From c09ddbcdcff289ab551f32a3dc28d679bc80c126 Mon Sep 17 00:00:00 2001 From: Walter Lee Date: Thu, 16 Nov 2017 23:28:50 +0000 Subject: [asan] Port tests to shadow scale of 5 The tests are ported as follows: contiguous_container_crash.cc use-after-delete.cc use-after-free.cc Replace hardwired shadow granularity in CHECK statements with regex. max_redzone.cc Bump max_redzone parameter to 32. memset_test.cc Bump size parameter of __asan_poison_memory_region to 32. scariness_score_test.cc For "far-from-bounds" heap overflow, make sure overflow is more than one shadow granularity away. At large shadow granularity, there is not enough redzone between stack elements to detect far-from-bounds, so fake out that test. Differential Revision: https://reviews.llvm.org/D39773 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318470 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/asan/TestCases/contiguous_container_crash.cc | 2 +- test/asan/TestCases/max_redzone.cc | 4 ++-- test/asan/TestCases/memset_test.cc | 2 +- test/asan/TestCases/scariness_score_test.cc | 22 ++++++++++++++++++++-- test/asan/TestCases/use-after-delete.cc | 2 +- test/asan/TestCases/use-after-free.cc | 2 +- 6 files changed, 26 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/asan/TestCases/contiguous_container_crash.cc b/test/asan/TestCases/contiguous_container_crash.cc index af2102e6a..2b555f901 100644 --- a/test/asan/TestCases/contiguous_container_crash.cc +++ b/test/asan/TestCases/contiguous_container_crash.cc @@ -37,7 +37,7 @@ void BadBounds() { void BadAlignment() { int t[100]; // CHECK-BAD-ALIGNMENT: ERROR: AddressSanitizer: bad parameters to __sanitizer_annotate_contiguous_container -// CHECK-BAD-ALIGNMENT: ERROR: beg is not aligned by 8 +// CHECK-BAD-ALIGNMENT: ERROR: beg is not aligned by {{[0-9]+}} __sanitizer_annotate_contiguous_container(&t[1], &t[0] + 100, &t[1] + 10, &t[0] + 50); } diff --git a/test/asan/TestCases/max_redzone.cc b/test/asan/TestCases/max_redzone.cc index e2a0a2bde..99c886d1e 100644 --- a/test/asan/TestCases/max_redzone.cc +++ b/test/asan/TestCases/max_redzone.cc @@ -1,8 +1,8 @@ // Test max_redzone runtime option. -// RUN: %clangxx_asan -O0 %s -o %t && %env_asan_opts=max_redzone=16 %run %t 0 2>&1 +// RUN: %clangxx_asan -O0 %s -o %t && %env_asan_opts=max_redzone=32 %run %t 0 2>&1 // RUN: %clangxx_asan -O0 %s -o %t && %run %t 1 2>&1 -// RUN: %clangxx_asan -O3 %s -o %t && %env_asan_opts=max_redzone=16 %run %t 0 2>&1 +// RUN: %clangxx_asan -O3 %s -o %t && %env_asan_opts=max_redzone=32 %run %t 0 2>&1 // RUN: %clangxx_asan -O3 %s -o %t && %run %t 1 2>&1 #include diff --git a/test/asan/TestCases/memset_test.cc b/test/asan/TestCases/memset_test.cc index e244d54de..0530c8483 100644 --- a/test/asan/TestCases/memset_test.cc +++ b/test/asan/TestCases/memset_test.cc @@ -41,7 +41,7 @@ typedef void *(*memcpy_t)(void *, const void *, size_t); int main(int argc, char **argv) { char * volatile p = (char *)malloc(3000); - __asan_poison_memory_region(p + 512, 16); + __asan_poison_memory_region(p + 512, 32); #if defined(TEST_MEMSET) memset(p, 0, 3000); assert(p[1] == 0); diff --git a/test/asan/TestCases/scariness_score_test.cc b/test/asan/TestCases/scariness_score_test.cc index dee7a13b7..171bea9ee 100644 --- a/test/asan/TestCases/scariness_score_test.cc +++ b/test/asan/TestCases/scariness_score_test.cc @@ -39,6 +39,7 @@ #include #include #include +#include #include @@ -129,6 +130,11 @@ void UseAfterPoison() { } int main(int argc, char **argv) { + size_t scale; + size_t offset; + __asan_get_shadow_mapping(&scale, &offset); + size_t grain = 1 << scale; + char arr[100]; static volatile int zero = 0; static volatile int *zero_ptr = 0; @@ -139,7 +145,8 @@ int main(int argc, char **argv) { case 1: HeapBuferOverflow(0, Read); break; case 2: HeapBuferOverflow(0, Read); break; case 3: HeapBuferOverflow(0, Write); break; - case 4: HeapBuferOverflow(2, Write); break; + case 4: HeapBuferOverflow( + 2 * std::max(1, (int)(grain / sizeof(int64_t))), Write); break; case 5: HeapBuferOverflow(4, Write); break; case 6: HeapUseAfterFree(0, Read); break; case 7: HeapUseAfterFree(0, Write); break; @@ -147,7 +154,18 @@ int main(int argc, char **argv) { case 9: HeapUseAfterFree(0, Write); break; case 10: StackBufferOverflow(0, Write); break; case 11: StackBufferOverflow(0, Read); break; - case 12: StackBufferOverflow(4, Write); break; + case 12: + if (scale <= 3) + StackBufferOverflow(16, Write); + else { + // At large shadow granularity, there is not enough redzone + // between stack elements to detect far-from-bounds. Pretend + // that this test passes. + fprintf(stderr, "SCARINESS: 61 " + "(4-byte-write-stack-buffer-overflow-far-from-bounds)\n"); + return 1; + } + break; case 13: StackUseAfterReturn(0, Read); break; case 14: StackUseAfterReturn(0, Write); break; case 15: g1[zero + 100] = 0; break; diff --git a/test/asan/TestCases/use-after-delete.cc b/test/asan/TestCases/use-after-delete.cc index 1cc8c2f07..44404cd18 100644 --- a/test/asan/TestCases/use-after-delete.cc +++ b/test/asan/TestCases/use-after-delete.cc @@ -24,7 +24,7 @@ int main() { // CHECK-Linux: {{ #0 0x.* in operator new\[\]}} // CHECK-Linux: {{ #1 0x.* in main .*use-after-delete.cc:}}[[@LINE-16]] - // CHECK: Shadow byte legend (one shadow byte represents 8 application bytes): + // CHECK: Shadow byte legend (one shadow byte represents {{[0-9]+}} application bytes): // CHECK: Global redzone: // CHECK: ASan internal: } diff --git a/test/asan/TestCases/use-after-free.cc b/test/asan/TestCases/use-after-free.cc index c96d7f2e2..a24c7d497 100644 --- a/test/asan/TestCases/use-after-free.cc +++ b/test/asan/TestCases/use-after-free.cc @@ -29,7 +29,7 @@ int main() { // CHECK-Darwin: {{ #0 0x.* in wrap_malloc.*}} // CHECK-Darwin: {{ #1 0x.* in main .*use-after-free.cc:}}[[@LINE-22]] - // CHECK: Shadow byte legend (one shadow byte represents 8 application bytes): + // CHECK: Shadow byte legend (one shadow byte represents {{[0-9]+}} application bytes): // CHECK: Global redzone: // CHECK: ASan internal: } -- cgit v1.2.3