xref: /llvm-project/llvm/test/Instrumentation/AddressSanitizer/stack-poisoning-and-lifetime.ll (revision 855fe35064674c4601ea9c659a015cacdcec9f63) 
1; Regular stack poisoning.
2; RUN: opt < %s -passes=asan -asan-use-after-scope=0 -S | FileCheck --check-prefixes=CHECK,ENTRY,EXIT %s
3
4; Stack poisoning with stack-use-after-scope.
5; RUN: opt < %s -passes=asan -asan-use-after-scope=1 -S | FileCheck --check-prefixes=CHECK,ENTRY-UAS,EXIT-UAS %s
6
7target datalayout = "e-i64:64-f80:128-s:64-n8:16:32:64-S128"
8target triple = "x86_64-unknown-linux-gnu"
9
10declare void @Foo(ptr)
11
12define void @Bar() uwtable sanitize_address {
13entry:
14  %x = alloca [650 x i8], align 16
15  %xx = getelementptr inbounds [650 x i8], ptr %x, i64 0, i64 0
16
17  %y = alloca [13 x i8], align 1
18  %yy = getelementptr inbounds [13 x i8], ptr %y, i64 0, i64 0
19
20  %z = alloca [40 x i8], align 1
21  %zz = getelementptr inbounds [40 x i8], ptr %z, i64 0, i64 0
22
23  ; CHECK: [[SHADOW_BASE:%[0-9]+]] = add i64 %{{[0-9]+}}, 2147450880
24
25  ; F1F1F1F1
26  ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
27  ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
28  ; ENTRY-NEXT: store i32 -235802127, ptr [[PTR]], align 1
29
30  ; 02F2F2F2F2F2F2F2
31  ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85
32  ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
33  ; ENTRY-NEXT: store i64 -940422246894996990, ptr [[PTR]], align 1
34
35  ; F2F2F2F2F2F2F2F2
36  ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 93
37  ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
38  ; ENTRY-NEXT: store i64 -940422246894996750, ptr [[PTR]], align 1
39
40  ; F20005F2F2000000
41  ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 101
42  ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
43  ; ENTRY-NEXT: store i64 1043442499826, ptr [[PTR]], align 1
44
45  ; F3F3F3F3
46  ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 111
47  ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
48  ; ENTRY-NEXT: store i32 -202116109, ptr [[PTR]], align 1
49
50  ; F3
51  ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 115
52  ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
53  ; ENTRY-NEXT: store i8 -13, ptr [[PTR]], align 1
54
55  ; F1F1F1F1
56  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
57  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
58  ; ENTRY-UAS-NEXT: store i32 -235802127, ptr [[PTR]], align 1
59
60  ; F8F8F8...
61  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4
62  ; ENTRY-UAS-NEXT: call void @__asan_set_shadow_f8(i64 [[OFFSET]], i64 82)
63
64  ; F2F2F2F2F2F2F2F2
65  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 86
66  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
67  ; ENTRY-UAS-NEXT: store i64 -940422246894996750, ptr [[PTR]], align 1
68
69  ; F2F2F2F2F2F2F2F2
70  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 94
71  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
72  ; ENTRY-UAS-NEXT: store i64 -940422246894996750, ptr [[PTR]], align 1
73
74  ; F8F8F2F2F8F8F8F8
75  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102
76  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
77  ; ENTRY-UAS-NEXT: store i64 -506381209967593224, ptr [[PTR]], align 1
78
79  ; F8F3F3F3
80  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110
81  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
82  ; ENTRY-UAS-NEXT: store i32 -202116104, ptr [[PTR]], align 1
83
84  ; F3F3
85  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 114
86  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
87  ; ENTRY-UAS-NEXT: store i16 -3085, ptr [[PTR]], align 1
88
89  ; CHECK-LABEL: %xx = getelementptr inbounds
90  ; CHECK-NEXT: %yy = getelementptr inbounds
91  ; CHECK-NEXT: %zz = getelementptr inbounds
92
93
94  call void @llvm.lifetime.start.p0(i64 650, ptr %xx)
95  ; 0000...
96  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4
97  ; ENTRY-UAS-NEXT: call void @__asan_set_shadow_00(i64 [[OFFSET]], i64 81)
98  ; 02
99  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85
100  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
101  ; ENTRY-UAS-NEXT: store i8 2, ptr [[PTR]], align 1
102
103  ; CHECK-NEXT: call void @llvm.lifetime.start.p0(i64 650, ptr %xx)
104
105  call void @Foo(ptr %xx)
106  ; CHECK-NEXT: call void @Foo(ptr %xx)
107
108  call void @llvm.lifetime.end.p0(i64 650, ptr %xx)
109  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4
110  ; ENTRY-UAS-NEXT: call void @__asan_set_shadow_f8(i64 [[OFFSET]], i64 82)
111
112  ; CHECK-NEXT: call void @llvm.lifetime.end.p0(i64 650, ptr %xx)
113
114
115  call void @llvm.lifetime.start.p0(i64 13, ptr %yy)
116  ; 0005
117  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102
118  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
119  ; ENTRY-UAS-NEXT: store i16 1280, ptr [[PTR]], align 1
120
121  ; CHECK-NEXT: call void @llvm.lifetime.start.p0(i64 13, ptr %yy)
122
123  call void @Foo(ptr %yy)
124  ; CHECK-NEXT: call void @Foo(ptr %yy)
125
126  call void @llvm.lifetime.end.p0(i64 13, ptr %yy)
127  ; F8F8
128  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102
129  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
130  ; ENTRY-UAS-NEXT: store i16 -1800, ptr [[PTR]], align 1
131
132  ; CHECK-NEXT: call void @llvm.lifetime.end.p0(i64 13, ptr %yy)
133
134
135  call void @llvm.lifetime.start.p0(i64 40, ptr %zz)
136  ; 00000000
137  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 106
138  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
139  ; ENTRY-UAS-NEXT: store i32 0, ptr [[PTR]], align 1
140  ; 00
141  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110
142  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
143  ; ENTRY-UAS-NEXT: store i8 0, ptr [[PTR]], align 1
144
145  ; CHECK-NEXT: call void @llvm.lifetime.start.p0(i64 40, ptr %zz)
146
147  call void @Foo(ptr %zz)
148  ; CHECK-NEXT: call void @Foo(ptr %zz)
149
150  call void @llvm.lifetime.end.p0(i64 40, ptr %zz)
151  ; F8F8F8F8
152  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 106
153  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
154  ; ENTRY-UAS-NEXT: store i32 -117901064, ptr [[PTR]], align 1
155  ; F8
156  ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110
157  ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
158  ; ENTRY-UAS-NEXT: store i8 -8, ptr [[PTR]], align 1
159
160  ; CHECK-NEXT: call void @llvm.lifetime.end.p0(i64 40, ptr %zz)
161
162  ; CHECK: {{^[0-9]+}}:
163
164  ; CHECK-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
165  ; CHECK-NEXT: call void @__asan_set_shadow_f5(i64 [[OFFSET]], i64 128)
166
167  ; CHECK-NOT: add i64 [[SHADOW_BASE]]
168
169  ; CHECK: {{^[0-9]+}}:
170
171  ; 00000000
172  ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
173  ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
174  ; EXIT-NEXT: store i32 0, ptr [[PTR]], align 1
175
176  ; 0000000000000000
177  ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85
178  ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
179  ; EXIT-NEXT: store i64 0, ptr [[PTR]], align 1
180
181  ; 0000000000000000
182  ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 93
183  ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
184  ; EXIT-NEXT: store i64 0, ptr [[PTR]], align 1
185
186  ; 0000000000000000
187  ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 101
188  ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
189  ; EXIT-NEXT: store i64 0, ptr [[PTR]], align 1
190
191  ; 00000000
192  ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 111
193  ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
194  ; EXIT-NEXT: store i32 0, ptr [[PTR]], align 1
195
196  ; 00
197  ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 115
198  ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to ptr
199  ; EXIT-NEXT: store i8 0, ptr [[PTR]], align 1
200
201  ; 0000...
202  ; EXIT-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
203  ; EXIT-UAS-NEXT: call void @__asan_set_shadow_00(i64 [[OFFSET]], i64 116)
204
205  ; CHECK-NOT: add i64 [[SHADOW_BASE]]
206
207  ret void
208  ; CHECK: {{^[0-9]+}}:
209  ; CHECK: ret void
210}
211
212declare void @foo(ptr)
213define void @PR41481(i1 %b) sanitize_address {
214; CHECK-LABEL: @PR41481
215entry:
216  %p1 = alloca i32
217  %p2 = alloca i32
218  br label %bb1
219
220  ; Since we cannot account for all lifetime intrinsics in this function, we
221  ; might have missed a lifetime.start one and therefore shouldn't poison the
222  ; allocas at function entry.
223  ; ENTRY: store i64 -935356719533264399
224  ; ENTRY-UAS: store i64 -935356719533264399
225
226bb1:
227  %p = select i1 %b, ptr %p1, ptr %p2
228  %q = select i1 %b, ptr  %p1, ptr  %p2
229  call void @llvm.lifetime.start.p0(i64 4, ptr %q)
230  call void @foo(ptr %p)
231  br i1 %b, label %bb2, label %bb3
232
233bb2:
234  call void @llvm.lifetime.end.p0(i64 4, ptr %p1)
235  br label %end
236
237bb3:
238  call void @llvm.lifetime.end.p0(i64 4, ptr %p2)
239  br label %end
240
241end:
242  ret void
243}
244
245
246declare void @llvm.lifetime.start.p0(i64, ptr nocapture)
247declare void @llvm.lifetime.end.p0(i64, ptr nocapture)
248
249; CHECK-ON: declare void @__asan_set_shadow_00(i64, i64)
250; CHECK-ON: declare void @__asan_set_shadow_f1(i64, i64)
251; CHECK-ON: declare void @__asan_set_shadow_f2(i64, i64)
252; CHECK-ON: declare void @__asan_set_shadow_f3(i64, i64)
253; CHECK-ON: declare void @__asan_set_shadow_f5(i64, i64)
254; CHECK-ON: declare void @__asan_set_shadow_f8(i64, i64)
255
256; CHECK-OFF-NOT: declare void @__asan_set_shadow_
257