<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/156999>156999</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            aarch64: can't do indirect tail call from non-BTI enabled code to BTI enabled code
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          pinskia
      </td>
    </tr>
</table>

<pre>
    Take:
```
struct StageList;
using StageFn = void (*)(StageList list);
struct StageList {
  const StageFn* fn;
};
void m(StageList list) { 
 return (*list.fn)(list);
} 
```

With just `-march=armv8.5-a` this produces:
```
        ldr     x1, [x0]
        br x1
```

This means if the list.fn is a BTI enabled function (`-mbranch-protection=bti`), the `bti c` will fail as x16 will NOT contain the address as expected.
Note GCC forces the use of x16 for indirect tail calls to allow for this.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJxsU02PmzAQ_TXDZRRkTIBw4EASpapUbQ-N1LPxR_CusSPbZNN_XxnSdru7CMnWzLzn92ZsFoK-WCk7qPZQHTM2x9H57qpteNEsG5z41Z3Zi4SyB9JDTR4_6UP0M4_4I7KL_KZDhHIPpJ-Dtpc1eLII5RFvTgsEugPaA22B7v4i0CQYbVfkez6EJoURubMh_qEE2qOyKwKa47pZjpg-o04kmFi8jLO3Dx0pmSu7yvlPBDRHfOcTSP9TxxGf56SpJpuJeT5CeWR-uu3yasOgJhhHHfDqnZi5DB-bhY_PCL-s9wLoAaHa3wlUxzcFg0-5DwrOiX6SzAbUCuMo8eEBdUCG-_NXlJYNRgpUs-VRu9Vrkjt4Zvm4uXoX5ZKB8jhEnbhTAw4LHdRkiBp58vKqjUHFtEEW8F7Ua-Dp-zmNIjJtFwQTwssQUo28XyWPUuRA-icXJX45HFA5z2VYSucg0amFSjmP2grtJY8Y0xmcGRMwOmTGuNelIDUzz0RXirZsWSa7oqkaUtYVbbKxG0ja86aktRKqFHW9HdSu4UQ1dKtonemOElqRllSk2FLS5ERVg2jLoWgbStuigC2RE9MmN-Y25c5fMh3CLLuiqtu2zQwbpAnLi6DUyldcskBpeiC-S6DNMF8CbEmaQvhHE3U0smPpgtRbKHvkzAJtIgr3iWtU3k1ond28nR93QqZ2vI9lszfdGON1uV70BPR00XGch5y7CegpiXgsadbPkkegp0V6AHp6eLt19HcAAAD__9iiNOg">