(ptr [[TMP20]]) #[[ATTR8]]
				// CHECK-NOSANITIZE-NEXT: unreachable
				// CHECK-NOSANITIZE: unreachable:
				// CHECK-NOSANITIZE-NEXT: unreachable
				//
				// CHECK-SANITIZE-NORECOVER: Function Attrs: mustprogress noinline optnone
				// CHECK-SANITIZE-NORECOVER-LABEL: define {{[^@]+}}@_Z22exception_escape_is_oki
				// CHECK-SANITIZE-NORECOVER-SAME: (i32 noundef [[X:%.*]]) #[[ATTR6:[0-9]+]] personality ptr @__gxx_personality_v0 {
				// CHECK-SANITIZE-NORECOVER-NEXT: entry:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE:%.]] = alloca [[STRUCT_S:%.]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN_SLOT:%.*]] = alloca ptr, align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EHSELECTOR_SLOT:%.*]] = alloca i32, align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE3:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: [[STATE13:%.*]] = alloca [[STRUCT_S]], align 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[X]], ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP0:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP:%.*]] = icmp eq i32 [[TMP0]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP]], label [[IF_THEN:%.]], label [[IF_END:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]], i32 noundef 100)
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 200)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT:%.]] unwind label [[LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END]]
				// CHECK-SANITIZE-NORECOVER: lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP1:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: cleanup
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP2:%.*]] = extractvalue { ptr, i32 } [[TMP1]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP2]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP3:%.*]] = extractvalue { ptr, i32 } [[TMP1]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP3]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EH_RESUME:%.*]]
				// CHECK-SANITIZE-NORECOVER: if.end:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP4:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP1:%.*]] = icmp eq i32 [[TMP4]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP1]], label [[IF_THEN2:%.]], label [[IF_END10:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then2:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]], i32 noundef 300)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT5:%.]] unwind label [[LPAD4:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont5:
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z11might_throwi(i32 noundef 400)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT7:%.]] unwind label [[LPAD6:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont7:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[TRY_CONT:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad4:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP5:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP6:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP6]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP7:%.*]] = extractvalue { ptr, i32 } [[TMP5]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP7]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH:%.*]]
				// CHECK-SANITIZE-NORECOVER: lpad6:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP8:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP9:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP9]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP10:%.*]] = extractvalue { ptr, i32 } [[TMP8]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP10]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE3]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[CATCH]]
				// CHECK-SANITIZE-NORECOVER: catch:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP11:%.*]] = call ptr @__cxa_begin_catch(ptr [[EXN]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_rethrow() #[[ATTR9]]
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[UNREACHABLE:%.]] unwind label [[LPAD8:%.]]
				// CHECK-SANITIZE-NORECOVER: lpad8:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP12:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: cleanup
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP13:%.*]] = extractvalue { ptr, i32 } [[TMP12]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP13]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP14:%.*]] = extractvalue { ptr, i32 } [[TMP12]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP14]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @__cxa_end_catch()
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT9:%.]] unwind label [[TERMINATE_LPAD:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont9:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EH_RESUME]]
				// CHECK-SANITIZE-NORECOVER: try.cont:
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END10]]
				// CHECK-SANITIZE-NORECOVER: if.end10:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP15:%.*]] = load i32, ptr [[X_ADDR]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[CMP11:%.*]] = icmp eq i32 [[TMP15]], 2
				// CHECK-SANITIZE-NORECOVER-NEXT: br i1 [[CMP11]], label [[IF_THEN12:%.]], label [[IF_END16:%.]]
				// CHECK-SANITIZE-NORECOVER: if.then12:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SC1Ei(ptr noundef nonnull align 1 dereferenceable(1) [[STATE13]], i32 noundef 600)
				// CHECK-SANITIZE-NORECOVER-NEXT: invoke void @_Z10will_throwi(i32 noundef 700)
				// CHECK-SANITIZE-NORECOVER-NEXT: to label [[INVOKE_CONT15:%.]] unwind label [[LPAD14:%.]]
				// CHECK-SANITIZE-NORECOVER: invoke.cont15:
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE13]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[IF_END16]]
				// CHECK-SANITIZE-NORECOVER: lpad14:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP16:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: cleanup
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP17:%.*]] = extractvalue { ptr, i32 } [[TMP16]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: store ptr [[TMP17]], ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP18:%.*]] = extractvalue { ptr, i32 } [[TMP16]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: store i32 [[TMP18]], ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @_ZN1SD1Ev(ptr noundef nonnull align 1 dereferenceable(1) [[STATE13]]) #[[ATTR7]]
				// CHECK-SANITIZE-NORECOVER-NEXT: br label [[EH_RESUME]]
				// CHECK-SANITIZE-NORECOVER: if.end16:
				// CHECK-SANITIZE-NORECOVER-NEXT: ret void
				// CHECK-SANITIZE-NORECOVER: eh.resume:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[EXN17:%.*]] = load ptr, ptr [[EXN_SLOT]], align 8
				// CHECK-SANITIZE-NORECOVER-NEXT: [[SEL:%.*]] = load i32, ptr [[EHSELECTOR_SLOT]], align 4
				// CHECK-SANITIZE-NORECOVER-NEXT: [[LPAD_VAL:%.*]] = insertvalue { ptr, i32 } undef, ptr [[EXN17]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: [[LPAD_VAL18:%.*]] = insertvalue { ptr, i32 } [[LPAD_VAL]], i32 [[SEL]], 1
				// CHECK-SANITIZE-NORECOVER-NEXT: resume { ptr, i32 } [[LPAD_VAL18]]
				// CHECK-SANITIZE-NORECOVER: terminate.lpad:
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP19:%.*]] = landingpad { ptr, i32 }
				// CHECK-SANITIZE-NORECOVER-NEXT: catch ptr null
				// CHECK-SANITIZE-NORECOVER-NEXT: [[TMP20:%.*]] = extractvalue { ptr, i32 } [[TMP19]], 0
				// CHECK-SANITIZE-NORECOVER-NEXT: call void @__clang_call_terminate(ptr [[TMP20]]) #[[ATTR8]]
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				// CHECK-SANITIZE-NORECOVER: unreachable:
				// CHECK-SANITIZE-NORECOVER-NEXT: unreachable
				//
				void exception_escape_is_ok(int x) {
				if(x == 0) {
				#line 100
				S state;
				#line 200
				might_throw();
				}
				if(x == 1) {
				try {
				#line 300
				S state;
				#line 400
				might_throw();
				} catch (...) {
				#line 500
				throw;
				}
				}
				if(x == 2) {
				#line 600
				S state;
				#line 700
				will_throw();
				}
				}

clang/test/Driver/fsanitize.c

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-trap=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-trap=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-trap=undefined -fno-sanitize-trap=signed-integer-overflow %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP2			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-trap=undefined -fno-sanitize-trap=signed-integer-overflow %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP2
	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
	// RUN: %clang --target=x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP			// RUN: %clang --target=x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
	// RUN: %clang --target=x86_64-linux-gnu -fsanitize-trap -fsanitize=undefined-trap %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP			// RUN: %clang --target=x86_64-linux-gnu -fsanitize-trap -fsanitize=undefined-trap %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
	// CHECK-UNDEFINED-TRAP-NOT: -fsanitize-recover			// CHECK-UNDEFINED-TRAP-NOT: -fsanitize-recover
	// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|function),?){18}"}}			// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|function\|exception-escape),?){19}"}}
	// CHECK-UNDEFINED-TRAP: "-fsanitize-trap=alignment,array-bounds,bool,builtin,enum,float-cast-overflow,function,integer-divide-by-zero,nonnull-attribute,null,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,signed-integer-overflow,unreachable,vla-bound"			// CHECK-UNDEFINED-TRAP: "-fsanitize-trap=alignment,array-bounds,bool,builtin,enum,float-cast-overflow,function,integer-divide-by-zero,nonnull-attribute,null,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,signed-integer-overflow,unreachable,vla-bound,exception-escape"
	// CHECK-UNDEFINED-TRAP2: "-fsanitize-trap=alignment,array-bounds,bool,builtin,enum,float-cast-overflow,function,integer-divide-by-zero,nonnull-attribute,null,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,unreachable,vla-bound"			// CHECK-UNDEFINED-TRAP2: "-fsanitize-trap=alignment,array-bounds,bool,builtin,enum,float-cast-overflow,function,integer-divide-by-zero,nonnull-attribute,null,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,unreachable,vla-bound,exception-escape"

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED
	// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|function\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|vptr\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute),?){19}"}}			// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|function\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|vptr\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|exception-escape),?){20}"}}

	// RUN: %clang --target=x86_64-apple-darwin10 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN			// RUN: %clang --target=x86_64-apple-darwin10 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN
	// CHECK-UNDEFINED-DARWIN: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|function\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute),?){18}"}}			// CHECK-UNDEFINED-DARWIN: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|function\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|exception-escape),?){19}"}}

	// RUN: %clang --target=i386-pc-win32 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN32,CHECK-UNDEFINED-MSVC			// RUN: %clang --target=i386-pc-win32 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN32,CHECK-UNDEFINED-MSVC
	// RUN: %clang --target=i386-pc-win32 -fsanitize=undefined -x c++ %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN32,CHECK-UNDEFINED-WIN-CXX,CHECK-UNDEFINED-MSVC			// RUN: %clang --target=i386-pc-win32 -fsanitize=undefined -x c++ %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN32,CHECK-UNDEFINED-WIN-CXX,CHECK-UNDEFINED-MSVC
	// RUN: %clang --target=x86_64-pc-win32 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN64,CHECK-UNDEFINED-MSVC			// RUN: %clang --target=x86_64-pc-win32 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN64,CHECK-UNDEFINED-MSVC
	// RUN: %clang --target=x86_64-w64-mingw32 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-WIN64-MINGW			// RUN: %clang --target=x86_64-w64-mingw32 -fsanitize=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UNDEFINED-WIN64-MINGW
	// RUN: %clang --target=x86_64-pc-win32 -fsanitize=undefined -x c++ %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN64,CHECK-UNDEFINED-WIN-CXX,CHECK-UNDEFINED-MSVC			// RUN: %clang --target=x86_64-pc-win32 -fsanitize=undefined -x c++ %s -### 2>&1 \| FileCheck %s --check-prefixes=CHECK-UNDEFINED-WIN64,CHECK-UNDEFINED-WIN-CXX,CHECK-UNDEFINED-MSVC
	// CHECK-UNDEFINED-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-i386)?}}.lib"			// CHECK-UNDEFINED-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-i386)?}}.lib"
	// CHECK-UNDEFINED-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-x86_64)?}}.lib"			// CHECK-UNDEFINED-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-x86_64)?}}.lib"
	// CHECK-UNDEFINED-WIN64-MINGW: "--dependent-lib={{[^"]*}}libclang_rt.ubsan_standalone{{(-x86_64)?}}.a"			// CHECK-UNDEFINED-WIN64-MINGW: "--dependent-lib={{[^"]*}}libclang_rt.ubsan_standalone{{(-x86_64)?}}.a"
	// CHECK-UNDEFINED-WIN-CXX: "--dependent-lib={{[^"]}}ubsan_standalone_cxx{{[^"]}}.lib"			// CHECK-UNDEFINED-WIN-CXX: "--dependent-lib={{[^"]}}ubsan_standalone_cxx{{[^"]}}.lib"
	// CHECK-UNDEFINED-MSVC-SAME: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute),?){17}"}}			// CHECK-UNDEFINED-MSVC-SAME: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|exception-escape),?){18}"}}
	// CHECK-UNDEFINED-WIN64-MINGW-SAME: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|vptr),?){18}"}}			// CHECK-UNDEFINED-WIN64-MINGW-SAME: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|vptr\|exception-escape),?){19}"}}

	// RUN: %clang --target=i386-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-COVERAGE-WIN32			// RUN: %clang --target=i386-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-COVERAGE-WIN32
	// CHECK-COVERAGE-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-i386)?}}.lib"			// CHECK-COVERAGE-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-i386)?}}.lib"
	// RUN: %clang --target=x86_64-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-COVERAGE-WIN64			// RUN: %clang --target=x86_64-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-COVERAGE-WIN64
	// CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-x86_64)?}}.lib"			// CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone{{(-x86_64)?}}.lib"

	// RUN: %clang --target=%itanium_abi_triple -fsanitize=integer %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope"			// RUN: %clang --target=%itanium_abi_triple -fsanitize=integer %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope"
	// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow\|unsigned-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|implicit-unsigned-integer-truncation\|implicit-signed-integer-truncation\|implicit-integer-sign-change\|unsigned-shift-base),?){9}"}}			// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow\|unsigned-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|implicit-unsigned-integer-truncation\|implicit-signed-integer-truncation\|implicit-integer-sign-change\|unsigned-shift-base),?){9}"}}
	▲ Show 20 Lines • Show All 48 Lines • ▼ Show 20 Lines

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=all %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-FSANITIZE-ALL			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=all %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-FSANITIZE-ALL
	// CHECK-FSANITIZE-ALL: error: unsupported argument 'all' to option '-fsanitize='			// CHECK-FSANITIZE-ALL: error: unsupported argument 'all' to option '-fsanitize='

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=address,undefined -fno-sanitize=all -fsanitize=thread %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-FNO-SANITIZE-ALL			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=address,undefined -fno-sanitize=all -fsanitize=thread %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-FNO-SANITIZE-ALL
	// CHECK-FNO-SANITIZE-ALL: "-fsanitize=thread"			// CHECK-FNO-SANITIZE-ALL: "-fsanitize=thread"

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,builtin,enum %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,builtin,enum %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
	// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|function\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|array-bounds\|returns-nonnull-attribute\|nonnull-attribute),?){14}"}}			// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|function\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|array-bounds\|returns-nonnull-attribute\|nonnull-attribute\|exception-escape),?){15}"}}

	// RUN: %clang -fsanitize=shift -fno-sanitize=shift-base %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-FSANITIZE-SHIFT-PARTIAL			// RUN: %clang -fsanitize=shift -fno-sanitize=shift-base %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-FSANITIZE-SHIFT-PARTIAL
	// CHECK-FSANITIZE-SHIFT-PARTIAL: "-fsanitize=shift-exponent"			// CHECK-FSANITIZE-SHIFT-PARTIAL: "-fsanitize=shift-exponent"

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=vptr -fsanitize-trap=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-VPTR-TRAP-UNDEF			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=vptr -fsanitize-trap=undefined %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-VPTR-TRAP-UNDEF
	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-VPTR-TRAP-UNDEF			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-VPTR-TRAP-UNDEF
	// CHECK-VPTR-TRAP-UNDEF: error: invalid argument '-fsanitize=vptr' not allowed with '-fsanitize-trap=undefined'			// CHECK-VPTR-TRAP-UNDEF: error: invalid argument '-fsanitize=vptr' not allowed with '-fsanitize-trap=undefined'

	▲ Show 20 Lines • Show All 716 Lines • ▼ Show 20 Lines

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=address -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-ASAN-MINIMAL			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=address -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-ASAN-MINIMAL
	// CHECK-ASAN-MINIMAL: error: invalid argument '-fsanitize-minimal-runtime' not allowed with '-fsanitize=address'			// CHECK-ASAN-MINIMAL: error: invalid argument '-fsanitize-minimal-runtime' not allowed with '-fsanitize=address'

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=thread -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-TSAN-MINIMAL			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=thread -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-TSAN-MINIMAL
	// CHECK-TSAN-MINIMAL: error: invalid argument '-fsanitize-minimal-runtime' not allowed with '-fsanitize=thread'			// CHECK-TSAN-MINIMAL: error: invalid argument '-fsanitize-minimal-runtime' not allowed with '-fsanitize=thread'

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UBSAN-MINIMAL			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=undefined -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-UBSAN-MINIMAL
	// CHECK-UBSAN-MINIMAL: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute),?){17}"}}			// CHECK-UBSAN-MINIMAL: "-fsanitize={{((signed-integer-overflow\|integer-divide-by-zero\|shift-base\|shift-exponent\|unreachable\|return\|vla-bound\|alignment\|null\|pointer-overflow\|float-cast-overflow\|array-bounds\|enum\|bool\|builtin\|returns-nonnull-attribute\|nonnull-attribute\|exception-escape),?){18}"}}
	// CHECK-UBSAN-MINIMAL: "-fsanitize-minimal-runtime"			// CHECK-UBSAN-MINIMAL: "-fsanitize-minimal-runtime"

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=integer -fsanitize-trap=integer %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-INTSAN-TRAP			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=integer -fsanitize-trap=integer %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-INTSAN-TRAP
	// CHECK-INTSAN-TRAP: "-fsanitize-trap=integer-divide-by-zero,shift-base,shift-exponent,signed-integer-overflow,unsigned-integer-overflow,unsigned-shift-base,implicit-unsigned-integer-truncation,implicit-signed-integer-truncation,implicit-integer-sign-change"			// CHECK-INTSAN-TRAP: "-fsanitize-trap=integer-divide-by-zero,shift-base,shift-exponent,signed-integer-overflow,unsigned-integer-overflow,unsigned-shift-base,implicit-unsigned-integer-truncation,implicit-signed-integer-truncation,implicit-integer-sign-change"

	// RUN: %clang --target=x86_64-linux-gnu -fsanitize=integer -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-INTSAN-MINIMAL			// RUN: %clang --target=x86_64-linux-gnu -fsanitize=integer -fsanitize-minimal-runtime %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-INTSAN-MINIMAL
	// CHECK-INTSAN-MINIMAL: "-fsanitize=integer-divide-by-zero,shift-base,shift-exponent,signed-integer-overflow,unsigned-integer-overflow,unsigned-shift-base,implicit-unsigned-integer-truncation,implicit-signed-integer-truncation,implicit-integer-sign-change"			// CHECK-INTSAN-MINIMAL: "-fsanitize=integer-divide-by-zero,shift-base,shift-exponent,signed-integer-overflow,unsigned-integer-overflow,unsigned-shift-base,implicit-unsigned-integer-truncation,implicit-signed-integer-truncation,implicit-integer-sign-change"
	// CHECK-INTSAN-MINIMAL: "-fsanitize-minimal-runtime"			// CHECK-INTSAN-MINIMAL: "-fsanitize-minimal-runtime"
	▲ Show 20 Lines • Show All 121 Lines • Show Last 20 Lines

compiler-rt/lib/ubsan/ubsan_checks.inc

Show First 20 Lines • Show All 63 Lines • ▼ Show 20 Lines	UBSAN_CHECK(InvalidNullReturn, "invalid-null-return",
"returns-nonnull-attribute")		"returns-nonnull-attribute")
UBSAN_CHECK(InvalidNullReturnWithNullability, "invalid-null-return",		UBSAN_CHECK(InvalidNullReturnWithNullability, "invalid-null-return",
"nullability-return")		"nullability-return")
UBSAN_CHECK(InvalidNullArgument, "invalid-null-argument", "nonnull-attribute")		UBSAN_CHECK(InvalidNullArgument, "invalid-null-argument", "nonnull-attribute")
UBSAN_CHECK(InvalidNullArgumentWithNullability, "invalid-null-argument",		UBSAN_CHECK(InvalidNullArgumentWithNullability, "invalid-null-argument",
"nullability-arg")		"nullability-arg")
UBSAN_CHECK(DynamicTypeMismatch, "dynamic-type-mismatch", "vptr")		UBSAN_CHECK(DynamicTypeMismatch, "dynamic-type-mismatch", "vptr")
UBSAN_CHECK(CFIBadType, "cfi-bad-type", "cfi")		UBSAN_CHECK(CFIBadType, "cfi-bad-type", "cfi")
		UBSAN_CHECK(ExceptionEscape, "exception-escape", "exception-escape")

compiler-rt/lib/ubsan/ubsan_handlers.h

Show First 20 Lines • Show All 93 Lines • ▼ Show 20 Lines	struct UnreachableData {
SourceLocation Loc;		SourceLocation Loc;
};		};

/// \brief Handle a __builtin_unreachable which is reached.		/// \brief Handle a __builtin_unreachable which is reached.
UNRECOVERABLE(builtin_unreachable, UnreachableData *Data)		UNRECOVERABLE(builtin_unreachable, UnreachableData *Data)
/// \brief Handle reaching the end of a value-returning function.		/// \brief Handle reaching the end of a value-returning function.
UNRECOVERABLE(missing_return, UnreachableData *Data)		UNRECOVERABLE(missing_return, UnreachableData *Data)

		struct ExceptionEscapeData {
		SourceLocation Loc;
		};

		/// \brief Handle exception escaping out of C++ `noexcept` function.
		UNRECOVERABLE(exception_escape, ExceptionEscapeData *Data, ValueHandle Exn)

struct VLABoundData {		struct VLABoundData {
SourceLocation Loc;		SourceLocation Loc;
const TypeDescriptor &Type;		const TypeDescriptor &Type;
};		};

/// \brief Handle a VLA with a non-positive bound.		/// \brief Handle a VLA with a non-positive bound.
RECOVERABLE(vla_bound_not_positive, VLABoundData *Data, ValueHandle Bound)		RECOVERABLE(vla_bound_not_positive, VLABoundData *Data, ValueHandle Bound)

▲ Show 20 Lines • Show All 127 Lines • Show Last 20 Lines

compiler-rt/lib/ubsan/ubsan_handlers.cpp

	Show First 20 Lines • Show All 427 Lines • ▼ Show 20 Lines
	}			}

	void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {			void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {
	GET_REPORT_OPTIONS(true);			GET_REPORT_OPTIONS(true);
	handleMissingReturnImpl(Data, Opts);			handleMissingReturnImpl(Data, Opts);
	Die();			Die();
	}			}

				void __ubsan::__ubsan_handle_exception_escape(ExceptionEscapeData *Data,
				ValueHandle Exn) {
				GET_REPORT_OPTIONS(true);
				ErrorType ET = ErrorType::ExceptionEscape;
				ScopedReport R(Opts, Data->Loc, ET);
				Diag(Data->Loc, DL_Error, ET,
				"exception escapes out of function that should not throw exception");
				// FIXME: can we do anything useful with the \p Exn?
				Die();
				}

	static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,			static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,
	ReportOptions Opts) {			ReportOptions Opts) {
	SourceLocation Loc = Data->Loc.acquire();			SourceLocation Loc = Data->Loc.acquire();
	ErrorType ET = ErrorType::NonPositiveVLAIndex;			ErrorType ET = ErrorType::NonPositiveVLAIndex;

	if (ignoreReport(Loc, Opts, ET))			if (ignoreReport(Loc, Opts, ET))
	return;			return;

	▲ Show 20 Lines • Show All 475 Lines • Show Last 20 Lines

compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp

	Show First 20 Lines • Show All 135 Lines • ▼ Show 20 Lines
	HANDLER(function_type_mismatch, "function-type-mismatch")			HANDLER(function_type_mismatch, "function-type-mismatch")
	HANDLER(implicit_conversion, "implicit-conversion")			HANDLER(implicit_conversion, "implicit-conversion")
	HANDLER(nonnull_arg, "nonnull-arg")			HANDLER(nonnull_arg, "nonnull-arg")
	HANDLER(nonnull_return, "nonnull-return")			HANDLER(nonnull_return, "nonnull-return")
	HANDLER(nullability_arg, "nullability-arg")			HANDLER(nullability_arg, "nullability-arg")
	HANDLER(nullability_return, "nullability-return")			HANDLER(nullability_return, "nullability-return")
	HANDLER(pointer_overflow, "pointer-overflow")			HANDLER(pointer_overflow, "pointer-overflow")
	HANDLER(cfi_check_fail, "cfi-check-fail")			HANDLER(cfi_check_fail, "cfi-check-fail")
				HANDLER(exception_escape, "exception-escape")

compiler-rt/test/ubsan/TestCases/Misc/exception-escape.cpp

This file was added.

				// RUN: %clangxx -fsanitize=exception-escape %s -O3 -o %t
				// RUN: %run %t 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-ONE
				// RUN: not %run %t 2 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-TWO
				// RUN: not %run %t 2 3 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-THREE
				// RUN: %run %t 2 3 4 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-FOUR
				// RUN: not %run %t 2 3 4 5 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-FIVE
				// RUN: not %run %t 2 3 4 5 6 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-SIX
				// RUN: not %run %t 2 3 4 5 6 6 2>&1 \| FileCheck %s --implicit-check-not="error:" --check-prefixes=CHECK-ALL,CHECK-SEVEN

				#include <stdio.h>
				#include <stdlib.h>

				void thrower() { throw 0; }

				void maybe_throws() {}

				void nonthrower() noexcept {}

				// pure functions are generally side-effect free,
				// so we need to be smart to defeat optimizer
				// from completely dropping the call to the function...

				void *__attribute__((pure)) footgun(int x) {
				if (x == 2)
				#line 100
				thrower();

				if (x == 3)
				#line 200
				thrower();

				nonthrower();

				if (x == 4) {
				try {
				#line 300
				thrower();
				} catch (...) {
				}
				}

				if (x == 5) {
				try {
				#line 400
				thrower();
				} catch (...) {
				#line 500
				throw;
				}
				}

				if (x == 6) {
				try {
				#line 600
				thrower();
				} catch (...) {
				#line 700
				maybe_throws();
				#line 800
				throw;
				}
				}

				if (x == 7) {
				try {
				#line 900
				thrower();
				} catch (...) {
				#line 1000
				thrower();
				#line 1100
				throw;
				}
				}

				fprintf(stderr, "SUCCESS\n"); // Should be here, not in `main()`.
				return malloc(1);
				}

				// CHECK-ALL: TEST

				// CHECK-ONE: SUCCESS
				// CHECK-TWO: exception-escape.cpp:100:5: runtime error: exception escapes out of function that should not throw exception
				// CHECK-THREE: exception-escape.cpp:200:5: runtime error: exception escapes out of function that should not throw exception
				// CHECK-FOUR: SUCCESS
				// CHECK-FIVE: exception-escape.cpp:400:7: runtime error: exception escapes out of function that should not throw exception
				// CHECK-SIX: exception-escape.cpp:600:7: runtime error: exception escapes out of function that should not throw exception
				// CHECK-SEVEN: exception-escape.cpp:1000:7: runtime error: exception escapes out of function that should not throw exception

				int main(int argc, char **argv) {
				bool status = 0;
				void *mem = nullptr;

				fprintf(stderr, "TEST\n");

				try {
				mem = footgun(argc);
				status = !(mem != 0);
				} catch (...) {
				}

				fprintf(stderr, "escaping: %p\n", mem);
				return status;
				}

compiler-rt/test/ubsan_minimal/TestCases/exception-escape.cpp

This file was added.

				// RUN: %clangxx -fsanitize=exception-escape %s -O3 -o %t
				// RUN: %run %t 2>&1 \| FileCheck %s --implicit-check-not="exception-escape" --check-prefixes=CHECK-ALL,CHECK-ONE
				// RUN: not --crash %run %t a 2>&1 \| FileCheck %s --implicit-check-not="exception-escape" --check-prefixes=CHECK-ALL,CHECK-TWO
				// RUN: not --crash %run %t a b 2>&1 \| FileCheck %s --implicit-check-not="exception-escape" --check-prefixes=CHECK-ALL,CHECK-THREE

				#include <stdio.h>
				#include <stdlib.h>

				void thrower() { throw 0; }

				void nonthrower() noexcept {}

				// pure functions are generally side-effect free,
				// so we need to be smart to defeat optimizer
				// from completely dropping the call to the function...

				void *__attribute__((pure)) footgun(int x) {
				if (x == 2)
				thrower();
				if (x == 3)
				thrower();
				nonthrower();
				fprintf(stderr, "SUCCESS\n");
				return malloc(1);
				}

				// CHECK-ALL: TEST

				// CHECK-ONE: SUCCESS
				// CHECK-TWO: exception-escape
				// CHECK-THREE: exception-escape

				int main(int argc, char **argv) {
				bool status = 0;
				void *mem = nullptr;

				fprintf(stderr, "TEST\n");

				try {
				mem = footgun(argc);
				status = !(mem != 0);
				} catch (...) {
				}

				fprintf(stderr, "escaping: %p\n", mem);
				free(mem);
				return status;
				}

This is an archive of the discontinued LLVM Phabricator instance.

[clang][compiler-rt] Exception escape out of an non-unwinding function is an undefined behaviourNeeds ReviewPublic

Details

Diff Detail

Unit TestsFailed

Event Timeline

Revision Contents

Diff 479869

clang/docs/ReleaseNotes.rst

clang/docs/UndefinedBehaviorSanitizer.rst

clang/include/clang/Basic/Sanitizers.def

clang/lib/CodeGen/CGCall.cpp

clang/lib/CodeGen/CGCleanup.h

clang/lib/CodeGen/CGCleanup.cpp

clang/lib/CodeGen/CGException.cpp

clang/lib/CodeGen/CGExpr.cpp

clang/lib/CodeGen/CodeGenFunction.h

clang/lib/CodeGen/CodeGenFunction.cpp

clang/lib/CodeGen/EHScopeStack.h

clang/lib/Driver/SanitizerArgs.cpp

clang/test/CodeGen/windows-seh-EHa-CppCondiTemps.cpp

clang/test/CodeGenCXX/catch-exception-escape.cpp

clang/test/CodeGenCXX/exception-escape-as-ub-cleanups.cpp

clang/test/Driver/fsanitize.c

compiler-rt/lib/ubsan/ubsan_checks.inc

compiler-rt/lib/ubsan/ubsan_handlers.h

compiler-rt/lib/ubsan/ubsan_handlers.cpp

compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp

compiler-rt/test/ubsan/TestCases/Misc/exception-escape.cpp

compiler-rt/test/ubsan_minimal/TestCases/exception-escape.cpp

[clang][compiler-rt] Exception escape out of an non-unwinding function is an undefined behaviour
Needs ReviewPublic