reference, declarationdefinition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced

    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66

// Test how stack frames are reported (not fully implemented yet).
// RUN: %clang_hwasan %s -o %t
// RUN: not %run %t 3 2 -1 2>&1 | FileCheck %s --check-prefix=R321
// REQUIRES: stable-runtime
#include <stdint.h>
#include <stdlib.h>
void USE(void *x) { // pretend_to_do_something(void *x)
  __asm__ __volatile__("" : : "r" (x) : "memory");
}
void USE2(void *a, void *b) { USE(a); USE(b); }
void USE4(void *a, void *b, void *c, void *d) { USE2(a, b); USE2(c, d); }

void BAR(int depth, int err_depth, int offset);

uint64_t *leaked_ptr;

void FOO(int depth, int err_depth, int offset) {
  uint8_t v1;
  uint16_t v2;
  uint32_t v4;
  uint64_t v8;
  uint64_t v16[2];
  uint64_t v32[4];
  uint64_t v48[3];
  USE4(&v1, &v2, &v4, &v8);  USE4(&v16, &v32, &v48, 0);
  leaked_ptr = &v16[0];
  if (depth)
    BAR(depth - 1, err_depth, offset);

  if (err_depth == depth)
    v16[offset] = 0;  // maybe OOB.
  if (err_depth == -depth)
    leaked_ptr[offset] = 0; // maybe UAR.
  USE(&v16);
}

void BAR(int depth, int err_depth, int offset) {
  uint64_t x16[2];
  uint64_t x32[4];
  USE2(&x16, &x32);
  leaked_ptr = &x16[0];
  if (depth)
    FOO(depth - 1, err_depth, offset);
  if (err_depth == depth)
    x16[offset] = 0;  // maybe OOB
  if (err_depth == -depth)
    leaked_ptr[offset] = 0;  // maybe UAR
  USE(&x16);
}


int main(int argc, char **argv) {
  if (argc != 4) return -1;
  int depth = atoi(argv[1]);
  int err_depth = atoi(argv[2]);
  int offset = atoi(argv[3]);
  FOO(depth, err_depth, offset);
  return 0;
}

// R321: HWAddressSanitizer: tag-mismatch
// R321-NEXT: WRITE of size 8
// R321-NEXT: in BAR
// R321-NEXT: in FOO
// R321-NEXT: in main
// R321: is located in stack of thread T0