1b0ddf227b25388ad836e560c00f0aec84026b0e5Alexey Samsonov//===-- asan_test.cc ------------------------------------------------------===//
21e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//
31e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//                     The LLVM Compiler Infrastructure
41e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//
51e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This file is distributed under the University of Illinois Open Source
61e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// License. See LICENSE.TXT for details.
71e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//
81e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//===----------------------------------------------------------------------===//
91e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//
101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This file is a part of AddressSanitizer, an address sanity checker.
111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//
121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//===----------------------------------------------------------------------===//
131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#include "asan_test_utils.h"
141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
15938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_fff(size_t size) {
161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *res = malloc/**/(size); break_optimization(0); return res;}
17938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_eee(size_t size) {
181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *res = malloc_fff(size); break_optimization(0); return res;}
19938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_ddd(size_t size) {
201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *res = malloc_eee(size); break_optimization(0); return res;}
21938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_ccc(size_t size) {
221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *res = malloc_ddd(size); break_optimization(0); return res;}
23938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_bbb(size_t size) {
241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *res = malloc_ccc(size); break_optimization(0); return res;}
25938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_aaa(size_t size) {
261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *res = malloc_bbb(size); break_optimization(0); return res;}
271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
28938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void free_ccc(void *p) { free(p); break_optimization(0);}
29938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void free_bbb(void *p) { free_ccc(p); break_optimization(0);}
30938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void free_aaa(void *p) { free_bbb(p); break_optimization(0);}
311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
322dcf44991a8ec1ca7c8051eb27c5ff158530bdc3Timur Iskhodzhanovtemplate<typename T>
33938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void uaf_test(int size, int off) {
341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *p = (char *)malloc_aaa(size);
351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free_aaa(p);
361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  for (int i = 1; i < 100; i++)
371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    free_aaa(malloc_aaa(i));
381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  fprintf(stderr, "writing %ld byte(s) at %p with offset %d\n",
391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany          (long)sizeof(T), p, off);
401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  asan_write((T*)(p + off));
411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4313ebae606b526399771e9cca1d6a9d24458ad0f1Kostya SerebryanyTEST(AddressSanitizer, HasFeatureAddressSanitizerTest) {
4413ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany#if defined(__has_feature) && __has_feature(address_sanitizer)
4513ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany  bool asan = 1;
46badab16503e025326a46a45da8faa6fd20e5fc3dKostya Serebryany#elif defined(__SANITIZE_ADDRESS__)
47badab16503e025326a46a45da8faa6fd20e5fc3dKostya Serebryany  bool asan = 1;
4813ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany#else
4913ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany  bool asan = 0;
5013ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany#endif
5113ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany  EXPECT_EQ(true, asan);
521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
541e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, SimpleDeathTest) {
551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(exit(1), "");
561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
581e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, VariousMallocsTest) {
591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *a = (int*)malloc(100 * sizeof(int));
601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  a[50] = 0;
611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(a);
621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *r = (int*)malloc(10);
641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  r = (int*)realloc(r, 2000 * sizeof(int));
651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  r[1000] = 0;
661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(r);
671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *b = new int[100];
691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  b[50] = 0;
701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete [] b;
711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *c = new int;
731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *c = 0;
741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete c;
751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
762d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if SANITIZER_TEST_HAS_POSIX_MEMALIGN
771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *pm;
781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int pm_res = posix_memalign((void**)&pm, kPageSize, kPageSize);
791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_EQ(0, pm_res);
801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(pm);
812d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // SANITIZER_TEST_HAS_POSIX_MEMALIGN
821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
832d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if SANITIZER_TEST_HAS_MEMALIGN
841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *ma = (int*)memalign(kPageSize, kPageSize);
8576e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov  EXPECT_EQ(0U, (uintptr_t)ma % kPageSize);
861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  ma[123] = 0;
871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(ma);
882d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // SANITIZER_TEST_HAS_MEMALIGN
891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
911e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, CallocTest) {
921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *a = (int*)calloc(100, sizeof(int));
931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_EQ(0, a[10]);
941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(a);
951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
9705fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey SamsonovTEST(AddressSanitizer, CallocReturnsZeroMem) {
9805fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov  size_t sizes[] = {16, 1000, 10000, 100000, 2100000};
9905fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov  for (size_t s = 0; s < sizeof(sizes)/sizeof(sizes[0]); s++) {
10005fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov    size_t size = sizes[s];
10105fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov    for (size_t iter = 0; iter < 5; iter++) {
10205fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      char *x = Ident((char*)calloc(1, size));
10305fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      EXPECT_EQ(x[0], 0);
10405fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      EXPECT_EQ(x[size - 1], 0);
10505fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      EXPECT_EQ(x[size / 2], 0);
10605fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      EXPECT_EQ(x[size / 3], 0);
10705fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      EXPECT_EQ(x[size / 4], 0);
10805fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      memset(x, 0x42, size);
10905fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      free(Ident(x));
1102d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)
1112d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines      // FIXME: OOM on Windows. We should just make this a lit test
1122d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines      // with quarantine size set to 1.
11305fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov      free(Ident(malloc(Ident(1 << 27))));  // Try to drain the quarantine.
1142d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
11505fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov    }
11605fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov  }
11705fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov}
11805fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov
11931a5cd83406be83bcdb91df03e16816e3af8c615Dan Albert// No valloc on Windows or Android.
12031a5cd83406be83bcdb91df03e16816e3af8c615Dan Albert#if !defined(_WIN32) && !defined(ANDROID) && !defined(__ANDROID__)
1211e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, VallocTest) {
1221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  void *a = valloc(100);
12376e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov  EXPECT_EQ(0U, (uintptr_t)a % kPageSize);
1241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(a);
1251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
1262d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
1271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
1282d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if SANITIZER_TEST_HAS_PVALLOC
1291e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, PvallocTest) {
1301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *a = (char*)pvalloc(kPageSize + 100);
13176e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov  EXPECT_EQ(0U, (uintptr_t)a % kPageSize);
1321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  a[kPageSize + 101] = 1;  // we should not report an error here.
1331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(a);
1341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
1351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  a = (char*)pvalloc(0);  // pvalloc(0) should allocate at least one page.
13676e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov  EXPECT_EQ(0U, (uintptr_t)a % kPageSize);
1371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  a[101] = 1;  // we should not report an error here.
1381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(a);
1391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
1402d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // SANITIZER_TEST_HAS_PVALLOC
1411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
1422d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)
1432d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// FIXME: Use an equivalent of pthread_setspecific on Windows.
1441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *TSDWorker(void *test_key) {
1451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  if (test_key) {
1461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    pthread_setspecific(*(pthread_key_t*)test_key, (void*)0xfeedface);
1471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
1481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return NULL;
1491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
1501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
1511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid TSDDestructor(void *tsd) {
1521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // Spawning a thread will check that the current thread id is not -1.
1531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_t th;
1542697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&th, NULL, TSDWorker, NULL);
1552697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(th, NULL);
1561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
1571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
1581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This tests triggers the thread-specific data destruction fiasco which occurs
1591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// if we don't manage the TSD destructors ourselves. We create a new pthread
1601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// key with a non-NULL destructor which is likely to be put after the destructor
1611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// of AsanThread in the list of destructors.
1621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// In this case the TSD for AsanThread will be destroyed before TSDDestructor
1631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// is called for the child thread, and a CHECK will fail when we call
1641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// pthread_create() to spawn the grandchild.
1651e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_TSDTest) {
1661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_t th;
1671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_key_t test_key;
1681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_key_create(&test_key, TSDDestructor);
1692697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&th, NULL, TSDWorker, &test_key);
1702697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(th, NULL);
1711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_key_delete(test_key);
1721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
1732d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
1741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
1751e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, UAF_char) {
176ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany  const char *uaf_string = "AddressSanitizer:.*heap-use-after-free";
1771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(uaf_test<U1>(1, 0), uaf_string);
1781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(uaf_test<U1>(10, 0), uaf_string);
1791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(uaf_test<U1>(10, 10), uaf_string);
1801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(uaf_test<U1>(kLargeMalloc, 0), uaf_string);
1811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(uaf_test<U1>(kLargeMalloc, kLargeMalloc / 2), uaf_string);
1821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
1831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
184366984e3aa286f7b4fb45f5c9e703f2768c407edKostya SerebryanyTEST(AddressSanitizer, UAF_long_double) {
1857f4df1a0e1e1b2ace94d4d78b03c222887dbb00cKostya Serebryany  if (sizeof(long double) == sizeof(double)) return;
186366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  long double *p = Ident(new long double[10]);
1872d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(Ident(p)[12] = 0, "WRITE of size 1[026]");
1882d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(Ident(p)[0] = Ident(p)[12], "READ of size 1[026]");
189366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  delete [] Ident(p);
190366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany}
191366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany
1922d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)
193366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryanystruct Packed5 {
194366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  int x;
195366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  char c;
196366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany} __attribute__((packed));
1972d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#else
1982d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# pragma pack(push, 1)
1992d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesstruct Packed5 {
2002d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  int x;
2012d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  char c;
2022d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines};
2032d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# pragma pack(pop)
2042d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
205366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany
206366984e3aa286f7b4fb45f5c9e703f2768c407edKostya SerebryanyTEST(AddressSanitizer, UAF_Packed5) {
2072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  static_assert(sizeof(Packed5) == 5, "Please check the keywords used");
208366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  Packed5 *p = Ident(new Packed5[2]);
209366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  EXPECT_DEATH(p[0] = p[3], "READ of size 5");
210366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  EXPECT_DEATH(p[3] = p[0], "WRITE of size 5");
211366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany  delete [] Ident(p);
212366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany}
213366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany
2141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#if ASAN_HAS_BLACKLIST
2151e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, IgnoreTest) {
2161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *x = Ident(new int);
2171e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete Ident(x);
2181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *x = 0;
2191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
2201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif  // ASAN_HAS_BLACKLIST
2211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystruct StructWithBitField {
2231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int bf1:1;
2241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int bf2:1;
2251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int bf3:1;
2261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int bf4:29;
2271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany};
2281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2291e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, BitFieldPositiveTest) {
2301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  StructWithBitField *x = new StructWithBitField;
2311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete Ident(x);
2321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(x->bf1 = 0, "use-after-free");
2331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(x->bf2 = 0, "use-after-free");
2341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(x->bf3 = 0, "use-after-free");
2351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(x->bf4 = 0, "use-after-free");
23676e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov}
2371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystruct StructWithBitFields_8_24 {
2391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int a:8;
2401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int b:24;
2411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany};
2421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2431e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, BitFieldNegativeTest) {
2441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  StructWithBitFields_8_24 *x = Ident(new StructWithBitFields_8_24);
2451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x->a = 0;
2461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x->b = 0;
2471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete Ident(x);
2481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
2491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#if ASAN_NEEDS_SEGV
25158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenkonamespace {
25258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko
253ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryanyconst char kUnknownCrash[] = "AddressSanitizer: SEGV on unknown address";
25458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenkoconst char kOverriddenHandler[] = "ASan signal handler has been overridden\n";
25558b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko
2561e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, WildAddressTest) {
2571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *c = (char*)0x123;
25858b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  EXPECT_DEATH(*c = 0, kUnknownCrash);
25958b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko}
26058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko
26158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenkovoid my_sigaction_sighandler(int, siginfo_t*, void*) {
26258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  fprintf(stderr, kOverriddenHandler);
26358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  exit(1);
26458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko}
26558b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko
266b0ddf227b25388ad836e560c00f0aec84026b0e5Alexey Samsonovvoid my_signal_sighandler(int signum) {
26758b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  fprintf(stderr, kOverriddenHandler);
26858b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  exit(1);
26958b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko}
27058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko
27158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander PotapenkoTEST(AddressSanitizer, SignalTest) {
27258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  struct sigaction sigact;
27358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  memset(&sigact, 0, sizeof(sigact));
27458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  sigact.sa_sigaction = my_sigaction_sighandler;
27558b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  sigact.sa_flags = SA_SIGINFO;
27658b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  // ASan should silently ignore sigaction()...
27758b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  EXPECT_EQ(0, sigaction(SIGSEGV, &sigact, 0));
27858b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko#ifdef __APPLE__
27958b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  EXPECT_EQ(0, sigaction(SIGBUS, &sigact, 0));
28058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko#endif
28158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  char *c = (char*)0x123;
28258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  EXPECT_DEATH(*c = 0, kUnknownCrash);
28358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  // ... and signal().
28458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  EXPECT_EQ(0, signal(SIGSEGV, my_signal_sighandler));
28558b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko  EXPECT_DEATH(*c = 0, kUnknownCrash);
28658b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko}
287b0ddf227b25388ad836e560c00f0aec84026b0e5Alexey Samsonov}  // namespace
2881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif
2891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystatic void TestLargeMalloc(size_t size) {
2911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char buff[1024];
2921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  sprintf(buff, "is located 1 bytes to the left of %lu-byte", (long)size);
2931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(Ident((char*)malloc(size))[-1] = 0, buff);
2941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
2951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
2961e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, LargeMallocTest) {
29700545a3625aaa765eef2da9b3e197a0e00e94550Evgeniy Stepanov  const int max_size = (SANITIZER_WORDSIZE == 32) ? 1 << 26 : 1 << 28;
29800545a3625aaa765eef2da9b3e197a0e00e94550Evgeniy Stepanov  for (int i = 113; i < max_size; i = i * 2 + 13) {
2991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    TestLargeMalloc(i);
3001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
3011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
3021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
3031e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, HugeMallocTest) {
3042d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  if (SANITIZER_WORDSIZE != 64 || ASAN_AVOID_EXPENSIVE_TESTS) return;
305d39a34ee33aae73fdde065f784bdc19f67b91ae2Kostya Serebryany  size_t n_megs = 4100;
3062d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(Ident((char*)malloc(n_megs << 20))[-1] = 0,
3072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines               "is located 1 bytes to the left|"
3082d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines               "AddressSanitizer failed to allocate");
3091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
3101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
3112d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if SANITIZER_TEST_HAS_MEMALIGN
312c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryanyvoid MemalignRun(size_t align, size_t size, int idx) {
313c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany  char *p = (char *)memalign(align, size);
314c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany  Ident(p)[idx] = 0;
315c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany  free(p);
316c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany}
317c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany
318c311105fd64219bb96b6467c3707ebda355be87bKostya SerebryanyTEST(AddressSanitizer, memalign) {
319c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany  for (int align = 16; align <= (1 << 23); align *= 2) {
320c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany    size_t size = align * 5;
321c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany    EXPECT_DEATH(MemalignRun(align, size, -1),
322c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany                 "is located 1 bytes to the left");
323c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany    EXPECT_DEATH(MemalignRun(align, size, size + 1),
324c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany                 "is located 1 bytes to the right");
325c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany  }
326c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany}
3272d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // SANITIZER_TEST_HAS_MEMALIGN
328c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany
3291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ManyThreadsWorker(void *a) {
3301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  for (int iter = 0; iter < 100; iter++) {
3311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    for (size_t size = 100; size < 2000; size *= 2) {
3321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany      free(Ident(malloc(size)));
3331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    }
3341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
3351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return 0;
3361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
3371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
3381e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ManyThreadsTest) {
3392697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  const size_t kNumThreads =
3402697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany      (SANITIZER_WORDSIZE == 32 || ASAN_AVOID_EXPENSIVE_TESTS) ? 30 : 1000;
3411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_t t[kNumThreads];
3421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  for (size_t i = 0; i < kNumThreads; i++) {
3432697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany    PTHREAD_CREATE(&t[i], 0, ManyThreadsWorker, (void*)i);
3441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
3451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  for (size_t i = 0; i < kNumThreads; i++) {
3462697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany    PTHREAD_JOIN(t[i], 0);
3471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
3481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
3491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
3501e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ReallocTest) {
3511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  const int kMinElem = 5;
3521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *ptr = (int*)malloc(sizeof(int) * kMinElem);
3531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  ptr[3] = 3;
3541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  for (int i = 0; i < 10000; i++) {
3551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    ptr = (int*)realloc(ptr,
35648ddbef1d051875b2d0b204e8d78300b58d80a85Evgeniy Stepanov        (my_rand() % 1000 + kMinElem) * sizeof(int));
3571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    EXPECT_EQ(3, ptr[3]);
3581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
359a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  free(ptr);
360a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  // Realloc pointer returned by malloc(0).
361a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  int *ptr2 = Ident((int*)malloc(0));
362a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  ptr2 = Ident((int*)realloc(ptr2, sizeof(*ptr2)));
363a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  *ptr2 = 42;
364a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  EXPECT_EQ(42, *ptr2);
365a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov  free(ptr2);
3661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
3671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
36841d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur IskhodzhanovTEST(AddressSanitizer, ReallocFreedPointerTest) {
36941d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov  void *ptr = Ident(malloc(42));
37041d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov  ASSERT_TRUE(NULL != ptr);
37141d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov  free(ptr);
37241d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov  EXPECT_DEATH(ptr = realloc(ptr, 77), "attempting double-free");
37341d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov}
37441d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov
37541d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur IskhodzhanovTEST(AddressSanitizer, ReallocInvalidPointerTest) {
37641d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov  void *ptr = Ident(malloc(42));
37741d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov  EXPECT_DEATH(ptr = realloc((int*)ptr + 1, 77), "attempting free.*not malloc");
3782ec879ebd7261c9182d4fdee95fb615439dda67dAlexey Samsonov  free(ptr);
37941d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov}
38041d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov
381d91699339fd7e022aef0eaa8f401af0f8942068bAlexey SamsonovTEST(AddressSanitizer, ZeroSizeMallocTest) {
382d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  // Test that malloc(0) and similar functions don't return NULL.
383d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  void *ptr = Ident(malloc(0));
384a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov  EXPECT_TRUE(NULL != ptr);
385d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  free(ptr);
3862d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if SANITIZER_TEST_HAS_POSIX_MEMALIGN
387d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  int pm_res = posix_memalign(&ptr, 1<<20, 0);
388d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  EXPECT_EQ(0, pm_res);
389a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov  EXPECT_TRUE(NULL != ptr);
390d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  free(ptr);
3912d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // SANITIZER_TEST_HAS_POSIX_MEMALIGN
392a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov  int *int_ptr = new int[0];
393d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  int *int_ptr2 = new int[0];
394a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov  EXPECT_TRUE(NULL != int_ptr);
395a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov  EXPECT_TRUE(NULL != int_ptr2);
396a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov  EXPECT_NE(int_ptr, int_ptr2);
397d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  delete[] int_ptr;
398d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov  delete[] int_ptr2;
399d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov}
400d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov
4012d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE
4024fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonovstatic const char *kMallocUsableSizeErrorMsg =
403ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany  "AddressSanitizer: attempting to call malloc_usable_size()";
4044fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov
4054fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey SamsonovTEST(AddressSanitizer, MallocUsableSizeTest) {
4064fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  const size_t kArraySize = 100;
4074fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  char *array = Ident((char*)malloc(kArraySize));
4084fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  int *int_ptr = Ident(new int);
40976e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov  EXPECT_EQ(0U, malloc_usable_size(NULL));
4104fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  EXPECT_EQ(kArraySize, malloc_usable_size(array));
4114fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  EXPECT_EQ(sizeof(int), malloc_usable_size(int_ptr));
4124fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  EXPECT_DEATH(malloc_usable_size((void*)0x123), kMallocUsableSizeErrorMsg);
4134fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  EXPECT_DEATH(malloc_usable_size(array + kArraySize / 2),
4144fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov               kMallocUsableSizeErrorMsg);
4154fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  free(array);
4164fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov  EXPECT_DEATH(malloc_usable_size(array), kMallocUsableSizeErrorMsg);
4172ec879ebd7261c9182d4fdee95fb615439dda67dAlexey Samsonov  delete int_ptr;
4184fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov}
4192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE
4204fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov
4211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid WrongFree() {
4221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *x = (int*)malloc(100 * sizeof(int));
4231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // Use the allocated memory, otherwise Clang will optimize it out.
4241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  Ident(x);
4251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(x + 1);
4261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
4271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4282d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)  // FIXME: This should be a lit test.
4291e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, WrongFreeTest) {
4307dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov  EXPECT_DEATH(WrongFree(), ASAN_PCRE_DOTALL
4317dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov               "ERROR: AddressSanitizer: attempting free.*not malloc"
4327dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov               ".*is located 4 bytes inside of 400-byte region"
4337dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov               ".*allocated by thread");
4341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
4352d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
4361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid DoubleFree() {
4381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *x = (int*)malloc(100 * sizeof(int));
4391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  fprintf(stderr, "DoubleFree: x=%p\n", x);
4401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(x);
4411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(x);
4421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  fprintf(stderr, "should have failed in the second free(%p)\n", x);
4431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  abort();
4441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
4451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4462d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)  // FIXME: This should be a lit test.
4471e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DoubleFreeTest) {
44827f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany  EXPECT_DEATH(DoubleFree(), ASAN_PCRE_DOTALL
449ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany               "ERROR: AddressSanitizer: attempting double-free"
45027f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany               ".*is located 0 bytes inside of 400-byte region"
45127f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany               ".*freed by thread T0 here"
45227f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany               ".*previously allocated by thread T0 here");
4531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
4542d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
4551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanytemplate<int kSize>
457938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void SizedStackTest() {
4581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char a[kSize];
4591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char  *A = Ident((char*)&a);
4602d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  const char *expected_death = "AddressSanitizer: stack-buffer-";
4611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  for (size_t i = 0; i < kSize; i++)
4621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    A[i] = i;
4632d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(A[-1] = 0, expected_death);
4642d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(A[-5] = 0, expected_death);
4652d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(A[kSize] = 0, expected_death);
4662d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(A[kSize + 1] = 0, expected_death);
4672d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  EXPECT_DEATH(A[kSize + 5] = 0, expected_death);
4682d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  if (kSize > 16)
4692d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines    EXPECT_DEATH(A[kSize + 31] = 0, expected_death);
4701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
4711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4721e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, SimpleStackTest) {
4731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<1>();
4741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<2>();
4751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<3>();
4761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<4>();
4771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<5>();
4781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<6>();
4791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<7>();
4801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<16>();
4811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<25>();
4821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<34>();
4831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<43>();
4841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<51>();
4851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<62>();
4861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<64>();
4871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  SizedStackTest<128>();
4881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
4891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
4902d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)
4912d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// FIXME: It's a bit hard to write multi-line death test expectations
4922d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// in a portable way.  Anyways, this should just be turned into a lit test.
4931e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ManyStackObjectsTest) {
4941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char XXX[10];
4951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char YYY[20];
4961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char ZZZ[30];
4971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  Ident(XXX);
4981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  Ident(YYY);
4991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(Ident(ZZZ)[-1] = 0, ASAN_PCRE_DOTALL "XXX.*YYY.*ZZZ");
5001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5012d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
5021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
50350f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany#if 0  // This test requires online symbolizer.
50450f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany// Moved to lit_tests/stack-oob-frames.cc.
50550f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany// Reenable here once we have online symbolizer by default.
506938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame0(int frame, char *a, char *b, char *c) {
5071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char d[4] = {0};
5081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *D = Ident(d);
5091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  switch (frame) {
5101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    case 3: a[5]++; break;
5111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    case 2: b[5]++; break;
5121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    case 1: c[5]++; break;
5131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    case 0: D[5]++; break;
5141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
5151e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
516938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame1(int frame, char *a, char *b) {
5171e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char c[4] = {0}; Frame0(frame, a, b, c);
5181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  break_optimization(0);
5191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
520938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame2(int frame, char *a) {
5211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char b[4] = {0}; Frame1(frame, a, b);
5221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  break_optimization(0);
5231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
524938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame3(int frame) {
5251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char a[4] = {0}; Frame2(frame, a);
5261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  break_optimization(0);
5271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
5291e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame0Test) {
5301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(Frame3(0), "located .*in frame <.*Frame0");
5311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5321e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame1Test) {
5331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(Frame3(1), "located .*in frame <.*Frame1");
5341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5351e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame2Test) {
5361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(Frame3(2), "located .*in frame <.*Frame2");
5371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5381e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame3Test) {
5391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(Frame3(3), "located .*in frame <.*Frame3");
5401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
54150f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany#endif
5421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
543938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void LongJmpFunc1(jmp_buf buf) {
5441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // create three red zones for these two stack objects.
5451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int a;
5461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int b;
5471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
5481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *A = Ident(&a);
5491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *B = Ident(&b);
5501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *A = *B;
5511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  longjmp(buf, 1);
5521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
5542d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen HinesNOINLINE void TouchStackFunc() {
5552d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  int a[100];  // long array will intersect with redzones from LongJmpFunc1.
5562d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  int *A = Ident(a);
5572d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  for (int i = 0; i < 100; i++)
5582d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines    A[i] = i*i;
5592d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines}
5602d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines
5612d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// Test that we handle longjmp and do not report false positives on stack.
5622d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen HinesTEST(AddressSanitizer, LongJmpTest) {
5632d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  static jmp_buf buf;
5642d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  if (!setjmp(buf)) {
5652d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines    LongJmpFunc1(buf);
5662d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  } else {
5672d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines    TouchStackFunc();
5682d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  }
5692d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines}
5702d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines
5712d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)  // Only basic longjmp is available on Windows.
572d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya SerebryanyNOINLINE void BuiltinLongJmpFunc1(jmp_buf buf) {
573d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  // create three red zones for these two stack objects.
574d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  int a;
575d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  int b;
576d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany
577d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  int *A = Ident(&a);
578d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  int *B = Ident(&b);
579d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  *A = *B;
580d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  __builtin_longjmp((void**)buf, 1);
581d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany}
582d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany
583938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void UnderscopeLongJmpFunc1(jmp_buf buf) {
5841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // create three red zones for these two stack objects.
5851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int a;
5861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int b;
5871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
5881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *A = Ident(&a);
5891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *B = Ident(&b);
5901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *A = *B;
5911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  _longjmp(buf, 1);
5921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
5931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
594938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void SigLongJmpFunc1(sigjmp_buf buf) {
5951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // create three red zones for these two stack objects.
5961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int a;
5971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int b;
5981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
5991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *A = Ident(&a);
6001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *B = Ident(&b);
6011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *A = *B;
6021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  siglongjmp(buf, 1);
6031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6050bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany#if !defined(__ANDROID__) && \
6060bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany    !defined(__powerpc64__) && !defined(__powerpc__)
6070bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany// Does not work on Power:
6080bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany// https://code.google.com/p/address-sanitizer/issues/detail?id=185
609c3a5c173f228cbb15e332e6bbc17c76ebd55d7a8Kostya SerebryanyTEST(AddressSanitizer, BuiltinLongJmpTest) {
610d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  static jmp_buf buf;
611c3a5c173f228cbb15e332e6bbc17c76ebd55d7a8Kostya Serebryany  if (!__builtin_setjmp((void**)buf)) {
612d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany    BuiltinLongJmpFunc1(buf);
613d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  } else {
614d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany    TouchStackFunc();
615d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany  }
616d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany}
6172d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif  // !defined(__ANDROID__) && !defined(__powerpc64__) &&
6182d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines        // !defined(__powerpc__)
619d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany
6201e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, UnderscopeLongJmpTest) {
6211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  static jmp_buf buf;
6221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  if (!_setjmp(buf)) {
6231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    UnderscopeLongJmpFunc1(buf);
6241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  } else {
6251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    TouchStackFunc();
6261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
6271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6291e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, SigLongJmpTest) {
6301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  static sigjmp_buf buf;
6311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  if (!sigsetjmp(buf, 1)) {
6321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    SigLongJmpFunc1(buf);
6331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  } else {
6341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    TouchStackFunc();
6351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  }
6361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6372d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
6381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6392d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// FIXME: Why does clang-cl define __EXCEPTIONS?
6402d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if defined(__EXCEPTIONS) && !defined(_WIN32)
641938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void ThrowFunc() {
6421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // create three red zones for these two stack objects.
6431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int a;
6441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int b;
6451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *A = Ident(&a);
6471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *B = Ident(&b);
6481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *A = *B;
6491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  ASAN_THROW(1);
6501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6521e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, CxxExceptionTest) {
6531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  if (ASAN_UAR) return;
6541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // TODO(kcc): this test crashes on 32-bit for some reason...
6555af39e50366f1aacbebc284f572f08ad1ad07357Kostya Serebryany  if (SANITIZER_WORDSIZE == 32) return;
6561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  try {
6571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    ThrowFunc();
6581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  } catch(...) {}
6591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  TouchStackFunc();
6601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif
6621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadStackReuseFunc1(void *unused) {
6641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  // create three red zones for these two stack objects.
6651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int a;
6661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int b;
6671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *A = Ident(&a);
6691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *B = Ident(&b);
6701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *A = *B;
6711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_exit(0);
6721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return 0;
6731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadStackReuseFunc2(void *unused) {
6761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  TouchStackFunc();
6771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return 0;
6781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
6801e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ThreadStackReuseTest) {
6811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_t t;
6822697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&t, 0, ThreadStackReuseFunc1, 0);
6832697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(t, 0);
6842697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&t, 0, ThreadStackReuseFunc2, 0);
6852697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(t, 0);
6861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
6871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
688b37127085cbcc79f5f859bfab8e7204201c18287Kostya Serebryany#if defined(__i686__) || defined(__x86_64__)
689b37127085cbcc79f5f859bfab8e7204201c18287Kostya Serebryany#include <emmintrin.h>
6901e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, Store128Test) {
6911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *a = Ident((char*)malloc(Ident(12)));
6921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *p = a;
6931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  if (((uintptr_t)a % 16) != 0)
6941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany    p = a + 8;
6951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  assert(((uintptr_t)p % 16) == 0);
6961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  __m128i value_wide = _mm_set1_epi16(0x1234);
6971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(_mm_store_si128((__m128i*)p, value_wide),
698ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany               "AddressSanitizer: heap-buffer-overflow");
699acd5c617b219e0f059620c2a3928d2cc821d4534Kostya Serebryany  EXPECT_DEATH(_mm_store_si128((__m128i*)p, value_wide),
7001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               "WRITE of size 16");
7011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(_mm_store_si128((__m128i*)p, value_wide),
7021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               "located 0 bytes to the right of 12-byte");
7031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(a);
7041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
7051e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif
7061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
7072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// FIXME: All tests that use this function should be turned into lit tests.
7086cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring RightOOBErrorMessage(int oob_distance, bool is_write) {
7091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  assert(oob_distance >= 0);
7101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char expected_str[100];
7111b057b20db71ec6cc2bac460c8b2848f0889d47dKostya Serebryany  sprintf(expected_str, ASAN_PCRE_DOTALL
7122d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !GTEST_USES_SIMPLE_RE
7132d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          "buffer-overflow.*%s.*"
7142d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
7152d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          "located %d bytes to the right",
7162d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !GTEST_USES_SIMPLE_RE
7172d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          is_write ? "WRITE" : "READ",
7182d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
7192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          oob_distance);
7201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return string(expected_str);
7211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
7221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
7236cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring RightOOBWriteMessage(int oob_distance) {
724ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko  return RightOOBErrorMessage(oob_distance, /*is_write*/true);
725ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko}
726ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko
7276cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring RightOOBReadMessage(int oob_distance) {
728ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko  return RightOOBErrorMessage(oob_distance, /*is_write*/false);
729ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko}
730ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko
7312d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// FIXME: All tests that use this function should be turned into lit tests.
7326cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBErrorMessage(int oob_distance, bool is_write) {
7331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  assert(oob_distance > 0);
7341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char expected_str[100];
7352d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines  sprintf(expected_str,
7362d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !GTEST_USES_SIMPLE_RE
7372d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          ASAN_PCRE_DOTALL "%s.*"
7382d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
7392d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          "located %d bytes to the left",
7402d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !GTEST_USES_SIMPLE_RE
7412d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          is_write ? "WRITE" : "READ",
7422d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
7432d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines          oob_distance);
7441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return string(expected_str);
7451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
7461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
7476cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBWriteMessage(int oob_distance) {
748ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko  return LeftOOBErrorMessage(oob_distance, /*is_write*/true);
749ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko}
750ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko
7516cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBReadMessage(int oob_distance) {
752ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko  return LeftOOBErrorMessage(oob_distance, /*is_write*/false);
753ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko}
754ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko
7556cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBAccessMessage(int oob_distance) {
756ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko  assert(oob_distance > 0);
757ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko  char expected_str[100];
758ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko  sprintf(expected_str, "located %d bytes to the left", oob_distance);
759ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko  return string(expected_str);
760ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko}
761ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko
7626cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanychar* MallocAndMemsetString(size_t size, char ch) {
76344997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany  char *s = Ident((char*)malloc(size));
76444997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany  memset(s, ch, size);
76544997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany  return s;
76644997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany}
7676cbfae439b81221d2250ffe0331958f130259755Kostya Serebryany
7686cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanychar* MallocAndMemsetString(size_t size) {
76944997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany  return MallocAndMemsetString(size, 'z');
77044997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany}
77144997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany
772ca2849c2819b5c7a8771a1e8bc449cf8f5ef6527Alexey Samsonov#if defined(__linux__) && !defined(ANDROID) && !defined(__ANDROID__)
773c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany#define READ_TEST(READ_N_BYTES)                                          \
774c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  char *x = new char[10];                                                \
775c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  int fd = open("/proc/self/stat", O_RDONLY);                            \
776c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  ASSERT_GT(fd, 0);                                                      \
777c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  EXPECT_DEATH(READ_N_BYTES,                                             \
778c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany               ASAN_PCRE_DOTALL                                          \
779c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany               "AddressSanitizer: heap-buffer-overflow"                  \
780c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany               ".* is located 0 bytes to the right of 10-byte region");  \
781c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  close(fd);                                                             \
782c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  delete [] x;                                                           \
783c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany
7848530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya SerebryanyTEST(AddressSanitizer, pread) {
785c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  READ_TEST(pread(fd, x, 15, 0));
7868530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany}
7878530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany
7888530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya SerebryanyTEST(AddressSanitizer, pread64) {
789c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  READ_TEST(pread64(fd, x, 15, 0));
7908530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany}
7918530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany
7928530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya SerebryanyTEST(AddressSanitizer, read) {
793c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany  READ_TEST(read(fd, x, 15));
794c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany}
795ca2849c2819b5c7a8771a1e8bc449cf8f5ef6527Alexey Samsonov#endif  // defined(__linux__) && !defined(ANDROID) && !defined(__ANDROID__)
7968530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany
7971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This test case fails
7981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Clang optimizes memcpy/memset calls which lead to unaligned access
7991e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_MemIntrinsicUnalignedAccessTest) {
8001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int size = Ident(4096);
8011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *s = Ident((char*)malloc(size));
802ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko  EXPECT_DEATH(memset(s + size - 1, 0, 2), RightOOBWriteMessage(0));
8031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free(s);
8041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8051e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// TODO(samsonov): Add a test with malloc(0)
8071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// TODO(samsonov): Add tests for str* and mem* functions.
8081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
809938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static int LargeFunction(bool do_bad_access) {
8101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *x = new int[100];
8111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[0]++;
8121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[1]++;
8131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[2]++;
8141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[3]++;
8151e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[4]++;
8161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[5]++;
8171e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[6]++;
8181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[7]++;
8191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[8]++;
8201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[9]++;
8211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[do_bad_access ? 100 : 0]++; int res = __LINE__;
8231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[10]++;
8251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[11]++;
8261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[12]++;
8271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[13]++;
8281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[14]++;
8291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[15]++;
8301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[16]++;
8311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[17]++;
8321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[18]++;
8331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  x[19]++;
8341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete x;
8361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return res;
8371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Test the we have correct debug info for the failing instruction.
8401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This test requires the in-process symbolizer to be enabled by default.
8411e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_LargeFunctionSymbolizeTest) {
8421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int failing_line = LargeFunction(false);
8431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char expected_warning[128];
8445a15541fc2bbe46a5ce0cd802b5c1055f2ffb14eKostya Serebryany  sprintf(expected_warning, "LargeFunction.*asan_test.*:%d", failing_line);
8451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(LargeFunction(true), expected_warning);
8461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Check that we unwind and symbolize correctly.
8491e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_MallocFreeUnwindAndSymbolizeTest) {
8501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *a = (int*)malloc_aaa(sizeof(int));
8511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *a = 1;
8521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free_aaa(a);
8531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(*a = 1, "free_ccc.*free_bbb.*free_aaa.*"
8541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               "malloc_fff.*malloc_eee.*malloc_ddd");
8551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
857b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryanystatic bool TryToSetThreadName(const char *name) {
858b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany#if defined(__linux__) && defined(PR_SET_NAME)
859b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  return 0 == prctl(PR_SET_NAME, (unsigned long)name, 0, 0, 0);
860b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany#else
861b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  return false;
862716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany#endif
863716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany}
864716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany
8651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadedTestAlloc(void *a) {
866b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  EXPECT_EQ(true, TryToSetThreadName("AllocThr"));
8671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int **p = (int**)a;
8681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *p = new int;
8691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return 0;
8701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadedTestFree(void *a) {
873b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  EXPECT_EQ(true, TryToSetThreadName("FreeThr"));
8741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int **p = (int**)a;
8751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  delete *p;
8761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return 0;
8771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadedTestUse(void *a) {
880b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  EXPECT_EQ(true, TryToSetThreadName("UseThr"));
8811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int **p = (int**)a;
8821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  **p = 1;
8831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  return 0;
8841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid ThreadedTestSpawn() {
8871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  pthread_t t;
8881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  int *x;
8892697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&t, 0, ThreadedTestAlloc, &x);
8902697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(t, 0);
8912697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&t, 0, ThreadedTestFree, &x);
8922697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(t, 0);
8932697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_CREATE(&t, 0, ThreadedTestUse, &x);
8942697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany  PTHREAD_JOIN(t, 0);
8951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
8961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
8972d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#if !defined(_WIN32)  // FIXME: This should be a lit test.
8981e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ThreadedTest) {
8991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  EXPECT_DEATH(ThreadedTestSpawn(),
9001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               ASAN_PCRE_DOTALL
9011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               "Thread T.*created"
9021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               ".*Thread T.*created"
9031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany               ".*Thread T.*created");
9041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
9052d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif
9061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
907b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryanyvoid *ThreadedTestFunc(void *unused) {
908b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  // Check if prctl(PR_SET_NAME) is supported. Return if not.
909b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  if (!TryToSetThreadName("TestFunc"))
910b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany    return 0;
911716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany  EXPECT_DEATH(ThreadedTestSpawn(),
912716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany               ASAN_PCRE_DOTALL
913a390ece58317a25ef26866cef6753df4b06a3e65Kostya Serebryany               "WRITE .*thread T. .UseThr."
914a390ece58317a25ef26866cef6753df4b06a3e65Kostya Serebryany               ".*freed by thread T. .FreeThr. here:"
915a390ece58317a25ef26866cef6753df4b06a3e65Kostya Serebryany               ".*previously allocated by thread T. .AllocThr. here:"
916b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany               ".*Thread T. .UseThr. created by T.*TestFunc"
917b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany               ".*Thread T. .FreeThr. created by T"
918b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany               ".*Thread T. .AllocThr. created by T"
919716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany               "");
920b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  return 0;
921b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany}
922b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany
923b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya SerebryanyTEST(AddressSanitizer, ThreadNamesTest) {
924b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  // Run ThreadedTestFunc in a separate thread because it tries to set a
925b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  // thread name and we don't want to change the main thread's name.
926b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  pthread_t t;
927b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  PTHREAD_CREATE(&t, 0, ThreadedTestFunc, 0);
928b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany  PTHREAD_JOIN(t, 0);
929716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany}
930716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany
9311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#if ASAN_NEEDS_SEGV
9321e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ShadowGapTest) {
9335af39e50366f1aacbebc284f572f08ad1ad07357Kostya Serebryany#if SANITIZER_WORDSIZE == 32
9341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *addr = (char*)0x22000000;
9351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#else
9369277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany# if defined(__powerpc64__)
9379277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany  char *addr = (char*)0x024000800000;
9389277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany# else
9391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *addr = (char*)0x0000100000080000;
9409277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany# endif
9411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif
942ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany  EXPECT_DEATH(*addr = 1, "AddressSanitizer: SEGV on unknown");
9431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
9441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif  // ASAN_NEEDS_SEGV
9451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany
9461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyextern "C" {
947938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void UseThenFreeThenUse() {
9481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  char *x = Ident((char*)malloc(8));
9491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *x = 1;
9501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  free_aaa(x);
9511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany  *x = 2;
9521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}
9531e172b4bdec57329bf904f063a29f99cddf2d85f