From: "Martin Liška" <mliska@suse.cz>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Jakub Jelinek <jakub@redhat.com>
Subject: Re: [PATCH] Introduce tests for -fsanitize=use-after-scope
Date: Wed, 11 May 2016 12:56:00 -0000 [thread overview]
Message-ID: <57332C04.4080001@suse.cz> (raw)
In-Reply-To: <572C7B0E.3040707@suse.cz>
[-- Attachment #1: Type: text/plain, Size: 312 bytes --]
On 05/06/2016 01:07 PM, Martin Liška wrote:
> Hi.
>
> This is a new test coverage for the new sanitizer option.
>
> Martin
Hello.
This is second version of tests. I fixed a test where a variable overflowed and
couple of tests were adopted from LLVM's testsuite (basically rewritten from scratch).
Martin
[-- Attachment #2: 0002-Introduce-tests-for-fsanitize-use-after-scope.patch --]
[-- Type: text/x-patch, Size: 8489 bytes --]
From 7dd04d12a4bf04ac18dca266f44b18e39e1d711f Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Wed, 4 May 2016 12:57:05 +0200
Subject: [PATCH 2/2] Introduce tests for -fsanitize=use-after-scope
gcc/testsuite/ChangeLog:
2016-05-10 Martin Liska <mliska@suse.cz>
* g++.dg/asan/use-after-scope-1.C: New test.
* g++.dg/asan/use-after-scope-2.C: New test.
* gcc.dg/asan/use-after-scope-1.c: New test.
* gcc.dg/asan/use-after-scope-2.c: New test.
* gcc.dg/asan/use-after-scope-3.c: New test.
* gcc.dg/asan/use-after-scope-4.c: New test.
* gcc.dg/asan/use-after-scope-5.c: New test.
* gcc.dg/asan/use-after-scope-goto-1.c: New test.
---
gcc/testsuite/g++.dg/asan/use-after-scope-1.C | 22 ++++++++++
gcc/testsuite/g++.dg/asan/use-after-scope-2.C | 41 ++++++++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-1.c | 19 +++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-2.c | 48 ++++++++++++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-3.c | 21 ++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-4.c | 17 ++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-5.c | 28 +++++++++++++
gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c | 47 +++++++++++++++++++++
8 files changed, 243 insertions(+)
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-1.C
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-2.C
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-5.c
create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-1.C b/gcc/testsuite/g++.dg/asan/use-after-scope-1.C
new file mode 100644
index 0000000..ed61aed
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-1.C
@@ -0,0 +1,22 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+// { dg-shouldfail "asan" }
+
+#include <functional>
+
+int main() {
+ std::function<int()> function;
+ {
+ int v = 0;
+ function = [&v]()
+ {
+ return v;
+ };
+ }
+ return function();
+}
+
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'v' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-2.C b/gcc/testsuite/g++.dg/asan/use-after-scope-2.C
new file mode 100644
index 0000000..d82bc88
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-2.C
@@ -0,0 +1,41 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+// { dg-shouldfail "asan" }
+
+#include <stdio.h>
+
+struct Test
+{
+ Test ()
+ {
+ my_value = 0;
+ }
+
+ ~Test ()
+ {
+ fprintf (stderr, "Value: %d\n", *my_value);
+ }
+
+ void init (int *v)
+ {
+ my_value = v;
+ }
+
+ int *my_value;
+};
+
+int main(int argc, char **argv)
+{
+ Test t;
+
+ {
+ int x = argc;
+ t.init(&x);
+ }
+
+ return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
new file mode 100644
index 0000000..1420416
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
@@ -0,0 +1,19 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+// { dg-shouldfail "asan" }
+
+int
+main (void)
+{
+ char *ptr;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ }
+
+ return *(ptr+8);
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 1 at.*" }
+// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
new file mode 100644
index 0000000..96f0082
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
@@ -0,0 +1,48 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+// { dg-shouldfail "asan" }
+
+int *bar (int *x, int *y) { return y; }
+
+int foo (void)
+{
+ char *p;
+ {
+ char a = 0;
+ p = &a;
+ }
+
+ if (*p)
+ return 1;
+ else
+ return 0;
+}
+
+int
+main (void)
+{
+ char *ptr;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ }
+
+ int a[16];
+ int *p, *q = a;
+ {
+ int b[16];
+ p = bar (a, b);
+ }
+ bar (a, q);
+ {
+ int c[16];
+ q = bar (a, c);
+ }
+ int v = *bar (a, q);
+ return v;
+}
+
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'c' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
new file mode 100644
index 0000000..5241f37
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
@@ -0,0 +1,21 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+// { dg-shouldfail "asan" }
+
+int
+main (void)
+{
+ char *ptr;
+ char *ptr2;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2));
+ }
+
+ *(ptr2+9) = 'c';
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size 1 at.*" }
+// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* overflows this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
new file mode 100644
index 0000000..d50ce5f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+
+int
+__attribute__((no_sanitize_address))
+main (void)
+{
+ char *ptr;
+ char *ptr2;
+ {
+ char my_char[9];
+ ptr = &my_char[0];
+ __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2));
+ }
+
+ *(ptr2+9) = 'c';
+}
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c
new file mode 100644
index 0000000..bcfbb1c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-5.c
@@ -0,0 +1,28 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope" }
+// { dg-shouldfail "asan" }
+
+int *ptr;
+
+__attribute__((always_inline))
+inline static void
+foo(int v)
+{
+ int values[10];
+ for (unsigned i = 0; i < 10; i++)
+ values[i] = v;
+
+ ptr = &values[3];
+}
+
+int
+main (int argc, char **argv)
+{
+ foo (argc);
+
+ return *ptr;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'values' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
new file mode 100644
index 0000000..32d5680
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
@@ -0,0 +1,47 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope -fdump-tree-asan0" }
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+int main(int argc, char **argv)
+{
+ int a = 123;
+ int b = 123;
+ int c = 123;
+ int d = 123;
+ int e = 123;
+ int f = 123;
+
+ if (argc == 0)
+ {
+ int *ptr;
+ int *ptr2;
+ int *ptr3;
+ int *ptr4;
+ int *ptr5;
+ int *ptr6;
+ label:
+ {
+ ptr = &a;
+ *ptr = 1;
+ ptr2 = &b;
+ *ptr2 = 1;
+ ptr3 = &c;
+ *ptr3 = 1;
+ ptr4 = &d;
+ *ptr4 = 1;
+ ptr5 = &e;
+ *ptr5 = 1;
+ ptr6 = &f;
+ *ptr6 = 1;
+ return 0;
+ }
+ }
+ else
+ goto label;
+
+ return 0;
+}
+
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &a, 4\\);" 2 "asan0" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &c, 4\\);" 2 "asan0" } } */
+/* { dg-final { scan-tree-dump-times "ASAN_MARK \\(2, &e, 4\\);" 2 "asan0" } } */
--
2.8.2
next prev parent reply other threads:[~2016-05-11 12:56 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-06 11:04 [PATCH, RFC] Introduce -fsanitize=use-after-scope Martin Liška
2016-05-06 11:08 ` [PATCH] Introduce tests for -fsanitize=use-after-scope Martin Liška
2016-05-11 12:56 ` Martin Liška [this message]
2016-05-06 11:16 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope Martin Liška
2016-05-06 11:48 ` Yury Gribov
2016-05-06 12:39 ` Jakub Jelinek
2016-05-06 13:07 ` Martin Liška
2016-05-06 14:22 ` Yury Gribov
2016-05-06 14:39 ` Jakub Jelinek
2016-05-10 15:03 ` Martin Liška
2016-05-10 15:15 ` Jakub Jelinek
2016-05-06 13:17 ` Martin Liška
2016-05-06 13:25 ` Jakub Jelinek
2016-05-06 14:41 ` Martin Liška
2016-05-06 14:46 ` Jakub Jelinek
2016-05-06 12:22 ` Jakub Jelinek
2016-05-11 12:54 ` Martin Liška
2016-05-12 10:42 ` Jakub Jelinek
2016-05-12 14:12 ` Martin Liška
2016-08-12 12:42 ` Martin Liška
2016-08-18 13:36 ` Jakub Jelinek
2016-10-03 9:27 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-10-03 9:30 ` [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope Martin Liška
2016-11-07 10:04 ` [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope (v3) Martin Liška
2016-11-07 10:09 ` Jakub Jelinek
2016-10-03 9:39 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Jakub Jelinek
2016-10-07 11:13 ` Jakub Jelinek
2016-10-12 14:08 ` Martin Liška
2016-10-21 14:26 ` Jakub Jelinek
2016-10-25 13:18 ` Martin Liška
2016-10-27 14:40 ` Martin Liška
2016-10-27 17:24 ` Jakub Jelinek
2016-11-01 14:48 ` Martin Liška
2016-11-01 14:54 ` Jakub Jelinek
2016-11-01 15:01 ` Martin Liška
2016-11-02 9:36 ` Martin Liška
2016-11-02 9:59 ` Jakub Jelinek
2016-11-02 10:09 ` Martin Liška
2016-11-02 10:11 ` Jakub Jelinek
2016-11-02 14:20 ` Marek Polacek
2016-11-02 14:27 ` Martin Liška
2016-11-02 14:35 ` Jakub Jelinek
2016-11-04 9:17 ` Martin Liška
2016-11-04 9:33 ` Jakub Jelinek
2016-11-04 10:59 ` Martin Liška
2016-11-07 10:03 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3) Martin Liška
2016-11-07 10:08 ` Jakub Jelinek
2016-11-08 8:58 ` Question about lambda function variables Martin Liška
2016-11-08 9:12 ` Jakub Jelinek
2016-11-08 9:35 ` Martin Liška
2016-11-07 16:07 ` Fix build of jit (was Re: [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3)) David Malcolm
2016-11-07 16:17 ` Jakub Jelinek
2016-11-08 9:38 ` Martin Liška
2016-11-08 9:41 ` Jakub Jelinek
2016-11-08 12:00 ` [PATCH] use-after-scope fallout Martin Liška
2016-11-08 12:10 ` Jakub Jelinek
2016-11-08 18:05 ` David Malcolm
2016-11-01 14:54 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-11-01 15:12 ` Jakub Jelinek
2016-11-02 9:40 ` Richard Biener
2016-11-02 9:44 ` Martin Liška
2016-11-02 9:52 ` Jakub Jelinek
2016-11-02 12:36 ` Richard Biener
2016-11-02 12:56 ` Jakub Jelinek
2016-11-02 12:59 ` Richard Biener
2016-11-02 13:06 ` Jakub Jelinek
2016-11-02 13:16 ` Richard Biener
2016-11-02 14:38 ` Martin Liška
2016-11-02 14:51 ` Jakub Jelinek
2016-11-02 15:25 ` Martin Liška
2016-11-03 13:34 ` Martin Liška
2016-11-03 13:44 ` Jakub Jelinek
2016-11-03 14:02 ` Martin Liška
2016-11-03 14:04 ` Jakub Jelinek
2016-11-03 14:18 ` Martin Liška
2016-11-16 12:25 ` [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA) Martin Liška
2016-11-16 12:53 ` Martin Liška
2016-11-16 13:07 ` Jakub Jelinek
2016-11-16 16:01 ` Martin Liška
2016-11-16 16:28 ` Jakub Jelinek
2016-11-22 11:55 ` Martin Liška
2016-11-23 13:57 ` Martin Liška
2016-11-23 14:14 ` Jakub Jelinek
2016-12-01 16:30 ` Martin Liška
2016-12-02 12:29 ` Richard Biener
2016-12-08 12:51 ` Martin Liška
2016-12-13 14:16 ` Richard Biener
2016-12-20 11:34 ` [PATCH] Speed-up use-after-scope (re-writing to SSA) (version 2) Martin Liška
2016-12-21 9:19 ` Jakub Jelinek
2016-12-22 17:11 ` Martin Liška
2016-12-22 17:28 ` Jakub Jelinek
2017-01-09 14:58 ` Martin Liška
2017-01-16 14:20 ` Jakub Jelinek
2017-01-17 16:22 ` Martin Liška
2017-01-17 16:55 ` Jakub Jelinek
2017-01-18 15:37 ` Martin Liška
2017-01-19 16:43 ` Jakub Jelinek
2017-01-20 11:55 ` Martin Liška
2017-01-20 14:27 ` Martin Liška
2017-01-20 14:30 ` Jakub Jelinek
2017-01-20 14:42 ` Markus Trippelsdorf
2017-01-23 9:38 ` Martin Liška
2017-01-23 9:39 ` Jakub Jelinek
2017-01-23 12:07 ` Martin Liška
2017-01-26 9:04 ` Thomas Schwinge
2017-01-26 10:55 ` Jakub Jelinek
2017-01-26 20:45 ` Thomas Schwinge
2017-01-26 20:52 ` Jakub Jelinek
2016-11-16 16:09 ` [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA) Martin Liška
2016-11-02 9:52 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-09-03 15:23 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57332C04.4080001@suse.cz \
--to=mliska@suse.cz \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).