This is an archive of the discontinued LLVM Phabricator instance.

Add end-to-end tests for overflows of byval arguments.
ClosedPublic

Authored by morehouse on Jun 29 2017, 11:50 AM.

Diff Detail

Event Timeline

morehouse created this revision.Jun 29 2017, 11:50 AM
morehouse edited the summary of this revision. (Show Details)Jun 29 2017, 11:51 AM
eugenis added inline comments.Jun 29 2017, 12:06 PM
test/asan/TestCases/pass-object-byval.cc
7 ↗(On Diff #104714)

But the pointer seems unused in the test. Is it possible to replace the IR check with smth like assert(a->me == &a) ?

vitalybuka edited edge metadata.Jun 29 2017, 12:16 PM

Probably we need test for UAR as well

A* f(A a) {

return &a;

}

viod b() {

A* a = f(A());
a->  // should likely crash with UAR and pass without it

}

test/asan/TestCases/pass-struct-byval.cc
1 ↗(On Diff #104714)

what is going to happen with -O1?

eugenis added inline comments.Jun 29 2017, 12:26 PM
test/asan/TestCases/pass-struct-byval.cc
1 ↗(On Diff #104714)

The code in bar() will be optimized to undef, I think.
"int * volatile ptr" should protect against that.

10 ↗(On Diff #104714)

(int *) cast seems unnecessary. (ptr - 1) is already that.

morehouse updated this revision to Diff 105350.Jul 5 2017, 3:47 PM

Add test for UAR. Remove unnecessary casts and make some pointers volatile.

eugenis accepted this revision.Jul 5 2017, 3:57 PM
eugenis added inline comments.
compiler-rt/test/asan/TestCases/pass-object-byval.cc
4

--implicit-check-not

Nice!

compiler-rt/test/asan/TestCases/pass-struct-byval-uar.cc
28

Don't need that many -NOT checks. This would be enough:
// CHECK-NO-UAR-NOT: ERROR: AddressSanitizer

Also I'm not sure the NO-UAR case is necessary at all. You are effectively testing undefined behavior.

This revision is now accepted and ready to land.Jul 5 2017, 3:57 PM
This revision was automatically updated to reflect the committed changes.
morehouse added a comment.EditedJul 12 2017, 12:28 PM

Interesting development. It looks like on Android the IR produced doesn't use byval arguments for the pass-struct-byval-uar.cc test. As a result, foo() has no allocas to poison on return.

The byval attribute is avoided and instead the caller produces a copy of the struct and passes a pointer to it. So foo() can't do any poisoning to its argument for UAR, and instead main() would have to do it. However, ASAN currently does not handle this case. I would suspect that most of the test failures on other architectures are being caused by this same issue.

The byval attribute is avoided and instead the caller produces a copy of the struct and passes a pointer to it. So foo() can't do any poisoning to its argument for UAR, and instead main() would have to do it. However, ASAN currently does not handle this case. I would suspect that most of the test failures on other architectures are being caused by this same issue.

In this case I'd expect compiler creates llvm.lifetime.start/end and this detected as UAS bug

In this case I'd expect compiler creates llvm.lifetime.start/end and this detected as UAS bug

It looks like llvm.lifetime.start/end are set, but they do not encompass the proper lifetime of the copy. Thus even when compiling with -fsanitize-use-after-scope, UAS is not detected.

morehouse updated this revision to Diff 106501.Jul 13 2017, 1:05 PM

Mark pass-struct-byval-uar.cc as unsupported.

morehouse updated this revision to Diff 106533.Jul 13 2017, 2:24 PM

Change UNSUPPORTED option to REQUIRES. Test now works on x86_64 Linux and shouldn't cause the Android/ARM/Windows buildbots to fail.

morehouse updated this revision to Diff 106536.Jul 13 2017, 2:27 PM

Fix bad diff update.

@vitalybuka If this looks good, could you land this today since I don't yet have commit access?

morehouse reopened this revision.Jul 20 2017, 2:00 PM

@vitalybuka Does the latest diff look good? Just got commit access so I can land this if you approve.

This revision is now accepted and ready to land.Jul 20 2017, 2:00 PM
This revision was automatically updated to reflect the committed changes.