diff options
| author | Kostya Serebryany <kcc@google.com> | 2013-12-23 14:15:08 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2013-12-23 14:15:08 +0000 |
| commit | 26f1d1cbbce40b3b496d9264064a0ed467f763e6 (patch) | |
| tree | 1e067c758b5e396b6ee6aa5f9758024baf92c747 /test/Instrumentation | |
| parent | 1fe014e5fcaf45dd1d26affa44a5c9579337f200 (diff) | |
| download | llvm-26f1d1cbbce40b3b496d9264064a0ed467f763e6.tar.gz llvm-26f1d1cbbce40b3b496d9264064a0ed467f763e6.tar.bz2 llvm-26f1d1cbbce40b3b496d9264064a0ed467f763e6.tar.xz | |
[asan] don't unpoison redzones on function exit in use-after-return mode.
Summary:
Before this change the instrumented code before Ret instructions looked like:
<Unpoison Frame Redzones>
if (Frame != OriginalFrame) // I.e. Frame is fake
<Poison Complete Frame>
Now the instrumented code looks like:
if (Frame != OriginalFrame) // I.e. Frame is fake
<Poison Complete Frame>
else
<Unpoison Frame Redzones>
Reviewers: eugenis
Reviewed By: eugenis
CC: llvm-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D2458
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@197907 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/Instrumentation')
| -rw-r--r-- | test/Instrumentation/AddressSanitizer/stack-poisoning.ll | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/test/Instrumentation/AddressSanitizer/stack-poisoning.ll b/test/Instrumentation/AddressSanitizer/stack-poisoning.ll new file mode 100644 index 0000000000..2d69879925 --- /dev/null +++ b/test/Instrumentation/AddressSanitizer/stack-poisoning.ll @@ -0,0 +1,43 @@ +; RUN: opt < %s -asan -asan-use-after-return -S | FileCheck --check-prefix=CHECK-UAR %s +; RUN: opt < %s -asan -S | FileCheck --check-prefix=CHECK-PLAIN %s +target datalayout = "e-i64:64-f80:128-s:64-n8:16:32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +declare void @Foo(i8*) + +define void @Bar() uwtable sanitize_address { +entry: +; CHECK-PLAIN-LABEL: Bar +; CHECK-PLAIN-NOT: label +; CHECK-PLAIN: ret void + +; CHECK-UAR-LABEL: Bar +; CHECK-UAR: load i32* @__asan_option_detect_stack_use_after_return +; CHECK-UAR: label +; CHECK-UAR: call i64 @__asan_stack_malloc_1 +; CHECK-UAR: label +; CHECK-UAR: call void @Foo +; If LocalStackBase != OrigStackBase +; CHECK-UAR: label +; Then Block: poison the entire frame. + ; CHECK-UAR: store i64 -723401728380766731 + ; CHECK-UAR: store i64 -723401728380766731 + ; CHECK-UAR: store i8 0 + ; CHECK-UAR-NOT: store + ; CHECK-UAR: label +; Else Block: no UAR frame. Only unpoison the redzones. + ; CHECK-UAR: store i64 0 + ; CHECK-UAR: store i32 0 + ; CHECK-UAR-NOT: store + ; CHECK-UAR: label +; Done, no more stores. +; CHECK-UAR-NOT: store +; CHECK-UAR: ret void + + %x = alloca [20 x i8], align 16 + %arraydecay = getelementptr inbounds [20 x i8]* %x, i64 0, i64 0 + call void @Foo(i8* %arraydecay) + ret void +} + + |