From patchwork Mon Nov 7 10:04:23 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Martin_Li=C5=A1ka?= X-Patchwork-Id: 81021 Delivered-To: patch@linaro.org Received: by 10.182.113.165 with SMTP id iz5csp1023782obb; Mon, 7 Nov 2016 02:04:55 -0800 (PST) X-Received: by 10.99.44.84 with SMTP id s81mr9598011pgs.153.1478513095918; Mon, 07 Nov 2016 02:04:55 -0800 (PST) Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id sx8si25265975pab.170.2016.11.07.02.04.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Nov 2016 02:04:55 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-return-440588-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org; spf=pass (google.com: domain of gcc-patches-return-440588-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=gcc-patches-return-440588-patch=linaro.org@gcc.gnu.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type; q=dns; s=default; b=QZAmuYVV3PIMKWftl tMVRtOxHivfR2DMEK3y38XQWp7E49EXzWtLLxJC+eQoJWa80RXOb0HignhgOjU/X FIS4QEYhTum5wp+MghvswPjjgsU+7F+3DZdfl5ZryKPqhpCX51eAxdVKMWKiUXrs ClII/yI4nW8EVsWkXtAgcZMJI8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type; s=default; bh=5VilvKquKJJPo6mzx1j8/0g 8BVg=; b=b4oA8MUS8w1ZoP1hP3nr02GeLuFbnw3vgYGHJLxn/e1uNsQGxnNhorX od4z/IcZ9VhfrXBKCYbEEqmGonO36KaHKGNYlvP9CJU8Q4YYF9JPCVGXsLWj5hHE 8aBEQo/wmiSsSA/QBA99WCEK85v0wR3jeUzTBAO0I+mAIYS9/qY4= Received: (qmail 30552 invoked by alias); 7 Nov 2016 10:04:36 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 30522 invoked by uid 89); 7 Nov 2016 10:04:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, SPF_PASS autolearn=ham version=3.3.2 spammy=*x, *a, 1, 21, boom X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 07 Nov 2016 10:04:25 +0000 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 7A0ECAAB7; Mon, 7 Nov 2016 10:04:23 +0000 (UTC) Subject: Re: [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope (v3) To: Jakub Jelinek References: <572C7A3E.4000905@suse.cz> <20160506122225.GH26501@tucnak.zalov.cz> <57332B69.4040001@suse.cz> <20160512104156.GY28550@tucnak.redhat.com> <57348F45.5020700@suse.cz> <20160818133609.GN14857@tucnak.redhat.com> <98f408c5-7e1e-6fd8-e589-34f8de2f4455@suse.cz> <798dcc1c-4372-1b8f-dd41-94be72a44453@suse.cz> Cc: GCC Patches From: =?UTF-8?Q?Martin_Li=c5=a1ka?= Message-ID: <1d84c331-0d3d-9ae1-bda1-b29a98368038@suse.cz> Date: Mon, 7 Nov 2016 11:04:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <798dcc1c-4372-1b8f-dd41-94be72a44453@suse.cz> X-IsSubscribed: yes Third version of the patch. Martin >From e790d926afd3d2d6ad41d14d1e91698bf651b41a Mon Sep 17 00:00:00 2001 From: marxin Date: Mon, 19 Sep 2016 17:39:29 +0200 Subject: [PATCH 2/2] Introduce tests for -fsanitize-address-use-after-scope gcc/testsuite/ChangeLog: 2016-09-26 Martin Liska * c-c++-common/asan/force-inline-opt0-1.c: Disable -f-sanitize-address-use-after-scope. * c-c++-common/asan/inc.c: Change number of expected ASAN_CHECK internal fn calls. * g++.dg/asan/use-after-scope-1.C: New test. * g++.dg/asan/use-after-scope-2.C: Likewise. * g++.dg/asan/use-after-scope-3.C: Likewise. * g++.dg/asan/use-after-scope-types-1.C: Likewise. * g++.dg/asan/use-after-scope-types-2.C: Likewise. * g++.dg/asan/use-after-scope-types-3.C: Likewise. * g++.dg/asan/use-after-scope-types-4.C: Likewise. * g++.dg/asan/use-after-scope-types-5.C: Likewise. * g++.dg/asan/use-after-scope-types.h: Likewise. * gcc.dg/asan/use-after-scope-1.c: Likewise. * gcc.dg/asan/use-after-scope-2.c: Likewise. * gcc.dg/asan/use-after-scope-3.c: Likewise. * gcc.dg/asan/use-after-scope-4.c: Likewise. * gcc.dg/asan/use-after-scope-5.c: Likewise. * gcc.dg/asan/use-after-scope-6.c: Likewise. * gcc.dg/asan/use-after-scope-7.c: Likewise. * gcc.dg/asan/use-after-scope-8.c: Likewise. * gcc.dg/asan/use-after-scope-9.c: Likewise. * gcc.dg/asan/use-after-scope-switch-1.c: Likewise. * gcc.dg/asan/use-after-scope-switch-2.c: Likewise. * gcc.dg/asan/use-after-scope-switch-3.c: Likewise. * gcc.dg/asan/use-after-scope-goto-1.c: Likewise. * gcc.dg/asan/use-after-scope-goto-2.c: Likewise. --- .../c-c++-common/asan/force-inline-opt0-1.c | 1 + gcc/testsuite/c-c++-common/asan/inc.c | 3 +- gcc/testsuite/g++.dg/asan/use-after-scope-1.C | 21 ++++++++++ gcc/testsuite/g++.dg/asan/use-after-scope-2.C | 40 ++++++++++++++++++ gcc/testsuite/g++.dg/asan/use-after-scope-3.C | 22 ++++++++++ .../g++.dg/asan/use-after-scope-types-1.C | 17 ++++++++ .../g++.dg/asan/use-after-scope-types-2.C | 17 ++++++++ .../g++.dg/asan/use-after-scope-types-3.C | 17 ++++++++ .../g++.dg/asan/use-after-scope-types-4.C | 17 ++++++++ .../g++.dg/asan/use-after-scope-types-5.C | 17 ++++++++ gcc/testsuite/g++.dg/asan/use-after-scope-types.h | 30 ++++++++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-1.c | 18 +++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-2.c | 47 ++++++++++++++++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-3.c | 20 +++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-4.c | 16 ++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-5.c | 27 +++++++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-6.c | 15 +++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-7.c | 15 +++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-8.c | 14 +++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-9.c | 20 +++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c | 47 ++++++++++++++++++++++ gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c | 25 ++++++++++++ .../gcc.dg/asan/use-after-scope-switch-1.c | 25 ++++++++++++ .../gcc.dg/asan/use-after-scope-switch-2.c | 33 +++++++++++++++ .../gcc.dg/asan/use-after-scope-switch-3.c | 36 +++++++++++++++++ 25 files changed, 559 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-1.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-2.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-3.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types.h create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-1.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-2.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-3.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-4.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-5.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-6.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-7.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-8.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-9.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c diff --git a/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c b/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c index 0576155..2e156f7 100644 --- a/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c +++ b/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c @@ -2,6 +2,7 @@ (before and after inlining) */ /* { dg-do compile } */ +/* { dg-options "-fno-sanitize-address-use-after-scope" } */ /* { dg-final { scan-assembler-not "__asan_report_load" } } */ __attribute__((always_inline)) diff --git a/gcc/testsuite/c-c++-common/asan/inc.c b/gcc/testsuite/c-c++-common/asan/inc.c index 5abf373..98121d2 100644 --- a/gcc/testsuite/c-c++-common/asan/inc.c +++ b/gcc/testsuite/c-c++-common/asan/inc.c @@ -16,5 +16,6 @@ main () return 0; } -/* { dg-final { scan-tree-dump-times "ASAN_" 1 "asan0" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_" 4 "asan0" } } */ /* { dg-final { scan-tree-dump "ASAN_CHECK \\(.*, 4\\);" "asan0" } } */ +/* { dg-final { scan-tree-dump "ASAN_CHECK \\(.*, 8\\);" "asan0" } } */ diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-1.C b/gcc/testsuite/g++.dg/asan/use-after-scope-1.C new file mode 100644 index 0000000..fd875ad --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-1.C @@ -0,0 +1,21 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include + +int main() { + std::function function; + { + int v = 0; + function = [&v]() + { + return v; + }; + } + return function(); +} + + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 4 at.*" } +// { dg-output ".*'v' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-2.C b/gcc/testsuite/g++.dg/asan/use-after-scope-2.C new file mode 100644 index 0000000..92a4bd1 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-2.C @@ -0,0 +1,40 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include + +struct Test +{ + Test () + { + my_value = 0; + } + + ~Test () + { + fprintf (stderr, "Value: %d\n", *my_value); + } + + void init (int *v) + { + my_value = v; + } + + int *my_value; +}; + +int main(int argc, char **argv) +{ + Test t; + + { + int x = argc; + t.init(&x); + } + + return 0; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 4 at.*" } +// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-3.C b/gcc/testsuite/g++.dg/asan/use-after-scope-3.C new file mode 100644 index 0000000..172f374 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-3.C @@ -0,0 +1,22 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +struct IntHolder { + int val; +}; + +const IntHolder *saved; + +void save(const IntHolder &holder) { + saved = &holder; +} + +int main(int argc, char *argv[]) { + save({10}); + int x = saved->val; // BOOM + return x; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 4 at.*" } +// { dg-output ".*'' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C new file mode 100644 index 0000000..bedcfa4 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C @@ -0,0 +1,17 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include "use-after-scope-types.h" + +int main() +{ + using Tests = void (*)(); + Tests t = &test; + t(); + + return 0; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "WRITE of size " } +// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C new file mode 100644 index 0000000..75a01d9 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C @@ -0,0 +1,17 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include "use-after-scope-types.h" + +int main() +{ + using Tests = void (*)(); + Tests t = &test; + t(); + + return 0; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "WRITE of size " } +// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C new file mode 100644 index 0000000..3350c69 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C @@ -0,0 +1,17 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include "use-after-scope-types.h" + +int main() +{ + using Tests = void (*)(); + Tests t = &test; + t(); + + return 0; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "WRITE of size " } +// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C new file mode 100644 index 0000000..dd06e94 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C @@ -0,0 +1,17 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include "use-after-scope-types.h" + +int main() +{ + using Tests = void (*)(); + Tests t = &test>; + t(); + + return 0; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 8 at" } +// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C new file mode 100644 index 0000000..42abc2a --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C @@ -0,0 +1,17 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include "use-after-scope-types.h" + +int main() +{ + using Tests = void (*)(); + Tests t = &test; + t(); + + return 0; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "WRITE of size " } +// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types.h b/gcc/testsuite/g++.dg/asan/use-after-scope-types.h new file mode 100644 index 0000000..b96b02b --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types.h @@ -0,0 +1,30 @@ +#include +#include +#include + +template struct Ptr { + void Store(T *ptr) { t = ptr; } + + void Access() { *t = {}; } + + T *t; +}; + +template struct Ptr { + using Type = T[N]; + void Store(Type *ptr) { t = *ptr; } + + void Access() { *t = {}; } + + T *t; +}; + +template __attribute__((noinline)) void test() { + Ptr ptr; + { + T x; + ptr.Store(&x); + } + + ptr.Access(); +} diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c new file mode 100644 index 0000000..bdbc97b --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c @@ -0,0 +1,18 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +int +main (void) +{ + char *ptr; + { + char my_char[9]; + ptr = &my_char[0]; + } + + return *(ptr+8); +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 1 at.*" } +// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c new file mode 100644 index 0000000..dedb734 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c @@ -0,0 +1,47 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +int *bar (int *x, int *y) { return y; } + +int foo (void) +{ + char *p; + { + char a = 0; + p = &a; + } + + if (*p) + return 1; + else + return 0; +} + +int +main (void) +{ + char *ptr; + { + char my_char[9]; + ptr = &my_char[0]; + } + + int a[16]; + int *p, *q = a; + { + int b[16]; + p = bar (a, b); + } + bar (a, q); + { + int c[16]; + q = bar (a, c); + } + int v = *bar (a, q); + return v; +} + + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 4 at.*" } +// { dg-output ".*'c' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c new file mode 100644 index 0000000..9aeed51 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c @@ -0,0 +1,20 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +int +main (void) +{ + char *ptr; + char *ptr2; + { + char my_char[9]; + ptr = &my_char[0]; + __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2)); + } + + *(ptr2+9) = 'c'; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "WRITE of size 1 at.*" } +// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* overflows this variable.*" } diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c new file mode 100644 index 0000000..77d7052 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c @@ -0,0 +1,16 @@ +// { dg-do run } + +int +__attribute__((no_sanitize_address)) +main (void) +{ + char *ptr; + char *ptr2; + { + char my_char[9]; + ptr = &my_char[0]; + __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2)); + } + + *(ptr2+9) = 'c'; +} diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c new file mode 100644 index 0000000..b53712d --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c @@ -0,0 +1,27 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +int *ptr; + +__attribute__((always_inline)) +inline static void +foo(int v) +{ + int values[10]; + for (unsigned i = 0; i < 10; i++) + values[i] = v; + + ptr = &values[3]; +} + +int +main (int argc, char **argv) +{ + foo (argc); + + return *ptr; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size 4 at.*" } +// { dg-output ".*'values' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-6.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-6.c new file mode 100644 index 0000000..bb13cec --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-6.c @@ -0,0 +1,15 @@ +// { dg-do run } +// { dg-additional-options "--param asan-stack=0" } + +int +main (void) +{ + char *ptr; + { + char my_char[9]; + ptr = &my_char[0]; + } + + *ptr = 'c'; + return 0; +} diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-7.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-7.c new file mode 100644 index 0000000..4115205 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-7.c @@ -0,0 +1,15 @@ +// { dg-do run } +// { dg-additional-options "-fno-sanitize-address-use-after-scope" } + +int +main (void) +{ + char *ptr; + { + char my_char[9]; + ptr = &my_char[0]; + } + + *ptr = 'c'; + return 0; +} diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c new file mode 100644 index 0000000..b204206 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c @@ -0,0 +1,14 @@ +// { dg-do compile } +// { dg-additional-options "-fdump-tree-asan0" } +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */ + +int +fn1 () +{ + int x = 123; + register int a asm("rdi") = 123; + + return x * x; +} + +/* { dg-final { scan-tree-dump-not "ASAN_CHECK" "asan0" } } */ diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c new file mode 100644 index 0000000..2e30def --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c @@ -0,0 +1,20 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +int +main (int argc, char **argv) +{ + int *ptr = 0; + + { + int a; + ptr = &a; + *ptr = 12345; + } + + return *ptr; +} + +// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } +// { dg-output "READ of size .*" } +// { dg-output ".*'a' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c new file mode 100644 index 0000000..c47a5e8 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c @@ -0,0 +1,47 @@ +// { dg-do run } +// { dg-additional-options "-fdump-tree-asan0" } +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */ + +int main(int argc, char **argv) +{ + int a = 123; + int b = 123; + int c = 123; + int d = 123; + int e = 123; + int f = 123; + + if (argc == 0) + { + int *ptr; + int *ptr2; + int *ptr3; + int *ptr4; + int *ptr5; + int *ptr6; + label: + { + ptr = &a; + *ptr = 1; + ptr2 = &b; + *ptr2 = 1; + ptr3 = &c; + *ptr3 = 1; + ptr4 = &d; + *ptr4 = 1; + ptr5 = &e; + *ptr5 = 1; + ptr6 = &f; + *ptr6 = 1; + return 0; + } + } + else + goto label; + + return 0; +} + +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, 4\\);" 2 "asan0" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &c, 4\\);" 2 "asan0" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &e, 4\\);" 2 "asan0" } } */ diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c new file mode 100644 index 0000000..73ef4e0 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c @@ -0,0 +1,25 @@ +// { dg-do run } +// { dg-additional-options "-fdump-tree-asan0" } +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */ + +int main(int argc, char **argv) +{ + int a = 123; + + if (argc == 0) + { + int *ptr; + /* The label is not used in &label or goto label. Thus '&a' should be + marked just once. */ + label: + { + ptr = &a; + *ptr = 1; + return 0; + } + } + + return 0; +} + +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, 4\\);" 1 "asan0" } } */ diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c new file mode 100644 index 0000000..a834268 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c @@ -0,0 +1,25 @@ +// { dg-do run } +// { dg-additional-options "-fdump-tree-gimple" } + +int +main (int argc, char **argv) +{ + int *ptr = 0; + + for (unsigned i = 0; i < 2; i++) + { + switch (argc) + { + int a; + default: + ptr = &a; + *ptr = 12345; + break; + } + } + + return 0; +} + +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, \[0-9\]\\);" 2 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &a, \[0-9\]\\);" 1 "gimple" } } */ diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c new file mode 100644 index 0000000..8aeca5a --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c @@ -0,0 +1,33 @@ +// { dg-do run } +// { dg-additional-options "-fdump-tree-gimple" } + +int +main (int argc, char **argv) +{ + int *ptr = 0; + int *ptr2 = 0; + int *ptr3 = 0; + + for (unsigned i = 0; i < 2; i++) + { + switch (argc) + { + case 1111:; + int a, b, c; + default: + ptr = &a; + ptr2 = &b; + ptr3 = &c; + break; + } + } + + return 0; +} + +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, \[0-9\]\\);" 2 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &b, \[0-9\]\\);" 2 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &c, \[0-9\]\\);" 2 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &a, \[0-9\]\\);" 1 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &b, \[0-9\]\\);" 1 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &c, \[0-9\]\\);" 1 "gimple" } } */ diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c new file mode 100644 index 0000000..828cb7c --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c @@ -0,0 +1,36 @@ +// { dg-do run } +// { dg-additional-options "-fdump-tree-gimple" } + +int +main (int argc, char **argv) +{ + int *ptr = 0; + + for (unsigned i = 0; i < 2; i++) + { + switch (argc) + { + case 11111:; + int a; + ptr = &a; + break; + { + default: + ptr = &a; + *ptr = 12345; + case 222222: + my_label: + ptr = &a; + break; + } + } + } + + if (argc == 333333) + goto my_label; + + return 0; +} + +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, \[0-9\]\\);" 4 "gimple" } } */ +/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &a, \[0-9\]\\);" 1 "gimple" } } */ -- 2.10.1