From 9f05349d7534a40c23684f9efd3338c3d958df19 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Wed, 5 Sep 2018 01:16:50 +0000 Subject: [hwasan] print thread IDs when reporting a bug (also had to fix pthread_create on Linux) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341438 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/hwasan/TestCases/many-threads-uaf.c | 13 +++++----- test/hwasan/TestCases/thread-uaf.c | 44 +++++++++++++++++++++++++++----- 2 files changed, 44 insertions(+), 13 deletions(-) (limited to 'test/hwasan') diff --git a/test/hwasan/TestCases/many-threads-uaf.c b/test/hwasan/TestCases/many-threads-uaf.c index 4f58b3e35..3a79cb37b 100644 --- a/test/hwasan/TestCases/many-threads-uaf.c +++ b/test/hwasan/TestCases/many-threads-uaf.c @@ -14,12 +14,12 @@ void *BoringThread(void *arg) { return NULL; } -// CHECK: Creating : thread {{.*}} id: 0 -// CHECK: Creating : thread {{.*}} id: 1 -// CHECK: Destroying: thread {{.*}} id: 1 -// CHECK: Creating : thread {{.*}} id: 1100 -// CHECK: Destroying: thread {{.*}} id: 1100 -// CHECK: Creating : thread {{.*}} id: 1101 +// CHECK: Creating : T0 +// CHECK: Creating : T1 +// CHECK: Destroying: T1 +// CHECK: Creating : T1100 +// CHECK: Destroying: T1100 +// CHECK: Creating : T1101 void *UAFThread(void *arg) { char * volatile x = (char*)malloc(10); @@ -29,6 +29,7 @@ void *UAFThread(void *arg) { // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address // CHECK: WRITE of size 1 // CHECK: many-threads-uaf.c:[[@LINE-3]] + // CHECK: Thread: T1101 return NULL; } diff --git a/test/hwasan/TestCases/thread-uaf.c b/test/hwasan/TestCases/thread-uaf.c index f64cebaab..200b35a79 100644 --- a/test/hwasan/TestCases/thread-uaf.c +++ b/test/hwasan/TestCases/thread-uaf.c @@ -1,3 +1,5 @@ +// Tests UAF detection where Allocate/Deallocate/Use +// happen in separate threads. // RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s // REQUIRES: stable-runtime @@ -7,20 +9,48 @@ #include -void *Thread(void *arg) { - char * volatile x = (char*)malloc(10); - fprintf(stderr, "ZZZ %p\n", x); +char *volatile x; +int state; + +void *Allocate(void *arg) { + x = (char*)malloc(10); + __sync_fetch_and_add(&state, 1); + while (__sync_fetch_and_add(&state, 0) != 3) {} + return NULL; +} +void *Deallocate(void *arg) { + while (__sync_fetch_and_add(&state, 0) != 1) {} free(x); + __sync_fetch_and_add(&state, 1); + while (__sync_fetch_and_add(&state, 0) != 3) {} + return NULL; +} + +void *Use(void *arg) { + while (__sync_fetch_and_add(&state, 0) != 2) {} x[5] = 42; // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address - // CHECK: WRITE of size 1 + // CHECK: WRITE of size 1 {{.*}} in thread T3 // CHECK: thread-uaf.c:[[@LINE-3]] + // CHECK: freed by thread T2 here + // CHECK: in Deallocate + // CHECK: previously allocated here: + // CHECK: in Allocate + // CHECK: Thread: T2 0x + // CHECK: Thread: T3 0x + __sync_fetch_and_add(&state, 1); return NULL; } int main() { __hwasan_enable_allocator_tagging(); - pthread_t t; - pthread_create(&t, NULL, Thread, NULL); - pthread_join(t, NULL); + pthread_t t1, t2, t3; + + pthread_create(&t1, NULL, Allocate, NULL); + pthread_create(&t2, NULL, Deallocate, NULL); + pthread_create(&t3, NULL, Use, NULL); + + pthread_join(t1, NULL); + pthread_join(t2, NULL); + pthread_join(t3, NULL); } -- cgit v1.2.1