diff options
| author | Peter Collingbourne <peter@pcc.me.uk> | 2019-06-27 23:16:13 +0000 |
|---|---|---|
| committer | Peter Collingbourne <peter@pcc.me.uk> | 2019-06-27 23:16:13 +0000 |
| commit | de3285c6c57be31b1a67cc1e5fdbd485c6b373f6 (patch) | |
| tree | 62413f6315b898a5e5d2314631eca0b728b711ae /test | |
| parent | 86555a91ea4243290620d034e0c200daba8de46f (diff) | |
| download | compiler-rt-de3285c6c57be31b1a67cc1e5fdbd485c6b373f6.tar.gz | |
hwasan: Teach the runtime to identify the local variable being accessed in UAR reports.
Each function's PC is recorded in the ring buffer. From there we can access
the function's local variables and reconstruct the tag of each one with the
help of the information printed by llvm-symbolizer's new FRAME command. We
can then find the variable that was likely being accessed by matching the
pointer's tag against the reconstructed tag.
Differential Revision: https://reviews.llvm.org/D63469
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@364607 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test')
| -rw-r--r-- | test/hwasan/TestCases/stack-uar-dynamic.c | 23 | ||||
| -rw-r--r-- | test/hwasan/TestCases/stack-uar-realign.c | 20 | ||||
| -rw-r--r-- | test/hwasan/TestCases/stack-uar.c | 23 |
3 files changed, 53 insertions, 13 deletions
diff --git a/test/hwasan/TestCases/stack-uar-dynamic.c b/test/hwasan/TestCases/stack-uar-dynamic.c new file mode 100644 index 000000000..4fb8a9006 --- /dev/null +++ b/test/hwasan/TestCases/stack-uar-dynamic.c @@ -0,0 +1,23 @@ +// RUN: %clang_hwasan -g %s -o %t && not %run %t 2>&1 | FileCheck %s + +// Dynamic allocation of stack objects does not affect FP, so the backend should +// still be using FP-relative debug info locations that we can use to find stack +// objects. + +__attribute((noinline)) +char *buggy(int b) { + char c[64]; + char *volatile p = c; + if (b) { + p = __builtin_alloca(64); + p = c; + } + return p; +} + +int main() { + char *p = buggy(1); + // CHECK: Potentially referenced stack objects: + // CHECK-NEXT: c in buggy + p[0] = 0; +} diff --git a/test/hwasan/TestCases/stack-uar-realign.c b/test/hwasan/TestCases/stack-uar-realign.c new file mode 100644 index 000000000..fdd95651f --- /dev/null +++ b/test/hwasan/TestCases/stack-uar-realign.c @@ -0,0 +1,20 @@ +// RUN: %clang_hwasan -g %s -o %t && not %run %t 2>&1 | FileCheck %s + +// Dynamic stack realignment causes debug info locations to use non-FP-relative +// offsets because stack frames are realigned below FP, which means that we +// can't associate addresses with stack objects in this case. Ideally we should +// be able to handle this case somehow (e.g. by using a different register for +// DW_AT_frame_base) but at least we shouldn't get confused by it. + +__attribute((noinline)) +char *buggy() { + _Alignas(64) char c[64]; + char *volatile p = c; + return p; +} + +int main() { + char *p = buggy(); + // CHECK-NOT: Potentially referenced stack objects: + p[0] = 0; +} diff --git a/test/hwasan/TestCases/stack-uar.c b/test/hwasan/TestCases/stack-uar.c index 8b308a511..9a7e357f1 100644 --- a/test/hwasan/TestCases/stack-uar.c +++ b/test/hwasan/TestCases/stack-uar.c @@ -1,6 +1,6 @@ // Tests use-after-return detection and reporting. -// RUN: %clang_hwasan -O0 -fno-discard-value-names %s -o %t && not %run %t 2>&1 | FileCheck %s -// RUN: %clang_hwasan -O0 -fno-discard-value-names %s -o %t && not %env_hwasan_opts=symbolize=0 %run %t 2>&1 | FileCheck %s --check-prefix=NOSYM +// RUN: %clang_hwasan -g %s -o %t && not %run %t 2>&1 | FileCheck %s +// RUN: %clang_hwasan -g %s -o %t && not %env_hwasan_opts=symbolize=0 %run %t 2>&1 | FileCheck %s --check-prefix=NOSYM // REQUIRES: stable-runtime @@ -28,19 +28,16 @@ int main() { // CHECK: READ of size 1 at // CHECK: #0 {{.*}} in main{{.*}}stack-uar.c:[[@LINE-2]] // CHECK: is located in stack of thread - // CHECK: Previously allocated frames: - // CHECK: Unrelated3 - // CHECK: 16 CCC - // CHECK: Unrelated2 - // CHECK: 12 BB - // CHECK: Unrelated1 - // CHECK: 8 A - // CHECK: buggy - // CHECK: 4096 zzz + // CHECK: Potentially referenced stack objects: + // CHECK-NEXT: zzz in buggy {{.*}}stack-uar.c:[[@LINE-19]] + // CHECK-NEXT: Memory tags around the buggy address // NOSYM: Previously allocated frames: - // NOSYM-NEXT: sp: 0x{{.*}} #0 0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}} - // NOSYM-NEXT: 16 CCC; + // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}} + // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}} + // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}} + // NOSYM-NEXT: record_addr:0x{{.*}} record:0x{{.*}} ({{.*}}/stack-uar.c.tmp+0x{{.*}}){{$}} + // NOSYM-NEXT: Memory tags around the buggy address // CHECK: SUMMARY: HWAddressSanitizer: tag-mismatch {{.*}} in main } |