compiler-rt/test/hwasan/TestCases/stack-uar.c

   1 // Tests use-after-return detection and reporting.
   2 // RUN: %clang_hwasan -O0 -g %s -o %t && not %run %t 2>&1 | FileCheck %s
   3 // RUN: %clang_hwasan -O3 -g %s -o %t && not %run %t 2>&1 | FileCheck %s
   4 // RUN: %clang_hwasan -g %s -o %t && not %env_hwasan_opts=symbolize=0 %run %t 2>&1 | FileCheck %s --check-prefix=NOSYM
   5
   6 // Run the same test as above, but using the __hwasan_add_frame_record libcall.
   7 // The output should be the exact same.
   8 // RUN: %clang_hwasan -g %s -o %t -mllvm -hwasan-record-stack-history=libcall && not %env_hwasan_opts=symbolize=0 %run %t 2>&1 | FileCheck %s --check-prefix=NOSYM
   9
  10 // Stack histories currently are not recorded on x86.
  11 // XFAIL: target=x86_64{{.*}}
  12
  13 #include <assert.h>
  14 #include <sanitizer/hwasan_interface.h>
  15
  16 void USE(void *x) { // pretend_to_do_something(void *x)
  17   __asm__ __volatile__("" : : "r" (x) : "memory");
  18 }
  19
  20 __attribute__((noinline))
  21 char *buggy() {
  22   char zzz[0x800];
  23   char yyy[0x800];
  24   // Tags for stack-allocated variables can occasionally be zero, resulting in
  25   // a false negative for this test. The tag allocation algorithm is not easy
  26   // to fix, hence we work around it: if the tag is zero, we use the
  27   // neighboring variable instead, which must have a different (hence non-zero)
  28   // tag.
  29   char *volatile p;
  30   if (__hwasan_tag_pointer(zzz, 0) == zzz) {
  31     assert(__hwasan_tag_pointer(yyy, 0) != yyy);
  32     p = yyy;
  33   } else {
  34     p = zzz;
  35   }
  36   return p;
  37 }
  38
  39 __attribute__((noinline)) void Unrelated1() { int A[2]; USE(&A[0]); }
  40 __attribute__((noinline)) void Unrelated2() { int BB[3]; USE(&BB[0]); }
  41 __attribute__((noinline)) void Unrelated3() { int CCC[4]; USE(&CCC[0]); }
  42
  43 int main() {
  44   char *p = buggy();
  45   Unrelated1();
  46   Unrelated2();
  47   Unrelated3();
  48   return *p;
  49   // CHECK: READ of size 1 at
  50   // CHECK: #0 {{.*}} in main{{.*}}stack-uar.c:[[@LINE-2]]
  51   // CHECK: Cause: stack tag-mismatch
  52   // CHECK: is located in stack of thread
  53   // CHECK: Potentially referenced stack objects:
  54   // CHECK: Cause: use-after-scope
  55   // CHECK-NEXT: 0x{{.*}} is located 0 bytes inside a 2048-byte local variable {{zzz|yyy}} [0x{{.*}},0x{{.*}}) in buggy {{.*}}stack-uar.c:
  56   // CHECK: Memory tags around the buggy address
  57
  58   // NOSYM: Previously allocated frames:
  59   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}}
  60   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}}
  61   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}}
  62   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}}
  63   // NOSYM: Memory tags around the buggy address
  64
  65   // CHECK: SUMMARY: HWAddressSanitizer: tag-mismatch {{.*}} in main
  66 }