jacobbramley wrote: Just a thought: if BOLT has an incomplete CFG such that there are apparently-unreachable basic blocks, then either there's some genuine dead code, or some control flow that BOLT doesn't understand. If the basic block begins with `BTI j` (or an implicit alternative) then a computed branch is probably intended, and in that case, don't we have a potential problem for all basic blocks? That is, an attacker could divert a computed branch to _any_ `BTI j(c)`.
A warning is probably the right approach for now, anyway. The code looks broadly sensible to me but I'm not sure if I'm the right person to do an implementation review here, so I just looked at a high level. https://github.com/llvm/llvm-project/pull/136183 _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
