Home | History | Annotate | Download | only in AddressSanitizer 
      1 ; RUN: opt < %s -asan -asan-module -asan-stack-dynamic-alloca \
      2 ; RUN:       -asan-use-after-return -S | FileCheck %s
      3 target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
      4 target triple = "x86_64-unknown-linux-gnu"
      5 
      6 define void @Func1() sanitize_address {
      7 entry:
      8 ; CHECK-LABEL: Func1
      9 
     10 ; CHECK: entry:
     11 ; CHECK: load i32, i32* @__asan_option_detect_stack_use_after_return
     12 
     13 ; CHECK: <label>:[[UAR_ENABLED_BB:[0-9]+]]
     14 ; CHECK: [[FAKE_STACK_RT:%[0-9]+]] = call i64 @__asan_stack_malloc_
     15 
     16 ; CHECK: <label>:[[FAKE_STACK_BB:[0-9]+]]
     17 ; CHECK: [[FAKE_STACK:%[0-9]+]] = phi i64 [ 0, %entry ], [ [[FAKE_STACK_RT]], %[[UAR_ENABLED_BB]] ]
     18 ; CHECK: icmp eq i64 [[FAKE_STACK]], 0
     19 
     20 ; CHECK: <label>:[[NO_FAKE_STACK_BB:[0-9]+]]
     21 ; CHECK: %MyAlloca = alloca i8, i64
     22 ; CHECK: [[ALLOCA:%[0-9]+]] = ptrtoint i8* %MyAlloca
     23 
     24 ; CHECK: phi i64 [ [[FAKE_STACK]], %[[FAKE_STACK_BB]] ], [ [[ALLOCA]], %[[NO_FAKE_STACK_BB]] ]
     25 
     26 ; CHECK: ret void
     27 
     28   %XXX = alloca [20 x i8], align 1
     29   %arr.ptr = bitcast [20 x i8]* %XXX to i8*
     30   store volatile i8 0, i8* %arr.ptr
     31   ret void
     32 }
     33 
     34 ; Test that dynamic alloca is not used for functions with inline assembly.
     35 define void @Func2() sanitize_address {
     36 entry:
     37 ; CHECK-LABEL: Func2
     38 ; CHECK: alloca [96 x i8]
     39 ; CHECK: ret void
     40 
     41   %XXX = alloca [20 x i8], align 1
     42   %arr.ptr = bitcast [20 x i8]* %XXX to i8*
     43   store volatile i8 0, i8* %arr.ptr
     44   call void asm sideeffect "mov %%rbx, %%rcx", "~{dirflag},~{fpsr},~{flags}"() nounwind
     45   ret void
     46 }
     47 
     48 ; Test that dynamic alloca is not used when setjmp is present.
     49 %struct.__jmp_buf_tag = type { [8 x i64], i32, %struct.__sigset_t }
     50 %struct.__sigset_t = type { [16 x i64] }
     51 @_ZL3buf = internal global [1 x %struct.__jmp_buf_tag] zeroinitializer, align 16
     52 
     53 define void @Func3() uwtable sanitize_address {
     54 ; CHECK-LABEL: define void @Func3
     55 ; CHECK-NOT: __asan_option_detect_stack_use_after_return
     56 ; CHECK-NOT: __asan_stack_malloc
     57 ; CHECK: call void @__asan_handle_no_return
     58 ; CHECK: call void @longjmp
     59 ; CHECK: ret void
     60 entry:
     61   %a = alloca i32, align 4
     62   %call = call i32 @_setjmp(%struct.__jmp_buf_tag* getelementptr inbounds ([1 x %struct.__jmp_buf_tag], [1 x %struct.__jmp_buf_tag]* @_ZL3buf, i32 0, i32 0)) nounwind returns_twice
     63   %cmp = icmp eq i32 0, %call
     64   br i1 %cmp, label %if.then, label %if.end
     65 
     66 if.then:                                          ; preds = %entry
     67   call void @longjmp(%struct.__jmp_buf_tag* getelementptr inbounds ([1 x %struct.__jmp_buf_tag], [1 x %struct.__jmp_buf_tag]* @_ZL3buf, i32 0, i32 0), i32 1) noreturn nounwind
     68   unreachable
     69 
     70 if.end:                                           ; preds = %entry
     71   call void @_Z10escape_ptrPi(i32* %a)
     72   ret void
     73 }
     74 
     75 declare i32 @_setjmp(%struct.__jmp_buf_tag*) nounwind returns_twice
     76 declare void @longjmp(%struct.__jmp_buf_tag*, i32) noreturn nounwind
     77 declare void @_Z10escape_ptrPi(i32*)
     78