Index: test/Instrumentation/AddressSanitizer/OptKnownBounds/loop-invalid-end-heap.ll |
diff --git a/test/Instrumentation/AddressSanitizer/OptKnownBounds/loop-invalid-end-heap.ll b/test/Instrumentation/AddressSanitizer/OptKnownBounds/loop-invalid-end-heap.ll |
new file mode 100644 |
index 0000000000000000000000000000000000000000..e88e99924d206c21abc2bfa6ee2796f4bd0253a9 |
--- /dev/null |
+++ b/test/Instrumentation/AddressSanitizer/OptKnownBounds/loop-invalid-end-heap.ll |
@@ -0,0 +1,55 @@ |
+; Access an invalid (off by 1 at the end) continuous range of a heap array in a single loop. |
+ |
+; RUN: opt < %s -asan -S -asan-opt=1 -asan-opt-known-bounds=1 | FileCheck %s -check-prefix=OPT1 |
+; RUN: opt < %s -asan -S -asan-opt=0 | FileCheck %s -check-prefix=OPT0 |
+ |
+target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" |
+target triple = "x86_64-unknown-linux-gnu" |
+ |
+define noalias i32* @example(i64 %n) address_safety nounwind uwtable { |
+entry: |
+ %mul = shl i64 %n, 2 |
+ %call = tail call noalias i8* @malloc(i64 %mul) nounwind |
+ %0 = bitcast i8* %call to i32* |
+ %tobool = icmp eq i8* %call, null |
+ br i1 %tobool, label %if.end, label %for.cond.preheader |
+ |
+for.cond.preheader: ; preds = %entry |
+ %1 = add i64 %n, 1 |
+ br label %for.body |
+ |
+for.body: ; preds = %for.cond.preheader, %for.body |
+ %indvars.iv = phi i64 [ 0, %for.cond.preheader ], [ %indvars.iv.next, %for.body ] |
+ %arrayidx = getelementptr inbounds i32* %0, i64 %indvars.iv |
+ %2 = trunc i64 %indvars.iv to i32 |
+ store i32 %2, i32* %arrayidx, align 4 |
+ %indvars.iv.next = add i64 %indvars.iv, 1 |
+ %exitcond = icmp eq i64 %indvars.iv.next, %1 |
+ br i1 %exitcond, label %if.end, label %for.body |
+ |
+if.end: ; preds = %for.body, %entry |
+ ret i32* %0 |
+} |
+ |
+declare noalias i8* @malloc(i64) nounwind |
+ |
+; OPT1: @example |
+; OPT1: call void @__asan_report_ |
+; OPT1-NOT: call void @__asan_report_ |
+; OPT1: @asan.module_ctor |
+ |
+; OPT0: @example |
+; OPT0: call void @__asan_report_ |
+; OPT0-NOT: call void @__asan_report_ |
+; OPT0: @asan.module_ctor |
+ |
+; C-example: #include <stdlib.h> |
+; C-example: |
+; C-example: int* example(size_t n) { |
+; C-example: int *array = malloc(n * sizeof(int)); |
+; C-example: if(array) { |
+; C-example: for(int i = 0; i <= n; ++i) |
+; C-example: array[i] = i; // BUG (if i == n) |
+; C-example: } |
+; C-example: return array; |
+; C-example: } |