llvm.org GIT mirror llvm / 64409ad
[ASan] Fix PR17867 - make sure ASan doesn't crash if use-after-scope and use-after-return are combined. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@195014 91177308-0d34-0410-b5e6-96231b3b80d8 Alexey Samsonov 7 years ago
3 changed file(s) with 42 addition(s) and 9 deletion(s). Raw diff Collapse all Expand all
425425 // Stores a place and arguments of poisoning/unpoisoning call for alloca.
426426 struct AllocaPoisonCall {
427427 IntrinsicInst *InsBefore;
428 AllocaInst *AI;
428429 uint64_t Size;
429430 bool DoPoison;
430431 };
503504 AllocaInst *AI = findAllocaForValue(II.getArgOperand(1));
504505 if (!AI) return;
505506 bool DoPoison = (ID == Intrinsic::lifetime_end);
506 AllocaPoisonCall APC = {&II, SizeValue, DoPoison};
507 AllocaPoisonCall APC = {&II, AI, SizeValue, DoPoison};
507508 AllocaPoisonCallVec.push_back(APC);
508509 }
509510
15221523 bool HavePoisonedAllocas = false;
15231524 for (size_t i = 0, n = AllocaPoisonCallVec.size(); i < n; i++) {
15241525 const AllocaPoisonCall &APC = AllocaPoisonCallVec[i];
1525 IntrinsicInst *II = APC.InsBefore;
1526 AllocaInst *AI = findAllocaForValue(II->getArgOperand(1));
1527 assert(AI);
1528 IRBuilder<> IRB(II);
1529 poisonAlloca(AI, APC.Size, IRB, APC.DoPoison);
1526 assert(APC.InsBefore);
1527 assert(APC.AI);
1528 IRBuilder<> IRB(APC.InsBefore);
1529 poisonAlloca(APC.AI, APC.Size, IRB, APC.DoPoison);
15301530 HavePoisonedAllocas |= APC.DoPoison;
15311531 }
15321532
0 ; Test handling of llvm.lifetime intrinsics in UAR mode.
1 ; RUN: opt < %s -asan -asan-use-after-return -asan-check-lifetime -S | FileCheck %s
2
3 target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
4
5 declare void @llvm.lifetime.start(i64, i8* nocapture) nounwind
6 declare void @llvm.lifetime.end(i64, i8* nocapture) nounwind
7
8 define i32 @basic_test() sanitize_address {
9 ; CHECK-LABEL: define i32 @basic_test()
10
11 entry:
12 %retval = alloca i32, align 4
13 %c = alloca i8, align 1
14
15 call void @llvm.lifetime.start(i64 1, i8* %c)
16 ; Memory is unpoisoned at llvm.lifetime.start
17 ; CHECK: call void @__asan_unpoison_stack_memory(i64 %{{[^ ]+}}, i64 1)
18
19 store i32 0, i32* %retval
20 store i8 0, i8* %c, align 1
21
22 call void @llvm.lifetime.end(i64 1, i8* %c)
23 ; Memory is poisoned at llvm.lifetime.end
24 ; CHECK: call void @__asan_poison_stack_memory(i64 %{{[^ ]+}}, i64 1)
25
26 ; No need to unpoison memory at function exit in UAR mode.
27 ; CHECK-NOT: @__asan_unpoison_stack_memory
28 ; CHECK: ret void
29
30 ret i32 0
31 }
32
1414 call void @llvm.lifetime.end(i64 -1, i8* %i.ptr)
1515
1616 ; Check that lifetime with no size are ignored.
17 ; CHECK: @lifetime_no_size
17 ; CHECK-LABEL: define void @lifetime_no_size()
1818 ; CHECK-NOT: @__asan_poison_stack_memory
1919 ; CHECK-NOT: @__asan_unpoison_stack_memory
2020 ; CHECK: ret void
2323
2424 ; Generic case of lifetime analysis.
2525 define void @lifetime() sanitize_address {
26 ; CHECK: @lifetime
26 ; CHECK-LABEL: define void @lifetime()
2727
2828 ; Regular variable lifetime intrinsics.
2929 %i = alloca i32, align 4
6161
6262 ; Check that arguments of lifetime may come from phi nodes.
6363 define void @phi_args(i1 %x) sanitize_address {
64 ; CHECK: @phi_args
64 ; CHECK-LABEL: define void @phi_args(i1 %x)
6565
6666 entry:
6767 %i = alloca i64, align 4