[clang] [compiler-rt] [llvm] [TySan] A Type Sanitizer (Runtime Library) (PR #76261)

Shafik Yaghmour via cfe-commits Tue, 17 Dec 2024 18:54:29 -0800

================
@@ -0,0 +1,65 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t 10 >%t.out.0 2>&1
+// RUN: FileCheck %s < %t.out.0
+// RUN: %clang_tysan -O2 %s -o %t && %run %t 10 >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void __attribute__((noinline)) add_flt(float *a) {
+  *a += 2.0f;
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: READ of size 4 at {{.*}} with type float accesses an existing 
object of type int
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-3]]
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: WRITE of size 4 at {{.*}} with type float accesses an existing 
object of type int
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-6]]
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: READ of size 4 at {{.*}} with type float accesses an existing 
object of type long
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-9]]
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: WRITE of size 4 at {{.*}} with type float accesses an existing 
object of type long
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-12]]
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: READ of size 4 at {{.*}} with type float accesses part of an 
existing object of type long that starts at offset -4
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-15]]
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: WRITE of size 4 at {{.*}} with type float accesses part of an 
existing object of type long that starts at offset -4
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-18]]
+  // CHECK: ERROR: TypeSanitizer: type-aliasing-violation
+  // CHECK: READ of size 4 at {{.*}} with type float partially accesses an 
object of type short that starts at offset 2
+  // CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-21]]
+}
+
+int main(int argc, char *argv[]) {
+  int x = atoi(argv[1]);
+  add_flt((float *)&x);
+  printf("x = %d\n", x);
+
+  long y = x;
+  add_flt((float *)&y);
+  printf("y = %ld\n", y);
+
+  add_flt(((float *)&y) + 1);
+  printf("y = %ld\n", y);
+
+  char *mem = (char *)malloc(4 * sizeof(short));
+  memset(mem, 0, 4 * sizeof(short));
+  *(short *)(mem + 2) = x;
----------------
shafik wrote:


So if I am reading the diagnostics correctly it looks like writes to malloc'ed 
memory does implicit object creation and subsequent read/write will be flagged 
based on that?

Some more explanatory comments in this test like you have in other tests would 
be super helpful.

https://github.com/llvm/llvm-project/pull/76261
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [compiler-rt] [llvm] [TySan] A Type Sanitizer (Runtime Library) (PR #76261)

Reply via email to