aboutsummaryrefslogtreecommitdiff
path: root/test/asan
diff options
context:
space:
mode:
authorDimitry Andric <dim@FreeBSD.org>2015-01-07 19:55:37 +0000
committerDimitry Andric <dim@FreeBSD.org>2015-01-07 19:55:37 +0000
commitca9211ecdede9bdedb812b2243a4abdb8dacd1b9 (patch)
tree9b19e801150082c33e9152275829a6ce90614b55 /test/asan
parent8ef50bf3d1c287b5013c3168de77a462dfce3495 (diff)
downloadsrc-ca9211ecdede9bdedb812b2243a4abdb8dacd1b9.tar.gz
src-ca9211ecdede9bdedb812b2243a4abdb8dacd1b9.zip
Import compiler-rt trunk r224034.vendor/compiler-rt/compiler-rt-r224034
Notes
Notes: svn path=/vendor/compiler-rt/dist/; revision=276789 svn path=/vendor/compiler-rt/compiler-rt-r224034/; revision=276790; tag=vendor/compiler-rt/compiler-rt-r224034
Diffstat (limited to 'test/asan')
-rw-r--r--test/asan/CMakeLists.txt156
-rw-r--r--test/asan/TestCases/Android/coverage-android.cc67
-rw-r--r--test/asan/TestCases/Android/lit.local.cfg11
-rw-r--r--test/asan/TestCases/Darwin/asan_gen_prefixes.cc14
-rw-r--r--test/asan/TestCases/Darwin/cstring_literals_regtest.mm23
-rw-r--r--test/asan/TestCases/Darwin/dyld_insert_libraries_reexec.cc33
-rw-r--r--test/asan/TestCases/Darwin/interception-in-shared-lib-test.cc32
-rw-r--r--test/asan/TestCases/Darwin/interface_symbols_darwin.c39
-rw-r--r--test/asan/TestCases/Darwin/lit.local.cfg9
-rw-r--r--test/asan/TestCases/Darwin/malloc_set_zone_name-mprotect.cc51
-rw-r--r--test/asan/TestCases/Darwin/malloc_zone-protected.cc20
-rw-r--r--test/asan/TestCases/Darwin/objc-odr.mm23
-rw-r--r--test/asan/TestCases/Darwin/reexec-insert-libraries-env.cc25
-rw-r--r--test/asan/TestCases/Darwin/suppressions-darwin.cc34
-rw-r--r--test/asan/TestCases/Darwin/unset-insert-libraries-on-exec.cc25
-rw-r--r--test/asan/TestCases/Helpers/blacklist-extra.cc5
-rw-r--r--test/asan/TestCases/Helpers/echo-env.cc19
-rw-r--r--test/asan/TestCases/Helpers/init-order-atexit-extra.cc16
-rw-r--r--test/asan/TestCases/Helpers/init-order-pthread-create-extra.cc2
-rw-r--r--test/asan/TestCases/Helpers/initialization-blacklist-extra.cc15
-rw-r--r--test/asan/TestCases/Helpers/initialization-blacklist-extra2.cc4
-rw-r--r--test/asan/TestCases/Helpers/initialization-blacklist.txt3
-rw-r--r--test/asan/TestCases/Helpers/initialization-bug-extra.cc5
-rw-r--r--test/asan/TestCases/Helpers/initialization-bug-extra2.cc6
-rw-r--r--test/asan/TestCases/Helpers/initialization-constexpr-extra.cc3
-rw-r--r--test/asan/TestCases/Helpers/initialization-nobug-extra.cc9
-rw-r--r--test/asan/TestCases/Helpers/lit.local.cfg3
-rw-r--r--test/asan/TestCases/Linux/asan-asm-stacktrace-test.cc33
-rw-r--r--test/asan/TestCases/Linux/asan_dlopen_test.cc15
-rw-r--r--test/asan/TestCases/Linux/asan_prelink_test.cc29
-rw-r--r--test/asan/TestCases/Linux/asan_preload_test-1.cc30
-rw-r--r--test/asan/TestCases/Linux/asan_preload_test-2.cc24
-rw-r--r--test/asan/TestCases/Linux/asan_rt_confict_test-1.cc13
-rw-r--r--test/asan/TestCases/Linux/asan_rt_confict_test-2.cc25
-rw-r--r--test/asan/TestCases/Linux/clang_gcc_abi.cc44
-rw-r--r--test/asan/TestCases/Linux/clone_test.cc45
-rw-r--r--test/asan/TestCases/Linux/coverage-and-lsan.cc20
-rw-r--r--test/asan/TestCases/Linux/coverage-caller-callee-total-count.cc41
-rw-r--r--test/asan/TestCases/Linux/coverage-caller-callee.cc74
-rw-r--r--test/asan/TestCases/Linux/coverage-direct-large.cc45
-rw-r--r--test/asan/TestCases/Linux/coverage-direct.cc44
-rw-r--r--test/asan/TestCases/Linux/coverage-disabled.cc18
-rw-r--r--test/asan/TestCases/Linux/coverage-fork-direct.cc38
-rw-r--r--test/asan/TestCases/Linux/coverage-fork.cc38
-rw-r--r--test/asan/TestCases/Linux/coverage-levels.cc20
-rw-r--r--test/asan/TestCases/Linux/coverage-maybe-open-file.cc31
-rw-r--r--test/asan/TestCases/Linux/coverage-module-unloaded.cc56
-rw-r--r--test/asan/TestCases/Linux/coverage-sandboxing.cc85
-rw-r--r--test/asan/TestCases/Linux/coverage-tracing.cc22
-rw-r--r--test/asan/TestCases/Linux/coverage.cc71
-rw-r--r--test/asan/TestCases/Linux/function-sections-are-bad.cc41
-rw-r--r--test/asan/TestCases/Linux/globals-gc-sections.cc13
-rw-r--r--test/asan/TestCases/Linux/initialization-bug-any-order.cc36
-rw-r--r--test/asan/TestCases/Linux/interception-in-shared-lib-test.cc32
-rw-r--r--test/asan/TestCases/Linux/interception_malloc_test.cc23
-rw-r--r--test/asan/TestCases/Linux/interception_readdir_r_test.cc62
-rw-r--r--test/asan/TestCases/Linux/interception_test.cc22
-rw-r--r--test/asan/TestCases/Linux/interface_symbols_linux.c35
-rw-r--r--test/asan/TestCases/Linux/kernel-area.cc24
-rw-r--r--test/asan/TestCases/Linux/leak.cc16
-rw-r--r--test/asan/TestCases/Linux/lit.local.cfg9
-rw-r--r--test/asan/TestCases/Linux/malloc-in-qsort.cc56
-rw-r--r--test/asan/TestCases/Linux/malloc_delete_mismatch.cc33
-rw-r--r--test/asan/TestCases/Linux/odr-violation.cc42
-rw-r--r--test/asan/TestCases/Linux/overflow-in-qsort.cc51
-rw-r--r--test/asan/TestCases/Linux/preinit_test.cc33
-rw-r--r--test/asan/TestCases/Linux/ptrace.cc56
-rw-r--r--test/asan/TestCases/Linux/rlimit_mmap_test.cc16
-rw-r--r--test/asan/TestCases/Linux/shmctl.cc27
-rw-r--r--test/asan/TestCases/Linux/sized_delete_test.cc93
-rw-r--r--test/asan/TestCases/Linux/stack-trace-dlclose.cc45
-rw-r--r--test/asan/TestCases/Linux/stress_dtls.c116
-rw-r--r--test/asan/TestCases/Linux/swapcontext_test.cc90
-rw-r--r--test/asan/TestCases/Linux/syscalls.cc25
-rw-r--r--test/asan/TestCases/Linux/uar_signals.cc70
-rw-r--r--test/asan/TestCases/Linux/unpoison_tls.cc35
-rw-r--r--test/asan/TestCases/Posix/allow_user_segv.cc59
-rw-r--r--test/asan/TestCases/Posix/asan-symbolize-sanity-test.cc63
-rw-r--r--test/asan/TestCases/Posix/asprintf.cc20
-rw-r--r--test/asan/TestCases/Posix/assign_large_valloc_to_global.cc9
-rw-r--r--test/asan/TestCases/Posix/glob.cc33
-rw-r--r--test/asan/TestCases/Posix/glob_test_root/aa0
-rw-r--r--test/asan/TestCases/Posix/glob_test_root/ab0
-rw-r--r--test/asan/TestCases/Posix/glob_test_root/ba0
-rw-r--r--test/asan/TestCases/Posix/init-order-dlopen.cc72
-rw-r--r--test/asan/TestCases/Posix/ioctl.cc24
-rw-r--r--test/asan/TestCases/Posix/large_allocator_unpoisons_on_free.cc39
-rw-r--r--test/asan/TestCases/Posix/lit.local.cfg9
-rw-r--r--test/asan/TestCases/Posix/new_array_cookie_test.cc24
-rw-r--r--test/asan/TestCases/Posix/new_array_cookie_uaf_test.cc38
-rw-r--r--test/asan/TestCases/Posix/new_array_cookie_with_new_from_class.cc38
-rw-r--r--test/asan/TestCases/Posix/readv.cc32
-rw-r--r--test/asan/TestCases/Posix/shared-lib-test.cc57
-rw-r--r--test/asan/TestCases/Posix/start-deactivated.cc69
-rw-r--r--test/asan/TestCases/Posix/strerror_r_test.cc14
-rw-r--r--test/asan/TestCases/Posix/tsd_dtor_leak.cc39
-rw-r--r--test/asan/TestCases/Posix/wait.cc45
-rw-r--r--test/asan/TestCases/Posix/wait4.cc43
-rw-r--r--test/asan/TestCases/Posix/waitid.cc28
-rw-r--r--test/asan/TestCases/Windows/aligned_mallocs.cc29
-rw-r--r--test/asan/TestCases/Windows/allocators_sanity.cc37
-rw-r--r--test/asan/TestCases/Windows/beginthreadex.cc21
-rw-r--r--test/asan/TestCases/Windows/bitfield.cc21
-rw-r--r--test/asan/TestCases/Windows/bitfield_uaf.cc34
-rw-r--r--test/asan/TestCases/Windows/calloc_left_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/calloc_right_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/calloc_uaf.cc20
-rw-r--r--test/asan/TestCases/Windows/crt_initializers.cc31
-rw-r--r--test/asan/TestCases/Windows/demangled_names.cc50
-rw-r--r--test/asan/TestCases/Windows/dll_aligned_mallocs.cc34
-rw-r--r--test/asan/TestCases/Windows/dll_allocators_sanity.cc39
-rw-r--r--test/asan/TestCases/Windows/dll_and_lib.cc19
-rw-r--r--test/asan/TestCases/Windows/dll_cerr.cc23
-rw-r--r--test/asan/TestCases/Windows/dll_host.cc49
-rw-r--r--test/asan/TestCases/Windows/dll_intercept_memchr.cc21
-rw-r--r--test/asan/TestCases/Windows/dll_intercept_memcpy.cc32
-rw-r--r--test/asan/TestCases/Windows/dll_intercept_memcpy_indirect.cc34
-rw-r--r--test/asan/TestCases/Windows/dll_intercept_memset.cc32
-rw-r--r--test/asan/TestCases/Windows/dll_intercept_strlen.cc28
-rw-r--r--test/asan/TestCases/Windows/dll_large_function.cc12
-rw-r--r--test/asan/TestCases/Windows/dll_malloc_left_oob.cc23
-rw-r--r--test/asan/TestCases/Windows/dll_malloc_uaf.cc28
-rw-r--r--test/asan/TestCases/Windows/dll_noreturn.cc28
-rw-r--r--test/asan/TestCases/Windows/dll_null_deref.cc18
-rw-r--r--test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc25
-rw-r--r--test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc33
-rw-r--r--test/asan/TestCases/Windows/dll_poison_unpoison.cc35
-rw-r--r--test/asan/TestCases/Windows/dll_seh.cc60
-rw-r--r--test/asan/TestCases/Windows/dll_stack_use_after_return.cc28
-rw-r--r--test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc36
-rw-r--r--test/asan/TestCases/Windows/double_free.cc21
-rw-r--r--test/asan/TestCases/Windows/double_operator_delete.cc25
-rw-r--r--test/asan/TestCases/Windows/global_const_string.cc12
-rw-r--r--test/asan/TestCases/Windows/global_const_string_oob.cc20
-rw-r--r--test/asan/TestCases/Windows/hello_world.cc9
-rw-r--r--test/asan/TestCases/Windows/intercept_memcpy.cc31
-rw-r--r--test/asan/TestCases/Windows/intercept_strdup.cc27
-rw-r--r--test/asan/TestCases/Windows/intercept_strlen.cc27
-rw-r--r--test/asan/TestCases/Windows/lit.local.cfg14
-rw-r--r--test/asan/TestCases/Windows/longjmp.cc26
-rw-r--r--test/asan/TestCases/Windows/malloc_left_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/malloc_right_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/malloc_uaf.cc20
-rw-r--r--test/asan/TestCases/Windows/null_deref.cc15
-rw-r--r--test/asan/TestCases/Windows/null_deref_multiple_dlls.cc40
-rw-r--r--test/asan/TestCases/Windows/operator_array_new_left_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/operator_array_new_right_oob.cc18
-rw-r--r--test/asan/TestCases/Windows/operator_array_new_uaf.cc24
-rw-r--r--test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc25
-rw-r--r--test/asan/TestCases/Windows/operator_delete_wrong_argument.cc12
-rw-r--r--test/asan/TestCases/Windows/operator_new_left_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/operator_new_right_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/operator_new_uaf.cc22
-rw-r--r--test/asan/TestCases/Windows/realloc_left_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/realloc_right_oob.cc17
-rw-r--r--test/asan/TestCases/Windows/realloc_uaf.cc20
-rw-r--r--test/asan/TestCases/Windows/report_after_syminitialize.cc19
-rw-r--r--test/asan/TestCases/Windows/seh.cc56
-rw-r--r--test/asan/TestCases/Windows/stack_array_left_oob.cc16
-rw-r--r--test/asan/TestCases/Windows/stack_array_right_oob.cc16
-rw-r--r--test/asan/TestCases/Windows/stack_array_sanity.cc12
-rw-r--r--test/asan/TestCases/Windows/stack_use_after_return.cc22
-rw-r--r--test/asan/TestCases/Windows/thread_simple.cc26
-rw-r--r--test/asan/TestCases/Windows/thread_stack_array_left_oob.cc27
-rw-r--r--test/asan/TestCases/Windows/thread_stack_array_right_oob.cc27
-rw-r--r--test/asan/TestCases/Windows/thread_stack_reuse.cc37
-rw-r--r--test/asan/TestCases/Windows/thread_stress.cc30
-rw-r--r--test/asan/TestCases/Windows/throw_catch.cc73
-rw-r--r--test/asan/TestCases/Windows/use_after_realloc.cc23
-rw-r--r--test/asan/TestCases/Windows/use_after_return_linkage.cc12
-rw-r--r--test/asan/TestCases/Windows/windows_h.cc7
-rw-r--r--test/asan/TestCases/Windows/wrong_downcast_on_heap.cc26
-rw-r--r--test/asan/TestCases/Windows/wrong_downcast_on_stack.cc26
-rw-r--r--test/asan/TestCases/alloca_big_alignment.cc18
-rw-r--r--test/asan/TestCases/alloca_detect_custom_size_.cc23
-rw-r--r--test/asan/TestCases/alloca_instruments_all_paddings.cc23
-rw-r--r--test/asan/TestCases/alloca_overflow_partial.cc18
-rw-r--r--test/asan/TestCases/alloca_overflow_right.cc18
-rw-r--r--test/asan/TestCases/alloca_safe_access.cc17
-rw-r--r--test/asan/TestCases/alloca_underflow_left.cc18
-rw-r--r--test/asan/TestCases/allocator_returns_null.cc83
-rw-r--r--test/asan/TestCases/asan_and_llvm_coverage_test.cc10
-rw-r--r--test/asan/TestCases/atexit_stats.cc18
-rw-r--r--test/asan/TestCases/blacklist.cc38
-rw-r--r--test/asan/TestCases/contiguous_container.cc75
-rw-r--r--test/asan/TestCases/contiguous_container_crash.cc41
-rw-r--r--test/asan/TestCases/current_allocated_bytes.cc44
-rw-r--r--test/asan/TestCases/debug_locate.cc80
-rw-r--r--test/asan/TestCases/debug_mapping.cc24
-rw-r--r--test/asan/TestCases/debug_ppc64_mapping.cc37
-rw-r--r--test/asan/TestCases/debug_report.cc48
-rw-r--r--test/asan/TestCases/debug_stacks.cc62
-rw-r--r--test/asan/TestCases/deep_call_stack.cc25
-rw-r--r--test/asan/TestCases/deep_stack_uaf.cc36
-rw-r--r--test/asan/TestCases/deep_tail_call.cc20
-rw-r--r--test/asan/TestCases/deep_thread_stack.cc58
-rw-r--r--test/asan/TestCases/default_blacklist.cc6
-rw-r--r--test/asan/TestCases/default_options.cc18
-rw-r--r--test/asan/TestCases/describe_address.cc19
-rw-r--r--test/asan/TestCases/dlclose-test.cc99
-rw-r--r--test/asan/TestCases/double-free.cc27
-rw-r--r--test/asan/TestCases/dump_instruction_bytes.cc20
-rw-r--r--test/asan/TestCases/force_inline_opt0.cc14
-rw-r--r--test/asan/TestCases/free_hook_realloc.cc37
-rw-r--r--test/asan/TestCases/frexp_interceptor.cc16
-rw-r--r--test/asan/TestCases/gc-test.cc50
-rw-r--r--test/asan/TestCases/global-demangle.cc17
-rw-r--r--test/asan/TestCases/global-location.cc38
-rw-r--r--test/asan/TestCases/global-overflow.cc21
-rw-r--r--test/asan/TestCases/heap-overflow-large.cc23
-rw-r--r--test/asan/TestCases/heap-overflow.cc24
-rw-r--r--test/asan/TestCases/heavy_uar_test.cc60
-rw-r--r--test/asan/TestCases/huge_negative_hea_oob.cc13
-rw-r--r--test/asan/TestCases/init-order-atexit.cc34
-rw-r--r--test/asan/TestCases/init-order-pthread-create.cc32
-rw-r--r--test/asan/TestCases/initialization-blacklist.cc29
-rw-r--r--test/asan/TestCases/initialization-bug.cc45
-rw-r--r--test/asan/TestCases/initialization-constexpr.cc27
-rw-r--r--test/asan/TestCases/initialization-nobug.cc48
-rw-r--r--test/asan/TestCases/inline.cc19
-rw-r--r--test/asan/TestCases/interception_failure_test.cc22
-rw-r--r--test/asan/TestCases/interface_test.cc10
-rw-r--r--test/asan/TestCases/intra-object-overflow.cc31
-rw-r--r--test/asan/TestCases/invalid-free.cc23
-rw-r--r--test/asan/TestCases/large_func_test.cc53
-rw-r--r--test/asan/TestCases/log-path_test.cc44
-rw-r--r--test/asan/TestCases/log_path_fork_test.cc.disabled22
-rw-r--r--test/asan/TestCases/longjmp.cc25
-rw-r--r--test/asan/TestCases/lsan_annotations.cc16
-rw-r--r--test/asan/TestCases/malloc_context_size.cc27
-rw-r--r--test/asan/TestCases/malloc_fill.cc22
-rw-r--r--test/asan/TestCases/max_redzone.cc26
-rw-r--r--test/asan/TestCases/memcmp_strict_test.cc15
-rw-r--r--test/asan/TestCases/memcmp_test.cc17
-rw-r--r--test/asan/TestCases/memset_test.cc71
-rw-r--r--test/asan/TestCases/mmap_limit_mb.cc33
-rw-r--r--test/asan/TestCases/no_asan_gen_globals.c11
-rw-r--r--test/asan/TestCases/null_deref.cc19
-rw-r--r--test/asan/TestCases/on_error_callback.cc19
-rw-r--r--test/asan/TestCases/partial_right.cc13
-rw-r--r--test/asan/TestCases/poison_partial.cc19
-rw-r--r--test/asan/TestCases/print_summary.cc14
-rw-r--r--test/asan/TestCases/printf-1.c25
-rw-r--r--test/asan/TestCases/printf-2.c27
-rw-r--r--test/asan/TestCases/printf-3.c22
-rw-r--r--test/asan/TestCases/printf-4.c23
-rw-r--r--test/asan/TestCases/printf-5.c25
-rw-r--r--test/asan/TestCases/sanity_check_pure_c.c21
-rw-r--r--test/asan/TestCases/sleep_before_dying.c10
-rw-r--r--test/asan/TestCases/stack-buffer-overflow-with-position.cc44
-rw-r--r--test/asan/TestCases/stack-buffer-overflow.cc16
-rw-r--r--test/asan/TestCases/stack-frame-demangle.cc22
-rw-r--r--test/asan/TestCases/stack-oob-frames.cc59
-rw-r--r--test/asan/TestCases/stack-overflow.cc114
-rw-r--r--test/asan/TestCases/stack-use-after-return.cc80
-rw-r--r--test/asan/TestCases/strdup_oob_test.cc20
-rw-r--r--test/asan/TestCases/strip_path_prefix.c12
-rw-r--r--test/asan/TestCases/strncpy-overflow.cc30
-rw-r--r--test/asan/TestCases/suppressions-function.cc29
-rw-r--r--test/asan/TestCases/suppressions-interceptor.cc24
-rw-r--r--test/asan/TestCases/suppressions-library.cc39
-rw-r--r--test/asan/TestCases/throw_call_test.cc52
-rw-r--r--test/asan/TestCases/throw_catch.cc64
-rw-r--r--test/asan/TestCases/throw_invoke_test.cc54
-rw-r--r--test/asan/TestCases/time_interceptor.cc22
-rw-r--r--test/asan/TestCases/uar_and_exceptions.cc43
-rw-r--r--test/asan/TestCases/unaligned_loads_and_stores.cc52
-rw-r--r--test/asan/TestCases/use-after-delete.cc31
-rw-r--r--test/asan/TestCases/use-after-free-right.cc36
-rw-r--r--test/asan/TestCases/use-after-free.cc36
-rw-r--r--test/asan/TestCases/use-after-poison.cc20
-rw-r--r--test/asan/TestCases/use-after-scope-dtor-order.cc26
-rw-r--r--test/asan/TestCases/use-after-scope-inlined.cc28
-rw-r--r--test/asan/TestCases/use-after-scope-nobug.cc15
-rw-r--r--test/asan/TestCases/use-after-scope-temp.cc29
-rw-r--r--test/asan/TestCases/use-after-scope.cc17
-rw-r--r--test/asan/TestCases/zero_page_pc.cc12
-rw-r--r--test/asan/Unit/lit.site.cfg.in24
-rw-r--r--test/asan/android_commands/android_common.py29
-rwxr-xr-xtest/asan/android_commands/android_compile.py36
-rwxr-xr-xtest/asan/android_commands/android_run.py34
-rw-r--r--test/asan/lit.cfg153
-rw-r--r--test/asan/lit.site.cfg.in19
283 files changed, 8861 insertions, 0 deletions
diff --git a/test/asan/CMakeLists.txt b/test/asan/CMakeLists.txt
new file mode 100644
index 000000000000..14f7f506da51
--- /dev/null
+++ b/test/asan/CMakeLists.txt
@@ -0,0 +1,156 @@
+set(ASAN_LIT_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+
+set(ASAN_TESTSUITES)
+
+macro(get_bits_for_arch arch bits)
+ if (${arch} STREQUAL "arm" OR
+ ${arch} STREQUAL "i386" OR
+ ${arch} STREQUAL "i686" OR
+ ${arch} STREQUAL "mips")
+ set(bits 32)
+ elseif (${arch} STREQUAL "aarch64" OR
+ ${arch} STREQUAL "x86_64" OR
+ ${arch} STREQUAL "mips64")
+ set(bits 64)
+ else()
+ message(FATAL_ERROR "Unknown target architecture: ${arch}")
+ endif()
+endmacro()
+
+# TODO: merge with non-ANDROID case
+if(ANDROID)
+ foreach(arch ${ASAN_SUPPORTED_ARCH})
+ set(ASAN_TEST_TARGET_CC ${CMAKE_CXX_COMPILER})
+ set(ASAN_TEST_TARGET_CFLAGS ${COMPILER_RT_TEST_COMPILER_CFLAGS})
+ set(ASAN_TEST_CONFIG_SUFFIX "-${arch}-android")
+ get_bits_for_arch(${arch} ASAN_TEST_BITS)
+ set(ASAN_TEST_DYNAMIC True)
+ set(ASAN_TEST_TARGET_ARCH "${arch}-android")
+ string(TOUPPER ${arch} ARCH_UPPER_CASE)
+ set(CONFIG ${ARCH_UPPER_CASE}AndroidConfig)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG}/lit.site.cfg
+ )
+ list(APPEND ASAN_TESTSUITES
+ ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG})
+ endforeach()
+
+else() # Not Android
+
+ if(CAN_TARGET_arm)
+ # This is only true if we are cross-compiling.
+ # Build all tests with host compiler and use host tools.
+ set(ASAN_TEST_TARGET_CC ${COMPILER_RT_TEST_COMPILER})
+ set(ASAN_TEST_TARGET_CFLAGS ${COMPILER_RT_TEST_COMPILER_CFLAGS})
+ set(ASAN_TEST_CONFIG_SUFFIX "-arm-linux")
+ set(ASAN_TEST_BITS "32")
+ set(ASAN_TEST_DYNAMIC False)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/ARMLinuxConfig/lit.site.cfg
+ )
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/ARMLinuxConfig)
+ endif()
+
+ if(CAN_TARGET_aarch64)
+ # This is only true if we are cross-compiling.
+ # Build all tests with host compiler and use host tools.
+ set(ASAN_TEST_TARGET_CC ${COMPILER_RT_TEST_COMPILER})
+ set(ASAN_TEST_TARGET_CFLAGS ${COMPILER_RT_TEST_COMPILER_CFLAGS})
+ set(ASAN_TEST_CONFIG_SUFFIX "-aarch64-linux")
+ set(ASAN_TEST_BITS "64")
+ set(ASAN_TEST_DYNAMIC False)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/AArch64LinuxConfig/lit.site.cfg
+ )
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/AArch64LinuxConfig)
+ endif()
+
+ if(CAN_TARGET_x86_64 OR CAN_TARGET_powerpc64 OR CAN_TARGET_mips64 OR CAN_TARGET_mips64el)
+ set(ASAN_TEST_CONFIG_SUFFIX "64")
+ set(ASAN_TEST_BITS "64")
+ set(ASAN_TEST_TARGET_CFLAGS ${TARGET_64_BIT_CFLAGS})
+ set(ASAN_TEST_DYNAMIC False)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/64bitConfig/lit.site.cfg
+ )
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/64bitConfig)
+ if(COMPILER_RT_BUILD_SHARED_ASAN)
+ set(ASAN_TEST_CONFIG_SUFFIX "64-Dynamic")
+ set(ASAN_TEST_DYNAMIC True)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/64bitConfig-dynamic/lit.site.cfg)
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/64bitConfig-dynamic)
+ endif()
+ endif()
+
+ if(CAN_TARGET_i386)
+ set(ASAN_TEST_CONFIG_SUFFIX "32")
+ set(ASAN_TEST_BITS "32")
+ set(ASAN_TEST_TARGET_CFLAGS ${TARGET_32_BIT_CFLAGS})
+ set(ASAN_TEST_DYNAMIC False)
+ set(ASAN_TEST_TARGET_ARCH "i386")
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig/lit.site.cfg
+ )
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig)
+ if(COMPILER_RT_BUILD_SHARED_ASAN)
+ set(ASAN_TEST_CONFIG_SUFFIX "32-Dynamic")
+ set(ASAN_TEST_DYNAMIC True)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig-dynamic/lit.site.cfg)
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig-dynamic)
+ endif()
+ endif()
+
+ if(CAN_TARGET_mips OR CAN_TARGET_mipsel)
+ set(ASAN_TEST_CONFIG_SUFFIX "32")
+ set(ASAN_TEST_BITS "32")
+ set(ASAN_TEST_TARGET_CFLAGS ${TARGET_32_BIT_CFLAGS})
+ set(ASAN_TEST_DYNAMIC False)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig/lit.site.cfg
+ )
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig)
+ if(COMPILER_RT_BUILD_SHARED_ASAN)
+ set(ASAN_TEST_CONFIG_SUFFIX "32-Dynamic")
+ set(ASAN_TEST_DYNAMIC True)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig-dynamic/lit.site.cfg)
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/32bitConfig-dynamic)
+ endif()
+ endif()
+endif() # Not Android
+
+if(COMPILER_RT_INCLUDE_TESTS)
+ configure_lit_site_cfg(
+ ${CMAKE_CURRENT_SOURCE_DIR}/Unit/lit.site.cfg.in
+ ${CMAKE_CURRENT_BINARY_DIR}/Unit/lit.site.cfg)
+endif()
+
+set(ASAN_TEST_DEPS ${SANITIZER_COMMON_LIT_TEST_DEPS})
+if(COMPILER_RT_STANDALONE_BUILD)
+ add_executable(FileCheck IMPORTED GLOBAL)
+ set_property(TARGET FileCheck PROPERTY IMPORTED_LOCATION ${LLVM_TOOLS_BINARY_DIR}/FileCheck)
+ list(APPEND ASAN_TEST_DEPS FileCheck)
+else()
+ list(APPEND ASAN_TEST_DEPS asan)
+endif()
+
+# FIXME: support unit test in the android test runner
+if(COMPILER_RT_INCLUDE_TESTS AND NOT ANDROID)
+ list(APPEND ASAN_TEST_DEPS AsanUnitTests)
+ list(APPEND ASAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/Unit)
+endif()
+add_lit_testsuite(check-asan "Running the AddressSanitizer tests"
+ ${ASAN_TESTSUITES}
+ DEPENDS ${ASAN_TEST_DEPS})
+set_target_properties(check-asan PROPERTIES FOLDER "ASan tests")
diff --git a/test/asan/TestCases/Android/coverage-android.cc b/test/asan/TestCases/Android/coverage-android.cc
new file mode 100644
index 000000000000..071a2e3e1faa
--- /dev/null
+++ b/test/asan/TestCases/Android/coverage-android.cc
@@ -0,0 +1,67 @@
+// Test for direct coverage writing with dlopen.
+
+// Test normal exit.
+// RUN: %clangxx_asan -mllvm -asan-coverage=1 -DSHARED %s -shared -o %T/libcoverage_android_test_1.so -fPIC
+// RUN: %clangxx_asan -mllvm -asan-coverage=1 -DSO_DIR=\"%device\" %s -o %t
+
+// RUN: adb shell rm -rf %device/coverage-android
+// RUN: rm -rf %T/coverage-android
+
+// RUN: adb shell mkdir -p %device/coverage-android/direct
+// RUN: mkdir -p %T/coverage-android/direct
+// RUN: ASAN_OPTIONS=coverage=1:coverage_direct=1:coverage_dir=%device/coverage-android/direct:verbosity=1 %run %t
+// RUN: adb pull %device/coverage-android/direct %T/coverage-android/direct
+// RUN: ls; pwd
+// RUN: cd %T/coverage-android/direct
+// RUN: %sancov rawunpack *.sancov.raw
+// RUN: %sancov print *.sancov |& FileCheck %s
+
+
+// Test sudden death.
+// RUN: %clangxx_asan -mllvm -asan-coverage=1 -DSHARED -DKILL %s -shared -o %T/libcoverage_android_test_1.so -fPIC
+// RUN: %clangxx_asan -mllvm -asan-coverage=1 -DSO_DIR=\"%device\" %s -o %t
+
+// RUN: adb shell rm -rf %device/coverage-android-kill
+// RUN: rm -rf %T/coverage-android-kill
+
+// RUN: adb shell mkdir -p %device/coverage-android-kill/direct
+// RUN: mkdir -p %T/coverage-android-kill/direct
+// RUN: ASAN_OPTIONS=coverage=1:coverage_direct=1:coverage_dir=%device/coverage-android-kill/direct:verbosity=1 not %run %t
+// RUN: adb pull %device/coverage-android-kill/direct %T/coverage-android-kill/direct
+// RUN: ls; pwd
+// RUN: cd %T/coverage-android-kill/direct
+// RUN: %sancov rawunpack *.sancov.raw
+// RUN: %sancov print *.sancov |& FileCheck %s
+
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <signal.h>
+
+#ifdef SHARED
+extern "C" {
+void bar() {
+ printf("bar\n");
+#ifdef KILL
+ kill(getpid(), SIGKILL);
+#endif
+}
+}
+#else
+
+int main(int argc, char **argv) {
+ fprintf(stderr, "PID: %d\n", getpid());
+ void *handle1 =
+ dlopen(SO_DIR "/libcoverage_android_test_1.so", RTLD_LAZY);
+ assert(handle1);
+ void (*bar1)() = (void (*)())dlsym(handle1, "bar");
+ assert(bar1);
+ bar1();
+
+ return 0;
+}
+#endif
+
+// CHECK: 2 PCs total
diff --git a/test/asan/TestCases/Android/lit.local.cfg b/test/asan/TestCases/Android/lit.local.cfg
new file mode 100644
index 000000000000..42513dd3aa61
--- /dev/null
+++ b/test/asan/TestCases/Android/lit.local.cfg
@@ -0,0 +1,11 @@
+def getRoot(config):
+ if not config.parent:
+ return config
+ return getRoot(config.parent)
+
+root = getRoot(config)
+
+if root.android != "TRUE":
+ config.unsupported = True
+
+config.substitutions.append( ("%device", "/data/local/tmp/Output") )
diff --git a/test/asan/TestCases/Darwin/asan_gen_prefixes.cc b/test/asan/TestCases/Darwin/asan_gen_prefixes.cc
new file mode 100644
index 000000000000..13363ac47255
--- /dev/null
+++ b/test/asan/TestCases/Darwin/asan_gen_prefixes.cc
@@ -0,0 +1,14 @@
+// Make sure __asan_gen_* strings have the correct prefixes on Darwin
+// ("L" in __TEXT,__cstring, "l" in __TEXT,__const
+
+// RUN: %clang_asan %s -S -o %t.s
+// RUN: cat %t.s | FileCheck %s || exit 1
+
+int x, y, z;
+int main() { return 0; }
+// CHECK: .section{{.*}}__TEXT,__const
+// CHECK: l___asan_gen_
+// CHECK: .section{{.*}}__TEXT,__cstring,cstring_literals
+// CHECK: L___asan_gen_
+// CHECK: L___asan_gen_
+// CHECK: L___asan_gen_
diff --git a/test/asan/TestCases/Darwin/cstring_literals_regtest.mm b/test/asan/TestCases/Darwin/cstring_literals_regtest.mm
new file mode 100644
index 000000000000..bcb15d8f39b0
--- /dev/null
+++ b/test/asan/TestCases/Darwin/cstring_literals_regtest.mm
@@ -0,0 +1,23 @@
+// Regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=274.
+
+// RUN: %clang_asan %s -framework Foundation -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+#import <Foundation/Foundation.h>
+
+#include <stdio.h>
+
+int main() {
+ NSString* version_file = @"MAJOR=35\n";
+ int major = 0, minor = 0, build = 0, patch = 0;
+ NSScanner* scanner = [NSScanner scannerWithString:version_file];
+ NSString *res = nil;
+ if ([scanner scanString:@"MAJOR=" intoString:nil] &&
+ [scanner scanInt:&major]) {
+ res = [NSString stringWithFormat:@"%d.%d.%d.%d",
+ major, minor, build, patch];
+ }
+ printf("%s\n", [res UTF8String]);
+ // CHECK: 35.0.0.0
+ return 0;
+}
diff --git a/test/asan/TestCases/Darwin/dyld_insert_libraries_reexec.cc b/test/asan/TestCases/Darwin/dyld_insert_libraries_reexec.cc
new file mode 100644
index 000000000000..b1bb4567f900
--- /dev/null
+++ b/test/asan/TestCases/Darwin/dyld_insert_libraries_reexec.cc
@@ -0,0 +1,33 @@
+// When DYLD-inserting the ASan dylib from a different location than the
+// original, make sure we don't try to reexec.
+
+// RUN: mkdir -p %T/dyld_insert_libraries_reexec
+// RUN: cp `%clang_asan %s -fsanitize=address -### 2>&1 \
+// RUN: | grep "libclang_rt.asan_osx_dynamic.dylib" \
+// RUN: | sed -e 's/.*"\(.*libclang_rt.asan_osx_dynamic.dylib\)".*/\1/'` \
+// RUN: %T/dyld_insert_libraries_reexec/libclang_rt.asan_osx_dynamic.dylib
+// RUN: %clangxx_asan %s -o %T/dyld_insert_libraries_reexec/a.out
+// RUN: DYLD_INSERT_LIBRARIES=@executable_path/libclang_rt.asan_osx_dynamic.dylib \
+// RUN: ASAN_OPTIONS=verbosity=1 %run %T/dyld_insert_libraries_reexec/a.out 2>&1 \
+// RUN: | FileCheck %s
+// RUN: ASAN_OPTIONS=verbosity=1 %run %T/dyld_insert_libraries_reexec/a.out 2>&1 \
+// RUN: | FileCheck --check-prefix=CHECK-NOINSERT %s
+
+#include <stdio.h>
+
+int main() {
+ printf("Passed\n");
+ return 0;
+}
+
+// CHECK-NOINSERT: Parsed ASAN_OPTIONS: verbosity=1
+// CHECK-NOINSERT: exec()-ing the program with
+// CHECK-NOINSERT: DYLD_INSERT_LIBRARIES
+// CHECK-NOINSERT: to enable ASan wrappers.
+// CHECK-NOINSERT: Passed
+
+// CHECK: Parsed ASAN_OPTIONS: verbosity=1
+// CHECK-NOT: exec()-ing the program with
+// CHECK-NOT: DYLD_INSERT_LIBRARIES
+// CHECK-NOT: to enable ASan wrappers.
+// CHECK: Passed
diff --git a/test/asan/TestCases/Darwin/interception-in-shared-lib-test.cc b/test/asan/TestCases/Darwin/interception-in-shared-lib-test.cc
new file mode 100644
index 000000000000..e472a9dc6972
--- /dev/null
+++ b/test/asan/TestCases/Darwin/interception-in-shared-lib-test.cc
@@ -0,0 +1,32 @@
+// Check that memset() call from a shared library gets intercepted.
+// Please always keep this file in sync with
+// ../Linux/interception-in-shared-lib-test.cc.
+
+// RUN: %clangxx_asan -O0 %s -DSHARED_LIB \
+// RUN: -shared -o %T/libinterception-in-shared-lib-test.so \
+// RUN: -fPIC
+// TODO(glider): figure out how to set rpath in a more portable way and unite
+// this test with ../Linux/interception-in-shared-lib-test.cc.
+// RUN: %clangxx_asan -O0 %s -o %t -Wl,-rpath,@executable-path -L%T -linterception-in-shared-lib-test && \
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(SHARED_LIB)
+extern "C"
+void my_memset(void *p, size_t sz) {
+ memset(p, 0, sz);
+}
+#else
+extern "C" void my_memset(void *p, size_t sz);
+
+int main(int argc, char *argv[]) {
+ char buf[10];
+ my_memset(buf, 11);
+ // CHECK: {{.*ERROR: AddressSanitizer: stack-buffer-overflow}}
+ // CHECK: {{WRITE of size 11 at 0x.* thread T0}}
+ // CHECK: {{0x.* in my_memset .*interception-in-shared-lib-test.cc:19}}
+ return 0;
+}
+#endif
diff --git a/test/asan/TestCases/Darwin/interface_symbols_darwin.c b/test/asan/TestCases/Darwin/interface_symbols_darwin.c
new file mode 100644
index 000000000000..8680d678cf91
--- /dev/null
+++ b/test/asan/TestCases/Darwin/interface_symbols_darwin.c
@@ -0,0 +1,39 @@
+// Check the presence of interface symbols in the ASan runtime dylib.
+// If you're changing this file, please also change
+// ../Linux/interface_symbols.c
+
+// RUN: %clang_asan -dead_strip -O2 %s -o %t.exe
+// RUN: rm -f %t.symbols %t.interface
+
+// RUN: nm -g `%clang_asan %s -fsanitize=address -### 2>&1 | grep "libclang_rt.asan_osx_dynamic.dylib" | sed -e 's/.*"\(.*libclang_rt.asan_osx_dynamic.dylib\)".*/\1/'` \
+// RUN: | grep " T " | sed "s/.* T //" \
+// RUN: | grep "__asan_" | sed "s/___asan_/__asan_/" \
+// RUN: | sed -E "s/__asan_init_v[0-9]+/__asan_init/" \
+// RUN: | grep -v "__asan_default_options" \
+// RUN: | grep -v "__asan_on_error" > %t.symbols
+
+// RUN: cat %p/../../../../lib/asan/asan_interface_internal.h \
+// RUN: | sed "s/\/\/.*//" | sed "s/typedef.*//" \
+// RUN: | grep -v "OPTIONAL" \
+// RUN: | grep "__asan_.*(" | sed "s/.* __asan_/__asan_/;s/(.*//" \
+// RUN: > %t.interface
+// RUN: echo __asan_report_load1 >> %t.interface
+// RUN: echo __asan_report_load2 >> %t.interface
+// RUN: echo __asan_report_load4 >> %t.interface
+// RUN: echo __asan_report_load8 >> %t.interface
+// RUN: echo __asan_report_load16 >> %t.interface
+// RUN: echo __asan_report_store1 >> %t.interface
+// RUN: echo __asan_report_store2 >> %t.interface
+// RUN: echo __asan_report_store4 >> %t.interface
+// RUN: echo __asan_report_store8 >> %t.interface
+// RUN: echo __asan_report_store16 >> %t.interface
+// RUN: echo __asan_report_load_n >> %t.interface
+// RUN: echo __asan_report_store_n >> %t.interface
+// RUN: echo __asan_get_current_fake_stack >> %t.interface
+// RUN: echo __asan_addr_is_in_fake_stack >> %t.interface
+// RUN: for i in `jot - 0 10`; do echo __asan_stack_malloc_$i >> %t.interface; done
+// RUN: for i in `jot - 0 10`; do echo __asan_stack_free_$i >> %t.interface; done
+
+// RUN: cat %t.interface | sort -u | diff %t.symbols -
+
+int main() { return 0; }
diff --git a/test/asan/TestCases/Darwin/lit.local.cfg b/test/asan/TestCases/Darwin/lit.local.cfg
new file mode 100644
index 000000000000..a85dfcd24c08
--- /dev/null
+++ b/test/asan/TestCases/Darwin/lit.local.cfg
@@ -0,0 +1,9 @@
+def getRoot(config):
+ if not config.parent:
+ return config
+ return getRoot(config.parent)
+
+root = getRoot(config)
+
+if root.host_os not in ['Darwin']:
+ config.unsupported = True
diff --git a/test/asan/TestCases/Darwin/malloc_set_zone_name-mprotect.cc b/test/asan/TestCases/Darwin/malloc_set_zone_name-mprotect.cc
new file mode 100644
index 000000000000..2c643bc03c52
--- /dev/null
+++ b/test/asan/TestCases/Darwin/malloc_set_zone_name-mprotect.cc
@@ -0,0 +1,51 @@
+// Regression test for a bug in malloc_create_zone()
+// (https://code.google.com/p/address-sanitizer/issues/detail?id=203)
+// The old implementation of malloc_create_zone() didn't always return a
+// page-aligned address, so we can only test on a best-effort basis.
+
+// RUN: %clangxx_asan %s -o %t
+// RUN: %run %t 2>&1
+
+#include <malloc/malloc.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+const int kNumIter = 4096;
+const int kNumZones = 100;
+int main() {
+ char *mem[kNumIter * 2];
+ // Allocate memory chunks from different size classes up to 1 page.
+ // (For the case malloc() returns memory chunks in descending order)
+ for (int i = 0; i < kNumIter; i++) {
+ mem[i] = (char*)malloc(8 * i);
+ }
+ // Try to allocate a page-aligned malloc zone. Otherwise the mprotect() call
+ // in malloc_set_zone_name() will silently fail.
+ malloc_zone_t *zone = NULL;
+ bool aligned = false;
+ for (int i = 0; i < kNumZones; i++) {
+ zone = malloc_create_zone(0, 0);
+ if (((uintptr_t)zone & (~0xfff)) == (uintptr_t)zone) {
+ aligned = true;
+ break;
+ }
+ }
+ if (!aligned) {
+ printf("Warning: couldn't allocate a page-aligned zone.");
+ return 0;
+ }
+ // malloc_set_zone_name() calls mprotect(zone, 4096, PROT_READ | PROT_WRITE),
+ // modifies the zone contents and then calls mprotect(zone, 4096, PROT_READ).
+ malloc_set_zone_name(zone, "foobar");
+ // Allocate memory chunks from different size classes again.
+ for (int i = 0; i < kNumIter; i++) {
+ mem[i + kNumIter] = (char*)malloc(8 * i);
+ }
+ // Access the allocated memory chunks and free them.
+ for (int i = 0; i < kNumIter * 2; i++) {
+ memset(mem[i], 'a', 8 * (i % kNumIter));
+ free(mem[i]);
+ }
+ return 0;
+}
diff --git a/test/asan/TestCases/Darwin/malloc_zone-protected.cc b/test/asan/TestCases/Darwin/malloc_zone-protected.cc
new file mode 100644
index 000000000000..362b60e20b55
--- /dev/null
+++ b/test/asan/TestCases/Darwin/malloc_zone-protected.cc
@@ -0,0 +1,20 @@
+// Make sure the zones created by malloc_create_zone() are write-protected.
+#include <malloc/malloc.h>
+#include <stdio.h>
+
+// RUN: %clangxx_asan %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+
+void *pwn(malloc_zone_t *unused_zone, size_t unused_size) {
+ printf("PWNED\n");
+ return NULL;
+}
+
+int main() {
+ malloc_zone_t *zone = malloc_create_zone(0, 0);
+ zone->malloc = pwn;
+ void *v = malloc_zone_malloc(zone, 1);
+ // CHECK-NOT: PWNED
+ return 0;
+}
diff --git a/test/asan/TestCases/Darwin/objc-odr.mm b/test/asan/TestCases/Darwin/objc-odr.mm
new file mode 100644
index 000000000000..72bc39c80dd4
--- /dev/null
+++ b/test/asan/TestCases/Darwin/objc-odr.mm
@@ -0,0 +1,23 @@
+// Regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=360.
+
+// RUN: %clang_asan %s -o %t -framework Foundation
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#import <Foundation/Foundation.h>
+
+void f() {
+ int y = 7;
+ dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_BACKGROUND, 0), ^{
+ dispatch_sync(dispatch_get_main_queue(), ^{
+ printf("num = %d\n", y);
+ });
+ });
+}
+
+int main() {
+ NSLog(@"Hello world");
+}
+
+// CHECK-NOT: AddressSanitizer: odr-violation
+// CHECK: Hello world
diff --git a/test/asan/TestCases/Darwin/reexec-insert-libraries-env.cc b/test/asan/TestCases/Darwin/reexec-insert-libraries-env.cc
new file mode 100644
index 000000000000..59ddd634b400
--- /dev/null
+++ b/test/asan/TestCases/Darwin/reexec-insert-libraries-env.cc
@@ -0,0 +1,25 @@
+// Make sure ASan doesn't hang in an exec loop if DYLD_INSERT_LIBRARIES is set.
+// This is a regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=159
+
+// RUN: %clangxx_asan %s -o %t
+// RUN: %clangxx -DSHARED_LIB %s \
+// RUN: -dynamiclib -o darwin-dummy-shared-lib-so.dylib
+
+// FIXME: the following command line may hang in the case of a regression.
+// RUN: DYLD_INSERT_LIBRARIES=darwin-dummy-shared-lib-so.dylib \
+// RUN: %run %t 2>&1 | FileCheck %s || exit 1
+
+#if !defined(SHARED_LIB)
+#include <stdio.h>
+#include <stdlib.h>
+
+int main() {
+ const char kEnvName[] = "DYLD_INSERT_LIBRARIES";
+ printf("%s=%s\n", kEnvName, getenv(kEnvName));
+ // CHECK: {{DYLD_INSERT_LIBRARIES=.*darwin-dummy-shared-lib-so.dylib.*}}
+ return 0;
+}
+#else // SHARED_LIB
+void foo() {}
+#endif // SHARED_LIB
diff --git a/test/asan/TestCases/Darwin/suppressions-darwin.cc b/test/asan/TestCases/Darwin/suppressions-darwin.cc
new file mode 100644
index 000000000000..9a8f56d5dc50
--- /dev/null
+++ b/test/asan/TestCases/Darwin/suppressions-darwin.cc
@@ -0,0 +1,34 @@
+// Check that without suppressions, we catch the issue.
+// RUN: %clangxx_asan -O0 %s -o %t -framework Foundation
+// RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
+
+// Check that suppressing the interceptor by name works.
+// RUN: echo "interceptor_name:memmove" > %t.supp
+// RUN: ASAN_OPTIONS=suppressions=%t.supp %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+// Check that suppressing by interceptor name works even without the symbolizer
+// RUN: ASAN_OPTIONS=suppressions=%t.supp:symbolize=false %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+// Check that suppressing all reports from a library works.
+// RUN: echo "interceptor_via_lib:CoreFoundation" > %t.supp
+// RUN: ASAN_OPTIONS=suppressions=%t.supp %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+// Check that suppressing library works even without the symbolizer.
+// RUN: ASAN_OPTIONS=suppressions=%t.supp:symbolize=false %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+#include <CoreFoundation/CoreFoundation.h>
+
+int main() {
+ char *a = (char *)malloc(6);
+ strcpy(a, "hello");
+ CFStringRef str =
+ CFStringCreateWithBytes(kCFAllocatorDefault, (unsigned char *)a, 10,
+ kCFStringEncodingUTF8, FALSE); // BOOM
+ fprintf(stderr, "Ignored.\n");
+ free(a);
+}
+
+// CHECK-CRASH: AddressSanitizer: heap-buffer-overflow
+// CHECK-CRASH-NOT: Ignored.
+// CHECK-IGNORE-NOT: AddressSanitizer: heap-buffer-overflow
+// CHECK-IGNORE: Ignored.
diff --git a/test/asan/TestCases/Darwin/unset-insert-libraries-on-exec.cc b/test/asan/TestCases/Darwin/unset-insert-libraries-on-exec.cc
new file mode 100644
index 000000000000..ed476b223af3
--- /dev/null
+++ b/test/asan/TestCases/Darwin/unset-insert-libraries-on-exec.cc
@@ -0,0 +1,25 @@
+// Make sure ASan removes the runtime library from DYLD_INSERT_LIBRARIES before
+// executing other programs.
+
+// RUN: %clangxx_asan %s -o %t
+// RUN: %clangxx %p/../Helpers/echo-env.cc -o %T/echo-env
+// RUN: %clangxx -DSHARED_LIB %s \
+// RUN: -dynamiclib -o %t-darwin-dummy-shared-lib-so.dylib
+
+// Make sure DYLD_INSERT_LIBRARIES doesn't contain the runtime library before
+// execl().
+
+// RUN: %run %t %T/echo-env >/dev/null 2>&1
+// RUN: DYLD_INSERT_LIBRARIES=%t-darwin-dummy-shared-lib-so.dylib \
+// RUN: %run %t %T/echo-env 2>&1 | FileCheck %s || exit 1
+
+#if !defined(SHARED_LIB)
+#include <unistd.h>
+int main(int argc, char *argv[]) {
+ execl(argv[1], argv[1], "DYLD_INSERT_LIBRARIES", NULL);
+ // CHECK: {{DYLD_INSERT_LIBRARIES = .*darwin-dummy-shared-lib-so.dylib.*}}
+ return 0;
+}
+#else // SHARED_LIB
+void foo() {}
+#endif // SHARED_LIB
diff --git a/test/asan/TestCases/Helpers/blacklist-extra.cc b/test/asan/TestCases/Helpers/blacklist-extra.cc
new file mode 100644
index 000000000000..627115cdda2b
--- /dev/null
+++ b/test/asan/TestCases/Helpers/blacklist-extra.cc
@@ -0,0 +1,5 @@
+// This function is broken, but this file is blacklisted
+int externalBrokenFunction(int argc) {
+ char x[10] = {0};
+ return x[argc * 10]; // BOOM
+}
diff --git a/test/asan/TestCases/Helpers/echo-env.cc b/test/asan/TestCases/Helpers/echo-env.cc
new file mode 100644
index 000000000000..65e91c155c84
--- /dev/null
+++ b/test/asan/TestCases/Helpers/echo-env.cc
@@ -0,0 +1,19 @@
+// Helper binary for
+// lit_tests/TestCases/Darwin/unset-insert-libraries-on-exec.cc
+// Prints the environment variable with the given name.
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[]) {
+ if (argc != 2) {
+ printf("Usage: %s ENVNAME\n", argv[0]);
+ exit(1);
+ }
+ const char *value = getenv(argv[1]);
+ if (value) {
+ printf("%s = %s\n", argv[1], value);
+ } else {
+ printf("%s not set.\n", argv[1]);
+ }
+ return 0;
+}
diff --git a/test/asan/TestCases/Helpers/init-order-atexit-extra.cc b/test/asan/TestCases/Helpers/init-order-atexit-extra.cc
new file mode 100644
index 000000000000..e4189d19d099
--- /dev/null
+++ b/test/asan/TestCases/Helpers/init-order-atexit-extra.cc
@@ -0,0 +1,16 @@
+#include <stdio.h>
+
+class C {
+ public:
+ C() { value = 42; }
+ ~C() { }
+ int value;
+};
+
+C c;
+
+void AccessC() {
+ printf("C value: %d\n", c.value);
+}
+
+int main() { return 0; }
diff --git a/test/asan/TestCases/Helpers/init-order-pthread-create-extra.cc b/test/asan/TestCases/Helpers/init-order-pthread-create-extra.cc
new file mode 100644
index 000000000000..d4606f0afb52
--- /dev/null
+++ b/test/asan/TestCases/Helpers/init-order-pthread-create-extra.cc
@@ -0,0 +1,2 @@
+void *bar(void *input);
+void *glob2 = bar((void*)0x2345);
diff --git a/test/asan/TestCases/Helpers/initialization-blacklist-extra.cc b/test/asan/TestCases/Helpers/initialization-blacklist-extra.cc
new file mode 100644
index 000000000000..09aed2112d5e
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-blacklist-extra.cc
@@ -0,0 +1,15 @@
+int zero_init() { return 0; }
+int badGlobal = zero_init();
+int readBadGlobal() { return badGlobal; }
+
+namespace badNamespace {
+class BadClass {
+ public:
+ BadClass() { value = 0; }
+ int value;
+};
+// Global object with non-trivial constructor.
+BadClass bad_object;
+} // namespace badNamespace
+
+int accessBadObject() { return badNamespace::bad_object.value; }
diff --git a/test/asan/TestCases/Helpers/initialization-blacklist-extra2.cc b/test/asan/TestCases/Helpers/initialization-blacklist-extra2.cc
new file mode 100644
index 000000000000..69455a0a6fc9
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-blacklist-extra2.cc
@@ -0,0 +1,4 @@
+int zero_init();
+int badSrcGlobal = zero_init();
+int readBadSrcGlobal() { return badSrcGlobal; }
+
diff --git a/test/asan/TestCases/Helpers/initialization-blacklist.txt b/test/asan/TestCases/Helpers/initialization-blacklist.txt
new file mode 100644
index 000000000000..83294635622d
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-blacklist.txt
@@ -0,0 +1,3 @@
+global:*badGlobal*=init
+type:*badNamespace::BadClass*=init
+src:*initialization-blacklist-extra2.cc=init
diff --git a/test/asan/TestCases/Helpers/initialization-bug-extra.cc b/test/asan/TestCases/Helpers/initialization-bug-extra.cc
new file mode 100644
index 000000000000..3c4cb411defa
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-bug-extra.cc
@@ -0,0 +1,5 @@
+// This file simply declares a dynamically initialized var by the name of 'y'.
+int initY() {
+ return 5;
+}
+int y = initY();
diff --git a/test/asan/TestCases/Helpers/initialization-bug-extra2.cc b/test/asan/TestCases/Helpers/initialization-bug-extra2.cc
new file mode 100644
index 000000000000..a3d8f190e58b
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-bug-extra2.cc
@@ -0,0 +1,6 @@
+// 'z' is dynamically initialized global from different TU.
+extern int z;
+int __attribute__((noinline)) initY() {
+ return z + 1;
+}
+int y = initY();
diff --git a/test/asan/TestCases/Helpers/initialization-constexpr-extra.cc b/test/asan/TestCases/Helpers/initialization-constexpr-extra.cc
new file mode 100644
index 000000000000..b32466a981b3
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-constexpr-extra.cc
@@ -0,0 +1,3 @@
+// Constexpr:
+int getCoolestInteger();
+static int coolest_integer = getCoolestInteger();
diff --git a/test/asan/TestCases/Helpers/initialization-nobug-extra.cc b/test/asan/TestCases/Helpers/initialization-nobug-extra.cc
new file mode 100644
index 000000000000..886165affd76
--- /dev/null
+++ b/test/asan/TestCases/Helpers/initialization-nobug-extra.cc
@@ -0,0 +1,9 @@
+// Linker initialized:
+int getAB();
+static int ab = getAB();
+// Function local statics:
+int countCalls();
+static int one = countCalls();
+// Trivial constructor, non-trivial destructor:
+int getStructWithDtorValue();
+static int val = getStructWithDtorValue();
diff --git a/test/asan/TestCases/Helpers/lit.local.cfg b/test/asan/TestCases/Helpers/lit.local.cfg
new file mode 100644
index 000000000000..2fc4d99456b0
--- /dev/null
+++ b/test/asan/TestCases/Helpers/lit.local.cfg
@@ -0,0 +1,3 @@
+# Sources in this directory are helper files for tests which test functionality
+# involving multiple translation units.
+config.suffixes = []
diff --git a/test/asan/TestCases/Linux/asan-asm-stacktrace-test.cc b/test/asan/TestCases/Linux/asan-asm-stacktrace-test.cc
new file mode 100644
index 000000000000..5332c992a0db
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan-asm-stacktrace-test.cc
@@ -0,0 +1,33 @@
+// Check that a stack unwinding algorithm works corretly even with the assembly
+// instrumentation.
+
+// REQUIRES: x86_64-supported-target
+// RUN: %clangxx_asan -g -O1 %s -fno-inline-functions -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -mllvm -asan-instrument-assembly -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -g -O1 %s -fno-inline-functions -fomit-frame-pointer -momit-leaf-frame-pointer -mllvm -asan-instrument-assembly -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -g0 -O1 %s -fno-unwind-tables -fno-asynchronous-unwind-tables -fno-exceptions -fno-inline-functions -fomit-frame-pointer -momit-leaf-frame-pointer -mllvm -asan-instrument-assembly -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-nounwind
+
+#include <cstddef>
+
+// CHECK: READ of size 4
+// CHECK-NEXT: {{#0 0x[0-9a-fA-F]+ in foo}}
+// CHECK-NEXT: {{#1 0x[0-9a-fA-F]+ in main}}
+
+// CHECK-nounwind: READ of size 4
+// CHECK-nounwind-NEXT: {{#0 0x[0-9a-fA-F]+ in foo}}
+
+__attribute__((noinline)) int foo(size_t n, int *buffer) {
+ int r;
+ __asm__("movl (%[buffer], %[n], 4), %[r] \n\t"
+ : [r] "=r"(r)
+ : [buffer] "r"(buffer), [n] "r"(n)
+ : "memory");
+ return r;
+}
+
+int main() {
+ const size_t n = 16;
+ int *buffer = new int[n];
+ foo(n, buffer);
+ delete[] buffer;
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/asan_dlopen_test.cc b/test/asan/TestCases/Linux/asan_dlopen_test.cc
new file mode 100644
index 000000000000..f1e31b0a0553
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan_dlopen_test.cc
@@ -0,0 +1,15 @@
+// Test that dlopen of dynamic runtime is prohibited.
+//
+// RUN: %clangxx %s -DRT=\"%shared_libasan\" -o %t -ldl
+// RUN: not %run %t 2>&1 | FileCheck %s
+// REQUIRES: asan-dynamic-runtime
+// XFAIL: android
+
+#include <dlfcn.h>
+
+int main(int argc, char **argv) {
+ dlopen(RT, RTLD_LAZY);
+ return 0;
+}
+
+// CHECK: ASan runtime does not come first in initial library list
diff --git a/test/asan/TestCases/Linux/asan_prelink_test.cc b/test/asan/TestCases/Linux/asan_prelink_test.cc
new file mode 100644
index 000000000000..6145c01f7342
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan_prelink_test.cc
@@ -0,0 +1,29 @@
+// Test if asan works with prelink.
+// It does not actually use prelink, but relies on ld's flag -Ttext-segment
+// or gold's flag -Ttext (we try the first flag first, if that fails we
+// try the second flag).
+//
+// RUN: %clangxx_asan -c %s -o %t.o
+// RUN: %clangxx_asan -DBUILD_SO=1 -fPIC -shared %s -o %t.so -Wl,-Ttext-segment=0x3600000000 ||\
+// RUN: %clangxx_asan -DBUILD_SO=1 -fPIC -shared %s -o %t.so -Wl,-Ttext=0x3600000000
+// RUN: %clangxx_asan %t.o %t.so -Wl,-R. -o %t
+// RUN: ASAN_OPTIONS=verbosity=1 %run %t 2>&1 | FileCheck %s
+
+// GNU driver doesn't handle .so files properly.
+// REQUIRES: x86_64-supported-target, asan-64-bits, Clang
+#if BUILD_SO
+int G;
+int *getG() {
+ return &G;
+}
+#else
+#include <stdio.h>
+extern int *getG();
+int main(int argc, char **argv) {
+ long p = (long)getG();
+ printf("SO mapped at %lx\n", p & ~0xffffffffUL);
+ *getG() = 0;
+}
+#endif
+// CHECK: 0x003000000000, 0x004fffffffff{{.*}} MidMem
+// CHECK: SO mapped at 3600000000
diff --git a/test/asan/TestCases/Linux/asan_preload_test-1.cc b/test/asan/TestCases/Linux/asan_preload_test-1.cc
new file mode 100644
index 000000000000..e5eab5545b83
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan_preload_test-1.cc
@@ -0,0 +1,30 @@
+// Test that non-sanitized executables work with sanitized shared libs
+// and preloaded runtime.
+//
+// RUN: %clangxx -DBUILD_SO=1 -fPIC -shared %s -o %t.so
+// RUN: %clangxx %s %t.so -o %t
+//
+// RUN: %clangxx_asan -DBUILD_SO=1 -fPIC -shared %s -o %t.so
+// RUN: LD_PRELOAD=%shared_libasan not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: asan-dynamic-runtime
+
+// This way of setting LD_PRELOAD does not work with Android test runner.
+// REQUIRES: not-android
+
+#if BUILD_SO
+char dummy;
+void do_access(const void *p) {
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ dummy = ((const char *)p)[1];
+}
+#else
+#include <stdlib.h>
+extern void do_access(const void *p);
+int main(int argc, char **argv) {
+ void *p = malloc(1);
+ do_access(p);
+ free(p);
+ return 0;
+}
+#endif
diff --git a/test/asan/TestCases/Linux/asan_preload_test-2.cc b/test/asan/TestCases/Linux/asan_preload_test-2.cc
new file mode 100644
index 000000000000..00b32e15d17d
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan_preload_test-2.cc
@@ -0,0 +1,24 @@
+// Test that preloaded runtime works with unsanitized executables.
+//
+// RUN: %clangxx %s -o %t
+// RUN: LD_PRELOAD=%shared_libasan not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: asan-dynamic-runtime
+
+// This way of setting LD_PRELOAD does not work with Android test runner.
+// REQUIRES: not-android
+
+#include <stdlib.h>
+
+extern "C" void *memset(void *p, int val, size_t n);
+
+void do_access(void *p) {
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ memset(p, 0, 2);
+}
+
+int main(int argc, char **argv) {
+ void *p = malloc(1);
+ do_access(p);
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/asan_rt_confict_test-1.cc b/test/asan/TestCases/Linux/asan_rt_confict_test-1.cc
new file mode 100644
index 000000000000..30f1c17700c8
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan_rt_confict_test-1.cc
@@ -0,0 +1,13 @@
+// Test that preloading dynamic runtime to statically sanitized
+// executable is prohibited.
+//
+// RUN: %clangxx_asan_static %s -o %t
+// RUN: LD_PRELOAD=%shared_libasan not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: asan-dynamic-runtime
+// XFAIL: android
+
+#include <stdlib.h>
+int main(int argc, char **argv) { return 0; }
+
+// CHECK: Your application is linked against incompatible ASan runtimes
diff --git a/test/asan/TestCases/Linux/asan_rt_confict_test-2.cc b/test/asan/TestCases/Linux/asan_rt_confict_test-2.cc
new file mode 100644
index 000000000000..4c935e2b0f3b
--- /dev/null
+++ b/test/asan/TestCases/Linux/asan_rt_confict_test-2.cc
@@ -0,0 +1,25 @@
+// Test that mixed static/dynamic sanitization of program objects
+// is prohibited.
+//
+// RUN: %clangxx_asan -DBUILD_SO=1 -fPIC -shared %s -o %t.so
+// RUN: %clangxx_asan_static %s %t.so -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: asan-dynamic-runtime
+// XFAIL: android
+
+#if BUILD_SO
+char dummy;
+void do_access(const void *p) { dummy = ((const char *)p)[1]; }
+#else
+#include <stdlib.h>
+extern void do_access(const void *p);
+int main(int argc, char **argv) {
+ void *p = malloc(1);
+ do_access(p);
+ free(p);
+ return 0;
+}
+#endif
+
+// CHECK: Your application is linked against incompatible ASan runtimes
diff --git a/test/asan/TestCases/Linux/clang_gcc_abi.cc b/test/asan/TestCases/Linux/clang_gcc_abi.cc
new file mode 100644
index 000000000000..e833881661d2
--- /dev/null
+++ b/test/asan/TestCases/Linux/clang_gcc_abi.cc
@@ -0,0 +1,44 @@
+// RUN: %clangxx_asan -O0 -x c %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 -x c %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 -x c %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 -x c %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: arm-supported-target
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+
+int boom() {
+ volatile int three = 3;
+ char *s = (char *)malloc(three);
+// CHECK: #1 0x{{.*}} in boom {{.*}}clang_gcc_abi.cc:[[@LINE-1]]
+ return s[three]; //BOOM
+}
+
+__attribute__((naked, noinline)) void gcc_abi() {
+// CHECK: #2 0x{{.*}} in gcc_abi {{.*}}clang_gcc_abi.cc:[[@LINE+1]]
+ asm volatile("str fp, [sp, #-8]!\n\t"
+ "str lr, [sp, #4]\n\t"
+ "add fp, sp, #4\n\t"
+ "bl boom\n\t"
+ "sub sp, fp, #4\n\t"
+ "ldr fp, [sp]\n\t"
+ "add sp, sp, #4\n\t"
+ "ldr pc, [sp], #4\n\t"
+ );
+}
+
+__attribute__((naked, noinline)) void clang_abi() {
+// CHECK: #3 0x{{.*}} in clang_abi {{.*}}clang_gcc_abi.cc:[[@LINE+1]]
+ asm volatile("push {r11, lr}\n\t"
+ "mov r11, sp\n\t"
+ "bl gcc_abi\n\t"
+ "add r0, r0, #1\n\t"
+ "pop {r11, pc}\n\t"
+ );
+}
+
+int main() {
+ clang_abi();
+// CHECK: #4 0x{{.*}} in main {{.*}}clang_gcc_abi.cc:[[@LINE-1]]
+}
diff --git a/test/asan/TestCases/Linux/clone_test.cc b/test/asan/TestCases/Linux/clone_test.cc
new file mode 100644
index 000000000000..e9c1f166eb45
--- /dev/null
+++ b/test/asan/TestCases/Linux/clone_test.cc
@@ -0,0 +1,45 @@
+// Regression test for:
+// http://code.google.com/p/address-sanitizer/issues/detail?id=37
+
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && %run %t | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+
+#include <stdio.h>
+#include <sched.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+int Child(void *arg) {
+ char x[32] = {0}; // Stack gets poisoned.
+ printf("Child: %p\n", x);
+ _exit(1); // NoReturn, stack will remain unpoisoned unless we do something.
+}
+
+int main(int argc, char **argv) {
+ const int kStackSize = 1 << 20;
+ char child_stack[kStackSize + 1];
+ char *sp = child_stack + kStackSize; // Stack grows down.
+ printf("Parent: %p\n", sp);
+ pid_t clone_pid = clone(Child, sp, CLONE_FILES | CLONE_VM, NULL);
+ int status;
+ pid_t wait_result = waitpid(clone_pid, &status, __WCLONE);
+ if (wait_result < 0) {
+ perror("waitpid");
+ return 0;
+ }
+ if (wait_result == clone_pid && WIFEXITED(status)) {
+ // Make sure the child stack was indeed unpoisoned.
+ for (int i = 0; i < kStackSize; i++)
+ child_stack[i] = i;
+ int ret = child_stack[argc - 1];
+ printf("PASSED\n");
+ // CHECK: PASSED
+ return ret;
+ }
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/coverage-and-lsan.cc b/test/asan/TestCases/Linux/coverage-and-lsan.cc
new file mode 100644
index 000000000000..4cb8e2af3084
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-and-lsan.cc
@@ -0,0 +1,20 @@
+// Make sure coverage is dumped even if there are reported leaks.
+//
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
+//
+// RUN: rm -rf %T/coverage-and-lsan
+//
+// RUN: mkdir -p %T/coverage-and-lsan/normal
+// RUN: ASAN_OPTIONS=coverage=1:coverage_dir=%T/coverage-and-lsan:verbosity=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %sancov print %T/coverage-and-lsan/*.sancov 2>&1
+//
+// REQUIRES: leak-detection
+
+int *g = new int;
+int main(int argc, char **argv) {
+ g = 0;
+ return 0;
+}
+
+// CHECK: LeakSanitizer: detected memory leaks
+// CHECK: CovDump:
diff --git a/test/asan/TestCases/Linux/coverage-caller-callee-total-count.cc b/test/asan/TestCases/Linux/coverage-caller-callee-total-count.cc
new file mode 100644
index 000000000000..0201425106f9
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-caller-callee-total-count.cc
@@ -0,0 +1,41 @@
+// Test __sanitizer_get_total_unique_coverage for caller-callee coverage
+
+// RUN: %clangxx_asan -fsanitize-coverage=4 %s -o %t
+// RUN: ASAN_OPTIONS=coverage=1 %run %t
+// RUN: rm -f caller-callee*.sancov
+//
+// REQUIRES: asan-64-bits
+
+#include <sanitizer/common_interface_defs.h>
+#include <stdio.h>
+#include <assert.h>
+int P = 0;
+struct Foo {virtual void f() {if (P) printf("Foo::f()\n");}};
+struct Foo1 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo2 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+
+Foo *foo[3] = {new Foo, new Foo1, new Foo2};
+
+uintptr_t CheckNewTotalUniqueCoverageIsLargerAndReturnIt(uintptr_t old_total) {
+ uintptr_t new_total = __sanitizer_get_total_unique_coverage();
+ assert(new_total > old_total);
+ return new_total;
+}
+
+int main(int argc, char **argv) {
+ uintptr_t total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(0);
+ foo[0]->f();
+ total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(total);
+ foo[1]->f();
+ total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(total);
+ foo[2]->f();
+ total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(total);
+ // Ok, called every function once.
+ // Now call them again from another call site. Should get new coverage.
+ foo[0]->f();
+ total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(total);
+ foo[1]->f();
+ total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(total);
+ foo[2]->f();
+ total = CheckNewTotalUniqueCoverageIsLargerAndReturnIt(total);
+}
diff --git a/test/asan/TestCases/Linux/coverage-caller-callee.cc b/test/asan/TestCases/Linux/coverage-caller-callee.cc
new file mode 100644
index 000000000000..cd318962b8e0
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-caller-callee.cc
@@ -0,0 +1,74 @@
+// Test caller-callee coverage with large number of threads
+// and various numbers of callers and callees.
+
+// RUN: %clangxx_asan -fsanitize-coverage=4 %s -o %t
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 10 1 2>&1 | FileCheck %s --check-prefix=CHECK-10-1
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 9 2 2>&1 | FileCheck %s --check-prefix=CHECK-9-2
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 7 3 2>&1 | FileCheck %s --check-prefix=CHECK-7-3
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 17 1 2>&1 | FileCheck %s --check-prefix=CHECK-17-1
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 15 2 2>&1 | FileCheck %s --check-prefix=CHECK-15-2
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 18 3 2>&1 | FileCheck %s --check-prefix=CHECK-18-3
+// RUN: rm -f caller-callee*.sancov
+//
+// REQUIRES: asan-64-bits
+//
+// CHECK-10-1: CovDump: 10 caller-callee pairs written
+// CHECK-9-2: CovDump: 18 caller-callee pairs written
+// CHECK-7-3: CovDump: 21 caller-callee pairs written
+// CHECK-17-1: CovDump: 14 caller-callee pairs written
+// CHECK-15-2: CovDump: 28 caller-callee pairs written
+// CHECK-18-3: CovDump: 42 caller-callee pairs written
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pthread.h>
+int P = 0;
+struct Foo {virtual void f() {if (P) printf("Foo::f()\n");}};
+struct Foo1 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo2 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo3 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo4 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo5 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo6 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo7 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo8 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo9 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo10 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo11 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo12 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo13 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo14 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo15 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo16 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo17 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo18 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+struct Foo19 : Foo {virtual void f() {if (P) printf("%d\n", __LINE__);}};
+
+Foo *foo[20] = {
+ new Foo, new Foo1, new Foo2, new Foo3, new Foo4, new Foo5, new Foo6,
+ new Foo7, new Foo8, new Foo9, new Foo10, new Foo11, new Foo12, new Foo13,
+ new Foo14, new Foo15, new Foo16, new Foo17, new Foo18, new Foo19,
+};
+
+int n_functions = 10;
+int n_callers = 2;
+
+void *Thread(void *arg) {
+ if (n_callers >= 1) for (int i = 0; i < 2000; i++) foo[i % n_functions]->f();
+ if (n_callers >= 2) for (int i = 0; i < 2000; i++) foo[i % n_functions]->f();
+ if (n_callers >= 3) for (int i = 0; i < 2000; i++) foo[i % n_functions]->f();
+ return arg;
+}
+
+int main(int argc, char **argv) {
+ if (argc >= 2)
+ n_functions = atoi(argv[1]);
+ if (argc >= 3)
+ n_callers = atoi(argv[2]);
+ const int kNumThreads = 16;
+ pthread_t t[kNumThreads];
+ for (int i = 0; i < kNumThreads; i++)
+ pthread_create(&t[i], 0, Thread, 0);
+ for (int i = 0; i < kNumThreads; i++)
+ pthread_join(t[i], 0);
+}
diff --git a/test/asan/TestCases/Linux/coverage-direct-large.cc b/test/asan/TestCases/Linux/coverage-direct-large.cc
new file mode 100644
index 000000000000..78aa68621ad1
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-direct-large.cc
@@ -0,0 +1,45 @@
+// Test for direct coverage writing with lots of data.
+// Current implementation maps output file in chunks of 64K. This test overflows
+// 1 chunk.
+// RUN: %clangxx_asan -fsanitize-coverage=1 -O0 %s -o %t
+
+// RUN: rm -rf %T/coverage-direct-large
+
+// RUN: mkdir -p %T/coverage-direct-large/normal && cd %T/coverage-direct-large/normal
+// RUN: ASAN_OPTIONS=coverage=1:coverage_direct=0:verbosity=1 %run %t
+// RUN: %sancov print *.sancov >out.txt
+// RUN: cd ../..
+
+// RUN: mkdir -p %T/coverage-direct-large/direct && cd %T/coverage-direct-large/direct
+// RUN: ASAN_OPTIONS=coverage=1:coverage_direct=1:verbosity=1 %run %t
+// RUN: %sancov rawunpack *.sancov.raw
+// RUN: %sancov print *.sancov >out.txt
+// RUN: cd ../..
+
+// RUN: diff -u coverage-direct-large/normal/out.txt coverage-direct-large/direct/out.txt
+//
+// XFAIL: android
+
+#define F0(Q, x) Q(x)
+#define F1(Q, x) \
+ F0(Q, x##0) F0(Q, x##1) F0(Q, x##2) F0(Q, x##3) F0(Q, x##4) F0(Q, x##5) \
+ F0(Q, x##6) F0(Q, x##7) F0(Q, x##8) F0(Q, x##9)
+#define F2(Q, x) \
+ F1(Q, x##0) F1(Q, x##1) F1(Q, x##2) F1(Q, x##3) F1(Q, x##4) F1(Q, x##5) \
+ F1(Q, x##6) F1(Q, x##7) F1(Q, x##8) F1(Q, x##9)
+#define F3(Q, x) \
+ F2(Q, x##0) F2(Q, x##1) F2(Q, x##2) F2(Q, x##3) F2(Q, x##4) F2(Q, x##5) \
+ F2(Q, x##6) F2(Q, x##7) F2(Q, x##8) F2(Q, x##9)
+#define F4(Q, x) \
+ F3(Q, x##0) F3(Q, x##1) F3(Q, x##2) F3(Q, x##3) F3(Q, x##4) F3(Q, x##5) \
+ F3(Q, x##6) F3(Q, x##7) F3(Q, x##8) F3(Q, x##9)
+
+#define DECL(x) __attribute__((noinline)) void x() {}
+#define CALL(x) x();
+
+F4(DECL, f)
+
+int main(void) {
+ F4(CALL, f)
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/coverage-direct.cc b/test/asan/TestCases/Linux/coverage-direct.cc
new file mode 100644
index 000000000000..2cc1aed0a0fa
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-direct.cc
@@ -0,0 +1,44 @@
+// Test for direct coverage writing with dlopen.
+// RUN: %clangxx_asan -fsanitize-coverage=1 -DSHARED %s -shared -o %T/libcoverage_direct_test_1.so -fPIC
+// RUN: %clangxx_asan -fsanitize-coverage=1 -DSO_DIR=\"%T\" %s -o %t
+
+// RUN: rm -rf %T/coverage-direct
+
+// RUN: mkdir -p %T/coverage-direct/normal
+// RUN: ASAN_OPTIONS=coverage=1:coverage_direct=0:coverage_dir=%T/coverage-direct/normal:verbosity=1 %run %t
+// RUN: %sancov print %T/coverage-direct/normal/*.sancov >%T/coverage-direct/normal/out.txt
+
+// RUN: mkdir -p %T/coverage-direct/direct
+// RUN: ASAN_OPTIONS=coverage=1:coverage_direct=1:coverage_dir=%T/coverage-direct/direct:verbosity=1 %run %t
+// RUN: cd %T/coverage-direct/direct
+// RUN: %sancov rawunpack *.sancov.raw
+// RUN: %sancov print *.sancov >out.txt
+// RUN: cd ../..
+
+// RUN: diff -u coverage-direct/normal/out.txt coverage-direct/direct/out.txt
+//
+// XFAIL: android
+
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#ifdef SHARED
+extern "C" {
+void bar() { printf("bar\n"); }
+}
+#else
+
+int main(int argc, char **argv) {
+ fprintf(stderr, "PID: %d\n", getpid());
+ void *handle1 =
+ dlopen(SO_DIR "/libcoverage_direct_test_1.so", RTLD_LAZY);
+ assert(handle1);
+ void (*bar1)() = (void (*)())dlsym(handle1, "bar");
+ assert(bar1);
+ bar1();
+
+ return 0;
+}
+#endif
diff --git a/test/asan/TestCases/Linux/coverage-disabled.cc b/test/asan/TestCases/Linux/coverage-disabled.cc
new file mode 100644
index 000000000000..a75b26dc02e9
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-disabled.cc
@@ -0,0 +1,18 @@
+// Test that no data is collected without a runtime flag.
+//
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
+//
+// RUN: rm -rf %T/coverage-disabled
+//
+// RUN: mkdir -p %T/coverage-disabled/normal
+// RUN: ASAN_OPTIONS=coverage_direct=0:coverage_dir=%T/coverage-disabled/normal:verbosity=1 %run %t
+// RUN: not %sancov print %T/coverage-disabled/normal/*.sancov 2>&1
+//
+// RUN: mkdir -p %T/coverage-disabled/direct
+// RUN: ASAN_OPTIONS=coverage_direct=1:coverage_dir=%T/coverage-disabled/direct:verbosity=1 %run %t
+// RUN: cd %T/coverage-disabled/direct
+// RUN: not %sancov rawunpack *.sancov
+
+int main(int argc, char **argv) {
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/coverage-fork-direct.cc b/test/asan/TestCases/Linux/coverage-fork-direct.cc
new file mode 100644
index 000000000000..51cbbd821b8e
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-fork-direct.cc
@@ -0,0 +1,38 @@
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
+// RUN: rm -rf %T/coverage-fork-direct
+// RUN: mkdir -p %T/coverage-fork-direct && cd %T/coverage-fork-direct
+// RUN: (ASAN_OPTIONS=coverage=1:coverage_direct=1:verbosity=1 %run %t; \
+// RUN: %sancov rawunpack *.sancov.raw; %sancov print *.sancov) 2>&1
+//
+// XFAIL: android
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+__attribute__((noinline))
+void foo() { printf("foo\n"); }
+
+__attribute__((noinline))
+void bar() { printf("bar\n"); }
+
+__attribute__((noinline))
+void baz() { printf("baz\n"); }
+
+int main(int argc, char **argv) {
+ pid_t child_pid = fork();
+ if (child_pid == 0) {
+ fprintf(stderr, "Child PID: %d\n", getpid());
+ baz();
+ } else {
+ fprintf(stderr, "Parent PID: %d\n", getpid());
+ foo();
+ bar();
+ }
+ return 0;
+}
+
+// CHECK-DAG: Child PID: [[ChildPID:[0-9]+]]
+// CHECK-DAG: Parent PID: [[ParentPID:[0-9]+]]
+// CHECK-DAG: read 3 PCs from {{.*}}.[[ParentPID]].sancov
+// CHECK-DAG: read 1 PCs from {{.*}}.[[ChildPID]].sancov
diff --git a/test/asan/TestCases/Linux/coverage-fork.cc b/test/asan/TestCases/Linux/coverage-fork.cc
new file mode 100644
index 000000000000..38c200942609
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-fork.cc
@@ -0,0 +1,38 @@
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
+// RUN: export ASAN_OPTIONS=coverage=1:coverage_direct=0:verbosity=1
+// RUN: rm -rf %T/coverage-fork
+// RUN: mkdir -p %T/coverage-fork && cd %T/coverage-fork
+// RUN: %run %t 2>&1 | FileCheck %s
+//
+// XFAIL: android
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+__attribute__((noinline))
+void foo() { printf("foo\n"); }
+
+__attribute__((noinline))
+void bar() { printf("bar\n"); }
+
+__attribute__((noinline))
+void baz() { printf("baz\n"); }
+
+int main(int argc, char **argv) {
+ pid_t child_pid = fork();
+ if (child_pid == 0) {
+ fprintf(stderr, "Child PID: %d\n", getpid());
+ baz();
+ } else {
+ fprintf(stderr, "Parent PID: %d\n", getpid());
+ foo();
+ bar();
+ }
+ return 0;
+}
+
+// CHECK-DAG: Child PID: [[ChildPID:[0-9]+]]
+// CHECK-DAG: [[ChildPID]].sancov: 1 PCs written
+// CHECK-DAG: Parent PID: [[ParentPID:[0-9]+]]
+// CHECK-DAG: [[ParentPID]].sancov: 3 PCs written
diff --git a/test/asan/TestCases/Linux/coverage-levels.cc b/test/asan/TestCases/Linux/coverage-levels.cc
new file mode 100644
index 000000000000..748ef1f08db5
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-levels.cc
@@ -0,0 +1,20 @@
+// Test various levels of coverage
+//
+// RUN: %clangxx_asan -O1 -fsanitize-coverage=1 %s -o %t
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
+// RUN: %clangxx_asan -O1 -fsanitize-coverage=2 %s -o %t
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK2
+// RUN: %clangxx_asan -O1 -fsanitize-coverage=3 %s -o %t
+// RUN: ASAN_OPTIONS=coverage=1:verbosity=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK3
+//
+// REQUIRES: asan-64-bits
+
+volatile int sink;
+int main(int argc, char **argv) {
+ if (argc == 0)
+ sink = 0;
+}
+
+// CHECK1: 1 PCs written
+// CHECK2: 2 PCs written
+// CHECK3: 3 PCs written
diff --git a/test/asan/TestCases/Linux/coverage-maybe-open-file.cc b/test/asan/TestCases/Linux/coverage-maybe-open-file.cc
new file mode 100644
index 000000000000..4664cef7f5af
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-maybe-open-file.cc
@@ -0,0 +1,31 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
+// RUN: rm -rf %T/coverage-maybe-open-file
+// RUN: mkdir -p %T/coverage-maybe-open-file && cd %T/coverage-maybe-open-file
+// RUN: ASAN_OPTIONS=coverage=1 %run %t | FileCheck %s --check-prefix=CHECK-success
+// RUN: ASAN_OPTIONS=coverage=0 %run %t | FileCheck %s --check-prefix=CHECK-fail
+// RUN: [ "$(cat test.sancov.packed)" == "test" ]
+// RUN: cd .. && rm -rf %T/coverage-maybe-open-file
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <sanitizer/common_interface_defs.h>
+
+int main(int argc, char **argv) {
+ int fd = __sanitizer_maybe_open_cov_file("test");
+ if (fd > 0) {
+ printf("SUCCESS\n");
+ const char s[] = "test\n";
+ write(fd, s, strlen(s));
+ close(fd);
+ } else {
+ printf("FAIL\n");
+ }
+}
+
+// CHECK-success: SUCCESS
+// CHECK-fail: FAIL
diff --git a/test/asan/TestCases/Linux/coverage-module-unloaded.cc b/test/asan/TestCases/Linux/coverage-module-unloaded.cc
new file mode 100644
index 000000000000..449841e78189
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-module-unloaded.cc
@@ -0,0 +1,56 @@
+// Check that unloading a module doesn't break coverage dumping for remaining
+// modules.
+// RUN: %clangxx_asan -fsanitize-coverage=1 -DSHARED %s -shared -o %T/libcoverage_module_unloaded_test_1.so -fPIC
+// RUN: %clangxx_asan -fsanitize-coverage=1 -DSHARED %s -shared -o %T/libcoverage_module_unloaded_test_2.so -fPIC
+// RUN: %clangxx_asan -fsanitize-coverage=1 -DSO_DIR=\"%T\" %s -o %t
+// RUN: export ASAN_OPTIONS=coverage=1:verbosity=1
+// RUN: mkdir -p %T/coverage-module-unloaded && cd %T/coverage-module-unloaded
+// RUN: %run %t 2>&1 | FileCheck %s
+// RUN: %run %t foo 2>&1 | FileCheck %s
+// RUN: cd .. && rm coverage-module-unloaded -r
+//
+// https://code.google.com/p/address-sanitizer/issues/detail?id=263
+// XFAIL: android
+
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#ifdef SHARED
+extern "C" {
+void bar() { printf("bar\n"); }
+}
+#else
+
+int main(int argc, char **argv) {
+ fprintf(stderr, "PID: %d\n", getpid());
+ void *handle1 =
+ dlopen(SO_DIR "/libcoverage_module_unloaded_test_1.so", RTLD_LAZY);
+ assert(handle1);
+ void (*bar1)() = (void (*)())dlsym(handle1, "bar");
+ assert(bar1);
+ bar1();
+ void *handle2 =
+ dlopen(SO_DIR "/libcoverage_module_unloaded_test_2.so", RTLD_LAZY);
+ assert(handle2);
+ void (*bar2)() = (void (*)())dlsym(handle2, "bar");
+ assert(bar2);
+ bar2();
+
+ // It matters whether the unloaded module has a higher or lower address range
+ // than the remaining one. Make sure to test both cases.
+ if (argc < 2)
+ dlclose(bar1 < bar2 ? handle1 : handle2);
+ else
+ dlclose(bar1 < bar2 ? handle2 : handle1);
+ return 0;
+}
+#endif
+
+// CHECK: PID: [[PID:[0-9]+]]
+// CHECK: [[PID]].sancov: 1 PCs written
+// CHECK: .so.[[PID]]
+// If we get coverage for both DSOs, it means the module wasn't unloaded and
+// this test is useless.
+// CHECK-NOT: .so.[[PID]]
diff --git a/test/asan/TestCases/Linux/coverage-sandboxing.cc b/test/asan/TestCases/Linux/coverage-sandboxing.cc
new file mode 100644
index 000000000000..56f9c40f4cc0
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-sandboxing.cc
@@ -0,0 +1,85 @@
+// RUN: %clangxx_asan -fsanitize-coverage=2 -DSHARED %s -shared -o %T/libcoverage_sandboxing_test.so -fPIC
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t -Wl,-R,\$ORIGIN -L%T -lcoverage_sandboxing_test
+// RUN: export ASAN_OPTIONS=coverage=1:verbosity=1
+// RUN: rm -rf %T/coverage_sandboxing_test
+// RUN: mkdir %T/coverage_sandboxing_test && cd %T/coverage_sandboxing_test
+// RUN: mkdir vanilla && cd vanilla
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-vanilla
+// RUN: mkdir ../sandbox1 && cd ../sandbox1
+// RUN: %run %t a 2>&1 | FileCheck %s --check-prefix=CHECK-sandbox
+// RUN: %sancov unpack coverage_sandboxing_test.sancov.packed
+// RUN: mkdir ../sandbox2 && cd ../sandbox2
+// RUN: %run %t a b 2>&1 | FileCheck %s --check-prefix=CHECK-sandbox
+// RUN: %sancov unpack coverage_sandboxing_test.sancov.packed
+// RUN: cd ..
+// RUN: %sancov print vanilla/libcoverage_sandboxing_test.so.*.sancov > vanilla.txt
+// RUN: %sancov print sandbox1/libcoverage_sandboxing_test.so.*.sancov > sandbox1.txt
+// RUN: %sancov print sandbox2/libcoverage_sandboxing_test.so.*.sancov > sandbox2.txt
+// RUN: diff vanilla.txt sandbox1.txt
+// RUN: diff vanilla.txt sandbox2.txt
+// RUN: cd ../ && rm coverage_sandboxing_test -r
+// https://code.google.com/p/address-sanitizer/issues/detail?id=263
+// XFAIL: android
+
+#include <assert.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <sanitizer/common_interface_defs.h>
+
+#define bb0(n) \
+ case n: \
+ fprintf(stderr, "foo: %d\n", n); \
+ break;
+
+#define bb1(n) bb0(n) bb0(n + 1)
+#define bb2(n) bb1(n) bb1(n + 2)
+#define bb3(n) bb2(n) bb2(n + 4)
+#define bb4(n) bb3(n) bb3(n + 8)
+#define bb5(n) bb4(n) bb4(n + 16)
+#define bb6(n) bb5(n) bb5(n + 32)
+#define bb7(n) bb6(n) bb6(n + 64)
+#define bb8(n) bb7(n) bb7(n + 128)
+
+#ifdef SHARED
+void foo(int i) {
+ switch(i) {
+ // 256 basic blocks
+ bb8(0)
+ }
+}
+#else
+extern void foo(int i);
+
+int main(int argc, char **argv) {
+ assert(argc <= 3);
+ for (int i = 0; i < 256; i++) foo(i);
+ fprintf(stderr, "PID: %d\n", getpid());
+ if (argc == 1) {
+ // Vanilla mode, dump to individual files.
+ return 0;
+ }
+ // Dump to packed file.
+ int fd = creat("coverage_sandboxing_test.sancov.packed", 0660);
+ __sanitizer_sandbox_arguments args = {0};
+ args.coverage_sandboxed = 1;
+ args.coverage_fd = fd;
+ if (argc == 2)
+ // Write to packed file, do not split into blocks.
+ args.coverage_max_block_size = 0;
+ else if (argc == 3)
+ // Write to packed file, split into blocks (as if writing to a socket).
+ args.coverage_max_block_size = 100;
+ __sanitizer_sandbox_on_notify(&args);
+ return 0;
+}
+#endif
+
+// CHECK-vanilla: PID: [[PID:[0-9]+]]
+// CHECK-vanilla: [[PID]].sancov: 1 PCs written
+// CHECK-vanilla: .so.[[PID]].sancov: 258 PCs written
+
+// CHECK-sandbox: PID: [[PID:[0-9]+]]
+// CHECK-sandbox: 258 PCs written to packed file
diff --git a/test/asan/TestCases/Linux/coverage-tracing.cc b/test/asan/TestCases/Linux/coverage-tracing.cc
new file mode 100644
index 000000000000..89ab0d283add
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage-tracing.cc
@@ -0,0 +1,22 @@
+// Test -mllvm -sanitizer-coverage-experimental-tracing
+//
+// RUN: %clangxx_asan -O1 -fsanitize-coverage=1 -mllvm -sanitizer-coverage-experimental-tracing %s -o %t
+// RUN: rm -rf %T/coverage-tracing
+// RUN: mkdir -p %T/coverage-tracing
+// RUN: ASAN_OPTIONS=coverage=1:coverage_dir=%T/coverage-tracing:verbosity=1 %run %t 1 2 3 4 2>&1 | FileCheck %s
+// RUN: rm -rf %T/coverage-tracing
+//
+// REQUIRES: asan-64-bits
+
+volatile int sink;
+int main(int argc, char **argv) {
+ volatile int i = 0;
+ do {
+ sink = 0;
+ i++;
+ } while (i < argc);
+ return 0;
+}
+
+// CHECK: CovDump: Trace: {{[3-9]}} PCs written
+// CHECK: CovDump: Trace: {{[6-9]}} Events written
diff --git a/test/asan/TestCases/Linux/coverage.cc b/test/asan/TestCases/Linux/coverage.cc
new file mode 100644
index 000000000000..f6eb0ae9285b
--- /dev/null
+++ b/test/asan/TestCases/Linux/coverage.cc
@@ -0,0 +1,71 @@
+// RUN: %clangxx_asan -fsanitize-coverage=1 -DSHARED %s -shared -o %T/libcoverage_test.so -fPIC
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t -Wl,-R,\$ORIGIN -L%T -lcoverage_test
+// RUN: export ASAN_OPTIONS=coverage=1:verbosity=1
+// RUN: mkdir -p %T/coverage && cd %T/coverage
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-main
+// RUN: %run %t foo 2>&1 | FileCheck %s --check-prefix=CHECK-foo
+// RUN: %run %t bar 2>&1 | FileCheck %s --check-prefix=CHECK-bar
+// RUN: %run %t foo bar 2>&1 | FileCheck %s --check-prefix=CHECK-foo-bar
+// RUN: not %run %t foo bar 4 2>&1 | FileCheck %s --check-prefix=CHECK-report
+// RUN: not %run %t foo bar 4 5 2>&1 | FileCheck %s --check-prefix=CHECK-segv
+// RUN: cd .. && rm coverage -r
+//
+// https://code.google.com/p/address-sanitizer/issues/detail?id=263
+// XFAIL: android
+
+#include "sanitizer/common_interface_defs.h"
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifdef SHARED
+void bar() { printf("bar\n"); }
+#else
+__attribute__((noinline))
+void foo() { printf("foo\n"); }
+extern void bar();
+
+int G[4];
+
+int main(int argc, char **argv) {
+ fprintf(stderr, "PID: %d\n", getpid());
+ for (int i = 1; i < argc; i++) {
+ if (!strcmp(argv[i], "foo")) {
+ uintptr_t old_coverage = __sanitizer_get_total_unique_coverage();
+ foo();
+ uintptr_t new_coverage = __sanitizer_get_total_unique_coverage();
+ assert(new_coverage > old_coverage);
+ }
+ if (!strcmp(argv[i], "bar"))
+ bar();
+ }
+ if (argc == 5) {
+ static volatile char *zero = 0;
+ *zero = 0; // SEGV if argc == 5.
+ }
+ return G[argc]; // Buffer overflow if argc >= 4.
+}
+#endif
+
+// CHECK-main: PID: [[PID:[0-9]+]]
+// CHECK-main: [[PID]].sancov: 1 PCs written
+// CHECK-main-NOT: .so.[[PID]]
+//
+// CHECK-foo: PID: [[PID:[0-9]+]]
+// CHECK-foo: [[PID]].sancov: 2 PCs written
+// CHECK-foo-NOT: .so.[[PID]]
+//
+// CHECK-bar: PID: [[PID:[0-9]+]]
+// CHECK-bar: [[PID]].sancov: 1 PCs written
+// CHECK-bar: .so.[[PID]].sancov: 1 PCs written
+//
+// CHECK-foo-bar: PID: [[PID:[0-9]+]]
+// CHECK-foo-bar: [[PID]].sancov: 2 PCs written
+// CHECK-foo-bar: so.[[PID]].sancov: 1 PCs written
+//
+// CHECK-report: AddressSanitizer: global-buffer-overflow
+// CHECK-report: PCs written
+//
+// CHECK-segv: AddressSanitizer: SEGV
+// CHECK-segv: PCs written
diff --git a/test/asan/TestCases/Linux/function-sections-are-bad.cc b/test/asan/TestCases/Linux/function-sections-are-bad.cc
new file mode 100644
index 000000000000..15aaccbc957f
--- /dev/null
+++ b/test/asan/TestCases/Linux/function-sections-are-bad.cc
@@ -0,0 +1,41 @@
+// Check that --gc-sections does not throw away (or localize) parts of sanitizer
+// interface.
+// RUN: %clang_asan %s -Wl,--gc-sections -ldl -o %t
+// RUN: %clang_asan %s -DBUILD_SO -fPIC -o %t-so.so -shared
+// RUN: %run %t 2>&1
+
+// REQUIRES: asan-64-bits
+
+#ifndef BUILD_SO
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[]) {
+ char path[4096];
+ snprintf(path, sizeof(path), "%s-so.so", argv[0]);
+
+ void *handle = dlopen(path, RTLD_LAZY);
+ if (!handle) fprintf(stderr, "%s\n", dlerror());
+ assert(handle != 0);
+
+ typedef void (*F)();
+ F f = (F)dlsym(handle, "call_rtl_from_dso");
+ printf("%s\n", dlerror());
+ assert(dlerror() == 0);
+ f();
+
+ dlclose(handle);
+ return 0;
+}
+
+#else // BUILD_SO
+
+#include <sanitizer/asan_interface.h>
+extern "C" void call_rtl_from_dso() {
+ volatile int32_t x;
+ volatile int32_t y = __sanitizer_unaligned_load32((void *)&x);
+}
+
+#endif // BUILD_SO
diff --git a/test/asan/TestCases/Linux/globals-gc-sections.cc b/test/asan/TestCases/Linux/globals-gc-sections.cc
new file mode 100644
index 000000000000..72a9e9498f85
--- /dev/null
+++ b/test/asan/TestCases/Linux/globals-gc-sections.cc
@@ -0,0 +1,13 @@
+// RUN: %clangxx_asan %s -o %t -Wl,--gc-sections -ffunction-sections -mllvm -asan-globals=0
+// RUN: %clangxx_asan %s -o %t -Wl,--gc-sections -ffunction-sections -mllvm -asan-globals=1
+
+// https://code.google.com/p/address-sanitizer/issues/detail?id=260
+// XFAIL: *
+
+int undefined();
+
+int (*unused)() = undefined;
+
+int main() {
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/initialization-bug-any-order.cc b/test/asan/TestCases/Linux/initialization-bug-any-order.cc
new file mode 100644
index 000000000000..a462f4a163f1
--- /dev/null
+++ b/test/asan/TestCases/Linux/initialization-bug-any-order.cc
@@ -0,0 +1,36 @@
+// Test to make sure basic initialization order errors are caught.
+// Check that on Linux initialization order bugs are caught
+// independently on order in which we list source files (if we specify
+// strict init-order checking).
+
+// RUN: %clangxx_asan -O0 %s %p/../Helpers/initialization-bug-extra.cc -o %t
+// RUN: ASAN_OPTIONS=strict_init_order=true not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %p/../Helpers/initialization-bug-extra.cc %s -o %t
+// RUN: ASAN_OPTIONS=strict_init_order=true not %run %t 2>&1 | FileCheck %s
+
+// Do not test with optimization -- the error may be optimized away.
+
+#include <cstdio>
+
+// 'y' is a dynamically initialized global residing in a different TU. This
+// dynamic initializer will read the value of 'y' before main starts. The
+// result is undefined behavior, which should be caught by initialization order
+// checking.
+extern int y;
+int __attribute__((noinline)) initX() {
+ return y + 1;
+ // CHECK: {{AddressSanitizer: initialization-order-fiasco}}
+ // CHECK: {{READ of size .* at 0x.* thread T0}}
+ // CHECK: {{#0 0x.* in .*initX.* .*initialization-bug-any-order.cc:}}[[@LINE-3]]
+ // CHECK: {{0x.* is located 0 bytes inside of global variable .*y.*}}
+}
+
+// This initializer begins our initialization order problems.
+static int x = initX();
+
+int main() {
+ // ASan should have caused an exit before main runs.
+ printf("PASS\n");
+ // CHECK-NOT: PASS
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/interception-in-shared-lib-test.cc b/test/asan/TestCases/Linux/interception-in-shared-lib-test.cc
new file mode 100644
index 000000000000..b828d5524ee0
--- /dev/null
+++ b/test/asan/TestCases/Linux/interception-in-shared-lib-test.cc
@@ -0,0 +1,32 @@
+// Check that memset() call from a shared library gets intercepted.
+// Please always keep this file in sync with
+// ../Darwin/interception-in-shared-lib-test.cc.
+
+// RUN: %clangxx_asan -O0 %s -DSHARED_LIB \
+// RUN: -shared -o %T/libinterception-in-shared-lib-test.so \
+// RUN: -fPIC
+// TODO(glider): figure out how to set rpath in a more portable way and unite
+// this test with ../Darwin/interception-in-shared-lib-test.cc.
+// RUN: %clangxx_asan -O0 %s -o %t -Wl,-R,\$ORIGIN -L%T -linterception-in-shared-lib-test && \
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(SHARED_LIB)
+extern "C"
+void my_memset(void *p, size_t sz) {
+ memset(p, 0, sz);
+}
+#else
+extern "C" void my_memset(void *p, size_t sz);
+
+int main(int argc, char *argv[]) {
+ char buf[10];
+ my_memset(buf, 11);
+ // CHECK: {{.*ERROR: AddressSanitizer: stack-buffer-overflow}}
+ // CHECK: {{WRITE of size 11 at 0x.* thread T0}}
+ // CHECK: {{0x.* in my_memset .*interception-in-shared-lib-test.cc:19}}
+ return 0;
+}
+#endif
diff --git a/test/asan/TestCases/Linux/interception_malloc_test.cc b/test/asan/TestCases/Linux/interception_malloc_test.cc
new file mode 100644
index 000000000000..f6d6d340bd9c
--- /dev/null
+++ b/test/asan/TestCases/Linux/interception_malloc_test.cc
@@ -0,0 +1,23 @@
+// ASan interceptor can be accessed with __interceptor_ prefix.
+
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+
+extern "C" void *__interceptor_malloc(size_t size);
+extern "C" void *malloc(size_t size) {
+ write(2, "malloc call\n", sizeof("malloc call\n") - 1);
+ return __interceptor_malloc(size);
+}
+
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return (int)strtol(x, 0, 10);
+ // CHECK: malloc call
+ // CHECK: heap-use-after-free
+}
diff --git a/test/asan/TestCases/Linux/interception_readdir_r_test.cc b/test/asan/TestCases/Linux/interception_readdir_r_test.cc
new file mode 100644
index 000000000000..93b553c3744f
--- /dev/null
+++ b/test/asan/TestCases/Linux/interception_readdir_r_test.cc
@@ -0,0 +1,62 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -O0 %s -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+//
+// RUN: %clangxx_asan -O0 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%T"'"' -o %t && %run %t 2>&1 | FileCheck %s
+
+#include <dirent.h>
+#include <memory.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main() {
+ // Ensure the readdir_r interceptor doesn't erroneously mark the entire dirent
+ // as written when the end of the directory pointer is reached.
+ fputs("test1: reading the " TEMP_DIR " directory...\n", stderr);
+ DIR *d = opendir(TEMP_DIR);
+ struct dirent *result = (struct dirent *)(0xfeedbeef);
+ // We assume the temp dir for this test doesn't have crazy long file names.
+ char entry_buffer[4096];
+ memset(entry_buffer, 0xab, sizeof(entry_buffer));
+ unsigned count = 0;
+ do {
+ // Stamp the entry struct to try to trick the interceptor.
+ ((struct dirent *)entry_buffer)->d_reclen = 9999;
+ if (readdir_r(d, (struct dirent *)entry_buffer, &result) != 0)
+ abort();
+ ++count;
+ } while (result != NULL);
+ fprintf(stderr, "read %d entries\n", count);
+ closedir(d);
+ // CHECK: test1: reading the {{.*}} directory...
+ // CHECK-NOT: stack-buffer-overflow
+ // CHECK: read {{.*}} entries
+
+ // Ensure the readdir64_r interceptor doesn't have the bug either.
+ fputs("test2: reading the " TEMP_DIR " directory...\n", stderr);
+ d = opendir(TEMP_DIR);
+ struct dirent64 *result64;
+ memset(entry_buffer, 0xab, sizeof(entry_buffer));
+ count = 0;
+ do {
+ // Stamp the entry struct to try to trick the interceptor.
+ ((struct dirent64 *)entry_buffer)->d_reclen = 9999;
+ if (readdir64_r(d, (struct dirent64 *)entry_buffer, &result64) != 0)
+ abort();
+ ++count;
+ } while (result64 != NULL);
+ fprintf(stderr, "read %d entries\n", count);
+ closedir(d);
+ // CHECK: test2: reading the {{.*}} directory...
+ // CHECK-NOT: stack-buffer-overflow
+ // CHECK: read {{.*}} entries
+}
diff --git a/test/asan/TestCases/Linux/interception_test.cc b/test/asan/TestCases/Linux/interception_test.cc
new file mode 100644
index 000000000000..fb9d01cfe6d7
--- /dev/null
+++ b/test/asan/TestCases/Linux/interception_test.cc
@@ -0,0 +1,22 @@
+// ASan interceptor can be accessed with __interceptor_ prefix.
+
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+#include <stdlib.h>
+#include <stdio.h>
+
+extern "C" long __interceptor_strtol(const char *nptr, char **endptr, int base);
+extern "C" long strtol(const char *nptr, char **endptr, int base) {
+ fprintf(stderr, "my_strtol_interceptor\n");
+ return __interceptor_strtol(nptr, endptr, base);
+}
+
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return (int)strtol(x, 0, 10);
+ // CHECK: my_strtol_interceptor
+ // CHECK: heap-use-after-free
+}
diff --git a/test/asan/TestCases/Linux/interface_symbols_linux.c b/test/asan/TestCases/Linux/interface_symbols_linux.c
new file mode 100644
index 000000000000..a616732ff9f8
--- /dev/null
+++ b/test/asan/TestCases/Linux/interface_symbols_linux.c
@@ -0,0 +1,35 @@
+// Check the presence of interface symbols in compiled file.
+
+// RUN: %clang_asan -O2 %s -o %t.exe
+// RUN: nm -D %t.exe | grep " T " | sed "s/.* T //" \
+// RUN: | grep "__asan_" | sed "s/___asan_/__asan_/" \
+// RUN: | sed -E "s/__asan_init_v[0-9]+/__asan_init/" \
+// RUN: | grep -v "__asan_default_options" \
+// RUN: | grep -v "__asan_stack_" \
+// RUN: | grep -v "__asan_on_error" > %t.symbols
+// RUN: cat %p/../../../../lib/asan/asan_interface_internal.h \
+// RUN: | sed "s/\/\/.*//" | sed "s/typedef.*//" \
+// RUN: | grep -v "OPTIONAL" \
+// RUN: | grep "__asan_.*(" | sed "s/.* __asan_/__asan_/;s/(.*//" \
+// RUN: > %t.interface
+// RUN: echo __asan_report_load1 >> %t.interface
+// RUN: echo __asan_report_load2 >> %t.interface
+// RUN: echo __asan_report_load4 >> %t.interface
+// RUN: echo __asan_report_load8 >> %t.interface
+// RUN: echo __asan_report_load16 >> %t.interface
+// RUN: echo __asan_report_store1 >> %t.interface
+// RUN: echo __asan_report_store2 >> %t.interface
+// RUN: echo __asan_report_store4 >> %t.interface
+// RUN: echo __asan_report_store8 >> %t.interface
+// RUN: echo __asan_report_store16 >> %t.interface
+// RUN: echo __asan_report_load_n >> %t.interface
+// RUN: echo __asan_report_store_n >> %t.interface
+// RUN: echo __asan_get_current_fake_stack >> %t.interface
+// RUN: echo __asan_addr_is_in_fake_stack >> %t.interface
+// RUN: cat %t.interface | sort -u | diff %t.symbols -
+
+// FIXME: nm -D on powerpc somewhy shows ASan interface symbols residing
+// in "initialized data section".
+// REQUIRES: x86_64-supported-target,i386-supported-target,asan-static-runtime
+
+int main() { return 0; }
diff --git a/test/asan/TestCases/Linux/kernel-area.cc b/test/asan/TestCases/Linux/kernel-area.cc
new file mode 100644
index 000000000000..8dd509f84975
--- /dev/null
+++ b/test/asan/TestCases/Linux/kernel-area.cc
@@ -0,0 +1,24 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// Test that kernel area is not sanitized on 32-bit machines.
+//
+// RUN: %clangxx_asan %s -o %t
+// RUN: ASAN_OPTIONS=verbosity=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%kernel_bits
+// RUN: ASAN_OPTIONS=verbosity=1:full_address_space=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%kernel_bits
+// RUN: ASAN_OPTIONS=verbosity=1:full_address_space=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-kernel-64-bits
+//
+// CHECK-kernel-32-bits: || `[0x38000000, 0xbfffffff]` || HighMem ||
+// CHECK-kernel-32-bits: || `[0x27000000, 0x37ffffff]` || HighShadow ||
+// CHECK-kernel-32-bits: || `[0x24000000, 0x26ffffff]` || ShadowGap ||
+//
+// CHECK-kernel-64-bits: || `[0x40000000, 0xffffffff]` || HighMem ||
+// CHECK-kernel-64-bits: || `[0x28000000, 0x3fffffff]` || HighShadow ||
+// CHECK-kernel-64-bits: || `[0x24000000, 0x27ffffff]` || ShadowGap ||
+//
+// REQUIRES: asan-32-bits
+
+int main() {
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Linux/leak.cc b/test/asan/TestCases/Linux/leak.cc
new file mode 100644
index 000000000000..36dc6ddb8adf
--- /dev/null
+++ b/test/asan/TestCases/Linux/leak.cc
@@ -0,0 +1,16 @@
+// Minimal test for LeakSanitizer+AddressSanitizer.
+// REQUIRES: leak-detection
+//
+// RUN: %clangxx_asan %s -o %t
+// RUN: ASAN_OPTIONS=detect_leaks=1 not %run %t 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS="" not %run %t 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=detect_leaks=0 %run %t
+#include <stdio.h>
+int *t;
+
+int main(int argc, char **argv) {
+ t = new int[argc - 1];
+ printf("t: %p\n", t);
+ t = 0;
+}
+// CHECK: LeakSanitizer: detected memory leaks
diff --git a/test/asan/TestCases/Linux/lit.local.cfg b/test/asan/TestCases/Linux/lit.local.cfg
new file mode 100644
index 000000000000..57271b8078a4
--- /dev/null
+++ b/test/asan/TestCases/Linux/lit.local.cfg
@@ -0,0 +1,9 @@
+def getRoot(config):
+ if not config.parent:
+ return config
+ return getRoot(config.parent)
+
+root = getRoot(config)
+
+if root.host_os not in ['Linux']:
+ config.unsupported = True
diff --git a/test/asan/TestCases/Linux/malloc-in-qsort.cc b/test/asan/TestCases/Linux/malloc-in-qsort.cc
new file mode 100644
index 000000000000..545bc7e42a17
--- /dev/null
+++ b/test/asan/TestCases/Linux/malloc-in-qsort.cc
@@ -0,0 +1,56 @@
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: ASAN_OPTIONS=fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-FAST
+// RUN: ASAN_OPTIONS=fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SLOW
+
+// Test how well we unwind in presence of qsort in the stack
+// (i.e. if we can unwind through a function compiled w/o frame pointers).
+// https://code.google.com/p/address-sanitizer/issues/detail?id=137
+
+// Fast unwinder is only available on x86_64 and i386.
+// REQUIRES: x86_64-supported-target
+
+// REQUIRES: compiler-rt-optimized
+
+#include <stdlib.h>
+#include <stdio.h>
+
+int *GlobalPtr;
+
+extern "C" {
+int QsortCallback(const void *a, const void *b) {
+ char *x = (char*)a;
+ char *y = (char*)b;
+ printf("Calling QsortCallback\n");
+ GlobalPtr = new int[10];
+ return (int)*x - (int)*y;
+}
+
+__attribute__((noinline))
+void MyQsort(char *a, size_t size) {
+ printf("Calling qsort\n");
+ qsort(a, size, sizeof(char), QsortCallback);
+ printf("Done\n"); // Avoid tail call.
+}
+} // extern "C"
+
+int main() {
+ char a[2] = {1, 2};
+ MyQsort(a, 2);
+ return GlobalPtr[10];
+}
+
+// Fast unwind: can not unwind through qsort.
+// FIXME: this test does not properly work with slow unwind yet.
+
+// CHECK-FAST: ERROR: AddressSanitizer: heap-buffer-overflow
+// CHECK-FAST: is located 0 bytes to the right
+// CHECK-FAST: #0{{.*}}operator new
+// CHECK-FAST-NEXT: #1{{.*}}QsortCallback
+// CHECK-FAST-NOT: MyQsort
+//
+// CHECK-SLOW: ERROR: AddressSanitizer: heap-buffer-overflow
+// CHECK-SLOW: is located 0 bytes to the right
+// CHECK-SLOW: #0{{.*}}operator new
+// CHECK-SLOW-NEXT: #1{{.*}}QsortCallback
+// CHECK-SLOW: #{{.*}}MyQsort
+// CHECK-SLOW-NEXT: #{{.*}}main
diff --git a/test/asan/TestCases/Linux/malloc_delete_mismatch.cc b/test/asan/TestCases/Linux/malloc_delete_mismatch.cc
new file mode 100644
index 000000000000..18d65ce0008f
--- /dev/null
+++ b/test/asan/TestCases/Linux/malloc_delete_mismatch.cc
@@ -0,0 +1,33 @@
+// Check that we detect malloc/delete mismatch only if the approptiate flag
+// is set.
+
+// RUN: %clangxx_asan -g %s -o %t 2>&1
+
+// Find error and provide malloc context.
+// RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=ALLOC-STACK
+
+// No error here.
+// RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=0 %run %t
+
+// Also works if no malloc context is available.
+// RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=1:malloc_context_size=0:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=1:malloc_context_size=0:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+#include <stdlib.h>
+
+static volatile char *x;
+
+int main() {
+ x = (char*)malloc(10);
+ x[0] = 0;
+ delete x;
+}
+// CHECK: ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete) on 0x
+// CHECK-NEXT: #0{{.*}}operator delete
+// CHECK: #{{.*}}main
+// CHECK: is located 0 bytes inside of 10-byte region
+// CHECK-NEXT: allocated by thread T0 here:
+// ALLOC-STACK-NEXT: #0{{.*}}malloc
+// ALLOC-STACK: #{{.*}}main
+// CHECK: HINT: {{.*}} you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
diff --git a/test/asan/TestCases/Linux/odr-violation.cc b/test/asan/TestCases/Linux/odr-violation.cc
new file mode 100644
index 000000000000..ddc68a2db0f1
--- /dev/null
+++ b/test/asan/TestCases/Linux/odr-violation.cc
@@ -0,0 +1,42 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// Different size: detect a bug if detect_odr_violation>=1
+// RUN: %clangxx_asan -DBUILD_SO=1 -fPIC -shared %s -o %t-ODR-SO.so
+// RUN: %clangxx_asan %s %t-ODR-SO.so -Wl,-R. -o %t-ODR-EXE
+// RUN: ASAN_OPTIONS=detect_odr_violation=1 not %run %t-ODR-EXE 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=detect_odr_violation=2 not %run %t-ODR-EXE 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=detect_odr_violation=0 %run %t-ODR-EXE 2>&1 | FileCheck %s --check-prefix=DISABLED
+// RUN: not %run %t-ODR-EXE 2>&1 | FileCheck %s
+//
+// Same size: report a bug only if detect_odr_violation>=2.
+// RUN: %clangxx_asan -DBUILD_SO=1 -fPIC -shared %s -o %t-ODR-SO.so -DSZ=100
+// RUN: ASAN_OPTIONS=detect_odr_violation=1 %run %t-ODR-EXE 2>&1 | FileCheck %s --check-prefix=DISABLED
+// RUN: ASAN_OPTIONS=detect_odr_violation=2 not %run %t-ODR-EXE 2>&1 | FileCheck %s
+// RUN: not %run %t-ODR-EXE 2>&1 | FileCheck %s
+
+// GNU driver doesn't handle .so files properly.
+// REQUIRES: Clang
+
+#ifndef SZ
+# define SZ 4
+#endif
+
+#if BUILD_SO
+namespace foo { char G[SZ]; }
+#else
+#include <stdio.h>
+namespace foo { char G[100]; }
+// CHECK: ERROR: AddressSanitizer: odr-violation
+// CHECK: size=100 'foo::G' {{.*}}odr-violation.cc:[[@LINE-2]]:22
+// CHECK: size={{4|100}} 'foo::G'
+int main(int argc, char **argv) {
+ printf("PASS: %p\n", &foo::G);
+}
+#endif
+
+// CHECK: These globals were registered at these points:
+// CHECK: ODR-EXE
+// CHECK: ODR-SO
+// CHECK: SUMMARY: AddressSanitizer: odr-violation: global 'foo::G' at {{.*}}odr-violation.cc
+// DISABLED: PASS
diff --git a/test/asan/TestCases/Linux/overflow-in-qsort.cc b/test/asan/TestCases/Linux/overflow-in-qsort.cc
new file mode 100644
index 000000000000..79b654e117cd
--- /dev/null
+++ b/test/asan/TestCases/Linux/overflow-in-qsort.cc
@@ -0,0 +1,51 @@
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: ASAN_OPTIONS=fast_unwind_on_fatal=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-FAST
+// RUN: ASAN_OPTIONS=fast_unwind_on_fatal=0 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SLOW
+
+// Test how well we unwind in presence of qsort in the stack
+// (i.e. if we can unwind through a function compiled w/o frame pointers).
+// https://code.google.com/p/address-sanitizer/issues/detail?id=137
+
+// Fast unwinder is only available on x86_64 and i386.
+// REQUIRES: x86_64-supported-target
+
+#include <stdlib.h>
+#include <stdio.h>
+
+int global_array[10];
+volatile int one = 1;
+
+extern "C" {
+int QsortCallback(const void *a, const void *b) {
+ char *x = (char*)a;
+ char *y = (char*)b;
+ printf("Calling QsortCallback\n");
+ global_array[one * 10] = 0; // BOOM
+ return (int)*x - (int)*y;
+}
+
+__attribute__((noinline))
+void MyQsort(char *a, size_t size) {
+ printf("Calling qsort\n");
+ qsort(a, size, sizeof(char), QsortCallback);
+ printf("Done\n"); // Avoid tail call.
+}
+} // extern "C"
+
+int main() {
+ char a[2] = {1, 2};
+ MyQsort(a, 2);
+}
+
+// Fast unwind: can not unwind through qsort.
+
+// CHECK-FAST: ERROR: AddressSanitizer: global-buffer-overflow
+// CHECK-FAST: #0{{.*}} in QsortCallback
+// CHECK-FAST-NOT: MyQsort
+// CHECK-FAST: is located 0 bytes to the right of global variable 'global_array
+
+// CHECK-SLOW: ERROR: AddressSanitizer: global-buffer-overflow
+// CHECK-SLOW: #0{{.*}} in QsortCallback
+// CHECK-SLOW: #{{.*}} in MyQsort
+// CHECK-SLOW: #{{.*}} in main
+// CHECK-SLOW: is located 0 bytes to the right of global variable 'global_array
diff --git a/test/asan/TestCases/Linux/preinit_test.cc b/test/asan/TestCases/Linux/preinit_test.cc
new file mode 100644
index 000000000000..10dde67d6a9b
--- /dev/null
+++ b/test/asan/TestCases/Linux/preinit_test.cc
@@ -0,0 +1,33 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx -DFUNC=zzzz %s -shared -o %t.so -fPIC
+// RUN: %clangxx_asan -DFUNC=main %s -o %t -Wl,-R. %t.so
+// RUN: %run %t
+
+// GNU driver doesn't handle .so files properly.
+// REQUIRES: Clang
+
+// This test ensures that we call __asan_init early enough.
+// We build a shared library w/o asan instrumentation
+// and the binary with asan instrumentation.
+// Both files include the same header (emulated by -DFUNC here)
+// with C++ template magic which runs global initializer at library load time.
+// The function get() is instrumented with asan, but called
+// before the usual constructors are run.
+// So, we must make sure that __asan_init is executed even earlier.
+//
+// See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56393
+
+struct A {
+ int foo() const { return 0; }
+};
+A get () { return A(); }
+template <class> struct O {
+ static A const e;
+};
+template <class T> A const O <T>::e = get();
+int FUNC() {
+ return O<int>::e.foo();
+}
+
diff --git a/test/asan/TestCases/Linux/ptrace.cc b/test/asan/TestCases/Linux/ptrace.cc
new file mode 100644
index 000000000000..7e5acb64c7a1
--- /dev/null
+++ b/test/asan/TestCases/Linux/ptrace.cc
@@ -0,0 +1,56 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t
+// RUN: %clangxx_asan -DPOSITIVE -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// REQUIRES: x86_64-supported-target,i386-supported-target
+
+#include <assert.h>
+#include <stdio.h>
+#include <sys/ptrace.h>
+#include <sys/types.h>
+#include <sys/user.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+int main(void) {
+ pid_t pid;
+ pid = fork();
+ if (pid == 0) { // child
+ ptrace(PTRACE_TRACEME, 0, NULL, NULL);
+ execl("/bin/true", "true", NULL);
+ } else {
+ wait(NULL);
+ user_regs_struct regs;
+ int res;
+ user_regs_struct * volatile pregs = &regs;
+#ifdef POSITIVE
+ ++pregs;
+#endif
+ res = ptrace(PTRACE_GETREGS, pid, NULL, pregs);
+ // CHECK: AddressSanitizer: stack-buffer-overflow
+ // CHECK: {{.*ptrace.cc:}}[[@LINE-2]]
+ assert(!res);
+#if __WORDSIZE == 64
+ printf("%zx\n", regs.rip);
+#else
+ printf("%lx\n", regs.eip);
+#endif
+
+ user_fpregs_struct fpregs;
+ res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
+ assert(!res);
+ printf("%lx\n", (unsigned long)fpregs.cwd);
+
+#if __WORDSIZE == 32
+ user_fpxregs_struct fpxregs;
+ res = ptrace(PTRACE_GETFPXREGS, pid, NULL, &fpxregs);
+ assert(!res);
+ printf("%lx\n", (unsigned long)fpxregs.mxcsr);
+#endif
+
+ ptrace(PTRACE_CONT, pid, NULL, NULL);
+ wait(NULL);
+ }
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/rlimit_mmap_test.cc b/test/asan/TestCases/Linux/rlimit_mmap_test.cc
new file mode 100644
index 000000000000..7f37727b2eeb
--- /dev/null
+++ b/test/asan/TestCases/Linux/rlimit_mmap_test.cc
@@ -0,0 +1,16 @@
+// Check that we properly report mmap failure.
+// RUN: %clangxx_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+static volatile void *x;
+
+int main(int argc, char **argv) {
+ struct rlimit mmap_resource_limit = { 0, 0 };
+ assert(0 == setrlimit(RLIMIT_AS, &mmap_resource_limit));
+ x = malloc(10000000);
+// CHECK: ERROR: Failed to mmap
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/shmctl.cc b/test/asan/TestCases/Linux/shmctl.cc
new file mode 100644
index 000000000000..e1752bc894c0
--- /dev/null
+++ b/test/asan/TestCases/Linux/shmctl.cc
@@ -0,0 +1,27 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1
+// Regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=250
+#include <stdio.h>
+#include <sys/ipc.h>
+#include <sys/shm.h>
+#include <assert.h>
+
+int main() {
+ int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT);
+ assert(id > -1);
+ struct shmid_ds ds;
+ int res = shmctl(id, IPC_STAT, &ds);
+ assert(res > -1);
+ printf("shm_segsz: %zd\n", ds.shm_segsz);
+ assert(ds.shm_segsz == 4096);
+ assert(-1 != shmctl(id, IPC_RMID, 0));
+
+ struct shm_info shmInfo;
+ res = shmctl(0, SHM_INFO, (struct shmid_ds *)&shmInfo);
+ assert(res > -1);
+
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/sized_delete_test.cc b/test/asan/TestCases/Linux/sized_delete_test.cc
new file mode 100644
index 000000000000..823e3c0bf88e
--- /dev/null
+++ b/test/asan/TestCases/Linux/sized_delete_test.cc
@@ -0,0 +1,93 @@
+// RUN: %clangxx_asan -Xclang -fsized-deallocation -O0 %s -o %t
+// RUN: not %run %t scalar 2>&1 | FileCheck %s -check-prefix=SCALAR
+// RUN: ASAN_OPTIONS=new_delete_type_mismatch=1 not %run %t scalar 2>&1 | FileCheck %s -check-prefix=SCALAR
+// RUN: not %run %t array 2>&1 | FileCheck %s -check-prefix=ARRAY
+// RUN: ASAN_OPTIONS=new_delete_type_mismatch=1 not %run %t array 2>&1 | FileCheck %s -check-prefix=ARRAY
+// RUN: ASAN_OPTIONS=new_delete_type_mismatch=0 %run %t scalar
+// RUN: ASAN_OPTIONS=new_delete_type_mismatch=0 %run %t array
+
+// Sized-delete is implemented with a weak delete() definition.
+// Weak symbols are kind of broken on Android.
+// XFAIL: android
+
+#include <new>
+#include <stdio.h>
+#include <string>
+
+inline void break_optimization(void *arg) {
+ __asm__ __volatile__("" : : "r" (arg) : "memory");
+}
+
+struct S12 {
+ int a, b, c;
+};
+
+struct S20 {
+ int a, b, c, d, e;
+};
+
+struct D1 {
+ int a, b, c;
+ ~D1() { fprintf(stderr, "D1::~D1\n"); }
+};
+
+struct D2 {
+ int a, b, c, d, e;
+ ~D2() { fprintf(stderr, "D2::~D2\n"); }
+};
+
+void Del12(S12 *x) {
+ break_optimization(x);
+ delete x;
+}
+void Del12NoThrow(S12 *x) {
+ break_optimization(x);
+ operator delete(x, std::nothrow);
+}
+void Del12Ar(S12 *x) {
+ break_optimization(x);
+ delete [] x;
+}
+void Del12ArNoThrow(S12 *x) {
+ break_optimization(x);
+ operator delete[](x, std::nothrow);
+}
+
+int main(int argc, char **argv) {
+ if (argc != 2) return 1;
+ std::string flag = argv[1];
+ // These are correct.
+ Del12(new S12);
+ Del12NoThrow(new S12);
+ Del12Ar(new S12[100]);
+ Del12ArNoThrow(new S12[100]);
+
+ // Here we pass wrong type of pointer to delete,
+ // but [] and nothrow variants of delete are not sized.
+ Del12Ar(reinterpret_cast<S12*>(new S20[100]));
+ Del12NoThrow(reinterpret_cast<S12*>(new S20));
+ Del12ArNoThrow(reinterpret_cast<S12*>(new S20[100]));
+ fprintf(stderr, "OK SO FAR\n");
+ // SCALAR: OK SO FAR
+ // ARRAY: OK SO FAR
+ if (flag == "scalar") {
+ // Here asan should bark as we are passing a wrong type of pointer
+ // to sized delete.
+ Del12(reinterpret_cast<S12*>(new S20));
+ // SCALAR: AddressSanitizer: new-delete-type-mismatch
+ // SCALAR: object passed to delete has wrong type:
+ // SCALAR: size of the allocated type: 20 bytes;
+ // SCALAR: size of the deallocated type: 12 bytes.
+ // SCALAR: is located 0 bytes inside of 20-byte region
+ // SCALAR: SUMMARY: AddressSanitizer: new-delete-type-mismatch
+ } else if (flag == "array") {
+ D1 *d1 = reinterpret_cast<D1*>(new D2[10]);
+ break_optimization(d1);
+ delete [] d1;
+ // ARRAY-NOT: D2::~D2
+ // ARRAY: D1::~D1
+ // ARRAY: AddressSanitizer: new-delete-type-mismatch
+ // ARRAY: size of the allocated type: 20{{4|8}} bytes;
+ // ARRAY: size of the deallocated type: 12{{4|8}} bytes.
+ }
+}
diff --git a/test/asan/TestCases/Linux/stack-trace-dlclose.cc b/test/asan/TestCases/Linux/stack-trace-dlclose.cc
new file mode 100644
index 000000000000..e494e5661d1d
--- /dev/null
+++ b/test/asan/TestCases/Linux/stack-trace-dlclose.cc
@@ -0,0 +1,45 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -DSHARED %s -shared -o %T/stack_trace_dlclose.so -fPIC
+// RUN: %clangxx_asan -DSO_DIR=\"%T\" %s -o %t
+// RUN: ASAN_OPTIONS=exitcode=0 %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include <sanitizer/common_interface_defs.h>
+
+#ifdef SHARED
+extern "C" {
+void *foo() {
+ return malloc(1);
+}
+}
+#else
+void *handle;
+
+int main(int argc, char **argv) {
+ void *handle = dlopen(SO_DIR "/stack_trace_dlclose.so", RTLD_LAZY);
+ assert(handle);
+ void *(*foo)() = (void *(*)())dlsym(handle, "foo");
+ assert(foo);
+ void *p = foo();
+ assert(p);
+ dlclose(handle);
+
+ free(p);
+ free(p); // double-free
+
+ return 0;
+}
+#endif
+
+// CHECK: {{ #0 0x.* in malloc}}
+// CHECK: {{ #1 0x.* \(<unknown module>\)}}
+// CHECK: {{ #2 0x.* in main}}
diff --git a/test/asan/TestCases/Linux/stress_dtls.c b/test/asan/TestCases/Linux/stress_dtls.c
new file mode 100644
index 000000000000..cb901ee59953
--- /dev/null
+++ b/test/asan/TestCases/Linux/stress_dtls.c
@@ -0,0 +1,116 @@
+// REQUIRES: asan-64-bits
+// Stress test dynamic TLS + dlopen + threads.
+//
+// Note that glibc 2.15 seems utterly broken on this test,
+// it fails with ~17 DSOs dlopen-ed.
+// glibc 2.19 seems fine.
+//
+//
+// RUN: %clangxx_asan -x c -DSO_NAME=f0 %s -shared -o %t-f0.so -fPIC
+// RUN: %clangxx_asan -x c -DSO_NAME=f1 %s -shared -o %t-f1.so -fPIC
+// RUN: %clangxx_asan -x c -DSO_NAME=f2 %s -shared -o %t-f2.so -fPIC
+// RUN: %clangxx_asan %s -ldl -pthread -o %t
+// RUN: %run %t 0 3
+// RUN: %run %t 2 3
+// RUN: ASAN_OPTIONS=verbosity=2 %run %t 10 2 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=verbosity=2:intercept_tls_get_addr=1 %run %t 10 2 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=verbosity=2:intercept_tls_get_addr=0 %run %t 10 2 2>&1 | FileCheck %s --check-prefix=CHECK0
+// CHECK: __tls_get_addr
+// CHECK: Creating thread 0
+// CHECK: __tls_get_addr
+// CHECK: Creating thread 1
+// CHECK: __tls_get_addr
+// CHECK: Creating thread 2
+// CHECK: __tls_get_addr
+// CHECK: Creating thread 3
+// CHECK: __tls_get_addr
+// Make sure that TLS slots don't leak
+// CHECK-NOT: num_live_dtls 5
+//
+// CHECK0-NOT: __tls_get_addr
+/*
+cc=your-compiler
+
+$cc stress_dtls.c -pthread -ldl
+for((i=0;i<100;i++)); do
+ $cc -fPIC -shared -DSO_NAME=f$i -o a.out-f$i.so stress_dtls.c;
+done
+./a.out 2 4 # <<<<<< 2 threads, 4 libs
+./a.out 3 50 # <<<<<< 3 threads, 50 libs
+*/
+#ifndef SO_NAME
+#define _GNU_SOURCE
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <pthread.h>
+#include <stdint.h>
+
+typedef void **(*f_t)();
+
+__thread int my_tls;
+
+#define MAX_N_FUNCTIONS 1000
+f_t Functions[MAX_N_FUNCTIONS];
+
+void *PrintStuff(void *unused) {
+ uintptr_t stack;
+ // fprintf(stderr, "STACK: %p TLS: %p SELF: %p\n", &stack, &my_tls,
+ // (void *)pthread_self());
+ int i;
+ for (i = 0; i < MAX_N_FUNCTIONS; i++) {
+ if (!Functions[i]) break;
+ uintptr_t dtls = (uintptr_t)Functions[i]();
+ fprintf(stderr, " dtls[%03d]: %lx\n", i, dtls);
+ *(long*)dtls = 42; // check that this is writable.
+ }
+ return NULL;
+}
+
+int main(int argc, char *argv[]) {
+ int num_threads = 1;
+ int num_libs = 1;
+ if (argc >= 2)
+ num_threads = atoi(argv[1]);
+ if (argc >= 3)
+ num_libs = atoi(argv[2]);
+ assert(num_libs <= MAX_N_FUNCTIONS);
+
+ int lib;
+ for (lib = 0; lib < num_libs; lib++) {
+ char buf[4096];
+ snprintf(buf, sizeof(buf), "%s-f%d.so", argv[0], lib);
+ void *handle = dlopen(buf, RTLD_LAZY);
+ if (!handle) {
+ fprintf(stderr, "%s\n", dlerror());
+ exit(1);
+ }
+ snprintf(buf, sizeof(buf), "f%d", lib);
+ Functions[lib] = (f_t)dlsym(handle, buf);
+ if (!Functions[lib]) {
+ fprintf(stderr, "%s\n", dlerror());
+ exit(1);
+ }
+ fprintf(stderr, "LIB[%03d] %s: %p\n", lib, buf, Functions[lib]);
+ PrintStuff(0);
+
+ int i;
+ for (i = 0; i < num_threads; i++) {
+ pthread_t t;
+ fprintf(stderr, "Creating thread %d\n", i);
+ pthread_create(&t, 0, PrintStuff, 0);
+ pthread_join(t, 0);
+ }
+ }
+ return 0;
+}
+#else // SO_NAME
+#ifndef DTLS_SIZE
+# define DTLS_SIZE (1 << 17)
+#endif
+__thread void *huge_thread_local_array[DTLS_SIZE];
+void **SO_NAME() {
+ return &huge_thread_local_array[0];
+}
+#endif
diff --git a/test/asan/TestCases/Linux/swapcontext_test.cc b/test/asan/TestCases/Linux/swapcontext_test.cc
new file mode 100644
index 000000000000..86ed5930bcf4
--- /dev/null
+++ b/test/asan/TestCases/Linux/swapcontext_test.cc
@@ -0,0 +1,90 @@
+// Check that ASan plays well with easy cases of makecontext/swapcontext.
+
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1 | FileCheck %s
+//
+// This test is too sublte to try on non-x86 arch for now.
+// REQUIRES: x86_64-supported-target,i386-supported-target
+
+#include <stdio.h>
+#include <ucontext.h>
+#include <unistd.h>
+
+ucontext_t orig_context;
+ucontext_t child_context;
+
+const int kStackSize = 1 << 20;
+
+__attribute__((noinline))
+void Throw() {
+ throw 1;
+}
+
+__attribute__((noinline))
+void ThrowAndCatch() {
+ try {
+ Throw();
+ } catch(int a) {
+ printf("ThrowAndCatch: %d\n", a);
+ }
+}
+
+void Child(int mode) {
+ char x[32] = {0}; // Stack gets poisoned.
+ printf("Child: %p\n", x);
+ ThrowAndCatch(); // Simulate __asan_handle_no_return().
+ // (a) Do nothing, just return to parent function.
+ // (b) Jump into the original function. Stack remains poisoned unless we do
+ // something.
+ if (mode == 1) {
+ if (swapcontext(&child_context, &orig_context) < 0) {
+ perror("swapcontext");
+ _exit(0);
+ }
+ }
+}
+
+int Run(int arg, int mode, char *child_stack) {
+ printf("Child stack: %p\n", child_stack);
+ // Setup child context.
+ getcontext(&child_context);
+ child_context.uc_stack.ss_sp = child_stack;
+ child_context.uc_stack.ss_size = kStackSize / 2;
+ if (mode == 0) {
+ child_context.uc_link = &orig_context;
+ }
+ makecontext(&child_context, (void (*)())Child, 1, mode);
+ if (swapcontext(&orig_context, &child_context) < 0) {
+ perror("swapcontext");
+ return 0;
+ }
+ // Touch childs's stack to make sure it's unpoisoned.
+ for (int i = 0; i < kStackSize; i++) {
+ child_stack[i] = i;
+ }
+ return child_stack[arg];
+}
+
+int main(int argc, char **argv) {
+ char stack[kStackSize + 1];
+ // CHECK: WARNING: ASan doesn't fully support makecontext/swapcontext
+ int ret = 0;
+ ret += Run(argc - 1, 0, stack);
+ printf("Test1 passed\n");
+ // CHECK: Test1 passed
+ ret += Run(argc - 1, 1, stack);
+ printf("Test2 passed\n");
+ // CHECK: Test2 passed
+ char *heap = new char[kStackSize + 1];
+ ret += Run(argc - 1, 0, heap);
+ printf("Test3 passed\n");
+ // CHECK: Test3 passed
+ ret += Run(argc - 1, 1, heap);
+ printf("Test4 passed\n");
+ // CHECK: Test4 passed
+
+ delete [] heap;
+ return ret;
+}
diff --git a/test/asan/TestCases/Linux/syscalls.cc b/test/asan/TestCases/Linux/syscalls.cc
new file mode 100644
index 000000000000..bcdd5bc82119
--- /dev/null
+++ b/test/asan/TestCases/Linux/syscalls.cc
@@ -0,0 +1,25 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <assert.h>
+#include <errno.h>
+#include <glob.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <sanitizer/linux_syscall_hooks.h>
+
+/* Test the presence of __sanitizer_syscall_ in the tool runtime, and general
+ sanity of their behaviour. */
+
+int main(int argc, char *argv[]) {
+ char buf[1000];
+ __sanitizer_syscall_pre_recvmsg(0, buf - 1, 0);
+ // CHECK: AddressSanitizer: stack-buffer-{{.*}}erflow
+ // CHECK: READ of size {{.*}} at {{.*}} thread T0
+ // CHECK: #0 {{.*}} in __sanitizer_syscall{{.*}}recvmsg
+ return 0;
+}
diff --git a/test/asan/TestCases/Linux/uar_signals.cc b/test/asan/TestCases/Linux/uar_signals.cc
new file mode 100644
index 000000000000..f42c3f666554
--- /dev/null
+++ b/test/asan/TestCases/Linux/uar_signals.cc
@@ -0,0 +1,70 @@
+// This test checks that the implementation of use-after-return
+// is async-signal-safe.
+// RUN: %clangxx_asan -O1 %s -o %t -pthread && %run %t
+// REQUIRES: stable-runtime
+#include <signal.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <pthread.h>
+
+int *g;
+int n_signals;
+
+typedef void (*Sigaction)(int, siginfo_t *, void *);
+
+void SignalHandler(int, siginfo_t*, void*) {
+ int local;
+ g = &local;
+ n_signals++;
+ // printf("s: %p\n", &local);
+}
+
+static void EnableSigprof(Sigaction SignalHandler) {
+ struct sigaction sa;
+ sa.sa_sigaction = SignalHandler;
+ sa.sa_flags = SA_RESTART | SA_SIGINFO;
+ sigemptyset(&sa.sa_mask);
+ if (sigaction(SIGPROF, &sa, NULL) != 0) {
+ perror("sigaction");
+ abort();
+ }
+ struct itimerval timer;
+ timer.it_interval.tv_sec = 0;
+ timer.it_interval.tv_usec = 1;
+ timer.it_value = timer.it_interval;
+ if (setitimer(ITIMER_PROF, &timer, 0) != 0) {
+ perror("setitimer");
+ abort();
+ }
+}
+
+void RecursiveFunction(int depth) {
+ if (depth == 0) return;
+ int local;
+ g = &local;
+ // printf("r: %p\n", &local);
+ // printf("[%2d] n_signals: %d\n", depth, n_signals);
+ RecursiveFunction(depth - 1);
+ RecursiveFunction(depth - 1);
+}
+
+void *Thread(void *) {
+ RecursiveFunction(18);
+ return NULL;
+}
+
+int main(int argc, char **argv) {
+ EnableSigprof(SignalHandler);
+
+ for (int i = 0; i < 4; i++) {
+ fprintf(stderr, ".");
+ const int kNumThread = sizeof(void*) == 8 ? 16 : 8;
+ pthread_t t[kNumThread];
+ for (int i = 0; i < kNumThread; i++)
+ pthread_create(&t[i], 0, Thread, 0);
+ for (int i = 0; i < kNumThread; i++)
+ pthread_join(t[i], 0);
+ }
+ fprintf(stderr, "\n");
+}
diff --git a/test/asan/TestCases/Linux/unpoison_tls.cc b/test/asan/TestCases/Linux/unpoison_tls.cc
new file mode 100644
index 000000000000..9c1d74b28e5f
--- /dev/null
+++ b/test/asan/TestCases/Linux/unpoison_tls.cc
@@ -0,0 +1,35 @@
+// Test that TLS is unpoisoned on thread death.
+// REQUIRES: x86_64-supported-target,i386-supported-target
+
+// RUN: %clangxx_asan -O1 %s -pthread -o %t && %run %t 2>&1
+
+#include <assert.h>
+#include <pthread.h>
+#include <stdio.h>
+
+#include <sanitizer/asan_interface.h>
+
+__thread int64_t tls_var[2];
+
+volatile int64_t *p_tls_var;
+
+void *first(void *arg) {
+ ASAN_POISON_MEMORY_REGION(&tls_var, sizeof(tls_var));
+ p_tls_var = tls_var;
+ return 0;
+}
+
+void *second(void *arg) {
+ assert(tls_var == p_tls_var);
+ *p_tls_var = 1;
+ return 0;
+}
+
+int main(int argc, char *argv[]) {
+ pthread_t p;
+ assert(0 == pthread_create(&p, 0, first, 0));
+ assert(0 == pthread_join(p, 0));
+ assert(0 == pthread_create(&p, 0, second, 0));
+ assert(0 == pthread_join(p, 0));
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/allow_user_segv.cc b/test/asan/TestCases/Posix/allow_user_segv.cc
new file mode 100644
index 000000000000..b6443fab85df
--- /dev/null
+++ b/test/asan/TestCases/Posix/allow_user_segv.cc
@@ -0,0 +1,59 @@
+// Regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=180
+
+// RUN: %clangxx_asan -O0 %s -o %t && ASAN_OPTIONS=allow_user_segv_handler=true not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && ASAN_OPTIONS=allow_user_segv_handler=true not %run %t 2>&1 | FileCheck %s
+
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+struct sigaction original_sigaction_sigbus;
+struct sigaction original_sigaction_sigsegv;
+
+void User_OnSIGSEGV(int signum, siginfo_t *siginfo, void *context) {
+ fprintf(stderr, "User sigaction called\n");
+ struct sigaction original_sigaction;
+ if (signum == SIGBUS)
+ original_sigaction = original_sigaction_sigbus;
+ else if (signum == SIGSEGV)
+ original_sigaction = original_sigaction_sigsegv;
+ else {
+ printf("Invalid signum");
+ exit(1);
+ }
+ if (original_sigaction.sa_flags | SA_SIGINFO)
+ original_sigaction.sa_sigaction(signum, siginfo, context);
+ else
+ original_sigaction.sa_handler(signum);
+}
+
+int DoSEGV() {
+ volatile int *x = 0;
+ return *x;
+}
+
+int InstallHandler(int signum, struct sigaction *original_sigaction) {
+ struct sigaction user_sigaction;
+ user_sigaction.sa_sigaction = User_OnSIGSEGV;
+ user_sigaction.sa_flags = SA_SIGINFO;
+ if (sigaction(signum, &user_sigaction, original_sigaction)) {
+ perror("sigaction");
+ return 1;
+ }
+ return 0;
+}
+
+int main() {
+ // Let's install handlers for both SIGSEGV and SIGBUS, since pre-Yosemite
+ // 32-bit Darwin triggers SIGBUS instead.
+ if (InstallHandler(SIGSEGV, &original_sigaction_sigsegv)) return 1;
+ if (InstallHandler(SIGBUS, &original_sigaction_sigbus)) return 1;
+ fprintf(stderr, "User sigaction installed\n");
+ return DoSEGV();
+}
+
+// CHECK: User sigaction installed
+// CHECK-NEXT: User sigaction called
+// CHECK-NEXT: ASAN:SIGSEGV
+// CHECK: AddressSanitizer: SEGV on unknown address
diff --git a/test/asan/TestCases/Posix/asan-symbolize-sanity-test.cc b/test/asan/TestCases/Posix/asan-symbolize-sanity-test.cc
new file mode 100644
index 000000000000..6ed02f4d5374
--- /dev/null
+++ b/test/asan/TestCases/Posix/asan-symbolize-sanity-test.cc
@@ -0,0 +1,63 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// Check that asan_symbolize.py script works (for binaries, ASan RTL and
+// shared object files.
+
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: env ASAN_OPTIONS=symbolize=0 not %run %t 2>&1 | %asan_symbolize | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#if !defined(SHARED_LIB)
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <string>
+
+using std::string;
+
+typedef void (fun_t)(int*, int);
+
+int main(int argc, char *argv[]) {
+ string path = string(argv[0]) + "-so.so";
+ printf("opening %s ... \n", path.c_str());
+ void *lib = dlopen(path.c_str(), RTLD_NOW);
+ if (!lib) {
+ printf("error in dlopen(): %s\n", dlerror());
+ return 1;
+ }
+ fun_t *inc2 = (fun_t*)dlsym(lib, "inc2");
+ if (!inc2) return 1;
+ printf("ok\n");
+ int *array = (int*)malloc(40);
+ inc2(array, 1);
+ inc2(array, -1); // BOOM
+ // CHECK: ERROR: AddressSanitizer: heap-buffer-overflow
+ // CHECK: READ of size 4 at 0x{{.*}}
+ // CHECK: #0 {{.*}} in inc2 {{.*}}asan-symbolize-sanity-test.cc:[[@LINE+21]]
+ // CHECK: #1 {{.*}} in main {{.*}}asan-symbolize-sanity-test.cc:[[@LINE-4]]
+ // CHECK: allocated by thread T{{.*}} here:
+ // CHECK: #{{.*}} in {{(wrap_|__interceptor_)?}}malloc
+ // CHECK: #{{.*}} in main {{.*}}asan-symbolize-sanity-test.cc:[[@LINE-9]]
+ return 0;
+}
+#else // SHARED_LIBS
+#include <stdio.h>
+#include <string.h>
+
+int pad[10];
+int GLOB[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+extern "C"
+void inc(int index) {
+ GLOB[index]++;
+}
+
+extern "C"
+void inc2(int *a, int index) {
+ a[index]++;
+}
+#endif // SHARED_LIBS
diff --git a/test/asan/TestCases/Posix/asprintf.cc b/test/asan/TestCases/Posix/asprintf.cc
new file mode 100644
index 000000000000..6946e5013d2c
--- /dev/null
+++ b/test/asan/TestCases/Posix/asprintf.cc
@@ -0,0 +1,20 @@
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+ char *p;
+ int res = asprintf(&p, "%d", argc);
+ fprintf(stderr, "x%d %sx\n", res, p);
+ // CHECK: x1 1x
+ free(p);
+ fprintf(stderr, "DONE\n");
+ // CHECK: DONE
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/assign_large_valloc_to_global.cc b/test/asan/TestCases/Posix/assign_large_valloc_to_global.cc
new file mode 100644
index 000000000000..ad547ce0ce1b
--- /dev/null
+++ b/test/asan/TestCases/Posix/assign_large_valloc_to_global.cc
@@ -0,0 +1,9 @@
+// Make sure we don't report a leak nor hang.
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t
+#include <stdlib.h>
+#include <unistd.h>
+#if !defined(__APPLE__) && !defined(__FreeBSD__)
+# include <malloc.h>
+#endif // !__APPLE__ && !__FreeBSD__
+int *p = (int*)valloc(1 << 20);
+int main() { }
diff --git a/test/asan/TestCases/Posix/glob.cc b/test/asan/TestCases/Posix/glob.cc
new file mode 100644
index 000000000000..e0eeb33cca24
--- /dev/null
+++ b/test/asan/TestCases/Posix/glob.cc
@@ -0,0 +1,33 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t %p 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t %p 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+
+#include <assert.h>
+#include <glob.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <string>
+
+
+int main(int argc, char *argv[]) {
+ std::string path = argv[1];
+ std::string pattern = path + "/glob_test_root/*a";
+ printf("pattern: %s\n", pattern.c_str());
+
+ glob_t globbuf;
+ int res = glob(pattern.c_str(), 0, 0, &globbuf);
+
+ printf("%d %s\n", errno, strerror(errno));
+ assert(res == 0);
+ assert(globbuf.gl_pathc == 2);
+ printf("%zu\n", strlen(globbuf.gl_pathv[0]));
+ printf("%zu\n", strlen(globbuf.gl_pathv[1]));
+ globfree(&globbuf);
+ printf("PASS\n");
+ // CHECK: PASS
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/glob_test_root/aa b/test/asan/TestCases/Posix/glob_test_root/aa
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/test/asan/TestCases/Posix/glob_test_root/aa
diff --git a/test/asan/TestCases/Posix/glob_test_root/ab b/test/asan/TestCases/Posix/glob_test_root/ab
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/test/asan/TestCases/Posix/glob_test_root/ab
diff --git a/test/asan/TestCases/Posix/glob_test_root/ba b/test/asan/TestCases/Posix/glob_test_root/ba
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/test/asan/TestCases/Posix/glob_test_root/ba
diff --git a/test/asan/TestCases/Posix/init-order-dlopen.cc b/test/asan/TestCases/Posix/init-order-dlopen.cc
new file mode 100644
index 000000000000..6f204775eb4e
--- /dev/null
+++ b/test/asan/TestCases/Posix/init-order-dlopen.cc
@@ -0,0 +1,72 @@
+// Regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=178
+
+// Assume we're on Darwin and try to pass -U to the linker. If this flag is
+// unsupported, don't use it.
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s \
+// RUN: -fPIC -shared -o %t-so.so -Wl,-U,_inc_global || \
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s \
+// RUN: -fPIC -shared -o %t-so.so
+// If the linker doesn't support --export-dynamic (which is ELF-specific),
+// try to link without that option.
+// FIXME: find a better solution.
+// RUN: %clangxx_asan -O0 %s -pthread -o %t -Wl,--export-dynamic || \
+// RUN: %clangxx_asan -O0 %s -pthread -o %t
+// RUN: ASAN_OPTIONS=strict_init_order=true %run %t 2>&1 | FileCheck %s
+#if !defined(SHARED_LIB)
+#include <dlfcn.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include <string>
+
+using std::string;
+
+int foo() {
+ return 42;
+}
+int global = foo();
+
+__attribute__((visibility("default")))
+extern "C"
+void inc_global() {
+ global++;
+}
+
+void *global_poller(void *arg) {
+ while (true) {
+ if (global != 42)
+ break;
+ usleep(100);
+ }
+ return 0;
+}
+
+int main(int argc, char *argv[]) {
+ pthread_t p;
+ pthread_create(&p, 0, global_poller, 0);
+ string path = string(argv[0]) + "-so.so";
+ if (0 == dlopen(path.c_str(), RTLD_NOW)) {
+ fprintf(stderr, "dlerror: %s\n", dlerror());
+ return 1;
+ }
+ pthread_join(p, 0);
+ printf("PASSED\n");
+ // CHECK: PASSED
+ return 0;
+}
+#else // SHARED_LIB
+#include <stdio.h>
+#include <unistd.h>
+
+extern "C" void inc_global();
+
+int slow_init() {
+ sleep(1);
+ inc_global();
+ return 42;
+}
+
+int slowly_init_glob = slow_init();
+#endif // SHARED_LIB
diff --git a/test/asan/TestCases/Posix/ioctl.cc b/test/asan/TestCases/Posix/ioctl.cc
new file mode 100644
index 000000000000..78f152fe93fe
--- /dev/null
+++ b/test/asan/TestCases/Posix/ioctl.cc
@@ -0,0 +1,24 @@
+// RUN: %clangxx_asan -O0 -g %s -o %t && ASAN_OPTIONS=handle_ioctl=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 -g %s -o %t && ASAN_OPTIONS=handle_ioctl=1 not %run %t 2>&1 | FileCheck %s
+
+// RUN: %clangxx_asan -O0 -g %s -o %t && %run %t
+// RUN: %clangxx_asan -O3 -g %s -o %t && %run %t
+
+#include <assert.h>
+#include <stdlib.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+ int fd = socket(AF_INET, SOCK_DGRAM, 0);
+
+ int nonblock;
+ int res = ioctl(fd, FIONBIO, &nonblock + 1);
+ // CHECK: AddressSanitizer: stack-buffer-overflow
+ // CHECK: READ of size 4 at
+ // CHECK: {{#.* in main .*ioctl.cc:}}[[@LINE-3]]
+ assert(res == 0);
+ close(fd);
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/large_allocator_unpoisons_on_free.cc b/test/asan/TestCases/Posix/large_allocator_unpoisons_on_free.cc
new file mode 100644
index 000000000000..0a4998049cb0
--- /dev/null
+++ b/test/asan/TestCases/Posix/large_allocator_unpoisons_on_free.cc
@@ -0,0 +1,39 @@
+// Test that LargeAllocator unpoisons memory before releasing it to the OS.
+// RUN: %clangxx_asan %s -o %t
+// The memory is released only when the deallocated chunk leaves the quarantine,
+// otherwise the mmap(p, ...) call overwrites the malloc header.
+// RUN: ASAN_OPTIONS=quarantine_size=1 %run %t
+
+#include <assert.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#ifdef __ANDROID__
+#include <malloc.h>
+void *my_memalign(size_t boundary, size_t size) {
+ return memalign(boundary, size);
+}
+#else
+void *my_memalign(size_t boundary, size_t size) {
+ void *p;
+ posix_memalign(&p, boundary, size);
+ return p;
+}
+#endif
+
+int main() {
+ const long kPageSize = sysconf(_SC_PAGESIZE);
+ void *p = my_memalign(kPageSize, 1024 * 1024);
+ free(p);
+
+ char *q = (char *)mmap(p, kPageSize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0);
+ assert(q == p);
+
+ memset(q, 42, kPageSize);
+
+ munmap(q, kPageSize);
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/lit.local.cfg b/test/asan/TestCases/Posix/lit.local.cfg
new file mode 100644
index 000000000000..60a9460820a6
--- /dev/null
+++ b/test/asan/TestCases/Posix/lit.local.cfg
@@ -0,0 +1,9 @@
+def getRoot(config):
+ if not config.parent:
+ return config
+ return getRoot(config.parent)
+
+root = getRoot(config)
+
+if root.host_os in ['Windows']:
+ config.unsupported = True
diff --git a/test/asan/TestCases/Posix/new_array_cookie_test.cc b/test/asan/TestCases/Posix/new_array_cookie_test.cc
new file mode 100644
index 000000000000..85d51f361835
--- /dev/null
+++ b/test/asan/TestCases/Posix/new_array_cookie_test.cc
@@ -0,0 +1,24 @@
+// REQUIRES: asan-64-bits
+// RUN: %clangxx_asan -O3 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=poison_array_cookie=1 not %run %t 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=poison_array_cookie=0 not %run %t 2>&1 | FileCheck %s --check-prefix=NO_COOKIE
+#include <stdio.h>
+#include <stdlib.h>
+struct C {
+ int x;
+ ~C() {
+ fprintf(stderr, "ZZZZZZZZ\n");
+ exit(1);
+ }
+};
+
+int main(int argc, char **argv) {
+ C *buffer = new C[argc];
+ buffer[-2].x = 10;
+// CHECK: AddressSanitizer: heap-buffer-overflow
+// CHECK: in main {{.*}}new_array_cookie_test.cc:[[@LINE-2]]
+// CHECK: is located 0 bytes inside of 12-byte region
+// NO_COOKIE: ZZZZZZZZ
+ delete [] buffer;
+}
diff --git a/test/asan/TestCases/Posix/new_array_cookie_uaf_test.cc b/test/asan/TestCases/Posix/new_array_cookie_uaf_test.cc
new file mode 100644
index 000000000000..c35ccebb8c79
--- /dev/null
+++ b/test/asan/TestCases/Posix/new_array_cookie_uaf_test.cc
@@ -0,0 +1,38 @@
+// REQUIRES: asan-64-bits
+// RUN: %clangxx_asan -O3 %s -o %t
+// RUN: ASAN_OPTIONS=poison_array_cookie=1 not %run %t 2>&1 | FileCheck %s --check-prefix=COOKIE
+// RUN: ASAN_OPTIONS=poison_array_cookie=0 not %run %t 2>&1 | FileCheck %s --check-prefix=NO_COOKIE
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+int dtor_counter;
+struct C {
+ int x;
+ ~C() {
+ dtor_counter++;
+ fprintf(stderr, "DTOR %d\n", dtor_counter);
+ }
+};
+
+__attribute__((noinline)) void Delete(C *c) { delete[] c; }
+__attribute__((no_sanitize_address)) void Write42ToCookie(C *c) {
+ long *p = reinterpret_cast<long*>(c);
+ p[-1] = 42;
+}
+
+int main(int argc, char **argv) {
+ C *buffer = new C[argc];
+ delete [] buffer;
+ Write42ToCookie(buffer);
+ delete [] buffer;
+// COOKIE: DTOR 1
+// COOKIE-NOT: DTOR 2
+// COOKIE: AddressSanitizer: loaded array cookie from free-d memory
+// COOKIE: AddressSanitizer: attempting double-free
+// NO_COOKIE: DTOR 1
+// NO_COOKIE: DTOR 43
+// NO_COOKIE-NOT: DTOR 44
+// NO_COOKIE-NOT: AddressSanitizer: loaded array cookie from free-d memory
+// NO_COOKIE: AddressSanitizer: attempting double-free
+
+}
diff --git a/test/asan/TestCases/Posix/new_array_cookie_with_new_from_class.cc b/test/asan/TestCases/Posix/new_array_cookie_with_new_from_class.cc
new file mode 100644
index 000000000000..1cea6f68adb2
--- /dev/null
+++ b/test/asan/TestCases/Posix/new_array_cookie_with_new_from_class.cc
@@ -0,0 +1,38 @@
+// Test that we do not poison the array cookie if the operator new is defined
+// inside the class.
+// RUN: %clangxx_asan %s -o %t && %run %t
+//
+// XFAIL: android
+// XFAIL: armv7l-unknown-linux-gnueabihf
+#include <new>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <assert.h>
+struct Foo {
+ void *operator new(size_t s) { return Allocate(s); }
+ void *operator new[] (size_t s) { return Allocate(s); }
+ ~Foo();
+ static void *allocated;
+ static void *Allocate(size_t s) {
+ assert(!allocated);
+ return allocated = ::new char[s];
+ }
+};
+
+Foo::~Foo() {}
+void *Foo::allocated;
+
+Foo *getFoo(size_t n) {
+ return new Foo[n];
+}
+
+int main() {
+ Foo *foo = getFoo(10);
+ fprintf(stderr, "foo : %p\n", foo);
+ fprintf(stderr, "alloc: %p\n", Foo::allocated);
+ assert(reinterpret_cast<uintptr_t>(foo) ==
+ reinterpret_cast<uintptr_t>(Foo::allocated) + sizeof(void*));
+ *reinterpret_cast<uintptr_t*>(Foo::allocated) = 42;
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/readv.cc b/test/asan/TestCases/Posix/readv.cc
new file mode 100644
index 000000000000..27436a1ad3d9
--- /dev/null
+++ b/test/asan/TestCases/Posix/readv.cc
@@ -0,0 +1,32 @@
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t
+// RUN: %clangxx_asan -O0 %s -DPOSITIVE -o %t && not %run %t 2>&1 | FileCheck %s
+
+// Test the readv() interceptor.
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/uio.h>
+#include <time.h>
+
+int main() {
+ char buf[2011];
+ struct iovec iov[2];
+#ifdef POSITIVE
+ char * volatile buf_ = buf;
+ iov[0].iov_base = buf_ - 1;
+#else
+ iov[0].iov_base = buf + 1;
+#endif
+ iov[0].iov_len = 5;
+ iov[1].iov_base = buf + 10;
+ iov[1].iov_len = 2000;
+ int fd = open("/etc/hosts", O_RDONLY);
+ assert(fd > 0);
+ readv(fd, iov, 2);
+ // CHECK: WRITE of size 5 at
+ close(fd);
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/shared-lib-test.cc b/test/asan/TestCases/Posix/shared-lib-test.cc
new file mode 100644
index 000000000000..a0827b5fefbf
--- /dev/null
+++ b/test/asan/TestCases/Posix/shared-lib-test.cc
@@ -0,0 +1,57 @@
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+
+#if !defined(SHARED_LIB)
+#include <dlfcn.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <string>
+
+using std::string;
+
+typedef void (fun_t)(int x);
+
+int main(int argc, char *argv[]) {
+ string path = string(argv[0]) + "-so.so";
+ printf("opening %s ... \n", path.c_str());
+ void *lib = dlopen(path.c_str(), RTLD_NOW);
+ if (!lib) {
+ printf("error in dlopen(): %s\n", dlerror());
+ return 1;
+ }
+ fun_t *inc = (fun_t*)dlsym(lib, "inc");
+ if (!inc) return 1;
+ printf("ok\n");
+ inc(1);
+ inc(-1); // BOOM
+ // CHECK: {{.*ERROR: AddressSanitizer: global-buffer-overflow}}
+ // CHECK: {{READ of size 4 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.*}}
+ // CHECK: {{ #1 0x.* in main .*shared-lib-test.cc:}}[[@LINE-4]]
+ return 0;
+}
+#else // SHARED_LIB
+#include <stdio.h>
+#include <string.h>
+
+int pad[10];
+int GLOB[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+extern "C"
+void inc(int index) {
+ GLOB[index]++;
+}
+
+extern "C"
+void inc2(int *a, int index) {
+ a[index]++;
+}
+#endif // SHARED_LIB
diff --git a/test/asan/TestCases/Posix/start-deactivated.cc b/test/asan/TestCases/Posix/start-deactivated.cc
new file mode 100644
index 000000000000..d60677a8a5bb
--- /dev/null
+++ b/test/asan/TestCases/Posix/start-deactivated.cc
@@ -0,0 +1,69 @@
+// Test for ASAN_OPTIONS=start_deactivated=1 mode.
+// Main executable is uninstrumented, but linked to ASan runtime. The shared
+// library is instrumented. Memory errors before dlopen are not detected.
+
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx -O0 %s -c -o %t.o
+// RUN: %clangxx_asan -O0 %t.o -o %t
+// RUN: ASAN_OPTIONS=start_deactivated=1 not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#if !defined(SHARED_LIB)
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <string>
+
+#include "sanitizer/asan_interface.h"
+
+void test_malloc_shadow() {
+ char *p = (char *)malloc(100);
+ char *q = (char *)__asan_region_is_poisoned(p + 95, 8);
+ fprintf(stderr, "=%zd=\n", q ? q - (p + 95) : -1);
+ free(p);
+}
+
+typedef void (*Fn)();
+
+int main(int argc, char *argv[]) {
+ test_malloc_shadow();
+ // CHECK: =-1=
+
+ std::string path = std::string(argv[0]) + "-so.so";
+ void *dso = dlopen(path.c_str(), RTLD_NOW);
+ if (!dso) {
+ fprintf(stderr, "dlopen failed: %s\n", dlerror());
+ return 1;
+ }
+
+ test_malloc_shadow();
+ // CHECK: =5=
+
+ void *fn = dlsym(dso, "do_another_bad_thing");
+ if (!fn) {
+ fprintf(stderr, "dlsym failed: %s\n", dlerror());
+ return 1;
+ }
+
+ ((Fn)fn)();
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ // CHECK: READ of size 1
+ // CHECK: {{#0 .* in do_another_bad_thing}}
+ // CHECK: is located 5 bytes to the right of 100-byte region
+ // CHECK: in do_another_bad_thing
+
+ return 0;
+}
+#else // SHARED_LIB
+#include <stdio.h>
+#include <stdlib.h>
+
+extern "C" void do_another_bad_thing() {
+ char *volatile p = (char *)malloc(100);
+ printf("%hhx\n", p[105]);
+}
+#endif // SHARED_LIB
diff --git a/test/asan/TestCases/Posix/strerror_r_test.cc b/test/asan/TestCases/Posix/strerror_r_test.cc
new file mode 100644
index 000000000000..e6df441770df
--- /dev/null
+++ b/test/asan/TestCases/Posix/strerror_r_test.cc
@@ -0,0 +1,14 @@
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t
+
+// Regression test for PR17138.
+
+#include <assert.h>
+#include <string.h>
+#include <stdio.h>
+
+int main() {
+ char buf[1024];
+ char *res = (char *)strerror_r(300, buf, sizeof(buf));
+ printf("%p\n", res);
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/tsd_dtor_leak.cc b/test/asan/TestCases/Posix/tsd_dtor_leak.cc
new file mode 100644
index 000000000000..32253afc8b25
--- /dev/null
+++ b/test/asan/TestCases/Posix/tsd_dtor_leak.cc
@@ -0,0 +1,39 @@
+// Regression test for a leak in tsd:
+// https://code.google.com/p/address-sanitizer/issues/detail?id=233
+// RUN: %clangxx_asan -O1 %s -pthread -o %t
+// RUN: ASAN_OPTIONS=quarantine_size=1 %run %t
+#include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sanitizer/allocator_interface.h>
+
+static pthread_key_t tsd_key;
+
+void *Thread(void *) {
+ pthread_setspecific(tsd_key, malloc(10));
+ return 0;
+}
+
+static volatile void *v;
+
+void Dtor(void *tsd) {
+ v = malloc(10000);
+ free(tsd);
+ free((void*)v); // The bug was that this was leaking.
+}
+
+int main() {
+ assert(0 == pthread_key_create(&tsd_key, Dtor));
+ size_t old_heap_size = 0;
+ for (int i = 0; i < 10; i++) {
+ pthread_t t;
+ pthread_create(&t, 0, Thread, 0);
+ pthread_join(t, 0);
+ size_t new_heap_size = __sanitizer_get_heap_size();
+ fprintf(stderr, "heap size: new: %zd old: %zd\n", new_heap_size, old_heap_size);
+ if (old_heap_size)
+ assert(old_heap_size == new_heap_size);
+ old_heap_size = new_heap_size;
+ }
+}
diff --git a/test/asan/TestCases/Posix/wait.cc b/test/asan/TestCases/Posix/wait.cc
new file mode 100644
index 000000000000..99d0212acfab
--- /dev/null
+++ b/test/asan/TestCases/Posix/wait.cc
@@ -0,0 +1,45 @@
+// RUN: %clangxx_asan -DWAIT -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -DWAIT -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// RUN: %clangxx_asan -DWAITPID -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -DWAITPID -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// RUN: %clangxx_asan -DWAIT3 -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -DWAIT3 -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// RUN: %clangxx_asan -DWAIT3_RUSAGE -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -DWAIT3_RUSAGE -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+
+#include <assert.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+ pid_t pid = fork();
+ if (pid) { // parent
+ int x[3];
+ int *status = x + argc * 3;
+ int res;
+#if defined(WAIT)
+ res = wait(status);
+#elif defined(WAITPID)
+ res = waitpid(pid, status, WNOHANG);
+#elif defined(WAIT3)
+ res = wait3(status, WNOHANG, NULL);
+#elif defined(WAIT3_RUSAGE)
+ struct rusage *ru = (struct rusage*)(x + argc * 3);
+ int good_status;
+ res = wait3(&good_status, WNOHANG, ru);
+#endif
+ // CHECK: stack-buffer-overflow
+ // CHECK: {{WRITE of size .* at 0x.* thread T0}}
+ // CHECK: {{in .*wait}}
+ // CHECK: {{in main .*wait.cc:}}
+ // CHECK: is located in stack of thread T0 at offset
+ // CHECK: {{in main}}
+ return res == -1 ? 1 : 0;
+ }
+ // child
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/wait4.cc b/test/asan/TestCases/Posix/wait4.cc
new file mode 100644
index 000000000000..b95246efa0e4
--- /dev/null
+++ b/test/asan/TestCases/Posix/wait4.cc
@@ -0,0 +1,43 @@
+// RUN: %clangxx_asan -DWAIT4 -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -DWAIT4 -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// RUN: %clangxx_asan -DWAIT4_RUSAGE -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -DWAIT4_RUSAGE -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// XFAIL: android
+
+#include <assert.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+ // This test passes on some versions of Android NDK and fails on other.
+ // https://code.google.com/p/memory-sanitizer/issues/detail?id=64
+ // Make it fail unconditionally on Android.
+#ifdef __ANDROID__
+ return 0;
+#endif
+
+ pid_t pid = fork();
+ if (pid) { // parent
+ int x[3];
+ int *status = x + argc * 3;
+ int res;
+#if defined(WAIT4)
+ res = wait4(pid, status, WNOHANG, NULL);
+#elif defined(WAIT4_RUSAGE)
+ struct rusage *ru = (struct rusage*)(x + argc * 3);
+ int good_status;
+ res = wait4(pid, &good_status, WNOHANG, ru);
+#endif
+ // CHECK: stack-buffer-overflow
+ // CHECK: {{WRITE of size .* at 0x.* thread T0}}
+ // CHECK: {{in .*wait}}
+ // CHECK: {{in main .*wait4.cc:}}
+ // CHECK: is located in stack of thread T0 at offset
+ // CHECK: {{in main}}
+ return res == -1 ? 1 : 0;
+ }
+ // child
+ return 0;
+}
diff --git a/test/asan/TestCases/Posix/waitid.cc b/test/asan/TestCases/Posix/waitid.cc
new file mode 100644
index 000000000000..8b516dca9086
--- /dev/null
+++ b/test/asan/TestCases/Posix/waitid.cc
@@ -0,0 +1,28 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <assert.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <signal.h>
+
+int main(int argc, char **argv) {
+ pid_t pid = fork();
+ if (pid) { // parent
+ int x[3];
+ int *status = x + argc * 3;
+ int res;
+
+ siginfo_t *si = (siginfo_t*)(x + argc * 3);
+ res = waitid(P_ALL, 0, si, WEXITED | WNOHANG);
+ // CHECK: stack-buffer-overflow
+ // CHECK: {{WRITE of size .* at 0x.* thread T0}}
+ // CHECK: {{in .*waitid}}
+ // CHECK: {{in main .*waitid.cc:}}
+ // CHECK: is located in stack of thread T0 at offset
+ // CHECK: {{in main}}
+ return res != -1;
+ }
+ // child
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/aligned_mallocs.cc b/test/asan/TestCases/Windows/aligned_mallocs.cc
new file mode 100644
index 000000000000..df740b64e51c
--- /dev/null
+++ b/test/asan/TestCases/Windows/aligned_mallocs.cc
@@ -0,0 +1,29 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+#include <windows.h>
+
+#define CHECK_ALIGNED(ptr,alignment) \
+ do { \
+ if (((uintptr_t)(ptr) % (alignment)) != 0) \
+ return __LINE__; \
+ } \
+ while(0)
+
+int main(void) {
+ int *p = (int*)_aligned_malloc(1024 * sizeof(int), 32);
+ CHECK_ALIGNED(p, 32);
+ p[512] = 0;
+ _aligned_free(p);
+
+ p = (int*)_aligned_malloc(128, 128);
+ CHECK_ALIGNED(p, 128);
+ p = (int*)_aligned_realloc(p, 2048 * sizeof(int), 128);
+ CHECK_ALIGNED(p, 128);
+ p[1024] = 0;
+ if (_aligned_msize(p, 128, 0) != 2048 * sizeof(int))
+ return __LINE__;
+ _aligned_free(p);
+
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/allocators_sanity.cc b/test/asan/TestCases/Windows/allocators_sanity.cc
new file mode 100644
index 000000000000..66a862d7aca5
--- /dev/null
+++ b/test/asan/TestCases/Windows/allocators_sanity.cc
@@ -0,0 +1,37 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t | FileCheck %s
+
+#include <malloc.h>
+#include <stdio.h>
+
+int main() {
+ int *p = (int*)malloc(1024 * sizeof(int));
+ p[512] = 0;
+ free(p);
+
+ p = (int*)malloc(128);
+ p = (int*)realloc(p, 2048 * sizeof(int));
+ p[1024] = 0;
+ free(p);
+
+ p = (int*)calloc(16, sizeof(int));
+ if (p[8] != 0)
+ return 1;
+ p[15]++;
+ if (16 * sizeof(int) != _msize(p))
+ return 2;
+ free(p);
+
+ p = new int;
+ *p = 42;
+ delete p;
+
+ p = new int[42];
+ p[15]++;
+ delete [] p;
+
+ printf("All ok\n");
+// CHECK: All ok
+
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/beginthreadex.cc b/test/asan/TestCases/Windows/beginthreadex.cc
new file mode 100644
index 000000000000..f2b2b4511ad8
--- /dev/null
+++ b/test/asan/TestCases/Windows/beginthreadex.cc
@@ -0,0 +1,21 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+#include <windows.h>
+#include <process.h>
+
+unsigned WINAPI thread_proc(void *) {
+ volatile char stack_buffer[42];
+ for (int i = 0; i < sizeof(stack_buffer); ++i)
+ stack_buffer[i] = 42;
+ return 0;
+}
+
+int main() {
+ HANDLE thr = (HANDLE)_beginthreadex(NULL, 0, thread_proc, NULL, 0, NULL);
+ if (thr == 0)
+ return 1;
+ if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE))
+ return 2;
+ CloseHandle(thr);
+}
diff --git a/test/asan/TestCases/Windows/bitfield.cc b/test/asan/TestCases/Windows/bitfield.cc
new file mode 100644
index 000000000000..253a759b98df
--- /dev/null
+++ b/test/asan/TestCases/Windows/bitfield.cc
@@ -0,0 +1,21 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+#include <windows.h>
+
+typedef struct _S {
+ unsigned int bf1:1;
+ unsigned int bf2:2;
+ unsigned int bf3:3;
+ unsigned int bf4:4;
+} S;
+
+int main(void) {
+ S *s = (S*)malloc(sizeof(S));
+ s->bf1 = 1;
+ s->bf2 = 2;
+ s->bf3 = 3;
+ s->bf4 = 4;
+ free(s);
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/bitfield_uaf.cc b/test/asan/TestCases/Windows/bitfield_uaf.cc
new file mode 100644
index 000000000000..f49d671e3eb3
--- /dev/null
+++ b/test/asan/TestCases/Windows/bitfield_uaf.cc
@@ -0,0 +1,34 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+typedef struct _S {
+ unsigned int bf1:1;
+ unsigned int bf2:2;
+ unsigned int bf3:3;
+ unsigned int bf4:4;
+} S;
+
+void make_access(S *s) {
+ s->bf2 = 2;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: READ of size {{[124]}} at [[ADDR]]
+// CHECK: {{#0 .* make_access .*bitfield_uaf.cc}}:[[@LINE-3]]
+// CHECK: {{#1 .* main}}
+}
+
+int main(void) {
+ S *s = (S*)malloc(sizeof(S));
+ free(s);
+// CHECK: [[ADDR]] is located 0 bytes inside of 4-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// CHECK: {{#0 .* free }}
+// CHECK: {{#1 .* main .*bitfield_uaf.cc}}:[[@LINE-4]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// CHECK: {{#0 .* malloc }}
+// CHECK: {{#1 .* main .*bitfield_uaf.cc}}:[[@LINE-8]]
+ make_access(s);
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/calloc_left_oob.cc b/test/asan/TestCases/Windows/calloc_left_oob.cc
new file mode 100644
index 000000000000..459025bde92c
--- /dev/null
+++ b/test/asan/TestCases/Windows/calloc_left_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *buffer = (int*)calloc(42, sizeof(int));
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*calloc_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 4 bytes to the left of 168-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* calloc }}
+// CHECK-NEXT: {{#1 .* main .*calloc_left_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/calloc_right_oob.cc b/test/asan/TestCases/Windows/calloc_right_oob.cc
new file mode 100644
index 000000000000..c976b87d9707
--- /dev/null
+++ b/test/asan/TestCases/Windows/calloc_right_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *buffer = (int*)calloc(42, sizeof(int));
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*calloc_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 168-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* calloc }}
+// CHECK-NEXT: {{#1 .* main .*calloc_right_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/calloc_uaf.cc b/test/asan/TestCases/Windows/calloc_uaf.cc
new file mode 100644
index 000000000000..db5e70741b72
--- /dev/null
+++ b/test/asan/TestCases/Windows/calloc_uaf.cc
@@ -0,0 +1,20 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *buffer = (int*)calloc(42, sizeof(int));
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*calloc_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 168-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*calloc_uaf.cc}}:[[@LINE-8]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* calloc }}
+// CHECK-NEXT: {{#1 .* main .*calloc_uaf.cc}}:[[@LINE-12]]
+}
diff --git a/test/asan/TestCases/Windows/crt_initializers.cc b/test/asan/TestCases/Windows/crt_initializers.cc
new file mode 100644
index 000000000000..084f8a45e18a
--- /dev/null
+++ b/test/asan/TestCases/Windows/crt_initializers.cc
@@ -0,0 +1,31 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t | FileCheck %s
+
+// This is a test for http://code.google.com/p/address-sanitizer/issues/detail?id=305
+
+#include <stdio.h>
+
+typedef void (*FPTR)();
+
+// __xi_a and __xi_z are defined in VC/crt/src/crt0dat.c
+// and are located in .CRT$XIA and .CRT$XIZ respectively.
+extern "C" FPTR __xi_a, __xi_z;
+
+int main() {
+ unsigned count = 0;
+
+ // Iterate through CRT initializers.
+ for (FPTR* it = &__xi_a; it < &__xi_z; ++it) {
+ if (*it)
+ count++;
+ }
+
+ printf("Number of nonzero CRT initializers: %u\n", count);
+// CHECK: Number of nonzero CRT initializers
+}
+
+void call_me_maybe() {}
+
+#pragma data_seg(".CRT$XIB")
+// Add an initializer that shouldn't get its own redzone.
+FPTR run_on_startup = call_me_maybe;
diff --git a/test/asan/TestCases/Windows/demangled_names.cc b/test/asan/TestCases/Windows/demangled_names.cc
new file mode 100644
index 000000000000..a528555b1e16
--- /dev/null
+++ b/test/asan/TestCases/Windows/demangled_names.cc
@@ -0,0 +1,50 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+// This test makes sure ASan symbolizes stack traces the way they are typically
+// symbolized on Windows.
+#include <malloc.h>
+
+namespace foo {
+// A template function in a namespace.
+template<int x>
+void bar(char *p) {
+ *p = x;
+}
+
+// A regular function in a namespace.
+void spam(char *p) {
+ bar<42>(p);
+}
+}
+
+// A multi-argument template with a bool template parameter.
+template<typename T, bool U>
+void baz(T t) {
+ if (U)
+ foo::spam(t);
+}
+
+template<typename T>
+struct A {
+ A(T v) { v_ = v; }
+ ~A();
+ char *v_;
+};
+
+// A destructor of a template class.
+template<>
+A<char*>::~A() {
+ baz<char*, true>(v_);
+}
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ free(buffer);
+ A<char*> a(buffer);
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: foo::bar<42> {{.*}}demangled_names.cc
+// CHECK: foo::spam {{.*}}demangled_names.cc
+// CHECK: baz<char *,1> {{.*}}demangled_names.cc
+// CHECK: A<char *>::~A<char *> {{.*}}demangled_names.cc
+}
diff --git a/test/asan/TestCases/Windows/dll_aligned_mallocs.cc b/test/asan/TestCases/Windows/dll_aligned_mallocs.cc
new file mode 100644
index 000000000000..8b2c4d6dd957
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_aligned_mallocs.cc
@@ -0,0 +1,34 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: %run %t %t.dll | FileCheck %s
+
+#include <malloc.h>
+#include <stdio.h>
+
+#define CHECK_ALIGNED(ptr,alignment) \
+ do { \
+ if (((uintptr_t)(ptr) % (alignment)) != 0) \
+ return __LINE__; \
+ } \
+ while(0)
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ int *p = (int*)_aligned_malloc(1024 * sizeof(int), 32);
+ CHECK_ALIGNED(p, 32);
+ p[512] = 0;
+ _aligned_free(p);
+
+ p = (int*)_aligned_malloc(128, 128);
+ CHECK_ALIGNED(p, 128);
+ p = (int*)_aligned_realloc(p, 2048 * sizeof(int), 128);
+ CHECK_ALIGNED(p, 128);
+ p[1024] = 0;
+ if (_aligned_msize(p, 128, 0) != 2048 * sizeof(int))
+ return __LINE__;
+ _aligned_free(p);
+
+ printf("All ok\n");
+// CHECK: All ok
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_allocators_sanity.cc b/test/asan/TestCases/Windows/dll_allocators_sanity.cc
new file mode 100644
index 000000000000..1d31f37ca904
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_allocators_sanity.cc
@@ -0,0 +1,39 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: %run %t %t.dll | FileCheck %s
+
+#include <malloc.h>
+#include <stdio.h>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ int *p = (int*)malloc(1024 * sizeof(int));
+ p[512] = 0;
+ free(p);
+
+ p = (int*)malloc(128);
+ p = (int*)realloc(p, 2048 * sizeof(int));
+ p[1024] = 0;
+ free(p);
+
+ p = (int*)calloc(16, sizeof(int));
+ if (p[8] != 0)
+ return 1;
+ p[15]++;
+ if (16 * sizeof(int) != _msize(p))
+ return 2;
+ free(p);
+
+ p = new int;
+ *p = 42;
+ delete p;
+
+ p = new int[42];
+ p[15]++;
+ delete [] p;
+
+ printf("All ok\n");
+// CHECK: All ok
+
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_and_lib.cc b/test/asan/TestCases/Windows/dll_and_lib.cc
new file mode 100644
index 000000000000..bddaa32df73b
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_and_lib.cc
@@ -0,0 +1,19 @@
+// Just make sure we can link an implib into another DLL
+// This used to fail between r212699 and r212814.
+// RUN: %clang_cl_asan -DCONFIG=1 %s -c -Fo%t.1.obj
+// RUN: link /nologo /DLL /OUT:%t.1.dll %t.1.obj %asan_dll_thunk
+// RUN: %clang_cl_asan -DCONFIG=2 %s -c -Fo%t.2.obj
+// RUN: link /nologo /DLL /OUT:%t.2.dll %t.2.obj %t.1.lib %asan_dll_thunk
+// REQUIRES: asan-static-runtime
+
+#if CONFIG==1
+extern "C" __declspec(dllexport) int f1() {
+ int x = 0;
+ return 1;
+}
+#else
+extern "C" __declspec(dllexport) int f2() {
+ int x = 0;
+ return 2;
+}
+#endif
diff --git a/test/asan/TestCases/Windows/dll_cerr.cc b/test/asan/TestCases/Windows/dll_cerr.cc
new file mode 100644
index 000000000000..8f1a699ba801
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_cerr.cc
@@ -0,0 +1,23 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: %run %t %t.dll 2>&1 | FileCheck %s
+
+// Test that it works correctly even with ICF enabled.
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll -link /OPT:REF /OPT:ICF
+// RUN: %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <iostream>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ // Just make sure we can use cout.
+ std::cout << "All ok\n";
+// CHECK: All ok
+
+ // This line forces a declaration of some global basic_ostream internal object that
+ // calls memcpy() in its constructor. This doesn't work if __asan_init is not
+ // called early enough.
+ std::cout << 42;
+// CHECK: 42
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_host.cc b/test/asan/TestCases/Windows/dll_host.cc
new file mode 100644
index 000000000000..d3b4c149d009
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_host.cc
@@ -0,0 +1,49 @@
+// This is a host program for DLL tests.
+//
+// Just make sure we can compile this.
+// The actual compile&run sequence is to be done by the DLL tests.
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+//
+// Get the list of ASan wrappers exported by the main module RTL:
+// RUN: dumpbin /EXPORTS %t | grep -o "__asan_wrap[^ ]*" | grep -v @ | sort | uniq > %t.exported_wrappers
+//
+// Get the list of ASan wrappers imported by the DLL RTL:
+// RUN: grep INTERCEPT_LIBRARY_FUNCTION %p/../../../../lib/asan/asan_win_dll_thunk.cc | grep -v define | sed "s/.*(\(.*\)).*/__asan_wrap_\1/" | sort | uniq > %t.dll_imports
+//
+// Now make sure the DLL thunk imports everything:
+// RUN: echo
+// RUN: echo "=== NOTE === If you see a mismatch below, please update asan_win_dll_thunk.cc"
+// RUN: diff %t.dll_imports %t.exported_wrappers
+// REQUIRES: asan-static-runtime
+
+#include <stdio.h>
+#include <windows.h>
+
+int main(int argc, char **argv) {
+ if (argc != 2) {
+ printf("Usage: %s [client].dll\n", argv[0]);
+ return 101;
+ }
+
+ const char *dll_name = argv[1];
+
+ HMODULE h = LoadLibrary(dll_name);
+ if (!h) {
+ printf("Could not load DLL: %s (code: %lu)!\n",
+ dll_name, GetLastError());
+ return 102;
+ }
+
+ typedef int (*test_function)();
+ test_function gf = (test_function)GetProcAddress(h, "test_function");
+ if (!gf) {
+ printf("Could not locate test_function in the DLL!\n");
+ FreeLibrary(h);
+ return 103;
+ }
+
+ int ret = gf();
+
+ FreeLibrary(h);
+ return ret;
+}
diff --git a/test/asan/TestCases/Windows/dll_intercept_memchr.cc b/test/asan/TestCases/Windows/dll_intercept_memchr.cc
new file mode 100644
index 000000000000..1435bdc50127
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_intercept_memchr.cc
@@ -0,0 +1,21 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <string.h>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char buff[6] = "Hello";
+
+ memchr(buff, 'z', 7);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: READ of size 7 at [[ADDR]] thread T0
+// CHECK-NEXT: __asan_wrap_memchr
+// CHECK-NEXT: memchr
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memchr.cc:[[@LINE-5]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memchr.cc
+// CHECK: 'buff' <== Memory access at offset {{.*}} overflows this variable
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_intercept_memcpy.cc b/test/asan/TestCases/Windows/dll_intercept_memcpy.cc
new file mode 100644
index 000000000000..736e6969d521
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_intercept_memcpy.cc
@@ -0,0 +1,32 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+// Test that it works correctly even with ICF enabled.
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll -link /OPT:REF /OPT:ICF
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char buff1[6] = "Hello", buff2[5];
+
+ memcpy(buff2, buff1, 5);
+ if (buff1[2] != buff2[2])
+ return 2;
+ printf("Initial test OK\n");
+ fflush(0);
+// CHECK: Initial test OK
+
+ memcpy(buff2, buff1, 6);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 6 at [[ADDR]] thread T0
+// CHECK-NEXT: __asan_{{.*}}memcpy
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy.cc:[[@LINE-4]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy.cc
+// CHECK: 'buff2' <== Memory access at offset {{.*}} overflows this variable
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_intercept_memcpy_indirect.cc b/test/asan/TestCases/Windows/dll_intercept_memcpy_indirect.cc
new file mode 100644
index 000000000000..c5f44df3faaf
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_intercept_memcpy_indirect.cc
@@ -0,0 +1,34 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+void call_memcpy(void* (*f)(void *, const void *, size_t),
+ void *a, const void *b, size_t c) {
+ f(a, b, c);
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char buff1[6] = "Hello", buff2[5];
+
+ call_memcpy(&memcpy, buff2, buff1, 5);
+ if (buff1[2] != buff2[2])
+ return 2;
+ printf("Initial test OK\n");
+ fflush(0);
+// CHECK: Initial test OK
+
+ call_memcpy(&memcpy, buff2, buff1, 6);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 6 at [[ADDR]] thread T0
+// CHECK-NEXT: __asan_{{.*}}memcpy
+// CHECK-NEXT: call_memcpy
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy_indirect.cc:[[@LINE-5]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy_indirect.cc
+// CHECK: 'buff2' <== Memory access at offset {{.*}} overflows this variable
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_intercept_memset.cc b/test/asan/TestCases/Windows/dll_intercept_memset.cc
new file mode 100644
index 000000000000..d4be376f2458
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_intercept_memset.cc
@@ -0,0 +1,32 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+// Test that it works correctly even with ICF enabled.
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll -link /OPT:REF /OPT:ICF
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char buff[5] = "aaaa";
+
+ memset(buff, 'b', 5);
+ if (buff[2] != 'b')
+ return 2;
+ printf("Initial test OK\n");
+ fflush(0);
+// CHECK: Initial test OK
+
+ memset(buff, 'c', 6);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 6 at [[ADDR]] thread T0
+// CHECK-NEXT: __asan_memset
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memset.cc:[[@LINE-4]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: test_function {{.*}}dll_intercept_memset.cc
+// CHECK: 'buff' <== Memory access at offset {{.*}} overflows this variable
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_intercept_strlen.cc b/test/asan/TestCases/Windows/dll_intercept_strlen.cc
new file mode 100644
index 000000000000..f41d47858bee
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_intercept_strlen.cc
@@ -0,0 +1,28 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char str[] = "Hello!";
+ if (6 != strlen(str))
+ return 1;
+ printf("Initial test OK\n");
+ fflush(0);
+// CHECK: Initial test OK
+
+ str[6] = '!'; // Removes '\0' at the end!
+ int len = strlen(str);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// FIXME: Should be READ of size 1, see issue 155.
+// CHECK: READ of size {{[0-9]+}} at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .*}}strlen
+// CHECK-NEXT: {{#1 .* test_function .*}}dll_intercept_strlen.cc:[[@LINE-5]]
+//
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: test_function {{.*}}dll_intercept_strlen.cc:
+ return len > 42;
+}
diff --git a/test/asan/TestCases/Windows/dll_large_function.cc b/test/asan/TestCases/Windows/dll_large_function.cc
new file mode 100644
index 000000000000..039d01f84ba5
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_large_function.cc
@@ -0,0 +1,12 @@
+// Make sure we can link a DLL with large functions which would mean
+// functions such as __asan_loadN and __asan_storeN will be called
+// from the DLL. We simulate the large function with
+// -mllvm -asan-instrumentation-with-call-threshold=0.
+// RUN: %clang_cl_asan %s -c -Fo%t.obj -mllvm -asan-instrumentation-with-call-threshold=0
+// RUN: link /nologo /DLL /OUT:%t.dll %t.obj %asan_dll_thunk
+// REQUIRES: asan-static-runtime
+
+void f(long* foo, long* bar) {
+ // One load and one store
+ *foo = *bar;
+}
diff --git a/test/asan/TestCases/Windows/dll_malloc_left_oob.cc b/test/asan/TestCases/Windows/dll_malloc_left_oob.cc
new file mode 100644
index 000000000000..0653ea45f6ef
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_malloc_left_oob.cc
@@ -0,0 +1,23 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <malloc.h>
+extern "C" __declspec(dllexport)
+int test_function() {
+ char *buffer = (char*)malloc(42);
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-3]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+//
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK-LABEL: allocated by thread T0 here:
+// CHECK-NEXT: malloc
+// CHECK-NEXT: test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-10]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+// CHECK-LABEL: SUMMARY
+ free(buffer);
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_malloc_uaf.cc b/test/asan/TestCases/Windows/dll_malloc_uaf.cc
new file mode 100644
index 000000000000..b286380ac445
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_malloc_uaf.cc
@@ -0,0 +1,28 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ int *buffer = (int*)malloc(42);
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-3]]
+// CHECK-NEXT: main {{.*}}dll_host
+//
+// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// CHECK-NEXT: free
+// CHECK-NEXT: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-10]]
+// CHECK-NEXT: main {{.*}}dll_host
+//
+// CHECK-LABEL: previously allocated by thread T0 here:
+// CHECK-NEXT: malloc
+// CHECK-NEXT: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-16]]
+// CHECK-NEXT: main {{.*}}dll_host
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_noreturn.cc b/test/asan/TestCases/Windows/dll_noreturn.cc
new file mode 100644
index 000000000000..6ec90725145f
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_noreturn.cc
@@ -0,0 +1,28 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <process.h>
+
+void noreturn_f() {
+ int subscript = -1;
+ char buffer[42];
+ buffer[subscript] = 42;
+ _exit(1);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: noreturn_f {{.*}}dll_noreturn.cc:[[@LINE-4]]
+// CHECK-NEXT: test_function {{.*}}dll_noreturn.cc
+// CHECK-NEXT: main {{.*}}dll_host.cc
+//
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: noreturn_f {{.*}}dll_noreturn.cc
+// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] underflows this variable
+// CHECK-LABEL: SUMMARY
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ noreturn_f();
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_null_deref.cc b/test/asan/TestCases/Windows/dll_null_deref.cc
new file mode 100644
index 000000000000..0fb18de29163
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_null_deref.cc
@@ -0,0 +1,18 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+__attribute__((noinline))
+static void NullDeref(int *ptr) {
+ // CHECK: ERROR: AddressSanitizer: access-violation on unknown address
+ // CHECK: {{0x0*000.. .*pc 0x.*}}
+ ptr[10]++; // BOOM
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ NullDeref((int*)0);
+ // CHECK: {{ #1 0x.* in test_function .*\dll_null_deref.cc:}}[[@LINE-1]]
+ // CHECK: AddressSanitizer can not provide additional info.
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc b/test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc
new file mode 100644
index 000000000000..736ce80cc32a
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc
@@ -0,0 +1,25 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char *buffer = new char[42];
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_left_oob.cc:[[@LINE-3]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+//
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK-LABEL: allocated by thread T0 here:
+// FIXME: Should get rid of the malloc/free frames called from the inside of
+// operator new/delete in DLLs when using -MT CRT.
+// FIXME: The 'operator new' frame should have [].
+// CHECK: operator new
+// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_left_oob.cc:[[@LINE-13]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+// CHECK-LABEL: SUMMARY
+ delete [] buffer;
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc b/test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc
new file mode 100644
index 000000000000..8306a737bfff
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc
@@ -0,0 +1,33 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+struct C {
+ int x;
+ ~C() {}
+};
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ C *buffer = new C[42];
+ buffer[-2].x = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_with_dtor_left_oob.cc:[[@LINE-3]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+//
+// FIXME: Currently it says "4 bytes ... left of 172-byte region",
+// should be "8 bytes ... left of 168-byte region", see
+// https://code.google.com/p/address-sanitizer/issues/detail?id=314
+// CHECK: [[ADDR]] is located {{.*}} bytes to the left of 172-byte region
+// FIXME: Should get rid of the malloc/free frames called from the inside of
+// operator new/delete in DLLs when using -MT CRT.
+// FIXME: The operator new frame should have [].
+// CHECK-LABEL: allocated by thread T0 here:
+// CHECK: operator new
+// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_with_dtor_left_oob.cc:[[@LINE-16]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+// CHECK-LABEL: SUMMARY
+ delete [] buffer;
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_poison_unpoison.cc b/test/asan/TestCases/Windows/dll_poison_unpoison.cc
new file mode 100644
index 000000000000..d486cb122251
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_poison_unpoison.cc
@@ -0,0 +1,35 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <sanitizer/asan_interface.h>
+
+void should_not_crash(volatile char *c) {
+ *c = 42;
+}
+
+void should_crash(volatile char *c) {
+ *c = 42;
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char buffer[256];
+ should_not_crash(&buffer[0]);
+ __asan_poison_memory_region(buffer, 128);
+ should_not_crash(&buffer[192]);
+ __asan_unpoison_memory_region(buffer, 64);
+ should_not_crash(&buffer[32]);
+
+ should_crash(&buffer[96]);
+// CHECK: AddressSanitizer: use-after-poison on address [[ADDR:0x[0-9a-f]+]]
+// CHECK-NEXT: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: should_crash {{.*}}\dll_poison_unpoison.cc
+// CHECK-NEXT: test_function {{.*}}\dll_poison_unpoison.cc:[[@LINE-4]]
+// CHECK-NEXT: main
+//
+// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: test_function {{.*}}\dll_poison_unpoison.cc
+// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] is inside this variable
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_seh.cc b/test/asan/TestCases/Windows/dll_seh.cc
new file mode 100644
index 000000000000..6e4c724e504d
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_seh.cc
@@ -0,0 +1,60 @@
+// Clang doesn't support SEH on Windows yet, so for the time being we
+// build this program in two parts: the code with SEH is built with CL,
+// the rest is built with Clang. This represents the typical scenario when we
+// build a large project using "clang-cl -fallback -fsanitize=address".
+//
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+//
+// Check both -GS and -GS- builds:
+// RUN: cl -LD -c %s -Fo%t.obj
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll %t.obj
+// RUN: %run %t %t.dll
+//
+// RUN: cl -LD -GS- -c %s -Fo%t.obj
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll %t.obj
+// RUN: %run %t %t.dll
+
+#include <windows.h>
+#include <assert.h>
+#include <stdio.h>
+
+// Should just "#include <sanitizer/asan_interface.h>" when C++ exceptions are
+// supported and we don't need to use CL.
+extern "C" bool __asan_address_is_poisoned(void *p);
+
+void ThrowAndCatch();
+
+#if !defined(__clang__)
+__declspec(noinline)
+void Throw() {
+ int local, zero = 0;
+ fprintf(stderr, "Throw: %p\n", &local);
+ local = 5 / zero;
+}
+
+__declspec(noinline)
+void ThrowAndCatch() {
+ int local;
+ __try {
+ Throw();
+ } __except(EXCEPTION_EXECUTE_HANDLER) {
+ fprintf(stderr, "__except: %p\n", &local);
+ }
+}
+#else
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ char x[32];
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ ThrowAndCatch();
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ assert(!__asan_address_is_poisoned(x + 32));
+ return 0;
+}
+#endif
diff --git a/test/asan/TestCases/Windows/dll_stack_use_after_return.cc b/test/asan/TestCases/Windows/dll_stack_use_after_return.cc
new file mode 100644
index 000000000000..6cd74c265b8f
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_stack_use_after_return.cc
@@ -0,0 +1,28 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: env ASAN_OPTIONS=detect_stack_use_after_return=1 not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+char *x;
+
+void foo() {
+ char stack_buffer[42];
+ x = &stack_buffer[13];
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ foo();
+ *x = 42;
+// CHECK: AddressSanitizer: stack-use-after-return
+// CHECK: WRITE of size 1 at [[ADDR:.*]] thread T0
+// CHECK-NEXT: test_function {{.*}}dll_stack_use_after_return.cc:[[@LINE-3]]
+// CHECK-NEXT: main
+//
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: #0 {{.*}} foo {{.*}}dll_stack_use_after_return.cc
+// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] is inside this variable
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc b/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc
new file mode 100644
index 000000000000..8f53623419ce
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc
@@ -0,0 +1,36 @@
+// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll
+// RUN: not %run %t %t.dll 2>&1 | FileCheck %s
+
+#include <windows.h>
+#include <malloc.h>
+
+DWORD WINAPI thread_proc(void *context) {
+ int subscript = -1;
+ char stack_buffer[42];
+ stack_buffer[subscript] = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T1
+// CHECK-NEXT: thread_proc {{.*}}dll_thread_stack_array_left_oob.cc:[[@LINE-3]]
+//
+// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: thread_proc {{.*}}dll_thread_stack_array_left_oob.cc
+//
+// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] underflows this variable
+
+ return 0;
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+ HANDLE thr = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL);
+// CHECK-LABEL: Thread T1 created by T0 here:
+// CHECK: test_function {{.*}}dll_thread_stack_array_left_oob.cc:[[@LINE-2]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
+// CHECK-LABEL: SUMMARY
+ if (thr == 0)
+ return 1;
+ if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE))
+ return 2;
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/double_free.cc b/test/asan/TestCases/Windows/double_free.cc
new file mode 100644
index 000000000000..18a9fcb44a75
--- /dev/null
+++ b/test/asan/TestCases/Windows/double_free.cc
@@ -0,0 +1,21 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *x = (int*)malloc(42 * sizeof(int));
+ free(x);
+ free(x);
+// CHECK: AddressSanitizer: attempting double-free on [[ADDR:0x[0-9a-f]+]]
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*double_free.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 168-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*double_free.cc}}:[[@LINE-8]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*double_free.cc}}:[[@LINE-12]]
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/double_operator_delete.cc b/test/asan/TestCases/Windows/double_operator_delete.cc
new file mode 100644
index 000000000000..eae4a64c2b92
--- /dev/null
+++ b/test/asan/TestCases/Windows/double_operator_delete.cc
@@ -0,0 +1,25 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *x = new int[42];
+ delete [] x;
+ delete [] x;
+// CHECK: AddressSanitizer: attempting double-free on [[ADDR:0x[0-9a-f]+]]
+// FIXME: The 'operator delete' frame should have [].
+// CHECK-NEXT: {{#0 .* operator delete}}
+// CHECK-NEXT: {{#1 .* main .*double_operator_delete.cc}}:[[@LINE-4]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 168-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// FIXME: The 'operator delete' frame should have [].
+// CHECK-NEXT: {{#0 .* operator delete}}
+// CHECK-NEXT: {{#1 .* main .*double_operator_delete.cc}}:[[@LINE-10]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// FIXME: The 'operator new' frame should have [].
+// CHECK-NEXT: {{#0 .* operator new}}
+// CHECK-NEXT: {{#1 .* main .*double_operator_delete.cc}}:[[@LINE-15]]
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/global_const_string.cc b/test/asan/TestCases/Windows/global_const_string.cc
new file mode 100644
index 000000000000..8c147c917c88
--- /dev/null
+++ b/test/asan/TestCases/Windows/global_const_string.cc
@@ -0,0 +1,12 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t | FileCheck %s
+
+#include <windows.h>
+#include <stdio.h>
+
+int main(void) {
+ static const char *foo = "foobarspam";
+ printf("Global string is `%s`\n", foo);
+// CHECK: Global string is `foobarspam`
+ return 0;
+}
diff --git a/test/asan/TestCases/Windows/global_const_string_oob.cc b/test/asan/TestCases/Windows/global_const_string_oob.cc
new file mode 100644
index 000000000000..b39e3dbb3b4e
--- /dev/null
+++ b/test/asan/TestCases/Windows/global_const_string_oob.cc
@@ -0,0 +1,20 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+#include <stdio.h>
+
+extern "C" const char *foo = "foobarspam";
+
+int main(void) {
+ if (foo[16])
+ printf("Boo\n");
+// CHECK-NOT: Boo
+// CHECK: AddressSanitizer: global-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: READ of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*global_const_string_oob.cc:}}[[@LINE-5]]
+// CHECK: [[ADDR]] is located 5 bytes to the right of global variable [[STR:.*]] defined in {{'.*global_const_string_oob.cc:7:.*' .*}} of size 11
+// CHECK: [[STR]] is ascii string 'foobarspam'
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/hello_world.cc b/test/asan/TestCases/Windows/hello_world.cc
new file mode 100644
index 000000000000..400ca1b3eacc
--- /dev/null
+++ b/test/asan/TestCases/Windows/hello_world.cc
@@ -0,0 +1,9 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t | FileCheck %s
+
+#include <stdio.h>
+
+int main() {
+ printf("Hello, world!\n");
+// CHECK: Hello, world!
+}
diff --git a/test/asan/TestCases/Windows/intercept_memcpy.cc b/test/asan/TestCases/Windows/intercept_memcpy.cc
new file mode 100644
index 000000000000..9ee984b1873d
--- /dev/null
+++ b/test/asan/TestCases/Windows/intercept_memcpy.cc
@@ -0,0 +1,31 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+void call_memcpy(void* (*f)(void *, const void *, size_t),
+ void *a, const void *b, size_t c) {
+ f(a, b, c);
+}
+
+int main() {
+ char buff1[6] = "Hello", buff2[5];
+
+ call_memcpy(&memcpy, buff2, buff1, 5);
+ if (buff1[2] != buff2[2])
+ return 2;
+ printf("Initial test OK\n");
+ fflush(0);
+// CHECK: Initial test OK
+
+ call_memcpy(&memcpy, buff2, buff1, 6);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 6 at [[ADDR]] thread T0
+// CHECK-NEXT: __asan_{{.*}}memcpy
+// CHECK-NEXT: call_memcpy
+// CHECK-NEXT: main {{.*}}intercept_memcpy.cc:[[@LINE-5]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: #0 {{.*}} main
+// CHECK: 'buff2' <== Memory access at offset {{.*}} overflows this variable
+}
diff --git a/test/asan/TestCases/Windows/intercept_strdup.cc b/test/asan/TestCases/Windows/intercept_strdup.cc
new file mode 100644
index 000000000000..edb1f2f99245
--- /dev/null
+++ b/test/asan/TestCases/Windows/intercept_strdup.cc
@@ -0,0 +1,27 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+#include <malloc.h>
+
+int main() {
+ char *ptr = _strdup("Hello");
+ int subscript = 1;
+ ptr[subscript] = '3';
+ printf("%s\n", ptr);
+ fflush(0);
+// CHECK: H3llo
+
+ subscript = -1;
+ ptr[subscript] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK: {{#0 .* main .*}}intercept_strdup.cc:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 1 bytes to the left of 6-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK: {{#0 .* malloc }}
+// CHECK: {{#1 .*strdup}}
+// CHECK: {{#2 .* main .*}}intercept_strdup.cc:[[@LINE-16]]
+ free(ptr);
+}
diff --git a/test/asan/TestCases/Windows/intercept_strlen.cc b/test/asan/TestCases/Windows/intercept_strlen.cc
new file mode 100644
index 000000000000..928a286bedfa
--- /dev/null
+++ b/test/asan/TestCases/Windows/intercept_strlen.cc
@@ -0,0 +1,27 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+
+int main() {
+ char str[] = "Hello";
+ if (5 != strlen(str))
+ return 1;
+
+ printf("Initial test OK\n");
+ fflush(0);
+// CHECK: Initial test OK
+
+ str[5] = '!'; // Losing '\0' at the end.
+ int len = strlen(str);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// FIXME: Should be READ of size 1, see issue 155.
+// CHECK: READ of size {{[0-9]+}} at [[ADDR]] thread T0
+// CHECK: strlen
+// CHECK-NEXT: main {{.*}}intercept_strlen.cc:[[@LINE-5]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
+// CHECK-NEXT: main {{.*}}intercept_strlen.cc
+// CHECK: 'str' <== Memory access at offset {{.*}} overflows this variable
+ return len < 6;
+}
diff --git a/test/asan/TestCases/Windows/lit.local.cfg b/test/asan/TestCases/Windows/lit.local.cfg
new file mode 100644
index 000000000000..13ef6d428251
--- /dev/null
+++ b/test/asan/TestCases/Windows/lit.local.cfg
@@ -0,0 +1,14 @@
+def getRoot(config):
+ if not config.parent:
+ return config
+ return getRoot(config.parent)
+
+root = getRoot(config)
+
+# We only run a small set of tests on Windows for now.
+# Override the parent directory's "unsupported" decision until we can handle
+# all of its tests.
+if root.host_os in ['Windows']:
+ config.unsupported = False
+else:
+ config.unsupported = True
diff --git a/test/asan/TestCases/Windows/longjmp.cc b/test/asan/TestCases/Windows/longjmp.cc
new file mode 100644
index 000000000000..443933e8ab62
--- /dev/null
+++ b/test/asan/TestCases/Windows/longjmp.cc
@@ -0,0 +1,26 @@
+// RUN: %clangxx_asan -O %s -o %t && %run %t
+
+// FIXME: merge this with the common longjmp test when we can run common
+// tests on Windows.
+
+#include <assert.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <sanitizer/asan_interface.h>
+
+static jmp_buf buf;
+
+int main() {
+ char x[32];
+ fprintf(stderr, "\nTestLongJmp\n");
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ if (0 == setjmp(buf))
+ longjmp(buf, 1);
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ assert(!__asan_address_is_poisoned(x + 32));
+}
diff --git a/test/asan/TestCases/Windows/malloc_left_oob.cc b/test/asan/TestCases/Windows/malloc_left_oob.cc
new file mode 100644
index 000000000000..ec133c393da2
--- /dev/null
+++ b/test/asan/TestCases/Windows/malloc_left_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*malloc_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*malloc_left_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/malloc_right_oob.cc b/test/asan/TestCases/Windows/malloc_right_oob.cc
new file mode 100644
index 000000000000..9975316d3e02
--- /dev/null
+++ b/test/asan/TestCases/Windows/malloc_right_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*malloc_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*malloc_right_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/malloc_uaf.cc b/test/asan/TestCases/Windows/malloc_uaf.cc
new file mode 100644
index 000000000000..f58478947bf4
--- /dev/null
+++ b/test/asan/TestCases/Windows/malloc_uaf.cc
@@ -0,0 +1,20 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*malloc_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*malloc_uaf.cc}}:[[@LINE-8]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*malloc_uaf.cc}}:[[@LINE-12]]
+}
diff --git a/test/asan/TestCases/Windows/null_deref.cc b/test/asan/TestCases/Windows/null_deref.cc
new file mode 100644
index 000000000000..202000f59db7
--- /dev/null
+++ b/test/asan/TestCases/Windows/null_deref.cc
@@ -0,0 +1,15 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// FIXME: merge this with the common null_deref test when we can run common
+// tests on Windows.
+
+__attribute__((noinline))
+static void NullDeref(int *ptr) {
+ // CHECK: ERROR: AddressSanitizer: access-violation on unknown address
+ // CHECK: {{0x0*000.. .*pc 0x.*}}
+ ptr[10]++; // BOOM
+}
+int main() {
+ NullDeref((int*)0);
+ // CHECK: {{ #1 0x.* in main.*null_deref.cc:}}[[@LINE-1]]
+ // CHECK: AddressSanitizer can not provide additional info.
+}
diff --git a/test/asan/TestCases/Windows/null_deref_multiple_dlls.cc b/test/asan/TestCases/Windows/null_deref_multiple_dlls.cc
new file mode 100644
index 000000000000..62fe544ae545
--- /dev/null
+++ b/test/asan/TestCases/Windows/null_deref_multiple_dlls.cc
@@ -0,0 +1,40 @@
+// Make sure everything works even if the main module doesn't have any stack
+// variables, thus doesn't explicitly reference any symbol exported by the
+// runtime thunk.
+//
+// RUN: %clang_cl_asan -LD -O0 -DDLL1 %s -Fe%t1.dll
+// RUN: %clang_cl_asan -LD -O0 -DDLL2 %s -Fe%t2.dll
+// RUN: %clang_cl_asan -O0 -DEXE %s %t1.lib %t2.lib -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+#include <string.h>
+
+extern "C" {
+#if defined(EXE)
+__declspec(dllimport) void foo1();
+__declspec(dllimport) void foo2();
+
+int main() {
+ foo1();
+ foo2();
+}
+#elif defined(DLL1)
+__declspec(dllexport) void foo1() {}
+#elif defined(DLL2)
+__attribute__((noinline))
+static void NullDeref(int *ptr) {
+ // CHECK: ERROR: AddressSanitizer: access-violation on unknown address
+ // CHECK: {{0x0*000.. .*pc 0x.*}}
+ ptr[10]++; // BOOM
+}
+
+__declspec(dllexport) void foo2() {
+ NullDeref((int*)0);
+ // CHECK: {{ #1 0x.* in foo2.*null_deref_multiple_dlls.cc:}}[[@LINE-1]]
+ // CHECK: AddressSanitizer can not provide additional info.
+}
+#else
+# error oops!
+#endif
+}
diff --git a/test/asan/TestCases/Windows/operator_array_new_left_oob.cc b/test/asan/TestCases/Windows/operator_array_new_left_oob.cc
new file mode 100644
index 000000000000..20a0f1927e5b
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_array_new_left_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+int main() {
+ char *buffer = new char[42];
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*operator_array_new_left_oob.cc}}:[[@LINE-3]]
+//
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK-LABEL: allocated by thread T0 here:
+// FIXME: The 'operator new' frame should have [].
+// CHECK-NEXT: {{#0 .* operator new}}
+// CHECK-NEXT: {{#1 .* main .*operator_array_new_left_oob.cc}}:[[@LINE-10]]
+ delete [] buffer;
+}
diff --git a/test/asan/TestCases/Windows/operator_array_new_right_oob.cc b/test/asan/TestCases/Windows/operator_array_new_right_oob.cc
new file mode 100644
index 000000000000..23775ef6066e
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_array_new_right_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+int main() {
+ char *buffer = new char[42];
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK: {{#0 .* main .*operator_array_new_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 42-byte region
+// CHECK: allocated by thread T0 here:
+// FIXME: The 'operator new' frame should have [].
+// CHECK: {{#0 .* operator new}}
+// CHECK: {{#1 .* main .*operator_array_new_right_oob.cc}}:[[@LINE-9]]
+ delete [] buffer;
+}
diff --git a/test/asan/TestCases/Windows/operator_array_new_uaf.cc b/test/asan/TestCases/Windows/operator_array_new_uaf.cc
new file mode 100644
index 000000000000..b638ef1df415
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_array_new_uaf.cc
@@ -0,0 +1,24 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+int main() {
+ char *buffer = new char[42];
+ delete [] buffer;
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK: {{#0 .* main .*operator_array_new_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// FIXME: The 'operator delete' frame should have [].
+// CHECK: {{#0 .* operator delete}}
+// CHECK: {{#1 .* main .*operator_array_new_uaf.cc}}:[[@LINE-9]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// FIXME: The 'operator new' frame should have [].
+// CHECK: {{#0 .* operator new}}
+// CHECK: {{#1 .* main .*operator_array_new_uaf.cc}}:[[@LINE-14]]
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc b/test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc
new file mode 100644
index 000000000000..63f2929bd89b
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc
@@ -0,0 +1,25 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+struct C {
+ int x;
+ ~C() {}
+};
+
+int main() {
+ C *buffer = new C[42];
+ buffer[-2].x = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*operator_array_new_with_dtor_left_oob.cc}}:[[@LINE-3]]
+//
+// FIXME: Currently it says "4 bytes ... left of 172-byte region",
+// should be "8 bytes ... left of 168-byte region", see
+// https://code.google.com/p/address-sanitizer/issues/detail?id=314
+// CHECK: [[ADDR]] is located {{.*}} bytes to the left of 172-byte region
+// CHECK-LABEL: allocated by thread T0 here:
+// FIXME: The 'operator new' frame should have [].
+// CHECK-NEXT: {{#0 .* operator new}}
+// CHECK-NEXT: {{#1 .* main .*operator_array_new_with_dtor_left_oob.cc}}:[[@LINE-13]]
+ delete [] buffer;
+}
diff --git a/test/asan/TestCases/Windows/operator_delete_wrong_argument.cc b/test/asan/TestCases/Windows/operator_delete_wrong_argument.cc
new file mode 100644
index 000000000000..c3e7daca55b0
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_delete_wrong_argument.cc
@@ -0,0 +1,12 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+int main() {
+ int *x = new int[42];
+ delete (x + 1);
+// CHECK: AddressSanitizer: attempting free on address which was not malloc()-ed
+// CHECK: {{#0 0x.* operator delete }}
+// CHECK: {{#1 .* main .*operator_delete_wrong_argument.cc}}:[[@LINE-3]]
+}
diff --git a/test/asan/TestCases/Windows/operator_new_left_oob.cc b/test/asan/TestCases/Windows/operator_new_left_oob.cc
new file mode 100644
index 000000000000..c077f11d68f9
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_new_left_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+int main() {
+ char *buffer = new char;
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK: {{#0 .* main .*operator_new_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 1 bytes to the left of 1-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK: {{#0 .* operator new }}
+// CHECK: {{#1 .* main .*operator_new_left_oob.cc}}:[[@LINE-8]]
+ delete buffer;
+}
diff --git a/test/asan/TestCases/Windows/operator_new_right_oob.cc b/test/asan/TestCases/Windows/operator_new_right_oob.cc
new file mode 100644
index 000000000000..7a66d1714b97
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_new_right_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+int main() {
+ char *buffer = new char;
+ buffer[1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK: {{#0 .* main .*operator_new_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 1-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK: {{#0 .* operator new }}
+// CHECK: {{#1 .* main .*operator_new_right_oob.cc}}:[[@LINE-8]]
+ delete buffer;
+}
diff --git a/test/asan/TestCases/Windows/operator_new_uaf.cc b/test/asan/TestCases/Windows/operator_new_uaf.cc
new file mode 100644
index 000000000000..c435458f0c1c
--- /dev/null
+++ b/test/asan/TestCases/Windows/operator_new_uaf.cc
@@ -0,0 +1,22 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+int main() {
+ char *buffer = new char;
+ delete buffer;
+ *buffer = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK: {{#0 .* main .*operator_new_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 1-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// CHECK: {{#0 .* operator delete }}
+// CHECK: {{#1 .* main .*operator_new_uaf.cc}}:[[@LINE-8]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// CHECK: {{#0 .* operator new }}
+// CHECK: {{#1 .* main .*operator_new_uaf.cc}}:[[@LINE-12]]
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/realloc_left_oob.cc b/test/asan/TestCases/Windows/realloc_left_oob.cc
new file mode 100644
index 000000000000..7d30e1d5c4ad
--- /dev/null
+++ b/test/asan/TestCases/Windows/realloc_left_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 42);
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*realloc_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*realloc_left_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/realloc_right_oob.cc b/test/asan/TestCases/Windows/realloc_right_oob.cc
new file mode 100644
index 000000000000..f741390bd4e9
--- /dev/null
+++ b/test/asan/TestCases/Windows/realloc_right_oob.cc
@@ -0,0 +1,17 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 42);
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*realloc_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*realloc_right_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/realloc_uaf.cc b/test/asan/TestCases/Windows/realloc_uaf.cc
new file mode 100644
index 000000000000..c5b6953cf76a
--- /dev/null
+++ b/test/asan/TestCases/Windows/realloc_uaf.cc
@@ -0,0 +1,20 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 42);
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*realloc_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*realloc_uaf.cc}}:[[@LINE-8]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*realloc_uaf.cc}}:[[@LINE-12]]
+}
diff --git a/test/asan/TestCases/Windows/report_after_syminitialize.cc b/test/asan/TestCases/Windows/report_after_syminitialize.cc
new file mode 100644
index 000000000000..faf5e35db5f5
--- /dev/null
+++ b/test/asan/TestCases/Windows/report_after_syminitialize.cc
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+#include <dbghelp.h>
+
+int main() {
+ // Make sure the RTL recovers from "no options enabled" dbghelp setup.
+ SymSetOptions(0);
+
+ // Make sure the RTL recovers from "fInvadeProcess=FALSE".
+ if (!SymInitialize(GetCurrentProcess(), 0, FALSE))
+ return 42;
+
+ *(volatile int*)0 = 42;
+ // CHECK: ERROR: AddressSanitizer: access-violation on unknown address
+ // CHECK-NEXT: {{WARNING: .*DbgHelp}}
+ // CHECK: {{#0 0x.* in main.*report_after_syminitialize.cc:}}[[@LINE-3]]
+ // CHECK: AddressSanitizer can not provide additional info.
+}
diff --git a/test/asan/TestCases/Windows/seh.cc b/test/asan/TestCases/Windows/seh.cc
new file mode 100644
index 000000000000..50cf6ddba8d6
--- /dev/null
+++ b/test/asan/TestCases/Windows/seh.cc
@@ -0,0 +1,56 @@
+// Clang doesn't support SEH on Windows yet, so for the time being we
+// build this program in two parts: the code with SEH is built with CL,
+// the rest is built with Clang. This represents the typical scenario when we
+// build a large project using "clang-cl -fallback -fsanitize=address".
+//
+// Check both -GS and -GS- builds:
+// RUN: cl -c %s -Fo%t.obj
+// RUN: %clangxx_asan -o %t.exe %s %t.obj
+// RUN: %run %t.exe
+//
+// RUN: cl -GS- -c %s -Fo%t.obj
+// RUN: %clangxx_asan -o %t.exe %s %t.obj
+// RUN: %run %t.exe
+
+#include <windows.h>
+#include <assert.h>
+#include <stdio.h>
+
+// Should just "#include <sanitizer/asan_interface.h>" when C++ exceptions are
+// supported and we don't need to use CL.
+extern "C" bool __asan_address_is_poisoned(void *p);
+
+void ThrowAndCatch();
+
+#if !defined(__clang__)
+__declspec(noinline)
+void Throw() {
+ int local, zero = 0;
+ fprintf(stderr, "Throw: %p\n", &local);
+ local = 5 / zero;
+}
+
+__declspec(noinline)
+void ThrowAndCatch() {
+ int local;
+ __try {
+ Throw();
+ } __except(EXCEPTION_EXECUTE_HANDLER) {
+ fprintf(stderr, "__except: %p\n", &local);
+ }
+}
+#else
+
+int main() {
+ char x[32];
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ ThrowAndCatch();
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ assert(!__asan_address_is_poisoned(x + 32));
+}
+#endif
diff --git a/test/asan/TestCases/Windows/stack_array_left_oob.cc b/test/asan/TestCases/Windows/stack_array_left_oob.cc
new file mode 100644
index 000000000000..040d855b48e2
--- /dev/null
+++ b/test/asan/TestCases/Windows/stack_array_left_oob.cc
@@ -0,0 +1,16 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+
+int main() {
+ int subscript = -1;
+ char buffer[42];
+ buffer[subscript] = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*stack_array_left_oob.cc}}:[[@LINE-3]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: {{#0 .* main .*stack_array_left_oob.cc}}
+// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] underflows this variable
+}
diff --git a/test/asan/TestCases/Windows/stack_array_right_oob.cc b/test/asan/TestCases/Windows/stack_array_right_oob.cc
new file mode 100644
index 000000000000..a370246aa072
--- /dev/null
+++ b/test/asan/TestCases/Windows/stack_array_right_oob.cc
@@ -0,0 +1,16 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+
+int main() {
+ int subscript = 42;
+ char buffer[42];
+ buffer[subscript] = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*stack_array_right_oob.cc}}:[[@LINE-3]]
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: {{#0 .* main .*stack_array_right_oob.cc}}
+// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] overflows this variable
+}
diff --git a/test/asan/TestCases/Windows/stack_array_sanity.cc b/test/asan/TestCases/Windows/stack_array_sanity.cc
new file mode 100644
index 000000000000..1aef1a923d24
--- /dev/null
+++ b/test/asan/TestCases/Windows/stack_array_sanity.cc
@@ -0,0 +1,12 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t | FileCheck %s
+
+#include <stdio.h>
+
+int main() {
+ int subscript = 1;
+ char buffer[42];
+ buffer[subscript] = 42;
+ printf("OK\n");
+// CHECK: OK
+}
diff --git a/test/asan/TestCases/Windows/stack_use_after_return.cc b/test/asan/TestCases/Windows/stack_use_after_return.cc
new file mode 100644
index 000000000000..7955f2685308
--- /dev/null
+++ b/test/asan/TestCases/Windows/stack_use_after_return.cc
@@ -0,0 +1,22 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: env ASAN_OPTIONS=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+
+char *x;
+
+void foo() {
+ char stack_buffer[42];
+ x = &stack_buffer[13];
+}
+
+int main() {
+ foo();
+ *x = 42;
+// CHECK: AddressSanitizer: stack-use-after-return
+// CHECK: WRITE of size 1 at {{.*}} thread T0
+// CHECK-NEXT: {{#0 0x.* in main .*stack_use_after_return.cc}}:[[@LINE-3]]
+//
+// CHECK: is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: {{#0 0x.* in foo .*stack_use_after_return.cc}}
+//
+// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] is inside this variable
+}
diff --git a/test/asan/TestCases/Windows/thread_simple.cc b/test/asan/TestCases/Windows/thread_simple.cc
new file mode 100644
index 000000000000..14bb82f042aa
--- /dev/null
+++ b/test/asan/TestCases/Windows/thread_simple.cc
@@ -0,0 +1,26 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+#include <windows.h>
+
+DWORD WINAPI thread_proc(void *) {
+ volatile char stack_buffer[42];
+ for (int i = 0; i < sizeof(stack_buffer); ++i)
+ stack_buffer[i] = 42;
+ return 0x42;
+}
+
+int main() {
+ DWORD exitcode;
+ HANDLE thr = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL);
+ if (thr == 0)
+ return 1;
+ if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE))
+ return 2;
+
+ GetExitCodeThread(thr, &exitcode);
+ if (exitcode != 0x42)
+ return 3;
+ CloseHandle(thr);
+}
+
diff --git a/test/asan/TestCases/Windows/thread_stack_array_left_oob.cc b/test/asan/TestCases/Windows/thread_stack_array_left_oob.cc
new file mode 100644
index 000000000000..17b9b1bf8ecb
--- /dev/null
+++ b/test/asan/TestCases/Windows/thread_stack_array_left_oob.cc
@@ -0,0 +1,27 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+DWORD WINAPI thread_proc(void *) {
+ int subscript = -1;
+ volatile char stack_buffer[42];
+ stack_buffer[subscript] = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T1
+// CHECK: {{#0 .* thread_proc .*thread_stack_array_left_oob.cc}}:[[@LINE-3]]
+// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset {{.*}} in frame
+// CHECK: thread_proc
+ return 0;
+}
+
+int main() {
+ HANDLE thr = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL);
+// CHECK: Thread T1 created by T0 here:
+// CHECK: {{#[01] .* main .*thread_stack_array_left_oob.cc}}:[[@LINE-2]]
+
+ // A failure to create a thread should fail the test!
+ if (thr == 0) return 0;
+
+ WaitForSingleObject(thr, INFINITE);
+}
diff --git a/test/asan/TestCases/Windows/thread_stack_array_right_oob.cc b/test/asan/TestCases/Windows/thread_stack_array_right_oob.cc
new file mode 100644
index 000000000000..601a1b8a8760
--- /dev/null
+++ b/test/asan/TestCases/Windows/thread_stack_array_right_oob.cc
@@ -0,0 +1,27 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <windows.h>
+
+DWORD WINAPI thread_proc(void *) {
+ int subscript = 42;
+ volatile char stack_buffer[42];
+ stack_buffer[subscript] = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T1
+// CHECK: {{#0 .* thread_proc .*thread_stack_array_right_oob.cc}}:[[@LINE-3]]
+// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset {{.*}} in frame
+// CHECK: thread_proc
+ return 0;
+}
+
+int main(void) {
+ HANDLE thr = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL);
+// CHECK: Thread T1 created by T0 here:
+// CHECK: {{#[01] .* main .*thread_stack_array_right_oob.cc}}:[[@LINE-2]]
+
+ // A failure to create a thread should fail the test!
+ if (thr == 0) return 0;
+
+ WaitForSingleObject(thr, INFINITE);
+}
diff --git a/test/asan/TestCases/Windows/thread_stack_reuse.cc b/test/asan/TestCases/Windows/thread_stack_reuse.cc
new file mode 100644
index 000000000000..7da3a807dac1
--- /dev/null
+++ b/test/asan/TestCases/Windows/thread_stack_reuse.cc
@@ -0,0 +1,37 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+#include <windows.h>
+
+DWORD WINAPI thread_proc_1(void *) {
+ volatile int x, y, z;
+ x = 1;
+ y = 2;
+ z = 3;
+ return 0;
+}
+
+DWORD WINAPI thread_proc_2(void *) {
+ volatile char stack_buffer[42];
+ for (int i = 0; i < sizeof(stack_buffer); ++i)
+ stack_buffer[i] = 42;
+ return 0;
+}
+
+int main(void) {
+ HANDLE thr = NULL;
+
+ thr = CreateThread(NULL, 0, thread_proc_1, NULL, 0, NULL);
+ if (thr == 0)
+ return 1;
+ if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE))
+ return 2;
+
+ thr = CreateThread(NULL, 0, thread_proc_2, NULL, 0, NULL);
+ if (thr == 0)
+ return 3;
+ if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE))
+ return 4;
+ CloseHandle(thr);
+}
+
diff --git a/test/asan/TestCases/Windows/thread_stress.cc b/test/asan/TestCases/Windows/thread_stress.cc
new file mode 100644
index 000000000000..74be8d88c665
--- /dev/null
+++ b/test/asan/TestCases/Windows/thread_stress.cc
@@ -0,0 +1,30 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+#include <windows.h>
+
+DWORD WINAPI thread_proc(void *) {
+ volatile char stack_buffer[42];
+ for (int i = 0; i < sizeof(stack_buffer); ++i)
+ stack_buffer[i] = 42;
+ return 0;
+}
+
+int main(void) {
+ for (int iter = 0; iter < 1024; ++iter) {
+ const int NUM_THREADS = 8;
+ HANDLE thr[NUM_THREADS];
+ for (int i = 0; i < NUM_THREADS; ++i) {
+ thr[i] = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL);
+ if (thr[i] == 0)
+ return 1;
+ }
+ for (int i = 0; i < NUM_THREADS; ++i) {
+ if (WAIT_OBJECT_0 != WaitForSingleObject(thr[i], INFINITE))
+ return 2;
+ CloseHandle(thr[i]);
+ }
+ }
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/throw_catch.cc b/test/asan/TestCases/Windows/throw_catch.cc
new file mode 100644
index 000000000000..5313d25b26d6
--- /dev/null
+++ b/test/asan/TestCases/Windows/throw_catch.cc
@@ -0,0 +1,73 @@
+// Clang doesn't support exceptions on Windows yet, so for the time being we
+// build this program in two parts: the code with exceptions is built with CL,
+// the rest is built with Clang. This represents the typical scenario when we
+// build a large project using "clang-cl -fallback -fsanitize=address".
+//
+// RUN: cl -c %s -Fo%t.obj
+// RUN: %clangxx_asan -o %t.exe %s %t.obj
+// RUN: %run %t.exe
+
+#include <assert.h>
+#include <stdio.h>
+
+// Should just "#include <sanitizer/asan_interface.h>" when C++ exceptions are
+// supported and we don't need to use CL.
+extern "C" bool __asan_address_is_poisoned(void *p);
+
+void ThrowAndCatch();
+void TestThrowInline();
+
+#if !defined(__clang__)
+__declspec(noinline)
+void Throw() {
+ int local;
+ fprintf(stderr, "Throw: %p\n", &local);
+ throw 1;
+}
+
+__declspec(noinline)
+void ThrowAndCatch() {
+ int local;
+ try {
+ Throw();
+ } catch(...) {
+ fprintf(stderr, "Catch: %p\n", &local);
+ }
+}
+
+void TestThrowInline() {
+ char x[32];
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ try {
+ Throw();
+ } catch(...) {
+ fprintf(stderr, "Catch\n");
+ }
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ assert(!__asan_address_is_poisoned(x + 32));
+}
+
+#else
+
+void TestThrow() {
+ char x[32];
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ ThrowAndCatch();
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ assert(!__asan_address_is_poisoned(x + 32));
+}
+
+int main(int argc, char **argv) {
+ TestThrowInline();
+ TestThrow();
+}
+#endif
diff --git a/test/asan/TestCases/Windows/use_after_realloc.cc b/test/asan/TestCases/Windows/use_after_realloc.cc
new file mode 100644
index 000000000000..9d2c025258fa
--- /dev/null
+++ b/test/asan/TestCases/Windows/use_after_realloc.cc
@@ -0,0 +1,23 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 32),
+ *stale = buffer;
+ buffer = (char*)realloc(buffer, 64);
+ // The 'stale' may now point to a free'd memory.
+ stale[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*use_after_realloc.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 32-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*use_after_realloc.cc}}:[[@LINE-9]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*use_after_realloc.cc}}:[[@LINE-14]]
+ free(buffer);
+}
diff --git a/test/asan/TestCases/Windows/use_after_return_linkage.cc b/test/asan/TestCases/Windows/use_after_return_linkage.cc
new file mode 100644
index 000000000000..48c5065a0fa9
--- /dev/null
+++ b/test/asan/TestCases/Windows/use_after_return_linkage.cc
@@ -0,0 +1,12 @@
+// Make sure LIBCMT doesn't accidentally get added to the list of DEFAULTLIB
+// directives. REQUIRES: asan-dynamic-runtime
+// RUN: %clang_cl_asan -LD %s | FileCheck %s
+// CHECK: Creating library
+// CHECK-NOT: LIBCMT
+
+void foo(int *p) { *p = 42; }
+
+__declspec(dllexport) void bar() {
+ int x;
+ foo(&x);
+}
diff --git a/test/asan/TestCases/Windows/windows_h.cc b/test/asan/TestCases/Windows/windows_h.cc
new file mode 100644
index 000000000000..40cf5a10ad4f
--- /dev/null
+++ b/test/asan/TestCases/Windows/windows_h.cc
@@ -0,0 +1,7 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: %run %t
+
+// Just make sure we can parse <windows.h>
+#include <windows.h>
+
+int main() {}
diff --git a/test/asan/TestCases/Windows/wrong_downcast_on_heap.cc b/test/asan/TestCases/Windows/wrong_downcast_on_heap.cc
new file mode 100644
index 000000000000..112dd5308d11
--- /dev/null
+++ b/test/asan/TestCases/Windows/wrong_downcast_on_heap.cc
@@ -0,0 +1,26 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+class Parent {
+ public:
+ int field;
+};
+
+class Child : public Parent {
+ public:
+ int extra_field;
+};
+
+int main(void) {
+ Parent *p = new Parent;
+ Child *c = (Child*)p; // Intentional error here!
+ c->extra_field = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK: {{#0 0x[0-9a-f]* in main .*wrong_downcast_on_heap.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 4-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK: #0 {{.*}} operator new
+ return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/wrong_downcast_on_stack.cc b/test/asan/TestCases/Windows/wrong_downcast_on_stack.cc
new file mode 100644
index 000000000000..2859ecc521d2
--- /dev/null
+++ b/test/asan/TestCases/Windows/wrong_downcast_on_stack.cc
@@ -0,0 +1,26 @@
+// RUN: %clang_cl_asan -O0 %s -Fe%t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+class Parent {
+ public:
+ int field;
+};
+
+class Child : public Parent {
+ public:
+ int extra_field;
+};
+
+int main(void) {
+ Parent p;
+ Child *c = (Child*)&p; // Intentional error here!
+ c->extra_field = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 0x[0-9a-f]* in main .*wrong_downcast_on_stack.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:[0-9]+]] in frame
+// CHECK-NEXT: {{#0 0x[0-9a-f]* in main }}
+// CHECK: 'p' <== Memory access at offset [[OFFSET]] overflows this variable
+ return 0;
+}
+
diff --git a/test/asan/TestCases/alloca_big_alignment.cc b/test/asan/TestCases/alloca_big_alignment.cc
new file mode 100644
index 000000000000..2ede3f949b24
--- /dev/null
+++ b/test/asan/TestCases/alloca_big_alignment.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(128)));
+ assert(!(reinterpret_cast<long>(str) & 127L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(10, 10);
+ return 0;
+}
diff --git a/test/asan/TestCases/alloca_detect_custom_size_.cc b/test/asan/TestCases/alloca_detect_custom_size_.cc
new file mode 100644
index 000000000000..2b0f573de3d0
--- /dev/null
+++ b/test/asan/TestCases/alloca_detect_custom_size_.cc
@@ -0,0 +1,23 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+struct A {
+ char a[3];
+ int b[3];
+};
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile struct A str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index].a[0] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(10, 10);
+ return 0;
+}
diff --git a/test/asan/TestCases/alloca_instruments_all_paddings.cc b/test/asan/TestCases/alloca_instruments_all_paddings.cc
new file mode 100644
index 000000000000..d60a3b22dcb9
--- /dev/null
+++ b/test/asan/TestCases/alloca_instruments_all_paddings.cc
@@ -0,0 +1,23 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: %run %t 2>&1
+//
+
+#include "sanitizer/asan_interface.h"
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ char *q = (char *)__asan_region_is_poisoned((char *)str, 64);
+ assert(q && ((q - str) == index));
+}
+
+int main(int argc, char **argv) {
+ for (int i = 1; i < 33; ++i)
+ foo(i, i);
+
+ for (int i = 1; i < 33; ++i)
+ foo(i, i);
+
+ return 0;
+}
diff --git a/test/asan/TestCases/alloca_overflow_partial.cc b/test/asan/TestCases/alloca_overflow_partial.cc
new file mode 100644
index 000000000000..590f35465dad
--- /dev/null
+++ b/test/asan/TestCases/alloca_overflow_partial.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(10, 10);
+ return 0;
+}
diff --git a/test/asan/TestCases/alloca_overflow_right.cc b/test/asan/TestCases/alloca_overflow_right.cc
new file mode 100644
index 000000000000..caec846838ef
--- /dev/null
+++ b/test/asan/TestCases/alloca_overflow_right.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(33, 10);
+ return 0;
+}
diff --git a/test/asan/TestCases/alloca_safe_access.cc b/test/asan/TestCases/alloca_safe_access.cc
new file mode 100644
index 000000000000..240454fd55e4
--- /dev/null
+++ b/test/asan/TestCases/alloca_safe_access.cc
@@ -0,0 +1,17 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: %run %t 2>&1
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1';
+}
+
+int main(int argc, char **argv) {
+ foo(4, 5);
+ foo(39, 40);
+ return 0;
+}
diff --git a/test/asan/TestCases/alloca_underflow_left.cc b/test/asan/TestCases/alloca_underflow_left.cc
new file mode 100644
index 000000000000..6e7061f7cfe2
--- /dev/null
+++ b/test/asan/TestCases/alloca_underflow_left.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(-1, 10);
+ return 0;
+}
diff --git a/test/asan/TestCases/allocator_returns_null.cc b/test/asan/TestCases/allocator_returns_null.cc
new file mode 100644
index 000000000000..59a053c3dcad
--- /dev/null
+++ b/test/asan/TestCases/allocator_returns_null.cc
@@ -0,0 +1,83 @@
+// Test the behavior of malloc/calloc/realloc when the allocation size is huge.
+// By default (allocator_may_return_null=0) the process should crash.
+// With allocator_may_return_null=1 the allocator should return 0.
+//
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=0 not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=1 %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mNULL
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=0 not %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cCRASH
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=1 %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cNULL
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coCRASH
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=1 %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coNULL
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=0 not %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rCRASH
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=1 %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rNULL
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrCRASH
+// RUN: env ASAN_OPTIONS=allocator_may_return_null=1 %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrNULL
+
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <assert.h>
+#include <limits>
+int main(int argc, char **argv) {
+ volatile size_t size = std::numeric_limits<size_t>::max() - 10000;
+ assert(argc == 2);
+ char *x = 0;
+ if (!strcmp(argv[1], "malloc")) {
+ fprintf(stderr, "malloc:\n");
+ x = (char*)malloc(size);
+ }
+ if (!strcmp(argv[1], "calloc")) {
+ fprintf(stderr, "calloc:\n");
+ x = (char*)calloc(size / 4, 4);
+ }
+
+ if (!strcmp(argv[1], "calloc-overflow")) {
+ fprintf(stderr, "calloc-overflow:\n");
+ volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max();
+ size_t kArraySize = 4096;
+ volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10;
+ x = (char*)calloc(kArraySize, kArraySize2);
+ }
+
+ if (!strcmp(argv[1], "realloc")) {
+ fprintf(stderr, "realloc:\n");
+ x = (char*)realloc(0, size);
+ }
+ if (!strcmp(argv[1], "realloc-after-malloc")) {
+ fprintf(stderr, "realloc-after-malloc:\n");
+ char *t = (char*)malloc(100);
+ *t = 42;
+ x = (char*)realloc(t, size);
+ assert(*t == 42);
+ free(t);
+ }
+ // The NULL pointer is printed differently on different systems, while (long)0
+ // is always the same.
+ fprintf(stderr, "x: %lx\n", (long)x);
+ free(x);
+ return x != 0;
+}
+// CHECK-mCRASH: malloc:
+// CHECK-mCRASH: AddressSanitizer's allocator is terminating the process
+// CHECK-cCRASH: calloc:
+// CHECK-cCRASH: AddressSanitizer's allocator is terminating the process
+// CHECK-coCRASH: calloc-overflow:
+// CHECK-coCRASH: AddressSanitizer's allocator is terminating the process
+// CHECK-rCRASH: realloc:
+// CHECK-rCRASH: AddressSanitizer's allocator is terminating the process
+// CHECK-mrCRASH: realloc-after-malloc:
+// CHECK-mrCRASH: AddressSanitizer's allocator is terminating the process
+
+// CHECK-mNULL: malloc:
+// CHECK-mNULL: x: 0
+// CHECK-cNULL: calloc:
+// CHECK-cNULL: x: 0
+// CHECK-coNULL: calloc-overflow:
+// CHECK-coNULL: x: 0
+// CHECK-rNULL: realloc:
+// CHECK-rNULL: x: 0
+// CHECK-mrNULL: realloc-after-malloc:
+// CHECK-mrNULL: x: 0
diff --git a/test/asan/TestCases/asan_and_llvm_coverage_test.cc b/test/asan/TestCases/asan_and_llvm_coverage_test.cc
new file mode 100644
index 000000000000..35bdfcb353c2
--- /dev/null
+++ b/test/asan/TestCases/asan_and_llvm_coverage_test.cc
@@ -0,0 +1,10 @@
+// RUN: %clangxx_asan -coverage -O0 %s -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=1 %run %t 2>&1 | FileCheck %s
+// XFAIL: android
+#include <stdio.h>
+int foo() { return 1; }
+int XXX = foo();
+int main() {
+ printf("PASS\n");
+// CHECK: PASS
+}
diff --git a/test/asan/TestCases/atexit_stats.cc b/test/asan/TestCases/atexit_stats.cc
new file mode 100644
index 000000000000..be6534475245
--- /dev/null
+++ b/test/asan/TestCases/atexit_stats.cc
@@ -0,0 +1,18 @@
+// Make sure we report atexit stats.
+// RUN: %clangxx_asan -O3 %s -o %t
+// RUN: env ASAN_OPTIONS=atexit=1:print_stats=1 %run %t 2>&1 | FileCheck %s
+//
+// No atexit output on Android due to
+// https://code.google.com/p/address-sanitizer/issues/detail?id=263
+// XFAIL: android
+
+#include <stdlib.h>
+#if !defined(__APPLE__) && !defined(__FreeBSD__)
+#include <malloc.h>
+#endif
+int *p1 = (int*)malloc(900);
+int *p2 = (int*)malloc(90000);
+int *p3 = (int*)malloc(9000000);
+int main() { }
+
+// CHECK: AddressSanitizer exit stats:
diff --git a/test/asan/TestCases/blacklist.cc b/test/asan/TestCases/blacklist.cc
new file mode 100644
index 000000000000..7c31484c2174
--- /dev/null
+++ b/test/asan/TestCases/blacklist.cc
@@ -0,0 +1,38 @@
+// Test the blacklist functionality of ASan
+
+// RUN: echo "fun:*brokenFunction*" > %tmp
+// RUN: echo "global:*badGlobal*" >> %tmp
+// RUN: echo "src:*blacklist-extra.cc" >> %tmp
+// RUN: %clangxx_asan -fsanitize-blacklist=%tmp -O0 %s -o %t \
+// RUN: %p/Helpers/blacklist-extra.cc && %run %t 2>&1
+// RUN: %clangxx_asan -fsanitize-blacklist=%tmp -O1 %s -o %t \
+// RUN: %p/Helpers/blacklist-extra.cc && %run %t 2>&1
+// RUN: %clangxx_asan -fsanitize-blacklist=%tmp -O2 %s -o %t \
+// RUN: %p/Helpers/blacklist-extra.cc && %run %t 2>&1
+// RUN: %clangxx_asan -fsanitize-blacklist=%tmp -O3 %s -o %t \
+// RUN: %p/Helpers/blacklist-extra.cc && %run %t 2>&1
+
+// badGlobal is accessed improperly, but we blacklisted it. Align
+// it to make sure memory past the end of badGlobal will be in
+// the same page.
+__attribute__((aligned(16))) int badGlobal;
+int readBadGlobal() {
+ return (&badGlobal)[1];
+}
+
+// A function which is broken, but excluded in the blacklist.
+int brokenFunction(int argc) {
+ char x[10] = {0};
+ return x[argc * 10]; // BOOM
+}
+
+// This function is defined in Helpers/blacklist-extra.cc, a source file which
+// is blacklisted by name
+int externalBrokenFunction(int x);
+
+int main(int argc, char **argv) {
+ brokenFunction(argc);
+ int x = readBadGlobal();
+ externalBrokenFunction(argc);
+ return 0;
+}
diff --git a/test/asan/TestCases/contiguous_container.cc b/test/asan/TestCases/contiguous_container.cc
new file mode 100644
index 000000000000..0f3a7db5b060
--- /dev/null
+++ b/test/asan/TestCases/contiguous_container.cc
@@ -0,0 +1,75 @@
+// RUN: %clangxx_asan -O %s -o %t && %run %t
+//
+// Test __sanitizer_annotate_contiguous_container.
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <sanitizer/asan_interface.h>
+
+void TestContainer(size_t capacity) {
+ char *beg = new char[capacity];
+ char *end = beg + capacity;
+ char *mid = beg + capacity;
+ char *old_mid = 0;
+
+ for (int i = 0; i < 10000; i++) {
+ size_t size = rand() % (capacity + 1);
+ assert(size <= capacity);
+ old_mid = mid;
+ mid = beg + size;
+ __sanitizer_annotate_contiguous_container(beg, end, old_mid, mid);
+
+ for (size_t idx = 0; idx < size; idx++)
+ assert(!__asan_address_is_poisoned(beg + idx));
+ for (size_t idx = size; idx < capacity; idx++)
+ assert(__asan_address_is_poisoned(beg + idx));
+ assert(__sanitizer_verify_contiguous_container(beg, mid, end));
+ if (mid != beg)
+ assert(!__sanitizer_verify_contiguous_container(beg, mid - 1, end));
+ if (mid != end)
+ assert(!__sanitizer_verify_contiguous_container(beg, mid + 1, end));
+ }
+
+ // Don't forget to unpoison the whole thing before destroing/reallocating.
+ __sanitizer_annotate_contiguous_container(beg, end, mid, end);
+ for (size_t idx = 0; idx < capacity; idx++)
+ assert(!__asan_address_is_poisoned(beg + idx));
+ delete[] beg;
+}
+
+__attribute__((noinline))
+void Throw() { throw 1; }
+
+__attribute__((noinline))
+void ThrowAndCatch() {
+ try {
+ Throw();
+ } catch(...) {
+ }
+}
+
+void TestThrow() {
+ char x[32];
+ __sanitizer_annotate_contiguous_container(x, x + 32, x + 32, x + 14);
+ assert(!__asan_address_is_poisoned(x + 13));
+ assert(__asan_address_is_poisoned(x + 14));
+ ThrowAndCatch();
+ assert(!__asan_address_is_poisoned(x + 13));
+ // FIXME: invert the assertion below once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ // This assertion works only w/o UAR.
+ if (!__asan_get_current_fake_stack())
+ assert(!__asan_address_is_poisoned(x + 14));
+ __sanitizer_annotate_contiguous_container(x, x + 32, x + 14, x + 32);
+ assert(!__asan_address_is_poisoned(x + 13));
+ assert(!__asan_address_is_poisoned(x + 14));
+}
+
+int main(int argc, char **argv) {
+ int n = argc == 1 ? 128 : atoi(argv[1]);
+ for (int i = 0; i <= n; i++)
+ TestContainer(i);
+ TestThrow();
+}
diff --git a/test/asan/TestCases/contiguous_container_crash.cc b/test/asan/TestCases/contiguous_container_crash.cc
new file mode 100644
index 000000000000..143ae9d8edee
--- /dev/null
+++ b/test/asan/TestCases/contiguous_container_crash.cc
@@ -0,0 +1,41 @@
+// RUN: %clangxx_asan -O %s -o %t
+// RUN: not %run %t crash 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
+// RUN: not %run %t bad-bounds 2>&1 | FileCheck --check-prefix=CHECK-BAD %s
+// RUN: env ASAN_OPTIONS=detect_container_overflow=0 %run %t crash
+//
+// Test crash due to __sanitizer_annotate_contiguous_container.
+
+#include <assert.h>
+#include <string.h>
+
+extern "C" {
+void __sanitizer_annotate_contiguous_container(const void *beg, const void *end,
+ const void *old_mid,
+ const void *new_mid);
+} // extern "C"
+
+static volatile int one = 1;
+
+int TestCrash() {
+ long t[100];
+ t[60] = 0;
+ __sanitizer_annotate_contiguous_container(&t[0], &t[0] + 100, &t[0] + 100,
+ &t[0] + 50);
+ return (int)t[60 * one]; // Touches the poisoned memory.
+}
+
+void BadBounds() {
+ long t[100];
+ __sanitizer_annotate_contiguous_container(&t[0], &t[0] + 100, &t[0] + 101,
+ &t[0] + 50);
+}
+
+int main(int argc, char **argv) {
+ assert(argc == 2);
+ if (!strcmp(argv[1], "crash"))
+ return TestCrash();
+ else if (!strcmp(argv[1], "bad-bounds"))
+ BadBounds();
+}
+// CHECK-CRASH: AddressSanitizer: container-overflow
+// CHECK-BAD: ERROR: AddressSanitizer: bad parameters to __sanitizer_annotate_contiguous_container
diff --git a/test/asan/TestCases/current_allocated_bytes.cc b/test/asan/TestCases/current_allocated_bytes.cc
new file mode 100644
index 000000000000..c49e433b1e8b
--- /dev/null
+++ b/test/asan/TestCases/current_allocated_bytes.cc
@@ -0,0 +1,44 @@
+// RUN: %clangxx_asan -O0 %s -pthread -o %t && %run %t
+// RUN: %clangxx_asan -O2 %s -pthread -o %t && %run %t
+// REQUIRES: stable-runtime
+
+#include <assert.h>
+#include <pthread.h>
+#include <sanitizer/allocator_interface.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+const size_t kLargeAlloc = 1UL << 20;
+
+void* allocate(void *arg) {
+ volatile void *ptr = malloc(kLargeAlloc);
+ free((void*)ptr);
+ return 0;
+}
+
+void* check_stats(void *arg) {
+ assert(__sanitizer_get_current_allocated_bytes() > 0);
+ return 0;
+}
+
+int main() {
+ size_t used_mem = __sanitizer_get_current_allocated_bytes();
+ printf("Before: %zu\n", used_mem);
+ const int kNumIterations = 1000;
+ for (int iter = 0; iter < kNumIterations; iter++) {
+ pthread_t thr[4];
+ for (int j = 0; j < 4; j++) {
+ assert(0 ==
+ pthread_create(&thr[j], 0, (j < 2) ? allocate : check_stats, 0));
+ }
+ for (int j = 0; j < 4; j++)
+ assert(0 == pthread_join(thr[j], 0));
+ used_mem = __sanitizer_get_current_allocated_bytes();
+ if (used_mem > kLargeAlloc) {
+ printf("After iteration %d: %zu\n", iter, used_mem);
+ return 1;
+ }
+ }
+ printf("Success after %d iterations\n", kNumIterations);
+ return 0;
+}
diff --git a/test/asan/TestCases/debug_locate.cc b/test/asan/TestCases/debug_locate.cc
new file mode 100644
index 000000000000..5971a772786b
--- /dev/null
+++ b/test/asan/TestCases/debug_locate.cc
@@ -0,0 +1,80 @@
+// Checks the ASan memory address type debugging API, makes sure it returns
+// the correct memory type for heap, stack, global and shadow addresses and
+// that it correctly finds out which region (and name and size) the address
+// belongs to.
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1
+
+#include <assert.h>
+#include <sanitizer/asan_interface.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int global_var;
+
+int main() {
+ int local_var;
+ char *heap_ptr = (char *)malloc(10);
+
+ char name[100];
+ void *region_address;
+ size_t region_size;
+ const char *type;
+
+ type = __asan_locate_address(&global_var, name, 100,
+ &region_address, &region_size);
+ assert(0 == strcmp(name, "global_var"));
+ assert(0 == strcmp(type, "global"));
+ assert(region_address == &global_var);
+ assert(region_size == sizeof(global_var));
+
+ type = __asan_locate_address((char *)(&global_var)+1, name, 100,
+ &region_address, &region_size);
+ assert(0 == strcmp(name, "global_var"));
+ assert(0 == strcmp(type, "global"));
+ assert(region_address == &global_var);
+ assert(region_size == sizeof(global_var));
+
+ type = __asan_locate_address(&local_var, name, 100,
+ &region_address, &region_size);
+ assert(0 == strcmp(name, "local_var"));
+ assert(0 == strcmp(type, "stack"));
+ assert(region_address == &local_var);
+ assert(region_size == sizeof(local_var));
+
+ type = __asan_locate_address((char *)(&local_var)+1, name, 100,
+ &region_address, &region_size);
+ assert(0 == strcmp(name, "local_var"));
+ assert(0 == strcmp(type, "stack"));
+ assert(region_address == &local_var);
+ assert(region_size == sizeof(local_var));
+
+ type = __asan_locate_address(heap_ptr, name, 100,
+ &region_address, &region_size);
+ assert(0 == strcmp(type, "heap"));
+ assert(region_address == heap_ptr);
+ assert(10 == region_size);
+
+ type = __asan_locate_address(heap_ptr+1, name, 100,
+ &region_address, &region_size);
+ assert(0 == strcmp(type, "heap"));
+ assert(region_address == heap_ptr);
+ assert(10 == region_size);
+
+ size_t shadow_scale;
+ size_t shadow_offset;
+ __asan_get_shadow_mapping(&shadow_scale, &shadow_offset);
+
+ uintptr_t shadow_ptr = (((uintptr_t)heap_ptr) >> shadow_scale)
+ + shadow_offset;
+ type = __asan_locate_address((void *)shadow_ptr, NULL, 0, NULL, NULL);
+ assert((0 == strcmp(type, "high shadow")) || 0 == strcmp(type, "low shadow"));
+
+ uintptr_t shadow_gap = (shadow_ptr >> shadow_scale) + shadow_offset;
+ type = __asan_locate_address((void *)shadow_gap, NULL, 0, NULL, NULL);
+ assert(0 == strcmp(type, "shadow gap"));
+
+ free(heap_ptr);
+
+ return 0;
+}
diff --git a/test/asan/TestCases/debug_mapping.cc b/test/asan/TestCases/debug_mapping.cc
new file mode 100644
index 000000000000..f96abf6d11cf
--- /dev/null
+++ b/test/asan/TestCases/debug_mapping.cc
@@ -0,0 +1,24 @@
+// Checks that the debugging API returns correct shadow scale and offset.
+// RUN: %clangxx_asan -O %s -o %t
+// RUN: env ASAN_OPTIONS=verbosity=1 %run %t 2>&1 | FileCheck %s
+
+#include <sanitizer/asan_interface.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+// printed because of verbosity=1
+// CHECK: SHADOW_SCALE: [[SCALE:[0-9]+]]
+// CHECK: SHADOW_OFFSET: [[OFFSET:[0-9]+]]
+
+int main() {
+ size_t scale, offset;
+ __asan_get_shadow_mapping(&scale, &offset);
+
+ fprintf(stderr, "scale: %lx\n", scale);
+ fprintf(stderr, "offset: %lx\n", offset);
+
+ // CHECK: scale: [[SCALE]]
+ // CHECK: offset: [[OFFSET]]
+
+ return 0;
+}
diff --git a/test/asan/TestCases/debug_ppc64_mapping.cc b/test/asan/TestCases/debug_ppc64_mapping.cc
new file mode 100644
index 000000000000..3ddd3e1404ce
--- /dev/null
+++ b/test/asan/TestCases/debug_ppc64_mapping.cc
@@ -0,0 +1,37 @@
+// RUN: %clang_asan -O0 %s -o %t
+// RUN: env ASAN_OPTIONS=verbosity=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-PPC64-V0
+// RUN: env ASAN_OPTIONS=verbosity=2 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-PPC64
+// REQUIRES: powerpc64-supported-target
+
+#include <stdio.h>
+
+int main() {
+// CHECK-PPC64: || `[{{0x0a0|0x040}}000000000, {{0x3ff|0x0ff}}fffffffff]` || HighMem ||
+// CHECK-PPC64: || `[{{0x034|0x028}}000000000, {{0x09f|0x03f}}fffffffff]` || HighShadow ||
+// CHECK-PPC64: || `[{{0x024|0x024}}000000000, {{0x033|0x027}}fffffffff]` || ShadowGap ||
+// CHECK-PPC64: || `[0x020000000000, 0x023fffffffff]` || LowShadow ||
+// CHECK-PPC64: || `[0x000000000000, 0x01ffffffffff]` || LowMem ||
+//
+ printf("ppc64 eyecatcher \n");
+// CHECK-PPC64-V0: ppc64 eyecatcher
+
+ return 0;
+}
+
+/*
+ * Two different signatures noted at the time of writing.
+Newish kernel: (64TB address range support, starting with kernel version 3.7)
+|| `[0x0a0000000000, 0x3fffffffffff]` || HighMem ||
+|| `[0x034000000000, 0x09ffffffffff]` || HighShadow ||
+|| `[0x024000000000, 0x033fffffffff]` || ShadowGap ||
+|| `[0x020000000000, 0x023fffffffff]` || LowShadow ||
+|| `[0x000000000000, 0x01ffffffffff]` || LowMem ||
+
+Oldish kernel:
+|| `[0x040000000000, 0x0fffffffffff]` || HighMem ||
+|| `[0x028000000000, 0x03ffffffffff]` || HighShadow ||
+|| `[0x024000000000, 0x027fffffffff]` || ShadowGap ||
+|| `[0x020000000000, 0x023fffffffff]` || LowShadow ||
+|| `[0x000000000000, 0x01ffffffffff]` || LowMem ||
+*/
+
diff --git a/test/asan/TestCases/debug_report.cc b/test/asan/TestCases/debug_report.cc
new file mode 100644
index 000000000000..acf52f918dd8
--- /dev/null
+++ b/test/asan/TestCases/debug_report.cc
@@ -0,0 +1,48 @@
+// Checks that the ASan debugging API for getting report information
+// returns correct values.
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <sanitizer/asan_interface.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main() {
+ char *heap_ptr = (char *)malloc(10);
+ free(heap_ptr);
+ int present = __asan_report_present();
+ fprintf(stderr, "%s\n", (present == 0) ? "no report" : "");
+ // CHECK: no report
+ heap_ptr[0] = 'A'; // BOOM
+ return 0;
+}
+
+void __asan_on_error() {
+ int present = __asan_report_present();
+ void *pc = __asan_get_report_pc();
+ void *bp = __asan_get_report_bp();
+ void *sp = __asan_get_report_sp();
+ void *addr = __asan_get_report_address();
+ int is_write = __asan_get_report_access_type();
+ size_t access_size = __asan_get_report_access_size();
+ const char *description = __asan_get_report_description();
+
+ fprintf(stderr, "%s\n", (present == 1) ? "report" : "");
+ // CHECK: report
+ fprintf(stderr, "pc: %p\n", pc);
+ // CHECK: pc: 0x[[PC:[0-9a-f]+]]
+ fprintf(stderr, "bp: %p\n", bp);
+ // CHECK: bp: 0x[[BP:[0-9a-f]+]]
+ fprintf(stderr, "sp: %p\n", sp);
+ // CHECK: sp: 0x[[SP:[0-9a-f]+]]
+ fprintf(stderr, "addr: %p\n", addr);
+ // CHECK: addr: 0x[[ADDR:[0-9a-f]+]]
+ fprintf(stderr, "type: %s\n", (is_write ? "write" : "read"));
+ // CHECK: type: write
+ fprintf(stderr, "access_size: %ld\n", access_size);
+ // CHECK: access_size: 1
+ fprintf(stderr, "description: %s\n", description);
+ // CHECK: description: heap-use-after-free
+}
+
+// CHECK: AddressSanitizer: heap-use-after-free on address {{0x0*}}[[ADDR]] at pc {{0x0*}}[[PC]] bp {{0x0*}}[[BP]] sp {{0x0*}}[[SP]]
+// CHECK: WRITE of size 1 at {{0x0*}}[[ADDR]] thread T0
diff --git a/test/asan/TestCases/debug_stacks.cc b/test/asan/TestCases/debug_stacks.cc
new file mode 100644
index 000000000000..57bb5465035a
--- /dev/null
+++ b/test/asan/TestCases/debug_stacks.cc
@@ -0,0 +1,62 @@
+// Check that the stack trace debugging API works and returns correct
+// malloc and free stacks.
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <sanitizer/asan_interface.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+char *mem;
+void func1() {
+ mem = (char *)malloc(10);
+}
+
+void func2() {
+ free(mem);
+}
+
+int main() {
+ func1();
+ func2();
+
+ void *trace[100];
+ size_t num_frames = 100;
+ int thread_id;
+ num_frames = __asan_get_alloc_stack(mem, trace, num_frames, &thread_id);
+
+ fprintf(stderr, "alloc stack retval %s\n", (num_frames > 0 && num_frames < 10)
+ ? "ok" : "");
+ // CHECK: alloc stack retval ok
+ fprintf(stderr, "thread id = %d\n", thread_id);
+ // CHECK: thread id = 0
+ fprintf(stderr, "0x%lx\n", trace[0]);
+ // CHECK: [[ALLOC_FRAME_0:0x[0-9a-f]+]]
+ fprintf(stderr, "0x%lx\n", trace[1]);
+ // CHECK: [[ALLOC_FRAME_1:0x[0-9a-f]+]]
+
+ num_frames = 100;
+ num_frames = __asan_get_free_stack(mem, trace, num_frames, &thread_id);
+
+ fprintf(stderr, "free stack retval %s\n", (num_frames > 0 && num_frames < 10)
+ ? "ok" : "");
+ // CHECK: free stack retval ok
+ fprintf(stderr, "thread id = %d\n", thread_id);
+ // CHECK: thread id = 0
+ fprintf(stderr, "0x%lx\n", trace[0]);
+ // CHECK: [[FREE_FRAME_0:0x[0-9a-f]+]]
+ fprintf(stderr, "0x%lx\n", trace[1]);
+ // CHECK: [[FREE_FRAME_1:0x[0-9a-f]+]]
+
+ mem[0] = 'A'; // BOOM
+
+ // CHECK: ERROR: AddressSanitizer: heap-use-after-free
+ // CHECK: WRITE of size 1 at 0x{{.*}}
+ // CHECK: freed by thread T0 here:
+ // CHECK: #0 [[FREE_FRAME_0]]
+ // CHECK: #1 [[FREE_FRAME_1]]
+ // CHECK: previously allocated by thread T0 here:
+ // CHECK: #0 [[ALLOC_FRAME_0]]
+ // CHECK: #1 [[ALLOC_FRAME_1]]
+
+ return 0;
+}
diff --git a/test/asan/TestCases/deep_call_stack.cc b/test/asan/TestCases/deep_call_stack.cc
new file mode 100644
index 000000000000..789f23454d19
--- /dev/null
+++ b/test/asan/TestCases/deep_call_stack.cc
@@ -0,0 +1,25 @@
+// Check that UAR mode can handle very deep recusrion.
+// export ASAN_OPTIONS=detect_stack_use_after_return=1
+// RUN: %clangxx_asan -O2 %s -o %t && \
+// RUN: (ulimit -s 4096; %run %t) 2>&1 | FileCheck %s
+// Also check that use_sigaltstack+verbosity doesn't crash.
+// RUN: env ASAN_OPTIONS=verbosity=1:use_sigaltstack=1 %run %t | FileCheck %s
+#include <stdio.h>
+
+__attribute__((noinline))
+void RecursiveFunc(int depth, int *ptr) {
+ if ((depth % 1000) == 0)
+ printf("[%05d] ptr: %p\n", depth, ptr);
+ if (depth == 0)
+ return;
+ int local;
+ RecursiveFunc(depth - 1, &local);
+}
+
+int main(int argc, char **argv) {
+ RecursiveFunc(15000, 0);
+ return 0;
+}
+// CHECK: [15000] ptr:
+// CHECK: [07000] ptr:
+// CHECK: [00000] ptr:
diff --git a/test/asan/TestCases/deep_stack_uaf.cc b/test/asan/TestCases/deep_stack_uaf.cc
new file mode 100644
index 000000000000..3e88d697fcef
--- /dev/null
+++ b/test/asan/TestCases/deep_stack_uaf.cc
@@ -0,0 +1,36 @@
+// Check that we can store lots of stack frames if asked to.
+
+// RUN: %clangxx_asan -O0 %s -o %t 2>&1
+// RUN: env ASAN_OPTIONS=malloc_context_size=120:redzone=512 not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+#include <stdlib.h>
+#include <stdio.h>
+
+template <int depth>
+struct DeepFree {
+ static void free(char *x) {
+ DeepFree<depth - 1>::free(x);
+ }
+};
+
+template<>
+struct DeepFree<0> {
+ static void free(char *x) {
+ ::free(x);
+ }
+};
+
+int main() {
+ char *x = (char*)malloc(10);
+ // deep_free(x);
+ DeepFree<200>::free(x);
+ return x[5];
+ // CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
+ // The libcxxrt demangling procedure on FreeBSD 9.2 incorrectly appends
+ // extra 'E' characters to the end of template arguments; see:
+ // https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192115
+ // CHECK: {{DeepFree<36>|DeepFree<36E>}}
+ // CHECK: {{DeepFree<98>|DeepFree<98E>}}
+ // CHECK: {{DeepFree<115>|DeepFree<115E>}}
+}
diff --git a/test/asan/TestCases/deep_tail_call.cc b/test/asan/TestCases/deep_tail_call.cc
new file mode 100644
index 000000000000..628ef06db144
--- /dev/null
+++ b/test/asan/TestCases/deep_tail_call.cc
@@ -0,0 +1,20 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// CHECK: AddressSanitizer: global-buffer-overflow
+int global[10];
+// CHECK: {{#0.*call4}}
+void __attribute__((noinline)) call4(int i) { global[i+10]++; }
+// CHECK: {{#1.*call3}}
+void __attribute__((noinline)) call3(int i) { call4(i); }
+// CHECK: {{#2.*call2}}
+void __attribute__((noinline)) call2(int i) { call3(i); }
+// CHECK: {{#3.*call1}}
+void __attribute__((noinline)) call1(int i) { call2(i); }
+// CHECK: {{#4.*main}}
+int main(int argc, char **argv) {
+ call1(argc);
+ return global[0];
+}
diff --git a/test/asan/TestCases/deep_thread_stack.cc b/test/asan/TestCases/deep_thread_stack.cc
new file mode 100644
index 000000000000..535da79ff58d
--- /dev/null
+++ b/test/asan/TestCases/deep_thread_stack.cc
@@ -0,0 +1,58 @@
+// RUN: %clangxx_asan -O0 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// REQUIRES: stable-runtime
+
+#include <pthread.h>
+
+int *x;
+
+void *AllocThread(void *arg) {
+ x = new int;
+ *x = 42;
+ return NULL;
+}
+
+void *FreeThread(void *arg) {
+ delete x;
+ return NULL;
+}
+
+void *AccessThread(void *arg) {
+ *x = 43; // BOOM
+ return NULL;
+}
+
+typedef void* (*callback_type)(void* arg);
+
+void *RunnerThread(void *function) {
+ pthread_t thread;
+ pthread_create(&thread, NULL, (callback_type)function, NULL);
+ pthread_join(thread, NULL);
+ return NULL;
+}
+
+void RunThread(callback_type function) {
+ pthread_t runner;
+ pthread_create(&runner, NULL, RunnerThread, (void*)function);
+ pthread_join(runner, NULL);
+}
+
+int main(int argc, char *argv[]) {
+ RunThread(AllocThread);
+ RunThread(FreeThread);
+ RunThread(AccessThread);
+ return (x != 0);
+}
+
+// CHECK: AddressSanitizer: heap-use-after-free
+// CHECK: WRITE of size 4 at 0x{{.*}} thread T[[ACCESS_THREAD:[0-9]+]]
+// CHECK: freed by thread T[[FREE_THREAD:[0-9]+]] here:
+// CHECK: previously allocated by thread T[[ALLOC_THREAD:[0-9]+]] here:
+// CHECK: Thread T[[ACCESS_THREAD]] created by T[[ACCESS_RUNNER:[0-9]+]] here:
+// CHECK: Thread T[[ACCESS_RUNNER]] created by T0 here:
+// CHECK: Thread T[[FREE_THREAD]] created by T[[FREE_RUNNER:[0-9]+]] here:
+// CHECK: Thread T[[FREE_RUNNER]] created by T0 here:
+// CHECK: Thread T[[ALLOC_THREAD]] created by T[[ALLOC_RUNNER:[0-9]+]] here:
+// CHECK: Thread T[[ALLOC_RUNNER]] created by T0 here:
diff --git a/test/asan/TestCases/default_blacklist.cc b/test/asan/TestCases/default_blacklist.cc
new file mode 100644
index 000000000000..9358cc47cbaa
--- /dev/null
+++ b/test/asan/TestCases/default_blacklist.cc
@@ -0,0 +1,6 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// Test that ASan uses the default blacklist from resource directory.
+// RUN: %clangxx_asan -### %s 2>&1 | FileCheck %s
+// CHECK: fsanitize-blacklist={{.*}}asan_blacklist.txt
diff --git a/test/asan/TestCases/default_options.cc b/test/asan/TestCases/default_options.cc
new file mode 100644
index 000000000000..6453f66a9523
--- /dev/null
+++ b/test/asan/TestCases/default_options.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+// __asan_default_options() are not supported on Windows.
+// XFAIL: win32
+
+const char *kAsanDefaultOptions="verbosity=1 foo=bar";
+
+extern "C"
+__attribute__((no_sanitize_address))
+const char *__asan_default_options() {
+ // CHECK: Using the defaults from __asan_default_options: {{.*}} foo=bar
+ return kAsanDefaultOptions;
+}
+
+int main() {
+ return 0;
+}
diff --git a/test/asan/TestCases/describe_address.cc b/test/asan/TestCases/describe_address.cc
new file mode 100644
index 000000000000..868c0eb1c446
--- /dev/null
+++ b/test/asan/TestCases/describe_address.cc
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#include <sanitizer/asan_interface.h>
+
+int global;
+
+int main(int argc, char *argv[]) {
+ int stack;
+ int *heap = new int[100];
+ __asan_describe_address(heap);
+ // CHECK: {{.*}} is located 0 bytes inside of 400-byte region
+ // CHECK: allocated by thread T{{.*}} here
+ __asan_describe_address(&stack);
+ // CHECK: Address {{.*}} is located in stack of thread T{{.*}} at offset {{.*}}
+ __asan_describe_address(&global);
+ // CHECK: {{.*}} is located 0 bytes inside of global variable 'global'
+ delete[] heap;
+ return 0;
+}
diff --git a/test/asan/TestCases/dlclose-test.cc b/test/asan/TestCases/dlclose-test.cc
new file mode 100644
index 000000000000..094453f3de2a
--- /dev/null
+++ b/test/asan/TestCases/dlclose-test.cc
@@ -0,0 +1,99 @@
+// Regression test for
+// http://code.google.com/p/address-sanitizer/issues/detail?id=19
+// Bug description:
+// 1. application dlopens foo.so
+// 2. asan registers all globals from foo.so
+// 3. application dlcloses foo.so
+// 4. application mmaps some memory to the location where foo.so was before
+// 5. application starts using this mmaped memory, but asan still thinks there
+// are globals.
+// 6. BOOM
+
+// This sublte test assumes that after a foo.so is dlclose-d
+// we can mmap the region of memory that has been occupied by the library.
+// It works on i368/x86_64 Linux, but not necessary anywhere else.
+// REQUIRES: x86_64-supported-target,i386-supported-target
+
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O2 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#if !defined(SHARED_LIB)
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+#include <string>
+
+using std::string;
+
+typedef int *(fun_t)();
+
+int main(int argc, char *argv[]) {
+ string path = string(argv[0]) + "-so.so";
+ size_t PageSize = sysconf(_SC_PAGESIZE);
+ printf("opening %s ... \n", path.c_str());
+ void *lib = dlopen(path.c_str(), RTLD_NOW);
+ if (!lib) {
+ printf("error in dlopen(): %s\n", dlerror());
+ return 1;
+ }
+ fun_t *get = (fun_t*)dlsym(lib, "get_address_of_static_var");
+ if (!get) {
+ printf("failed dlsym\n");
+ return 1;
+ }
+ int *addr = get();
+ assert(((size_t)addr % 32) == 0); // should be 32-byte aligned.
+ printf("addr: %p\n", addr);
+ addr[0] = 1; // make sure we can write there.
+
+ // Now dlclose the shared library.
+ printf("attempting to dlclose\n");
+ if (dlclose(lib)) {
+ printf("failed to dlclose\n");
+ return 1;
+ }
+ // Now, the page where 'addr' is unmapped. Map it.
+ size_t page_beg = ((size_t)addr) & ~(PageSize - 1);
+ void *res = mmap((void*)(page_beg), PageSize,
+ PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANON | MAP_FIXED | MAP_NORESERVE, -1, 0);
+ if (res == (char*)-1L) {
+ printf("failed to mmap\n");
+ return 1;
+ }
+ addr[1] = 2; // BOOM (if the bug is not fixed).
+ printf("PASS\n");
+ // CHECK: PASS
+ return 0;
+}
+#else // SHARED_LIB
+#include <stdio.h>
+
+static int pad1;
+static int static_var;
+static int pad2;
+
+extern "C"
+int *get_address_of_static_var() {
+ return &static_var;
+}
+
+__attribute__((constructor))
+void at_dlopen() {
+ printf("%s: I am being dlopened\n", __FILE__);
+}
+__attribute__((destructor))
+void at_dlclose() {
+ printf("%s: I am being dlclosed\n", __FILE__);
+}
+#endif // SHARED_LIB
diff --git a/test/asan/TestCases/double-free.cc b/test/asan/TestCases/double-free.cc
new file mode 100644
index 000000000000..f0dd29174849
--- /dev/null
+++ b/test/asan/TestCases/double-free.cc
@@ -0,0 +1,27 @@
+// RUN: %clangxx_asan -O0 %s -o %t 2>&1
+// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=MALLOC-CTX
+
+// Also works if no malloc context is available.
+// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+ char *x = (char*)malloc(10 * sizeof(char));
+ memset(x, 0, 10);
+ int res = x[argc];
+ free(x);
+ free(x + argc - 1); // BOOM
+ // CHECK: AddressSanitizer: attempting double-free{{.*}}in thread T0
+ // CHECK: #0 0x{{.*}} in {{.*}}free
+ // CHECK: #1 0x{{.*}} in main {{.*}}double-free.cc:[[@LINE-3]]
+ // CHECK: freed by thread T0 here:
+ // MALLOC-CTX: #0 0x{{.*}} in {{.*}}free
+ // MALLOC-CTX: #1 0x{{.*}} in main {{.*}}double-free.cc:[[@LINE-7]]
+ // CHECK: allocated by thread T0 here:
+ // MALLOC-CTX: double-free.cc:[[@LINE-12]]
+ return res;
+}
diff --git a/test/asan/TestCases/dump_instruction_bytes.cc b/test/asan/TestCases/dump_instruction_bytes.cc
new file mode 100644
index 000000000000..981e3c31327f
--- /dev/null
+++ b/test/asan/TestCases/dump_instruction_bytes.cc
@@ -0,0 +1,20 @@
+// Check that ASan prints the faulting instruction bytes on
+// dump_instruction_bytes=1
+// RUN: %clangxx_asan %s -o %t
+// RUN: env ASAN_OPTIONS=dump_instruction_bytes=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-DUMP
+// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-NODUMP
+//
+// REQUIRES: x86_64-supported-target,i386-supported-target
+
+int main() {
+#if defined(__x86_64__)
+ asm("movq $0, %rax");
+ asm("movl $0xcafebabe, 0x0(%rax)");
+#elif defined(i386)
+ asm("movl $0, %eax");
+ asm("movl $0xcafebabe, 0x0(%eax)");
+#endif
+ // CHECK-DUMP: First 16 instruction bytes at pc: c7 00 be ba fe ca
+ // CHECK-NODUMP-NOT: First 16 instruction bytes
+ return 0;
+}
diff --git a/test/asan/TestCases/force_inline_opt0.cc b/test/asan/TestCases/force_inline_opt0.cc
new file mode 100644
index 000000000000..e6e5d26c7998
--- /dev/null
+++ b/test/asan/TestCases/force_inline_opt0.cc
@@ -0,0 +1,14 @@
+// This test checks that we are no instrumenting a memory access twice
+// (before and after inlining)
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t
+__attribute__((always_inline))
+void foo(int *x) {
+ *x = 0;
+}
+
+int main() {
+ int x;
+ foo(&x);
+ return x;
+}
diff --git a/test/asan/TestCases/free_hook_realloc.cc b/test/asan/TestCases/free_hook_realloc.cc
new file mode 100644
index 000000000000..4b2753252a8d
--- /dev/null
+++ b/test/asan/TestCases/free_hook_realloc.cc
@@ -0,0 +1,37 @@
+// Check that free hook doesn't conflict with Realloc.
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+// Malloc/free hooks are not supported on Windows.
+// XFAIL: win32
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <sanitizer/allocator_interface.h>
+
+static void *glob_ptr;
+
+extern "C" {
+void __sanitizer_free_hook(const volatile void *ptr) {
+ if (ptr == glob_ptr) {
+ *(int*)ptr = 0;
+ write(1, "FreeHook\n", sizeof("FreeHook\n"));
+ }
+}
+}
+
+int main() {
+ int *x = (int*)malloc(100);
+ x[0] = 42;
+ glob_ptr = x;
+ int *y = (int*)realloc(x, 200);
+ // Verify that free hook was called and didn't spoil the memory.
+ if (y[0] != 42) {
+ _exit(1);
+ }
+ write(1, "Passed\n", sizeof("Passed\n"));
+ free(y);
+ // CHECK: FreeHook
+ // CHECK: Passed
+ return 0;
+}
diff --git a/test/asan/TestCases/frexp_interceptor.cc b/test/asan/TestCases/frexp_interceptor.cc
new file mode 100644
index 000000000000..d75ba992b650
--- /dev/null
+++ b/test/asan/TestCases/frexp_interceptor.cc
@@ -0,0 +1,16 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// Test the frexp() interceptor.
+
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+int main() {
+ double x = 3.14;
+ int *exp = (int*)malloc(sizeof(int));
+ free(exp);
+ double y = frexp(x, exp);
+ // CHECK: use-after-free
+ // CHECK: SUMMARY
+ return 0;
+}
diff --git a/test/asan/TestCases/gc-test.cc b/test/asan/TestCases/gc-test.cc
new file mode 100644
index 000000000000..ffbea85b2650
--- /dev/null
+++ b/test/asan/TestCases/gc-test.cc
@@ -0,0 +1,50 @@
+// RUN: %clangxx_asan %s -pthread -o %t
+// RUN: env ASAN_OPTIONS=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
+// RUN: env ASAN_OPTIONS=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// REQUIRES: stable-runtime
+
+#include <assert.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <sanitizer/asan_interface.h>
+
+static const int kNumThreads = 2;
+
+void *Thread(void *unused) {
+ void *fake_stack = __asan_get_current_fake_stack();
+ char var[15];
+ if (fake_stack) {
+ fprintf(stderr, "fake stack found: %p; var: %p\n", fake_stack, var);
+ // CHECK1: fake stack found
+ // CHECK1: fake stack found
+ void *beg, *end;
+ void *real_stack =
+ __asan_addr_is_in_fake_stack(fake_stack, &var[0], &beg, &end);
+ assert(real_stack);
+ assert((char*)beg <= (char*)&var[0]);
+ assert((char*)end > (char*)&var[0]);
+ for (int i = -32; i < 15; i++) {
+ void *beg1, *end1;
+ char *ptr = &var[0] + i;
+ void *real_stack1 =
+ __asan_addr_is_in_fake_stack(fake_stack, ptr, &beg1, &end1);
+ assert(real_stack == real_stack1);
+ assert(beg == beg1);
+ assert(end == end1);
+ }
+ } else {
+ fprintf(stderr, "no fake stack\n");
+ // CHECK0: no fake stack
+ // CHECK0: no fake stack
+ }
+ return NULL;
+}
+
+int main(int argc, char **argv) {
+ pthread_t t[kNumThreads];
+ for (int i = 0; i < kNumThreads; i++)
+ pthread_create(&t[i], 0, Thread, 0);
+ for (int i = 0; i < kNumThreads; i++)
+ pthread_join(t[i], 0);
+ return 0;
+}
diff --git a/test/asan/TestCases/global-demangle.cc b/test/asan/TestCases/global-demangle.cc
new file mode 100644
index 000000000000..5f7ff91b1601
--- /dev/null
+++ b/test/asan/TestCases/global-demangle.cc
@@ -0,0 +1,17 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+namespace XXX {
+class YYY {
+ public:
+ static char ZZZ[];
+};
+char YYY::ZZZ[] = "abc";
+}
+
+int main(int argc, char **argv) {
+ return (int)XXX::YYY::ZZZ[argc + 5]; // BOOM
+ // CHECK: {{READ of size 1 at 0x.*}}
+ // CHECK: {{0x.* is located 2 bytes to the right of global variable}}
+ // CHECK: 'XXX::YYY::ZZZ' {{.*}} of size 4
+ // CHECK: 'XXX::YYY::ZZZ' is ascii string 'abc'
+}
diff --git a/test/asan/TestCases/global-location.cc b/test/asan/TestCases/global-location.cc
new file mode 100644
index 000000000000..795e50bf614e
--- /dev/null
+++ b/test/asan/TestCases/global-location.cc
@@ -0,0 +1,38 @@
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: not %run %t g 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=GLOB
+// RUN: not %run %t c 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CLASS_STATIC
+// RUN: not %run %t f 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=FUNC_STATIC
+// RUN: not %run %t l 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=LITERAL
+
+// CHECK: AddressSanitizer: global-buffer-overflow
+
+#include <string.h>
+
+struct C {
+ static int array[10];
+};
+
+int global[10];
+// GLOB: 0x{{.*}} is located 4 bytes to the right of global variable 'global' defined in '{{.*}}global-location.cc:[[@LINE-1]]:5' {{.*}} of size 40
+int C::array[10];
+// CLASS_STATIC: 0x{{.*}} is located 4 bytes to the right of global variable 'C::array' defined in '{{.*}}global-location.cc:[[@LINE-1]]:8' {{.*}} of size 40
+
+int main(int argc, char **argv) {
+ int one = argc - 1;
+ switch (argv[1][0]) {
+ case 'g': return global[one * 11];
+ case 'c': return C::array[one * 11];
+ case 'f':
+ static int array[10];
+ // FUNC_STATIC: 0x{{.*}} is located 4 bytes to the right of global variable 'array' defined in '{{.*}}global-location.cc:[[@LINE-1]]:16' {{.*}} of size 40
+ memset(array, 0, 10);
+ return array[one * 11];
+ case 'l':
+ const char *str = "0123456789";
+ // LITERAL: 0x{{.*}} is located 0 bytes to the right of global variable {{.*}} defined in '{{.*}}global-location.cc:[[@LINE-1]]:23' {{.*}} of size 11
+ return str[one * 11];
+ }
+ return 0;
+}
+
+// CHECK: SUMMARY: AddressSanitizer: global-buffer-overflow
diff --git a/test/asan/TestCases/global-overflow.cc b/test/asan/TestCases/global-overflow.cc
new file mode 100644
index 000000000000..a39a95306352
--- /dev/null
+++ b/test/asan/TestCases/global-overflow.cc
@@ -0,0 +1,21 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <string.h>
+int main(int argc, char **argv) {
+ static char XXX[10];
+ static char YYY[10];
+ static char ZZZ[10];
+ memset(XXX, 0, 10);
+ memset(YYY, 0, 10);
+ memset(ZZZ, 0, 10);
+ int res = YYY[argc * 10]; // BOOOM
+ // CHECK: {{READ of size 1 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.* in main .*global-overflow.cc:}}[[@LINE-2]]
+ // CHECK: {{0x.* is located 0 bytes to the right of global variable}}
+ // CHECK: {{.*YYY.* of size 10}}
+ res += XXX[argc] + ZZZ[argc];
+ return res;
+}
diff --git a/test/asan/TestCases/heap-overflow-large.cc b/test/asan/TestCases/heap-overflow-large.cc
new file mode 100644
index 000000000000..eb2fcc3220e7
--- /dev/null
+++ b/test/asan/TestCases/heap-overflow-large.cc
@@ -0,0 +1,23 @@
+// Regression test for
+// https://code.google.com/p/address-sanitizer/issues/detail?id=183
+
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: not %run %t 12 2>&1 | FileCheck %s
+// RUN: not %run %t 100 2>&1 | FileCheck %s
+// RUN: not %run %t 10000 2>&1 | FileCheck %s
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[]) {
+ fprintf(stderr, "main\n");
+ int *x = new int[5];
+ memset(x, 0, sizeof(x[0]) * 5);
+ int index = atoi(argv[1]);
+ int res = x[index];
+ // CHECK: main
+ // CHECK-NOT: CHECK failed
+ delete[] x;
+ return res ? res : 1;
+}
diff --git a/test/asan/TestCases/heap-overflow.cc b/test/asan/TestCases/heap-overflow.cc
new file mode 100644
index 000000000000..70a1203562be
--- /dev/null
+++ b/test/asan/TestCases/heap-overflow.cc
@@ -0,0 +1,24 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=print_stats=1 not %run %t 2>&1 | FileCheck %s
+
+// FIXME: Fix this test under GCC.
+// REQUIRES: Clang
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+ char *x = (char*)malloc(10 * sizeof(char));
+ memset(x, 0, 10);
+ int res = x[argc * 10]; // BOOOM
+ // CHECK: {{READ of size 1 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.* in main .*heap-overflow.cc:}}[[@LINE-2]]
+ // CHECK: {{0x.* is located 0 bytes to the right of 10-byte region}}
+ // CHECK: {{allocated by thread T0 here:}}
+
+ // CHECK: {{ #0 0x.* in .*malloc}}
+ free(x);
+ return res;
+}
diff --git a/test/asan/TestCases/heavy_uar_test.cc b/test/asan/TestCases/heavy_uar_test.cc
new file mode 100644
index 000000000000..1f8caea21690
--- /dev/null
+++ b/test/asan/TestCases/heavy_uar_test.cc
@@ -0,0 +1,60 @@
+// RUN: export ASAN_OPTIONS=detect_stack_use_after_return=1
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+
+// FIXME: Fix this test under GCC.
+// REQUIRES: Clang
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+__attribute__((noinline))
+char *pretend_to_do_something(char *x) {
+ __asm__ __volatile__("" : : "r" (x) : "memory");
+ return x;
+}
+
+__attribute__((noinline))
+char *LeakStack() {
+ char x[1024];
+ memset(x, 0, sizeof(x));
+ return pretend_to_do_something(x);
+}
+
+template<size_t kFrameSize>
+__attribute__((noinline))
+void RecursiveFunctionWithStackFrame(int depth) {
+ if (depth <= 0) return;
+ char x[kFrameSize];
+ x[0] = depth;
+ pretend_to_do_something(x);
+ RecursiveFunctionWithStackFrame<kFrameSize>(depth - 1);
+}
+
+int main(int argc, char **argv) {
+ int n_iter = argc >= 2 ? atoi(argv[1]) : 1000;
+ int depth = argc >= 3 ? atoi(argv[2]) : 500;
+ for (int i = 0; i < n_iter; i++) {
+ RecursiveFunctionWithStackFrame<10>(depth);
+ RecursiveFunctionWithStackFrame<100>(depth);
+ RecursiveFunctionWithStackFrame<500>(depth);
+ RecursiveFunctionWithStackFrame<1024>(depth);
+ RecursiveFunctionWithStackFrame<2000>(depth);
+ // The stack size is tight for the main thread in multithread
+ // environment on FreeBSD.
+#if !defined(__FreeBSD__)
+ RecursiveFunctionWithStackFrame<5000>(depth);
+ RecursiveFunctionWithStackFrame<10000>(depth);
+#endif
+ }
+ char *stale_stack = LeakStack();
+ RecursiveFunctionWithStackFrame<1024>(10);
+ stale_stack[100]++;
+ // CHECK: ERROR: AddressSanitizer: stack-use-after-return on address
+ // CHECK: is located in stack of thread T0 at offset {{116|132}} in frame
+ // CHECK: in LeakStack{{.*}}heavy_uar_test.cc:
+ // CHECK: [{{16|32}}, {{1040|1056}}) 'x'
+ return 0;
+}
diff --git a/test/asan/TestCases/huge_negative_hea_oob.cc b/test/asan/TestCases/huge_negative_hea_oob.cc
new file mode 100644
index 000000000000..96e7e613d4bb
--- /dev/null
+++ b/test/asan/TestCases/huge_negative_hea_oob.cc
@@ -0,0 +1,13 @@
+// RUN: %clangxx_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O %s -o %t && not %run %t 2>&1 | FileCheck %s
+// Check that we can find huge buffer overflows to the left.
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+ char *x = (char*)malloc(1 << 20);
+ memset(x, 0, 10);
+ int res = x[-argc * 4000]; // BOOOM
+ // CHECK: is located 4000 bytes to the left of
+ free(x);
+ return res;
+}
diff --git a/test/asan/TestCases/init-order-atexit.cc b/test/asan/TestCases/init-order-atexit.cc
new file mode 100644
index 000000000000..e0dac325ce58
--- /dev/null
+++ b/test/asan/TestCases/init-order-atexit.cc
@@ -0,0 +1,34 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// Test for the following situation:
+// (1) global A is constructed.
+// (2) exit() is called during construction of global B.
+// (3) destructor of A reads uninitialized global C from another module.
+// We do *not* want to report init-order bug in this case.
+
+// RUN: %clangxx_asan -O0 %s %p/Helpers/init-order-atexit-extra.cc -o %t
+// RUN: env ASAN_OPTIONS=strict_init_order=true not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <stdlib.h>
+
+void AccessC();
+
+class A {
+ public:
+ A() { }
+ ~A() { AccessC(); printf("PASSED\n"); }
+ // CHECK-NOT: AddressSanitizer
+ // CHECK: PASSED
+};
+
+A a;
+
+class B {
+ public:
+ B() { exit(1); }
+ ~B() { }
+};
+
+B b;
diff --git a/test/asan/TestCases/init-order-pthread-create.cc b/test/asan/TestCases/init-order-pthread-create.cc
new file mode 100644
index 000000000000..eeff308a4cd5
--- /dev/null
+++ b/test/asan/TestCases/init-order-pthread-create.cc
@@ -0,0 +1,32 @@
+// Check that init-order checking is properly disabled if pthread_create is
+// called.
+
+// RUN: %clangxx_asan %s %p/Helpers/init-order-pthread-create-extra.cc -pthread -o %t
+// RUN: env ASAN_OPTIONS=strict_init_order=true %run %t
+
+#include <stdio.h>
+#include <pthread.h>
+
+void *run(void *arg) {
+ return arg;
+}
+
+void *foo(void *input) {
+ pthread_t t;
+ pthread_create(&t, 0, run, input);
+ void *res;
+ pthread_join(t, &res);
+ return res;
+}
+
+void *bar(void *input) {
+ return input;
+}
+
+void *glob = foo((void*)0x1234);
+extern void *glob2;
+
+int main() {
+ printf("%p %p\n", glob, glob2);
+ return 0;
+}
diff --git a/test/asan/TestCases/initialization-blacklist.cc b/test/asan/TestCases/initialization-blacklist.cc
new file mode 100644
index 000000000000..8ea6b46c1833
--- /dev/null
+++ b/test/asan/TestCases/initialization-blacklist.cc
@@ -0,0 +1,29 @@
+// Test for blacklist functionality of initialization-order checker.
+
+// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-blacklist-extra.cc\
+// RUN: %p/Helpers/initialization-blacklist-extra2.cc \
+// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-blacklist-extra.cc\
+// RUN: %p/Helpers/initialization-blacklist-extra2.cc \
+// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-blacklist-extra.cc\
+// RUN: %p/Helpers/initialization-blacklist-extra2.cc \
+// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+
+// Function is defined in another TU.
+int readBadGlobal();
+int x = readBadGlobal(); // init-order bug.
+
+// Function is defined in another TU.
+int accessBadObject();
+int y = accessBadObject(); // init-order bug.
+
+int readBadSrcGlobal();
+int z = readBadSrcGlobal(); // init-order bug.
+
+int main(int argc, char **argv) {
+ return argc + x + y + z - 1;
+}
diff --git a/test/asan/TestCases/initialization-bug.cc b/test/asan/TestCases/initialization-bug.cc
new file mode 100644
index 000000000000..badc6d1d1165
--- /dev/null
+++ b/test/asan/TestCases/initialization-bug.cc
@@ -0,0 +1,45 @@
+// Test to make sure basic initialization order errors are caught.
+
+// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-bug-extra2.cc -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true not %run %t 2>&1 | FileCheck %s
+
+// Do not test with optimization -- the error may be optimized away.
+
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=186
+// XFAIL: darwin
+
+#include <cstdio>
+
+// The structure of the test is:
+// "x", "y", "z" are dynamically initialized globals.
+// Value of "x" depends on "y", value of "y" depends on "z".
+// "x" and "z" are defined in this TU, "y" is defined in another one.
+// Thus we shoud stably report initialization order fiasco independently of
+// the translation unit order.
+
+int initZ() {
+ return 5;
+}
+int z = initZ();
+
+// 'y' is a dynamically initialized global residing in a different TU. This
+// dynamic initializer will read the value of 'y' before main starts. The
+// result is undefined behavior, which should be caught by initialization order
+// checking.
+extern int y;
+int __attribute__((noinline)) initX() {
+ return y + 1;
+ // CHECK: {{AddressSanitizer: initialization-order-fiasco}}
+ // CHECK: {{READ of size .* at 0x.* thread T0}}
+ // CHECK: {{0x.* is located 0 bytes inside of global variable .*(y|z).*}}
+}
+
+// This initializer begins our initialization order problems.
+static int x = initX();
+
+int main() {
+ // ASan should have caused an exit before main runs.
+ printf("PASS\n");
+ // CHECK-NOT: PASS
+ return 0;
+}
diff --git a/test/asan/TestCases/initialization-constexpr.cc b/test/asan/TestCases/initialization-constexpr.cc
new file mode 100644
index 000000000000..644246186e02
--- /dev/null
+++ b/test/asan/TestCases/initialization-constexpr.cc
@@ -0,0 +1,27 @@
+// Constexpr:
+// We need to check that a global variable initialized with a constexpr
+// constructor can be accessed during dynamic initialization (as a constexpr
+// constructor implies that it was initialized during constant initialization,
+// not dynamic initialization).
+
+// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O3 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+
+class Integer {
+ private:
+ int value;
+
+ public:
+ constexpr Integer(int x = 0) : value(x) {}
+ int getValue() {return value;}
+};
+Integer coolestInteger(42);
+int getCoolestInteger() { return coolestInteger.getValue(); }
+
+int main() { return 0; }
diff --git a/test/asan/TestCases/initialization-nobug.cc b/test/asan/TestCases/initialization-nobug.cc
new file mode 100644
index 000000000000..1249deb425aa
--- /dev/null
+++ b/test/asan/TestCases/initialization-nobug.cc
@@ -0,0 +1,48 @@
+// A collection of various initializers which shouldn't trip up initialization
+// order checking. If successful, this will just return 0.
+
+// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-nobug-extra.cc -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-nobug-extra.cc -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-nobug-extra.cc -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+// RUN: %clangxx_asan -O3 %s %p/Helpers/initialization-nobug-extra.cc -o %t
+// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
+
+// Simple access:
+// Make sure that accessing a global in the same TU is safe
+
+bool condition = true;
+int initializeSameTU() {
+ return condition ? 0x2a : 052;
+}
+int sameTU = initializeSameTU();
+
+// Linker initialized:
+// Check that access to linker initialized globals originating from a different
+// TU's initializer is safe.
+
+int A = (1 << 1) + (1 << 3) + (1 << 5), B;
+int getAB() {
+ return A * B;
+}
+
+// Function local statics:
+// Check that access to function local statics originating from a different
+// TU's initializer is safe.
+
+int countCalls() {
+ static int calls;
+ return ++calls;
+}
+
+// Trivial constructor, non-trivial destructor.
+struct StructWithDtor {
+ ~StructWithDtor() { }
+ int value;
+};
+StructWithDtor struct_with_dtor;
+int getStructWithDtorValue() { return struct_with_dtor.value; }
+
+int main() { return 0; }
diff --git a/test/asan/TestCases/inline.cc b/test/asan/TestCases/inline.cc
new file mode 100644
index 000000000000..daeb7b49eb22
--- /dev/null
+++ b/test/asan/TestCases/inline.cc
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t
+
+// Test that no_sanitize_address attribute applies even when the function would
+// be normally inlined.
+
+#include <stdlib.h>
+
+__attribute__((no_sanitize_address))
+int f(int *p) {
+ return *p; // BOOOM?? Nope!
+}
+
+int main(int argc, char **argv) {
+ int * volatile x = (int*)malloc(2*sizeof(int) + 2);
+ int res = f(x + 2);
+ if (res)
+ exit(0);
+ return 0;
+}
diff --git a/test/asan/TestCases/interception_failure_test.cc b/test/asan/TestCases/interception_failure_test.cc
new file mode 100644
index 000000000000..a23fe6938ca9
--- /dev/null
+++ b/test/asan/TestCases/interception_failure_test.cc
@@ -0,0 +1,22 @@
+// If user provides his own libc functions, ASan doesn't
+// intercept these functions.
+
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1 | FileCheck %s
+#include <stdlib.h>
+#include <stdio.h>
+
+extern "C" long strtol(const char *nptr, char **endptr, int base) {
+ fprintf(stderr, "my_strtol_interceptor\n");
+ return 0;
+}
+
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return (int)strtol(x, 0, 10);
+ // CHECK: my_strtol_interceptor
+ // CHECK-NOT: heap-use-after-free
+}
diff --git a/test/asan/TestCases/interface_test.cc b/test/asan/TestCases/interface_test.cc
new file mode 100644
index 000000000000..dc9d0652c8c3
--- /dev/null
+++ b/test/asan/TestCases/interface_test.cc
@@ -0,0 +1,10 @@
+// Check that user may include ASan interface header.
+// RUN: %clang_asan %s -o %t && %run %t
+// RUN: %clang_asan -x c %s -o %t && %run %t
+// RUN: %clang %s -o %t && %run %t
+// RUN: %clang -x c %s -o %t && %run %t
+#include <sanitizer/asan_interface.h>
+
+int main() {
+ return 0;
+}
diff --git a/test/asan/TestCases/intra-object-overflow.cc b/test/asan/TestCases/intra-object-overflow.cc
new file mode 100644
index 000000000000..e48a261f55cc
--- /dev/null
+++ b/test/asan/TestCases/intra-object-overflow.cc
@@ -0,0 +1,31 @@
+// RUN: %clangxx_asan -O0 -fsanitize-address-field-padding=1 %s -o %t
+// RUN: not %run %t 11 2>&1 | FileCheck %s
+// RUN: %run %t 10
+//
+// FIXME: fix 32-bits.
+// REQUIRES: asan-64-bits
+#include <stdio.h>
+#include <stdlib.h>
+class Foo {
+ public:
+ Foo() : pre1(1), pre2(2), post1(3), post2(4) {
+ }
+ virtual ~Foo() {
+ }
+ void set(int i, int val) { a[i] = val; }
+// CHECK: ERROR: AddressSanitizer: intra-object-overflow
+// CHECK: #0 {{.*}}Foo::set{{.*}}intra-object-overflow.cc:[[@LINE-2]]
+ private:
+ int pre1, pre2;
+ int a[11];
+ int post1, post2;
+};
+
+int main(int argc, char **argv) {
+ int idx = argc == 2 ? atoi(argv[1]) : 0;
+ Foo *foo = new Foo;
+ foo->set(idx, 42);
+// CHECK: #1 {{.*}}main{{.*}}intra-object-overflow.cc:[[@LINE-1]]
+// CHECK: is located 84 bytes inside of 128-byte region
+ delete foo;
+}
diff --git a/test/asan/TestCases/invalid-free.cc b/test/asan/TestCases/invalid-free.cc
new file mode 100644
index 000000000000..cb545ccc215e
--- /dev/null
+++ b/test/asan/TestCases/invalid-free.cc
@@ -0,0 +1,23 @@
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=MALLOC-CTX
+
+// Also works if no malloc context is available.
+// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+ char *x = (char*)malloc(10 * sizeof(char));
+ memset(x, 0, 10);
+ int res = x[argc];
+ free(x + 5); // BOOM
+ // CHECK: AddressSanitizer: attempting free on address{{.*}}in thread T0
+ // CHECK: invalid-free.cc:[[@LINE-2]]
+ // CHECK: is located 5 bytes inside of 10-byte region
+ // CHECK: allocated by thread T0 here:
+ // MALLOC-CTX: invalid-free.cc:[[@LINE-8]]
+ return res;
+}
diff --git a/test/asan/TestCases/large_func_test.cc b/test/asan/TestCases/large_func_test.cc
new file mode 100644
index 000000000000..6b592f8c4397
--- /dev/null
+++ b/test/asan/TestCases/large_func_test.cc
@@ -0,0 +1,53 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+__attribute__((noinline))
+static void LargeFunction(int *x, int zero) {
+ x[0]++;
+ x[1]++;
+ x[2]++;
+ x[3]++;
+ x[4]++;
+ x[5]++;
+ x[6]++;
+ x[7]++;
+ x[8]++;
+ x[9]++;
+
+ // CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
+ // CHECK: {{0x.* at pc 0x.* bp 0x.* sp 0x.*}}
+ // CHECK: {{READ of size 4 at 0x.* thread T0}}
+ x[zero + 103]++; // we should report this exact line
+ // atos incorrectly extracts the symbol name for the static functions on
+ // Darwin.
+ // CHECK-Linux: {{#0 0x.* in LargeFunction.*large_func_test.cc:}}[[@LINE-3]]
+ // CHECK-Darwin: {{#0 0x.* in .*LargeFunction.*large_func_test.cc}}:[[@LINE-4]]
+
+ x[10]++;
+ x[11]++;
+ x[12]++;
+ x[13]++;
+ x[14]++;
+ x[15]++;
+ x[16]++;
+ x[17]++;
+ x[18]++;
+ x[19]++;
+}
+
+int main(int argc, char **argv) {
+ int *x = new int[100];
+ LargeFunction(x, argc - 1);
+ // CHECK: {{ #1 0x.* in main .*large_func_test.cc:}}[[@LINE-1]]
+ // CHECK: {{0x.* is located 12 bytes to the right of 400-byte region}}
+ // CHECK: {{allocated by thread T0 here:}}
+ // CHECK-Linux: {{ #0 0x.* in operator new.*}}
+ // CHECK-Darwin: {{ #0 0x.* in .*_Zna.*}}
+ // CHECK: {{ #1 0x.* in main .*large_func_test.cc:}}[[@LINE-7]]
+ delete x;
+}
diff --git a/test/asan/TestCases/log-path_test.cc b/test/asan/TestCases/log-path_test.cc
new file mode 100644
index 000000000000..5a1d0729119a
--- /dev/null
+++ b/test/asan/TestCases/log-path_test.cc
@@ -0,0 +1,44 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// RUN: %clangxx_asan %s -o %t
+
+// Regular run.
+// RUN: not %run %t 2> %t.out
+// RUN: FileCheck %s --check-prefix=CHECK-ERROR < %t.out
+
+// Good log_path.
+// RUN: rm -f %t.log.*
+// RUN: env ASAN_OPTIONS=log_path=%t.log not %run %t 2> %t.out
+// RUN: FileCheck %s --check-prefix=CHECK-ERROR < %t.log.*
+
+// Invalid log_path.
+// RUN: env ASAN_OPTIONS=log_path=/INVALID not %run %t 2> %t.out
+// RUN: FileCheck %s --check-prefix=CHECK-INVALID < %t.out
+
+// Too long log_path.
+// RUN: env ASAN_OPTIONS=log_path=`for((i=0;i<10000;i++)); do echo -n $i; done` \
+// RUN: not %run %t 2> %t.out
+// RUN: FileCheck %s --check-prefix=CHECK-LONG < %t.out
+
+// Run w/o errors should not produce any log.
+// RUN: rm -f %t.log.*
+// RUN: env ASAN_OPTIONS=log_path=%t.log %run %t ARG ARG ARG
+// RUN: not cat %t.log.*
+
+// FIXME: log_path is not supported on Windows yet.
+// XFAIL: win32
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+ if (argc > 2) return 0;
+ char *x = (char*)malloc(10);
+ memset(x, 0, 10);
+ int res = x[argc * 10]; // BOOOM
+ free(x);
+ return res;
+}
+// CHECK-ERROR: ERROR: AddressSanitizer
+// CHECK-INVALID: ERROR: Can't open file: /INVALID
+// CHECK-LONG: ERROR: Path is too long: 01234
diff --git a/test/asan/TestCases/log_path_fork_test.cc.disabled b/test/asan/TestCases/log_path_fork_test.cc.disabled
new file mode 100644
index 000000000000..cfe90dfb54d3
--- /dev/null
+++ b/test/asan/TestCases/log_path_fork_test.cc.disabled
@@ -0,0 +1,22 @@
+// RUN: %clangxx_asan %s -o %t
+// RUN: rm -f %t.log.*
+// Set verbosity to 1 so that the log files are opened prior to fork().
+// RUN: env ASAN_OPTIONS="log_path=%t.log verbosity=1" not %run %t 2> %t.out
+// RUN: for f in %t.log.* ; do FileCheck %s < $f; done
+// RUN: [ `ls %t.log.* | wc -l` == 2 ]
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+ void *x = malloc(10);
+ free(x);
+ if (fork() == -1) return 1;
+ // There are two processes at this point, thus there should be two distinct
+ // error logs.
+ free(x);
+ return 0;
+}
+
+// CHECK: ERROR: AddressSanitizer
diff --git a/test/asan/TestCases/longjmp.cc b/test/asan/TestCases/longjmp.cc
new file mode 100644
index 000000000000..8e9f2ae195c7
--- /dev/null
+++ b/test/asan/TestCases/longjmp.cc
@@ -0,0 +1,25 @@
+// RUN: %clangxx_asan -O %s -o %t && %run %t
+
+#include <assert.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <sanitizer/asan_interface.h>
+
+static jmp_buf buf;
+
+int main() {
+ char x[32];
+ fprintf(stderr, "\nTestLongJmp\n");
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ if (0 == setjmp(buf))
+ longjmp(buf, 1);
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ // This assertion works only w/o UAR.
+ if (!__asan_get_current_fake_stack())
+ assert(!__asan_address_is_poisoned(x + 32));
+}
diff --git a/test/asan/TestCases/lsan_annotations.cc b/test/asan/TestCases/lsan_annotations.cc
new file mode 100644
index 000000000000..f52b0ff66a8d
--- /dev/null
+++ b/test/asan/TestCases/lsan_annotations.cc
@@ -0,0 +1,16 @@
+// Check that LSan annotations work fine.
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t
+
+#include <sanitizer/lsan_interface.h>
+#include <stdlib.h>
+
+int main() {
+ int *x = new int;
+ __lsan_ignore_object(x);
+ {
+ __lsan::ScopedDisabler disabler;
+ double *y = new double;
+ }
+ return 0;
+}
diff --git a/test/asan/TestCases/malloc_context_size.cc b/test/asan/TestCases/malloc_context_size.cc
new file mode 100644
index 000000000000..0d9f31598545
--- /dev/null
+++ b/test/asan/TestCases/malloc_context_size.cc
@@ -0,0 +1,27 @@
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=malloc_context_size=1:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=malloc_context_size=1:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=malloc_context_size=2 not %run %t 2>&1 | FileCheck %s --check-prefix=TWO
+
+int main() {
+ char *x = new char[20];
+ delete[] x;
+ return x[0];
+
+ // CHECK: freed by thread T{{.*}} here:
+ // CHECK-NEXT: #0 0x{{.*}} in {{operator delete( )?\[\]|wrap__ZdaPv}}
+ // CHECK-NOT: #1 0x{{.*}}
+
+ // CHECK: previously allocated by thread T{{.*}} here:
+ // CHECK-NEXT: #0 0x{{.*}} in {{operator new( )?\[\]|wrap__Znam}}
+ // CHECK-NOT: #1 0x{{.*}}
+
+ // CHECK: SUMMARY: AddressSanitizer: heap-use-after-free
+
+ // TWO: previously allocated by thread T{{.*}} here:
+ // TWO-NEXT: #0 0x{{.*}}
+ // TWO-NEXT: #1 0x{{.*}} in main {{.*}}malloc_context_size.cc
+ // TWO: SUMMARY: AddressSanitizer: heap-use-after-free
+}
diff --git a/test/asan/TestCases/malloc_fill.cc b/test/asan/TestCases/malloc_fill.cc
new file mode 100644
index 000000000000..5c926803708d
--- /dev/null
+++ b/test/asan/TestCases/malloc_fill.cc
@@ -0,0 +1,22 @@
+// Check that we fill malloc-ed memory correctly.
+// RUN: %clangxx_asan %s -o %t
+// RUN: %run %t | FileCheck %s
+// RUN: env ASAN_OPTIONS=max_malloc_fill_size=10:malloc_fill_byte=8 %run %t | FileCheck %s --check-prefix=CHECK-10-8
+// RUN: env ASAN_OPTIONS=max_malloc_fill_size=20:malloc_fill_byte=171 %run %t | FileCheck %s --check-prefix=CHECK-20-ab
+
+#include <stdio.h>
+int main(int argc, char **argv) {
+ // With asan allocator this makes sure we get memory from mmap.
+ static const int kSize = 1 << 25;
+ unsigned char *x = new unsigned char[kSize];
+ printf("-");
+ for (int i = 0; i <= 32; i++) {
+ printf("%02x", x[i]);
+ }
+ printf("-\n");
+ delete [] x;
+}
+
+// CHECK: -bebebebebebebebebebebebebebebebebebebebebebebebebebebebebebebebebe-
+// CHECK-10-8: -080808080808080808080000000000000000000000000000000000000000000000-
+// CHECK-20-ab: -abababababababababababababababababababab00000000000000000000000000-
diff --git a/test/asan/TestCases/max_redzone.cc b/test/asan/TestCases/max_redzone.cc
new file mode 100644
index 000000000000..01c25a9f3efc
--- /dev/null
+++ b/test/asan/TestCases/max_redzone.cc
@@ -0,0 +1,26 @@
+// Test max_redzone runtime option.
+
+// RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=max_redzone=16 %run %t 0 2>&1
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 1 2>&1
+// RUN: %clangxx_asan -O3 %s -o %t && env ASAN_OPTIONS=max_redzone=16 %run %t 0 2>&1
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 1 2>&1
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <sanitizer/allocator_interface.h>
+
+int main(int argc, char **argv) {
+ if (argc < 2)
+ return 1;
+ bool large_redzone = atoi(argv[1]);
+ size_t before = __sanitizer_get_heap_size();
+ void *pp[10000];
+ for (int i = 0; i < 10000; ++i)
+ pp[i] = malloc(4096 - 64);
+ size_t after = __sanitizer_get_heap_size();
+ for (int i = 0; i < 10000; ++i)
+ free(pp[i]);
+ size_t diff = after - before;
+ return !(large_redzone ? diff > 46000000 : diff < 46000000);
+}
diff --git a/test/asan/TestCases/memcmp_strict_test.cc b/test/asan/TestCases/memcmp_strict_test.cc
new file mode 100644
index 000000000000..16b7673dd547
--- /dev/null
+++ b/test/asan/TestCases/memcmp_strict_test.cc
@@ -0,0 +1,15 @@
+// RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=strict_memcmp=0 %run %t
+// RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=strict_memcmp=1 not %run %t 2>&1 | FileCheck %s
+// Default to strict_memcmp=1.
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#include <string.h>
+int main() {
+ char kFoo[] = "foo";
+ char kFubar[] = "fubar";
+ int res = memcmp(kFoo, kFubar, strlen(kFubar));
+ printf("res: %d\n", res);
+ // CHECK: AddressSanitizer: stack-buffer-overflow
+ return 0;
+}
diff --git a/test/asan/TestCases/memcmp_test.cc b/test/asan/TestCases/memcmp_test.cc
new file mode 100644
index 000000000000..3b3b8894b73c
--- /dev/null
+++ b/test/asan/TestCases/memcmp_test.cc
@@ -0,0 +1,17 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: compiler-rt-optimized
+
+#include <string.h>
+int main(int argc, char **argv) {
+ char a1[] = {argc, 2, 3, 4};
+ char a2[] = {1, 2*argc, 3, 4};
+ int res = memcmp(a1, a2, 4 + argc); // BOOM
+ // CHECK: AddressSanitizer: stack-buffer-overflow
+ // CHECK: {{#0.*memcmp}}
+ // CHECK: {{#1.*main}}
+ return res;
+}
diff --git a/test/asan/TestCases/memset_test.cc b/test/asan/TestCases/memset_test.cc
new file mode 100644
index 000000000000..e244d54deb3c
--- /dev/null
+++ b/test/asan/TestCases/memset_test.cc
@@ -0,0 +1,71 @@
+// Test that large memset/memcpy/memmove check the entire range.
+
+// RUN: %clangxx_asan -O0 -DTEST_MEMSET %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMSET
+// RUN: %clangxx_asan -O1 -DTEST_MEMSET %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMSET
+// RUN: %clangxx_asan -O2 -DTEST_MEMSET %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMSET
+// RUN: %clangxx_asan -O3 -DTEST_MEMSET %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMSET
+
+// RUN: %clangxx_asan -O0 -DTEST_MEMCPY %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMCPY
+// RUN: %clangxx_asan -O1 -DTEST_MEMCPY %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMCPY
+// RUN: %clangxx_asan -O2 -DTEST_MEMCPY %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMCPY
+// RUN: %clangxx_asan -O3 -DTEST_MEMCPY %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMCPY
+
+// RUN: %clangxx_asan -O0 -DTEST_MEMMOVE %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMMOVE
+// RUN: %clangxx_asan -O1 -DTEST_MEMMOVE %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMMOVE
+// RUN: %clangxx_asan -O2 -DTEST_MEMMOVE %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMMOVE
+// RUN: %clangxx_asan -O3 -DTEST_MEMMOVE %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMMOVE
+
+// RUN: %clangxx_asan -O2 -DTEST_MEMCPY_SIZE_OVERFLOW %s -o %t && not %run %t 2>&1 | \
+// RUN: FileCheck %s --check-prefix=CHECK-MEMCPY_SIZE_OVERFLOW
+
+#include <assert.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <sanitizer/asan_interface.h>
+
+typedef void *(*memcpy_t)(void *, const void *, size_t);
+
+int main(int argc, char **argv) {
+ char * volatile p = (char *)malloc(3000);
+ __asan_poison_memory_region(p + 512, 16);
+#if defined(TEST_MEMSET)
+ memset(p, 0, 3000);
+ assert(p[1] == 0);
+ // CHECK-MEMSET: AddressSanitizer: use-after-poison on address
+ // CHECK-MEMSET: in {{.*}}memset
+#else
+ char * volatile q = (char *)malloc(3000);
+#if defined(TEST_MEMCPY)
+ memcpy(q, p, 3000);
+ // CHECK-MEMCPY: AddressSanitizer: use-after-poison on address
+ // On Mac, memmove and memcpy are the same. Accept either one.
+ // CHECK-MEMCPY: in {{.*(memmove|memcpy)}}
+#elif defined(TEST_MEMMOVE)
+ memmove(q, p, 3000);
+ // CHECK-MEMMOVE: AddressSanitizer: use-after-poison on address
+ // CHECK-MEMMOVE: in {{.*(memmove|memcpy)}}
+#elif defined(TEST_MEMCPY_SIZE_OVERFLOW)
+ volatile memcpy_t my_memcpy = &memcpy;
+ my_memcpy(p, q, -argc);
+ // CHECK-MEMCPY_SIZE_OVERFLOW: AddressSanitizer: negative-size-param: (size=-1)
+#endif
+ assert(q[1] == 0);
+ free(q);
+#endif
+ free(p);
+ return 0;
+}
diff --git a/test/asan/TestCases/mmap_limit_mb.cc b/test/asan/TestCases/mmap_limit_mb.cc
new file mode 100644
index 000000000000..d4ffb2eac246
--- /dev/null
+++ b/test/asan/TestCases/mmap_limit_mb.cc
@@ -0,0 +1,33 @@
+// Test the mmap_limit_mb flag.
+//
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: %run %t 20 16
+// RUN: %run %t 30 1000000
+// RUN: env ASAN_OPTIONS=mmap_limit_mb=300 %run %t 20 16
+// RUN: env ASAN_OPTIONS=mmap_limit_mb=300 %run %t 20 1000000
+// RUN: env ASAN_OPTIONS=mmap_limit_mb=300 not %run %t 500 16 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=mmap_limit_mb=300 not %run %t 500 1000000 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <algorithm>
+#include <vector>
+
+int main(int argc, char **argv) {
+ assert(argc == 3);
+ long total_mb = atoi(argv[1]);
+ long allocation_size = atoi(argv[2]);
+ fprintf(stderr, "total_mb: %zd allocation_size: %zd\n", total_mb,
+ allocation_size);
+ std::vector<char *> v;
+ for (long total = total_mb << 20; total > 0; total -= allocation_size)
+ v.push_back(new char[allocation_size]);
+ for (std::vector<char *>::const_iterator it = v.begin(); it != v.end(); ++it)
+ delete[](*it);
+ fprintf(stderr, "PASS\n");
+ // CHECK: total_mmaped{{.*}}mmap_limit_mb
+ return 0;
+}
diff --git a/test/asan/TestCases/no_asan_gen_globals.c b/test/asan/TestCases/no_asan_gen_globals.c
new file mode 100644
index 000000000000..0a383da1384d
--- /dev/null
+++ b/test/asan/TestCases/no_asan_gen_globals.c
@@ -0,0 +1,11 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+//
+// Make sure __asan_gen_* strings do not end up in the symbol table.
+
+// RUN: %clang_asan %s -o %t.exe
+// RUN: nm %t.exe | FileCheck %s
+
+int x, y, z;
+int main() { return 0; }
+// CHECK-NOT: __asan_gen_
diff --git a/test/asan/TestCases/null_deref.cc b/test/asan/TestCases/null_deref.cc
new file mode 100644
index 000000000000..875d65f2852f
--- /dev/null
+++ b/test/asan/TestCases/null_deref.cc
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+__attribute__((noinline))
+static void NullDeref(int *ptr) {
+ // CHECK: ERROR: AddressSanitizer: SEGV on unknown address
+ // CHECK: {{0x0*000.. .*pc 0x.*}}
+ ptr[10]++; // BOOM
+ // atos on Mac cannot extract the symbol name correctly. Also, on FreeBSD 9.2
+ // the demangling function rejects local names with 'L' in front of them.
+ // CHECK: {{ #0 0x.* in .*NullDeref.*null_deref.cc:}}[[@LINE-3]]
+}
+int main() {
+ NullDeref((int*)0);
+ // CHECK: {{ #1 0x.* in main.*null_deref.cc:}}[[@LINE-1]]
+ // CHECK: AddressSanitizer can not provide additional info.
+}
diff --git a/test/asan/TestCases/on_error_callback.cc b/test/asan/TestCases/on_error_callback.cc
new file mode 100644
index 000000000000..c378c8b2de1b
--- /dev/null
+++ b/test/asan/TestCases/on_error_callback.cc
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// FIXME: __asan_on_error() is not supported on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+#include <stdlib.h>
+
+extern "C"
+void __asan_on_error() {
+ fprintf(stderr, "__asan_on_error called");
+}
+
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return x[5];
+ // CHECK: __asan_on_error called
+}
diff --git a/test/asan/TestCases/partial_right.cc b/test/asan/TestCases/partial_right.cc
new file mode 100644
index 000000000000..b60c1a597635
--- /dev/null
+++ b/test/asan/TestCases/partial_right.cc
@@ -0,0 +1,13 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <stdlib.h>
+int main(int argc, char **argv) {
+ volatile int *x = (int*)malloc(2*sizeof(int) + 2);
+ int res = x[2]; // BOOOM
+ // CHECK: {{READ of size 4 at 0x.* thread T0}}
+ // CHECK: [[ADDR:0x[01-9a-fa-f]+]] is located 0 bytes to the right of {{.*}}-byte region [{{.*}},{{.*}}[[ADDR]])
+ return res;
+}
diff --git a/test/asan/TestCases/poison_partial.cc b/test/asan/TestCases/poison_partial.cc
new file mode 100644
index 000000000000..ce9c98b7859a
--- /dev/null
+++ b/test/asan/TestCases/poison_partial.cc
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t heap 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=poison_partial=0 %run %t
+// RUN: env ASAN_OPTIONS=poison_partial=0 %run %t heap
+#include <string.h>
+char g[21];
+char *x;
+
+int main(int argc, char **argv) {
+ if (argc >= 2)
+ x = new char[21];
+ else
+ x = &g[0];
+ memset(x, 0, 21);
+ int *y = (int*)x;
+ return y[5];
+}
+// CHECK: 0 bytes to the right
diff --git a/test/asan/TestCases/print_summary.cc b/test/asan/TestCases/print_summary.cc
new file mode 100644
index 000000000000..79411c529469
--- /dev/null
+++ b/test/asan/TestCases/print_summary.cc
@@ -0,0 +1,14 @@
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=YES
+// RUN: env ASAN_OPTIONS=print_summary=false not %run %t 2>&1 | FileCheck %s --check-prefix=NO
+
+int main() {
+ char *x = new char[20];
+ delete[] x;
+ return x[0];
+ // YES: ERROR: AddressSanitizer: heap-use-after-free
+ // YES: SUMMARY: AddressSanitizer: heap-use-after-free
+ // NO: ERROR: AddressSanitizer: heap-use-after-free
+ // NO-NOT: SUMMARY: AddressSanitizer: heap-use-after-free
+}
+
diff --git a/test/asan/TestCases/printf-1.c b/test/asan/TestCases/printf-1.c
new file mode 100644
index 000000000000..5657083c5865
--- /dev/null
+++ b/test/asan/TestCases/printf-1.c
@@ -0,0 +1,25 @@
+// RUN: %clang_asan -O2 %s -o %t
+// RUN: env ASAN_OPTIONS=check_printf=1 %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=check_printf=0 %run %t 2>&1 | FileCheck %s
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#include <stdio.h>
+#if defined(_WIN32)
+# define snprintf _snprintf
+#endif
+
+int main() {
+ volatile char c = '0';
+ volatile int x = 12;
+ volatile float f = 1.239;
+ volatile char s[] = "34";
+ // Check that printf works fine under Asan.
+ printf("%c %d %.3f %s\n", c, x, f, s);
+ // CHECK: 0 12 1.239 34
+ // Check that snprintf works fine under Asan.
+ char buf[4];
+ snprintf(buf, 1000, "qwe");
+ printf("%s\n", buf);
+ // CHECK: qwe
+ return 0;
+}
diff --git a/test/asan/TestCases/printf-2.c b/test/asan/TestCases/printf-2.c
new file mode 100644
index 000000000000..e9cb47e24c15
--- /dev/null
+++ b/test/asan/TestCases/printf-2.c
@@ -0,0 +1,27 @@
+// RUN: %clang_asan -O2 %s -o %t
+// We need replace_str=0 and replace_intrin=0 to avoid reporting errors in
+// strlen() and memcpy() called by printf().
+// RUN: env ASAN_OPTIONS=replace_str=0:replace_intrin=0:check_printf=1 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+// RUN: env ASAN_OPTIONS=replace_str=0:replace_intrin=0:check_printf=0 %run %t 2>&1 | FileCheck --check-prefix=CHECK-OFF %s
+// RUN: env ASAN_OPTIONS=replace_str=0:replace_intrin=0 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+
+// FIXME: printf is not intercepted on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+int main() {
+ volatile char c = '0';
+ volatile int x = 12;
+ volatile float f = 1.239;
+ volatile char s[] = "34";
+ char *p = strdup((const char *)s);
+ free(p);
+ printf("%c %d %.3f %s\n", c, x, f, p);
+ return 0;
+ // Check that %s is sanitized.
+ // CHECK-ON: heap-use-after-free
+ // CHECK-ON-NOT: 0 12 1.239 34
+ // CHECK-OFF: 0 12 1.239
+}
diff --git a/test/asan/TestCases/printf-3.c b/test/asan/TestCases/printf-3.c
new file mode 100644
index 000000000000..d16833d83c6e
--- /dev/null
+++ b/test/asan/TestCases/printf-3.c
@@ -0,0 +1,22 @@
+// RUN: %clang_asan -O2 %s -o %t
+// RUN: env ASAN_OPTIONS=check_printf=1 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+// RUN: env ASAN_OPTIONS=check_printf=0 %run %t 2>&1 | FileCheck --check-prefix=CHECK-OFF %s
+// RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+
+// FIXME: printf is not intercepted on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+int main() {
+ volatile char c = '0';
+ volatile int x = 12;
+ volatile float f = 1.239;
+ volatile char s[] = "34";
+ volatile int n[1];
+ printf("%c %d %.3f %s%n\n", c, x, f, s, &n[1]);
+ return 0;
+ // Check that %n is sanitized.
+ // CHECK-ON: stack-buffer-overflow
+ // CHECK-ON-NOT: 0 12 1.239 34
+ // CHECK-OFF: 0 12 1.239 34
+}
diff --git a/test/asan/TestCases/printf-4.c b/test/asan/TestCases/printf-4.c
new file mode 100644
index 000000000000..e269211d4871
--- /dev/null
+++ b/test/asan/TestCases/printf-4.c
@@ -0,0 +1,23 @@
+// RUN: %clang_asan -O2 %s -o %t
+// We need replace_str=0 and replace_intrin=0 to avoid reporting errors in
+// strlen() and memcpy() called by puts().
+// RUN: env ASAN_OPTIONS=replace_str=0:replace_intrin=0:check_printf=1 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+// RUN: env ASAN_OPTIONS=replace_str=0:replace_intrin=0 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+
+// FIXME: printf is not intercepted on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+int main() {
+ volatile char c = '0';
+ volatile int x = 12;
+ volatile float f = 1.239;
+ volatile char s[] = "34";
+ volatile char buf[2];
+ sprintf((char *)buf, "%c %d %.3f %s\n", c, x, f, s);
+ puts((const char *)buf);
+ return 0;
+ // Check that size of output buffer is sanitized.
+ // CHECK-ON: stack-buffer-overflow
+ // CHECK-ON-NOT: 0 12 1.239 34
+}
diff --git a/test/asan/TestCases/printf-5.c b/test/asan/TestCases/printf-5.c
new file mode 100644
index 000000000000..ac2c1c4b2997
--- /dev/null
+++ b/test/asan/TestCases/printf-5.c
@@ -0,0 +1,25 @@
+// RUN: %clang_asan -O2 %s -o %t
+// We need replace_intrin=0 to avoid reporting errors in memcpy.
+// RUN: env ASAN_OPTIONS=replace_intrin=0:check_printf=1 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+// RUN: env ASAN_OPTIONS=replace_intrin=0:check_printf=0 %run %t 2>&1 | FileCheck --check-prefix=CHECK-OFF %s
+// RUN: env ASAN_OPTIONS=replace_intrin=0 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-ON %s
+
+// FIXME: printf is not intercepted on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+#include <string.h>
+int main() {
+ volatile char c = '0';
+ volatile int x = 12;
+ volatile float f = 1.239;
+ volatile char s[] = "34";
+ volatile char fmt[2];
+ memcpy((char *)fmt, "%c %d %f %s\n", sizeof(fmt));
+ printf((char *)fmt, c, x, f, s);
+ return 0;
+ // Check that format string is sanitized.
+ // CHECK-ON: stack-buffer-overflow
+ // CHECK-ON-NOT: 0 12 1.239 34
+ // CHECK-OFF: 0
+}
diff --git a/test/asan/TestCases/sanity_check_pure_c.c b/test/asan/TestCases/sanity_check_pure_c.c
new file mode 100644
index 000000000000..c3a43c8cacb2
--- /dev/null
+++ b/test/asan/TestCases/sanity_check_pure_c.c
@@ -0,0 +1,21 @@
+// Sanity checking a test in pure C.
+// RUN: %clang_asan -O2 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+// Sanity checking a test in pure C with -pie.
+// RUN: %clang_asan -O2 %s -pie -fPIE -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return x[5];
+ // CHECK: heap-use-after-free
+ // CHECK: free
+ // CHECK: main{{.*}}sanity_check_pure_c.c:[[@LINE-4]]
+ // CHECK: malloc
+ // CHECK: main{{.*}}sanity_check_pure_c.c:[[@LINE-7]]
+}
diff --git a/test/asan/TestCases/sleep_before_dying.c b/test/asan/TestCases/sleep_before_dying.c
new file mode 100644
index 000000000000..28ae0bf66d47
--- /dev/null
+++ b/test/asan/TestCases/sleep_before_dying.c
@@ -0,0 +1,10 @@
+// RUN: %clang_asan -O2 %s -o %t
+// RUN: env ASAN_OPTIONS="sleep_before_dying=1" not %run %t 2>&1 | FileCheck %s
+
+#include <stdlib.h>
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return x[5];
+ // CHECK: Sleeping for 1 second
+}
diff --git a/test/asan/TestCases/stack-buffer-overflow-with-position.cc b/test/asan/TestCases/stack-buffer-overflow-with-position.cc
new file mode 100644
index 000000000000..88f5825baf42
--- /dev/null
+++ b/test/asan/TestCases/stack-buffer-overflow-with-position.cc
@@ -0,0 +1,44 @@
+// RUN: %clangxx_asan -O2 %s -o %t
+// RUN: not %run %t -2 2>&1 | FileCheck --check-prefix=CHECK-m2 %s
+// RUN: not %run %t -1 2>&1 | FileCheck --check-prefix=CHECK-m1 %s
+// RUN: %run %t 0
+// RUN: %run %t 8
+// RUN: not %run %t 9 2>&1 | FileCheck --check-prefix=CHECK-9 %s
+// RUN: not %run %t 10 2>&1 | FileCheck --check-prefix=CHECK-10 %s
+// RUN: not %run %t 30 2>&1 | FileCheck --check-prefix=CHECK-30 %s
+// RUN: not %run %t 31 2>&1 | FileCheck --check-prefix=CHECK-31 %s
+// RUN: not %run %t 41 2>&1 | FileCheck --check-prefix=CHECK-41 %s
+// RUN: not %run %t 42 2>&1 | FileCheck --check-prefix=CHECK-42 %s
+// RUN: not %run %t 62 2>&1 | FileCheck --check-prefix=CHECK-62 %s
+// RUN: not %run %t 63 2>&1 | FileCheck --check-prefix=CHECK-63 %s
+// RUN: not %run %t 73 2>&1 | FileCheck --check-prefix=CHECK-73 %s
+// RUN: not %run %t 74 2>&1 | FileCheck --check-prefix=CHECK-74 %s
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+int main(int argc, char **argv) {
+ assert(argc >= 2);
+ int idx = atoi(argv[1]);
+ char AAA[10], BBB[10], CCC[10];
+ memset(AAA, 0, sizeof(AAA));
+ memset(BBB, 0, sizeof(BBB));
+ memset(CCC, 0, sizeof(CCC));
+ int res = 0;
+ char *p = AAA + idx;
+ printf("AAA: %p\ny: %p\nz: %p\np: %p\n", AAA, BBB, CCC, p);
+ // make sure BBB and CCC are not removed;
+ return *(short*)(p) + BBB[argc % 2] + CCC[argc % 2];
+}
+// CHECK-m2: 'AAA' <== {{.*}}underflows this variable
+// CHECK-m1: 'AAA' <== {{.*}}partially underflows this variable
+// CHECK-9: 'AAA' <== {{.*}}partially overflows this variable
+// CHECK-10: 'AAA' <== {{.*}}overflows this variable
+// CHECK-30: 'BBB' <== {{.*}}underflows this variable
+// CHECK-31: 'BBB' <== {{.*}}partially underflows this variable
+// CHECK-41: 'BBB' <== {{.*}}partially overflows this variable
+// CHECK-42: 'BBB' <== {{.*}}overflows this variable
+// CHECK-62: 'CCC' <== {{.*}}underflows this variable
+// CHECK-63: 'CCC' <== {{.*}}partially underflows this variable
+// CHECK-73: 'CCC' <== {{.*}}partially overflows this variable
+// CHECK-74: 'CCC' <== {{.*}}overflows this variable
diff --git a/test/asan/TestCases/stack-buffer-overflow.cc b/test/asan/TestCases/stack-buffer-overflow.cc
new file mode 100644
index 000000000000..bd0c4772cc84
--- /dev/null
+++ b/test/asan/TestCases/stack-buffer-overflow.cc
@@ -0,0 +1,16 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <string.h>
+int main(int argc, char **argv) {
+ char x[10];
+ memset(x, 0, 10);
+ int res = x[argc * 10]; // BOOOM
+ // CHECK: {{READ of size 1 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.* in main .*stack-buffer-overflow.cc:}}[[@LINE-2]]
+ // CHECK: {{Address 0x.* is located in stack of thread T0 at offset}}
+ // CHECK-NEXT: in{{.*}}main{{.*}}stack-buffer-overflow.cc
+ return res;
+}
diff --git a/test/asan/TestCases/stack-frame-demangle.cc b/test/asan/TestCases/stack-frame-demangle.cc
new file mode 100644
index 000000000000..11a8b38e6724
--- /dev/null
+++ b/test/asan/TestCases/stack-frame-demangle.cc
@@ -0,0 +1,22 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <string.h>
+
+namespace XXX {
+struct YYY {
+ static int ZZZ(int x) {
+ char array[10];
+ memset(array, 0, 10);
+ return array[x]; // BOOOM
+ // CHECK: ERROR: AddressSanitizer: stack-buffer-overflow
+ // CHECK: READ of size 1 at
+ // CHECK: is located in stack of thread T0 at offset
+ // CHECK: XXX::YYY::ZZZ
+ }
+};
+} // namespace XXX
+
+int main(int argc, char **argv) {
+ int res = XXX::YYY::ZZZ(argc + 10);
+ return res;
+}
diff --git a/test/asan/TestCases/stack-oob-frames.cc b/test/asan/TestCases/stack-oob-frames.cc
new file mode 100644
index 000000000000..3b5d511b2681
--- /dev/null
+++ b/test/asan/TestCases/stack-oob-frames.cc
@@ -0,0 +1,59 @@
+// RUN: %clangxx_asan -O1 %s -o %t
+// RUN: not %run %t 0 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: not %run %t 1 2>&1 | FileCheck %s --check-prefix=CHECK1
+// RUN: not %run %t 2 2>&1 | FileCheck %s --check-prefix=CHECK2
+// RUN: not %run %t 3 2>&1 | FileCheck %s --check-prefix=CHECK3
+
+#define NOINLINE __attribute__((noinline))
+inline void break_optimization(void *arg) {
+ __asm__ __volatile__("" : : "r" (arg) : "memory");
+}
+
+NOINLINE static void Frame0(int frame, char *a, char *b, char *c) {
+ char s[4] = {0};
+ char *d = s;
+ break_optimization(&d);
+ switch (frame) {
+ case 3: a[5]++; break;
+ case 2: b[5]++; break;
+ case 1: c[5]++; break;
+ case 0: d[5]++; break;
+ }
+}
+NOINLINE static void Frame1(int frame, char *a, char *b) {
+ char c[4] = {0}; Frame0(frame, a, b, c);
+ break_optimization(0);
+}
+NOINLINE static void Frame2(int frame, char *a) {
+ char b[4] = {0}; Frame1(frame, a, b);
+ break_optimization(0);
+}
+NOINLINE static void Frame3(int frame) {
+ char a[4] = {0}; Frame2(frame, a);
+ break_optimization(0);
+}
+
+int main(int argc, char **argv) {
+ if (argc != 2) return 1;
+ Frame3(argv[1][0] - '0');
+}
+
+// CHECK0: AddressSanitizer: stack-buffer-overflow
+// CHECK0: #0{{.*}}Frame0
+// CHECK0: #1{{.*}}Frame1
+// CHECK0: #2{{.*}}Frame2
+// CHECK0: #3{{.*}}Frame3
+// CHECK0: is located in stack of thread T0 at offset
+// CHECK0-NEXT: #0{{.*}}Frame0
+//
+// CHECK1: AddressSanitizer: stack-buffer-overflow
+// CHECK1: is located in stack of thread T0 at offset
+// CHECK1-NEXT: #0{{.*}}Frame1
+//
+// CHECK2: AddressSanitizer: stack-buffer-overflow
+// CHECK2: is located in stack of thread T0 at offset
+// CHECK2-NEXT: #0{{.*}}Frame2
+//
+// CHECK3: AddressSanitizer: stack-buffer-overflow
+// CHECK3: is located in stack of thread T0 at offset
+// CHECK3-NEXT: #0{{.*}}Frame3
diff --git a/test/asan/TestCases/stack-overflow.cc b/test/asan/TestCases/stack-overflow.cc
new file mode 100644
index 000000000000..7542d56b6db8
--- /dev/null
+++ b/test/asan/TestCases/stack-overflow.cc
@@ -0,0 +1,114 @@
+// Test ASan detection of stack-overflow condition.
+
+// RUN: %clangxx_asan -O0 %s -DSMALL_FRAME -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -DSMALL_FRAME -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -DSAVE_ALL_THE_REGISTERS -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -DSAVE_ALL_THE_REGISTERS -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+
+// RUN: %clangxx_asan -O0 %s -DTHREAD -DSMALL_FRAME -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -DTHREAD -DSMALL_FRAME -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -DTHREAD -DSAVE_ALL_THE_REGISTERS -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -DTHREAD -DSAVE_ALL_THE_REGISTERS -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -DTHREAD -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -DTHREAD -pthread -o %t && env ASAN_OPTIONS=use_sigaltstack=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// REQUIRES: stable-runtime
+
+#include <assert.h>
+#include <stdlib.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sanitizer/asan_interface.h>
+
+const int BS = 1024;
+volatile char x;
+volatile int y = 1;
+volatile int z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11, z12, z13;
+
+void recursive_func(char *p) {
+#if defined(SMALL_FRAME)
+ char *buf = 0;
+#elif defined(SAVE_ALL_THE_REGISTERS)
+ char *buf = 0;
+ int t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12, t13;
+ t0 = z0;
+ t1 = z1;
+ t2 = z2;
+ t3 = z3;
+ t4 = z4;
+ t5 = z5;
+ t6 = z6;
+ t7 = z7;
+ t8 = z8;
+ t9 = z9;
+ t10 = z10;
+ t11 = z11;
+ t12 = z12;
+ t13 = z13;
+
+ z0 = t0;
+ z1 = t1;
+ z2 = t2;
+ z3 = t3;
+ z4 = t4;
+ z5 = t5;
+ z6 = t6;
+ z7 = t7;
+ z8 = t8;
+ z9 = t9;
+ z10 = t10;
+ z11 = t11;
+ z12 = t12;
+ z13 = t13;
+#else
+ char buf[BS];
+ // Check that the stack grows in the righ direction, unless we use fake stack.
+ if (p && !__asan_get_current_fake_stack())
+ assert(p - buf >= BS);
+ buf[rand() % BS] = 1;
+ buf[rand() % BS] = 2;
+ x = buf[rand() % BS];
+#endif
+ if (y)
+ recursive_func(buf);
+ x = 1; // prevent tail call optimization
+ // CHECK: {{stack-overflow on address 0x.* \(pc 0x.* bp 0x.* sp 0x.* T.*\)}}
+ // If stack overflow happens during function prologue, stack trace may be
+ // corrupted. Unwind tables are not always 100% exact there.
+ // For this reason, we don't do any further checks.
+}
+
+void *ThreadFn(void* unused) {
+ recursive_func(0);
+ return 0;
+}
+
+void LimitStackAndReexec(int argc, char **argv) {
+ struct rlimit rlim;
+ int res = getrlimit(RLIMIT_STACK, &rlim);
+ assert(res == 0);
+ if (rlim.rlim_cur == RLIM_INFINITY) {
+ rlim.rlim_cur = 128 * 1024;
+ res = setrlimit(RLIMIT_STACK, &rlim);
+ assert(res == 0);
+
+ execv(argv[0], argv);
+ assert(0 && "unreachable");
+ }
+}
+
+int main(int argc, char **argv) {
+ LimitStackAndReexec(argc, argv);
+#ifdef THREAD
+ pthread_t t;
+ pthread_create(&t, 0, ThreadFn, 0);
+ pthread_join(t, 0);
+#else
+ recursive_func(0);
+#endif
+ return 0;
+}
diff --git a/test/asan/TestCases/stack-use-after-return.cc b/test/asan/TestCases/stack-use-after-return.cc
new file mode 100644
index 000000000000..437c457748c4
--- /dev/null
+++ b/test/asan/TestCases/stack-use-after-return.cc
@@ -0,0 +1,80 @@
+// RUN: export ASAN_OPTIONS=detect_stack_use_after_return=1
+// RUN: %clangxx_asan -O0 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -pthread -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS=detect_stack_use_after_return=0 %run %t
+// Regression test for a CHECK failure with small stack size and large frame.
+// RUN: %clangxx_asan -O3 %s -pthread -o %t -DkSize=10000 -DUseThread -DkStackSize=65536 && not %run %t 2>&1 | FileCheck --check-prefix=THREAD %s
+//
+// Test that we can find UAR in a thread other than main:
+// RUN: %clangxx_asan -DUseThread -O2 %s -pthread -o %t && not %run %t 2>&1 | FileCheck --check-prefix=THREAD %s
+//
+// Test the max_uar_stack_size_log/min_uar_stack_size_log flag.
+//
+// RUN: env ASAN_OPTIONS=$ASAN_OPTIONS:max_uar_stack_size_log=20:verbosity=1 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-20 %s
+// RUN: env ASAN_OPTIONS=$ASAN_OPTIONS:min_uar_stack_size_log=24:max_uar_stack_size_log=24:verbosity=1 not %run %t 2>&1 | FileCheck --check-prefix=CHECK-24 %s
+
+#include <stdio.h>
+#include <pthread.h>
+
+#ifndef kSize
+# define kSize 1
+#endif
+
+#ifndef UseThread
+# define UseThread 0
+#endif
+
+#ifndef kStackSize
+# define kStackSize 0
+#endif
+
+__attribute__((noinline))
+char *Ident(char *x) {
+ fprintf(stderr, "1: %p\n", x);
+ return x;
+}
+
+__attribute__((noinline))
+char *Func1() {
+ char local[kSize];
+ return Ident(local);
+}
+
+__attribute__((noinline))
+void Func2(char *x) {
+ fprintf(stderr, "2: %p\n", x);
+ *x = 1;
+ // CHECK: WRITE of size 1 {{.*}} thread T0
+ // CHECK: #0{{.*}}Func2{{.*}}stack-use-after-return.cc:[[@LINE-2]]
+ // CHECK: is located in stack of thread T0 at offset
+ // CHECK: 'local' <== Memory access at offset {{16|32}} is inside this variable
+ // THREAD: WRITE of size 1 {{.*}} thread T{{[1-9]}}
+ // THREAD: #0{{.*}}Func2{{.*}}stack-use-after-return.cc:[[@LINE-6]]
+ // THREAD: is located in stack of thread T{{[1-9]}} at offset
+ // THREAD: 'local' <== Memory access at offset {{16|32}} is inside this variable
+ // CHECK-20: T0: FakeStack created:{{.*}} stack_size_log: 20
+ // CHECK-24: T0: FakeStack created:{{.*}} stack_size_log: 24
+}
+
+void *Thread(void *unused) {
+ Func2(Func1());
+ return NULL;
+}
+
+int main(int argc, char **argv) {
+#if UseThread
+ pthread_attr_t attr;
+ pthread_attr_init(&attr);
+ if (kStackSize > 0)
+ pthread_attr_setstacksize(&attr, kStackSize);
+ pthread_t t;
+ pthread_create(&t, &attr, Thread, 0);
+ pthread_attr_destroy(&attr);
+ pthread_join(t, 0);
+#else
+ Func2(Func1());
+#endif
+ return 0;
+}
diff --git a/test/asan/TestCases/strdup_oob_test.cc b/test/asan/TestCases/strdup_oob_test.cc
new file mode 100644
index 000000000000..a039568b2245
--- /dev/null
+++ b/test/asan/TestCases/strdup_oob_test.cc
@@ -0,0 +1,20 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <string.h>
+
+char kString[] = "foo";
+
+int main(int argc, char **argv) {
+ char *copy = strdup(kString);
+ int x = copy[4 + argc]; // BOOM
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ // CHECK: #0 {{.*}}main {{.*}}strdup_oob_test.cc:[[@LINE-2]]
+ // CHECK-LABEL: allocated by thread T{{.*}} here:
+ // CHECK: #{{[01]}} {{.*}}strdup
+ // CHECK-LABEL: SUMMARY
+ // CHECK: strdup_oob_test.cc:[[@LINE-6]]
+ return x;
+}
diff --git a/test/asan/TestCases/strip_path_prefix.c b/test/asan/TestCases/strip_path_prefix.c
new file mode 100644
index 000000000000..4556e9031e2d
--- /dev/null
+++ b/test/asan/TestCases/strip_path_prefix.c
@@ -0,0 +1,12 @@
+// RUN: %clang_asan -O2 %s -o %t
+// RUN: env ASAN_OPTIONS="strip_path_prefix='/'" not %run %t 2>&1 | FileCheck %s
+
+#include <stdlib.h>
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return x[5];
+ // Check that paths in error report don't start with slash.
+ // CHECK: heap-use-after-free
+ // CHECK-NOT: #0 0x{{.*}} ({{[/].*}})
+}
diff --git a/test/asan/TestCases/strncpy-overflow.cc b/test/asan/TestCases/strncpy-overflow.cc
new file mode 100644
index 000000000000..651ae22795f1
--- /dev/null
+++ b/test/asan/TestCases/strncpy-overflow.cc
@@ -0,0 +1,30 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+
+// REQUIRES: compiler-rt-optimized
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <string.h>
+#include <stdlib.h>
+int main(int argc, char **argv) {
+ char *hello = (char*)malloc(6);
+ strcpy(hello, "hello");
+ char *short_buffer = (char*)malloc(9);
+ strncpy(short_buffer, hello, 10); // BOOM
+ // CHECK: {{WRITE of size 10 at 0x.* thread T0}}
+ // CHECK-Linux: {{ #0 0x.* in .*strncpy}}
+ // CHECK-Darwin: {{ #0 0x.* in wrap_strncpy}}
+ // CHECK: {{ #1 0x.* in main .*strncpy-overflow.cc:}}[[@LINE-4]]
+ // CHECK: {{0x.* is located 0 bytes to the right of 9-byte region}}
+ // CHECK: {{allocated by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in .*malloc}}
+ // CHECK-Linux: {{ #1 0x.* in main .*strncpy-overflow.cc:}}[[@LINE-10]]
+
+ // CHECK-Darwin: {{ #0 0x.* in wrap_malloc.*}}
+ // CHECK-Darwin: {{ #1 0x.* in main .*strncpy-overflow.cc:}}[[@LINE-13]]
+ return short_buffer[8];
+}
diff --git a/test/asan/TestCases/suppressions-function.cc b/test/asan/TestCases/suppressions-function.cc
new file mode 100644
index 000000000000..c52b3c303518
--- /dev/null
+++ b/test/asan/TestCases/suppressions-function.cc
@@ -0,0 +1,29 @@
+// Check that without suppressions, we catch the issue.
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
+
+// RUN: echo "interceptor_via_fun:crash_function" > %t.supp
+// RUN: %clangxx_asan -O0 %s -o %t && ASAN_OPTIONS=suppressions=%t.supp %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+// RUN: %clangxx_asan -O3 %s -o %t && ASAN_OPTIONS=suppressions=%t.supp %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+// XFAIL: android
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void crash_function() {
+ char *a = (char *)malloc(6);
+ free(a);
+ size_t len = strlen(a); // BOOM
+ fprintf(stderr, "strlen ignored, len = %zu\n", len);
+}
+
+int main() {
+ crash_function();
+}
+
+// CHECK-CRASH: AddressSanitizer: heap-use-after-free
+// CHECK-CRASH-NOT: strlen ignored
+// CHECK-IGNORE-NOT: AddressSanitizer: heap-use-after-free
+// CHECK-IGNORE: strlen ignored
diff --git a/test/asan/TestCases/suppressions-interceptor.cc b/test/asan/TestCases/suppressions-interceptor.cc
new file mode 100644
index 000000000000..10d24fdc30a3
--- /dev/null
+++ b/test/asan/TestCases/suppressions-interceptor.cc
@@ -0,0 +1,24 @@
+// Check that without suppressions, we catch the issue.
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
+
+// RUN: echo "interceptor_name:strlen" > %t.supp
+// RUN: ASAN_OPTIONS=suppressions=%t.supp %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+// XFAIL: android
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int main() {
+ char *a = (char *)malloc(6);
+ free(a);
+ size_t len = strlen(a); // BOOM
+ fprintf(stderr, "strlen ignored, len = %zu\n", len);
+}
+
+// CHECK-CRASH: AddressSanitizer: heap-use-after-free
+// CHECK-CRASH-NOT: strlen ignored
+// CHECK-IGNORE-NOT: AddressSanitizer: heap-use-after-free
+// CHECK-IGNORE: strlen ignored
diff --git a/test/asan/TestCases/suppressions-library.cc b/test/asan/TestCases/suppressions-library.cc
new file mode 100644
index 000000000000..dfb0d4a5e030
--- /dev/null
+++ b/test/asan/TestCases/suppressions-library.cc
@@ -0,0 +1,39 @@
+// RUN: %clangxx_asan -O0 -DSHARED_LIB %s -fPIC -shared -o %t-so.so
+// RUN: %clangxx_asan -O0 %s %t-so.so -o %t
+
+// Check that without suppressions, we catch the issue.
+// RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
+
+// RUN: echo "interceptor_via_lib:%t-so.so" > %t.supp
+// RUN: ASAN_OPTIONS=suppressions=%t.supp %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s
+
+// XFAIL: android
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(SHARED_LIB)
+
+void crash_function();
+
+int main(int argc, char *argv[]) {
+ crash_function();
+ return 0;
+}
+
+#else // SHARED_LIB
+
+void crash_function() {
+ char *a = (char *)malloc(6);
+ free(a);
+ size_t len = strlen(a); // BOOM
+ fprintf(stderr, "strlen ignored, %zu\n", len);
+}
+
+#endif // SHARED_LIB
+
+// CHECK-CRASH: AddressSanitizer: heap-use-after-free
+// CHECK-CRASH-NOT: strlen ignored
+// CHECK-IGNORE-NOT: AddressSanitizer: heap-use-after-free
+// CHECK-IGNORE: strlen ignored
diff --git a/test/asan/TestCases/throw_call_test.cc b/test/asan/TestCases/throw_call_test.cc
new file mode 100644
index 000000000000..20e9a5ee565e
--- /dev/null
+++ b/test/asan/TestCases/throw_call_test.cc
@@ -0,0 +1,52 @@
+// RUN: %clangxx_asan %s -o %t && %run %t
+// http://code.google.com/p/address-sanitizer/issues/detail?id=147 (not fixed).
+// BROKEN: %clangxx_asan %s -o %t -static-libstdc++ && %run %t
+//
+// Android builds with static libstdc++ by default.
+// XFAIL: android
+
+// Clang doesn't support exceptions on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+static volatile int zero = 0;
+inline void pretend_to_do_something(void *x) {
+ __asm__ __volatile__("" : : "r" (x) : "memory");
+}
+
+__attribute__((noinline, no_sanitize_address))
+void ReallyThrow() {
+ fprintf(stderr, "ReallyThrow\n");
+ if (zero == 0)
+ throw 42;
+}
+
+__attribute__((noinline))
+void Throw() {
+ int a, b, c, d, e;
+ pretend_to_do_something(&a);
+ pretend_to_do_something(&b);
+ pretend_to_do_something(&c);
+ pretend_to_do_something(&d);
+ pretend_to_do_something(&e);
+ fprintf(stderr, "Throw stack = %p\n", &a);
+ ReallyThrow();
+}
+
+__attribute__((noinline))
+void CheckStack() {
+ int ar[100];
+ pretend_to_do_something(ar);
+ for (int i = 0; i < 100; i++)
+ ar[i] = i;
+ fprintf(stderr, "CheckStack stack = %p, %p\n", ar, ar + 100);
+}
+
+int main(int argc, char** argv) {
+ try {
+ Throw();
+ } catch(int a) {
+ fprintf(stderr, "a = %d\n", a);
+ }
+ CheckStack();
+}
diff --git a/test/asan/TestCases/throw_catch.cc b/test/asan/TestCases/throw_catch.cc
new file mode 100644
index 000000000000..bce48199dbf7
--- /dev/null
+++ b/test/asan/TestCases/throw_catch.cc
@@ -0,0 +1,64 @@
+// RUN: %clangxx_asan -O %s -o %t && %run %t
+
+// Clang doesn't support exceptions on Windows yet.
+// XFAIL: win32
+
+#include <assert.h>
+#include <stdio.h>
+#include <sanitizer/asan_interface.h>
+
+__attribute__((noinline))
+void Throw() {
+ int local;
+ fprintf(stderr, "Throw: %p\n", &local);
+ throw 1;
+}
+
+__attribute__((noinline))
+void ThrowAndCatch() {
+ int local;
+ try {
+ Throw();
+ } catch(...) {
+ fprintf(stderr, "Catch: %p\n", &local);
+ }
+}
+
+void TestThrow() {
+ char x[32];
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ ThrowAndCatch();
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ // This assertion works only w/o UAR.
+ if (!__asan_get_current_fake_stack())
+ assert(!__asan_address_is_poisoned(x + 32));
+}
+
+void TestThrowInline() {
+ char x[32];
+ fprintf(stderr, "Before: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ assert(__asan_address_is_poisoned(x + 32));
+ try {
+ Throw();
+ } catch(...) {
+ fprintf(stderr, "Catch\n");
+ }
+ fprintf(stderr, "After: %p poisoned: %d\n", &x,
+ __asan_address_is_poisoned(x + 32));
+ // FIXME: Invert this assertion once we fix
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=258
+ // This assertion works only w/o UAR.
+ if (!__asan_get_current_fake_stack())
+ assert(!__asan_address_is_poisoned(x + 32));
+}
+
+int main(int argc, char **argv) {
+ TestThrowInline();
+ TestThrow();
+}
diff --git a/test/asan/TestCases/throw_invoke_test.cc b/test/asan/TestCases/throw_invoke_test.cc
new file mode 100644
index 000000000000..ec48fc7b6a49
--- /dev/null
+++ b/test/asan/TestCases/throw_invoke_test.cc
@@ -0,0 +1,54 @@
+// RUN: %clangxx_asan %s -o %t && %run %t
+// RUN: %clangxx_asan %s -o %t -static-libstdc++ && %run %t
+
+// Clang doesn't support exceptions on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+static volatile int zero = 0;
+inline void pretend_to_do_something(void *x) {
+ __asm__ __volatile__("" : : "r" (x) : "memory");
+}
+
+__attribute__((noinline))
+void ReallyThrow() {
+ fprintf(stderr, "ReallyThrow\n");
+ try {
+ if (zero == 0)
+ throw 42;
+ else if (zero == 1)
+ throw 1.;
+ } catch(double x) {
+ }
+}
+
+__attribute__((noinline))
+void Throw() {
+ int a, b, c, d, e;
+ pretend_to_do_something(&a);
+ pretend_to_do_something(&b);
+ pretend_to_do_something(&c);
+ pretend_to_do_something(&d);
+ pretend_to_do_something(&e);
+ fprintf(stderr, "Throw stack = %p\n", &a);
+ ReallyThrow();
+}
+
+__attribute__((noinline))
+void CheckStack() {
+ int ar[100];
+ pretend_to_do_something(ar);
+ for (int i = 0; i < 100; i++)
+ ar[i] = i;
+ fprintf(stderr, "CheckStack stack = %p, %p\n", ar, ar + 100);
+}
+
+int main(int argc, char** argv) {
+ try {
+ Throw();
+ } catch(int a) {
+ fprintf(stderr, "a = %d\n", a);
+ }
+ CheckStack();
+}
+
diff --git a/test/asan/TestCases/time_interceptor.cc b/test/asan/TestCases/time_interceptor.cc
new file mode 100644
index 000000000000..89b2183bcde2
--- /dev/null
+++ b/test/asan/TestCases/time_interceptor.cc
@@ -0,0 +1,22 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// Test the time() interceptor.
+
+// There's no interceptor for time() on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+
+int main() {
+ time_t *tm = (time_t*)malloc(sizeof(time_t));
+ free(tm);
+ time_t t = time(tm);
+ printf("Time: %s\n", ctime(&t)); // NOLINT
+ // CHECK: use-after-free
+ // Regression check for
+ // https://code.google.com/p/address-sanitizer/issues/detail?id=321
+ // CHECK: SUMMARY
+ return 0;
+}
diff --git a/test/asan/TestCases/uar_and_exceptions.cc b/test/asan/TestCases/uar_and_exceptions.cc
new file mode 100644
index 000000000000..0bfe29729555
--- /dev/null
+++ b/test/asan/TestCases/uar_and_exceptions.cc
@@ -0,0 +1,43 @@
+// Test that use-after-return works with exceptions.
+// export ASAN_OPTIONS=detect_stack_use_after_return=1
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t
+
+// Clang doesn't support exceptions on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+
+volatile char *g;
+
+#ifndef FRAME_SIZE
+# define FRAME_SIZE 100
+#endif
+
+#ifndef NUM_ITER
+# define NUM_ITER 4000
+#endif
+
+#ifndef DO_THROW
+# define DO_THROW 1
+#endif
+
+void Func(int depth) {
+ char frame[FRAME_SIZE];
+ g = &frame[0];
+ if (depth)
+ Func(depth - 1);
+ else if (DO_THROW)
+ throw 1;
+}
+
+int main(int argc, char **argv) {
+ for (int i = 0; i < NUM_ITER; i++) {
+ try {
+ Func(argc * 100);
+ } catch(...) {
+ }
+ if ((i % (NUM_ITER / 10)) == 0)
+ fprintf(stderr, "done [%d]\n", i);
+ }
+ return 0;
+}
diff --git a/test/asan/TestCases/unaligned_loads_and_stores.cc b/test/asan/TestCases/unaligned_loads_and_stores.cc
new file mode 100644
index 000000000000..f1b1d0d457e1
--- /dev/null
+++ b/test/asan/TestCases/unaligned_loads_and_stores.cc
@@ -0,0 +1,52 @@
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: not %run %t A 2>&1 | FileCheck --check-prefix=CHECK-A %s
+// RUN: not %run %t B 2>&1 | FileCheck --check-prefix=CHECK-B %s
+// RUN: not %run %t C 2>&1 | FileCheck --check-prefix=CHECK-C %s
+// RUN: not %run %t D 2>&1 | FileCheck --check-prefix=CHECK-D %s
+// RUN: not %run %t E 2>&1 | FileCheck --check-prefix=CHECK-E %s
+
+// RUN: not %run %t K 2>&1 | FileCheck --check-prefix=CHECK-K %s
+// RUN: not %run %t L 2>&1 | FileCheck --check-prefix=CHECK-L %s
+// RUN: not %run %t M 2>&1 | FileCheck --check-prefix=CHECK-M %s
+// RUN: not %run %t N 2>&1 | FileCheck --check-prefix=CHECK-N %s
+// RUN: not %run %t O 2>&1 | FileCheck --check-prefix=CHECK-O %s
+
+#include <sanitizer/asan_interface.h>
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+ if (argc != 2) return 1;
+ char *x = new char[16];
+ memset(x, 0xab, 16);
+ int res = 1;
+ switch (argv[1][0]) {
+ case 'A': res = __sanitizer_unaligned_load16(x + 15); break;
+// CHECK-A ERROR: AddressSanitizer: heap-buffer-overflow on address
+// CHECK-A: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-2]]
+// CHECK-A: is located 0 bytes to the right of 16-byte region
+ case 'B': res = __sanitizer_unaligned_load32(x + 14); break;
+// CHECK-B: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ case 'C': res = __sanitizer_unaligned_load32(x + 13); break;
+// CHECK-C: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ case 'D': res = __sanitizer_unaligned_load64(x + 15); break;
+// CHECK-D: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ case 'E': res = __sanitizer_unaligned_load64(x + 9); break;
+// CHECK-E: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+
+ case 'K': __sanitizer_unaligned_store16(x + 15, 0); break;
+// CHECK-K ERROR: AddressSanitizer: heap-buffer-overflow on address
+// CHECK-K: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-2]]
+// CHECK-K: is located 0 bytes to the right of 16-byte region
+ case 'L': __sanitizer_unaligned_store32(x + 15, 0); break;
+// CHECK-L: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ case 'M': __sanitizer_unaligned_store32(x + 13, 0); break;
+// CHECK-M: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ case 'N': __sanitizer_unaligned_store64(x + 10, 0); break;
+// CHECK-N: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ case 'O': __sanitizer_unaligned_store64(x + 14, 0); break;
+// CHECK-O: main{{.*}}unaligned_loads_and_stores.cc:[[@LINE-1]]
+ }
+ delete x;
+ return res;
+}
diff --git a/test/asan/TestCases/use-after-delete.cc b/test/asan/TestCases/use-after-delete.cc
new file mode 100644
index 000000000000..8fdec8d83c80
--- /dev/null
+++ b/test/asan/TestCases/use-after-delete.cc
@@ -0,0 +1,31 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+int main() {
+ char * volatile x = new char[10];
+ delete[] x;
+ return x[5];
+ // CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
+ // CHECK: {{0x.* at pc 0x.* bp 0x.* sp 0x.*}}
+ // CHECK: {{READ of size 1 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.* in main .*use-after-delete.cc:}}[[@LINE-4]]
+ // CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.*,0x.*}}
+ // CHECK: {{freed by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in operator delete\[\]}}
+ // CHECK-Linux: {{ #1 0x.* in main .*use-after-delete.cc:}}[[@LINE-10]]
+
+ // CHECK: {{previously allocated by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in operator new\[\]}}
+ // CHECK-Linux: {{ #1 0x.* in main .*use-after-delete.cc:}}[[@LINE-16]]
+
+ // CHECK: Shadow byte legend (one shadow byte represents 8 application bytes):
+ // CHECK: Global redzone:
+ // CHECK: ASan internal:
+}
diff --git a/test/asan/TestCases/use-after-free-right.cc b/test/asan/TestCases/use-after-free-right.cc
new file mode 100644
index 000000000000..f714b44f2f1f
--- /dev/null
+++ b/test/asan/TestCases/use-after-free-right.cc
@@ -0,0 +1,36 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+// Test use-after-free report in the case when access is at the right border of
+// the allocation.
+
+#include <stdlib.h>
+int main() {
+ volatile char *x = (char*)malloc(sizeof(char));
+ free((void*)x);
+ *x = 42;
+ // CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
+ // CHECK: {{0x.* at pc 0x.* bp 0x.* sp 0x.*}}
+ // CHECK: {{WRITE of size 1 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.* in main .*use-after-free-right.cc:}}[[@LINE-4]]
+ // CHECK: {{0x.* is located 0 bytes inside of 1-byte region .0x.*,0x.*}}
+ // CHECK: {{freed by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in .*free}}
+ // CHECK-Linux: {{ #1 0x.* in main .*use-after-free-right.cc:}}[[@LINE-10]]
+
+ // CHECK-Darwin: {{ #0 0x.* in wrap_free}}
+ // CHECK-Darwin: {{ #1 0x.* in main .*use-after-free-right.cc:}}[[@LINE-13]]
+
+ // CHECK: {{previously allocated by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in .*malloc}}
+ // CHECK-Linux: {{ #1 0x.* in main .*use-after-free-right.cc:}}[[@LINE-19]]
+
+ // CHECK-Darwin: {{ #0 0x.* in wrap_malloc.*}}
+ // CHECK-Darwin: {{ #1 0x.* in main .*use-after-free-right.cc:}}[[@LINE-22]]
+}
diff --git a/test/asan/TestCases/use-after-free.cc b/test/asan/TestCases/use-after-free.cc
new file mode 100644
index 000000000000..7bc225b1ef86
--- /dev/null
+++ b/test/asan/TestCases/use-after-free.cc
@@ -0,0 +1,36 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
+// XFAIL: arm-linux-gnueabi
+// XFAIL: armv7l-unknown-linux-gnueabihf
+
+#include <stdlib.h>
+int main() {
+ char *x = (char*)malloc(10 * sizeof(char));
+ free(x);
+ return x[5];
+ // CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
+ // CHECK: {{0x.* at pc 0x.* bp 0x.* sp 0x.*}}
+ // CHECK: {{READ of size 1 at 0x.* thread T0}}
+ // CHECK: {{ #0 0x.* in main .*use-after-free.cc:}}[[@LINE-4]]
+ // CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.*,0x.*}}
+ // CHECK: {{freed by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in .*free}}
+ // CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:}}[[@LINE-10]]
+
+ // CHECK-Darwin: {{ #0 0x.* in wrap_free}}
+ // CHECK-Darwin: {{ #1 0x.* in main .*use-after-free.cc:}}[[@LINE-13]]
+
+ // CHECK: {{previously allocated by thread T0 here:}}
+
+ // CHECK-Linux: {{ #0 0x.* in .*malloc}}
+ // CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:}}[[@LINE-19]]
+
+ // CHECK-Darwin: {{ #0 0x.* in wrap_malloc.*}}
+ // CHECK-Darwin: {{ #1 0x.* in main .*use-after-free.cc:}}[[@LINE-22]]
+ // CHECK: Shadow byte legend (one shadow byte represents 8 application bytes):
+ // CHECK: Global redzone:
+ // CHECK: ASan internal:
+}
diff --git a/test/asan/TestCases/use-after-poison.cc b/test/asan/TestCases/use-after-poison.cc
new file mode 100644
index 000000000000..3b247ff531b9
--- /dev/null
+++ b/test/asan/TestCases/use-after-poison.cc
@@ -0,0 +1,20 @@
+// Check that __asan_poison_memory_region works.
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+//
+// Check that we can disable it
+// RUN: env ASAN_OPTIONS=allow_user_poisoning=0 %run %t
+
+#include <stdlib.h>
+
+extern "C" void __asan_poison_memory_region(void *, size_t);
+
+int main(int argc, char **argv) {
+ char *x = new char[16];
+ x[10] = 0;
+ __asan_poison_memory_region(x, 16);
+ int res = x[argc * 10]; // BOOOM
+ // CHECK: ERROR: AddressSanitizer: use-after-poison
+ // CHECK: main{{.*}}use-after-poison.cc:[[@LINE-2]]
+ delete [] x;
+ return res;
+}
diff --git a/test/asan/TestCases/use-after-scope-dtor-order.cc b/test/asan/TestCases/use-after-scope-dtor-order.cc
new file mode 100644
index 000000000000..7896dd30c400
--- /dev/null
+++ b/test/asan/TestCases/use-after-scope-dtor-order.cc
@@ -0,0 +1,26 @@
+// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && \
+// RUN: not %run %t 2>&1 | FileCheck %s
+// XFAIL: *
+#include <stdio.h>
+
+struct IntHolder {
+ explicit IntHolder(int *val = 0) : val_(val) { }
+ ~IntHolder() {
+ printf("Value: %d\n", *val_); // BOOM
+ // CHECK: ERROR: AddressSanitizer: stack-use-after-scope
+ // CHECK: #0 0x{{.*}} in IntHolder::~IntHolder{{.*}}use-after-scope-dtor-order.cc:[[@LINE-2]]
+ }
+ void set(int *val) { val_ = val; }
+ int *get() { return val_; }
+
+ int *val_;
+};
+
+int main(int argc, char *argv[]) {
+ // It is incorrect to use "x" int IntHolder destructor, because "x" is
+ // "destroyed" earlier as it's declared later.
+ IntHolder holder;
+ int x = argc;
+ holder.set(&x);
+ return 0;
+}
diff --git a/test/asan/TestCases/use-after-scope-inlined.cc b/test/asan/TestCases/use-after-scope-inlined.cc
new file mode 100644
index 000000000000..a0a0d9461cb9
--- /dev/null
+++ b/test/asan/TestCases/use-after-scope-inlined.cc
@@ -0,0 +1,28 @@
+// Test with "-O2" only to make sure inlining (leading to use-after-scope)
+// happens. "always_inline" is not enough, as Clang doesn't emit
+// llvm.lifetime intrinsics at -O0.
+//
+// RUN: %clangxx_asan -O2 -fsanitize=use-after-scope %s -o %t && not %run %t 2>&1 | FileCheck %s
+// XFAIL: *
+
+int *arr;
+
+__attribute__((always_inline))
+void inlined(int arg) {
+ int x[5];
+ for (int i = 0; i < arg; i++) x[i] = i;
+ arr = x;
+}
+
+int main(int argc, char *argv[]) {
+ inlined(argc);
+ return arr[argc - 1]; // BOOM
+ // CHECK: ERROR: AddressSanitizer: stack-use-after-scope
+ // CHECK: READ of size 4 at 0x{{.*}} thread T0
+ // CHECK: #0 0x{{.*}} in main
+ // CHECK: {{.*}}use-after-scope-inlined.cc:[[@LINE-4]]
+ // CHECK: Address 0x{{.*}} is located in stack of thread T0 at offset
+ // CHECK: [[OFFSET:[^ ]*]] in frame
+ // CHECK: main
+ // CHECK: {{\[}}[[OFFSET]], {{.*}}) 'x.i'
+}
diff --git a/test/asan/TestCases/use-after-scope-nobug.cc b/test/asan/TestCases/use-after-scope-nobug.cc
new file mode 100644
index 000000000000..21b085c96275
--- /dev/null
+++ b/test/asan/TestCases/use-after-scope-nobug.cc
@@ -0,0 +1,15 @@
+// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && %run %t
+// XFAIL: *
+
+#include <stdio.h>
+
+int main() {
+ int *p = 0;
+ // Variable goes in and out of scope.
+ for (int i = 0; i < 3; i++) {
+ int x = 0;
+ p = &x;
+ }
+ printf("PASSED\n");
+ return 0;
+}
diff --git a/test/asan/TestCases/use-after-scope-temp.cc b/test/asan/TestCases/use-after-scope-temp.cc
new file mode 100644
index 000000000000..f9bd779ac1a2
--- /dev/null
+++ b/test/asan/TestCases/use-after-scope-temp.cc
@@ -0,0 +1,29 @@
+// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && \
+// RUN: %run %t 2>&1 | FileCheck %s
+//
+// Lifetime for temporaries is not emitted yet.
+// XFAIL: *
+
+#include <stdio.h>
+
+struct IntHolder {
+ explicit IntHolder(int val) : val(val) {
+ printf("IntHolder: %d\n", val);
+ }
+ int val;
+};
+
+const IntHolder *saved;
+
+void save(const IntHolder &holder) {
+ saved = &holder;
+}
+
+int main(int argc, char *argv[]) {
+ save(IntHolder(10));
+ int x = saved->val; // BOOM
+ // CHECK: ERROR: AddressSanitizer: stack-use-after-scope
+ // CHECK: #0 0x{{.*}} in main {{.*}}use-after-scope-temp.cc:[[@LINE-2]]
+ printf("saved value: %d\n", x);
+ return 0;
+}
diff --git a/test/asan/TestCases/use-after-scope.cc b/test/asan/TestCases/use-after-scope.cc
new file mode 100644
index 000000000000..f98a8e6b62e1
--- /dev/null
+++ b/test/asan/TestCases/use-after-scope.cc
@@ -0,0 +1,17 @@
+// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && \
+// RUN: not %run %t 2>&1 | FileCheck %s
+// RUN: env ASAN_OPTIONS="detect_stack_use_after_return=1" not %run %t 2>&1 | FileCheck %s
+// XFAIL: *
+
+int main() {
+ int *p = 0;
+ {
+ int x = 0;
+ p = &x;
+ }
+ return *p; // BOOM
+ // CHECK: ERROR: AddressSanitizer: stack-use-after-scope
+ // CHECK: #0 0x{{.*}} in main {{.*}}use-after-scope.cc:[[@LINE-2]]
+ // CHECK: Address 0x{{.*}} is located in stack of thread T{{.*}} at offset [[OFFSET:[^ ]+]] in frame
+ // {{\[}}[[OFFSET]], {{[0-9]+}}) 'x'
+}
diff --git a/test/asan/TestCases/zero_page_pc.cc b/test/asan/TestCases/zero_page_pc.cc
new file mode 100644
index 000000000000..5810a9fb9dde
--- /dev/null
+++ b/test/asan/TestCases/zero_page_pc.cc
@@ -0,0 +1,12 @@
+// Check that ASan correctly detects SEGV on the zero page.
+// RUN: %clangxx_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+typedef void void_f();
+int main() {
+ void_f *func = (void_f *)0x4;
+ func();
+ // x86 reports the SEGV with both address=4 and pc=4.
+ // PowerPC64 reports it with address=4 but pc still in main().
+ // CHECK: {{AddressSanitizer: SEGV.*(address|pc) 0x0*4}}
+ return 0;
+}
diff --git a/test/asan/Unit/lit.site.cfg.in b/test/asan/Unit/lit.site.cfg.in
new file mode 100644
index 000000000000..1791b6b05b1c
--- /dev/null
+++ b/test/asan/Unit/lit.site.cfg.in
@@ -0,0 +1,24 @@
+## Autogenerated by LLVM/Clang configuration.
+# Do not edit!
+
+import os
+
+# Load common config for all compiler-rt unit tests.
+lit_config.load_config(config, "@COMPILER_RT_BINARY_DIR@/unittests/lit.common.unit.configured")
+
+def push_ld_library_path(config, new_path):
+ new_ld_library_path = os.path.pathsep.join(
+ (new_path, config.environment['LD_LIBRARY_PATH']))
+ config.environment['LD_LIBRARY_PATH'] = new_ld_library_path
+
+# Setup config name.
+config.name = 'AddressSanitizer-Unit'
+
+# Setup test source and exec root. For unit tests, we define
+# it as build directory with ASan unit tests.
+# FIXME: De-hardcode this path.
+config.test_exec_root = "@COMPILER_RT_BINARY_DIR@/lib/asan/tests"
+config.test_source_root = config.test_exec_root
+
+# Set LD_LIBRARY_PATH to pick dynamic runtime up properly.
+push_ld_library_path(config, config.compiler_rt_libdir)
diff --git a/test/asan/android_commands/android_common.py b/test/asan/android_commands/android_common.py
new file mode 100644
index 000000000000..43ac7b48d770
--- /dev/null
+++ b/test/asan/android_commands/android_common.py
@@ -0,0 +1,29 @@
+import os, subprocess, tempfile
+import time
+
+ANDROID_TMPDIR = '/data/local/tmp/Output'
+ADB = os.environ.get('ADB', 'adb')
+
+verbose = False
+if os.environ.get('ANDROID_RUN_VERBOSE') == '1':
+ verbose = True
+
+def adb(args):
+ if verbose:
+ print args
+ devnull = open(os.devnull, 'w')
+ return subprocess.call([ADB] + args, stdout=devnull, stderr=subprocess.STDOUT)
+
+def pull_from_device(path):
+ tmp = tempfile.mktemp()
+ adb(['pull', path, tmp])
+ text = open(tmp, 'r').read()
+ os.unlink(tmp)
+ return text
+
+def push_to_device(path):
+ # Workaround for https://code.google.com/p/android/issues/detail?id=65857
+ dst_path = os.path.join(ANDROID_TMPDIR, os.path.basename(path))
+ tmp_path = dst_path + '.push'
+ adb(['push', path, tmp_path])
+ adb(['shell', 'cp "%s" "%s" 2>&1' % (tmp_path, dst_path)])
diff --git a/test/asan/android_commands/android_compile.py b/test/asan/android_commands/android_compile.py
new file mode 100755
index 000000000000..4b880886b0c1
--- /dev/null
+++ b/test/asan/android_commands/android_compile.py
@@ -0,0 +1,36 @@
+#!/usr/bin/python
+
+import os, sys, subprocess
+from android_common import *
+
+
+here = os.path.abspath(os.path.dirname(sys.argv[0]))
+android_run = os.path.join(here, 'android_run.py')
+
+output = None
+output_type = 'executable'
+
+args = sys.argv[1:]
+while args:
+ arg = args.pop(0)
+ if arg == '-shared':
+ output_type = 'shared'
+ elif arg == '-c':
+ output_type = 'object'
+ elif arg == '-o':
+ output = args.pop(0)
+
+if output == None:
+ print "No output file name!"
+ sys.exit(1)
+
+ret = subprocess.call(sys.argv[1:])
+if ret != 0:
+ sys.exit(ret)
+
+if output_type in ['executable', 'shared']:
+ push_to_device(output)
+
+if output_type == 'executable':
+ os.rename(output, output + '.real')
+ os.symlink(android_run, output)
diff --git a/test/asan/android_commands/android_run.py b/test/asan/android_commands/android_run.py
new file mode 100755
index 000000000000..7f8c612a0cf0
--- /dev/null
+++ b/test/asan/android_commands/android_run.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python
+
+import os, sys, subprocess, tempfile
+from android_common import *
+
+ANDROID_TMPDIR = '/data/local/tmp/Output'
+
+here = os.path.abspath(os.path.dirname(sys.argv[0]))
+device_binary = os.path.join(ANDROID_TMPDIR, os.path.basename(sys.argv[0]))
+
+def build_env():
+ args = []
+ # Android linker ignores RPATH. Set LD_LIBRARY_PATH to Output dir.
+ args.append('LD_LIBRARY_PATH=%s:%s' %
+ (ANDROID_TMPDIR, os.environ.get('LD_LIBRARY_PATH', '')))
+ for (key, value) in os.environ.items():
+ if key in ['ASAN_OPTIONS']:
+ args.append('%s="%s"' % (key, value))
+ return ' '.join(args)
+
+device_env = build_env()
+device_args = ' '.join(sys.argv[1:]) # FIXME: escape?
+device_stdout = device_binary + '.stdout'
+device_stderr = device_binary + '.stderr'
+device_exitcode = device_binary + '.exitcode'
+ret = adb(['shell', 'cd %s && %s asanwrapper %s %s >%s 2>%s ; echo $? >%s' %
+ (ANDROID_TMPDIR, device_env, device_binary, device_args,
+ device_stdout, device_stderr, device_exitcode)])
+if ret != 0:
+ sys.exit(ret)
+
+sys.stdout.write(pull_from_device(device_stdout))
+sys.stderr.write(pull_from_device(device_stderr))
+sys.exit(int(pull_from_device(device_exitcode)))
diff --git a/test/asan/lit.cfg b/test/asan/lit.cfg
new file mode 100644
index 000000000000..82a36de9cdda
--- /dev/null
+++ b/test/asan/lit.cfg
@@ -0,0 +1,153 @@
+# -*- Python -*-
+
+import os
+import platform
+
+def get_required_attr(config, attr_name):
+ attr_value = getattr(config, attr_name, None)
+ if attr_value == None:
+ lit_config.fatal(
+ "No attribute %r in test configuration! You may need to run "
+ "tests from your build directory or add this attribute "
+ "to lit.site.cfg " % attr_name)
+ return attr_value
+
+def push_dynamic_library_lookup_path(config, new_path):
+ if platform.system() == 'Windows':
+ dynamic_library_lookup_var = 'PATH'
+ else:
+ dynamic_library_lookup_var = 'LD_LIBRARY_PATH'
+
+ new_ld_library_path = os.path.pathsep.join(
+ (new_path, config.environment[dynamic_library_lookup_var]))
+ config.environment[dynamic_library_lookup_var] = new_ld_library_path
+
+# Setup config name.
+config.name = 'AddressSanitizer' + config.name_suffix
+
+# Setup source root.
+config.test_source_root = os.path.dirname(__file__)
+
+# GCC-ASan doesn't link in all the necessary libraries automatically, so
+# we have to do it ourselves.
+if config.compiler_id == 'GNU':
+ extra_linkflags = ["-pthread", "-lstdc++"]
+else:
+ extra_linkflags = []
+
+# There is no libdl on FreeBSD.
+if config.compiler_id == 'GNU' and config.host_os != 'FreeBSD':
+ extra_linkflags += ["-ldl"]
+
+# Setup default compiler flags used with -fsanitize=address option.
+# FIXME: Review the set of required flags and check if it can be reduced.
+target_cflags = [get_required_attr(config, "target_cflags")] + extra_linkflags
+target_cxxflags = config.cxx_mode_flags + target_cflags
+clang_asan_static_cflags = (["-fsanitize=address",
+ "-mno-omit-leaf-frame-pointer",
+ "-fno-omit-frame-pointer",
+ "-fno-optimize-sibling-calls"] +
+ config.debug_info_flags + target_cflags)
+clang_asan_static_cxxflags = config.cxx_mode_flags + clang_asan_static_cflags
+
+if config.asan_dynamic:
+ clang_asan_cflags = clang_asan_static_cflags + ['-shared-libasan']
+ clang_asan_cxxflags = clang_asan_static_cxxflags + ['-shared-libasan']
+ config.available_features.add("asan-dynamic-runtime")
+else:
+ clang_asan_cflags = clang_asan_static_cflags
+ clang_asan_cxxflags = clang_asan_static_cxxflags
+ config.available_features.add("asan-static-runtime")
+
+asan_lit_source_dir = get_required_attr(config, "asan_lit_source_dir")
+if config.android == "1":
+ config.available_features.add('android')
+ clang_wrapper = os.path.join(asan_lit_source_dir,
+ "android_commands", "android_compile.py") + " "
+else:
+ config.available_features.add('not-android')
+ clang_wrapper = ""
+
+def build_invocation(compile_flags):
+ return " " + " ".join([clang_wrapper, config.clang] + compile_flags) + " "
+
+config.substitutions.append( ("%clang ", build_invocation(target_cflags)) )
+config.substitutions.append( ("%clangxx ", build_invocation(target_cxxflags)) )
+config.substitutions.append( ("%clang_asan ", build_invocation(clang_asan_cflags)) )
+config.substitutions.append( ("%clangxx_asan ", build_invocation(clang_asan_cxxflags)) )
+config.substitutions.append( ("%shared_libasan", "libclang_rt.asan-%s.so" % config.target_arch))
+if config.asan_dynamic:
+ config.substitutions.append( ("%clang_asan_static ", build_invocation(clang_asan_static_cflags)) )
+ config.substitutions.append( ("%clangxx_asan_static ", build_invocation(clang_asan_static_cxxflags)) )
+
+# Windows-specific tests might also use the clang-cl.exe driver.
+if platform.system() == 'Windows':
+ clang_cl_asan_cxxflags = ["-fsanitize=address",
+ "-Wno-deprecated-declarations",
+ "-WX",
+ "-D_HAS_EXCEPTIONS=0",
+ "-Zi"] + target_cflags
+ if config.asan_dynamic:
+ clang_cl_asan_cxxflags.append("-MD")
+ clang_invocation = build_invocation(clang_cl_asan_cxxflags)
+ clang_cl_invocation = clang_invocation.replace("clang.exe","clang-cl.exe")
+ config.substitutions.append( ("%clang_cl_asan ", clang_cl_invocation) )
+ config.substitutions.append( ("%asan_dll_thunk",
+ os.path.join(config.compiler_rt_libdir, "clang_rt.asan_dll_thunk-i386.lib")))
+
+# FIXME: De-hardcode this path.
+asan_source_dir = os.path.join(
+ get_required_attr(config, "compiler_rt_src_root"), "lib", "asan")
+# Setup path to asan_symbolize.py script.
+asan_symbolize = os.path.join(asan_source_dir, "scripts", "asan_symbolize.py")
+if not os.path.exists(asan_symbolize):
+ lit_config.fatal("Can't find script on path %r" % asan_symbolize)
+python_exec = get_required_attr(config, "python_executable")
+config.substitutions.append( ("%asan_symbolize", python_exec + " " + asan_symbolize + " ") )
+# Setup path to sancov.py script.
+sanitizer_common_source_dir = os.path.join(
+ get_required_attr(config, "compiler_rt_src_root"), "lib", "sanitizer_common")
+sancov = os.path.join(sanitizer_common_source_dir, "scripts", "sancov.py")
+if not os.path.exists(sancov):
+ lit_config.fatal("Can't find script on path %r" % sancov)
+python_exec = get_required_attr(config, "python_executable")
+config.substitutions.append( ("%sancov", python_exec + " " + sancov + " ") )
+
+# Determine kernel bitness
+if config.host_arch.find('64') != -1 and config.android != "1":
+ kernel_bits = '64'
+else:
+ kernel_bits = '32'
+
+config.substitutions.append( ('CHECK-%kernel_bits', ("CHECK-kernel-" + kernel_bits + "-bits")))
+
+config.available_features.add("asan-" + config.bits + "-bits")
+
+# Allow tests to use REQUIRES=stable-runtime. For use when you cannot use XFAIL
+# because the test hangs.
+if config.target_arch != 'arm':
+ config.available_features.add('stable-runtime')
+
+# Turn on leak detection on 64-bit Linux.
+if config.host_os == 'Linux' and config.target_arch == 'x86_64':
+ config.available_features.add('leak-detection')
+
+# Set LD_LIBRARY_PATH to pick dynamic runtime up properly.
+push_dynamic_library_lookup_path(config, config.compiler_rt_libdir)
+
+# GCC-ASan uses dynamic runtime by default.
+if config.compiler_id == 'GNU':
+ gcc_dir = os.path.dirname(config.clang)
+ libasan_dir = os.path.join(gcc_dir, "..", "lib" + config.bits)
+ push_dynamic_library_lookup_path(config, libasan_dir)
+
+# Default test suffixes.
+config.suffixes = ['.c', '.cc', '.cpp']
+
+if config.host_os == 'Darwin':
+ config.suffixes.append('.mm')
+
+# AddressSanitizer tests are currently supported on Linux, Darwin and
+# FreeBSD only.
+if config.host_os not in ['Linux', 'Darwin', 'FreeBSD']:
+ config.unsupported = True
diff --git a/test/asan/lit.site.cfg.in b/test/asan/lit.site.cfg.in
new file mode 100644
index 000000000000..332f9ad9f828
--- /dev/null
+++ b/test/asan/lit.site.cfg.in
@@ -0,0 +1,19 @@
+## Autogenerated by LLVM/Clang configuration.
+# Do not edit!
+
+# Tool-specific config options.
+config.name_suffix = "@ASAN_TEST_CONFIG_SUFFIX@"
+config.asan_lit_source_dir = "@ASAN_LIT_SOURCE_DIR@"
+config.target_cflags = "@ASAN_TEST_TARGET_CFLAGS@"
+config.clang = "@ASAN_TEST_TARGET_CC@"
+config.llvm_tools_dir = "@LLVM_TOOLS_BINARY_DIR@"
+config.bits = "@ASAN_TEST_BITS@"
+config.android = "@ANDROID@"
+config.asan_dynamic = @ASAN_TEST_DYNAMIC@
+config.target_arch = "@ASAN_TEST_TARGET_ARCH@"
+
+# Load common config for all compiler-rt lit tests.
+lit_config.load_config(config, "@COMPILER_RT_BINARY_DIR@/test/lit.common.configured")
+
+# Load tool-specific config that would do the real work.
+lit_config.load_config(config, "@ASAN_LIT_SOURCE_DIR@/lit.cfg")