1; RUN: opt < %s -asan -asan-module -asan-stack-dynamic-alloca \ 2; RUN: -asan-use-after-return -S -enable-new-pm=0 | FileCheck %s 3; RUN: opt < %s -passes='asan-pipeline' -asan-stack-dynamic-alloca \ 4; RUN: -asan-use-after-return -S | FileCheck %s 5; RUN: opt < %s -asan -asan-module -asan-stack-dynamic-alloca -asan-mapping-scale=5 \ 6; RUN: -asan-use-after-return -S -enable-new-pm=0 | FileCheck %s 7; RUN: opt < %s -passes='asan-pipeline' -asan-stack-dynamic-alloca -asan-mapping-scale=5 \ 8; RUN: -asan-use-after-return -S | FileCheck %s 9target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" 10target triple = "x86_64-unknown-linux-gnu" 11 12define void @Func1() sanitize_address { 13entry: 14; CHECK-LABEL: Func1 15 16; CHECK: entry: 17; CHECK: load i32, i32* @__asan_option_detect_stack_use_after_return 18 19; CHECK: [[UAR_ENABLED_BB:^[0-9]+]]: 20; CHECK: [[FAKE_STACK_RT:%[0-9]+]] = call i64 @__asan_stack_malloc_ 21 22; CHECK: [[FAKE_STACK_BB:^[0-9]+]]: 23; CHECK: [[FAKE_STACK:%[0-9]+]] = phi i64 [ 0, %entry ], [ [[FAKE_STACK_RT]], %[[UAR_ENABLED_BB]] ] 24; CHECK: icmp eq i64 [[FAKE_STACK]], 0 25 26; CHECK: [[NO_FAKE_STACK_BB:^[0-9]+]]: 27; CHECK: %MyAlloca = alloca i8, i64 28; CHECK: [[ALLOCA:%[0-9]+]] = ptrtoint i8* %MyAlloca 29 30; CHECK: phi i64 [ [[FAKE_STACK]], %[[FAKE_STACK_BB]] ], [ [[ALLOCA]], %[[NO_FAKE_STACK_BB]] ] 31 32; CHECK: ret void 33 34 %XXX = alloca [20 x i8], align 1 35 %arr.ptr = bitcast [20 x i8]* %XXX to i8* 36 store volatile i8 0, i8* %arr.ptr 37 ret void 38} 39 40; Test that dynamic alloca is not used for functions with inline assembly. 41define void @Func2() sanitize_address { 42entry: 43; CHECK-LABEL: Func2 44; CHECK: alloca [96 x i8] 45; CHECK: ret void 46 47 %XXX = alloca [20 x i8], align 1 48 %arr.ptr = bitcast [20 x i8]* %XXX to i8* 49 store volatile i8 0, i8* %arr.ptr 50 call void asm sideeffect "mov %%rbx, %%rcx", "~{dirflag},~{fpsr},~{flags}"() nounwind 51 ret void 52} 53 54; Test that dynamic alloca is not used when setjmp is present. 55%struct.__jmp_buf_tag = type { [8 x i64], i32, %struct.__sigset_t } 56%struct.__sigset_t = type { [16 x i64] } 57@_ZL3buf = internal global [1 x %struct.__jmp_buf_tag] zeroinitializer, align 16 58 59define void @Func3() uwtable sanitize_address { 60; CHECK-LABEL: define void @Func3 61; CHECK-NOT: __asan_option_detect_stack_use_after_return 62; CHECK-NOT: __asan_stack_malloc 63; CHECK: call void @__asan_handle_no_return 64; CHECK: call void @longjmp 65; CHECK: ret void 66entry: 67 %a = alloca i32, align 4 68 %call = call i32 @_setjmp(%struct.__jmp_buf_tag* getelementptr inbounds ([1 x %struct.__jmp_buf_tag], [1 x %struct.__jmp_buf_tag]* @_ZL3buf, i32 0, i32 0)) nounwind returns_twice 69 %cmp = icmp eq i32 0, %call 70 br i1 %cmp, label %if.then, label %if.end 71 72if.then: ; preds = %entry 73 call void @longjmp(%struct.__jmp_buf_tag* getelementptr inbounds ([1 x %struct.__jmp_buf_tag], [1 x %struct.__jmp_buf_tag]* @_ZL3buf, i32 0, i32 0), i32 1) noreturn nounwind 74 unreachable 75 76if.end: ; preds = %entry 77 call void @_Z10escape_ptrPi(i32* %a) 78 ret void 79} 80 81declare i32 @_setjmp(%struct.__jmp_buf_tag*) nounwind returns_twice 82declare void @longjmp(%struct.__jmp_buf_tag*, i32) noreturn nounwind 83declare void @_Z10escape_ptrPi(i32*) 84