1; Regular stack poisoning. 2; RUN: opt < %s -asan -asan-module -enable-new-pm=0 -asan-use-after-scope=0 -S | FileCheck --check-prefixes=CHECK,ENTRY,EXIT %s 3; RUN: opt < %s -passes='asan-pipeline' -asan-use-after-scope=0 -S | FileCheck --check-prefixes=CHECK,ENTRY,EXIT %s 4 5; Stack poisoning with stack-use-after-scope. 6; RUN: opt < %s -asan -asan-module -enable-new-pm=0 -asan-use-after-scope=1 -S | FileCheck --check-prefixes=CHECK,ENTRY-UAS,EXIT-UAS %s 7; RUN: opt < %s -passes='asan-pipeline' -asan-use-after-scope=1 -S | FileCheck --check-prefixes=CHECK,ENTRY-UAS,EXIT-UAS %s 8 9target datalayout = "e-i64:64-f80:128-s:64-n8:16:32:64-S128" 10target triple = "x86_64-unknown-linux-gnu" 11 12declare void @Foo(i8*) 13 14define void @Bar() uwtable sanitize_address { 15entry: 16 %x = alloca [650 x i8], align 16 17 %xx = getelementptr inbounds [650 x i8], [650 x i8]* %x, i64 0, i64 0 18 19 %y = alloca [13 x i8], align 1 20 %yy = getelementptr inbounds [13 x i8], [13 x i8]* %y, i64 0, i64 0 21 22 %z = alloca [40 x i8], align 1 23 %zz = getelementptr inbounds [40 x i8], [40 x i8]* %z, i64 0, i64 0 24 25 ; CHECK: [[SHADOW_BASE:%[0-9]+]] = add i64 %{{[0-9]+}}, 2147450880 26 27 ; F1F1F1F1 28 ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0 29 ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 30 ; ENTRY-NEXT: store [[TYPE]] -235802127, [[TYPE]]* [[PTR]], align 1 31 32 ; 02F2F2F2F2F2F2F2 33 ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85 34 ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 35 ; ENTRY-NEXT: store [[TYPE]] -940422246894996990, [[TYPE]]* [[PTR]], align 1 36 37 ; F2F2F2F2F2F2F2F2 38 ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 93 39 ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 40 ; ENTRY-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1 41 42 ; F20005F2F2000000 43 ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 101 44 ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 45 ; ENTRY-NEXT: store [[TYPE]] 1043442499826, [[TYPE]]* [[PTR]], align 1 46 47 ; F3F3F3F3 48 ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 111 49 ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 50 ; ENTRY-NEXT: store [[TYPE]] -202116109, [[TYPE]]* [[PTR]], align 1 51 52 ; F3 53 ; ENTRY-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 115 54 ; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]* 55 ; ENTRY-NEXT: store [[TYPE]] -13, [[TYPE]]* [[PTR]], align 1 56 57 ; F1F1F1F1 58 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0 59 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 60 ; ENTRY-UAS-NEXT: store [[TYPE]] -235802127, [[TYPE]]* [[PTR]], align 1 61 62 ; F8F8F8... 63 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4 64 ; ENTRY-UAS-NEXT: call void @__asan_set_shadow_f8(i64 [[OFFSET]], i64 82) 65 66 ; F2F2F2F2F2F2F2F2 67 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 86 68 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 69 ; ENTRY-UAS-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1 70 71 ; F2F2F2F2F2F2F2F2 72 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 94 73 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 74 ; ENTRY-UAS-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1 75 76 ; F8F8F2F2F8F8F8F8 77 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102 78 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 79 ; ENTRY-UAS-NEXT: store [[TYPE]] -506381209967593224, [[TYPE]]* [[PTR]], align 1 80 81 ; F8F3F3F3 82 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110 83 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 84 ; ENTRY-UAS-NEXT: store [[TYPE]] -202116104, [[TYPE]]* [[PTR]], align 1 85 86 ; F3F3 87 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 114 88 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]* 89 ; ENTRY-UAS-NEXT: store [[TYPE]] -3085, [[TYPE]]* [[PTR]], align 1 90 91 ; CHECK-LABEL: %xx = getelementptr inbounds 92 ; CHECK-NEXT: %yy = getelementptr inbounds 93 ; CHECK-NEXT: %zz = getelementptr inbounds 94 95 96 call void @llvm.lifetime.start.p0i8(i64 650, i8* %xx) 97 ; 0000... 98 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4 99 ; ENTRY-UAS-NEXT: call void @__asan_set_shadow_00(i64 [[OFFSET]], i64 81) 100 ; 02 101 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85 102 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]* 103 ; ENTRY-UAS-NEXT: store [[TYPE]] 2, [[TYPE]]* [[PTR]], align 1 104 105 ; CHECK-NEXT: call void @llvm.lifetime.start.p0i8(i64 650, i8* %xx) 106 107 call void @Foo(i8* %xx) 108 ; CHECK-NEXT: call void @Foo(i8* %xx) 109 110 call void @llvm.lifetime.end.p0i8(i64 650, i8* %xx) 111 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4 112 ; ENTRY-UAS-NEXT: call void @__asan_set_shadow_f8(i64 [[OFFSET]], i64 82) 113 114 ; CHECK-NEXT: call void @llvm.lifetime.end.p0i8(i64 650, i8* %xx) 115 116 117 call void @llvm.lifetime.start.p0i8(i64 13, i8* %yy) 118 ; 0005 119 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102 120 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]* 121 ; ENTRY-UAS-NEXT: store [[TYPE]] 1280, [[TYPE]]* [[PTR]], align 1 122 123 ; CHECK-NEXT: call void @llvm.lifetime.start.p0i8(i64 13, i8* %yy) 124 125 call void @Foo(i8* %yy) 126 ; CHECK-NEXT: call void @Foo(i8* %yy) 127 128 call void @llvm.lifetime.end.p0i8(i64 13, i8* %yy) 129 ; F8F8 130 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102 131 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]* 132 ; ENTRY-UAS-NEXT: store [[TYPE]] -1800, [[TYPE]]* [[PTR]], align 1 133 134 ; CHECK-NEXT: call void @llvm.lifetime.end.p0i8(i64 13, i8* %yy) 135 136 137 call void @llvm.lifetime.start.p0i8(i64 40, i8* %zz) 138 ; 00000000 139 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 106 140 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 141 ; ENTRY-UAS-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 142 ; 00 143 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110 144 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]* 145 ; ENTRY-UAS-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 146 147 ; CHECK-NEXT: call void @llvm.lifetime.start.p0i8(i64 40, i8* %zz) 148 149 call void @Foo(i8* %zz) 150 ; CHECK-NEXT: call void @Foo(i8* %zz) 151 152 call void @llvm.lifetime.end.p0i8(i64 40, i8* %zz) 153 ; F8F8F8F8 154 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 106 155 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 156 ; ENTRY-UAS-NEXT: store [[TYPE]] -117901064, [[TYPE]]* [[PTR]], align 1 157 ; F8 158 ; ENTRY-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110 159 ; ENTRY-UAS-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]* 160 ; ENTRY-UAS-NEXT: store [[TYPE]] -8, [[TYPE]]* [[PTR]], align 1 161 162 ; CHECK-NEXT: call void @llvm.lifetime.end.p0i8(i64 40, i8* %zz) 163 164 ; CHECK: {{^[0-9]+}}: 165 166 ; CHECK-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0 167 ; CHECK-NEXT: call void @__asan_set_shadow_f5(i64 [[OFFSET]], i64 128) 168 169 ; CHECK-NOT: add i64 [[SHADOW_BASE]] 170 171 ; CHECK: {{^[0-9]+}}: 172 173 ; 00000000 174 ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0 175 ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 176 ; EXIT-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 177 178 ; 0000000000000000 179 ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85 180 ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 181 ; EXIT-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 182 183 ; 0000000000000000 184 ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 93 185 ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 186 ; EXIT-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 187 188 ; 0000000000000000 189 ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 101 190 ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]* 191 ; EXIT-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 192 193 ; 00000000 194 ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 111 195 ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]* 196 ; EXIT-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 197 198 ; 00 199 ; EXIT-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 115 200 ; EXIT-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]* 201 ; EXIT-NEXT: store [[TYPE]] 0, [[TYPE]]* [[PTR]], align 1 202 203 ; 0000... 204 ; EXIT-UAS-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0 205 ; EXIT-UAS-NEXT: call void @__asan_set_shadow_00(i64 [[OFFSET]], i64 116) 206 207 ; CHECK-NOT: add i64 [[SHADOW_BASE]] 208 209 ret void 210 ; CHECK: {{^[0-9]+}}: 211 ; CHECK: ret void 212} 213 214declare void @foo(i32*) 215define void @PR41481(i1 %b) sanitize_address { 216; CHECK-LABEL: @PR41481 217entry: 218 %p1 = alloca i32 219 %p2 = alloca i32 220 %q1 = bitcast i32* %p1 to i8* 221 %q2 = bitcast i32* %p2 to i8* 222 br label %bb1 223 224 ; Since we cannot account for all lifetime intrinsics in this function, we 225 ; might have missed a lifetime.start one and therefore shouldn't poison the 226 ; allocas at function entry. 227 ; ENTRY: store i64 -935356719533264399 228 ; ENTRY-UAS: store i64 -935356719533264399 229 230bb1: 231 %p = select i1 %b, i32* %p1, i32* %p2 232 %q = select i1 %b, i8* %q1, i8* %q2 233 call void @llvm.lifetime.start.p0i8(i64 4, i8* %q) 234 call void @foo(i32* %p) 235 br i1 %b, label %bb2, label %bb3 236 237bb2: 238 call void @llvm.lifetime.end.p0i8(i64 4, i8* %q1) 239 br label %end 240 241bb3: 242 call void @llvm.lifetime.end.p0i8(i64 4, i8* %q2) 243 br label %end 244 245end: 246 ret void 247} 248 249 250declare void @llvm.lifetime.start.p0i8(i64, i8* nocapture) 251declare void @llvm.lifetime.end.p0i8(i64, i8* nocapture) 252 253; CHECK-ON: declare void @__asan_set_shadow_00(i64, i64) 254; CHECK-ON: declare void @__asan_set_shadow_f1(i64, i64) 255; CHECK-ON: declare void @__asan_set_shadow_f2(i64, i64) 256; CHECK-ON: declare void @__asan_set_shadow_f3(i64, i64) 257; CHECK-ON: declare void @__asan_set_shadow_f5(i64, i64) 258; CHECK-ON: declare void @__asan_set_shadow_f8(i64, i64) 259 260; CHECK-OFF-NOT: declare void @__asan_set_shadow_ 261