This is an archive of the discontinued LLVM Phabricator instance.

Differential D138774

Enhance stack protector
ClosedPublic

Authored by xiangzhangllvm on Nov 27 2022, 11:19 PM.

Details

Reviewers
LuoYuanke
pengfei
Commits
rG416e8c6ad529: Enhance stack protector for calling no return function
Summary

Enhance stack protector for calling no return function

I find current stack protector didn't work for calling no return function.
This is an defect for "stack protector", so let's refine it.

Diff Detail

Event Timeline

xiangzhangllvm created this revision.Nov 27 2022, 11:19 PM
Herald added a project: Restricted Project. · View Herald TranscriptNov 27 2022, 11:19 PM
Herald added a subscriber: hiraditya. · View Herald Transcript
xiangzhangllvm requested review of this revision.Nov 27 2022, 11:19 PM
Herald added a project: Restricted Project. · View Herald TranscriptNov 27 2022, 11:19 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B199678: Diff 478132.Nov 28 2022, 12:01 AM
xiangzhangllvm added a comment.Nov 28 2022, 9:09 PM

I reproduce according to https://buildkite.com/llvm-project/premerge-checks/builds/123514#0184bd1c-b61e-4f3f-b814-f4698f5d7b1b guide

The 2 failed tests

Timed Out Tests (1):
  libFuzzer :: minimize_crash.test
Failed Tests (1):
  LLVM :: Examples/OrcV2Examples/lljit-with-thinlto-summaries.test

are all passed in my local:

PASS: libFuzzer :: minimize_crash.test (80256 of 82179)
PASS: LLVM :: Examples/OrcV2Examples/lljit-with-thinlto-summaries.test (48357 of 82179)
(they don't have noreturn info)
xiangzhangllvm updated this revision to Diff 478461.Nov 28 2022, 10:43 PM
Harbormaster completed remote builds in B199936: Diff 478461.Nov 28 2022, 11:40 PM
xiangzhangllvm added a comment.Nov 29 2022, 4:53 PM

I check the following pull request https://reviews.llvm.org/D138778
it has same
Failed Tests (1):

LLVM :: Examples/OrcV2Examples/lljit-with-thinlto-summaries.test

So this fail is not cause by my patch. (And my local is pass)

lebedev.ri added a subscriber: lebedev.ri.Nov 29 2022, 5:52 PM

This pass operates on IR, so it should have IR-based tests (it should be fine to also have codegen tests, since that is a early-codegen ir based pass)

xiangzhangllvm added a comment.Nov 29 2022, 9:31 PM
In D138774#3958882, @lebedev.ri wrote:

This pass operates on IR, so it should have IR-based tests (it should be fine to also have codegen tests, since that is a early-codegen ir based pass)

Do you mean we should only check IR? I think choose 1 target (e.g X86) to check the asm code may be better. Thanks for review!

pengfei accepted this revision.Nov 29 2022, 10:00 PM

LGTM. But please wait for one or more days for other reviewers.

This revision is now accepted and ready to land.Nov 29 2022, 10:00 PM
LuoYuanke accepted this revision.Nov 29 2022, 10:09 PM

LGTM

lebedev.ri added a comment.Nov 30 2022, 5:44 AM
In D138774#3959161, @xiangzhangllvm wrote:
In D138774#3958882, @lebedev.ri wrote:

This pass operates on IR, so it should have IR-based tests (it should be fine to also have codegen tests, since that is a early-codegen ir based pass)

Do you mean we should only check IR? I think choose 1 target (e.g X86) to check the asm code may be better. Thanks for review!

Did i not literally answer that question in my original comment?
That being said, i'm not actually able to find any IR-producing tests for this pass, which is worrying.

xiangzhangllvm added a comment.Nov 30 2022, 5:31 PM
In D138774#3960170, @lebedev.ri wrote:

Did i not literally answer that question in my original comment?
That being said, i'm not actually able to find any IR-producing tests for this pass, which is worrying.

Sorry again, let me make more clear, did your "IR-producing tests" means we should check the IR not asm code ?
(Seems it is very normal to check the last asm code when we update IR pass.)

lebedev.ri added a comment.Nov 30 2022, 6:24 PM
In D138774#3962173, @xiangzhangllvm wrote:
In D138774#3960170, @lebedev.ri wrote:

Did i not literally answer that question in my original comment?
That being said, i'm not actually able to find any IR-producing tests for this pass, which is worrying.

Sorry again, let me make more clear, did your "IR-producing tests" means we should check the IR not asm code ?

Yes.

(Seems it is very normal to check the last asm code when we update IR pass.)

For this pass - apparently. In general - no.

xiangzhangllvm updated this revision to Diff 479140.Nov 30 2022, 7:29 PM
xiangzhangllvm added a comment.Nov 30 2022, 7:31 PM

Done. @lebedev.ri, clear now, thanks again for explain.

Harbormaster completed remote builds in B200407: Diff 479140.Nov 30 2022, 8:09 PM
This revision was landed with ongoing or failed builds.Nov 30 2022, 9:25 PM
Closed by commit rG416e8c6ad529: Enhance stack protector for calling no return function (authored by xiangzhangllvm). · Explain Why
This revision was automatically updated to reflect the committed changes.
xiangzhangllvm added a commit: rG416e8c6ad529: Enhance stack protector for calling no return function.
uabelho added a subscriber: uabelho.Dec 1 2022, 11:30 PM

Hello,

I noticed that if the compiler is built with EXPENSIVE_CHECKS on, the stack-protector-no-return.ll testcase fails with

DominatorTree is different than a freshly computed one!
	Current:
=============================--------------------------------
Inorder Dominator Tree: DFSNumbers invalid: 0 slow queries.
  [1] %entry {4294967295,4294967295} [0]
    [2] %unreachable {4294967295,4294967295} [1]
    [2] %lpad {4294967295,4294967295} [1]
      [3] %invoke.cont {4294967295,4294967295} [2]
        [4] %invoke.cont2 {4294967295,4294967295} [3]
        [4] %SP_return3 {4294967295,4294967295} [3]
        [4] %CallStackCheckFailBlk2 {4294967295,4294967295} [3]
      [3] %lpad1 {4294967295,4294967295} [2]
        [4] %eh.resume {4294967295,4294967295} [3]
          [5] %SP_return6 {4294967295,4294967295} [4]
          [5] %CallStackCheckFailBlk5 {4294967295,4294967295} [4]
        [4] %terminate.lpad {4294967295,4294967295} [3]
          [5] %SP_return9 {4294967295,4294967295} [4]
          [5] %CallStackCheckFailBlk8 {4294967295,4294967295} [4]
    [2] %SP_return {4294967295,4294967295} [1]
    [2] %CallStackCheckFailBlk {4294967295,4294967295} [1]
Roots: %entry 

	Freshly computed tree:
=============================--------------------------------
Inorder Dominator Tree: DFSNumbers invalid: 0 slow queries.
  [1] %entry {4294967295,4294967295} [0]
    [2] %SP_return {4294967295,4294967295} [1]
      [3] %unreachable {4294967295,4294967295} [2]
      [3] %lpad {4294967295,4294967295} [2]
        [4] %invoke.cont {4294967295,4294967295} [3]
          [5] %SP_return3 {4294967295,4294967295} [4]
            [6] %invoke.cont2 {4294967295,4294967295} [5]
          [5] %CallStackCheckFailBlk2 {4294967295,4294967295} [4]
        [4] %lpad1 {4294967295,4294967295} [3]
          [5] %eh.resume {4294967295,4294967295} [4]
            [6] %SP_return6 {4294967295,4294967295} [5]
            [6] %CallStackCheckFailBlk5 {4294967295,4294967295} [5]
          [5] %terminate.lpad {4294967295,4294967295} [4]
            [6] %SP_return9 {4294967295,4294967295} [5]
            [6] %CallStackCheckFailBlk8 {4294967295,4294967295} [5]
    [2] %CallStackCheckFailBlk {4294967295,4294967295} [1]
Roots: %entry

This can also be reproduced on a non-EXPENSIVE_CHECKS build just by adding "-verify-dom-info" to the command line like

llc test/CodeGen/X86/stack-protector-no-return.ll -mtriple=x86_64-unknown-linux-gnu -o - -verify-dom-info
xiangzhangllvm added a comment.Dec 2 2022, 1:04 AM

Seems not the patch problem, I find the stack protector is strange, it can't be independently print by -print-after-all, and just show in "Module Verifier".
Let me me take a deep look.
thanks very much!

fhahn added a reverting change: rG63150f463934: Revert "Enhance stack protector for calling no return function".Dec 2 2022, 4:59 AM
fhahn added a subscriber: fhahn.Dec 2 2022, 5:00 AM

This is causing some bots with EXPENSIVE_CHECKS enabled to fail so I reverted the patch to get the bots back to green: https://green.lab.llvm.org/green/job/clang-stage1-cmake-RA-expensive/24249/testReport/junit/LLVM/CodeGen_X86/stack_protector_no_return_ll/

It looks like the StackProtector pass claims to preserve the DT, but with this patch it probably runs into a case where it is not preserved properly, hence the verification failure.

xiangzhangllvm added a comment.Dec 2 2022, 11:57 PM
In D138774#3966421, @fhahn wrote:

This is causing some bots with EXPENSIVE_CHECKS enabled to fail so I reverted the patch to get the bots back to green: https://green.lab.llvm.org/green/job/clang-stage1-cmake-RA-expensive/24249/testReport/junit/LLVM/CodeGen_X86/stack_protector_no_return_ll/

It looks like the StackProtector pass claims to preserve the DT, but with this patch it probably runs into a case where it is not preserved properly, hence the verification failure.

Yes, after we enhance it, the old logic in stack protector is not enough to update the DT. Let me fix it. Thanks!

llvm/lib/CodeGen/StackProtector.cpp
549–550

Thanks, after we enhance the stack protector, the simple DT update is not enough to cover the DT change.

xiangzhangllvm updated this revision to Diff 479822.Dec 3 2022, 3:09 AM

Fix Dominate Tree problems

Harbormaster completed remote builds in B200902: Diff 479822.Dec 3 2022, 3:09 AM
xiangzhangllvm added a comment.Dec 3 2022, 3:12 AM

Update to https://reviews.llvm.org/D139254

alexfh mentioned this in D139254: Enhance stack protector.Dec 6 2022, 4:27 AM
alexfh added a subscriber: alexfh.Dec 6 2022, 5:36 AM

There's another problem with this patch. Please ensure it's fixed before recommitting. Clang hangs while compiling the following short snippet reduced from an open-source library (compiled on x86-64, linux):

$ cat q.c
char *texsubexpr(char *expression, char *subexpr) {
  char *texchar();
  if (*expression) return texchar(expression, subexpr);
}

void __stack_chk_fail (void) {
  __builtin_trap ();
}

$ clang -O1  -w -fstack-protector-all   -c q.c  -o q.o

Revision Contents

PathSize
llvm/
lib/
CodeGen/
46 lines
test/
CodeGen/
X86/
30 lines
194 lines

Diff 479822

llvm/lib/CodeGen/StackProtector.cpp

Show First 20 LinesShow All 408 Lines▼ Show 20 Lines
/// ///
/// entry: /// entry:
/// StackGuardSlot = alloca i8* /// StackGuardSlot = alloca i8*
/// StackGuard = <stack guard> /// StackGuard = <stack guard>
/// call void @llvm.stackprotector(StackGuard, StackGuardSlot) /// call void @llvm.stackprotector(StackGuard, StackGuardSlot)
/// ///
/// Returns true if the platform/triple supports the stackprotectorcreate pseudo /// Returns true if the platform/triple supports the stackprotectorcreate pseudo
/// node. /// node.
static bool CreatePrologue(Function *F, Module *M, ReturnInst *RI, static bool CreatePrologue(Function *F, Module *M, Instruction *CheckLoc,
const TargetLoweringBase *TLI, AllocaInst *&AI) { const TargetLoweringBase *TLI, AllocaInst *&AI) {
bool SupportsSelectionDAGSP = false; bool SupportsSelectionDAGSP = false;
IRBuilder<> B(&F->getEntryBlock().front()); IRBuilder<> B(&F->getEntryBlock().front());
PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext()); PointerType *PtrTy = Type::getInt8PtrTy(CheckLoc->getContext());
AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot"); AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot");
Value *GuardSlot = getStackGuard(TLI, M, B, &SupportsSelectionDAGSP); Value *GuardSlot = getStackGuard(TLI, M, B, &SupportsSelectionDAGSP);
B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector), B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector),
{GuardSlot, AI}); {GuardSlot, AI});
return SupportsSelectionDAGSP; return SupportsSelectionDAGSP;
} }
/// InsertStackProtectors - Insert code into the prologue and epilogue of the /// InsertStackProtectors - Insert code into the prologue and epilogue of the
/// function. /// function.
/// ///
/// - The prologue code loads and stores the stack guard onto the stack. /// - The prologue code loads and stores the stack guard onto the stack.
/// - The epilogue checks the value stored in the prologue against the original /// - The epilogue checks the value stored in the prologue against the original
/// value. It calls __stack_chk_fail if they differ. /// value. It calls __stack_chk_fail if they differ.
bool StackProtector::InsertStackProtectors() { bool StackProtector::InsertStackProtectors() {
// If the target wants to XOR the frame pointer into the guard value, it's // If the target wants to XOR the frame pointer into the guard value, it's
// impossible to emit the check in IR, so the target *must* support stack // impossible to emit the check in IR, so the target *must* support stack
// protection in SDAG. // protection in SDAG.
bool SupportsSelectionDAGSP = bool SupportsSelectionDAGSP =
TLI->useStackGuardXorFP() || TLI->useStackGuardXorFP() ||
(EnableSelectionDAGSP && !TM->Options.EnableFastISel); (EnableSelectionDAGSP && !TM->Options.EnableFastISel);
AllocaInst *AI = nullptr; // Place on stack that stores the stack guard. AllocaInst *AI = nullptr; // Place on stack that stores the stack guard.
bool RecalculateDT = false;
for (BasicBlock &BB : llvm::make_early_inc_range(*F)) { for (BasicBlock &BB : llvm::make_early_inc_range(*F)) {
ReturnInst *RI = dyn_cast<ReturnInst>(BB.getTerminator()); Instruction *CheckLoc = dyn_cast<ReturnInst>(BB.getTerminator());
if (!RI) if (!CheckLoc) {
for (auto &Inst : BB) {
auto *CB = dyn_cast<CallBase>(&Inst);
if (!CB)
continue;
if (!CB->doesNotReturn())
continue;
// Do stack check before non-return calls (e.g: __cxa_throw)
CheckLoc = CB;
RecalculateDT = true;
break;
}
}
if (!CheckLoc)
continue; continue;
// Generate prologue instrumentation if not already generated. // Generate prologue instrumentation if not already generated.
if (!HasPrologue) { if (!HasPrologue) {
HasPrologue = true; HasPrologue = true;
SupportsSelectionDAGSP &= CreatePrologue(F, M, RI, TLI, AI); SupportsSelectionDAGSP &= CreatePrologue(F, M, CheckLoc, TLI, AI);
} }
// SelectionDAG based code generation. Nothing else needs to be done here. // SelectionDAG based code generation. Nothing else needs to be done here.
// The epilogue instrumentation is postponed to SelectionDAG. // The epilogue instrumentation is postponed to SelectionDAG.
if (SupportsSelectionDAGSP) if (SupportsSelectionDAGSP)
break; break;
// Find the stack guard slot if the prologue was not created by this pass // Find the stack guard slot if the prologue was not created by this pass
Show All 9 Lines for (BasicBlock &BB : llvm::make_early_inc_range(*F)) {
// instrumentation has already been generated. // instrumentation has already been generated.
HasIRCheck = true; HasIRCheck = true;
// If we're instrumenting a block with a tail call, the check has to be // If we're instrumenting a block with a tail call, the check has to be
// inserted before the call rather than between it and the return. The // inserted before the call rather than between it and the return. The
// verifier guarantees that a tail call is either directly before the // verifier guarantees that a tail call is either directly before the
// return or with a single correct bitcast of the return value in between so // return or with a single correct bitcast of the return value in between so
// we don't need to worry about many situations here. // we don't need to worry about many situations here.
Instruction *CheckLoc = RI; Instruction *Prev = CheckLoc->getPrevNonDebugInstruction();
Instruction *Prev = RI->getPrevNonDebugInstruction();
if (Prev && isa<CallInst>(Prev) && cast<CallInst>(Prev)->isTailCall()) if (Prev && isa<CallInst>(Prev) && cast<CallInst>(Prev)->isTailCall())
CheckLoc = Prev; CheckLoc = Prev;
else if (Prev) { else if (Prev) {
Prev = Prev->getPrevNonDebugInstruction(); Prev = Prev->getPrevNonDebugInstruction();
if (Prev && isa<CallInst>(Prev) && cast<CallInst>(Prev)->isTailCall()) if (Prev && isa<CallInst>(Prev) && cast<CallInst>(Prev)->isTailCall())
CheckLoc = Prev; CheckLoc = Prev;
} }
Show All 38 Lines if (Function *GuardCheck = TLI->getSSPStackGuardCheck(*M)) {
// Create the FailBB. We duplicate the BB every time since the MI tail // Create the FailBB. We duplicate the BB every time since the MI tail
// merge pass will merge together all of the various BB into one including // merge pass will merge together all of the various BB into one including
// fail BB generated by the stack protector pseudo instruction. // fail BB generated by the stack protector pseudo instruction.
BasicBlock *FailBB = CreateFailBB(); BasicBlock *FailBB = CreateFailBB();
// Split the basic block before the return instruction. // Split the basic block before the return instruction.
BasicBlock *NewBB = BasicBlock *NewBB =
BB.splitBasicBlock(CheckLoc->getIterator(), "SP_return"); BB.splitBasicBlock(CheckLoc->getIterator(), "SP_return");
// Update the dominator tree if we need to.
if (DT && DT->isReachableFromEntry(&BB)) {
DT->addNewBlock(NewBB, &BB);
DT->addNewBlock(FailBB, &BB);
}
// Remove default branch instruction to the new BB. // Remove default branch instruction to the new BB.
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Thanks, after we enhance the stack protector, the simple DT update is not enough to cover the DT change.

xiangzhangllvm: Thanks, after we enhance the stack protector, the simple DT update is not enough to cover the…
BB.getTerminator()->eraseFromParent(); BB.getTerminator()->eraseFromParent();
// Move the newly created basic block to the point right after the old // Move the newly created basic block to the point right after the old
// basic block so that it's in the "fall through" position. // basic block so that it's in the "fall through" position.
NewBB->moveAfter(&BB); NewBB->moveAfter(&BB);
// Generate the stack protector instructions in the old basic block. // Generate the stack protector instructions in the old basic block.
IRBuilder<> B(&BB); IRBuilder<> B(&BB);
Value *Guard = getStackGuard(TLI, M, B); Value *Guard = getStackGuard(TLI, M, B);
LoadInst *LI2 = B.CreateLoad(B.getInt8PtrTy(), AI, true); LoadInst *LI2 = B.CreateLoad(B.getInt8PtrTy(), AI, true);
Value *Cmp = B.CreateICmpEQ(Guard, LI2); Value *Cmp = B.CreateICmpEQ(Guard, LI2);
auto SuccessProb = auto SuccessProb =
BranchProbabilityInfo::getBranchProbStackProtector(true); BranchProbabilityInfo::getBranchProbStackProtector(true);
auto FailureProb = auto FailureProb =
BranchProbabilityInfo::getBranchProbStackProtector(false); BranchProbabilityInfo::getBranchProbStackProtector(false);
MDNode *Weights = MDBuilder(F->getContext()) MDNode *Weights = MDBuilder(F->getContext())
.createBranchWeights(SuccessProb.getNumerator(), .createBranchWeights(SuccessProb.getNumerator(),
FailureProb.getNumerator()); FailureProb.getNumerator());
B.CreateCondBr(Cmp, NewBB, FailBB, Weights); B.CreateCondBr(Cmp, NewBB, FailBB, Weights);
// Update the dominator tree if we need to.
if (DT && DT->isReachableFromEntry(&BB)) {
// For no return case there are may be other BBs success from
// the splited BB, we need recalculate the dominate tree.
if (RecalculateDT) {
DT->recalculate(*F);
} else {
DT->addNewBlock(NewBB, &BB);
DT->addNewBlock(FailBB, &BB);
}
}
} }
} }
// Return if we didn't modify any basic blocks. i.e., there are no return // Return if we didn't modify any basic blocks. i.e., there are no return
// statements in the function. // statements in the function.
return HasPrologue; return HasPrologue;
} }
▲ Show 20 LinesShow All 48 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/stack-protector-2.ll

Show First 20 LinesShow All 186 Lines▼ Show 20 Lines; CHECK-NEXT: %2 = alloca i64
%2 = alloca i64, align 8 %2 = alloca i64, align 8
store i64 %0, i64* %2, align 8 store i64 %0, i64* %2, align 8
%3 = load i64, i64* %2, align 8 %3 = load i64, i64* %2, align 8
%4 = alloca i8, i64 %3, align 16 %4 = alloca i8, i64 %3, align 16
call void @foo(i8* %4) call void @foo(i8* %4)
ret void ret void
} }
; Check stack protect for noreturn call
define dso_local i32 @foo_no_return(i32 %0) #1 {
; CHECK-LABEL: @foo_no_return
entry:
%cmp = icmp sgt i32 %0, 4
br i1 %cmp, label %if.then, label %if.end
; CHECK: if.then: ; preds = %entry
; CHECK-NEXT: %StackGuard1 = load volatile i8*, i8* addrspace(257)* inttoptr (i32 40 to i8* addrspace(257)*), align 8
; CHECK-NEXT: %1 = load volatile i8*, i8** %StackGuardSlot, align 8
; CHECK-NEXT: %2 = icmp eq i8* %StackGuard1, %1
; CHECK-NEXT: br i1 %2, label %SP_return, label %CallStackCheckFailBlk
; CHECK: SP_return: ; preds = %if.then
; CHECK-NEXT: %call = call i32 @foo_no_return(i32 1)
; CHECK-NEXT: br label %return
; CHECK: if.end: ; preds = %entry
; CHECK-NEXT: br label %return
if.then: ; preds = %entry
%call = call i32 @foo_no_return(i32 1)
br label %return
if.end: ; preds = %entry
br label %return
return: ; preds = %if.end, %if.then
ret i32 0
}
attributes #0 = { sspstrong } attributes #0 = { sspstrong }
attributes #1 = { noreturn sspreq}

llvm/test/CodeGen/X86/stack-protector-no-return.ll

  • This file was added.
; RUN: llc %s -mtriple=x86_64-unknown-linux-gnu -o - | FileCheck %s
$__clang_call_terminate = comdat any
@_ZTIi = external dso_local constant i8*
@.str = private unnamed_addr constant [5 x i8] c"win\0A\00", align 1
; Function Attrs: mustprogress noreturn sspreq uwtable
define dso_local void @_Z7catchesv() local_unnamed_addr #0 personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {
; CHECK-LABEL: _Z7catchesv:
; CHECK: # %bb.0: # %entry
; CHECK: movq %fs:40, %rax
; CHECK-NEXT: movq %rax, 8(%rsp)
entry:
%exception = tail call i8* @__cxa_allocate_exception(i64 4) #8
%0 = bitcast i8* %exception to i32*
store i32 1, i32* %0, align 16
invoke void @__cxa_throw(i8* nonnull %exception, i8* bitcast (i8** @_ZTIi to i8*), i8* null) #9
to label %unreachable unwind label %lpad
; CHECK: callq __cxa_allocate_exception
; CHECK-NEXT: movl $1, (%rax)
; CHECK-NEXT: movq %fs:40, %rcx
; CHECK-NEXT: cmpq 8(%rsp), %rcx
; CHECK-NEXT: jne .LBB0_12
; CHECK-NEXT: # %bb.1: # %SP_return
; CHECK-NEXT: .Ltmp0:
; CHECK-NEXT: movl $_ZTIi, %esi
; CHECK-NEXT: movq %rax, %rdi
; CHECK-NEXT: xorl %edx, %edx
; CHECK-NEXT: callq __cxa_throw
lpad: ; preds = %entry
%1 = landingpad { i8*, i32 }
catch i8* null
%2 = extractvalue { i8*, i32 } %1, 0
%3 = tail call i8* @__cxa_begin_catch(i8* %2) #8
%call = invoke i64 @write(i32 noundef 1, i8* noundef getelementptr inbounds ([5 x i8], [5 x i8]* @.str, i64 0, i64 0), i64 noundef 4)
to label %invoke.cont unwind label %lpad1
; CHECK: callq __cxa_begin_catch
; CHECK-NEXT: .Ltmp3:
; CHECK-NEXT: movl $.L.str, %esi
; CHECK-NEXT: movl $4, %edx
; CHECK-NEXT: movl $1, %edi
; CHECK-NEXT: callq write
invoke.cont: ; preds = %lpad
invoke void @_exit(i32 noundef 1) #9
to label %invoke.cont2 unwind label %lpad1
; CHECK: # %bb.3: # %invoke.cont
; CHECK-NEXT: movq %fs:40, %rax
; CHECK-NEXT: cmpq 8(%rsp), %rax
; CHECK-NEXT: jne .LBB0_12
; CHECK-NEXT: # %bb.4: # %SP_return3
; CHECK-NEXT: .Ltmp5:
; CHECK-NEXT: movl $1, %edi
; CHECK-NEXT: callq _exit
invoke.cont2: ; preds = %invoke.cont
unreachable
lpad1: ; preds = %invoke.cont, %lpad
%4 = landingpad { i8*, i32 }
cleanup
invoke void @__cxa_end_catch()
to label %eh.resume unwind label %terminate.lpad
; CHECK: .LBB0_6: # %lpad1
; CHECK-NEXT: .Ltmp7:
; CHECK-NEXT: movq %rax, %rbx
; CHECK-NEXT: .Ltmp8:
; CHECK-NEXT: callq __cxa_end_catch
eh.resume: ; preds = %lpad1
resume { i8*, i32 } %4
; CHECK: # %bb.7: # %eh.resume
; CHECK-NEXT: movq %fs:40, %rax
; CHECK-NEXT: cmpq 8(%rsp), %rax
; CHECK-NEXT: jne .LBB0_12
; CHECK-NEXT: # %bb.8: # %SP_return6
; CHECK-NEXT: movq %rbx, %rdi
; CHECK-NEXT: callq _Unwind_Resume@PLT
terminate.lpad: ; preds = %lpad1
%5 = landingpad { i8*, i32 }
catch i8* null
%6 = extractvalue { i8*, i32 } %5, 0
tail call void @__clang_call_terminate(i8* %6) #10
unreachable
; CHECK: .LBB0_9: # %terminate.lpad
; CHECK: movq %fs:40, %rcx
; CHECK-NEXT: cmpq 8(%rsp), %rcx
; CHECK-NEXT: jne .LBB0_12
; CHECK-NEXT: # %bb.10: # %SP_return9
; CHECK-NEXT: movq %rax, %rdi
; CHECK-NEXT: callq __clang_call_terminate
; CHECK: .LBB0_12: # %CallStackCheckFailBlk
; CHECK-NEXT: callq __stack_chk_fail@PLT
unreachable: ; preds = %entry
unreachable
}
; Function Attrs: nofree
declare dso_local noalias i8* @__cxa_allocate_exception(i64) local_unnamed_addr #1
; Function Attrs: nofree noreturn
declare dso_local void @__cxa_throw(i8*, i8*, i8*) local_unnamed_addr #2
declare dso_local i32 @__gxx_personality_v0(...)
; Function Attrs: nofree
declare dso_local i8* @__cxa_begin_catch(i8*) local_unnamed_addr #1
; Function Attrs: nofree
declare dso_local noundef i64 @write(i32 noundef, i8* nocapture noundef readonly, i64 noundef) local_unnamed_addr #3
; Function Attrs: nofree noreturn
declare dso_local void @_exit(i32 noundef) local_unnamed_addr #4
; Function Attrs: nofree
declare dso_local void @__cxa_end_catch() local_unnamed_addr #1
; Function Attrs: noinline noreturn nounwind
define linkonce_odr hidden void @__clang_call_terminate(i8* %0) local_unnamed_addr #5 comdat {
%2 = tail call i8* @__cxa_begin_catch(i8* %0) #8
tail call void @_ZSt9terminatev() #10
unreachable
}
; Function Attrs: nofree noreturn nounwind
declare dso_local void @_ZSt9terminatev() local_unnamed_addr #6
; Function Attrs: mustprogress nofree sspreq uwtable
define dso_local void @_Z4vulni(i32 noundef %op) local_unnamed_addr #7 {
; CHECK-LABEL: _Z4vulni:
; CHECK: # %bb.0: # %entry
; CHECK-NEXT: pushq %rax
; CHECK-NEXT: .cfi_def_cfa_offset 16
; CHECK-NEXT: movq %fs:40, %rax
; CHECK-NEXT: movq %rax, (%rsp)
; CHECK-NEXT: cmpl $1, %edi
; CHECK-NEXT: je .LBB2_1
; CHECK-NEXT: # %bb.3: # %if.end
; CHECK-NEXT: movq %fs:40, %rax
; CHECK-NEXT: cmpq (%rsp), %rax
; CHECK-NEXT: jne .LBB2_5
; CHECK-NEXT: # %bb.4: # %SP_return3
; CHECK-NEXT: popq %rax
; CHECK-NEXT: .cfi_def_cfa_offset 8
; CHECK-NEXT: retq
; CHECK-NEXT: .LBB2_1: # %if.then
; CHECK-NEXT: .cfi_def_cfa_offset 16
; CHECK-NEXT: movl $4, %edi
; CHECK-NEXT: callq __cxa_allocate_exception
; CHECK-NEXT: movl $1, (%rax)
; CHECK-NEXT: movq %fs:40, %rcx
; CHECK-NEXT: cmpq (%rsp), %rcx
; CHECK-NEXT: jne .LBB2_5
; CHECK-NEXT: # %bb.2: # %SP_return
; CHECK-NEXT: movl $_ZTIi, %esi
; CHECK-NEXT: movq %rax, %rdi
; CHECK-NEXT: xorl %edx, %edx
; CHECK-NEXT: callq __cxa_throw
; CHECK-NEXT: .LBB2_5: # %CallStackCheckFailBlk2
; CHECK-NEXT: callq __stack_chk_fail@PLT
entry:
%cmp = icmp eq i32 %op, 1
br i1 %cmp, label %if.then, label %if.end
if.then: ; preds = %entry
%exception = tail call i8* @__cxa_allocate_exception(i64 4) #8
%0 = bitcast i8* %exception to i32*
store i32 1, i32* %0, align 16
tail call void @__cxa_throw(i8* %exception, i8* bitcast (i8** @_ZTIi to i8*), i8* null) #9
unreachable
if.end: ; preds = %entry
ret void
}
attributes #0 = { mustprogress noreturn sspreq uwtable }
attributes #1 = { nofree }
attributes #2 = { nofree noreturn }
attributes #3 = { nofree }
attributes #4 = { nofree noreturn }
attributes #5 = { noinline noreturn nounwind }
attributes #6 = { nofree noreturn nounwind }
attributes #7 = { mustprogress nofree sspreq uwtable }
attributes #8 = { nounwind }
attributes #9 = { noreturn }
attributes #10 = { noreturn nounwind }