1// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-dynamic-allocas %s -o %t
2// RUN: %run %t 2>&1
3//
4// REQUIRES: stable-runtime
5
6// This testcase checks correct interaction between VLAs and allocas.
7
8#include <assert.h>
9#include <stdint.h>
10#include <stdlib.h>
11#include "sanitizer/asan_interface.h"
12
13// MSVC provides _alloca instead of alloca.
14#if defined(_MSC_VER) && !defined(alloca)
15# define alloca _alloca
16#endif
17
18#if defined(__sun__) && defined(__svr4__)
19#include <alloca.h>
20#endif
21
22#define RZ 32
23
24__attribute__((noinline)) void foo(int len) {
25 char *top, *bot;
26 // This alloca call should live until the end of foo.
27 char *alloca1 = (char *)alloca(len);
28 assert(!(reinterpret_cast<uintptr_t>(alloca1) & 31L));
29 // This should be first poisoned address after loop.
30 top = alloca1 - RZ;
31 for (int i = 0; i < 32; ++i) {
32 // Check that previous alloca was unpoisoned at the end of iteration.
33 if (i) assert(!__asan_region_is_poisoned(bot, 96));
34 // VLA is unpoisoned at the end of iteration.
35 volatile char array[i];
36 // Ensure that asan-use-stack-safety does not optimize out the poisoning.
37 if (i) array[0] = 0;
38 assert(!(reinterpret_cast<uintptr_t>(array) & 31L));
39 // Alloca is unpoisoned at the end of iteration,
40 // because dominated by VLA.
41 bot = (char *)alloca(i) - RZ;
42 }
43 // Check that all allocas from loop were unpoisoned correctly.
44 void *q = __asan_region_is_poisoned(beg: bot, size: (char *)top - (char *)bot + 1);
45 assert(q == top);
46}
47
48int main(int argc, char **argv) {
49 foo(len: 32);
50 return 0;
51}
52

source code of compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp