1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
; Test basic address sanitizer instrumentation.
;
; RUN: opt < %s -asan -asan-module -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu"
define i32 @test_load(i32* %a) sanitize_address {
; CHECK-LABEL: @test_load
; CHECK-NOT: load
; CHECK: %[[LOAD_ADDR:[^ ]*]] = ptrtoint i32* %a to i64
; CHECK: lshr i64 %[[LOAD_ADDR]], 3
; CHECK: {{or|add}}
; CHECK: %[[LOAD_SHADOW_PTR:[^ ]*]] = inttoptr
; CHECK: %[[LOAD_SHADOW:[^ ]*]] = load i8, i8* %[[LOAD_SHADOW_PTR]]
; CHECK: icmp ne i8
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}!prof ![[PROF:[0-9]+]]
;
; First instrumentation block refines the shadow test.
; CHECK: and i64 %[[LOAD_ADDR]], 7
; CHECK: add i64 %{{.*}}, 3
; CHECK: trunc i64 %{{.*}} to i8
; CHECK: icmp sge i8 %{{.*}}, %[[LOAD_SHADOW]]
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
;
; The crash block reports the error.
; CHECK: call void @__asan_report_load4(i64 %[[LOAD_ADDR]])
; CHECK: unreachable
;
; The actual load.
; CHECK: %tmp1 = load i32, i32* %a
; CHECK: ret i32 %tmp1
entry:
%tmp1 = load i32, i32* %a, align 4
ret i32 %tmp1
}
define void @test_store(i32* %a) sanitize_address {
; CHECK-LABEL: @test_store
; CHECK-NOT: store
; CHECK: %[[STORE_ADDR:[^ ]*]] = ptrtoint i32* %a to i64
; CHECK: lshr i64 %[[STORE_ADDR]], 3
; CHECK: {{or|add}}
; CHECK: %[[STORE_SHADOW_PTR:[^ ]*]] = inttoptr
; CHECK: %[[STORE_SHADOW:[^ ]*]] = load i8, i8* %[[STORE_SHADOW_PTR]]
; CHECK: icmp ne i8
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
;
; First instrumentation block refines the shadow test.
; CHECK: and i64 %[[STORE_ADDR]], 7
; CHECK: add i64 %{{.*}}, 3
; CHECK: trunc i64 %{{.*}} to i8
; CHECK: icmp sge i8 %{{.*}}, %[[STORE_SHADOW]]
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
;
; The crash block reports the error.
; CHECK: call void @__asan_report_store4(i64 %[[STORE_ADDR]])
; CHECK: unreachable
;
; The actual load.
; CHECK: store i32 42, i32* %a
; CHECK: ret void
;
entry:
store i32 42, i32* %a, align 4
ret void
}
; Check that asan leaves just one alloca.
declare void @alloca_test_use([10 x i8]*)
define void @alloca_test() sanitize_address {
entry:
%x = alloca [10 x i8], align 1
%y = alloca [10 x i8], align 1
%z = alloca [10 x i8], align 1
call void @alloca_test_use([10 x i8]* %x)
call void @alloca_test_use([10 x i8]* %y)
call void @alloca_test_use([10 x i8]* %z)
ret void
}
; CHECK-LABEL: define void @alloca_test()
; CHECK: = alloca
; CHECK-NOT: = alloca
; CHECK: ret void
define void @LongDoubleTest(x86_fp80* nocapture %a) nounwind uwtable sanitize_address {
entry:
store x86_fp80 0xK3FFF8000000000000000, x86_fp80* %a, align 16
ret void
}
; CHECK-LABEL: LongDoubleTest
; CHECK: __asan_report_store_n
; CHECK: __asan_report_store_n
; CHECK: ret void
define void @i40test(i40* %a, i40* %b) nounwind uwtable sanitize_address {
entry:
%t = load i40, i40* %a
store i40 %t, i40* %b, align 8
ret void
}
; CHECK-LABEL: i40test
; CHECK: __asan_report_load_n{{.*}}, i64 5)
; CHECK: __asan_report_load_n{{.*}}, i64 5)
; CHECK: __asan_report_store_n{{.*}}, i64 5)
; CHECK: __asan_report_store_n{{.*}}, i64 5)
; CHECK: ret void
define void @i64test_align1(i64* %b) nounwind uwtable sanitize_address {
entry:
store i64 0, i64* %b, align 1
ret void
}
; CHECK-LABEL: i64test_align1
; CHECK: __asan_report_store_n{{.*}}, i64 8)
; CHECK: __asan_report_store_n{{.*}}, i64 8)
; CHECK: ret void
define void @i80test(i80* %a, i80* %b) nounwind uwtable sanitize_address {
entry:
%t = load i80, i80* %a
store i80 %t, i80* %b, align 8
ret void
}
; CHECK-LABEL: i80test
; CHECK: __asan_report_load_n{{.*}}, i64 10)
; CHECK: __asan_report_load_n{{.*}}, i64 10)
; CHECK: __asan_report_store_n{{.*}}, i64 10)
; CHECK: __asan_report_store_n{{.*}}, i64 10)
; CHECK: ret void
; asan should not instrument functions with available_externally linkage.
define available_externally i32 @f_available_externally(i32* %a) sanitize_address {
entry:
%tmp1 = load i32, i32* %a
ret i32 %tmp1
}
; CHECK-LABEL: @f_available_externally
; CHECK-NOT: __asan_report
; CHECK: ret i32
declare void @llvm.memset.p0i8.i64(i8* nocapture, i8, i64, i32, i1) nounwind
declare void @llvm.memmove.p0i8.p0i8.i64(i8* nocapture, i8* nocapture readonly, i64, i32, i1) nounwind
declare void @llvm.memcpy.p0i8.p0i8.i64(i8* nocapture, i8* nocapture readonly, i64, i32, i1) nounwind
define void @memintr_test(i8* %a, i8* %b) nounwind uwtable sanitize_address {
entry:
tail call void @llvm.memset.p0i8.i64(i8* %a, i8 0, i64 100, i32 1, i1 false)
tail call void @llvm.memmove.p0i8.p0i8.i64(i8* %a, i8* %b, i64 100, i32 1, i1 false)
tail call void @llvm.memcpy.p0i8.p0i8.i64(i8* %a, i8* %b, i64 100, i32 1, i1 false)
ret void
}
; CHECK-LABEL: memintr_test
; CHECK: __asan_memset
; CHECK: __asan_memmove
; CHECK: __asan_memcpy
; CHECK: ret void
; PROF
; CHECK: ![[PROF]] = !{!"branch_weights", i32 1, i32 100000}
|