1 // Test that use-after-return works with arguments passed by value. 2 // RUN: %clangxx_asan -O0 %s -o %t 3 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | \ 4 // RUN: FileCheck --check-prefix=CHECK-NO-UAR %s 5 // RUN: not %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | \ 6 // RUN: FileCheck --check-prefix=CHECK-UAR %s 7 // 8 // On several architectures, the IR does not use byval arguments for foo() and 9 // instead creates a copy in main() and gives foo() a pointer to the copy. In 10 // that case, ASAN has nothing to poison on return from foo() and will not 11 // detect the UAR. 12 // REQUIRES: x86_64-target-arch, linux, !android 13 14 #include <cstdio> 15 16 struct A { 17 int a[8]; 18 }; 19 20 A *foo(A a) { 21 return &a; 22 } 23 24 int main() { 25 A *a = foo(A()); 26 a->a[0] = 7; 27 std::fprintf(stderr, "\n"); // Ensures some output is generated for FileCheck 28 // to verify in the case where UAR is not 29 // detected. 30 } 31 32 // CHECK-NO-UAR-NOT: ERROR: AddressSanitizer: stack-use-after-return 33 // CHECK-NO-UAR-NOT: WRITE of size 4 at 34 // CHECK-NO-UAR-NOT: Memory access at offset {{[0-9]+}} is inside this variable 35 // 36 // CHECK-UAR: ERROR: AddressSanitizer: stack-use-after-return 37 // CHECK-UAR: WRITE of size 4 at 38 // CHECK-UAR: Memory access at offset {{[0-9]+}} is inside this variable 39