This is an archive of the discontinued LLVM Phabricator instance.

Differential D38574

[Sanitizers] ASan: detect new/delete calls with mismatched alignment.
ClosedPublic

Authored by alekseyshl on Oct 4 2017, 9:41 PM.

Details

Reviewers
eugenis
Commits
rGa53b55f66ca4: [Sanitizers] ASan: detect new/delete calls with mismatched alignment.
rCRT316595: [Sanitizers] ASan: detect new/delete calls with mismatched alignment.
rL316595: [Sanitizers] ASan: detect new/delete calls with mismatched alignment.
Summary

ASan allocator stores the requested alignment for new and new[] calls
and on delete and delete[] verifies that alignments do match.

The representable alignments are: default alignment, 8, 16, 32, 64, 128,
256 and 512 bytes. Alignments > 512 are stored as 512, hence two
different alignments > 512 will pass the check (possibly masking the bug),
but limited memory requirements deemed to be a resonable tradeoff for
relaxed conditions.

The feature is controlled by new_delete_type_mismatch flag, the same one
protecting new/delete matching size check.

Issue: https://github.com/google/sanitizers/issues/799

Diff Detail

Repository
rL LLVM

Event Timeline

alekseyshl created this revision.Oct 4 2017, 9:41 PM
Harbormaster completed remote builds in B10866: Diff 117773.Oct 4 2017, 9:41 PM
Herald added a subscriber: kubamracek. · View Herald TranscriptOct 4 2017, 9:41 PM
eugenis edited edge metadata.Oct 23 2017, 3:07 PM

What exactly is "default alignment" and what happens if it is equal to 8? Will it be treated as incompatible with 8? What happens if once source file is built with aligned-delete support, and the other - without (-std=c++14)? Looks like new() from the former would not be compatible with delete() from the latter.

alekseyshl added a comment.Oct 23 2017, 6:08 PM
In D38574#904329, @eugenis wrote:

What exactly is "default alignment" and what happens if it is equal to 8? Will it be treated as incompatible with 8?

The wording is derived from the standard, default-aligned vs over-aligned memory. malloc/etc allocate default-aligned memory, posix_memalign allocate over-aligned memory.
The standard says that new/delete pairs must match in regard of the alignement and default- and over-aligned memory must not be mixed.
There's STDCPP_DEFAULT_NEW_ALIGNMENT defined and alignments > it will be passed explicitly, otherwise it's implicit, that is, if it happens to be equal to 8, it' supposed to be treated as default.

What happens if once source file is built with aligned-delete support, and the other - without (-std=c++14)? Looks like new() from the former would not be compatible with delete() from the latter.

Well, the standard says that new/delete pairs must match, so you're correct, they will be incompatible. Using their example, imagine aligned new uses a separate arena for allocation, how would alignment unaware delete be able to free that memory?

eugenis accepted this revision.Oct 24 2017, 1:29 PM

OK, sounds good.

This revision is now accepted and ready to land.Oct 24 2017, 1:29 PM
Closed by commit rL316595: [Sanitizers] ASan: detect new/delete calls with mismatched alignment. (authored by alekseyshl). · Explain WhyOct 25 2017, 10:21 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
5 lines
54 lines
1 line
1 line
16 lines
28 lines
102 lines
3 lines
7 lines
test/
asan/
TestCases/
Linux/
168 lines

Diff 120280

compiler-rt/trunk/lib/asan/asan_allocator.h

Show First 20 LinesShow All 52 Lines▼ Show 20 Lines public:
explicit AsanChunkView(AsanChunk *chunk) : chunk_(chunk) {} explicit AsanChunkView(AsanChunk *chunk) : chunk_(chunk) {}
bool IsValid() const; // Checks if AsanChunkView points to a valid bool IsValid() const; // Checks if AsanChunkView points to a valid
// allocated or quarantined chunk. // allocated or quarantined chunk.
bool IsAllocated() const; // Checks if the memory is currently allocated. bool IsAllocated() const; // Checks if the memory is currently allocated.
bool IsQuarantined() const; // Checks if the memory is currently quarantined. bool IsQuarantined() const; // Checks if the memory is currently quarantined.
uptr Beg() const; // First byte of user memory. uptr Beg() const; // First byte of user memory.
uptr End() const; // Last byte of user memory. uptr End() const; // Last byte of user memory.
uptr UsedSize() const; // Size requested by the user. uptr UsedSize() const; // Size requested by the user.
u32 UserRequestedAlignment() const; // Originally requested alignment.
uptr AllocTid() const; uptr AllocTid() const;
uptr FreeTid() const; uptr FreeTid() const;
bool Eq(const AsanChunkView &c) const { return chunk_ == c.chunk_; } bool Eq(const AsanChunkView &c) const { return chunk_ == c.chunk_; }
u32 GetAllocStackId() const; u32 GetAllocStackId() const;
u32 GetFreeStackId() const; u32 GetFreeStackId() const;
StackTrace GetAllocStack() const; StackTrace GetAllocStack() const;
StackTrace GetFreeStack() const; StackTrace GetFreeStack() const;
AllocType GetAllocType() const; AllocType GetAllocType() const;
▲ Show 20 LinesShow All 123 Lines▼ Show 20 Lines
private: private:
// These objects are allocated via mmap() and are zero-initialized. // These objects are allocated via mmap() and are zero-initialized.
AsanThreadLocalMallocStorage() {} AsanThreadLocalMallocStorage() {}
}; };
void *asan_memalign(uptr alignment, uptr size, BufferedStackTrace *stack, void *asan_memalign(uptr alignment, uptr size, BufferedStackTrace *stack,
AllocType alloc_type); AllocType alloc_type);
void asan_free(void *ptr, BufferedStackTrace *stack, AllocType alloc_type); void asan_free(void *ptr, BufferedStackTrace *stack, AllocType alloc_type);
void asan_sized_free(void *ptr, uptr size, BufferedStackTrace *stack, void asan_delete(void *ptr, uptr size, uptr alignment,
AllocType alloc_type); BufferedStackTrace *stack, AllocType alloc_type);
void *asan_malloc(uptr size, BufferedStackTrace *stack); void *asan_malloc(uptr size, BufferedStackTrace *stack);
void *asan_calloc(uptr nmemb, uptr size, BufferedStackTrace *stack); void *asan_calloc(uptr nmemb, uptr size, BufferedStackTrace *stack);
void *asan_realloc(void *p, uptr size, BufferedStackTrace *stack); void *asan_realloc(void *p, uptr size, BufferedStackTrace *stack);
void *asan_valloc(uptr size, BufferedStackTrace *stack); void *asan_valloc(uptr size, BufferedStackTrace *stack);
void *asan_pvalloc(uptr size, BufferedStackTrace *stack); void *asan_pvalloc(uptr size, BufferedStackTrace *stack);
int asan_posix_memalign(void **memptr, uptr alignment, uptr size, int asan_posix_memalign(void **memptr, uptr alignment, uptr size,
Show All 12 Lines

compiler-rt/trunk/lib/asan/asan_allocator.cc

Show First 20 LinesShow All 78 Lines▼ Show 20 Linesstruct ChunkHeader {
u32 from_memalign : 1; u32 from_memalign : 1;
u32 alloc_type : 2; u32 alloc_type : 2;
u32 rz_log : 3; u32 rz_log : 3;
u32 lsan_tag : 2; u32 lsan_tag : 2;
// 2-nd 8 bytes // 2-nd 8 bytes
// This field is used for small sizes. For large sizes it is equal to // This field is used for small sizes. For large sizes it is equal to
// SizeClassMap::kMaxSize and the actual size is stored in the // SizeClassMap::kMaxSize and the actual size is stored in the
// SecondaryAllocator's metadata. // SecondaryAllocator's metadata.
u32 user_requested_size; u32 user_requested_size : 29;
// align < 8 -> 0
// else -> log2(min(align, 512)) - 2
u32 user_requested_alignment_log : 3;
u32 alloc_context_id; u32 alloc_context_id;
}; };
struct ChunkBase : ChunkHeader { struct ChunkBase : ChunkHeader {
// Header2, intersects with user memory. // Header2, intersects with user memory.
u32 free_context_id; u32 free_context_id;
}; };
▲ Show 20 LinesShow All 250 Lines▼ Show 20 Lines u32 rz_log =
user_requested_size <= (1 << 14) - 256 ? 4 : user_requested_size <= (1 << 14) - 256 ? 4 :
user_requested_size <= (1 << 15) - 512 ? 5 : user_requested_size <= (1 << 15) - 512 ? 5 :
user_requested_size <= (1 << 16) - 1024 ? 6 : 7; user_requested_size <= (1 << 16) - 1024 ? 6 : 7;
u32 min_rz = atomic_load(&min_redzone, memory_order_acquire); u32 min_rz = atomic_load(&min_redzone, memory_order_acquire);
u32 max_rz = atomic_load(&max_redzone, memory_order_acquire); u32 max_rz = atomic_load(&max_redzone, memory_order_acquire);
return Min(Max(rz_log, RZSize2Log(min_rz)), RZSize2Log(max_rz)); return Min(Max(rz_log, RZSize2Log(min_rz)), RZSize2Log(max_rz));
} }
static uptr ComputeUserRequestedAlignmentLog(uptr user_requested_alignment) {
if (user_requested_alignment < 8)
return 0;
if (user_requested_alignment > 512)
user_requested_alignment = 512;
return Log2(user_requested_alignment) - 2;
}
static uptr ComputeUserAlignment(uptr user_requested_alignment_log) {
if (user_requested_alignment_log == 0)
return 0;
return 1LL << (user_requested_alignment_log + 2);
}
// We have an address between two chunks, and we want to report just one. // We have an address between two chunks, and we want to report just one.
AsanChunk *ChooseChunk(uptr addr, AsanChunk *left_chunk, AsanChunk *ChooseChunk(uptr addr, AsanChunk *left_chunk,
AsanChunk *right_chunk) { AsanChunk *right_chunk) {
// Prefer an allocated chunk over freed chunk and freed chunk // Prefer an allocated chunk over freed chunk and freed chunk
// over available chunk. // over available chunk.
if (left_chunk->chunk_state != right_chunk->chunk_state) { if (left_chunk->chunk_state != right_chunk->chunk_state) {
if (left_chunk->chunk_state == CHUNK_ALLOCATED) if (left_chunk->chunk_state == CHUNK_ALLOCATED)
return left_chunk; return left_chunk;
Show All 18 Lines void *Allocate(uptr size, uptr alignment, BufferedStackTrace *stack,
AllocType alloc_type, bool can_fill) { AllocType alloc_type, bool can_fill) {
if (UNLIKELY(!asan_inited)) if (UNLIKELY(!asan_inited))
AsanInitFromRtl(); AsanInitFromRtl();
if (RssLimitExceeded()) if (RssLimitExceeded())
return AsanAllocator::FailureHandler::OnOOM(); return AsanAllocator::FailureHandler::OnOOM();
Flags &fl = *flags(); Flags &fl = *flags();
CHECK(stack); CHECK(stack);
const uptr min_alignment = SHADOW_GRANULARITY; const uptr min_alignment = SHADOW_GRANULARITY;
const uptr user_requested_alignment_log =
ComputeUserRequestedAlignmentLog(alignment);
if (alignment < min_alignment) if (alignment < min_alignment)
alignment = min_alignment; alignment = min_alignment;
if (size == 0) { if (size == 0) {
// We'd be happy to avoid allocating memory for zero-size requests, but // We'd be happy to avoid allocating memory for zero-size requests, but
// some programs/tests depend on this behavior and assume that malloc // some programs/tests depend on this behavior and assume that malloc
// would not return NULL even for zero-size allocations. Moreover, it // would not return NULL even for zero-size allocations. Moreover, it
// looks like operator new should never return NULL, and results of // looks like operator new should never return NULL, and results of
// consecutive "new" calls must be different even if the allocated size // consecutive "new" calls must be different even if the allocated size
▲ Show 20 LinesShow All 71 Lines▼ Show 20 Lines if (using_primary_allocator) {
CHECK(allocator.FromPrimary(allocated)); CHECK(allocator.FromPrimary(allocated));
} else { } else {
CHECK(!allocator.FromPrimary(allocated)); CHECK(!allocator.FromPrimary(allocated));
m->user_requested_size = SizeClassMap::kMaxSize; m->user_requested_size = SizeClassMap::kMaxSize;
uptr *meta = reinterpret_cast<uptr *>(allocator.GetMetaData(allocated)); uptr *meta = reinterpret_cast<uptr *>(allocator.GetMetaData(allocated));
meta[0] = size; meta[0] = size;
meta[1] = chunk_beg; meta[1] = chunk_beg;
} }
m->user_requested_alignment_log = user_requested_alignment_log;
m->alloc_context_id = StackDepotPut(*stack); m->alloc_context_id = StackDepotPut(*stack);
uptr size_rounded_down_to_granularity = uptr size_rounded_down_to_granularity =
RoundDownTo(size, SHADOW_GRANULARITY); RoundDownTo(size, SHADOW_GRANULARITY);
// Unpoison the bulk of the memory region. // Unpoison the bulk of the memory region.
if (size_rounded_down_to_granularity) if (size_rounded_down_to_granularity)
PoisonShadow(user_beg, size_rounded_down_to_granularity, 0); PoisonShadow(user_beg, size_rounded_down_to_granularity, 0);
▲ Show 20 LinesShow All 85 Lines▼ Show 20 Lines void QuarantineChunk(AsanChunk *m, void *ptr, BufferedStackTrace *stack) {
} else { } else {
SpinMutexLock l(&fallback_mutex); SpinMutexLock l(&fallback_mutex);
AllocatorCache *ac = &fallback_allocator_cache; AllocatorCache *ac = &fallback_allocator_cache;
quarantine.Put(&fallback_quarantine_cache, QuarantineCallback(ac), m, quarantine.Put(&fallback_quarantine_cache, QuarantineCallback(ac), m,
m->UsedSize()); m->UsedSize());
} }
} }
void Deallocate(void *ptr, uptr delete_size, BufferedStackTrace *stack, void Deallocate(void *ptr, uptr delete_size, uptr delete_alignment,
AllocType alloc_type) { BufferedStackTrace *stack, AllocType alloc_type) {
uptr p = reinterpret_cast<uptr>(ptr); uptr p = reinterpret_cast<uptr>(ptr);
if (p == 0) return; if (p == 0) return;
uptr chunk_beg = p - kChunkHeaderSize; uptr chunk_beg = p - kChunkHeaderSize;
AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg); AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg);
// On Windows, uninstrumented DLLs may allocate memory before ASan hooks // On Windows, uninstrumented DLLs may allocate memory before ASan hooks
// malloc. Don't report an invalid free in this case. // malloc. Don't report an invalid free in this case.
Show All 10 Lines void Deallocate(void *ptr, uptr delete_size, uptr delete_alignment,
// Do not quarantine given chunk if we failed to set CHUNK_QUARANTINE flag. // Do not quarantine given chunk if we failed to set CHUNK_QUARANTINE flag.
if (!AtomicallySetQuarantineFlagIfAllocated(m, ptr, stack)) return; if (!AtomicallySetQuarantineFlagIfAllocated(m, ptr, stack)) return;
if (m->alloc_type != alloc_type) { if (m->alloc_type != alloc_type) {
if (atomic_load(&alloc_dealloc_mismatch, memory_order_acquire)) { if (atomic_load(&alloc_dealloc_mismatch, memory_order_acquire)) {
ReportAllocTypeMismatch((uptr)ptr, stack, (AllocType)m->alloc_type, ReportAllocTypeMismatch((uptr)ptr, stack, (AllocType)m->alloc_type,
(AllocType)alloc_type); (AllocType)alloc_type);
} }
} else {
if (flags()->new_delete_type_mismatch &&
(alloc_type == FROM_NEW || alloc_type == FROM_NEW_BR) &&
((delete_size && delete_size != m->UsedSize()) ||
ComputeUserRequestedAlignmentLog(delete_alignment) !=
m->user_requested_alignment_log)) {
ReportNewDeleteTypeMismatch(p, delete_size, delete_alignment, stack);
} }
if (delete_size && flags()->new_delete_type_mismatch &&
delete_size != m->UsedSize()) {
ReportNewDeleteSizeMismatch(p, delete_size, stack);
} }
QuarantineChunk(m, ptr, stack); QuarantineChunk(m, ptr, stack);
} }
void *Reallocate(void *old_ptr, uptr new_size, BufferedStackTrace *stack) { void *Reallocate(void *old_ptr, uptr new_size, BufferedStackTrace *stack) {
CHECK(old_ptr && new_size); CHECK(old_ptr && new_size);
uptr p = reinterpret_cast<uptr>(old_ptr); uptr p = reinterpret_cast<uptr>(old_ptr);
Show All 9 Lines if (new_ptr) {
u8 chunk_state = m->chunk_state; u8 chunk_state = m->chunk_state;
if (chunk_state != CHUNK_ALLOCATED) if (chunk_state != CHUNK_ALLOCATED)
ReportInvalidFree(old_ptr, chunk_state, stack); ReportInvalidFree(old_ptr, chunk_state, stack);
CHECK_NE(REAL(memcpy), nullptr); CHECK_NE(REAL(memcpy), nullptr);
uptr memcpy_size = Min(new_size, m->UsedSize()); uptr memcpy_size = Min(new_size, m->UsedSize());
// If realloc() races with free(), we may start copying freed memory. // If realloc() races with free(), we may start copying freed memory.
// However, we will report racy double-free later anyway. // However, we will report racy double-free later anyway.
REAL(memcpy)(new_ptr, old_ptr, memcpy_size); REAL(memcpy)(new_ptr, old_ptr, memcpy_size);
Deallocate(old_ptr, 0, stack, FROM_MALLOC); Deallocate(old_ptr, 0, 0, stack, FROM_MALLOC);
} }
return new_ptr; return new_ptr;
} }
void *Calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) { void *Calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) {
if (CheckForCallocOverflow(size, nmemb)) if (CheckForCallocOverflow(size, nmemb))
return AsanAllocator::FailureHandler::OnBadRequest(); return AsanAllocator::FailureHandler::OnBadRequest();
void *ptr = Allocate(nmemb * size, 8, stack, FROM_MALLOC, false); void *ptr = Allocate(nmemb * size, 8, stack, FROM_MALLOC, false);
▲ Show 20 LinesShow All 118 Lines▼ Show 20 Linesbool AsanChunkView::IsAllocated() const {
return chunk_ && chunk_->chunk_state == CHUNK_ALLOCATED; return chunk_ && chunk_->chunk_state == CHUNK_ALLOCATED;
} }
bool AsanChunkView::IsQuarantined() const { bool AsanChunkView::IsQuarantined() const {
return chunk_ && chunk_->chunk_state == CHUNK_QUARANTINE; return chunk_ && chunk_->chunk_state == CHUNK_QUARANTINE;
} }
uptr AsanChunkView::Beg() const { return chunk_->Beg(); } uptr AsanChunkView::Beg() const { return chunk_->Beg(); }
uptr AsanChunkView::End() const { return Beg() + UsedSize(); } uptr AsanChunkView::End() const { return Beg() + UsedSize(); }
uptr AsanChunkView::UsedSize() const { return chunk_->UsedSize(); } uptr AsanChunkView::UsedSize() const { return chunk_->UsedSize(); }
u32 AsanChunkView::UserRequestedAlignment() const {
return Allocator::ComputeUserAlignment(chunk_->user_requested_alignment_log);
}
uptr AsanChunkView::AllocTid() const { return chunk_->alloc_tid; } uptr AsanChunkView::AllocTid() const { return chunk_->alloc_tid; }
uptr AsanChunkView::FreeTid() const { return chunk_->free_tid; } uptr AsanChunkView::FreeTid() const { return chunk_->free_tid; }
AllocType AsanChunkView::GetAllocType() const { AllocType AsanChunkView::GetAllocType() const {
return (AllocType)chunk_->alloc_type; return (AllocType)chunk_->alloc_type;
} }
static StackTrace GetStackTraceFromId(u32 id) { static StackTrace GetStackTraceFromId(u32 id) {
CHECK(id); CHECK(id);
Show All 36 Linesvoid AsanThreadLocalMallocStorage::CommitBack() {
instance.CommitBack(this); instance.CommitBack(this);
} }
void PrintInternalAllocatorStats() { void PrintInternalAllocatorStats() {
instance.PrintStats(); instance.PrintStats();
} }
void asan_free(void *ptr, BufferedStackTrace *stack, AllocType alloc_type) { void asan_free(void *ptr, BufferedStackTrace *stack, AllocType alloc_type) {
instance.Deallocate(ptr, 0, stack, alloc_type); instance.Deallocate(ptr, 0, 0, stack, alloc_type);
} }
void asan_sized_free(void *ptr, uptr size, BufferedStackTrace *stack, void asan_delete(void *ptr, uptr size, uptr alignment,
AllocType alloc_type) { BufferedStackTrace *stack, AllocType alloc_type) {
instance.Deallocate(ptr, size, stack, alloc_type); instance.Deallocate(ptr, size, alignment, stack, alloc_type);
} }
void *asan_malloc(uptr size, BufferedStackTrace *stack) { void *asan_malloc(uptr size, BufferedStackTrace *stack) {
return SetErrnoOnNull(instance.Allocate(size, 8, stack, FROM_MALLOC, true)); return SetErrnoOnNull(instance.Allocate(size, 8, stack, FROM_MALLOC, true));
} }
void *asan_calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) { void *asan_calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) {
return SetErrnoOnNull(instance.Calloc(nmemb, size, stack)); return SetErrnoOnNull(instance.Calloc(nmemb, size, stack));
} }
void *asan_realloc(void *p, uptr size, BufferedStackTrace *stack) { void *asan_realloc(void *p, uptr size, BufferedStackTrace *stack) {
if (!p) if (!p)
return SetErrnoOnNull(instance.Allocate(size, 8, stack, FROM_MALLOC, true)); return SetErrnoOnNull(instance.Allocate(size, 8, stack, FROM_MALLOC, true));
if (size == 0) { if (size == 0) {
if (flags()->allocator_frees_and_returns_null_on_realloc_zero) { if (flags()->allocator_frees_and_returns_null_on_realloc_zero) {
instance.Deallocate(p, 0, stack, FROM_MALLOC); instance.Deallocate(p, 0, 0, stack, FROM_MALLOC);
return nullptr; return nullptr;
} }
// Allocate a size of 1 if we shouldn't free() on Realloc to 0 // Allocate a size of 1 if we shouldn't free() on Realloc to 0
size = 1; size = 1;
} }
return SetErrnoOnNull(instance.Reallocate(p, size, stack)); return SetErrnoOnNull(instance.Reallocate(p, size, stack));
} }
▲ Show 20 LinesShow All 195 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_descriptions.h

Show First 20 LinesShow All 96 Lines▼ Show 20 Linesenum AccessType {
kAccessTypeUnknown, // This means we have an AddressSanitizer bug! kAccessTypeUnknown, // This means we have an AddressSanitizer bug!
}; };
struct ChunkAccess { struct ChunkAccess {
uptr bad_addr; uptr bad_addr;
sptr offset; sptr offset;
uptr chunk_begin; uptr chunk_begin;
uptr chunk_size; uptr chunk_size;
u32 user_requested_alignment : 12;
u32 access_type : 2; u32 access_type : 2;
u32 alloc_type : 2; u32 alloc_type : 2;
}; };
struct HeapAddressDescription { struct HeapAddressDescription {
uptr addr; uptr addr;
uptr alloc_tid; uptr alloc_tid;
uptr free_tid; uptr free_tid;
▲ Show 20 LinesShow All 135 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_descriptions.cc

Show First 20 LinesShow All 116 Lines▼ Show 20 Lines if (chunk.AddrIsAtLeft(addr, access_size, &descr->offset)) {
} }
} else if (chunk.AddrIsInside(addr, access_size, &descr->offset)) { } else if (chunk.AddrIsInside(addr, access_size, &descr->offset)) {
descr->access_type = kAccessTypeInside; descr->access_type = kAccessTypeInside;
} else { } else {
descr->access_type = kAccessTypeUnknown; descr->access_type = kAccessTypeUnknown;
} }
descr->chunk_begin = chunk.Beg(); descr->chunk_begin = chunk.Beg();
descr->chunk_size = chunk.UsedSize(); descr->chunk_size = chunk.UsedSize();
descr->user_requested_alignment = chunk.UserRequestedAlignment();
descr->alloc_type = chunk.GetAllocType(); descr->alloc_type = chunk.GetAllocType();
} }
static void PrintHeapChunkAccess(uptr addr, const ChunkAccess &descr) { static void PrintHeapChunkAccess(uptr addr, const ChunkAccess &descr) {
Decorator d; Decorator d;
InternalScopedString str(4096); InternalScopedString str(4096);
str.append("%s", d.Location()); str.append("%s", d.Location());
switch (descr.access_type) { switch (descr.access_type) {
▲ Show 20 LinesShow All 357 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_errors.h

Show First 20 LinesShow All 65 Lines▼ Show 20 Lines ErrorDoubleFree(u32 tid, BufferedStackTrace *stack, uptr addr)
CHECK_GT(second_free_stack->size, 0); CHECK_GT(second_free_stack->size, 0);
GetHeapAddressInformation(addr, 1, &addr_description); GetHeapAddressInformation(addr, 1, &addr_description);
scariness.Clear(); scariness.Clear();
scariness.Scare(42, "double-free"); scariness.Scare(42, "double-free");
} }
void Print(); void Print();
}; };
struct ErrorNewDeleteSizeMismatch : ErrorBase { struct ErrorNewDeleteTypeMismatch : ErrorBase {
// ErrorNewDeleteSizeMismatch doesn't own the stack trace. // ErrorNewDeleteTypeMismatch doesn't own the stack trace.
const BufferedStackTrace *free_stack; const BufferedStackTrace *free_stack;
HeapAddressDescription addr_description; HeapAddressDescription addr_description;
uptr delete_size; uptr delete_size;
uptr delete_alignment;
// VS2013 doesn't implement unrestricted unions, so we need a trivial default // VS2013 doesn't implement unrestricted unions, so we need a trivial default
// constructor // constructor
ErrorNewDeleteSizeMismatch() = default; ErrorNewDeleteTypeMismatch() = default;
ErrorNewDeleteSizeMismatch(u32 tid, BufferedStackTrace *stack, uptr addr, ErrorNewDeleteTypeMismatch(u32 tid, BufferedStackTrace *stack, uptr addr,
uptr delete_size_) uptr delete_size_, uptr delete_alignment_)
: ErrorBase(tid), free_stack(stack), delete_size(delete_size_) { : ErrorBase(tid), free_stack(stack), delete_size(delete_size_),
delete_alignment(delete_alignment_) {
GetHeapAddressInformation(addr, 1, &addr_description); GetHeapAddressInformation(addr, 1, &addr_description);
scariness.Clear(); scariness.Clear();
scariness.Scare(10, "new-delete-type-mismatch"); scariness.Scare(10, "new-delete-type-mismatch");
} }
void Print(); void Print();
}; };
struct ErrorFreeNotMalloced : ErrorBase { struct ErrorFreeNotMalloced : ErrorBase {
▲ Show 20 LinesShow All 195 Lines▼ Show 20 Lines ErrorGeneric(u32 tid, uptr addr, uptr pc_, uptr bp_, uptr sp_, bool is_write_,
uptr access_size_); uptr access_size_);
void Print(); void Print();
}; };
// clang-format off // clang-format off
#define ASAN_FOR_EACH_ERROR_KIND(macro) \ #define ASAN_FOR_EACH_ERROR_KIND(macro) \
macro(DeadlySignal) \ macro(DeadlySignal) \
macro(DoubleFree) \ macro(DoubleFree) \
macro(NewDeleteSizeMismatch) \ macro(NewDeleteTypeMismatch) \
macro(FreeNotMalloced) \ macro(FreeNotMalloced) \
macro(AllocTypeMismatch) \ macro(AllocTypeMismatch) \
macro(MallocUsableSizeNotOwned) \ macro(MallocUsableSizeNotOwned) \
macro(SanitizerGetAllocatedSizeNotOwned) \ macro(SanitizerGetAllocatedSizeNotOwned) \
macro(StringFunctionMemoryRangesOverlap) \ macro(StringFunctionMemoryRangesOverlap) \
macro(StringFunctionSizeOverflow) \ macro(StringFunctionSizeOverflow) \
macro(BadParamsToAnnotateContiguousContainer) \ macro(BadParamsToAnnotateContiguousContainer) \
macro(ODRViolation) \ macro(ODRViolation) \
▲ Show 20 LinesShow All 52 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_errors.cc

Show First 20 LinesShow All 57 Lines▼ Show 20 Linesvoid ErrorDoubleFree::Print() {
scariness.Print(); scariness.Print();
GET_STACK_TRACE_FATAL(second_free_stack->trace[0], GET_STACK_TRACE_FATAL(second_free_stack->trace[0],
second_free_stack->top_frame_bp); second_free_stack->top_frame_bp);
stack.Print(); stack.Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary(scariness.GetDescription(), &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
} }
void ErrorNewDeleteSizeMismatch::Print() { void ErrorNewDeleteTypeMismatch::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
char tname[128]; char tname[128];
Report( Report(
"ERROR: AddressSanitizer: %s on %p in thread " "ERROR: AddressSanitizer: %s on %p in thread "
"T%d%s:\n", "T%d%s:\n",
scariness.GetDescription(), addr_description.addr, tid, scariness.GetDescription(), addr_description.addr, tid,
ThreadNameWithParenthesis(tid, tname, sizeof(tname))); ThreadNameWithParenthesis(tid, tname, sizeof(tname)));
Printf("%s object passed to delete has wrong type:\n", d.Default()); Printf("%s object passed to delete has wrong type:\n", d.Default());
if (delete_size != 0) {
Printf( Printf(
" size of the allocated type: %zd bytes;\n" " size of the allocated type: %zd bytes;\n"
" size of the deallocated type: %zd bytes.\n", " size of the deallocated type: %zd bytes.\n",
addr_description.chunk_access.chunk_size, delete_size); addr_description.chunk_access.chunk_size, delete_size);
}
const uptr user_alignment =
addr_description.chunk_access.user_requested_alignment;
if (delete_alignment != user_alignment) {
char user_alignment_str[32];
char delete_alignment_str[32];
internal_snprintf(user_alignment_str, sizeof(user_alignment_str),
"%zd bytes", user_alignment);
internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str),
"%zd bytes", delete_alignment);
static const char *kDefaultAlignment = "default-aligned";
Printf(
" alignment of the allocated type: %s;\n"
" alignment of the deallocated type: %s.\n",
user_alignment > 0 ? user_alignment_str : kDefaultAlignment,
delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment);
}
CHECK_GT(free_stack->size, 0); CHECK_GT(free_stack->size, 0);
scariness.Print(); scariness.Print();
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
stack.Print(); stack.Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary(scariness.GetDescription(), &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
Report( Report(
"HINT: if you don't care about these errors you may set " "HINT: if you don't care about these errors you may set "
▲ Show 20 LinesShow All 378 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_new_delete.cc

Show First 20 LinesShow All 119 Lines▼ Show 20 LinesINTERCEPTOR(void *, _Znam, size_t size) {
OPERATOR_NEW_BODY(FROM_NEW_BR, false /*nothrow*/); OPERATOR_NEW_BODY(FROM_NEW_BR, false /*nothrow*/);
} }
INTERCEPTOR(void *, _ZnwmRKSt9nothrow_t, size_t size, std::nothrow_t const&) { INTERCEPTOR(void *, _ZnwmRKSt9nothrow_t, size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(FROM_NEW, true /*nothrow*/); OPERATOR_NEW_BODY(FROM_NEW, true /*nothrow*/);
} }
INTERCEPTOR(void *, _ZnamRKSt9nothrow_t, size_t size, std::nothrow_t const&) { INTERCEPTOR(void *, _ZnamRKSt9nothrow_t, size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(FROM_NEW_BR, true /*nothrow*/); OPERATOR_NEW_BODY(FROM_NEW_BR, true /*nothrow*/);
} }
#endif #endif // !SANITIZER_MAC
#define OPERATOR_DELETE_BODY(type) \ #define OPERATOR_DELETE_BODY(type) \
GET_STACK_TRACE_FREE;\ GET_STACK_TRACE_FREE;\
asan_free(ptr, &stack, type); asan_delete(ptr, 0, 0, &stack, type);
#define OPERATOR_DELETE_BODY_SIZE(type) \
GET_STACK_TRACE_FREE;\
asan_delete(ptr, size, 0, &stack, type);
#define OPERATOR_DELETE_BODY_ALIGN(type) \
GET_STACK_TRACE_FREE;\
asan_delete(ptr, 0, static_cast<uptr>(align), &stack, type);
#define OPERATOR_DELETE_BODY_SIZE_ALIGN(type) \
GET_STACK_TRACE_FREE;\
asan_delete(ptr, size, static_cast<uptr>(align), &stack, type);
#if !SANITIZER_MAC #if !SANITIZER_MAC
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete(void *ptr) NOEXCEPT { void operator delete(void *ptr) NOEXCEPT
OPERATOR_DELETE_BODY(FROM_NEW); { OPERATOR_DELETE_BODY(FROM_NEW); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete[](void *ptr) NOEXCEPT { void operator delete[](void *ptr) NOEXCEPT
OPERATOR_DELETE_BODY(FROM_NEW_BR); { OPERATOR_DELETE_BODY(FROM_NEW_BR); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete(void *ptr, std::nothrow_t const&) { void operator delete(void *ptr, std::nothrow_t const&)
OPERATOR_DELETE_BODY(FROM_NEW); { OPERATOR_DELETE_BODY(FROM_NEW); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete[](void *ptr, std::nothrow_t const&) { void operator delete[](void *ptr, std::nothrow_t const&)
OPERATOR_DELETE_BODY(FROM_NEW_BR); { OPERATOR_DELETE_BODY(FROM_NEW_BR); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete(void *ptr, size_t size) NOEXCEPT { void operator delete(void *ptr, size_t size) NOEXCEPT
GET_STACK_TRACE_FREE; { OPERATOR_DELETE_BODY_SIZE(FROM_NEW); }
asan_sized_free(ptr, size, &stack, FROM_NEW);
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete[](void *ptr, size_t size) NOEXCEPT { void operator delete[](void *ptr, size_t size) NOEXCEPT
GET_STACK_TRACE_FREE; { OPERATOR_DELETE_BODY_SIZE(FROM_NEW_BR); }
asan_sized_free(ptr, size, &stack, FROM_NEW_BR);
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete(void *ptr, std::align_val_t) NOEXCEPT { void operator delete(void *ptr, std::align_val_t align) NOEXCEPT
OPERATOR_DELETE_BODY(FROM_NEW); { OPERATOR_DELETE_BODY_ALIGN(FROM_NEW); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete[](void *ptr, std::align_val_t) NOEXCEPT { void operator delete[](void *ptr, std::align_val_t align) NOEXCEPT
OPERATOR_DELETE_BODY(FROM_NEW_BR); { OPERATOR_DELETE_BODY_ALIGN(FROM_NEW_BR); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete(void *ptr, std::align_val_t, std::nothrow_t const&) { void operator delete(void *ptr, std::align_val_t align, std::nothrow_t const&)
OPERATOR_DELETE_BODY(FROM_NEW); { OPERATOR_DELETE_BODY_ALIGN(FROM_NEW); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete[](void *ptr, std::align_val_t, std::nothrow_t const&) { void operator delete[](void *ptr, std::align_val_t align, std::nothrow_t const&)
OPERATOR_DELETE_BODY(FROM_NEW_BR); { OPERATOR_DELETE_BODY_ALIGN(FROM_NEW_BR); }
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete(void *ptr, size_t size, std::align_val_t) NOEXCEPT { void operator delete(void *ptr, size_t size, std::align_val_t align) NOEXCEPT
GET_STACK_TRACE_FREE; { OPERATOR_DELETE_BODY_SIZE_ALIGN(FROM_NEW); }
asan_sized_free(ptr, size, &stack, FROM_NEW);
}
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void operator delete[](void *ptr, size_t size, std::align_val_t) NOEXCEPT { void operator delete[](void *ptr, size_t size, std::align_val_t align) NOEXCEPT
GET_STACK_TRACE_FREE; { OPERATOR_DELETE_BODY_SIZE_ALIGN(FROM_NEW_BR); }
asan_sized_free(ptr, size, &stack, FROM_NEW_BR);
}
#else // SANITIZER_MAC #else // SANITIZER_MAC
INTERCEPTOR(void, _ZdlPv, void *ptr) { INTERCEPTOR(void, _ZdlPv, void *ptr)
OPERATOR_DELETE_BODY(FROM_NEW); { OPERATOR_DELETE_BODY(FROM_NEW); }
} INTERCEPTOR(void, _ZdaPv, void *ptr)
INTERCEPTOR(void, _ZdaPv, void *ptr) { { OPERATOR_DELETE_BODY(FROM_NEW_BR); }
OPERATOR_DELETE_BODY(FROM_NEW_BR); INTERCEPTOR(void, _ZdlPvRKSt9nothrow_t, void *ptr, std::nothrow_t const&)
} { OPERATOR_DELETE_BODY(FROM_NEW); }
INTERCEPTOR(void, _ZdlPvRKSt9nothrow_t, void *ptr, std::nothrow_t const&) { INTERCEPTOR(void, _ZdaPvRKSt9nothrow_t, void *ptr, std::nothrow_t const&)
OPERATOR_DELETE_BODY(FROM_NEW); { OPERATOR_DELETE_BODY(FROM_NEW_BR); }
} #endif // !SANITIZER_MAC
INTERCEPTOR(void, _ZdaPvRKSt9nothrow_t, void *ptr, std::nothrow_t const&) {
OPERATOR_DELETE_BODY(FROM_NEW_BR);
}
#endif

compiler-rt/trunk/lib/asan/asan_report.h

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines
// on the memory type (shadow/heap/stack/global). // on the memory type (shadow/heap/stack/global).
bool ParseFrameDescription(const char *frame_descr, bool ParseFrameDescription(const char *frame_descr,
InternalMmapVector<StackVarDescr> *vars); InternalMmapVector<StackVarDescr> *vars);
// Different kinds of error reports. // Different kinds of error reports.
void ReportGenericError(uptr pc, uptr bp, uptr sp, uptr addr, bool is_write, void ReportGenericError(uptr pc, uptr bp, uptr sp, uptr addr, bool is_write,
uptr access_size, u32 exp, bool fatal); uptr access_size, u32 exp, bool fatal);
void ReportDeadlySignal(const SignalContext &sig); void ReportDeadlySignal(const SignalContext &sig);
void ReportNewDeleteSizeMismatch(uptr addr, uptr delete_size, void ReportNewDeleteTypeMismatch(uptr addr, uptr delete_size,
uptr delete_alignment,
BufferedStackTrace *free_stack); BufferedStackTrace *free_stack);
void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack); void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack);
void ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack); void ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack);
void ReportAllocTypeMismatch(uptr addr, BufferedStackTrace *free_stack, void ReportAllocTypeMismatch(uptr addr, BufferedStackTrace *free_stack,
AllocType alloc_type, AllocType alloc_type,
AllocType dealloc_type); AllocType dealloc_type);
void ReportMallocUsableSizeNotOwned(uptr addr, BufferedStackTrace *stack); void ReportMallocUsableSizeNotOwned(uptr addr, BufferedStackTrace *stack);
void ReportSanitizerGetAllocatedSizeNotOwned(uptr addr, void ReportSanitizerGetAllocatedSizeNotOwned(uptr addr,
Show All 23 Lines

compiler-rt/trunk/lib/asan/asan_report.cc

Show First 20 LinesShow All 210 Lines▼ Show 20 Lines
} }
void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack) { void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report;
ErrorDoubleFree error(GetCurrentTidOrInvalid(), free_stack, addr); ErrorDoubleFree error(GetCurrentTidOrInvalid(), free_stack, addr);
in_report.ReportError(error); in_report.ReportError(error);
} }
void ReportNewDeleteSizeMismatch(uptr addr, uptr delete_size, void ReportNewDeleteTypeMismatch(uptr addr, uptr delete_size,
uptr delete_alignment,
BufferedStackTrace *free_stack) { BufferedStackTrace *free_stack) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report;
ErrorNewDeleteSizeMismatch error(GetCurrentTidOrInvalid(), free_stack, addr, ErrorNewDeleteTypeMismatch error(GetCurrentTidOrInvalid(), free_stack, addr,
delete_size); delete_size, delete_alignment);
in_report.ReportError(error); in_report.ReportError(error);
} }
void ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack) { void ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report;
ErrorFreeNotMalloced error(GetCurrentTidOrInvalid(), free_stack, addr); ErrorFreeNotMalloced error(GetCurrentTidOrInvalid(), free_stack, addr);
in_report.ReportError(error); in_report.ReportError(error);
} }
▲ Show 20 LinesShow All 215 LinesShow Last 20 Lines

compiler-rt/trunk/test/asan/TestCases/Linux/aligned_delete_test.cc

// RUN: %clangxx_asan -std=c++1z -faligned-allocation -fsanitize-recover=address -O0 %s -o %t
// RUN: %env_asan_opts=new_delete_type_mismatch=1:halt_on_error=false:detect_leaks=false %run %t 2>&1 | FileCheck %s
// RUN: %env_asan_opts=new_delete_type_mismatch=0 %run %t
// RUN: %clangxx_asan -std=c++1z -faligned-allocation -fsized-deallocation -fsanitize-recover=address -O0 %s -o %t
// RUN: %env_asan_opts=new_delete_type_mismatch=1:halt_on_error=false:detect_leaks=false %run %t 2>&1 | FileCheck %s
// RUN: %env_asan_opts=new_delete_type_mismatch=0 %run %t
// REQUIRES: asan-static-runtime
#include <stdio.h>
// Define all new/delete to do not depend on the version provided by the
// plaform. The implementation is provided by ASan anyway.
namespace std {
struct nothrow_t {};
static const nothrow_t nothrow;
enum class align_val_t : size_t {};
} // namespace std
void *operator new(size_t);
void *operator new[](size_t);
void *operator new(size_t, std::nothrow_t const&);
void *operator new[](size_t, std::nothrow_t const&);
void *operator new(size_t, std::align_val_t);
void *operator new[](size_t, std::align_val_t);
void *operator new(size_t, std::align_val_t, std::nothrow_t const&);
void *operator new[](size_t, std::align_val_t, std::nothrow_t const&);
void operator delete(void*) throw();
void operator delete[](void*) throw();
void operator delete(void*, std::nothrow_t const&);
void operator delete[](void*, std::nothrow_t const&);
void operator delete(void*, size_t) throw();
void operator delete[](void*, size_t) throw();
void operator delete(void*, std::align_val_t) throw();
void operator delete[](void*, std::align_val_t) throw();
void operator delete(void*, std::align_val_t, std::nothrow_t const&);
void operator delete[](void*, std::align_val_t, std::nothrow_t const&);
void operator delete(void*, size_t, std::align_val_t) throw();
void operator delete[](void*, size_t, std::align_val_t) throw();
template<typename T>
inline T* break_optimization(T *arg) {
__asm__ __volatile__("" : : "r" (arg) : "memory");
return arg;
}
struct S12 { int a, b, c; };
struct alignas(128) S12_128 { int a, b, c; };
struct alignas(256) S12_256 { int a, b, c; };
struct alignas(512) S1024_512 { char a[1024]; };
struct alignas(1024) S1024_1024 { char a[1024]; };
int main(int argc, char **argv) {
fprintf(stderr, "Testing valid cases\n");
delete break_optimization(new S12);
operator delete(break_optimization(new S12), std::nothrow);
delete [] break_optimization(new S12[100]);
operator delete[](break_optimization(new S12[100]), std::nothrow);
delete break_optimization(new S12_128);
operator delete(break_optimization(new S12_128),
std::align_val_t(alignof(S12_128)));
operator delete(break_optimization(new S12_128),
std::align_val_t(alignof(S12_128)), std::nothrow);
operator delete(break_optimization(new S12_128), sizeof(S12_128),
std::align_val_t(alignof(S12_128)));
delete [] break_optimization(new S12_128[100]);
operator delete[](break_optimization(new S12_128[100]),
std::align_val_t(alignof(S12_128)));
operator delete[](break_optimization(new S12_128[100]),
std::align_val_t(alignof(S12_128)), std::nothrow);
operator delete[](break_optimization(new S12_128[100]), sizeof(S12_128[100]),
std::align_val_t(alignof(S12_128)));
fprintf(stderr, "Done\n");
// CHECK: Testing valid cases
// CHECK-NEXT: Done
// Explicit mismatched calls.
operator delete(break_optimization(new S12_128), std::nothrow);
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 128 bytes;
// CHECK: alignment of the deallocated type: default-aligned.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
operator delete(break_optimization(new S12_128), sizeof(S12_128));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 128 bytes;
// CHECK: alignment of the deallocated type: default-aligned.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
operator delete[](break_optimization(new S12_128[100]), std::nothrow);
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 128 bytes;
// CHECK: alignment of the deallocated type: default-aligned.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
operator delete[](break_optimization(new S12_128[100]), sizeof(S12_128[100]));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 128 bytes;
// CHECK: alignment of the deallocated type: default-aligned.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
// Various mismatched alignments.
delete break_optimization(reinterpret_cast<S12*>(new S12_256));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 256 bytes;
// CHECK: alignment of the deallocated type: default-aligned.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
delete break_optimization(reinterpret_cast<S12_256*>(new S12));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: default-aligned;
// CHECK: alignment of the deallocated type: 256 bytes.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
delete break_optimization(reinterpret_cast<S12_128*>(new S12_256));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 256 bytes;
// CHECK: alignment of the deallocated type: 128 bytes.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
delete [] break_optimization(reinterpret_cast<S12*>(new S12_256[100]));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 256 bytes;
// CHECK: alignment of the deallocated type: default-aligned.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
delete [] break_optimization(reinterpret_cast<S12_256*>(new S12[100]));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: default-aligned;
// CHECK: alignment of the deallocated type: 256 bytes.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
delete [] break_optimization(reinterpret_cast<S12_128*>(new S12_256[100]));
// CHECK: AddressSanitizer: new-delete-type-mismatch
// CHECK: object passed to delete has wrong type:
// CHECK: alignment of the allocated type: 256 bytes;
// CHECK: alignment of the deallocated type: 128 bytes.
// CHECK: SUMMARY: AddressSanitizer: new-delete-type-mismatch
// Push ASan limits, the current limitation is that it cannot differentiate
// alignments above 512 bytes.
fprintf(stderr, "Checking alignments >= 512 bytes\n");
delete break_optimization(reinterpret_cast<S1024_512*>(new S1024_1024));
fprintf(stderr, "Done\n");
// CHECK: Checking alignments >= 512 bytes
// CHECK-NEXT: Done
}