1 | // RUN: %clangxx_asan -O0 -mllvm -asan-instrument-dynamic-allocas %s -o %t |
---|---|
2 | // RUN: %run %t 2>&1 |
3 | // |
4 | // REQUIRES: stable-runtime |
5 | |
6 | // See https://github.com/llvm/llvm-project/issues/110956 |
7 | // XFAIL: target=sparc{{.*}} |
8 | |
9 | // This testcase checks correct interaction between VLAs and allocas. |
10 | |
11 | // MSVC doesn't support VLA's |
12 | // UNSUPPORTED: msvc |
13 | |
14 | #include <assert.h> |
15 | #include <stdint.h> |
16 | #include <stdlib.h> |
17 | #include "sanitizer/asan_interface.h" |
18 | |
19 | // MSVC provides _alloca instead of alloca. |
20 | #if defined(_MSC_VER) && !defined(alloca) |
21 | # define alloca _alloca |
22 | #endif |
23 | |
24 | #if defined(__sun__) && defined(__svr4__) |
25 | #include <alloca.h> |
26 | #endif |
27 | |
28 | #define RZ 32 |
29 | |
30 | __attribute__((noinline)) void foo(int len) { |
31 | char *top, *bot; |
32 | // This alloca call should live until the end of foo. |
33 | char *alloca1 = (char *)alloca(len); |
34 | assert(!(reinterpret_cast<uintptr_t>(alloca1) & 31L)); |
35 | // This should be first poisoned address after loop. |
36 | top = alloca1 - RZ; |
37 | for (int i = 0; i < 32; ++i) { |
38 | // Check that previous alloca was unpoisoned at the end of iteration. |
39 | if (i) assert(!__asan_region_is_poisoned(bot, 96)); |
40 | // VLA is unpoisoned at the end of iteration. |
41 | volatile char array[i]; |
42 | // Ensure that asan-use-stack-safety does not optimize out the poisoning. |
43 | if (i) array[0] = 0; |
44 | assert(!(reinterpret_cast<uintptr_t>(array) & 31L)); |
45 | // Alloca is unpoisoned at the end of iteration, |
46 | // because dominated by VLA. |
47 | bot = (char *)alloca(i) - RZ; |
48 | } |
49 | // Check that all allocas from loop were unpoisoned correctly. |
50 | void *q = __asan_region_is_poisoned(beg: bot, size: (char *)top - (char *)bot + 1); |
51 | assert(q == top); |
52 | } |
53 | |
54 | int main(int argc, char **argv) { |
55 | foo(len: 32); |
56 | return 0; |
57 | } |
58 |