From: "Martin Liška" <mliska@suse.cz>
To: Jakub Jelinek <jakub@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope (v3)
Date: Mon, 07 Nov 2016 10:04:00 -0000 [thread overview]
Message-ID: <1d84c331-0d3d-9ae1-bda1-b29a98368038@suse.cz> (raw)
In-Reply-To: <798dcc1c-4372-1b8f-dd41-94be72a44453@suse.cz>
[-- Attachment #1: Type: text/plain, Size: 36 bytes --]
Third version of the patch.
Martin
[-- Attachment #2: 0002-Introduce-tests-for-fsanitize-address-use-after-scop.patch --]
[-- Type: text/x-patch, Size: 22559 bytes --]
From e790d926afd3d2d6ad41d14d1e91698bf651b41a Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 19 Sep 2016 17:39:29 +0200
Subject: [PATCH 2/2] Introduce tests for -fsanitize-address-use-after-scope
gcc/testsuite/ChangeLog:
2016-09-26 Martin Liska <mliska@suse.cz>
* c-c++-common/asan/force-inline-opt0-1.c: Disable
-f-sanitize-address-use-after-scope.
* c-c++-common/asan/inc.c: Change number of expected ASAN_CHECK
internal fn calls.
* g++.dg/asan/use-after-scope-1.C: New test.
* g++.dg/asan/use-after-scope-2.C: Likewise.
* g++.dg/asan/use-after-scope-3.C: Likewise.
* g++.dg/asan/use-after-scope-types-1.C: Likewise.
* g++.dg/asan/use-after-scope-types-2.C: Likewise.
* g++.dg/asan/use-after-scope-types-3.C: Likewise.
* g++.dg/asan/use-after-scope-types-4.C: Likewise.
* g++.dg/asan/use-after-scope-types-5.C: Likewise.
* g++.dg/asan/use-after-scope-types.h: Likewise.
* gcc.dg/asan/use-after-scope-1.c: Likewise.
* gcc.dg/asan/use-after-scope-2.c: Likewise.
* gcc.dg/asan/use-after-scope-3.c: Likewise.
* gcc.dg/asan/use-after-scope-4.c: Likewise.
* gcc.dg/asan/use-after-scope-5.c: Likewise.
* gcc.dg/asan/use-after-scope-6.c: Likewise.
* gcc.dg/asan/use-after-scope-7.c: Likewise.
* gcc.dg/asan/use-after-scope-8.c: Likewise.
* gcc.dg/asan/use-after-scope-9.c: Likewise.
* gcc.dg/asan/use-after-scope-switch-1.c: Likewise.
* gcc.dg/asan/use-after-scope-switch-2.c: Likewise.
* gcc.dg/asan/use-after-scope-switch-3.c: Likewise.
* gcc.dg/asan/use-after-scope-goto-1.c: Likewise.
* gcc.dg/asan/use-after-scope-goto-2.c: Likewise.
---
.../c-c++-common/asan/force-inline-opt0-1.c | 1 +
gcc/testsuite/c-c++-common/asan/inc.c | 3 +-
gcc/testsuite/g++.dg/asan/use-after-scope-1.C | 21 ++++++++++
gcc/testsuite/g++.dg/asan/use-after-scope-2.C | 40 ++++++++++++++++++
gcc/testsuite/g++.dg/asan/use-after-scope-3.C | 22 ++++++++++
.../g++.dg/asan/use-after-scope-types-1.C | 17 ++++++++
.../g++.dg/asan/use-after-scope-types-2.C | 17 ++++++++
.../g++.dg/asan/use-after-scope-types-3.C | 17 ++++++++
.../g++.dg/asan/use-after-scope-types-4.C | 17 ++++++++
.../g++.dg/asan/use-after-scope-types-5.C | 17 ++++++++
gcc/testsuite/g++.dg/asan/use-after-scope-types.h | 30 ++++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-1.c | 18 +++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-2.c | 47 ++++++++++++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-3.c | 20 +++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-4.c | 16 ++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-5.c | 27 +++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-6.c | 15 +++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-7.c | 15 +++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-8.c | 14 +++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-9.c | 20 +++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c | 47 ++++++++++++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c | 25 ++++++++++++
.../gcc.dg/asan/use-after-scope-switch-1.c | 25 ++++++++++++
.../gcc.dg/asan/use-after-scope-switch-2.c | 33 +++++++++++++++
.../gcc.dg/asan/use-after-scope-switch-3.c | 36 +++++++++++++++++
25 files changed, 559 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-1.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-2.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-3.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-types.h
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-5.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-6.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-7.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-9.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c
diff --git a/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c b/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c
index 0576155..2e156f7 100644
--- a/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c
+++ b/gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c
@@ -2,6 +2,7 @@
(before and after inlining) */
/* { dg-do compile } */
+/* { dg-options "-fno-sanitize-address-use-after-scope" } */
/* { dg-final { scan-assembler-not "__asan_report_load" } } */
__attribute__((always_inline))
diff --git a/gcc/testsuite/c-c++-common/asan/inc.c b/gcc/testsuite/c-c++-common/asan/inc.c
index 5abf373..98121d2 100644
--- a/gcc/testsuite/c-c++-common/asan/inc.c
+++ b/gcc/testsuite/c-c++-common/asan/inc.c
@@ -16,5 +16,6 @@ main ()
return 0;
}
-/* { dg-final { scan-tree-dump-times "ASAN_" 1 "asan0" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_" 4 "asan0" } } */
/* { dg-final { scan-tree-dump "ASAN_CHECK \\(.*, 4\\);" "asan0" } } */
+/* { dg-final { scan-tree-dump "ASAN_CHECK \\(.*, 8\\);" "asan0" } } */
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-1.C b/gcc/testsuite/g++.dg/asan/use-after-scope-1.C
new file mode 100644
index 0000000..fd875ad
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-1.C
@@ -0,0 +1,21 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include <functional>
+
+int main() {
+ std::function<int()> function;
+ {
+ int v = 0;
+ function = [&v]()
+ {
+ return v;
+ };
+ }
+ return function();
+}
+
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'v' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-2.C b/gcc/testsuite/g++.dg/asan/use-after-scope-2.C
new file mode 100644
index 0000000..92a4bd1
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-2.C
@@ -0,0 +1,40 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include <stdio.h>
+
+struct Test
+{
+ Test ()
+ {
+ my_value = 0;
+ }
+
+ ~Test ()
+ {
+ fprintf (stderr, "Value: %d\n", *my_value);
+ }
+
+ void init (int *v)
+ {
+ my_value = v;
+ }
+
+ int *my_value;
+};
+
+int main(int argc, char **argv)
+{
+ Test t;
+
+ {
+ int x = argc;
+ t.init(&x);
+ }
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-3.C b/gcc/testsuite/g++.dg/asan/use-after-scope-3.C
new file mode 100644
index 0000000..172f374
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-3.C
@@ -0,0 +1,22 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+struct IntHolder {
+ int val;
+};
+
+const IntHolder *saved;
+
+void save(const IntHolder &holder) {
+ saved = &holder;
+}
+
+int main(int argc, char *argv[]) {
+ save({10});
+ int x = saved->val; // BOOM
+ return x;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'<unknown>' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C
new file mode 100644
index 0000000..bedcfa4
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-1.C
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include "use-after-scope-types.h"
+
+int main()
+{
+ using Tests = void (*)();
+ Tests t = &test<bool>;
+ t();
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size " }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C
new file mode 100644
index 0000000..75a01d9
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-2.C
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include "use-after-scope-types.h"
+
+int main()
+{
+ using Tests = void (*)();
+ Tests t = &test<float>;
+ t();
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size " }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C
new file mode 100644
index 0000000..3350c69
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-3.C
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include "use-after-scope-types.h"
+
+int main()
+{
+ using Tests = void (*)();
+ Tests t = &test<void *>;
+ t();
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size " }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C
new file mode 100644
index 0000000..dd06e94
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include "use-after-scope-types.h"
+
+int main()
+{
+ using Tests = void (*)();
+ Tests t = &test<std::vector<std::string>>;
+ t();
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 8 at" }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C
new file mode 100644
index 0000000..42abc2a
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-5.C
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+#include "use-after-scope-types.h"
+
+int main()
+{
+ using Tests = void (*)();
+ Tests t = &test<char[1000]>;
+ t();
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size " }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types.h b/gcc/testsuite/g++.dg/asan/use-after-scope-types.h
new file mode 100644
index 0000000..b96b02b
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types.h
@@ -0,0 +1,30 @@
+#include <stdlib.h>
+#include <string>
+#include <vector>
+
+template <class T> struct Ptr {
+ void Store(T *ptr) { t = ptr; }
+
+ void Access() { *t = {}; }
+
+ T *t;
+};
+
+template <class T, size_t N> struct Ptr<T[N]> {
+ using Type = T[N];
+ void Store(Type *ptr) { t = *ptr; }
+
+ void Access() { *t = {}; }
+
+ T *t;
+};
+
+template <class T> __attribute__((noinline)) void test() {
+ Ptr<T> ptr;
+ {
+ T x;
+ ptr.Store(&x);
+ }
+
+ ptr.Access();
+}
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
new file mode 100644
index 0000000..bdbc97b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
@@ -0,0 +1,18 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+int
+main (void)
+{
+ char *ptr;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ }
+
+ return *(ptr+8);
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 1 at.*" }
+// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
new file mode 100644
index 0000000..dedb734
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
@@ -0,0 +1,47 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+int *bar (int *x, int *y) { return y; }
+
+int foo (void)
+{
+ char *p;
+ {
+ char a = 0;
+ p = &a;
+ }
+
+ if (*p)
+ return 1;
+ else
+ return 0;
+}
+
+int
+main (void)
+{
+ char *ptr;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ }
+
+ int a[16];
+ int *p, *q = a;
+ {
+ int b[16];
+ p = bar (a, b);
+ }
+ bar (a, q);
+ {
+ int c[16];
+ q = bar (a, c);
+ }
+ int v = *bar (a, q);
+ return v;
+}
+
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'c' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
new file mode 100644
index 0000000..9aeed51
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
@@ -0,0 +1,20 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+int
+main (void)
+{
+ char *ptr;
+ char *ptr2;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2));
+ }
+
+ *(ptr2+9) = 'c';
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size 1 at.*" }
+// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* overflows this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
new file mode 100644
index 0000000..77d7052
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
@@ -0,0 +1,16 @@
+// { dg-do run }
+
+int
+__attribute__((no_sanitize_address))
+main (void)
+{
+ char *ptr;
+ char *ptr2;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2));
+ }
+
+ *(ptr2+9) = 'c';
+}
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c
new file mode 100644
index 0000000..b53712d
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c
@@ -0,0 +1,27 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+int *ptr;
+
+__attribute__((always_inline))
+inline static void
+foo(int v)
+{
+ int values[10];
+ for (unsigned i = 0; i < 10; i++)
+ values[i] = v;
+
+ ptr = &values[3];
+}
+
+int
+main (int argc, char **argv)
+{
+ foo (argc);
+
+ return *ptr;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'values' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-6.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-6.c
new file mode 100644
index 0000000..bb13cec
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-6.c
@@ -0,0 +1,15 @@
+// { dg-do run }
+// { dg-additional-options "--param asan-stack=0" }
+
+int
+main (void)
+{
+ char *ptr;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ }
+
+ *ptr = 'c';
+ return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-7.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-7.c
new file mode 100644
index 0000000..4115205
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-7.c
@@ -0,0 +1,15 @@
+// { dg-do run }
+// { dg-additional-options "-fno-sanitize-address-use-after-scope" }
+
+int
+main (void)
+{
+ char *ptr;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ }
+
+ *ptr = 'c';
+ return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
new file mode 100644
index 0000000..b204206
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
@@ -0,0 +1,14 @@
+// { dg-do compile }
+// { dg-additional-options "-fdump-tree-asan0" }
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+int
+fn1 ()
+{
+ int x = 123;
+ register int a asm("rdi") = 123;
+
+ return x * x;
+}
+
+/* { dg-final { scan-tree-dump-not "ASAN_CHECK" "asan0" } } */
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c
new file mode 100644
index 0000000..2e30def
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c
@@ -0,0 +1,20 @@
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+int
+main (int argc, char **argv)
+{
+ int *ptr = 0;
+
+ {
+ int a;
+ ptr = &a;
+ *ptr = 12345;
+ }
+
+ return *ptr;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size .*" }
+// { dg-output ".*'a' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
new file mode 100644
index 0000000..c47a5e8
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
@@ -0,0 +1,47 @@
+// { dg-do run }
+// { dg-additional-options "-fdump-tree-asan0" }
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+int main(int argc, char **argv)
+{
+ int a = 123;
+ int b = 123;
+ int c = 123;
+ int d = 123;
+ int e = 123;
+ int f = 123;
+
+ if (argc == 0)
+ {
+ int *ptr;
+ int *ptr2;
+ int *ptr3;
+ int *ptr4;
+ int *ptr5;
+ int *ptr6;
+ label:
+ {
+ ptr = &a;
+ *ptr = 1;
+ ptr2 = &b;
+ *ptr2 = 1;
+ ptr3 = &c;
+ *ptr3 = 1;
+ ptr4 = &d;
+ *ptr4 = 1;
+ ptr5 = &e;
+ *ptr5 = 1;
+ ptr6 = &f;
+ *ptr6 = 1;
+ return 0;
+ }
+ }
+ else
+ goto label;
+
+ return 0;
+}
+
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, 4\\);" 2 "asan0" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &c, 4\\);" 2 "asan0" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &e, 4\\);" 2 "asan0" } } */
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c
new file mode 100644
index 0000000..73ef4e0
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-2.c
@@ -0,0 +1,25 @@
+// { dg-do run }
+// { dg-additional-options "-fdump-tree-asan0" }
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+int main(int argc, char **argv)
+{
+ int a = 123;
+
+ if (argc == 0)
+ {
+ int *ptr;
+ /* The label is not used in &label or goto label. Thus '&a' should be
+ marked just once. */
+ label:
+ {
+ ptr = &a;
+ *ptr = 1;
+ return 0;
+ }
+ }
+
+ return 0;
+}
+
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, 4\\);" 1 "asan0" } } */
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c
new file mode 100644
index 0000000..a834268
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-1.c
@@ -0,0 +1,25 @@
+// { dg-do run }
+// { dg-additional-options "-fdump-tree-gimple" }
+
+int
+main (int argc, char **argv)
+{
+ int *ptr = 0;
+
+ for (unsigned i = 0; i < 2; i++)
+ {
+ switch (argc)
+ {
+ int a;
+ default:
+ ptr = &a;
+ *ptr = 12345;
+ break;
+ }
+ }
+
+ return 0;
+}
+
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, \[0-9\]\\);" 2 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &a, \[0-9\]\\);" 1 "gimple" } } */
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c
new file mode 100644
index 0000000..8aeca5a
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-2.c
@@ -0,0 +1,33 @@
+// { dg-do run }
+// { dg-additional-options "-fdump-tree-gimple" }
+
+int
+main (int argc, char **argv)
+{
+ int *ptr = 0;
+ int *ptr2 = 0;
+ int *ptr3 = 0;
+
+ for (unsigned i = 0; i < 2; i++)
+ {
+ switch (argc)
+ {
+ case 1111:;
+ int a, b, c;
+ default:
+ ptr = &a;
+ ptr2 = &b;
+ ptr3 = &c;
+ break;
+ }
+ }
+
+ return 0;
+}
+
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, \[0-9\]\\);" 2 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &b, \[0-9\]\\);" 2 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &c, \[0-9\]\\);" 2 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &a, \[0-9\]\\);" 1 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &b, \[0-9\]\\);" 1 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &c, \[0-9\]\\);" 1 "gimple" } } */
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c
new file mode 100644
index 0000000..828cb7c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-switch-3.c
@@ -0,0 +1,36 @@
+// { dg-do run }
+// { dg-additional-options "-fdump-tree-gimple" }
+
+int
+main (int argc, char **argv)
+{
+ int *ptr = 0;
+
+ for (unsigned i = 0; i < 2; i++)
+ {
+ switch (argc)
+ {
+ case 11111:;
+ int a;
+ ptr = &a;
+ break;
+ {
+ default:
+ ptr = &a;
+ *ptr = 12345;
+ case 222222:
+ my_label:
+ ptr = &a;
+ break;
+ }
+ }
+ }
+
+ if (argc == 333333)
+ goto my_label;
+
+ return 0;
+}
+
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, \[0-9\]\\);" 4 "gimple" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(1, &a, \[0-9\]\\);" 1 "gimple" } } */
--
2.10.1
next prev parent reply other threads:[~2016-11-07 10:04 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-06 11:04 [PATCH, RFC] Introduce -fsanitize=use-after-scope Martin Liška
2016-05-06 11:08 ` [PATCH] Introduce tests for -fsanitize=use-after-scope Martin Liška
2016-05-11 12:56 ` Martin Liška
2016-05-06 11:16 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope Martin Liška
2016-05-06 11:48 ` Yury Gribov
2016-05-06 12:39 ` Jakub Jelinek
2016-05-06 13:07 ` Martin Liška
2016-05-06 14:22 ` Yury Gribov
2016-05-06 14:39 ` Jakub Jelinek
2016-05-10 15:03 ` Martin Liška
2016-05-10 15:15 ` Jakub Jelinek
2016-05-06 13:17 ` Martin Liška
2016-05-06 13:25 ` Jakub Jelinek
2016-05-06 14:41 ` Martin Liška
2016-05-06 14:46 ` Jakub Jelinek
2016-05-06 12:22 ` Jakub Jelinek
2016-05-11 12:54 ` Martin Liška
2016-05-12 10:42 ` Jakub Jelinek
2016-05-12 14:12 ` Martin Liška
2016-08-12 12:42 ` Martin Liška
2016-08-18 13:36 ` Jakub Jelinek
2016-10-03 9:27 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-10-03 9:30 ` [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope Martin Liška
2016-11-07 10:04 ` Martin Liška [this message]
2016-11-07 10:09 ` [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope (v3) Jakub Jelinek
2016-10-03 9:39 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Jakub Jelinek
2016-10-07 11:13 ` Jakub Jelinek
2016-10-12 14:08 ` Martin Liška
2016-10-21 14:26 ` Jakub Jelinek
2016-10-25 13:18 ` Martin Liška
2016-10-27 14:40 ` Martin Liška
2016-10-27 17:24 ` Jakub Jelinek
2016-11-01 14:48 ` Martin Liška
2016-11-01 14:54 ` Jakub Jelinek
2016-11-01 15:01 ` Martin Liška
2016-11-02 9:36 ` Martin Liška
2016-11-02 9:59 ` Jakub Jelinek
2016-11-02 10:09 ` Martin Liška
2016-11-02 10:11 ` Jakub Jelinek
2016-11-02 14:20 ` Marek Polacek
2016-11-02 14:27 ` Martin Liška
2016-11-02 14:35 ` Jakub Jelinek
2016-11-04 9:17 ` Martin Liška
2016-11-04 9:33 ` Jakub Jelinek
2016-11-04 10:59 ` Martin Liška
2016-11-07 10:03 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3) Martin Liška
2016-11-07 10:08 ` Jakub Jelinek
2016-11-08 8:58 ` Question about lambda function variables Martin Liška
2016-11-08 9:12 ` Jakub Jelinek
2016-11-08 9:35 ` Martin Liška
2016-11-07 16:07 ` Fix build of jit (was Re: [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3)) David Malcolm
2016-11-07 16:17 ` Jakub Jelinek
2016-11-08 9:38 ` Martin Liška
2016-11-08 9:41 ` Jakub Jelinek
2016-11-08 12:00 ` [PATCH] use-after-scope fallout Martin Liška
2016-11-08 12:10 ` Jakub Jelinek
2016-11-08 18:05 ` David Malcolm
2016-11-01 14:54 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-11-01 15:12 ` Jakub Jelinek
2016-11-02 9:40 ` Richard Biener
2016-11-02 9:44 ` Martin Liška
2016-11-02 9:52 ` Jakub Jelinek
2016-11-02 12:36 ` Richard Biener
2016-11-02 12:56 ` Jakub Jelinek
2016-11-02 12:59 ` Richard Biener
2016-11-02 13:06 ` Jakub Jelinek
2016-11-02 13:16 ` Richard Biener
2016-11-02 14:38 ` Martin Liška
2016-11-02 14:51 ` Jakub Jelinek
2016-11-02 15:25 ` Martin Liška
2016-11-03 13:34 ` Martin Liška
2016-11-03 13:44 ` Jakub Jelinek
2016-11-03 14:02 ` Martin Liška
2016-11-03 14:04 ` Jakub Jelinek
2016-11-03 14:18 ` Martin Liška
2016-11-16 12:25 ` [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA) Martin Liška
2016-11-16 12:53 ` Martin Liška
2016-11-16 13:07 ` Jakub Jelinek
2016-11-16 16:01 ` Martin Liška
2016-11-16 16:28 ` Jakub Jelinek
2016-11-22 11:55 ` Martin Liška
2016-11-23 13:57 ` Martin Liška
2016-11-23 14:14 ` Jakub Jelinek
2016-12-01 16:30 ` Martin Liška
2016-12-02 12:29 ` Richard Biener
2016-12-08 12:51 ` Martin Liška
2016-12-13 14:16 ` Richard Biener
2016-12-20 11:34 ` [PATCH] Speed-up use-after-scope (re-writing to SSA) (version 2) Martin Liška
2016-12-21 9:19 ` Jakub Jelinek
2016-12-22 17:11 ` Martin Liška
2016-12-22 17:28 ` Jakub Jelinek
2017-01-09 14:58 ` Martin Liška
2017-01-16 14:20 ` Jakub Jelinek
2017-01-17 16:22 ` Martin Liška
2017-01-17 16:55 ` Jakub Jelinek
2017-01-18 15:37 ` Martin Liška
2017-01-19 16:43 ` Jakub Jelinek
2017-01-20 11:55 ` Martin Liška
2017-01-20 14:27 ` Martin Liška
2017-01-20 14:30 ` Jakub Jelinek
2017-01-20 14:42 ` Markus Trippelsdorf
2017-01-23 9:38 ` Martin Liška
2017-01-23 9:39 ` Jakub Jelinek
2017-01-23 12:07 ` Martin Liška
2017-01-26 9:04 ` Thomas Schwinge
2017-01-26 10:55 ` Jakub Jelinek
2017-01-26 20:45 ` Thomas Schwinge
2017-01-26 20:52 ` Jakub Jelinek
2016-11-16 16:09 ` [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA) Martin Liška
2016-11-02 9:52 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-09-03 15:23 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d84c331-0d3d-9ae1-bda1-b29a98368038@suse.cz \
--to=mliska@suse.cz \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).