asan_test.cc revision 05fa3808f6ac96023cdf583a1a1b7220e5b451b8
1b0ddf227b25388ad836e560c00f0aec84026b0e5Alexey Samsonov//===-- asan_test.cc ------------------------------------------------------===// 21e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// 31e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// The LLVM Compiler Infrastructure 41e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// 51e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This file is distributed under the University of Illinois Open Source 61e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// License. See LICENSE.TXT for details. 71e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// 81e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//===----------------------------------------------------------------------===// 91e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// 101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This file is a part of AddressSanitizer, an address sanity checker. 111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// 121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany//===----------------------------------------------------------------------===// 131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#include "asan_test_utils.h" 141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 15938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_fff(size_t size) { 161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = malloc/**/(size); break_optimization(0); return res;} 17938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_eee(size_t size) { 181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = malloc_fff(size); break_optimization(0); return res;} 19938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_ddd(size_t size) { 201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = malloc_eee(size); break_optimization(0); return res;} 21938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_ccc(size_t size) { 221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = malloc_ddd(size); break_optimization(0); return res;} 23938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_bbb(size_t size) { 241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = malloc_ccc(size); break_optimization(0); return res;} 25938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *malloc_aaa(size_t size) { 261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = malloc_bbb(size); break_optimization(0); return res;} 271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#ifndef __APPLE__ 29938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *memalign_fff(size_t alignment, size_t size) { 301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = memalign/**/(alignment, size); break_optimization(0); return res;} 31938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *memalign_eee(size_t alignment, size_t size) { 321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = memalign_fff(alignment, size); break_optimization(0); return res;} 33938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *memalign_ddd(size_t alignment, size_t size) { 341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = memalign_eee(alignment, size); break_optimization(0); return res;} 35938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *memalign_ccc(size_t alignment, size_t size) { 361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = memalign_ddd(alignment, size); break_optimization(0); return res;} 37938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *memalign_bbb(size_t alignment, size_t size) { 381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = memalign_ccc(alignment, size); break_optimization(0); return res;} 39938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void *memalign_aaa(size_t alignment, size_t size) { 401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *res = memalign_bbb(alignment, size); break_optimization(0); return res;} 411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif // __APPLE__ 421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 44938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void free_ccc(void *p) { free(p); break_optimization(0);} 45938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void free_bbb(void *p) { free_ccc(p); break_optimization(0);} 46938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void free_aaa(void *p) { free_bbb(p); break_optimization(0);} 471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 492dcf44991a8ec1ca7c8051eb27c5ff158530bdc3Timur Iskhodzhanovtemplate<typename T> 50938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void uaf_test(int size, int off) { 511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *p = (char *)malloc_aaa(size); 521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free_aaa(p); 531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 1; i < 100; i++) 541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free_aaa(malloc_aaa(i)); 551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany fprintf(stderr, "writing %ld byte(s) at %p with offset %d\n", 561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany (long)sizeof(T), p, off); 571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany asan_write((T*)(p + off)); 581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6013ebae606b526399771e9cca1d6a9d24458ad0f1Kostya SerebryanyTEST(AddressSanitizer, HasFeatureAddressSanitizerTest) { 6113ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany#if defined(__has_feature) && __has_feature(address_sanitizer) 6213ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany bool asan = 1; 63badab16503e025326a46a45da8faa6fd20e5fc3dKostya Serebryany#elif defined(__SANITIZE_ADDRESS__) 64badab16503e025326a46a45da8faa6fd20e5fc3dKostya Serebryany bool asan = 1; 6513ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany#else 6613ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany bool asan = 0; 6713ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany#endif 6813ebae606b526399771e9cca1d6a9d24458ad0f1Kostya Serebryany EXPECT_EQ(true, asan); 691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 711e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, SimpleDeathTest) { 721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(exit(1), ""); 731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 751e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, VariousMallocsTest) { 761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *a = (int*)malloc(100 * sizeof(int)); 771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany a[50] = 0; 781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(a); 791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *r = (int*)malloc(10); 811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany r = (int*)realloc(r, 2000 * sizeof(int)); 821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany r[1000] = 0; 831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(r); 841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *b = new int[100]; 861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany b[50] = 0; 871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete [] b; 881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *c = new int; 901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *c = 0; 911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete c; 921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 93e0e9eea99d7a81a15c4bb15ff2e5ebd92b50817bEvgeniy Stepanov#if !defined(__APPLE__) && !defined(ANDROID) && !defined(__ANDROID__) 941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *pm; 951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int pm_res = posix_memalign((void**)&pm, kPageSize, kPageSize); 961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(0, pm_res); 971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(pm); 987274eafceb832e1088f30b71652992787ba8c456Evgeniy Stepanov#endif 991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1004dd8ba8238b1b698953628affe6e5b2edf3b3e3fAlexey Samsonov#if !defined(__APPLE__) 1011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *ma = (int*)memalign(kPageSize, kPageSize); 10276e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov EXPECT_EQ(0U, (uintptr_t)ma % kPageSize); 1031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ma[123] = 0; 1041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(ma); 1051e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif // __APPLE__ 1061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1081e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, CallocTest) { 1091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *a = (int*)calloc(100, sizeof(int)); 1101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(0, a[10]); 1111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(a); 1121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11405fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey SamsonovTEST(AddressSanitizer, CallocOverflow32) { 11505fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov#if SANITIZER_WORDSIZE == 32 11605fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov size_t kArraySize = 112; 11705fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov volatile size_t kArraySize2 = 43878406; 11805fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov void *p = 0; 11905fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov EXPECT_DEATH(p = calloc(kArraySize, kArraySize2), 12005fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov "allocator is terminating the process instead of returning 0"); 12105fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov assert(!p); 12205fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov#endif 12305fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov} 12405fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov 12505fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey SamsonovTEST(AddressSanitizer, CallocReturnsZeroMem) { 12605fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov size_t sizes[] = {16, 1000, 10000, 100000, 2100000}; 12705fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov for (size_t s = 0; s < sizeof(sizes)/sizeof(sizes[0]); s++) { 12805fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov size_t size = sizes[s]; 12905fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov for (size_t iter = 0; iter < 5; iter++) { 13005fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov char *x = Ident((char*)calloc(1, size)); 13105fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov EXPECT_EQ(x[0], 0); 13205fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov EXPECT_EQ(x[size - 1], 0); 13305fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov EXPECT_EQ(x[size / 2], 0); 13405fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov EXPECT_EQ(x[size / 3], 0); 13505fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov EXPECT_EQ(x[size / 4], 0); 13605fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov memset(x, 0x42, size); 13705fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov free(Ident(x)); 13805fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov free(Ident(malloc(Ident(1 << 27)))); // Try to drain the quarantine. 13905fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov } 14005fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov } 14105fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov} 14205fa3808f6ac96023cdf583a1a1b7220e5b451b8Alexey Samsonov 1431e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, VallocTest) { 1441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany void *a = valloc(100); 14576e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov EXPECT_EQ(0U, (uintptr_t)a % kPageSize); 1461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(a); 1471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#ifndef __APPLE__ 1501e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, PvallocTest) { 1511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *a = (char*)pvalloc(kPageSize + 100); 15276e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov EXPECT_EQ(0U, (uintptr_t)a % kPageSize); 1531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany a[kPageSize + 101] = 1; // we should not report an error here. 1541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(a); 1551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany a = (char*)pvalloc(0); // pvalloc(0) should allocate at least one page. 15776e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov EXPECT_EQ(0U, (uintptr_t)a % kPageSize); 1581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany a[101] = 1; // we should not report an error here. 1591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(a); 1601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif // __APPLE__ 1621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *TSDWorker(void *test_key) { 1641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany if (test_key) { 1651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_setspecific(*(pthread_key_t*)test_key, (void*)0xfeedface); 1661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 1671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return NULL; 1681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid TSDDestructor(void *tsd) { 1711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // Spawning a thread will check that the current thread id is not -1. 1721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t th; 1732697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&th, NULL, TSDWorker, NULL); 1742697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(th, NULL); 1751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This tests triggers the thread-specific data destruction fiasco which occurs 1781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// if we don't manage the TSD destructors ourselves. We create a new pthread 1791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// key with a non-NULL destructor which is likely to be put after the destructor 1801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// of AsanThread in the list of destructors. 1811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// In this case the TSD for AsanThread will be destroyed before TSDDestructor 1821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// is called for the child thread, and a CHECK will fail when we call 1831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// pthread_create() to spawn the grandchild. 1841e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_TSDTest) { 1851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t th; 1861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_key_t test_key; 1871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_key_create(&test_key, TSDDestructor); 1882697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&th, NULL, TSDWorker, &test_key); 1892697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(th, NULL); 1901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_key_delete(test_key); 1911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1931e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, UAF_char) { 194ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany const char *uaf_string = "AddressSanitizer:.*heap-use-after-free"; 1951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(uaf_test<U1>(1, 0), uaf_string); 1961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(uaf_test<U1>(10, 0), uaf_string); 1971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(uaf_test<U1>(10, 10), uaf_string); 1981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(uaf_test<U1>(kLargeMalloc, 0), uaf_string); 1991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(uaf_test<U1>(kLargeMalloc, kLargeMalloc / 2), uaf_string); 2001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 2011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 202366984e3aa286f7b4fb45f5c9e703f2768c407edKostya SerebryanyTEST(AddressSanitizer, UAF_long_double) { 2037f4df1a0e1e1b2ace94d4d78b03c222887dbb00cKostya Serebryany if (sizeof(long double) == sizeof(double)) return; 204366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany long double *p = Ident(new long double[10]); 205f931da85ce8668751628ded926ecad013c5d6f1aKostya Serebryany EXPECT_DEATH(Ident(p)[12] = 0, "WRITE of size 1[06]"); 206f931da85ce8668751628ded926ecad013c5d6f1aKostya Serebryany EXPECT_DEATH(Ident(p)[0] = Ident(p)[12], "READ of size 1[06]"); 207366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany delete [] Ident(p); 208366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany} 209366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany 210366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryanystruct Packed5 { 211366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany int x; 212366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany char c; 213366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany} __attribute__((packed)); 214366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany 215366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany 216366984e3aa286f7b4fb45f5c9e703f2768c407edKostya SerebryanyTEST(AddressSanitizer, UAF_Packed5) { 217366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany Packed5 *p = Ident(new Packed5[2]); 218366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany EXPECT_DEATH(p[0] = p[3], "READ of size 5"); 219366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany EXPECT_DEATH(p[3] = p[0], "WRITE of size 5"); 220366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany delete [] Ident(p); 221366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany} 222366984e3aa286f7b4fb45f5c9e703f2768c407edKostya Serebryany 2231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#if ASAN_HAS_BLACKLIST 2241e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, IgnoreTest) { 2251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *x = Ident(new int); 2261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete Ident(x); 2271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *x = 0; 2281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 2291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif // ASAN_HAS_BLACKLIST 2301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 2311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystruct StructWithBitField { 2321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int bf1:1; 2331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int bf2:1; 2341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int bf3:1; 2351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int bf4:29; 2361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}; 2371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 2381e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, BitFieldPositiveTest) { 2391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany StructWithBitField *x = new StructWithBitField; 2401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete Ident(x); 2411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(x->bf1 = 0, "use-after-free"); 2421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(x->bf2 = 0, "use-after-free"); 2431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(x->bf3 = 0, "use-after-free"); 2441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(x->bf4 = 0, "use-after-free"); 24576e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov} 2461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 2471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystruct StructWithBitFields_8_24 { 2481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a:8; 2491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int b:24; 2501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany}; 2511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 2521e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, BitFieldNegativeTest) { 2531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany StructWithBitFields_8_24 *x = Ident(new StructWithBitFields_8_24); 2541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x->a = 0; 2551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x->b = 0; 2561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete Ident(x); 2571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 2581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 2591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#if ASAN_NEEDS_SEGV 26058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenkonamespace { 26158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko 262ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryanyconst char kUnknownCrash[] = "AddressSanitizer: SEGV on unknown address"; 26358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenkoconst char kOverriddenHandler[] = "ASan signal handler has been overridden\n"; 26458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko 2651e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, WildAddressTest) { 2661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *c = (char*)0x123; 26758b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko EXPECT_DEATH(*c = 0, kUnknownCrash); 26858b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko} 26958b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko 27058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenkovoid my_sigaction_sighandler(int, siginfo_t*, void*) { 27158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko fprintf(stderr, kOverriddenHandler); 27258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko exit(1); 27358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko} 27458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko 275b0ddf227b25388ad836e560c00f0aec84026b0e5Alexey Samsonovvoid my_signal_sighandler(int signum) { 27658b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko fprintf(stderr, kOverriddenHandler); 27758b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko exit(1); 27858b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko} 27958b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko 28058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander PotapenkoTEST(AddressSanitizer, SignalTest) { 28158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko struct sigaction sigact; 28258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko memset(&sigact, 0, sizeof(sigact)); 28358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko sigact.sa_sigaction = my_sigaction_sighandler; 28458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko sigact.sa_flags = SA_SIGINFO; 28558b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko // ASan should silently ignore sigaction()... 28658b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko EXPECT_EQ(0, sigaction(SIGSEGV, &sigact, 0)); 28758b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko#ifdef __APPLE__ 28858b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko EXPECT_EQ(0, sigaction(SIGBUS, &sigact, 0)); 28958b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko#endif 29058b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko char *c = (char*)0x123; 29158b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko EXPECT_DEATH(*c = 0, kUnknownCrash); 29258b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko // ... and signal(). 29358b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko EXPECT_EQ(0, signal(SIGSEGV, my_signal_sighandler)); 29458b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko EXPECT_DEATH(*c = 0, kUnknownCrash); 29558b017bb286a8f4413a9348d2c87c52de38cff6dAlexander Potapenko} 296b0ddf227b25388ad836e560c00f0aec84026b0e5Alexey Samsonov} // namespace 2971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif 2981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 2991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystatic void TestLargeMalloc(size_t size) { 3001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char buff[1024]; 3011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany sprintf(buff, "is located 1 bytes to the left of %lu-byte", (long)size); 3021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Ident((char*)malloc(size))[-1] = 0, buff); 3031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 3041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 3051e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, LargeMallocTest) { 30600545a3625aaa765eef2da9b3e197a0e00e94550Evgeniy Stepanov const int max_size = (SANITIZER_WORDSIZE == 32) ? 1 << 26 : 1 << 28; 30700545a3625aaa765eef2da9b3e197a0e00e94550Evgeniy Stepanov for (int i = 113; i < max_size; i = i * 2 + 13) { 3081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TestLargeMalloc(i); 3091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 3101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 3111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 3121e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, HugeMallocTest) { 313d39a34ee33aae73fdde065f784bdc19f67b91ae2Kostya Serebryany if (SANITIZER_WORDSIZE != 64) return; 314d39a34ee33aae73fdde065f784bdc19f67b91ae2Kostya Serebryany size_t n_megs = 4100; 3151e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TestLargeMalloc(n_megs << 20); 3161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 3171e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 318c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany#ifndef __APPLE__ 319c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryanyvoid MemalignRun(size_t align, size_t size, int idx) { 320c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany char *p = (char *)memalign(align, size); 321c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany Ident(p)[idx] = 0; 322c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany free(p); 323c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany} 324c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany 325c311105fd64219bb96b6467c3707ebda355be87bKostya SerebryanyTEST(AddressSanitizer, memalign) { 326c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany for (int align = 16; align <= (1 << 23); align *= 2) { 327c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany size_t size = align * 5; 328c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany EXPECT_DEATH(MemalignRun(align, size, -1), 329c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany "is located 1 bytes to the left"); 330c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany EXPECT_DEATH(MemalignRun(align, size, size + 1), 331c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany "is located 1 bytes to the right"); 332c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany } 333c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany} 334c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany#endif 335c311105fd64219bb96b6467c3707ebda355be87bKostya Serebryany 3361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ManyThreadsWorker(void *a) { 3371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int iter = 0; iter < 100; iter++) { 3381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (size_t size = 100; size < 2000; size *= 2) { 3391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(Ident(malloc(size))); 3401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 3411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 3421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 3431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 3441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 3451e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ManyThreadsTest) { 3462697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany const size_t kNumThreads = 3472697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany (SANITIZER_WORDSIZE == 32 || ASAN_AVOID_EXPENSIVE_TESTS) ? 30 : 1000; 3481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t t[kNumThreads]; 3491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (size_t i = 0; i < kNumThreads; i++) { 3502697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t[i], 0, ManyThreadsWorker, (void*)i); 3511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 3521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (size_t i = 0; i < kNumThreads; i++) { 3532697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t[i], 0); 3541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 3551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 3561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 3571e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ReallocTest) { 3581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany const int kMinElem = 5; 3591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *ptr = (int*)malloc(sizeof(int) * kMinElem); 3601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ptr[3] = 3; 3611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 0; i < 10000; i++) { 3621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ptr = (int*)realloc(ptr, 36348ddbef1d051875b2d0b204e8d78300b58d80a85Evgeniy Stepanov (my_rand() % 1000 + kMinElem) * sizeof(int)); 3641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(3, ptr[3]); 3651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 366a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov free(ptr); 367a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov // Realloc pointer returned by malloc(0). 368a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov int *ptr2 = Ident((int*)malloc(0)); 369a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov ptr2 = Ident((int*)realloc(ptr2, sizeof(*ptr2))); 370a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov *ptr2 = 42; 371a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov EXPECT_EQ(42, *ptr2); 372a3ab1a7da70a5ef111257ba8887920c1fdcd7be5Alexey Samsonov free(ptr2); 3731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 3741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 37541d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur IskhodzhanovTEST(AddressSanitizer, ReallocFreedPointerTest) { 37641d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov void *ptr = Ident(malloc(42)); 37741d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov ASSERT_TRUE(NULL != ptr); 37841d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov free(ptr); 37941d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov EXPECT_DEATH(ptr = realloc(ptr, 77), "attempting double-free"); 38041d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov} 38141d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov 38241d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur IskhodzhanovTEST(AddressSanitizer, ReallocInvalidPointerTest) { 38341d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov void *ptr = Ident(malloc(42)); 38441d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov EXPECT_DEATH(ptr = realloc((int*)ptr + 1, 77), "attempting free.*not malloc"); 3852ec879ebd7261c9182d4fdee95fb615439dda67dAlexey Samsonov free(ptr); 38641d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov} 38741d69f4fd5454d5bf2614cbb3e8ed77a935c880bTimur Iskhodzhanov 388d91699339fd7e022aef0eaa8f401af0f8942068bAlexey SamsonovTEST(AddressSanitizer, ZeroSizeMallocTest) { 389d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov // Test that malloc(0) and similar functions don't return NULL. 390d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov void *ptr = Ident(malloc(0)); 391a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov EXPECT_TRUE(NULL != ptr); 392d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov free(ptr); 393d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov#if !defined(__APPLE__) && !defined(ANDROID) && !defined(__ANDROID__) 394d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov int pm_res = posix_memalign(&ptr, 1<<20, 0); 395d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov EXPECT_EQ(0, pm_res); 396a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov EXPECT_TRUE(NULL != ptr); 397d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov free(ptr); 398d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov#endif 399a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov int *int_ptr = new int[0]; 400d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov int *int_ptr2 = new int[0]; 401a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov EXPECT_TRUE(NULL != int_ptr); 402a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov EXPECT_TRUE(NULL != int_ptr2); 403a180078ee0120c049f9fb495f930053f80f105aaAlexey Samsonov EXPECT_NE(int_ptr, int_ptr2); 404d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov delete[] int_ptr; 405d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov delete[] int_ptr2; 406d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov} 407d91699339fd7e022aef0eaa8f401af0f8942068bAlexey Samsonov 4084fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov#ifndef __APPLE__ 4094fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonovstatic const char *kMallocUsableSizeErrorMsg = 410ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany "AddressSanitizer: attempting to call malloc_usable_size()"; 4114fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov 4124fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey SamsonovTEST(AddressSanitizer, MallocUsableSizeTest) { 4134fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov const size_t kArraySize = 100; 4144fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov char *array = Ident((char*)malloc(kArraySize)); 4154fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov int *int_ptr = Ident(new int); 41676e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov EXPECT_EQ(0U, malloc_usable_size(NULL)); 4174fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov EXPECT_EQ(kArraySize, malloc_usable_size(array)); 4184fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov EXPECT_EQ(sizeof(int), malloc_usable_size(int_ptr)); 4194fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov EXPECT_DEATH(malloc_usable_size((void*)0x123), kMallocUsableSizeErrorMsg); 4204fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov EXPECT_DEATH(malloc_usable_size(array + kArraySize / 2), 4214fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov kMallocUsableSizeErrorMsg); 4224fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov free(array); 4234fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov EXPECT_DEATH(malloc_usable_size(array), kMallocUsableSizeErrorMsg); 4242ec879ebd7261c9182d4fdee95fb615439dda67dAlexey Samsonov delete int_ptr; 4254fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov} 4264fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov#endif 4274fd95f141f78906570c15a8a3b4cf0a7b50a201dAlexey Samsonov 4281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid WrongFree() { 4291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *x = (int*)malloc(100 * sizeof(int)); 4301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // Use the allocated memory, otherwise Clang will optimize it out. 4311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(x); 4321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(x + 1); 4331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 4341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 4351e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, WrongFreeTest) { 4367dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov EXPECT_DEATH(WrongFree(), ASAN_PCRE_DOTALL 4377dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov "ERROR: AddressSanitizer: attempting free.*not malloc" 4387dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov ".*is located 4 bytes inside of 400-byte region" 4397dd282c0c7d3ca32ee94092289bd802e16fe9867Alexey Samsonov ".*allocated by thread"); 4401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 4411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 4421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid DoubleFree() { 4431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *x = (int*)malloc(100 * sizeof(int)); 4441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany fprintf(stderr, "DoubleFree: x=%p\n", x); 4451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(x); 4461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(x); 4471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany fprintf(stderr, "should have failed in the second free(%p)\n", x); 4481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany abort(); 4491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 4501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 4511e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DoubleFreeTest) { 45227f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany EXPECT_DEATH(DoubleFree(), ASAN_PCRE_DOTALL 453ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany "ERROR: AddressSanitizer: attempting double-free" 45427f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany ".*is located 0 bytes inside of 400-byte region" 45527f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany ".*freed by thread T0 here" 45627f4932a8a0845303b33d69ddce096c445002e60Kostya Serebryany ".*previously allocated by thread T0 here"); 4571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 4581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 4591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanytemplate<int kSize> 460938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void SizedStackTest() { 4611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char a[kSize]; 4621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *A = Ident((char*)&a); 4631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (size_t i = 0; i < kSize; i++) 4641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany A[i] = i; 4651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[-1] = 0, ""); 4661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[-20] = 0, ""); 4671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[-31] = 0, ""); 4681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[kSize] = 0, ""); 4691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[kSize + 1] = 0, ""); 4701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[kSize + 10] = 0, ""); 4711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(A[kSize + 31] = 0, ""); 4721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 4731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 4741e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, SimpleStackTest) { 4751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<1>(); 4761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<2>(); 4771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<3>(); 4781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<4>(); 4791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<5>(); 4801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<6>(); 4811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<7>(); 4821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<16>(); 4831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<25>(); 4841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<34>(); 4851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<43>(); 4861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<51>(); 4871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<62>(); 4881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<64>(); 4891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SizedStackTest<128>(); 4901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 4911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 4921e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ManyStackObjectsTest) { 4931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char XXX[10]; 4941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char YYY[20]; 4951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char ZZZ[30]; 4961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(XXX); 4971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(YYY); 4981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Ident(ZZZ)[-1] = 0, ASAN_PCRE_DOTALL "XXX.*YYY.*ZZZ"); 4991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 50150f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany#if 0 // This test requires online symbolizer. 50250f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany// Moved to lit_tests/stack-oob-frames.cc. 50350f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany// Reenable here once we have online symbolizer by default. 504938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame0(int frame, char *a, char *b, char *c) { 5051e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char d[4] = {0}; 5061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *D = Ident(d); 5071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany switch (frame) { 5081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany case 3: a[5]++; break; 5091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany case 2: b[5]++; break; 5101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany case 1: c[5]++; break; 5111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany case 0: D[5]++; break; 5121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 5131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 514938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame1(int frame, char *a, char *b) { 5151e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char c[4] = {0}; Frame0(frame, a, b, c); 5161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany break_optimization(0); 5171e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 518938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame2(int frame, char *a) { 5191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char b[4] = {0}; Frame1(frame, a, b); 5201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany break_optimization(0); 5211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 522938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void Frame3(int frame) { 5231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char a[4] = {0}; Frame2(frame, a); 5241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany break_optimization(0); 5251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 5271e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame0Test) { 5281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Frame3(0), "located .*in frame <.*Frame0"); 5291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5301e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame1Test) { 5311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Frame3(1), "located .*in frame <.*Frame1"); 5321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5331e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame2Test) { 5341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Frame3(2), "located .*in frame <.*Frame2"); 5351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5361e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GuiltyStackFrame3Test) { 5371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Frame3(3), "located .*in frame <.*Frame3"); 5381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 53950f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany#endif 5401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 541938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void LongJmpFunc1(jmp_buf buf) { 5421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // create three red zones for these two stack objects. 5431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a; 5441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int b; 5451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 5461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *A = Ident(&a); 5471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *B = Ident(&b); 5481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *A = *B; 5491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany longjmp(buf, 1); 5501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 552d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya SerebryanyNOINLINE void BuiltinLongJmpFunc1(jmp_buf buf) { 553d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany // create three red zones for these two stack objects. 554d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany int a; 555d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany int b; 556d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany 557d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany int *A = Ident(&a); 558d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany int *B = Ident(&b); 559d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany *A = *B; 560d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany __builtin_longjmp((void**)buf, 1); 561d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany} 562d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany 563938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void UnderscopeLongJmpFunc1(jmp_buf buf) { 5641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // create three red zones for these two stack objects. 5651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a; 5661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int b; 5671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 5681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *A = Ident(&a); 5691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *B = Ident(&b); 5701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *A = *B; 5711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany _longjmp(buf, 1); 5721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 574938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void SigLongJmpFunc1(sigjmp_buf buf) { 5751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // create three red zones for these two stack objects. 5761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a; 5771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int b; 5781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 5791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *A = Ident(&a); 5801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *B = Ident(&b); 5811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *A = *B; 5821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany siglongjmp(buf, 1); 5831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 5851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 586938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void TouchStackFunc() { 5871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a[100]; // long array will intersect with redzones from LongJmpFunc1. 5881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *A = Ident(a); 5891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 0; i < 100; i++) 5901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany A[i] = i*i; 5911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 5921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 5931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Test that we handle longjmp and do not report fals positives on stack. 5941e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, LongJmpTest) { 5951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static jmp_buf buf; 5961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany if (!setjmp(buf)) { 5971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany LongJmpFunc1(buf); 5981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } else { 5991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TouchStackFunc(); 6001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 6011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6030bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany#if !defined(__ANDROID__) && \ 6040bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany !defined(__powerpc64__) && !defined(__powerpc__) 6050bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany// Does not work on Power: 6060bdc46c7ee03e8c4e4da7c5ac43edac237aa53e2Kostya Serebryany// https://code.google.com/p/address-sanitizer/issues/detail?id=185 607c3a5c173f228cbb15e332e6bbc17c76ebd55d7a8Kostya SerebryanyTEST(AddressSanitizer, BuiltinLongJmpTest) { 608d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany static jmp_buf buf; 609c3a5c173f228cbb15e332e6bbc17c76ebd55d7a8Kostya Serebryany if (!__builtin_setjmp((void**)buf)) { 610d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany BuiltinLongJmpFunc1(buf); 611d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany } else { 612d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany TouchStackFunc(); 613d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany } 614d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany} 615b989143d0be56496e8d5fcf75969af35a058792aKostya Serebryany#endif // not defined(__ANDROID__) 616d3ca78fdb296d2a51fc224da673ebfff508acf44Kostya Serebryany 6171e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, UnderscopeLongJmpTest) { 6181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static jmp_buf buf; 6191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany if (!_setjmp(buf)) { 6201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany UnderscopeLongJmpFunc1(buf); 6211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } else { 6221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TouchStackFunc(); 6231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 6241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6261e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, SigLongJmpTest) { 6271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static sigjmp_buf buf; 6281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany if (!sigsetjmp(buf, 1)) { 6291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SigLongJmpFunc1(buf); 6301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } else { 6311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TouchStackFunc(); 6321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 6331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#ifdef __EXCEPTIONS 636938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE void ThrowFunc() { 6371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // create three red zones for these two stack objects. 6381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a; 6391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int b; 6401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *A = Ident(&a); 6421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *B = Ident(&b); 6431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *A = *B; 6441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ASAN_THROW(1); 6451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6471e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, CxxExceptionTest) { 6481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany if (ASAN_UAR) return; 6491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // TODO(kcc): this test crashes on 32-bit for some reason... 6505af39e50366f1aacbebc284f572f08ad1ad07357Kostya Serebryany if (SANITIZER_WORDSIZE == 32) return; 6511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany try { 6521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ThrowFunc(); 6531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } catch(...) {} 6541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TouchStackFunc(); 6551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif 6571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadStackReuseFunc1(void *unused) { 6591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // create three red zones for these two stack objects. 6601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a; 6611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int b; 6621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *A = Ident(&a); 6641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *B = Ident(&b); 6651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *A = *B; 6661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_exit(0); 6671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 6681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadStackReuseFunc2(void *unused) { 6711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany TouchStackFunc(); 6721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 6731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 6751e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ThreadStackReuseTest) { 6761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t t; 6772697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, ThreadStackReuseFunc1, 0); 6782697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 6792697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, ThreadStackReuseFunc2, 0); 6802697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 6811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 683f6607d097833cd53460735c1a5a2fd52b97613ebTimur Iskhodzhanov#if defined(__i386__) || defined(__x86_64__) 6841e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, Store128Test) { 6851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *a = Ident((char*)malloc(Ident(12))); 6861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *p = a; 6871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany if (((uintptr_t)a % 16) != 0) 6881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany p = a + 8; 6891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany assert(((uintptr_t)p % 16) == 0); 6901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany __m128i value_wide = _mm_set1_epi16(0x1234); 6911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(_mm_store_si128((__m128i*)p, value_wide), 692ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany "AddressSanitizer: heap-buffer-overflow"); 693acd5c617b219e0f059620c2a3928d2cc821d4534Kostya Serebryany EXPECT_DEATH(_mm_store_si128((__m128i*)p, value_wide), 6941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "WRITE of size 16"); 6951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(_mm_store_si128((__m128i*)p, value_wide), 6961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "located 0 bytes to the right of 12-byte"); 6971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(a); 6981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 6991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif 7001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 7016cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring RightOOBErrorMessage(int oob_distance, bool is_write) { 7021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany assert(oob_distance >= 0); 7031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char expected_str[100]; 7041b057b20db71ec6cc2bac460c8b2848f0889d47dKostya Serebryany sprintf(expected_str, ASAN_PCRE_DOTALL 7051b057b20db71ec6cc2bac460c8b2848f0889d47dKostya Serebryany "buffer-overflow.*%s.*located %d bytes to the right", 706ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko is_write ? "WRITE" : "READ", oob_distance); 7071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return string(expected_str); 7081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 7091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 7106cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring RightOOBWriteMessage(int oob_distance) { 711ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko return RightOOBErrorMessage(oob_distance, /*is_write*/true); 712ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko} 713ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko 7146cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring RightOOBReadMessage(int oob_distance) { 715ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko return RightOOBErrorMessage(oob_distance, /*is_write*/false); 716ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko} 717ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko 7186cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBErrorMessage(int oob_distance, bool is_write) { 7191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany assert(oob_distance > 0); 7201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char expected_str[100]; 7210b770b48e4ae053a7d0610e1c682405afba58fdaKostya Serebryany sprintf(expected_str, ASAN_PCRE_DOTALL "%s.*located %d bytes to the left", 722ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko is_write ? "WRITE" : "READ", oob_distance); 7231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return string(expected_str); 7241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 7251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 7266cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBWriteMessage(int oob_distance) { 727ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko return LeftOOBErrorMessage(oob_distance, /*is_write*/true); 728ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko} 729ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko 7306cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBReadMessage(int oob_distance) { 731ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko return LeftOOBErrorMessage(oob_distance, /*is_write*/false); 732ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko} 733ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko 7346cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanystring LeftOOBAccessMessage(int oob_distance) { 735ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko assert(oob_distance > 0); 736ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko char expected_str[100]; 737ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko sprintf(expected_str, "located %d bytes to the left", oob_distance); 738ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko return string(expected_str); 739ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko} 740ada9ba14325df9e206f454c50bd1b55ea9ecdbb9Alexander Potapenko 7416cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanychar* MallocAndMemsetString(size_t size, char ch) { 74244997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany char *s = Ident((char*)malloc(size)); 74344997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany memset(s, ch, size); 74444997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany return s; 74544997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany} 7466cbfae439b81221d2250ffe0331958f130259755Kostya Serebryany 7476cbfae439b81221d2250ffe0331958f130259755Kostya Serebryanychar* MallocAndMemsetString(size_t size) { 74844997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany return MallocAndMemsetString(size, 'z'); 74944997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany} 75044997c354c7cdb5257d9a41c837b12a6133f2d6bKostya Serebryany 751ca2849c2819b5c7a8771a1e8bc449cf8f5ef6527Alexey Samsonov#if defined(__linux__) && !defined(ANDROID) && !defined(__ANDROID__) 752c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany#define READ_TEST(READ_N_BYTES) \ 753c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany char *x = new char[10]; \ 754c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany int fd = open("/proc/self/stat", O_RDONLY); \ 755c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany ASSERT_GT(fd, 0); \ 756c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany EXPECT_DEATH(READ_N_BYTES, \ 757c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany ASAN_PCRE_DOTALL \ 758c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany "AddressSanitizer: heap-buffer-overflow" \ 759c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany ".* is located 0 bytes to the right of 10-byte region"); \ 760c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany close(fd); \ 761c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany delete [] x; \ 762c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany 7638530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya SerebryanyTEST(AddressSanitizer, pread) { 764c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany READ_TEST(pread(fd, x, 15, 0)); 7658530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany} 7668530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany 7678530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya SerebryanyTEST(AddressSanitizer, pread64) { 768c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany READ_TEST(pread64(fd, x, 15, 0)); 7698530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany} 7708530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany 7718530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya SerebryanyTEST(AddressSanitizer, read) { 772c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany READ_TEST(read(fd, x, 15)); 773c20b321d49f0eff60f1394d56e623d8ca94f24d7Kostya Serebryany} 774ca2849c2819b5c7a8771a1e8bc449cf8f5ef6527Alexey Samsonov#endif // defined(__linux__) && !defined(ANDROID) && !defined(__ANDROID__) 7758530e2b953f0b34ecd267a6aba5f155d5c08c5c8Kostya Serebryany 7761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This test case fails 7771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Clang optimizes memcpy/memset calls which lead to unaligned access 7781e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_MemIntrinsicUnalignedAccessTest) { 7791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int size = Ident(4096); 7801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *s = Ident((char*)malloc(size)); 781ef8dfd8dffbf4385baf24e5aaea6c2cc7c6c936aAlexander Potapenko EXPECT_DEATH(memset(s + size - 1, 0, 2), RightOOBWriteMessage(0)); 7821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(s); 7831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 7841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 7851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// TODO(samsonov): Add a test with malloc(0) 7861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// TODO(samsonov): Add tests for str* and mem* functions. 7871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 788938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static int LargeFunction(bool do_bad_access) { 7891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *x = new int[100]; 7901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[0]++; 7911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[1]++; 7921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[2]++; 7931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[3]++; 7941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[4]++; 7951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[5]++; 7961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[6]++; 7971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[7]++; 7981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[8]++; 7991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[9]++; 8001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[do_bad_access ? 100 : 0]++; int res = __LINE__; 8021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[10]++; 8041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[11]++; 8051e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[12]++; 8061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[13]++; 8071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[14]++; 8081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[15]++; 8091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[16]++; 8101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[17]++; 8111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[18]++; 8121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany x[19]++; 8131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete x; 8151e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return res; 8161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8171e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Test the we have correct debug info for the failing instruction. 8191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// This test requires the in-process symbolizer to be enabled by default. 8201e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_LargeFunctionSymbolizeTest) { 8211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int failing_line = LargeFunction(false); 8221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char expected_warning[128]; 8235a15541fc2bbe46a5ce0cd802b5c1055f2ffb14eKostya Serebryany sprintf(expected_warning, "LargeFunction.*asan_test.*:%d", failing_line); 8241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(LargeFunction(true), expected_warning); 8251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Check that we unwind and symbolize correctly. 8281e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_MallocFreeUnwindAndSymbolizeTest) { 8291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *a = (int*)malloc_aaa(sizeof(int)); 8301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *a = 1; 8311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free_aaa(a); 8321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(*a = 1, "free_ccc.*free_bbb.*free_aaa.*" 8331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "malloc_fff.*malloc_eee.*malloc_ddd"); 8341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 836b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryanystatic bool TryToSetThreadName(const char *name) { 837b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany#if defined(__linux__) && defined(PR_SET_NAME) 838b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany return 0 == prctl(PR_SET_NAME, (unsigned long)name, 0, 0, 0); 839b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany#else 840b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany return false; 841716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany#endif 842716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany} 843716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany 8441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadedTestAlloc(void *a) { 845b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany EXPECT_EQ(true, TryToSetThreadName("AllocThr")); 8461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int **p = (int**)a; 8471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *p = new int; 8481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 8491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadedTestFree(void *a) { 852b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany EXPECT_EQ(true, TryToSetThreadName("FreeThr")); 8531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int **p = (int**)a; 8541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany delete *p; 8551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 8561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *ThreadedTestUse(void *a) { 859b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany EXPECT_EQ(true, TryToSetThreadName("UseThr")); 8601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int **p = (int**)a; 8611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany **p = 1; 8621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 8631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid ThreadedTestSpawn() { 8661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t t; 8671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *x; 8682697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, ThreadedTestAlloc, &x); 8692697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 8702697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, ThreadedTestFree, &x); 8712697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 8722697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, ThreadedTestUse, &x); 8732697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 8741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 8761e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ThreadedTest) { 8771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(ThreadedTestSpawn(), 8781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ASAN_PCRE_DOTALL 8791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "Thread T.*created" 8801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ".*Thread T.*created" 8811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ".*Thread T.*created"); 8821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 8831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 884b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryanyvoid *ThreadedTestFunc(void *unused) { 885b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany // Check if prctl(PR_SET_NAME) is supported. Return if not. 886b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany if (!TryToSetThreadName("TestFunc")) 887b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany return 0; 888716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany EXPECT_DEATH(ThreadedTestSpawn(), 889716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany ASAN_PCRE_DOTALL 890a390ece58317a25ef26866cef6753df4b06a3e65Kostya Serebryany "WRITE .*thread T. .UseThr." 891a390ece58317a25ef26866cef6753df4b06a3e65Kostya Serebryany ".*freed by thread T. .FreeThr. here:" 892a390ece58317a25ef26866cef6753df4b06a3e65Kostya Serebryany ".*previously allocated by thread T. .AllocThr. here:" 893b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany ".*Thread T. .UseThr. created by T.*TestFunc" 894b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany ".*Thread T. .FreeThr. created by T" 895b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany ".*Thread T. .AllocThr. created by T" 896716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany ""); 897b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany return 0; 898b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany} 899b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany 900b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya SerebryanyTEST(AddressSanitizer, ThreadNamesTest) { 901b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany // Run ThreadedTestFunc in a separate thread because it tries to set a 902b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany // thread name and we don't want to change the main thread's name. 903b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany pthread_t t; 904b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany PTHREAD_CREATE(&t, 0, ThreadedTestFunc, 0); 905b8a59a0e030d0aacf4df1fe8f7fb4e6f82bab654Kostya Serebryany PTHREAD_JOIN(t, 0); 906716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany} 907716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany 9081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#if ASAN_NEEDS_SEGV 9091e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ShadowGapTest) { 9105af39e50366f1aacbebc284f572f08ad1ad07357Kostya Serebryany#if SANITIZER_WORDSIZE == 32 9111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *addr = (char*)0x22000000; 9121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#else 9139277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany# if defined(__powerpc64__) 9149277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany char *addr = (char*)0x024000800000; 9159277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany# else 9161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *addr = (char*)0x0000100000080000; 9179277b1ff831ad4e3979e7a6203e838d6d62266c6Kostya Serebryany# endif 9181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif 919ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany EXPECT_DEATH(*addr = 1, "AddressSanitizer: SEGV on unknown"); 9201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif // ASAN_NEEDS_SEGV 9221e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyextern "C" { 924938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void UseThenFreeThenUse() { 9251e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *x = Ident((char*)malloc(8)); 9261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *x = 1; 9271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free_aaa(x); 9281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany *x = 2; 9291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9321e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, UseThenFreeThenUseTest) { 9331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(UseThenFreeThenUse(), "freed by thread"); 9341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9361e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, StrDupTest) { 9371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany free(strdup(Ident("123"))); 9381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// Currently we create and poison redzone at right of global variables. 9411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystatic char static110[110]; 9421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyconst char ConstGlob[7] = {1, 2, 3, 4, 5, 6, 7}; 9431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystatic const char StaticConstGlob[3] = {9, 8, 7}; 9441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9451e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GlobalTest) { 9461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char func_static15[15]; 9471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char fs1[10]; 9491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char fs2[10]; 9501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char fs3[10]; 9511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany glob5[Ident(0)] = 0; 9531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany glob5[Ident(1)] = 0; 9541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany glob5[Ident(2)] = 0; 9551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany glob5[Ident(3)] = 0; 9561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany glob5[Ident(4)] = 0; 9571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(glob5[Ident(5)] = 0, 9591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "0 bytes to the right of global variable.*glob5.* size 5"); 9601e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(glob5[Ident(5+6)] = 0, 9611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "6 bytes to the right of global variable.*glob5.* size 5"); 9621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(static110); // avoid optimizations 9631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static110[Ident(0)] = 0; 9641e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static110[Ident(109)] = 0; 9651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(static110[Ident(110)] = 0, 9661e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "0 bytes to the right of global variable"); 9671e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(static110[Ident(110+7)] = 0, 9681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "7 bytes to the right of global variable"); 9691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9701e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(func_static15); // avoid optimizations 9711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany func_static15[Ident(0)] = 0; 9721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(func_static15[Ident(15)] = 0, 9731e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "0 bytes to the right of global variable"); 9741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(func_static15[Ident(15 + 9)] = 0, 9751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "9 bytes to the right of global variable"); 9761e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(fs1); 9781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(fs2); 9791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(fs3); 9801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // We don't create left redzones, so this is not 100% guaranteed to fail. 9821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // But most likely will. 9831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(fs2[Ident(-1)] = 0, "is located.*of global variable"); 9841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9851e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Ident(Ident(ConstGlob)[8]), 9861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "is located 1 bytes to the right of .*ConstGlob"); 9871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Ident(Ident(StaticConstGlob)[5]), 9881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany "is located 2 bytes to the right of .*StaticConstGlob"); 9891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany // call stuff from another file. 9911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany GlobalsTest(0); 9921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 9941e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, GlobalStringConstTest) { 9951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static const char *zoo = "FOOBAR123"; 9961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany const char *p = Ident(zoo); 9971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_DEATH(Ident(p[15]), "is ascii string 'FOOBAR123'"); 9981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 9991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1000c37ca572876a585b6a910f14a85cc7ba7fc22f20Kostya SerebryanyTEST(AddressSanitizer, FileNameInGlobalReportTest) { 1001c37ca572876a585b6a910f14a85cc7ba7fc22f20Kostya Serebryany static char zoo[10]; 1002c37ca572876a585b6a910f14a85cc7ba7fc22f20Kostya Serebryany const char *p = Ident(zoo); 1003c37ca572876a585b6a910f14a85cc7ba7fc22f20Kostya Serebryany // The file name should be present in the report. 10045a15541fc2bbe46a5ce0cd802b5c1055f2ffb14eKostya Serebryany EXPECT_DEATH(Ident(p[15]), "zoo.*asan_test."); 1005c37ca572876a585b6a910f14a85cc7ba7fc22f20Kostya Serebryany} 1006c37ca572876a585b6a910f14a85cc7ba7fc22f20Kostya Serebryany 10071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyint *ReturnsPointerToALocalObject() { 10081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int a = 0; 10091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return Ident(&a); 10101e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1012918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany#if ASAN_UAR == 1 10131e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, LocalReferenceReturnTest) { 10141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *(*f)() = Ident(ReturnsPointerToALocalObject); 1015918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany int *p = f(); 1016918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany // Call 'f' a few more times, 'p' should still be poisoned. 1017918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany for (int i = 0; i < 32; i++) 1018918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany f(); 1019ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany EXPECT_DEATH(*p = 1, "AddressSanitizer: stack-use-after-return"); 1020918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany EXPECT_DEATH(*p = 1, "is located.*in frame .*ReturnsPointerToALocal"); 10211e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 1022918b18a849cea679bff31a4e0dfb3745302c240aKostya Serebryany#endif 10231e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 10241e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanytemplate <int kSize> 1025938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void FuncWithStack() { 10261e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char x[kSize]; 10271e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(x)[0] = 0; 10281e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(x)[kSize-1] = 0; 10291e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10301e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 10311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanystatic void LotsOfStackReuse() { 10321e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int LargeStack[10000]; 10331e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(LargeStack)[0] = 0; 10341e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 0; i < 10000; i++) { 10351e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 1>(); 10361e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 2>(); 10371e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 4>(); 10381e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 8>(); 10391e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 16>(); 10401e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 32>(); 10411e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 64>(); 10421e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 128>(); 10431e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 256>(); 10441e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany FuncWithStack<128 * 512>(); 10451e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(LargeStack)[0] = 0; 10461e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 10471e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 10491e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, StressStackReuseTest) { 10501e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany LotsOfStackReuse(); 10511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 10531e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, ThreadedStressStackReuseTest) { 10541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany const int kNumThreads = 20; 10551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t t[kNumThreads]; 10561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 0; i < kNumThreads; i++) { 10572697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t[i], 0, (void* (*)(void *x))LotsOfStackReuse, 0); 10581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 10591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 0; i < kNumThreads; i++) { 10602697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t[i], 0); 10611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 10621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1064f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryanystatic void *PthreadExit(void *a) { 1065f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany pthread_exit(0); 10667b7b55e99166511ce1e66bf6b79c46ae4aa60d17Evgeniy Stepanov return 0; 1067f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany} 1068f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany 1069f58f998066db0231e521169d2f50af439ceecb49Kostya SerebryanyTEST(AddressSanitizer, PthreadExitTest) { 1070f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany pthread_t t; 1071f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany for (int i = 0; i < 1000; i++) { 10722697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, PthreadExit, 0); 10732697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 1074f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany } 1075f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany} 1076f58f998066db0231e521169d2f50af439ceecb49Kostya Serebryany 10771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#ifdef __EXCEPTIONS 1078938106753364d96cedc11cbdc35a15030fb44d0cTimur IskhodzhanovNOINLINE static void StackReuseAndException() { 10791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int large_stack[1000]; 10801e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(large_stack); 10811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ASAN_THROW(1); 10821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 10841e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// TODO(kcc): support exceptions with use-after-return. 10851e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_StressStackReuseAndExceptionsTest) { 10861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany for (int i = 0; i < 10000; i++) { 10871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany try { 10881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany StackReuseAndException(); 10891e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } catch(...) { 10901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 10911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 10921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 10931e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany#endif 10941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 10951e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, MlockTest) { 10961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(0, mlockall(MCL_CURRENT)); 10971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(0, mlock((void*)0x12345, 0x5678)); 10981e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(0, munlockall()); 10991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany EXPECT_EQ(0, munlock((void*)0x987, 0x654)); 11001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 1102c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryanystruct LargeStruct { 1103c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany int foo[100]; 1104c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany}; 1105c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany 1106c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany// Test for bug http://llvm.org/bugs/show_bug.cgi?id=11763. 1107c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany// Struct copy should not cause asan warning even if lhs == rhs. 1108c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya SerebryanyTEST(AddressSanitizer, LargeStructCopyTest) { 1109c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany LargeStruct a; 1110c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany *Ident(&a) = *Ident(&a); 1111c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany} 1112c655cfa8dc0fdf5b521e565f6cbdbf7981fba1b2Kostya Serebryany 1113f7f2e431263cc0aa321218ce8978b289187a39a3Alexey SamsonovATTRIBUTE_NO_SANITIZE_ADDRESS 1114f7f2e431263cc0aa321218ce8978b289187a39a3Alexey Samsonovstatic void NoSanitizeAddress() { 11153be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany char *foo = new char[10]; 11163be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany Ident(foo)[10] = 0; 11173be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany delete [] foo; 11183be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany} 11193be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany 1120f7f2e431263cc0aa321218ce8978b289187a39a3Alexey SamsonovTEST(AddressSanitizer, AttributeNoSanitizeAddressTest) { 1121f7f2e431263cc0aa321218ce8978b289187a39a3Alexey Samsonov Ident(NoSanitizeAddress)(); 11223be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany} 11233be19f4fa3519e358fd41a5feda82c39a22ef107Kostya Serebryany 112429e09223b9d4f53f1be528d6a572b66034c26611Alexey Samsonov// It doesn't work on Android, as calls to new/delete go through malloc/free. 11258db82e151f4dc3de33530adce370a3d86be54cf9Alexander Potapenko// Neither it does on OS X, see 11268db82e151f4dc3de33530adce370a3d86be54cf9Alexander Potapenko// https://code.google.com/p/address-sanitizer/issues/detail?id=131. 11278db82e151f4dc3de33530adce370a3d86be54cf9Alexander Potapenko#if !defined(ANDROID) && !defined(__ANDROID__) && !defined(__APPLE__) 1128fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryanystatic string MismatchStr(const string &str) { 1129fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany return string("AddressSanitizer: alloc-dealloc-mismatch \\(") + str; 1130fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany} 1131fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany 11328f0e311767b783db4a15139dddfe7a924fa3724eAlexey SamsonovTEST(AddressSanitizer, AllocDeallocMismatch) { 1133fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany EXPECT_DEATH(free(Ident(new int)), 1134fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany MismatchStr("operator new vs free")); 1135fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany EXPECT_DEATH(free(Ident(new int[2])), 1136fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany MismatchStr("operator new \\[\\] vs free")); 1137fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany EXPECT_DEATH(delete (Ident(new int[2])), 1138fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany MismatchStr("operator new \\[\\] vs operator delete")); 1139fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany EXPECT_DEATH(delete (Ident((int*)malloc(2 * sizeof(int)))), 1140fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany MismatchStr("malloc vs operator delete")); 1141fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany EXPECT_DEATH(delete [] (Ident(new int)), 1142fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany MismatchStr("operator new vs operator delete \\[\\]")); 1143fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany EXPECT_DEATH(delete [] (Ident((int*)malloc(2 * sizeof(int)))), 1144fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany MismatchStr("malloc vs operator delete \\[\\]")); 1145fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany} 114629e09223b9d4f53f1be528d6a572b66034c26611Alexey Samsonov#endif 1147fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany 11481e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// ------------------ demo tests; run each one-by-one ------------- 11491e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany// e.g. --gtest_filter=*DemoOOBLeftHigh --gtest_also_run_disabled_tests 11501e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoThreadedTest) { 11511e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany ThreadedTestSpawn(); 11521e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11531e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11541e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryanyvoid *SimpleBugOnSTack(void *x = 0) { 11551e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char a[20]; 11561e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(a)[20] = 0; 11571e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany return 0; 11581e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11591e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11601e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoStackTest) { 11611e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany SimpleBugOnSTack(); 11621e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11631e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11641e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoThreadStackTest) { 11651e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany pthread_t t; 11662697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_CREATE(&t, 0, SimpleBugOnSTack, 0); 11672697687059e64a4f1319dc23a0a3ca59982d53f6Kostya Serebryany PTHREAD_JOIN(t, 0); 11681e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11691e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11701e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoUAFLowIn) { 11711e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany uaf_test<U1>(10, 0); 11721e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11731e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoUAFLowLeft) { 11741e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany uaf_test<U1>(10, -2); 11751e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11761e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoUAFLowRight) { 11771e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany uaf_test<U1>(10, 10); 11781e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11791e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11801e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoUAFHigh) { 11811e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany uaf_test<U1>(kLargeMalloc, 0); 11821e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11831e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11841e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoOOM) { 11855af39e50366f1aacbebc284f572f08ad1ad07357Kostya Serebryany size_t size = SANITIZER_WORDSIZE == 64 ? (size_t)(1ULL << 40) : (0xf0000000); 11861e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany printf("%p\n", malloc(size)); 11871e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11881e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11891e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoDoubleFreeTest) { 11901e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany DoubleFree(); 11911e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11921e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11931e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoNullDerefTest) { 11941e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany int *a = 0; 11951e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(a)[10] = 0; 11961e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 11971e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 11981e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoFunctionStaticTest) { 11991e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char a[100]; 12001e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char b[100]; 12011e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany static char c[100]; 12021e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(a); 12031e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(b); 12041e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(c); 12051e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(a)[5] = 0; 12061e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(b)[105] = 0; 12071e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany Ident(a)[5] = 0; 12081e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 12091e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 12101e172b4bdec57329bf904f063a29f99cddf2d85fKostya SerebryanyTEST(AddressSanitizer, DISABLED_DemoTooMuchMemoryTest) { 12111e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany const size_t kAllocSize = (1 << 28) - 1024; 12121e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany size_t total_size = 0; 12131e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany while (true) { 12141e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany char *x = (char*)malloc(kAllocSize); 12151e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany memset(x, 0, kAllocSize); 12161e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany total_size += kAllocSize; 12170aa04b3f432bc55e7c116d5280685ee3f243be8eKostya Serebryany fprintf(stderr, "total: %ldM %p\n", (long)total_size >> 20, x); 12181e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany } 12191e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany} 12201e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 12214eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany// http://code.google.com/p/address-sanitizer/issues/detail?id=66 12220796393f2088e3b75c4110934451160eeb037fabKostya SerebryanyTEST(AddressSanitizer, BufferOverflowAfterManyFrees) { 12234eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany for (int i = 0; i < 1000000; i++) { 12244eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany delete [] (Ident(new char [8644])); 12254eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany } 12264eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany char *x = new char[8192]; 1227ca9b5dd9922fb7f6e0ca06dbba7db7398b8997f1Kostya Serebryany EXPECT_DEATH(x[Ident(8192)] = 0, "AddressSanitizer: heap-buffer-overflow"); 12284eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany delete [] Ident(x); 12294eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany} 12304eaa17848ed02cae465f10aa5fe095e42dbf0d61Kostya Serebryany 12311e172b4bdec57329bf904f063a29f99cddf2d85fKostya Serebryany 12325b6eab9dc5572a66e3af54ab087255ffa4dd5185Evgeniy Stepanov// Test that instrumentation of stack allocations takes into account 12335b6eab9dc5572a66e3af54ab087255ffa4dd5185Evgeniy Stepanov// AllocSize of a type, and not its StoreSize (16 vs 10 bytes for long double). 12345b6eab9dc5572a66e3af54ab087255ffa4dd5185Evgeniy Stepanov// See http://llvm.org/bugs/show_bug.cgi?id=12047 for more details. 12355b6eab9dc5572a66e3af54ab087255ffa4dd5185Evgeniy StepanovTEST(AddressSanitizer, LongDoubleNegativeTest) { 12365b6eab9dc5572a66e3af54ab087255ffa4dd5185Evgeniy Stepanov long double a, b; 12379b90e95d4dc59c6d97ed73b2470f5e21e7b346d5Kostya Serebryany static long double c; 12385b6eab9dc5572a66e3af54ab087255ffa4dd5185Evgeniy Stepanov memcpy(Ident(&a), Ident(&b), sizeof(long double)); 12399b90e95d4dc59c6d97ed73b2470f5e21e7b346d5Kostya Serebryany memcpy(Ident(&c), Ident(&b), sizeof(long double)); 124076e842845c927e92c2c21c41ac51e364fa17528cAlexey Samsonov} 124156d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy Stepanov 124256d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy StepanovTEST(AddressSanitizer, pthread_getschedparam) { 124356d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy Stepanov int policy; 124456d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy Stepanov struct sched_param param; 124530e970f769ccf11e61e472c6f8b22f8e866c592fKostya Serebryany EXPECT_DEATH( 124630e970f769ccf11e61e472c6f8b22f8e866c592fKostya Serebryany pthread_getschedparam(pthread_self(), &policy, Ident(¶m) + 2), 1247722f2e6a6125a0d5c9d453278b0f292e3410124dAlexey Samsonov "AddressSanitizer: stack-buffer-.*flow"); 124830e970f769ccf11e61e472c6f8b22f8e866c592fKostya Serebryany EXPECT_DEATH( 124930e970f769ccf11e61e472c6f8b22f8e866c592fKostya Serebryany pthread_getschedparam(pthread_self(), Ident(&policy) - 1, ¶m), 1250722f2e6a6125a0d5c9d453278b0f292e3410124dAlexey Samsonov "AddressSanitizer: stack-buffer-.*flow"); 125156d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy Stepanov int res = pthread_getschedparam(pthread_self(), &policy, ¶m); 125256d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy Stepanov ASSERT_EQ(0, res); 125356d3472104dd9fec6578e02f4895f3254e038e8eEvgeniy Stepanov} 1254