From patchwork Tue Dec 4 18:00:35 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wei Mi X-Patchwork-Id: 203713 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by ozlabs.org (Postfix) with SMTP id 6C97D2C0081 for ; Wed, 5 Dec 2012 05:01:16 +1100 (EST) Comment: DKIM? See http://www.dkim.org DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=gcc.gnu.org; s=default; x=1355248876; h=Comment: DomainKey-Signature:Received:Received:Received:Received: MIME-Version:Received:Received:In-Reply-To:References:Date: Message-ID:Subject:From:To:Cc:Content-Type:Mailing-List: Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:Sender:Delivered-To; bh=NfRqRRjMxxGq5aJJr584pQVrkUo=; b=aif4IttEHqz6zWupOKYyvATbfQPXFmYoN37E55K7meJTC7+BfYhKAy7qercifd CtBOvaSBxFT/zArtwA8uQgfs1PlRNgusu+r4oLARDXh1YJygDfnIIsB3VjoO6u3y LTiNbJDxuI0kAJbY4z0JnxyxNmfSLZ1+TjpcYxwmQ1xZw= Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org; h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:X-Google-DKIM-Signature:MIME-Version:Received:Received:In-Reply-To:References:Date:Message-ID:Subject:From:To:Cc:Content-Type:X-Gm-Message-State:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To; b=x0vEJoHo5dIj7ePZcN57Df4UuccknOTNv0kMZ8MeogUXUJ5XAnkBiSapgWJgQq IhyeTs/FFc7jg+cmuMfPgrrVz3//fCsx/HRFnvAtownCCYoIPnWiKtIdbYtr+y0o zkarJL7RA6a6LLqu8AoPYgfnWxknVJNGt7cwdVY23rFTo=; Received: (qmail 10360 invoked by alias); 4 Dec 2012 18:01:03 -0000 Received: (qmail 10234 invoked by uid 22791); 4 Dec 2012 18:00:58 -0000 X-SWARE-Spam-Status: No, hits=-5.9 required=5.0 tests=AWL, BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, KHOP_RCVD_TRUST, KHOP_THREADED, RCVD_IN_DNSWL_LOW, RCVD_IN_HOSTKARMA_YE, RP_MATCHES_RCVD, TW_LV X-Spam-Check-By: sourceware.org Received: from mail-qc0-f175.google.com (HELO mail-qc0-f175.google.com) (209.85.216.175) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 04 Dec 2012 18:00:37 +0000 Received: by mail-qc0-f175.google.com with SMTP id j3so2336326qcs.20 for ; Tue, 04 Dec 2012 10:00:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=9BdrncYW2J+ZVyrdZfQ5UAxmY3GxAQuI0z2tybecl9g=; b=RWh57oNgSFRGXPiCkBYFfMLWzR4blrIfDBXaL89BReSuuTPr3/thdYcNrGo5gYxZHl j9sjDHmeO11TWWjCi/0EfVwjtZ13qfgQbBHH5edUAThPO82N7sJTcln6nrgBhXdxXba8 M93S7bXyNX4lX7/tE3frQF3CZFBhFUMq73qM6nzgoObT9vWkG/464QQv2PRHLVuys4LL GSK5PPUYIv8DyxzpyuGnZUqny/P+fBv4wG3cSwKerscKNco5fOkOaOUj+Y+HIJaEcj+k DVufYgYQe69tNU0kfmG7kE9lA9J81cYkqnkKOzUJw5+WDJwSEtONXwnFvotlDG71N5v6 CsEg== MIME-Version: 1.0 Received: by 10.229.114.201 with SMTP id f9mr5364907qcq.33.1354644036144; Tue, 04 Dec 2012 10:00:36 -0800 (PST) Received: by 10.49.105.230 with HTTP; Tue, 4 Dec 2012 10:00:35 -0800 (PST) In-Reply-To: <20121203110018.GR2315@tucnak.redhat.com> References: <20121128101420.GG2315@tucnak.redhat.com> <20121203110018.GR2315@tucnak.redhat.com> Date: Tue, 4 Dec 2012 10:00:35 -0800 Message-ID: Subject: Re: [PATCH] asan unit tests from llvm lit-test From: Wei Mi To: Jakub Jelinek Cc: Mike Stump , GCC Patches , David Li , Diego Novillo , Kostya Serebryany , Dodji Seketeli X-Gm-Message-State: ALoCoQllgN+N3LJjMv4B80iJK2IwxdCxGSg68Rs0afE/bBMuk3PKzxaZ/PlEhjnIa2SVOQz85eUWx3jTG24UT4niIXeEgppdUHg61y9zdklj2I+Fl9qB7qQldbL6+JgIBceBmBKQ9fzI/TX6BWE69wvlMqUpW2hzuZ2gaoE2f3/lK1Yoqu2yV/DvrPkGE3TreaUXvyvdY+h+ Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Hi, I updated the patch according to the comments. Please take a look. Thanks. Wei. > On Fri, Nov 30, 2012 at 12:35:35PM -0800, Wei Mi wrote: >> Thanks for the comments! Here is the second version patch. Please see >> if it is ok. >> (-Wno-attributes is kept or else we will get a warning because of >> __attribute__((always_inline))). > >> --- gcc/testsuite/gcc.dg/asan/asan.exp (revision 194002) >> +++ gcc/testsuite/gcc.dg/asan/asan.exp (working copy) >> @@ -30,6 +30,10 @@ if ![check_effective_target_faddress_san >> dg-init >> asan_init >> >> +# Set default torture options >> +set default_asan_torture_options [list { -O0 } { -O1 } { -O2 } { -O3 }] >> +set-torture-options $default_asan_torture_options > > Why this? What is undesirable on the default torture options? > Do those tests fail with lto or similar? I change it to use the default torture options. > >> --- gcc/testsuite/g++.dg/asan/deep-stack-uaf-1.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/deep-stack-uaf-1.C (revision 0) >> @@ -0,0 +1,33 @@ >> +// Check that we can store lots of stack frames if asked to. >> + >> +// { dg-do run } >> +// { dg-env-var ASAN_OPTIONS "malloc_context_size=120:redzone=512" } >> +// { dg-shouldfail "asan" } > > Can you please replace the two spaces after // with just one? > Dejagnu directives are often quite long, and thus it is IMHO better to make > the lines longer than necessary. > For this test, don't you need > // { dg-options "-fno-optimize-sibling-calls" } > and __attribute__((noinline)) on the free method? Otherwise I'd expect > that either at least at -O3 it could be all inlined, or if not inlined, then > at least tail call optimized (and thus not showing up in the backtrace > either). > Fixed. >> +#include >> +#include >> + >> +template >> +struct DeepFree { >> + static void free(char *x) { >> + DeepFree::free(x); >> + } >> +}; >> + >> +template<> >> +struct DeepFree<0> { >> + static void free(char *x) { >> + ::free(x); >> + } >> +}; >> + >> +int main() { >> + char *x = new char[10]; >> + // deep_free(x); >> + DeepFree<200>::free(x); >> + return x[5]; >> +} >> + >> +// { dg-output "ERROR: AddressSanitizer:? heap-use-after-free on address.*(\n|\r\n|\r)" } >> +// { dg-output " #37 0x\[0-9a-f\]+ (in \[^\n\r]*DeepFree\[^\n\r]*36|\[(\]).*(\n|\r\n|\r)" } >> +// { dg-output " #99 0x\[0-9a-f\]+ (in \[^\n\r]*DeepFree\[^\n\r]*98|\[(\]).*(\n|\r\n|\r)" } >> +// { dg-output " #116 0x\[0-9a-f\]+ (in \[^\n\r]*DeepFree\[^\n\r]*115|\[(\])\[^\n\r]*(\n|\r\n|\r)" } > >> --- gcc/testsuite/g++.dg/asan/deep-tail-call-1.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/deep-tail-call-1.C (revision 0) >> @@ -0,0 +1,20 @@ >> +// { dg-do run } >> +// { dg-options "-mno-omit-leaf-frame-pointer -fno-omit-frame-pointer -fno-optimize-sibling-calls" } > > -mno-omit-leaf-frame-pointer is i?86/x86_64 options, so you need to leave it > from dg-options and add > // { dg-additional-options "-mno-omit-leaf-frame-pointer" { target { i?86-*-* x86_64-*-* } } } > Fixed. >> --- gcc/testsuite/g++.dg/asan/asan.exp (revision 194002) >> +++ gcc/testsuite/g++.dg/asan/asan.exp (working copy) >> @@ -28,9 +28,15 @@ if ![check_effective_target_faddress_san >> dg-init >> asan_init >> >> +# Set default torture options >> +set default_asan_torture_options [list { -O0 } { -O1 } { -O2 } { -O3 }] >> +set-torture-options $default_asan_torture_options > > Again, like I asked earlier. Fixed. > >> + >> # Main loop. >> gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.C $srcdir/c-c++-common/asan/*.c]] "" >> >> +source $srcdir/$subdir/special/special.exp > > Won't this cause double testing of the special tests? AFAIK dejagnu is > looking recursively for all *.exp files, so once you'd source it when > running asan.exp and again when dejagnu finds special.exp on its own. > If that is the case, then you shouldn't source it here, and rename > special.exp to say asan-special.exp, so that one can test all asan > tests with just RUNTESTFLAGS="--target_board=unix\{-m32,-m64\} asan.exp asan-special.exp" > but also make check will DTRT. Or perhaps name it also asan.exp, see if > RUNTESTFLAGS="--target_board=unix\{-m32,-m64\} asan.exp" > then will DTRT and also make check? > Yes, it will cause double tests in make check. I rename special.exp to asan-special.exp and don't source it from asan.exp. >> --- gcc/testsuite/g++.dg/asan/interception-test-1.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/interception-test-1.C (revision 0) >> @@ -0,0 +1,22 @@ >> +// ASan interceptor can be accessed with __interceptor_ prefix. >> + >> +// { dg-do run } >> +// { dg-shouldfail "asan" } >> + >> +#include >> +#include >> + >> +extern "C" long __interceptor_strtol(const char *nptr, char **endptr, int base); >> +extern "C" long strtol(const char *nptr, char **endptr, int base) { >> + fprintf(stderr, "my_strtol_interceptor\n"); >> + return __interceptor_strtol(nptr, endptr, base); >> +} >> + >> +int main() { >> + char *x = (char*)malloc(10 * sizeof(char)); > > Ugh, why the * sizeof(char)? That is completely pointless... > Fixed. >> --- gcc/testsuite/g++.dg/asan/large-func-test-1.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/large-func-test-1.C (revision 0) >> @@ -0,0 +1,47 @@ >> +// { dg-do run } >> +// { dg-shouldfail "asan" } >> + >> +#include >> +__attribute__((noinline)) >> +static void LargeFunction(int *x, int zero) { >> + x[0]++; >> + x[1]++; >> + x[2]++; >> + x[3]++; >> + x[4]++; >> + x[5]++; >> + x[6]++; >> + x[7]++; >> + x[8]++; >> + x[9]++; >> + >> + x[zero + 111]++; // we should report this exact line >> + >> + x[10]++; >> + x[11]++; >> + x[12]++; >> + x[13]++; >> + x[14]++; >> + x[15]++; >> + x[16]++; >> + x[17]++; >> + x[18]++; >> + x[19]++; >> +} >> + >> +int main(int argc, char **argv) { >> + int *x = new int[100]; >> + LargeFunction(x, argc - 1); >> + delete x; >> +} >> + >> +// { dg-output "ERROR: AddressSanitizer:? heap-buffer-overflow on address\[^\n\r]*" } >> +// { dg-output "0x\[0-9a-f\]+ at pc 0x\[0-9a-f\]+ bp 0x\[0-9a-f\]+ sp 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output "READ of size 4 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*LargeFunction\[^\n\r]*(large-func-test-1.C:18|\[?\]\[?\]:0)|\[(\]).*(\n|\r\n|\r)" } >> +// { dg-output "0x\[0-9a-f\]+ is located 44 bytes to the right of 400-byte region.*(\n|\r\n|\r)" } >> +// { dg-output "allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #1 0x\[0-9a-f\]+ (in (operator new|_Znwm)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #2 0x\[0-9a-f\]+ (in (operator new|_Znam)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #3 0x\[0-9a-f\]+ (in _*main\[^\n\r]*(large-func-test-1.C:33|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } >> Index: gcc/testsuite/g++.dg/asan/dlclose-test-1-so.C >> =================================================================== >> --- gcc/testsuite/g++.dg/asan/dlclose-test-1-so.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/dlclose-test-1-so.C (revision 0) > > Name it dlclose-test-1.so.cc instead? Fixed. > >> +// { dg-skip-if "" { *-*-* } { "*" } { "" } } > >> --- gcc/testsuite/g++.dg/asan/special/dlclose-test-1.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/special/dlclose-test-1.C (revision 0) >> @@ -0,0 +1,69 @@ >> +// Regression test for >> +// http://code.google.com/p/address-sanitizer/issues/detail?id=19 >> +// Bug description: >> +// 1. application dlopens foo.so >> +// 2. asan registers all globals from foo.so >> +// 3. application dlcloses foo.so >> +// 4. application mmaps some memory to the location where foo.so was before >> +// 5. application starts using this mmaped memory, but asan still thinks there >> +// are globals. >> +// 6. BOOM >> + >> +// { dg-do run } >> +// { dg-require-effective-target "dlopen" } >> +// { dg-require-effective-target "mmap" } > > My preference would be // { dg-do run { target { dlopen && mmap } } } > In any case, no need for "s around the dlopen/mmap/pthread etc. Fixed. >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +#include >> + >> +using std::string; >> + >> +static const int kPageSize = 4096; >> + >> +typedef int *(fun_t)(); >> + >> +int main(int argc, char *argv[]) { >> + string path = string(argv[0]) + "-so.so"; >> + printf("opening %s ... \n", path.c_str()); >> + void *lib = dlopen(path.c_str(), RTLD_NOW); >> + if (!lib) { >> + printf("error in dlopen(): %s\n", dlerror()); >> + return 1; >> + } >> + fun_t *get = (fun_t*)dlsym(lib, "get_address_of_static_var"); >> + if (!get) { >> + printf("failed dlsym\n"); >> + return 1; >> + } >> + int *addr = get(); >> + //assert(((size_t)addr % 32) == 0); // should be 32-byte aligned. >> + printf("addr: %p\n", addr); >> + addr[0] = 1; // make sure we can write there. >> + >> + // Now dlclose the shared library. >> + printf("attempting to dlclose\n"); >> + if (dlclose(lib)) { >> + printf("failed to dlclose\n"); >> + return 1; >> + } >> + // Now, the page where 'addr' is unmapped. Map it. >> + size_t page_beg = ((size_t)addr) & ~(kPageSize - 1); >> + void *res = mmap((void*)(page_beg), kPageSize, >> + PROT_READ | PROT_WRITE, >> + MAP_PRIVATE | MAP_ANON | MAP_FIXED | MAP_NORESERVE, 0, 0); >> + if (res == (char*)-1L) { >> + printf("failed to mmap\n"); >> + return 1; >> + } >> + addr[1] = 2; // BOOM (if the bug is not fixed). >> + printf("PASS\n"); >> + // CHECK: PASS >> + return 0; >> +} >> + >> +// { dg-output "PASS" } > > Isn't printf("PASS\n"); and dg-output completely unnecessary here? > If the test doesn't reach the return 0, the test will fail (the canonical > way of failing is abort ();, but for asan I agree it is better to exit with > non-zero status, because the asan multi-terrabyte mappings cause slowdowns > e.g. with abrt or if cores are enabled) the execution test part, if it > reaches there, it will pass the execution test, by testing dg-output you > are adding another dejagnu accounted test (another pass/fail/unsupported > item), but it tests exactly what has been tested before already. Fixed. >> Index: gcc/testsuite/g++.dg/asan/special/shared-lib-test-1.C >> =================================================================== >> --- gcc/testsuite/g++.dg/asan/special/shared-lib-test-1.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/special/shared-lib-test-1.C (revision 0) >> @@ -0,0 +1,34 @@ >> +// { dg-do run } >> +// { dg-require-effective-target "dlopen" } >> +// { dg-shouldfail "asan" } >> + >> +#include >> +#include >> +#include >> + >> +#include >> + >> +using std::string; >> + >> +typedef void (fun_t)(int x); >> + >> +int main(int argc, char *argv[]) { >> + string path = string(argv[0]) + "-so.so"; >> + printf("opening %s ... \n", path.c_str()); >> + void *lib = dlopen(path.c_str(), RTLD_NOW); >> + if (!lib) { >> + printf("error in dlopen(): %s\n", dlerror()); >> + return 1; >> + } >> + fun_t *inc = (fun_t*)dlsym(lib, "inc"); >> + if (!inc) return 1; >> + printf("ok\n"); >> + inc(1); >> + inc(-1); // BOOM >> + return 0; >> +} >> + >> +// { dg-output "ERROR: AddressSanitizer:? global-buffer-overflow\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output "READ of size 4 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #0 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } >> +// { dg-output " #1 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(shared-lib-test-1.C:27|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } >> Index: gcc/testsuite/g++.dg/asan/special/special.exp >> =================================================================== >> --- gcc/testsuite/g++.dg/asan/special/special.exp (revision 0) >> +++ gcc/testsuite/g++.dg/asan/special/special.exp (revision 0) >> @@ -0,0 +1,59 @@ >> +# Copyright (C) 2012 Free Software Foundation, Inc. >> +# >> +# This file is part of GCC. >> +# >> +# GCC is free software; you can redistribute it and/or modify >> +# it under the terms of the GNU General Public License as published by >> +# the Free Software Foundation; either version 3, or (at your option) >> +# any later version. >> +# >> +# GCC is distributed in the hope that it will be useful, >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> +# GNU General Public License for more details. >> +# >> +# You should have received a copy of the GNU General Public License >> +# along with GCC; see the file COPYING3. If not see >> +# . >> + >> +# Handle special tests >> +if { [info procs target_compile] != [list] \ >> + && [info procs saved_asan_target_compile] == [list] } { >> + rename target_compile saved_asan_target_compile >> + >> + proc target_compile { source dest type options } { >> + global srcdir subdir >> + >> + if { [string match "*dlclose-test-1.C" $source] } { >> + set dlclose_so_options $options >> + lappend dlclose_so_options "additional_flags=-fPIC -shared" >> + set auxfile [glob $srcdir/$subdir/dlclose-test-1-so.C] >> + set result [eval [list saved_asan_target_compile \ >> + $auxfile \ >> + "dlclose-test-1.exe-so.so" \ >> + "executable" $dlclose_so_options]] >> + } elseif { [string match "*shared-lib-test-1.C" $source] } { >> + set shared_lib_so_options $options >> + lappend shared_lib_so_options "additional_flags=-fPIC -shared" >> + set auxfile [glob $srcdir/$subdir/shared-lib-test-1-so.C] >> + set result [eval [list saved_asan_target_compile \ >> + $auxfile \ >> + "shared-lib-test-1.exe-so.so" \ >> + "executable" $shared_lib_so_options]] >> + } >> + set result [eval [list saved_asan_target_compile $source $dest $type $options]] >> + return $result > > I'm missing hre cleaning up of the created shared libraries, are you sure > they aren't kept in the g++/testsuite/g++/ directory after make check? > > Plus, if this *.exp file is renamed to asan.exp or asan-special.exp and > not sourced in from the upper directory asan.exp, it needs to start/end with > what asan.exp does. > Fixed. >> +if { [info procs saved_asan_target_compile] != [list] } { >> + rename target_compile "" >> + rename saved_asan_target_compile target_compile >> +} >> + >> +# Clean .so generated by special tests. >> +file delete dlclose-test-1.exe-so.so >> +file delete shared-lib-test-1.exe-so.so > > Ah, it is here, but wonder what it will do for cross testing. > Shouldn't that be remove_file ? delete where ? is either target, or host, or > build (not sure which one). Mike? > Changed to remove-build-file. >> --- gcc/testsuite/g++.dg/asan/shared-lib-test-1-so.C (revision 0) >> +++ gcc/testsuite/g++.dg/asan/shared-lib-test-1-so.C (revision 0) > > Again, *-so.cc ? > Fixed. >> +// { dg-skip-if "" { *-*-* } { "*" } { "" } } > >> --- gcc/testsuite/lib/gcc-dg.exp (revision 194002) >> +++ gcc/testsuite/lib/gcc-dg.exp (working copy) >> @@ -254,7 +254,16 @@ if { [info procs ${tool}_load] != [list] >> proc ${tool}_load { program args } { >> global tool >> global shouldfail >> + global set_env_var >> + >> + set saved_env_var [list] >> + if { [llength $set_env_var] != 0 } { >> + set-env-var >> + } >> set result [eval [list saved_${tool}_load $program] $args] >> + if { [llength $set_env_var] != 0 } { >> + restore-env-var >> + } >> if { $shouldfail != 0 } { >> switch [lindex $result 0] { >> "pass" { set status "fail" } >> @@ -266,6 +275,37 @@ if { [info procs ${tool}_load] != [list] >> } >> } >> >> +proc dg-env-var { args } { >> + global set_env_var >> + if { [llength $args] != 3 } { >> + error "[lindex $args 1]: need two arguments" >> + return >> + } >> + lappend set_env_var [list [lindex $args 1] [lindex $args 2]] >> +} >> + >> +proc set-env-var { } { >> + global set_env_var >> + upvar 1 saved_env_var saved_env_var >> + foreach env_var $set_env_var { >> + set var [lindex $env_var 0] >> + set value [lindex $env_var 1] >> + if [info exists env($var)] { >> + lappend saved_env_var [list $var $env($var)] >> + } >> + setenv $var $value >> + } >> +} >> + >> +proc restore-env-var { } { >> + upvar 1 saved_env_var saved_env_var >> + foreach env_var $saved_env_var { >> + set var [lindex $env_var 0] >> + set value [lindex $env_var 1] >> + unsetenv $var $value >> + } >> +} >> + >> # Utility routines. >> >> # >> @@ -287,6 +327,10 @@ proc search_for { file pattern } { >> # as c-torture does. >> proc gcc-dg-runtest { testcases default-extra-flags } { >> global runtests >> + global set_env_var >> + >> + # Init set_env_var >> + set set_env_var [list] >> >> # Some callers set torture options themselves; don't override those. >> set existing_torture_options [torture-options-exist] > > For this, I'd appreciate Mike's input. If it is useful for all tests > generally (I'd say it is, we could use it e.g. for testing some of the > libgomp env vars), then it should stay here or so, otherwise it would need > to be moved into asan-dg.exp and have asan in the name. > > More importantly, I'm wondering about dg-env-var vs. cross testing, I guess > env var is set on host only, not remotely set on the target. So, either > we should mark all tests that use dg-env-var with some special effective > target that would be basically [is_native] - or what is the way to limit > tests to native testing only, or dg-evn-var itself should arrange to just > make the whole test unsupported if not native (don't call ${tool}_load > at all and return something else?). > rename dg-env-var to dg-set-target-env-var. Add the following in ${tool}_load: if { [llength $set_target_env_var] != 0 } { if { [is_remote target] } { return [list "unsupported" ""] } set-target-env-var } set result [eval [list saved_${tool}_load $program] $args] if { [llength $set_target_env_var] != 0 } { restore-target-env-var } >> Index: gcc/testsuite/c-c++-common/asan/strip-path-prefix-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/strip-path-prefix-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/strip-path-prefix-1.c (revision 0) >> @@ -0,0 +1,14 @@ >> +/* { dg-do run } */ >> +/* { dg-skip-if "" { *-*-* } { "*" } { "-O2 -m64" } } */ > > The -m64 here is just wrong. If you want to run the test only > for -O2 and x86_64-linux compilation (why?, what is so specific > about it to that combination?), then you'd do > /* { dg-do run { target { { i?86-*-* x86_64-*-* } && lp64 } } } */ > /* { dg-skip-if "" { *-*-* } { "*" } { "-O2" } } */ > or so. But again, why? > Fixed. remove -m64. >> +/* { dg-env-var ASAN_OPTIONS "strip_path_prefix='/'" } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +int main() { >> + char *x = (char*)malloc(10 * sizeof(char)); >> + free(x); >> + return x[5]; >> +} >> + >> +/* { dg-output "heap-use-after-free.*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ \[(\]\[^/\]\[^\n\r]*(\n|\r\n|\r)" } */ > >> --- gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c (revision 0) >> @@ -0,0 +1,16 @@ >> +/* This test checks that we are no instrumenting a memory access twice >> + (before and after inlining) */ >> + >> +/* { dg-do run } */ >> +/* { dg-options "-Wno-attributes" } */ >> +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0 -m64" "-O1 -m64" } } */ > > As I said above. Why is this not tested for 32-bit testing? > From the name, -O0/-O1 limit could make sense, but then even for -O2 and > above it should do the same. > Fixed. remove -m64. >> +__attribute__((always_inline)) > > Please drop -Wno-attributes above, and instead DTRT, i.e. > together with __attribute__((always_inline)) always use also inline keyword. > always_inline attribute alone is invalid on functions not marked as inline. > remove -Wno-attributes. add inline keyword. >> +void foo(int *x) { >> + *x = 0; >> +} >> + >> +int main() { >> + int x; >> + foo(&x); >> + return x; >> +} > > But of course, the test actually doesn't test anything at all, there is > no check for it not being instrumented twice, you'd use > dg-do compile test for it instead, and test assembly in dg-final or similar. > Except that there are no memory accesses at all, at least for -O1 > by the time this reaches the asan pass I'm pretty sure it will be just > int main() { return 0; } > (perhaps with DEBUG x => 0 for -g). > Then it will be very dependent on whether the foo function is emitted > or not (which depends on C vs. C++ and for C on 89 vs 99 vs. > -fgnu89-inline). So, for -O1 main won't contain any instrumented accesses, > and foo either won't be emitted at all, or will contain one store. > For -O0 for main it will contain one insturmented store, and for foo the > same as for -O1. So you could > /* { dg-final { scan-assembler-not "__asan_report_load" } } */ > Added dg-do compile and dg-final. >> Index: gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c (revision 0) >> @@ -0,0 +1,62 @@ >> +/* Check that ASan plays well with easy cases of makecontext/swapcontext. */ >> + >> +/* { dg-do run } */ >> +/* { dg-require-effective-target "swapcontext" } */ >> + >> +#include >> +#include >> +#include >> + >> +ucontext_t orig_context; >> +ucontext_t child_context; >> + >> +void Child(int mode) { >> + char x[32] = {0}; /* Stack gets poisoned. */ >> + printf("Child: %p\n", x); >> + /* (a) Do nothing, just return to parent function. >> + (b) Jump into the original function. Stack remains poisoned unless we do >> + something. */ >> + if (mode == 1) { >> + if (swapcontext(&child_context, &orig_context) < 0) { >> + perror("swapcontext"); >> + _exit(0); >> + } >> + } >> +} >> + >> +int Run(int arg, int mode) { >> + int i; >> + const int kStackSize = 1 << 20; >> + char child_stack[kStackSize + 1]; >> + printf("Child stack: %p\n", child_stack); >> + /* Setup child context. */ >> + getcontext(&child_context); >> + child_context.uc_stack.ss_sp = child_stack; >> + child_context.uc_stack.ss_size = kStackSize / 2; >> + if (mode == 0) { >> + child_context.uc_link = &orig_context; >> + } >> + makecontext(&child_context, (void (*)())Child, 1, mode); >> + if (swapcontext(&orig_context, &child_context) < 0) { >> + perror("swapcontext"); >> + return 0; >> + } >> + /* Touch childs's stack to make sure it's unpoisoned. */ >> + for (i = 0; i < kStackSize; i++) { >> + child_stack[i] = i; >> + } >> + return child_stack[arg]; >> +} >> + >> +int main(int argc, char **argv) { >> + int ret = 0; >> + ret += Run(argc - 1, 0); >> + printf("Test1 passed\n"); >> + ret += Run(argc - 1, 1); >> + printf("Test2 passed\n"); >> + return ret; >> +} >> + >> +/* { dg-output "WARNING: ASan doesn't fully support makecontext/swapcontext.*" } */ >> +/* { dg-output "Test1 passed.*" } */ >> +/* { dg-output "Test2 passed.*" } */ >> Index: gcc/testsuite/c-c++-common/asan/null-deref-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/null-deref-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/null-deref-1.c (revision 0) >> @@ -0,0 +1,16 @@ >> +/* { dg-do run } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +__attribute__((noinline)) > > For GCC you need > __attribute__((noinline, noclone)) > here, otherwise GCC could very well clone the function to > NullDeref.isra.0 or similar, taking no arguments and doing > the NULL dereference or __builtin_unreachable directly. > Fixed. >> +static void NullDeref(int *ptr) { >> + ptr[10]++; >> +} >> +int main() { >> + NullDeref((int*)0); >> +} >> + >> +/* { dg-output "ERROR: AddressSanitizer:? SEGV on unknown address.*" } */ >> +/* { dg-output "0x\[0-9a-f\]+ .*pc 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "AddressSanitizer can not provide additional info.*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*NullDeref\[^\n\r]*(null-deref-1.c:6|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*main\[^\n\r]*(null-deref-1.c:9|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> Index: gcc/testsuite/c-c++-common/asan/global-overflow-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/global-overflow-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/global-overflow-1.c (revision 0) >> @@ -0,0 +1,22 @@ >> +/* { dg-do run } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +volatile int one = 1; >> + >> +int main() { >> + static char XXX[10]; >> + static char YYY[10]; >> + static char ZZZ[10]; >> + memset(XXX, 0, 10); >> + memset(YYY, 0, 10); >> + memset(ZZZ, 0, 10); >> + int res = YYY[one * 10]; /* BOOOM */ > > I'd expect the compiler could eventually be smart enough to figure > out the only valid access of YYY[something * 10] would be if something > is 0 and thus optimize (one would be read before and forgotten) the > access to YYY[0]. I'd write the test instead with volatile int ten = 10; > and s/one/ten/g plus YYY[ten]; and XXX[ten / 10]; and similarly for ZZZ. > Fixed. >> + res += XXX[one] + ZZZ[one]; >> + return res; > >> --- gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c (revision 0) >> @@ -0,0 +1,23 @@ >> +/* { dg-do run } */ >> +/* { dg-options "-fno-builtin-strncpy" } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +#include >> +int main(int argc, char **argv) { >> + char *hello = (char*)malloc(6); >> + strcpy(hello, "hello"); >> + char *short_buffer = (char*)malloc(9); >> + strncpy(short_buffer, hello, 10); /* BOOM */ >> + return short_buffer[8]; >> +} >> + >> +/* { dg-output "WRITE of size 1 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)strncpy|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(strncpy-overflow-1.c:11|\[?]\[?]:0)|\[(\]).*(\n|\r\n|\r)" } */ >> +/* { dg-output "0x\[0-9a-f\]+ is located 0 bytes to the right of 9-byte region\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(strncpy-overflow-1.c:10|\[?]\[?]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> + >> + >> Index: gcc/testsuite/c-c++-common/asan/rlimit-mmap-test-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/rlimit-mmap-test-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/rlimit-mmap-test-1.c (revision 0) >> @@ -0,0 +1,22 @@ >> +/* Check that we properly report mmap failure. */ >> + >> +/* { dg-do run } */ >> +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0 -m64" } } */ > > Again, what is 64-bit specific on this test? If you want to run > it just once, not iterate over all torture options, just do > /* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */ > Fixed. >> +/* { dg-require-effective-target "setrlimit" } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +#include >> +#include >> +#include >> + >> +static volatile void *x; >> + >> +int main(int argc, char **argv) { >> + struct rlimit mmap_resource_limit = { 0, 0 }; >> + assert(0 == setrlimit(RLIMIT_AS, &mmap_resource_limit)); > > Assert is too expensive with asan (see above). > Just do > if (setrlimit(RLIMIT_AS, &mmap_resource_limit)) return 1; > > return 0; wouldn't help here, as the output test would then fail. > > Fixed. >> --- gcc/testsuite/c-c++-common/asan/use-after-free-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/use-after-free-1.c (revision 0) >> @@ -0,0 +1,22 @@ >> +/* { dg-do run } */ >> +/* { dg-options "-fno-builtin-malloc" } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +int main() { >> + char *x = (char*)malloc(10 * sizeof(char)); > > Again, why the sizeof(char)? It is always 1. > Fixed. >> + free(x); >> + return x[5]; >> +} >> + >> +/* { dg-output "ERROR: AddressSanitizer:? heap-use-after-free on address\[^\n\r]*" } */ >> +/* { dg-output "0x\[0-9a-f\]+ at pc 0x\[0-9a-f\]+ bp 0x\[0-9a-f\]+ sp 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(use-after-free-1.c:9|\[?]\[?]:0)|\[(\]).*(\n|\r\n|\r)" } */ >> +/* { dg-output "0x\[0-9a-f\]+ is located 5 bytes inside of 10-byte region .0x\[0-9a-f\]+,0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "freed by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*free|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*main \[^\n\r]*(use-after-free-1.c:8|\[?]\[?]:0)|\[(\]).*(\n|\r\n|\r)" } */ >> +/* { dg-output "previously allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*main \[^\n\r]*(use-after-free-1.c:7|\[?]\[?]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> Index: gcc/testsuite/c-c++-common/asan/stack-use-after-return-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/stack-use-after-return-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/stack-use-after-return-1.c (revision 0) >> @@ -0,0 +1,31 @@ >> +/* { dg-do run } */ >> +/* { dg-shouldfail "asan" } */ >> +#include >> + >> +__attribute__((noinline)) >> +char *Ident(char *x) { >> + fprintf(stderr, "1: %p\n", x); >> + return x; >> +} >> + >> +__attribute__((noinline)) >> +char *Func1() { >> + char local; >> + return Ident(&local); >> +} >> + >> +__attribute__((noinline)) >> +void Func2(char *x) { >> + fprintf(stderr, "2: %p\n", x); >> + *x = 1; >> +} >> + >> +int main(int argc, char **argv) { >> + Func2(Func1()); >> + return 0; >> +} >> + >> +/* { dg-output "WRITE of size 1 \[^\n\r]* thread T0" } */ >> +/* { dg-output " #0\[^\n\r]*Func2\[^\n\r]*(stack-use-after-return.cc:24|\[?\]\[?\]:)" } */ >> +/* { dg-output "is located in frame <\[^\n\r]*Func1\[^\n\r]*> of T0's stack" } */ > > Doesn't this test in LLVM start with > // XFAIL: * > ? It does need the (for LLVM non-default?, for GCC not implemented yet) > expensive use-after-return mode where all stack vars are malloced/freed, > right? > So, I'd just /* { dg-do run { xfail *-*-* } } */ it for now or not add at > all. > I removed the test for now. >> --- gcc/testsuite/c-c++-common/asan/sanity-check-pure-c-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/sanity-check-pure-c-1.c (revision 0) >> @@ -0,0 +1,16 @@ >> +/* { dg-do run } */ > > -fno-builtin-malloc at least to dg-options? > Fixed. >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +int main() { >> + char *x = (char*)malloc(10 * sizeof(char)); >> + free(x); >> + return x[5]; >> +} >> + >> +/* { dg-output "heap-use-after-free.*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 \[^\n\r]*free\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 \[^\n\r]*(in main\[^\n\r]*(sanity-check-pure-c-1.c:7|\[?\]\[?\]:0)|\[(\]).*(\n|\r\n|\r)" } */ >> +/* { dg-output " #0 \[^\n\r]*(interceptor_|)malloc\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output " #1 \[^\n\r]*(in main\[^\n\r]*(sanity-check-pure-c-1.c:6|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ >> + >> Index: gcc/testsuite/c-c++-common/asan/clone-test-1.c >> =================================================================== >> --- gcc/testsuite/c-c++-common/asan/clone-test-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/clone-test-1.c (revision 0) >> @@ -0,0 +1,47 @@ >> +/* Regression test for: >> + http://code.google.com/p/address-sanitizer/issues/detail?id=37 */ >> + >> +/* { dg-do run } */ > > Please use /* { dg-do run { target *-*-linux* } } */ above too. > The test is really very Linux specific. > Fixed. >> --- gcc/testsuite/c-c++-common/asan/heap-overflow-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/heap-overflow-1.c (revision 0) >> @@ -0,0 +1,20 @@ >> +/* { dg-do run } */ >> +/* { dg-shouldfail "asan" } */ >> + >> +#include >> +#include >> +int main(int argc, char **argv) { >> + char *x = (char*)malloc(10 * sizeof(char)); >> + memset(x, 0, 10); >> + int res = x[argc * 10]; /* BOOOM */ >> + free(x); >> + return res; >> +} > > What has been said earlier about argc used in tests... > Plus -fno-builtin-malloc (and add -fno-builtin-free to all uses > of -fno-builtin-malloc too for all tests). > Fixed. >> --- gcc/testsuite/c-c++-common/asan/sleep-before-dying-1.c (revision 0) >> +++ gcc/testsuite/c-c++-common/asan/sleep-before-dying-1.c (revision 0) >> @@ -0,0 +1,13 @@ >> +/* { dg-do run } */ >> +/* { dg-env-var ASAN_OPTIONS "sleep_before_dying=1" } */ >> +/* { dg-skip-if "" { *-*-* } { "*" } { "-O2 -m64" } } */ > > As has been said several times. Fine to do it at one torture > option instead of iterating, but don't limit that to -m64 (and if yes, not > this way). Plus again dg-options -fno-builtin-malloc -fno-builtin-free. Fixed. > > Jakub Index: gcc/testsuite/g++.dg/asan/symbolize-callback-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/symbolize-callback-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/symbolize-callback-1.C (revision 0) @@ -0,0 +1,21 @@ +// { dg-do run } +// { dg-skip-if "" { *-*-* } { "*" } { "-O2" } } +// { dg-options "-fno-builtin-malloc -fno-builtin-free" } +// { dg-shouldfail "asan" } + +#include +#include + +extern "C" +bool __asan_symbolize(const void *pc, char *out_buffer, int out_size) { + snprintf(out_buffer, out_size, "MySymbolizer"); + return true; +} + +int main() { + char *x = (char*)malloc(10 * sizeof(char)); + free(x); + return x[5]; +} + +// { dg-output "MySymbolizer" } Index: gcc/testsuite/g++.dg/asan/shared-lib-test-1-so.cc =================================================================== --- gcc/testsuite/g++.dg/asan/shared-lib-test-1-so.cc (revision 0) +++ gcc/testsuite/g++.dg/asan/shared-lib-test-1-so.cc (revision 0) @@ -0,0 +1,20 @@ +//===----------- shared-lib-test-so.cc --------------------------*- C++ -*-===// +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This file is a part of AddressSanitizer, an address sanity checker. +// +//===----------------------------------------------------------------------===// + +#include + +int pad[10]; +int GLOB[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + +extern "C" +void inc(int index) { + GLOB[index]++; +} Index: gcc/testsuite/g++.dg/asan/deep-tail-call-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/deep-tail-call-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/deep-tail-call-1.C (revision 0) @@ -0,0 +1,21 @@ +// { dg-do run } +// { dg-options "-fno-omit-frame-pointer -fno-optimize-sibling-calls" } +// { dg-additional-options "-mno-omit-leaf-frame-pointer" { target { i?86-*-* x86_64-*-* } } } +// { dg-shouldfail "asan" } + +int global[10]; +void __attribute__((noinline)) call4(int i) { global[i+10]++; } +void __attribute__((noinline)) call3(int i) { call4(i); } +void __attribute__((noinline)) call2(int i) { call3(i); } +void __attribute__((noinline)) call1(int i) { call2(i); } +int main(int argc, char **argv) { + call1(argc); + return global[0]; +} + +// { dg-output "AddressSanitizer:? global-buffer-overflow.*(\n|\r\n|\r)" } +// { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*call4\[^\n\r]*|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*call3\[^\n\r]*|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #2 0x\[0-9a-f\]+ (in \[^\n\r]*call2\[^\n\r]*|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #3 0x\[0-9a-f\]+ (in \[^\n\r]*call1\[^\n\r]*|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #4 0x\[0-9a-f\]+ (in \[^\n\r]*main\[^\n\r]*|\[(\])\[^\n\r]*(\n|\r\n|\r)" } Index: gcc/testsuite/g++.dg/asan/default-options-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/default-options-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/default-options-1.C (revision 0) @@ -0,0 +1,15 @@ +// { dg-do run } + +const char *kAsanDefaultOptions="verbosity=1 foo=bar"; + +extern "C" +__attribute__((no_address_safety_analysis)) +const char *__asan_default_options() { + return kAsanDefaultOptions; +} + +int main() { + return 0; +} + +// { dg-output "Using the defaults from __asan_default_options:.* foo=bar.*(\n|\r\n|\r)" } Index: gcc/testsuite/g++.dg/asan/interception-test-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/interception-test-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/interception-test-1.C (revision 0) @@ -0,0 +1,23 @@ +// ASan interceptor can be accessed with __interceptor_ prefix. + +// { dg-do run } +// { dg-options "-fno-builtin-malloc -fno-builtin-free" } +// { dg-shouldfail "asan" } + +#include +#include + +extern "C" long __interceptor_strtol(const char *nptr, char **endptr, int base); +extern "C" long strtol(const char *nptr, char **endptr, int base) { + fprintf(stderr, "my_strtol_interceptor\n"); + return __interceptor_strtol(nptr, endptr, base); +} + +int main() { + char *x = (char*)malloc(10); + free(x); + return (int)strtol(x, 0, 10); +} + +// { dg-output "my_strtol_interceptor.*(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*heap-use-after-free" } Index: gcc/testsuite/g++.dg/asan/dlclose-test-1-so.cc =================================================================== --- gcc/testsuite/g++.dg/asan/dlclose-test-1-so.cc (revision 0) +++ gcc/testsuite/g++.dg/asan/dlclose-test-1-so.cc (revision 0) @@ -0,0 +1,32 @@ +//===----------- dlclose-test-so.cc -----------------------------*- C++ -*-===// +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This file is a part of AddressSanitizer, an address sanity checker. +// +// Regression test for +// http://code.google.com/p/address-sanitizer/issues/detail?id=19 +//===----------------------------------------------------------------------===// + +#include + +static int pad1; +static int static_var; +static int pad2; + +extern "C" +int *get_address_of_static_var() { + return &static_var; +} + +__attribute__((constructor)) +void at_dlopen() { + printf("%s: I am being dlopened\n", __FILE__); +} +__attribute__((destructor)) +void at_dlclose() { + printf("%s: I am being dlclosed\n", __FILE__); +} Index: gcc/testsuite/g++.dg/asan/deep-thread-stack-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/deep-thread-stack-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/deep-thread-stack-1.C (revision 0) @@ -0,0 +1,55 @@ +// { dg-do run { target pthread } } +// { dg-shouldfail "asan" } + +#include + +int *x; + +void *AllocThread(void *arg) { + x = new int; + *x = 42; + return NULL; +} + +void *FreeThread(void *arg) { + delete x; + return NULL; +} + +void *AccessThread(void *arg) { + *x = 43; // BOOM + return NULL; +} + +typedef void* (*callback_type)(void* arg); + +void *RunnerThread(void *function) { + pthread_t thread; + pthread_create(&thread, NULL, (callback_type)function, NULL); + pthread_join(thread, NULL); + return NULL; +} + +void RunThread(callback_type function) { + pthread_t runner; + pthread_create(&runner, NULL, RunnerThread, (void*)function); + pthread_join(runner, NULL); +} + +int main(int argc, char *argv[]) { + RunThread(AllocThread); + RunThread(FreeThread); + RunThread(AccessThread); + return (x != 0); +} + +// { dg-output "ERROR: AddressSanitizer: heap-use-after-free.*(\n|\r\n|\r)" } +// { dg-output "WRITE of size 4 at 0x\[0-9a-f\]+ thread T(\[0-9\]+).*(\n|\r\n|\r)" } +// { dg-output "freed by thread T(\[0-9\]+) here:.*(\n|\r\n|\r)" } +// { dg-output "previously allocated by thread T(\[0-9\]+) here:.*(\n|\r\n|\r)" } +// { dg-output "Thread T\\2 created by T(\[0-9\]+) here:.*(\n|\r\n|\r)" } +// { dg-output "Thread T\\8 created by T0 here:.*(\n|\r\n|\r)" } +// { dg-output "Thread T\\4 created by T(\[0-9\]+) here:.*(\n|\r\n|\r)" } +// { dg-output "Thread T\\11 created by T0 here:.*(\n|\r\n|\r)" } +// { dg-output "Thread T\\6 created by T(\[0-9\]+) here:.*(\n|\r\n|\r)" } +// { dg-output "Thread T\\14 created by T0 here:" } Index: gcc/testsuite/g++.dg/asan/interception-malloc-test-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/interception-malloc-test-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/interception-malloc-test-1.C (revision 0) @@ -0,0 +1,24 @@ +// ASan interceptor can be accessed with __interceptor_ prefix. + +// { dg-do run } +// { dg-options "-fno-builtin-free" } +// { dg-shouldfail "asan" } + +#include +#include +#include + +extern "C" void *__interceptor_malloc(size_t size); +extern "C" void *malloc(size_t size) { + write(2, "malloc call\n", sizeof("malloc call\n") - 1); + return __interceptor_malloc(size); +} + +int main() { + char *x = (char*)malloc(10 * sizeof(char)); + free(x); + return (int)strtol(x, 0, 10); +} + +// { dg-output "malloc call.*(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*heap-use-after-free" } Index: gcc/testsuite/g++.dg/asan/deep-stack-uaf-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/deep-stack-uaf-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/deep-stack-uaf-1.C (revision 0) @@ -0,0 +1,38 @@ +// Check that we can store lots of stack frames if asked to. + +// { dg-do run } +// { dg-set-target-env-var ASAN_OPTIONS "malloc_context_size=120:redzone=512" } +// { dg-options "-fno-omit-frame-pointer -fno-optimize-sibling-calls" } +// { dg-additional-options "-mno-omit-leaf-frame-pointer" { target { i?86-*-* x86_64-*-* } } } +// { dg-shouldfail "asan" } + +#include +#include + +template +struct DeepFree { + static void __attribute__((noinline)) + free(char *x) { + DeepFree::free(x); + } +}; + +template<> +struct DeepFree<0> { + static void __attribute__((noinline)) + free(char *x) { + ::free(x); + } +}; + +int main() { + char *x = new char[10]; + // deep_free(x); + DeepFree<200>::free(x); + return x[5]; +} + +// { dg-output "ERROR: AddressSanitizer:? heap-use-after-free on address.*(\n|\r\n|\r)" } +// { dg-output " #37 0x\[0-9a-f\]+ (in \[^\n\r]*DeepFree\[^\n\r]*36|\[(\]).*(\n|\r\n|\r)" } +// { dg-output " #99 0x\[0-9a-f\]+ (in \[^\n\r]*DeepFree\[^\n\r]*98|\[(\]).*(\n|\r\n|\r)" } +// { dg-output " #116 0x\[0-9a-f\]+ (in \[^\n\r]*DeepFree\[^\n\r]*115|\[(\])\[^\n\r]*(\n|\r\n|\r)" } Index: gcc/testsuite/g++.dg/asan/large-func-test-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/large-func-test-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/large-func-test-1.C (revision 0) @@ -0,0 +1,47 @@ +// { dg-do run } +// { dg-shouldfail "asan" } + +#include +__attribute__((noinline)) +static void LargeFunction(int *x, int zero) { + x[0]++; + x[1]++; + x[2]++; + x[3]++; + x[4]++; + x[5]++; + x[6]++; + x[7]++; + x[8]++; + x[9]++; + + x[zero + 111]++; // we should report this exact line + + x[10]++; + x[11]++; + x[12]++; + x[13]++; + x[14]++; + x[15]++; + x[16]++; + x[17]++; + x[18]++; + x[19]++; +} + +int main(int argc, char **argv) { + int *x = new int[100]; + LargeFunction(x, argc - 1); + delete x; +} + +// { dg-output "ERROR: AddressSanitizer:? heap-buffer-overflow on address\[^\n\r]*" } +// { dg-output "0x\[0-9a-f\]+ at pc 0x\[0-9a-f\]+ bp 0x\[0-9a-f\]+ sp 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output "READ of size 4 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*LargeFunction\[^\n\r]*(large-func-test-1.C:18|\[?\]\[?\]:0)|\[(\]).*(\n|\r\n|\r)" } +// { dg-output "0x\[0-9a-f\]+ is located 44 bytes to the right of 400-byte region.*(\n|\r\n|\r)" } +// { dg-output "allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #1 0x\[0-9a-f\]+ (in (operator new|_Znwm)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #2 0x\[0-9a-f\]+ (in (operator new|_Znam)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } +// { dg-output " #3 0x\[0-9a-f\]+ (in _*main\[^\n\r]*(large-func-test-1.C:33|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } Index: gcc/testsuite/g++.dg/asan/interception-failure-test-1.C =================================================================== --- gcc/testsuite/g++.dg/asan/interception-failure-test-1.C (revision 0) +++ gcc/testsuite/g++.dg/asan/interception-failure-test-1.C (revision 0) @@ -0,0 +1,22 @@ +// If user provides his own libc functions, ASan doesn't +// intercept these functions. + +// { dg-do run } +// { dg-options "-fno-builtin-malloc -fno-builtin-free" } + +#include +#include + +extern "C" long strtol(const char *nptr, char **endptr, int base) { + fprintf(stderr, "my_strtol_interceptor\n"); + return 0; +} + +int main() { + char *x = (char*)malloc(10 * sizeof(char)); + free(x); + return (int)strtol(x, 0, 10); + // CHECK: my_strtol_interceptor +} + +// { dg-output "my_strtol_interceptor" } Index: gcc/testsuite/c-c++-common/asan/strip-path-prefix-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/strip-path-prefix-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/strip-path-prefix-1.c (revision 0) @@ -0,0 +1,15 @@ +/* { dg-do run } */ +/* { dg-skip-if "" { *-*-* } { "*" } { "-O2" } } */ +/* { dg-set-target-env-var ASAN_OPTIONS "strip_path_prefix='/'" } */ +/* { dg-options "-fno-builtin-malloc -fno-builtin-free" } */ +/* { dg-shouldfail "asan" } */ + +#include +int main() { + char *x = (char*)malloc(10 * sizeof(char)); + free(x); + return x[5]; +} + +/* { dg-output "heap-use-after-free.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ \[(\]\[^/\]\[^\n\r]*(\n|\r\n|\r)" } */ Index: gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/force-inline-opt0-1.c (revision 0) @@ -0,0 +1,17 @@ +/* This test checks that we are no instrumenting a memory access twice + (before and after inlining) */ + +/* { dg-do compile } */ +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" "-O1" } } */ +/* { dg-final { scan-assembler-not "__asan_report_load" } } */ + +__attribute__((always_inline)) +inline void foo(int *x) { + *x = 0; +} + +int main() { + int x; + foo(&x); + return x; +} Index: gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c (revision 0) @@ -0,0 +1,61 @@ +/* Check that ASan plays well with easy cases of makecontext/swapcontext. */ + +/* { dg-do run { target swapcontext } } */ + +#include +#include +#include + +ucontext_t orig_context; +ucontext_t child_context; + +void Child(int mode) { + char x[32] = {0}; /* Stack gets poisoned. */ + printf("Child: %p\n", x); + /* (a) Do nothing, just return to parent function. + (b) Jump into the original function. Stack remains poisoned unless we do + something. */ + if (mode == 1) { + if (swapcontext(&child_context, &orig_context) < 0) { + perror("swapcontext"); + _exit(0); + } + } +} + +int Run(int arg, int mode) { + int i; + const int kStackSize = 1 << 20; + char child_stack[kStackSize + 1]; + printf("Child stack: %p\n", child_stack); + /* Setup child context. */ + getcontext(&child_context); + child_context.uc_stack.ss_sp = child_stack; + child_context.uc_stack.ss_size = kStackSize / 2; + if (mode == 0) { + child_context.uc_link = &orig_context; + } + makecontext(&child_context, (void (*)())Child, 1, mode); + if (swapcontext(&orig_context, &child_context) < 0) { + perror("swapcontext"); + return 0; + } + /* Touch childs's stack to make sure it's unpoisoned. */ + for (i = 0; i < kStackSize; i++) { + child_stack[i] = i; + } + return child_stack[arg]; +} + +int main(int argc, char **argv) { + int ret = 0; + ret += Run(argc - 1, 0); + printf("Test1 passed\n"); + ret += Run(argc - 1, 1); + printf("Test2 passed\n"); + return ret; +} + +/* { dg-output "WARNING: ASan doesn't fully support makecontext/swapcontext.*" } */ +/* { dg-output "Test1 passed.*" } */ +/* { dg-output "Test2 passed.*" } */ Index: gcc/testsuite/c-c++-common/asan/null-deref-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/null-deref-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/null-deref-1.c (revision 0) @@ -0,0 +1,16 @@ +/* { dg-do run } */ +/* { dg-shouldfail "asan" } */ + +__attribute__((noinline, noclone)) +static void NullDeref(int *ptr) { + ptr[10]++; +} +int main() { + NullDeref((int*)0); +} + +/* { dg-output "ERROR: AddressSanitizer:? SEGV on unknown address.*" } */ +/* { dg-output "0x\[0-9a-f\]+ .*pc 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "AddressSanitizer can not provide additional info.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*NullDeref\[^\n\r]*(null-deref-1.c:6|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*main\[^\n\r]*(null-deref-1.c:9|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ Index: gcc/testsuite/c-c++-common/asan/global-overflow-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/global-overflow-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/global-overflow-1.c (revision 0) @@ -0,0 +1,22 @@ +/* { dg-do run } */ +/* { dg-shouldfail "asan" } */ + +#include +volatile int ten = 10; + +int main() { + static char XXX[10]; + static char YYY[10]; + static char ZZZ[10]; + memset(XXX, 0, 10); + memset(YYY, 0, 10); + memset(ZZZ, 0, 10); + int res = YYY[ten]; /* BOOOM */ + res += XXX[ten/10] + ZZZ[ten/10]; + return res; +} + +/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*main .*global-overflow.cc:14|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "0x\[0-9a-f\]+ is located 0 bytes to the right of global variable.*(\n|\r\n|\r)" } */ +/* { dg-output ".*YYY.* of size 10.*(\n|\r\n|\r)" } */ Index: gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c (revision 0) @@ -0,0 +1,23 @@ +/* { dg-do run } */ +/* { dg-options "-fno-builtin-malloc -fno-builtin-strncpy" } */ +/* { dg-shouldfail "asan" } */ + +#include +#include +int main(int argc, char **argv) { + char *hello = (char*)malloc(6); + strcpy(hello, "hello"); + char *short_buffer = (char*)malloc(9); + strncpy(short_buffer, hello, 10); /* BOOM */ + return short_buffer[8]; +} + +/* { dg-output "WRITE of size 1 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)strncpy|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(strncpy-overflow-1.c:11|\[?]\[?]:0)|\[(\]).*(\n|\r\n|\r)" } */ +/* { dg-output "0x\[0-9a-f\]+ is located 0 bytes to the right of 9-byte region\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(strncpy-overflow-1.c:10|\[?]\[?]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ + + Index: gcc/testsuite/c-c++-common/asan/rlimit-mmap-test-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/rlimit-mmap-test-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/rlimit-mmap-test-1.c (revision 0) @@ -0,0 +1,21 @@ +/* Check that we properly report mmap failure. */ + +/* { dg-do run { target setrlimit } } */ +/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */ +/* { dg-shouldfail "asan" } */ + +#include +#include +#include +#include + +static volatile void *x; + +int main(int argc, char **argv) { + struct rlimit mmap_resource_limit = { 0, 0 }; + if (setrlimit(RLIMIT_AS, &mmap_resource_limit)) return 1; + x = malloc(10000000); + return 0; +} + +/* { dg-output "AddressSanitizer is unable to mmap" } */ Index: gcc/testsuite/c-c++-common/asan/stack-overflow-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/stack-overflow-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/stack-overflow-1.c (revision 0) @@ -0,0 +1,18 @@ +/* { dg-do run } */ +/* { dg-options "-fno-builtin-memset" } */ +/* { dg-shouldfail "asan" } */ + +volatile int ten = 10; + +#include + +int main() { + char x[10]; + memset(x, 0, 10); + int res = x[ten]; /* BOOOM */ + return res; +} + +/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(stack-overflow-1.c:12|\[?\]\[?\]:0)|\[(\]).*(\n|\r\n|\r)" } */ +/* { dg-output "Address 0x\[0-9a-f\]+ is\[^\n\r]*frame
" } */ Index: gcc/testsuite/c-c++-common/asan/use-after-free-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/use-after-free-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/use-after-free-1.c (revision 0) @@ -0,0 +1,22 @@ +/* { dg-do run } */ +/* { dg-options "-fno-builtin-malloc -fno-builtin-free" } */ +/* { dg-shouldfail "asan" } */ + +#include +int main() { + char *x = (char*)malloc(10); + free(x); + return x[5]; +} + +/* { dg-output "ERROR: AddressSanitizer:? heap-use-after-free on address\[^\n\r]*" } */ +/* { dg-output "0x\[0-9a-f\]+ at pc 0x\[0-9a-f\]+ bp 0x\[0-9a-f\]+ sp 0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*main \[^\n\r]*(use-after-free-1.c:9|\[?]\[?]:0)|\[(\]).*(\n|\r\n|\r)" } */ +/* { dg-output "0x\[0-9a-f\]+ is located 5 bytes inside of 10-byte region .0x\[0-9a-f\]+,0x\[0-9a-f\]+\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "freed by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*free|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*main \[^\n\r]*(use-after-free-1.c:8|\[?]\[?]:0)|\[(\]).*(\n|\r\n|\r)" } */ +/* { dg-output "previously allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in \[^\n\r]*malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in \[^\n\r]*main \[^\n\r]*(use-after-free-1.c:7|\[?]\[?]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ Index: gcc/testsuite/c-c++-common/asan/sanity-check-pure-c-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/sanity-check-pure-c-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/sanity-check-pure-c-1.c (revision 0) @@ -0,0 +1,17 @@ +/* { dg-do run } */ +/* { dg-options "-fno-builtin-malloc -fno-builtin-free" } */ +/* { dg-shouldfail "asan" } */ + +#include +int main() { + char *x = (char*)malloc(10 * sizeof(char)); + free(x); + return x[5]; +} + +/* { dg-output "heap-use-after-free.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 \[^\n\r]*free\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 \[^\n\r]*(in main\[^\n\r]*(sanity-check-pure-c-1.c:8|\[?\]\[?\]:0)|\[(\]).*(\n|\r\n|\r)" } */ +/* { dg-output " #0 \[^\n\r]*(interceptor_|)malloc\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 \[^\n\r]*(in main\[^\n\r]*(sanity-check-pure-c-1.c:7|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ + Index: gcc/testsuite/c-c++-common/asan/clone-test-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/clone-test-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/clone-test-1.c (revision 0) @@ -0,0 +1,47 @@ +/* Regression test for: + http://code.google.com/p/address-sanitizer/issues/detail?id=37 */ + +/* { dg-do run { target { *-*-linux* } } } */ +/* { dg-require-effective-target clone } */ +/* { dg-options "-D_GNU_SOURCE" } */ +/* { dg-shouldfail "asan" } */ + +#include +#include +#include +#include +#include +#include +#include + +int Child(void *arg) { + char x[32] = {0}; /* Stack gets poisoned. */ + printf("Child: %p\n", x); + _exit(1); /* NoReturn, stack will remain unpoisoned unless we do something. */ +} + +int main(int argc, char **argv) { + int i; + const int kStackSize = 1 << 20; + char child_stack[kStackSize + 1]; + char *sp = child_stack + kStackSize; /* Stack grows down. */ + printf("Parent: %p\n", sp); + pid_t clone_pid = clone(Child, sp, CLONE_FILES | CLONE_VM, NULL, 0, 0, 0); + int status; + pid_t wait_result = waitpid(clone_pid, &status, __WCLONE); + if (wait_result < 0) { + perror("waitpid"); + return 0; + } + if (wait_result == clone_pid && WIFEXITED(status)) { + /* Make sure the child stack was indeed unpoisoned. */ + for (i = 0; i < kStackSize; i++) + child_stack[i] = i; + int ret = child_stack[argc - 1]; + printf("PASSED\n"); + return ret; + } + return 0; +} + +/* { dg-output "PASSED" } */ Index: gcc/testsuite/c-c++-common/asan/heap-overflow-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/heap-overflow-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/heap-overflow-1.c (revision 0) @@ -0,0 +1,21 @@ +/* { dg-do run } */ +/* { dg-options "-fno-builtin-malloc -fno-builtin-free -fno-builtin-memset" } */ +/* { dg-shouldfail "asan" } */ + +#include +#include +int main(int argc, char **argv) { + char *x = (char*)malloc(10 * sizeof(char)); + memset(x, 0, 10); + int res = x[argc * 10]; /* BOOOM */ + free(x); + return res; +} + +/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*main .*(heap-overflow-1.c:10|\[?\]\[?\]:0)|\[(\]).*(\n|\r\n|\r)" } */ +/* { dg-output "0x\[0-9a-f\]+ is located 0 bytes to the right of 10-byte region\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in .*malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main .*(heap-overflow-1.c:8|\[?\]\[?\]:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ + Index: gcc/testsuite/c-c++-common/asan/sleep-before-dying-1.c =================================================================== --- gcc/testsuite/c-c++-common/asan/sleep-before-dying-1.c (revision 0) +++ gcc/testsuite/c-c++-common/asan/sleep-before-dying-1.c (revision 0) @@ -0,0 +1,14 @@ +/* { dg-do run } */ +/* { dg-set-target-env-var ASAN_OPTIONS "sleep_before_dying=1" } */ +/* { dg-skip-if "" { *-*-* } { "*" } { "-O2" } } */ +/* { dg-options "-fno-builtin-malloc -fno-builtin-free" } */ +/* { dg-shouldfail "asan" } */ + +#include +int main() { + char *x = (char*)malloc(10 * sizeof(char)); + free(x); + return x[5]; +} + +/* { dg-output "Sleeping for 1 second" } */ Index: gcc/testsuite/lib/target-supports.exp =================================================================== --- gcc/testsuite/lib/target-supports.exp (revision 194156) +++ gcc/testsuite/lib/target-supports.exp (working copy) @@ -719,6 +719,26 @@ proc check_effective_target_mmap {} { return [check_function_available "mmap"] } +# Return 1 if the target supports dlopen, 0 otherwise. +proc check_effective_target_dlopen {} { + return [check_function_available "dlopen"] +} + +# Return 1 if the target supports clone, 0 otherwise. +proc check_effective_target_clone {} { + return [check_function_available "clone"] +} + +# Return 1 if the target supports setrlimit, 0 otherwise. +proc check_effective_target_setrlimit {} { + return [check_function_available "setrlimit"] +} + +# Return 1 if the target supports swapcontext, 0 otherwise. +proc check_effective_target_swapcontext {} { + return [check_function_available "swapcontext"] +} + # Return 1 if compilation with -pthread is error-free for trivial # code, 0 otherwise. Index: gcc/testsuite/lib/gcc-dg.exp =================================================================== --- gcc/testsuite/lib/gcc-dg.exp (revision 194156) +++ gcc/testsuite/lib/gcc-dg.exp (working copy) @@ -254,7 +254,19 @@ if { [info procs ${tool}_load] != [list] proc ${tool}_load { program args } { global tool global shouldfail + global set_target_env_var + + set saved_target_env_var [list] + if { [llength $set_target_env_var] != 0 } { + if { [is_remote target] } { + return [list "unsupported" ""] + } + set-target-env-var + } set result [eval [list saved_${tool}_load $program] $args] + if { [llength $set_target_env_var] != 0 } { + restore-target-env-var + } if { $shouldfail != 0 } { switch [lindex $result 0] { "pass" { set status "fail" } @@ -266,6 +278,37 @@ if { [info procs ${tool}_load] != [list] } } +proc dg-set-target-env-var { args } { + global set_target_env_var + if { [llength $args] != 3 } { + error "[lindex $args 1]: need two arguments" + return + } + lappend set_target_env_var [list [lindex $args 1] [lindex $args 2]] +} + +proc set-target-env-var { } { + global set_target_env_var + upvar 1 saved_target_env_var saved_target_env_var + foreach env_var $set_target_env_var { + set var [lindex $env_var 0] + set value [lindex $env_var 1] + if [info exists env($var)] { + lappend saved_target_env_var [list $var $env($var)] + } + setenv $var $value + } +} + +proc restore-target-env-var { } { + upvar 1 saved_target_env_var saved_target_env_var + foreach env_var $saved_target_env_var { + set var [lindex $env_var 0] + set value [lindex $env_var 1] + unsetenv $var $value + } +} + # Utility routines. # @@ -287,6 +330,10 @@ proc search_for { file pattern } { # as c-torture does. proc gcc-dg-runtest { testcases default-extra-flags } { global runtests + global set_target_env_var + + # Init set_target_env_var + set set_target_env_var [list] # Some callers set torture options themselves; don't override those. set existing_torture_options [torture-options-exist]