1 // RUN: %clangxx_asan -O0 -mllvm -asan-instrument-dynamic-allocas %s -o %t 2 // RUN: %run %t 2>&1 3 // 4 // REQUIRES: stable-runtime 5 6 // See https://github.com/llvm/llvm-project/issues/110956 7 // XFAIL: target=sparc{{.*}} 8 9 // This testcase checks correct interaction between VLAs and allocas. 10 11 #include <assert.h> 12 #include <stdint.h> 13 #include <stdlib.h> 14 #include "sanitizer/asan_interface.h" 15 16 // MSVC provides _alloca instead of alloca. 17 #if defined(_MSC_VER) && !defined(alloca) 18 # define alloca _alloca 19 #endif 20 21 #if defined(__sun__) && defined(__svr4__) 22 #include <alloca.h> 23 #endif 24 25 #define RZ 32 26 27 __attribute__((noinline)) void foo(int len) { 28 char *top, *bot; 29 // This alloca call should live until the end of foo. 30 char *alloca1 = (char *)alloca(len); 31 assert(!(reinterpret_cast<uintptr_t>(alloca1) & 31L)); 32 // This should be first poisoned address after loop. 33 top = alloca1 - RZ; 34 for (int i = 0; i < 32; ++i) { 35 // Check that previous alloca was unpoisoned at the end of iteration. 36 if (i) assert(!__asan_region_is_poisoned(bot, 96)); 37 // VLA is unpoisoned at the end of iteration. 38 volatile char array[i]; 39 // Ensure that asan-use-stack-safety does not optimize out the poisoning. 40 if (i) array[0] = 0; 41 assert(!(reinterpret_cast<uintptr_t>(array) & 31L)); 42 // Alloca is unpoisoned at the end of iteration, 43 // because dominated by VLA. 44 bot = (char *)alloca(i) - RZ; 45 } 46 // Check that all allocas from loop were unpoisoned correctly. 47 void *q = __asan_region_is_poisoned(bot, (char *)top - (char *)bot + 1); 48 assert(q == top); 49 } 50 51 int main(int argc, char **argv) { 52 foo(32); 53 return 0; 54 } 55