[ASan] Fix PR17867 - make sure ASan doesn't crash if use-after-scope and use-after-return are combined.

llvm-svn: 195014
This commit is contained in:
Alexey Samsonov 2013-11-18 14:53:55 +00:00
parent 464c1cbc3f
commit a788b940f7
3 changed files with 42 additions and 9 deletions

View File

@ -426,6 +426,7 @@ struct FunctionStackPoisoner : public InstVisitor<FunctionStackPoisoner> {
// Stores a place and arguments of poisoning/unpoisoning call for alloca.
struct AllocaPoisonCall {
IntrinsicInst *InsBefore;
AllocaInst *AI;
uint64_t Size;
bool DoPoison;
};
@ -504,7 +505,7 @@ struct FunctionStackPoisoner : public InstVisitor<FunctionStackPoisoner> {
AllocaInst *AI = findAllocaForValue(II.getArgOperand(1));
if (!AI) return;
bool DoPoison = (ID == Intrinsic::lifetime_end);
AllocaPoisonCall APC = {&II, SizeValue, DoPoison};
AllocaPoisonCall APC = {&II, AI, SizeValue, DoPoison};
AllocaPoisonCallVec.push_back(APC);
}
@ -1523,11 +1524,10 @@ void FunctionStackPoisoner::poisonStack() {
bool HavePoisonedAllocas = false;
for (size_t i = 0, n = AllocaPoisonCallVec.size(); i < n; i++) {
const AllocaPoisonCall &APC = AllocaPoisonCallVec[i];
IntrinsicInst *II = APC.InsBefore;
AllocaInst *AI = findAllocaForValue(II->getArgOperand(1));
assert(AI);
IRBuilder<> IRB(II);
poisonAlloca(AI, APC.Size, IRB, APC.DoPoison);
assert(APC.InsBefore);
assert(APC.AI);
IRBuilder<> IRB(APC.InsBefore);
poisonAlloca(APC.AI, APC.Size, IRB, APC.DoPoison);
HavePoisonedAllocas |= APC.DoPoison;
}

View File

@ -0,0 +1,33 @@
; Test handling of llvm.lifetime intrinsics in UAR mode.
; RUN: opt < %s -asan -asan-use-after-return -asan-check-lifetime -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
declare void @llvm.lifetime.start(i64, i8* nocapture) nounwind
declare void @llvm.lifetime.end(i64, i8* nocapture) nounwind
define i32 @basic_test() sanitize_address {
; CHECK-LABEL: define i32 @basic_test()
entry:
%retval = alloca i32, align 4
%c = alloca i8, align 1
call void @llvm.lifetime.start(i64 1, i8* %c)
; Memory is unpoisoned at llvm.lifetime.start
; CHECK: call void @__asan_unpoison_stack_memory(i64 %{{[^ ]+}}, i64 1)
store i32 0, i32* %retval
store i8 0, i8* %c, align 1
call void @llvm.lifetime.end(i64 1, i8* %c)
; Memory is poisoned at llvm.lifetime.end
; CHECK: call void @__asan_poison_stack_memory(i64 %{{[^ ]+}}, i64 1)
; No need to unpoison memory at function exit in UAR mode.
; CHECK-NOT: @__asan_unpoison_stack_memory
; CHECK: ret void
ret i32 0
}

View File

@ -15,7 +15,7 @@ entry:
call void @llvm.lifetime.end(i64 -1, i8* %i.ptr)
; Check that lifetime with no size are ignored.
; CHECK: @lifetime_no_size
; CHECK-LABEL: define void @lifetime_no_size()
; CHECK-NOT: @__asan_poison_stack_memory
; CHECK-NOT: @__asan_unpoison_stack_memory
; CHECK: ret void
@ -24,7 +24,7 @@ entry:
; Generic case of lifetime analysis.
define void @lifetime() sanitize_address {
; CHECK: @lifetime
; CHECK-LABEL: define void @lifetime()
; Regular variable lifetime intrinsics.
%i = alloca i32, align 4
@ -62,7 +62,7 @@ define void @lifetime() sanitize_address {
; Check that arguments of lifetime may come from phi nodes.
define void @phi_args(i1 %x) sanitize_address {
; CHECK: @phi_args
; CHECK-LABEL: define void @phi_args(i1 %x)
entry:
%i = alloca i64, align 4