1; Test that the quarantine for recently freed objects works 2 3; REQUIRES: no_minimal_build 4 5; Test with an illegal load from a freed block 6; RUN: llvm-as %s -o - | pnacl-freeze > %t.pexe && %S/../../pydir/szbuild.py \ 7; RUN: --fsanitize-address --sz=-allow-externally-defined-symbols \ 8; RUN: %t.pexe -o %t && %t 2>&1 | FileCheck --check-prefix=LOAD %s 9; RUN: llvm-as %s -o - | pnacl-freeze > %t.pexe && %S/../../pydir/szbuild.py \ 10; RUN: --fsanitize-address --sz=-allow-externally-defined-symbols -O2 \ 11; RUN: %t.pexe -o %t && %t 2>&1 | FileCheck --check-prefix=LOAD %s 12 13; Test with an illegal store to a freed block 14; RUN: llvm-as %s -o - | pnacl-freeze > %t.pexe && %S/../../pydir/szbuild.py \ 15; RUN: --fsanitize-address --sz=-allow-externally-defined-symbols \ 16; RUN: %t.pexe -o %t && %t 1 2>&1 | FileCheck --check-prefix=STORE %s 17; RUN: llvm-as %s -o - | pnacl-freeze > %t.pexe && %S/../../pydir/szbuild.py \ 18; RUN: --fsanitize-address --sz=-allow-externally-defined-symbols -O2 \ 19; RUN: %t.pexe -o %t && %t 1 2>&1 | FileCheck --check-prefix=STORE %s 20 21; Test that freed objects eventually get out of quarantine and are unpoisoned 22; RUN: llvm-as %s -o - | pnacl-freeze > %t.pexe && %S/../../pydir/szbuild.py \ 23; RUN: --fsanitize-address --sz=-allow-externally-defined-symbols \ 24; RUN: %t.pexe -o %t && %t 1 2 2>&1 | FileCheck --check-prefix=NONE %s \ 25; RUN: --allow-empty 26; RUN: llvm-as %s -o - | pnacl-freeze > %t.pexe && %S/../../pydir/szbuild.py \ 27; RUN: --fsanitize-address --sz=-allow-externally-defined-symbols -O2 \ 28; RUN: %t.pexe -o %t && %t 1 2 2>&1 | FileCheck --check-prefix=NONE %s \ 29; RUN: --allow-empty 30 31declare external i32 @malloc(i32) 32declare external void @free(i32) 33declare external void @exit(i32) 34 35; make three 100MB allocations 36define void @_start(i32 %arg) { 37 %argcaddr = add i32 %arg, 8 38 %argcptr = inttoptr i32 %argcaddr to i32* 39 %argc = load i32, i32* %argcptr, align 1 40 %alloc1addr = call i32 @malloc(i32 104857600) 41 %alloc2addr = call i32 @malloc(i32 104857600) 42 %alloc3addr = call i32 @malloc(i32 104857600) 43 %alloc1 = inttoptr i32 %alloc1addr to i32* 44 %alloc2 = inttoptr i32 %alloc2addr to i32* 45 %alloc3 = inttoptr i32 %alloc3addr to i32* 46 call void @free(i32 %alloc1addr) 47 call void @free(i32 %alloc2addr) 48 call void @free(i32 %alloc3addr) 49 switch i32 %argc, label %error [i32 1, label %bad_load 50 i32 2, label %bad_store 51 i32 3, label %no_err] 52bad_load: 53 %result_load = load i32, i32* %alloc2, align 1 54 br label %error 55bad_store: 56 store i32 42, i32* %alloc3, align 1 57 br label %error 58no_err: 59 %result_no_err = load i32, i32* %alloc1, align 1 60 call void @exit(i32 0) 61 unreachable 62error: 63 call void @exit(i32 1) 64 unreachable 65} 66 67; LOAD: Illegal 4 byte load from freed object at 68; STORE: Illegal 4 byte store to freed object at 69; NONE-NOT: Illegal 70