compiler-rt/test/hwasan/TestCases/stack-uas.c

   1 // Tests use-after-scope detection and reporting.
   2 // RUN: %clang_hwasan -O0 -g %s -o %t && not %run %t 2>&1 | FileCheck %s
   3 // RUN: %clang_hwasan -O2 -g %s -o %t && not %run %t 2>&1 | FileCheck %s
   4 // RUN: %clang_hwasan -O2 -g %s -DBUFFER_SIZE=1000000 -o %t && not %run %t 2>&1 | FileCheck %s
   5 // RUN: %clang_hwasan -O2 -g %s -DBUFFER_SIZE=2000000 -o %t && not %run %t 2>&1 | FileCheck %s
   6 // RUN: %clang_hwasan -g %s -o %t && not %env_hwasan_opts=symbolize=0 %run %t 2>&1 | FileCheck %s --check-prefix=NOSYM
   7
   8 // RUN: %clang_hwasan -mllvm -hwasan-use-after-scope=false -g %s -o %t && %run %t 2>&1
   9
  10 // RUN: %clang_hwasan -g %s -o %t && not %run %t 2>&1 | FileCheck %s
  11
  12 // Run the same test as above, but using the __hwasan_add_frame_record libcall.
  13 // The output should be the exact same.
  14 // RUN: %clang_hwasan -mllvm -hwasan-record-stack-history=libcall -g %s -o %t && not %env_hwasan_opts=symbolize=0 %run %t 2>&1 | FileCheck %s --check-prefix=NOSYM
  15
  16 // Stack histories currently are not recorded on x86.
  17 // XFAIL: target=x86_64{{.*}}
  18
  19 #include <assert.h>
  20 #include <sanitizer/hwasan_interface.h>
  21 #include <stdio.h>
  22
  23 #ifndef BUFFER_SIZE
  24 #  define BUFFER_SIZE 0x800
  25 #endif
  26
  27 void USE(void *x) { // pretend_to_do_something(void *x)
  28   __asm__ __volatile__(""
  29                        :
  30                        : "r"(x)
  31                        : "memory");
  32 }
  33
  34 __attribute__((noinline)) void Unrelated1() {
  35   int A[2];
  36   USE(&A[0]);
  37 }
  38 __attribute__((noinline)) void Unrelated2() {
  39   int BB[3];
  40   USE(&BB[0]);
  41 }
  42 __attribute__((noinline)) void Unrelated3() {
  43   int CCC[4];
  44   USE(&CCC[0]);
  45 }
  46
  47 __attribute__((noinline)) char buggy() {
  48   char *volatile p;
  49   {
  50     char zzz[BUFFER_SIZE] = {};
  51     char yyy[BUFFER_SIZE] = {};
  52     // With -hwasan-generate-tags-with-calls=false, stack tags can occasionally
  53     // be zero, leading to a false negative
  54     // (https://github.com/llvm/llvm-project/issues/69221). Work around it by
  55     // using the neighboring variable, which is guaranteed by
  56     // -hwasan-generate-tags-with-calls=false to have a different (hence
  57     // non-zero) tag.
  58     if (__hwasan_tag_pointer(zzz, 0) == zzz) {
  59       assert(__hwasan_tag_pointer(yyy, 0) != yyy);
  60       p = yyy;
  61     } else {
  62       p = zzz;
  63     }
  64   }
  65   return *p;
  66 }
  67
  68 int main() {
  69   Unrelated1();
  70   Unrelated2();
  71   Unrelated3();
  72   char p = buggy();
  73   return p;
  74   // CHECK: READ of size 1 at
  75   // CHECK: #0 {{.*}} in buggy{{.*}}stack-uas.c:[[@LINE-10]]
  76   // CHECK: Cause: stack tag-mismatch
  77   // CHECK: is located in stack of thread
  78   // CHECK: Potentially referenced stack objects:
  79   // CHECK: Cause: use-after-scope
  80   // CHECK-NEXT: 0x{{.*}} is located 0 bytes inside a {{.*}}-byte local variable {{zzz|yyy}} [0x{{.*}}) in buggy {{.*}}stack-uas.c:
  81   // CHECK: Memory tags around the buggy address
  82
  83   // NOSYM: Previously allocated frames:
  84   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uas.c.tmp+0x{{.*}}){{$}}
  85   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uas.c.tmp+0x{{.*}}){{$}}
  86   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uas.c.tmp+0x{{.*}}){{$}}
  87   // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uas.c.tmp+0x{{.*}}){{$}}
  88   // NOSYM: Memory tags around the buggy address
  89
  90   // CHECK: SUMMARY: HWAddressSanitizer: tag-mismatch {{.*}} in buggy
  91 }