make simplifycfg insert an llvm.trap before the 'unreachable' it introduces
when it detects undefined behavior. llvm.trap generally codegens into some
thing really small (e.g. a 2 byte ud2 instruction on x86) and debugging this
sort of thing is "nontrivial". For example, we now compile:
void foo() { *(int*)0 = 42; }
into:
_foo:
pushl %ebp
movl %esp, %ebp
ud2
Some may even claim that this is a security hole, though that seems dubious
to me. This addresses rdar://7958343 - Optimizing away null dereference
potentially allows arbitrary code execution
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@103356 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/test/Transforms/SimplifyCFG/trapping-load-unreachable.ll b/test/Transforms/SimplifyCFG/trapping-load-unreachable.ll
index 0c9cc8b..6956faa 100644
--- a/test/Transforms/SimplifyCFG/trapping-load-unreachable.ll
+++ b/test/Transforms/SimplifyCFG/trapping-load-unreachable.ll
@@ -1,19 +1,33 @@
-; RUN: opt < %s -simplifycfg -S | grep {volatile load}
+; RUN: opt < %s -simplifycfg -S | FileCheck %s
; PR2967
target datalayout =
"e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32"
target triple = "i386-pc-linux-gnu"
-define void @foo(i32 %x) nounwind {
+define void @test1(i32 %x) nounwind {
entry:
%0 = icmp eq i32 %x, 0 ; <i1> [#uses=1]
br i1 %0, label %bb, label %return
bb: ; preds = %entry
- %1 = volatile load i32* null ; <i32> [#uses=0]
+ %1 = volatile load i32* null
unreachable
+
br label %return
return: ; preds = %entry
ret void
+; CHECK: @test1
+; CHECK: volatile load
+}
+
+; rdar://7958343
+define void @test2() nounwind {
+entry:
+ store i32 4,i32* null
+ ret void
+
+; CHECK: @test2
+; CHECK: call void @llvm.trap
+; CHECK: unreachable
}