1 // Test that use-after-return works with arguments passed by value.
2 // RUN: %clangxx_asan -O0 %s -o %t
3 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | \
4 // RUN:     FileCheck --check-prefix=CHECK-NO-UAR %s
5 // RUN: not %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | \
6 // RUN:     FileCheck --check-prefix=CHECK-UAR %s
7 //
8 // On several architectures, the IR does not use byval arguments for foo() and
9 // instead creates a copy in main() and gives foo() a pointer to the copy.  In
10 // that case, ASAN has nothing to poison on return from foo() and will not
11 // detect the UAR.
12 // REQUIRES: x86_64-target-arch, linux, !android
13 
14 #include <cstdio>
15 
16 struct A {
17   int a[8];
18 };
19 
20 A *foo(A a) {
21   return &a;
22 }
23 
24 int main() {
25   A *a = foo(A());
26   a->a[0] = 7;
27   std::fprintf(stderr, "\n");  // Ensures some output is generated for FileCheck
28                                // to verify in the case where UAR is not
29                                // detected.
30 }
31 
32 // CHECK-NO-UAR-NOT: ERROR: AddressSanitizer: stack-use-after-return
33 // CHECK-NO-UAR-NOT: WRITE of size 4 at
34 // CHECK-NO-UAR-NOT: Memory access at offset {{[0-9]+}} is inside this variable
35 //
36 // CHECK-UAR: ERROR: AddressSanitizer: stack-use-after-return
37 // CHECK-UAR: WRITE of size 4 at
38 // CHECK-UAR: Memory access at offset {{[0-9]+}} is inside this variable
39