43 lines · cpp
1// Test that use-after-return works with arguments passed by value.2// RUN: %clangxx_asan -O0 %s -o %t3// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | \4// RUN: FileCheck --check-prefix=CHECK-NO-UAR %s5// RUN: not %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | \6// RUN: FileCheck --check-prefix=CHECK-UAR %s7// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=never && \8// RUN: %run %t 2>&1 | FileCheck --check-prefix=CHECK-NO-UAR %s9// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always && \10// RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-UAR %s11//12// On several architectures, the IR does not use byval arguments for foo() and13// instead creates a copy in main() and gives foo() a pointer to the copy. In14// that case, ASAN has nothing to poison on return from foo() and will not15// detect the UAR.16// REQUIRES: x86_64-target-arch, linux, !android17 18#include <cstdio>19 20struct A {21 int a[8];22};23 24A *foo(A a) {25 return &a;26}27 28int main() {29 A *a = foo(A());30 a->a[0] = 7;31 std::fprintf(stderr, "\n"); // Ensures some output is generated for FileCheck32 // to verify in the case where UAR is not33 // detected.34}35 36// CHECK-NO-UAR-NOT: ERROR: AddressSanitizer: stack-use-after-return37// CHECK-NO-UAR-NOT: WRITE of size 4 at38// CHECK-NO-UAR-NOT: Memory access at offset {{[0-9]+}} is inside this variable39//40// CHECK-UAR: ERROR: AddressSanitizer: stack-use-after-return41// CHECK-UAR: WRITE of size 4 at42// CHECK-UAR: Memory access at offset {{[0-9]+}} is inside this variable43