!fixup Add tests from bugtracker.

fhahn · fhahn · commit e2caf4e44614 · 2024-04-22T22:16:09.000+01:00
diff --git a/compiler-rt/test/tysan/violation-pr45282.c b/compiler-rt/test/tysan/violation-pr45282.c
@@ -0,0 +1,32 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// https://github.com/llvm/llvm-project/issues/45282
+
+#include <stdio.h>
+
+int main(void) {
+
+  double a[29], b[20];
+  int i, j;
+
+  for (i = 0; i < 20; ++i) {
+    b[i] = 2.01f + 1.f;
+    ((float *)a)[i] = 2.01f * 2.0145f;
+    ((float *)a + 38)[i] = 2.01f * 1.0123f;
+  }
+
+// CHECK:      TypeSanitizer: type-aliasing-violation on address
+// CHECK-NEXT: WRITE of size 8 at {{.+}} with type double accesses an existing object of type float
+// CHECK-NEXT:   in main violation-pr45282.c:25
+
+  // loop of problems
+  for (j = 2; j <= 4; ++j) {
+    a[j - 1] = ((float *)a)[j] * ((float *)a + 38)[j - 1];
+    ((float *)a + 38)[j - 1] = ((float *)a)[j - 1] + b[j - 1];
+  }
+
+  printf("((float *)a + 38)[2] = %f\n", ((float *)a + 38)[2]);
+
+  return 0;
+}
diff --git a/compiler-rt/test/tysan/violation-pr47137.c b/compiler-rt/test/tysan/violation-pr47137.c
@@ -0,0 +1,40 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// https://github.com/llvm/llvm-project/issues/47137
+#include <stdio.h>
+#include <stdlib.h>
+
+void f(int m) {
+  int n = (4 * m + 2) / 3;
+  uint64_t *a = malloc(n * sizeof(uint64_t));
+  uint64_t *b = malloc(n * sizeof(uint64_t));
+  uint64_t aa[] = {0xffff3e0000000001, 0x22eaf0b680a88c16, 0x5a65d25ac40e20f3,
+                   0x34e7ac346236953e, 0x9dea3e0a26c6ba89, 0x0000000000000000,
+                   0x0000000000000000, 0x0000000000000000};
+  uint64_t bb[] = {0x0000000024c0ffff, 0x000000004634d940, 0x00000000219d18ef,
+                   0x0000000000154519, 0x000000000000035f, 0x0000000000000000,
+                   0x0000000000000000, 0x0000000000000000};
+  char l[20];
+  l[0] = 0;
+  for (int i = 0; i < n; i++) {
+    a[i] = aa[i] + l[0] - '0';
+    b[i] = bb[i] + l[0] - '0';
+  }
+
+// CHECK:      TypeSanitizer: type-aliasing-violation on address
+// CHECK-NEXT: READ of size 2 at {{.+}} with type short accesses an existing object of type long long
+// CHECK-NEXT:    in f violation-pr47137.c:30
+  for (int i = 0, j = 0; j < 4 * m; i += 4, j += 3) {
+    for (int k = 0; k < 3; k++) {
+      ((uint16_t *)a)[j + k] = ((uint16_t *)a)[i + k];
+      ((uint16_t *)b)[j + k] = ((uint16_t *)b)[i + k];
+    }
+  }
+
+  printf("a: %016llx\n", a[0]);
+  free(a);
+  free(b);
+}
+
+int main() { f(6); }
diff --git a/compiler-rt/test/tysan/violation-pr51837.c b/compiler-rt/test/tysan/violation-pr51837.c
@@ -0,0 +1,34 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+#include <stdint.h>
+#include <stdio.h>
+
+// CHECK-NOT: TypeSanitizer
+
+union a {
+  int16_t b;
+  uint64_t c;
+} d;
+
+uint64_t *e = &d.c;
+static uint16_t f(int16_t a, int32_t b, uint64_t c);
+static int64_t g(int32_t aa, uint8_t h, union a bb) {
+  int16_t *i = &d.b;
+  f(0, h, 0);
+  *i = h;
+  return 0;
+}
+uint16_t f(int16_t a, int32_t b, uint64_t c) {
+  for (d.c = 0; 0;)
+    ;
+  *e = 0;
+  return 0;
+}
+
+int main() {
+  uint32_t j = 8;
+  g(1, j, d);
+  printf("%d\n", d.b);
+  return 0;
+}
diff --git a/compiler-rt/test/tysan/violation-pr62544.c b/compiler-rt/test/tysan/violation-pr62544.c
@@ -0,0 +1,24 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// https://github.com/llvm/llvm-project/issues/62544
+
+int printf(const char *, ...);
+int a, b, c;
+long d;
+int main() {
+  short *e = &a;
+  int *f = &a;
+  *f = 0;
+  for (; b <= 9; b++) {
+    int **g = &f;
+    *f = d;
+    *g = &c;
+  }
+
+// CHECK:      TypeSanitizer: type-aliasing-violation on address
+// CHECK-NEXT: WRITE of size 2 at {{.+}} with type short accesses an existing object of type int
+// CHECK-NEXT:   in main violation-pr62544.c:22
+  *e = 3;
+  printf("%d\n", a);
+}
diff --git a/compiler-rt/test/tysan/violation-pr62828.cpp b/compiler-rt/test/tysan/violation-pr62828.cpp
@@ -0,0 +1,44 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// https://github.com/llvm/llvm-project/issues/62828
+#include <stdio.h>
+
+typedef int int_v8[8];
+typedef short short_v8[8];
+short *test1(int_v8 *cast_c_array, short_v8 *shuf_c_array1, int *ptr) {
+  int *input1 = reinterpret_cast<int *>(((int_v8 *)(cast_c_array)));
+  short *input2 = reinterpret_cast<short *>(reinterpret_cast<int_v8 *>(input1));
+
+  short *output1 = reinterpret_cast<short *>(((short_v8 *)(shuf_c_array1)));
+  short *output2 =
+      reinterpret_cast<short *>(reinterpret_cast<short_v8 *>(output1));
+
+  for (int r = 0; r < 8; ++r) {
+    int tmp = (int)((r * 4) + ptr[r]);
+    if ((ptr[r] / 4) == 0) {
+      int *input = reinterpret_cast<int *>(((int_v8 *)(cast_c_array)));
+      input[r] = tmp;
+    }
+  }
+
+// CHECK:      ERROR: TypeSanitizer: type-aliasing-violation on address
+// CHECK-NEXT: READ of size 2 at {{.+}} with type short accesses an existing object of type int
+// CHECK-NEXT:    in test1(int (*) [8], short (*) [8], int*) violation-pr62828.cpp:29
+  for (int i3 = 0; i3 < 4; ++i3) {
+    output2[i3] = input2[(i3 * 2)];
+  }
+  return output2;
+}
+
+int main() {
+  int_v8 in[4] = {{4, 4, 4, 4}};
+  short_v8 out[4] = {{0}};
+  int ptr[8] = {2};
+  test1(in, out, ptr);
+  short *p = reinterpret_cast<short *>(out);
+  for (int i = 0; i < 32; i++) {
+    printf("%d ", p[i]);
+  }
+  return 0;
+}
diff --git a/compiler-rt/test/tysan/violation-pr68655.cpp b/compiler-rt/test/tysan/violation-pr68655.cpp
@@ -0,0 +1,40 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// https://github.com/llvm/llvm-project/issues/68655
+struct S1 {
+  long long a;
+  long long b;
+};
+
+// CHECK: TypeSanitizer: type-aliasing-violation on address
+// CHECK-NEXT:  READ of size 4 at {{.+}} with type int accesses an existing object of type long long (in S1 at offset 0)
+// CHECK-NEXT: in copyMem(S1*, S1*) violation-pr68655.cpp:19
+
+void inline copyMem(S1 *dst, S1 *src) {
+  unsigned *d = reinterpret_cast<unsigned *>(dst);
+  unsigned *s = reinterpret_cast<unsigned *>(src);
+
+  for (int i = 0; i < sizeof(S1) / sizeof(unsigned); i++) {
+    *d = *s;
+    d++;
+    s++;
+  }
+}
+
+void math(S1 *dst, int *srcA, int idx_t) {
+  S1 zero[4];
+  for (int i = 0; i < 2; i++) {
+    zero[i].a = i + idx_t;
+    zero[i].b = i * idx_t;
+  }
+
+  copyMem(&dst[idx_t], &zero[srcA[idx_t]]);
+}
+
+int main() {
+  S1 dst = {0};
+  int Src[2] = {0, 0};
+  math(&dst, &Src[0], 0);
+  return 0;
+}
diff --git a/compiler-rt/test/tysan/violation-pr86685.c b/compiler-rt/test/tysan/violation-pr86685.c
@@ -0,0 +1,29 @@
+// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+#include <stdio.h>
+#include <stdlib.h>
+
+// Violation reported in https://github.com/llvm/llvm-project/issues/86685.
+void foo(int *s, float *f, long n) {
+  for (long i = 0; i < n; ++i) {
+    *f = 2;
+    if (i == 1)
+      break;
+
+// CHECK:      TypeSanitizer: type-aliasing-violation on address
+// CHECK-NEXT: WRITE of size 4 at {{.+}} with type int accesses an existing object of type float
+// CHECK-NEXT:   #0 {{.+}} in foo violation-pr86685.c:17
+    *s = 4;
+  }
+}
+
+int main(void) {
+  union {
+    int s;
+    float f;
+  } u = {0};
+  foo(&u.s, &u.f, 2);
+  printf("%.f\n", u.f);
+  return 0;
+}
