blob: e31e4b3090a48fe3fb24ed16010e889922e57be6 [file] [log] [blame]
// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -g %s -O3 -o %t
// RUN: export UBSAN_OPTIONS=print_stacktrace=1
// RUN: %run %t rT && %run %t mT && %run %t fT && %run %t cT
// RUN: %run %t rU && %run %t mU && %run %t fU && %run %t cU
// RUN: %run %t rS && %run %t rV && %run %t oV
// RUN: not %run %t mS 2>&1 | FileCheck %s --check-prefix=CHECK-MEMBER --strict-whitespace
// RUN: not %run %t fS 2>&1 | FileCheck %s --check-prefix=CHECK-MEMFUN --strict-whitespace
// RUN: not %run %t cS 2>&1 | FileCheck %s --check-prefix=CHECK-DOWNCAST --strict-whitespace
// RUN: not %run %t mV 2>&1 | FileCheck %s --check-prefix=CHECK-MEMBER --strict-whitespace
// RUN: not %run %t fV 2>&1 | FileCheck %s --check-prefix=CHECK-MEMFUN --strict-whitespace
// RUN: not %run %t cV 2>&1 | FileCheck %s --check-prefix=CHECK-DOWNCAST --strict-whitespace
// RUN: not %run %t oU 2>&1 | FileCheck %s --check-prefix=CHECK-OFFSET --strict-whitespace
// RUN: not %run %t m0 2>&1 | FileCheck %s --check-prefix=CHECK-NULL-MEMBER --strict-whitespace
// RUN: (echo "vptr_check:S"; echo "vptr_check:T"; echo "vptr_check:U") > %t.supp
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t mS
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t fS
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t cS
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t mV
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t fV
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t cV
// RUN: UBSAN_OPTIONS="suppressions='%t.supp'" %run %t oU
// RUN: echo "vptr_check:S" > %t.loc-supp
// RUN: UBSAN_OPTIONS="suppressions='%t.loc-supp'" not %run %t x- 2>&1 | FileCheck %s --check-prefix=CHECK-LOC-SUPPRESS
// REQUIRES: stable-runtime
#include <new>
#include <assert.h>
#include <stdio.h>
struct S {
S() : a(0) {}
~S() {}
int a;
int f() { return 0; }
virtual int v() { return 0; }
};
struct T : S {
T() : b(0) {}
int b;
int g() { return 0; }
virtual int v() { return 1; }
};
struct U : S, T { virtual int v() { return 2; } };
struct V : S {};
// Make p global so that lsan does not complain.
T *p = 0;
int access_p(T *p, char type);
int main(int argc, char **argv) {
assert(argc > 1);
fprintf(stderr, "Test case: %s\n", argv[1]);
T t;
(void)t.a;
(void)t.b;
(void)t.f();
(void)t.g();
(void)t.v();
(void)t.S::v();
U u;
(void)u.T::a;
(void)u.b;
(void)u.T::f();
(void)u.g();
(void)u.v();
(void)u.T::v();
(void)((T&)u).S::v();
char Buffer[sizeof(U)] = {};
char TStorage[sizeof(T)];
switch (argv[1][1]) {
case '0':
p = reinterpret_cast<T*>(Buffer);
break;
case 'S':
// Make sure p points to the memory chunk of sufficient size to prevent ASan
// reports about out-of-bounds access.
p = reinterpret_cast<T*>(new(TStorage) S);
break;
case 'T':
p = new T;
break;
case 'U':
p = new U;
break;
case 'V':
p = reinterpret_cast<T*>(new U);
break;
}
access_p(p, argv[1][0]);
return 0;
}
int access_p(T *p, char type) {
switch (type) {
case 'r':
// Binding a reference to storage of appropriate size and alignment is OK.
{T &r = *p;}
return 0;
case 'x':
for (int i = 0; i < 2; i++) {
// Check that the first iteration ("S") succeeds, while the second ("V") fails.
p = reinterpret_cast<T*>((i == 0) ? new S : new V);
// CHECK-LOC-SUPPRESS: vptr.cpp:[[@LINE+5]]:7: runtime error: member call on address [[PTR:0x[0-9a-f]*]] which does not point to an object of type 'T'
// CHECK-LOC-SUPPRESS-NEXT: [[PTR]]: note: object is of type 'V'
// CHECK-LOC-SUPPRESS-NEXT: {{^ .. .. .. .. .. .. .. .. .. .. .. .. }}
// CHECK-LOC-SUPPRESS-NEXT: {{^ \^~~~~~~~~~~(~~~~~~~~~~~~)? *$}}
// CHECK-LOC-SUPPRESS-NEXT: {{^ vptr for 'V'}}
p->g();
}
return 0;
case 'm':
// CHECK-MEMBER: vptr.cpp:[[@LINE+6]]:15: runtime error: member access within address [[PTR:0x[0-9a-f]*]] which does not point to an object of type 'T'
// CHECK-MEMBER-NEXT: [[PTR]]: note: object is of type [[DYN_TYPE:'S'|'U']]
// CHECK-MEMBER-NEXT: {{^ .. .. .. .. .. .. .. .. .. .. .. .. }}
// CHECK-MEMBER-NEXT: {{^ \^~~~~~~~~~~(~~~~~~~~~~~~)? *$}}
// CHECK-MEMBER-NEXT: {{^ vptr for}} [[DYN_TYPE]]
// CHECK-MEMBER-NEXT: #0 {{.*}}access_p{{.*}}vptr.cpp:[[@LINE+1]]
return p->b;
// CHECK-NULL-MEMBER: vptr.cpp:[[@LINE-2]]:15: runtime error: member access within address [[PTR:0x[0-9a-f]*]] which does not point to an object of type 'T'
// CHECK-NULL-MEMBER-NEXT: [[PTR]]: note: object has invalid vptr
// CHECK-NULL-MEMBER-NEXT: {{^ ?.. .. .. .. ?00 00 00 00 ?00 00 00 00 ?}}
// CHECK-NULL-MEMBER-NEXT: {{^ \^~~~~~~~~~~(~~~~~~~~~~~~)? *$}}
// CHECK-NULL-MEMBER-NEXT: {{^ invalid vptr}}
// CHECK-NULL-MEMBER-NEXT: #0 {{.*}}access_p{{.*}}vptr.cpp:[[@LINE-7]]
case 'f':
// CHECK-MEMFUN: vptr.cpp:[[@LINE+6]]:12: runtime error: member call on address [[PTR:0x[0-9a-f]*]] which does not point to an object of type 'T'
// CHECK-MEMFUN-NEXT: [[PTR]]: note: object is of type [[DYN_TYPE:'S'|'U']]
// CHECK-MEMFUN-NEXT: {{^ .. .. .. .. .. .. .. .. .. .. .. .. }}
// CHECK-MEMFUN-NEXT: {{^ \^~~~~~~~~~~(~~~~~~~~~~~~)? *$}}
// CHECK-MEMFUN-NEXT: {{^ vptr for}} [[DYN_TYPE]]
// TODO: Add check for stacktrace here.
return p->g();
case 'o':
// CHECK-OFFSET: vptr.cpp:[[@LINE+6]]:12: runtime error: member call on address [[PTR:0x[0-9a-f]*]] which does not point to an object of type 'U'
// CHECK-OFFSET-NEXT: 0x{{[0-9a-f]*}}: note: object is base class subobject at offset {{8|16}} within object of type [[DYN_TYPE:'U']]
// CHECK-OFFSET-NEXT: {{^ .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. }}
// CHECK-OFFSET-NEXT: {{^ \^ ( ~~~~~~~~~~~~)?~~~~~~~~~~~ *$}}
// CHECK-OFFSET-NEXT: {{^ ( )?vptr for}} 'T' base class of [[DYN_TYPE]]
// CHECK-OFFSET-NEXT: #0 {{.*}}access_p{{.*}}vptr.cpp:[[@LINE+1]]
return reinterpret_cast<U*>(p)->v() - 2;
case 'c':
// CHECK-DOWNCAST: vptr.cpp:[[@LINE+6]]:11: runtime error: downcast of address [[PTR:0x[0-9a-f]*]] which does not point to an object of type 'T'
// CHECK-DOWNCAST-NEXT: [[PTR]]: note: object is of type [[DYN_TYPE:'S'|'U']]
// CHECK-DOWNCAST-NEXT: {{^ .. .. .. .. .. .. .. .. .. .. .. .. }}
// CHECK-DOWNCAST-NEXT: {{^ \^~~~~~~~~~~(~~~~~~~~~~~~)? *$}}
// CHECK-DOWNCAST-NEXT: {{^ vptr for}} [[DYN_TYPE]]
// CHECK-DOWNCAST-NEXT: #0 {{.*}}access_p{{.*}}vptr.cpp:[[@LINE+1]]
(void)static_cast<T*>(reinterpret_cast<S*>(p));
return 0;
}
}