<div dir="ltr">Sorry for the breakage and thanks for the revert. <div>Re-committed as r260128, this time with a Linux-only test</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Feb 7, 2016 at 1:41 PM, Nico Weber via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: nico<br>
Date: Sun Feb 7 15:41:37 2016<br>
New Revision: 260059<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=260059&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=260059&view=rev</a><br>
Log:<br>
Revert r259961, r259978, r259981.<br>
<br>
The "sanitizer-windows" buildbot has been failing for two days because of this:<br>
<br>
FAILED: cl.exe asan_report.cc<br>
asan_scariness_score.h(60) : error C2536:<br>
'__asan::ScarinessScore::__asan::ScarinessScore::descr' :<br>
cannot specify explicit initializer for arrays<br>
asan_scariness_score.h(60) : see declaration of '__asan::ScarinessScore::descr'<br>
<br>
Removed:<br>
compiler-rt/trunk/lib/asan/asan_scariness_score.h<br>
compiler-rt/trunk/test/asan/TestCases/scariness_score_test.cc<br>
Modified:<br>
compiler-rt/trunk/lib/asan/asan_flags.inc<br>
compiler-rt/trunk/lib/asan/asan_report.cc<br>
<br>
Modified: compiler-rt/trunk/lib/asan/asan_flags.inc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_flags.inc?rev=260059&r1=260058&r2=260059&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_flags.inc?rev=260059&r1=260058&r2=260059&view=diff</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/asan/asan_flags.inc (original)<br>
+++ compiler-rt/trunk/lib/asan/asan_flags.inc Sun Feb 7 15:41:37 2016<br>
@@ -77,8 +77,6 @@ ASAN_FLAG(bool, print_stats, false,<br>
"Print various statistics after printing an error message or if "<br>
"atexit=1.")<br>
ASAN_FLAG(bool, print_legend, true, "Print the legend for the shadow bytes.")<br>
-ASAN_FLAG(bool, print_scariness, false,<br>
- "Print the scariness score. Experimental.")<br>
ASAN_FLAG(bool, atexit, false,<br>
"If set, prints ASan exit stats even after program terminates "<br>
"successfully.")<br>
<br>
Modified: compiler-rt/trunk/lib/asan/asan_report.cc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_report.cc?rev=260059&r1=260058&r2=260059&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_report.cc?rev=260059&r1=260058&r2=260059&view=diff</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/asan/asan_report.cc (original)<br>
+++ compiler-rt/trunk/lib/asan/asan_report.cc Sun Feb 7 15:41:37 2016<br>
@@ -16,7 +16,6 @@<br>
#include "asan_internal.h"<br>
#include "asan_mapping.h"<br>
#include "asan_report.h"<br>
-#include "asan_scariness_score.h"<br>
#include "asan_stack.h"<br>
#include "asan_thread.h"<br>
#include "sanitizer_common/sanitizer_common.h"<br>
@@ -748,7 +747,6 @@ void ReportStackOverflow(const SignalCon<br>
(void *)sig.addr, (void *)sig.pc, (void *)sig.bp, (void *)sig.sp,<br>
GetCurrentTidOrInvalid());<br>
Printf("%s", d.EndWarning());<br>
- ScarinessScore::PrintSimple(15, "stack-overflow");<br>
GET_STACK_TRACE_SIGNAL(sig);<br>
stack.Print();<br>
ReportErrorSummary("stack-overflow", &stack);<br>
@@ -764,26 +762,14 @@ void ReportDeadlySignal(const char *desc<br>
description, (void *)sig.addr, (void *)sig.pc, (void *)sig.bp,<br>
(void *)sig.sp, GetCurrentTidOrInvalid());<br>
Printf("%s", d.EndWarning());<br>
- ScarinessScore SS;<br>
if (sig.pc < GetPageSizeCached())<br>
Report("Hint: pc points to the zero page.\n");<br>
if (sig.is_memory_access) {<br>
Report("The signal is caused by a %s memory access.\n",<br>
sig.is_write ? "WRITE" : "READ");<br>
- if (sig.addr < GetPageSizeCached()) {<br>
+ if (sig.addr < GetPageSizeCached())<br>
Report("Hint: address points to the zero page.\n");<br>
- SS.Scare(10, "null-deref");<br>
- } else if (sig.addr == sig.pc) {<br>
- SS.Scare(60, "wild-jump");<br>
- } else if (sig.is_write) {<br>
- SS.Scare(30, "wild-addr-write");<br>
- } else {<br>
- SS.Scare(20, "wild-addr-read");<br>
- }<br>
- } else {<br>
- SS.Scare(10, "signal");<br>
}<br>
- SS.Print();<br>
GET_STACK_TRACE_SIGNAL(sig);<br>
stack.Print();<br>
MaybeDumpInstructionBytes(sig.pc);<br>
@@ -803,7 +789,6 @@ void ReportDoubleFree(uptr addr, Buffere<br>
ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)));<br>
Printf("%s", d.EndWarning());<br>
CHECK_GT(free_stack->size, 0);<br>
- ScarinessScore::PrintSimple(42, "double-free");<br>
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);<br>
stack.Print();<br>
DescribeHeapAddress(addr, 1);<br>
@@ -826,7 +811,6 @@ void ReportNewDeleteSizeMismatch(uptr ad<br>
" size of the deallocated type: %zd bytes.\n",<br>
asan_mz_size(reinterpret_cast<void*>(addr)), delete_size);<br>
CHECK_GT(free_stack->size, 0);<br>
- ScarinessScore::PrintSimple(10, "new-delete-type-mismatch");<br>
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);<br>
stack.Print();<br>
DescribeHeapAddress(addr, 1);<br>
@@ -846,7 +830,6 @@ void ReportFreeNotMalloced(uptr addr, Bu<br>
curr_tid, ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)));<br>
Printf("%s", d.EndWarning());<br>
CHECK_GT(free_stack->size, 0);<br>
- ScarinessScore::PrintSimple(10, "bad-free");<br>
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);<br>
stack.Print();<br>
DescribeHeapAddress(addr, 1);<br>
@@ -868,7 +851,6 @@ void ReportAllocTypeMismatch(uptr addr,<br>
alloc_names[alloc_type], dealloc_names[dealloc_type], addr);<br>
Printf("%s", d.EndWarning());<br>
CHECK_GT(free_stack->size, 0);<br>
- ScarinessScore::PrintSimple(10, "alloc-dealloc-mismatch");<br>
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);<br>
stack.Print();<br>
DescribeHeapAddress(addr, 1);<br>
@@ -917,7 +899,6 @@ void ReportStringFunctionMemoryRangesOve<br>
"memory ranges [%p,%p) and [%p, %p) overlap\n", \<br>
bug_type, offset1, offset1 + length1, offset2, offset2 + length2);<br>
Printf("%s", d.EndWarning());<br>
- ScarinessScore::PrintSimple(10, bug_type);<br>
stack->Print();<br>
DescribeAddress((uptr)offset1, length1, bug_type);<br>
DescribeAddress((uptr)offset2, length2, bug_type);<br>
@@ -932,7 +913,6 @@ void ReportStringFunctionSizeOverflow(up<br>
Printf("%s", d.Warning());<br>
Report("ERROR: AddressSanitizer: %s: (size=%zd)\n", bug_type, size);<br>
Printf("%s", d.EndWarning());<br>
- ScarinessScore::PrintSimple(10, bug_type);<br>
stack->Print();<br>
DescribeAddress(offset, size, bug_type);<br>
ReportErrorSummary(bug_type, stack);<br>
@@ -1053,18 +1033,6 @@ void ReportGenericError(uptr pc, uptr bp<br>
uptr access_size, u32 exp, bool fatal) {<br>
if (!fatal && SuppressErrorReport(pc)) return;<br>
ENABLE_FRAME_POINTER;<br>
- ScarinessScore SS;<br>
-<br>
- if (access_size) {<br>
- if (access_size <= 9) {<br>
- char desr[] = "?-byte";<br>
- desr[0] = '0' + access_size;<br>
- SS.Scare(access_size + access_size / 2, desr);<br>
- } else if (access_size >= 10) {<br>
- SS.Scare(15, "multi-byte");<br>
- }<br>
- is_write ? SS.Scare(20, "write") : SS.Scare(1, "read");<br>
- }<br>
<br>
// Optimization experiments.<br>
// The experiments can be used to evaluate potential optimizations that remove<br>
@@ -1086,72 +1054,50 @@ void ReportGenericError(uptr pc, uptr bp<br>
// If we are in the partial right redzone, look at the next shadow byte.<br>
if (*shadow_addr > 0 && *shadow_addr < 128)<br>
shadow_addr++;<br>
- bool far_from_bounds = false;<br>
shadow_val = *shadow_addr;<br>
- int bug_type_score = 0;<br>
switch (shadow_val) {<br>
case kAsanHeapLeftRedzoneMagic:<br>
case kAsanHeapRightRedzoneMagic:<br>
case kAsanArrayCookieMagic:<br>
bug_descr = "heap-buffer-overflow";<br>
- bug_type_score = 10;<br>
- far_from_bounds = shadow_addr[-1] > 127 && shadow_addr[1] > 127;<br>
break;<br>
case kAsanHeapFreeMagic:<br>
bug_descr = "heap-use-after-free";<br>
- bug_type_score = 20;<br>
break;<br>
case kAsanStackLeftRedzoneMagic:<br>
bug_descr = "stack-buffer-underflow";<br>
- bug_type_score = 25;<br>
- far_from_bounds = shadow_addr[-1] > 127 && shadow_addr[1] > 127;<br>
break;<br>
case kAsanInitializationOrderMagic:<br>
bug_descr = "initialization-order-fiasco";<br>
- bug_type_score = 1;<br>
break;<br>
case kAsanStackMidRedzoneMagic:<br>
case kAsanStackRightRedzoneMagic:<br>
case kAsanStackPartialRedzoneMagic:<br>
bug_descr = "stack-buffer-overflow";<br>
- bug_type_score = 25;<br>
- far_from_bounds = shadow_addr[-1] > 127 && shadow_addr[1] > 127;<br>
break;<br>
case kAsanStackAfterReturnMagic:<br>
bug_descr = "stack-use-after-return";<br>
- bug_type_score = 30;<br>
break;<br>
case kAsanUserPoisonedMemoryMagic:<br>
bug_descr = "use-after-poison";<br>
- bug_type_score = 10;<br>
break;<br>
case kAsanContiguousContainerOOBMagic:<br>
bug_descr = "container-overflow";<br>
- bug_type_score = 10;<br>
break;<br>
case kAsanStackUseAfterScopeMagic:<br>
bug_descr = "stack-use-after-scope";<br>
- bug_type_score = 10;<br>
break;<br>
case kAsanGlobalRedzoneMagic:<br>
bug_descr = "global-buffer-overflow";<br>
- bug_type_score = 10;<br>
- far_from_bounds = shadow_addr[-1] > 127 && shadow_addr[1] > 127;<br>
break;<br>
case kAsanIntraObjectRedzone:<br>
bug_descr = "intra-object-overflow";<br>
- bug_type_score = 10;<br>
break;<br>
case kAsanAllocaLeftMagic:<br>
case kAsanAllocaRightMagic:<br>
bug_descr = "dynamic-stack-buffer-overflow";<br>
- bug_type_score = 25;<br>
- far_from_bounds = shadow_addr[-1] > 127 && shadow_addr[1] > 127;<br>
break;<br>
}<br>
- SS.Scare(bug_type_score, bug_descr);<br>
- if (far_from_bounds)<br>
- SS.Scare(10, "far-from-bounds");<br>
}<br>
<br>
ReportData report = { pc, sp, bp, addr, (bool)is_write, access_size,<br>
@@ -1174,7 +1120,6 @@ void ReportGenericError(uptr pc, uptr bp<br>
ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)),<br>
d.EndAccess());<br>
<br>
- SS.Print();<br>
GET_STACK_TRACE_FATAL(pc, bp);<br>
stack.Print();<br>
<br>
<br>
Removed: compiler-rt/trunk/lib/asan/asan_scariness_score.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_scariness_score.h?rev=260058&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_scariness_score.h?rev=260058&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/asan/asan_scariness_score.h (original)<br>
+++ compiler-rt/trunk/lib/asan/asan_scariness_score.h (removed)<br>
@@ -1,65 +0,0 @@<br>
-//===-- asan_scariness_score.h ----------------------------------*- C++ -*-===//<br>
-//<br>
-// The LLVM Compiler Infrastructure<br>
-//<br>
-// This file is distributed under the University of Illinois Open Source<br>
-// License. See LICENSE.TXT for details.<br>
-//<br>
-//===----------------------------------------------------------------------===//<br>
-//<br>
-// This file is a part of AddressSanitizer, an address sanity checker.<br>
-//<br>
-// Compute the level of scariness of the error message.<br>
-// Don't expect any deep science here, just a set of heuristics that suggest<br>
-// that e.g. 1-byte-read-global-buffer-overflow is less scary than<br>
-// 8-byte-write-stack-use-after-return.<br>
-//<br>
-// Every error report has one or more features, such as memory access size,<br>
-// type (read or write), type of accessed memory (e.g. free-d heap, or a global<br>
-// redzone), etc. Every such feature has an int score and a string description.<br>
-// The overall score is the sum of all feature scores and the description<br>
-// is a concatenation of feature descriptions.<br>
-// Examples:<br>
-// 17 (4-byte-read-heap-buffer-overflow)<br>
-// 65 (multi-byte-write-stack-use-after-return)<br>
-// 10 (null-deref)<br>
-//<br>
-//===----------------------------------------------------------------------===//<br>
-<br>
-#ifndef ASAN_SCARINESS_SCORE_H<br>
-#define ASAN_SCARINESS_SCORE_H<br>
-<br>
-#include "asan_flags.h"<br>
-#include "sanitizer_common/sanitizer_common.h"<br>
-#include "sanitizer_common/sanitizer_libc.h"<br>
-<br>
-namespace __asan {<br>
-class ScarinessScore {<br>
- public:<br>
- ScarinessScore() {}<br>
- void Scare(int add_to_score, const char *reason) {<br>
- if (descr[0])<br>
- internal_strlcat(descr, "-", sizeof(descr));<br>
- internal_strlcat(descr, reason, sizeof(descr));<br>
- score += add_to_score;<br>
- };<br>
- int GetScore() const { return score; }<br>
- const char *GetDescription() const { return descr; }<br>
- void Print() {<br>
- if (score && flags()->print_scariness)<br>
- Printf("SCARINESS: %d (%s)\n", score, descr);<br>
- }<br>
- static void PrintSimple(int score, const char *descr) {<br>
- ScarinessScore SS;<br>
- SS.Scare(score, descr);<br>
- SS.Print();<br>
- }<br>
-<br>
- private:<br>
- int score = 0;<br>
- char descr[1024] = {0};<br>
-};<br>
-<br>
-} // namespace __asan<br>
-<br>
-#endif // ASAN_SCARINESS_SCORE_H<br>
<br>
Removed: compiler-rt/trunk/test/asan/TestCases/scariness_score_test.cc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/scariness_score_test.cc?rev=260058&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/scariness_score_test.cc?rev=260058&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/asan/TestCases/scariness_score_test.cc (original)<br>
+++ compiler-rt/trunk/test/asan/TestCases/scariness_score_test.cc (removed)<br>
@@ -1,178 +0,0 @@<br>
-// Test how we produce the scariness score.<br>
-<br>
-// RUN: %clangxx_asan -O0 %s -o %t<br>
-// RUN: export %env_asan_opts=detect_stack_use_after_return=1:handle_abort=1:print_scariness=1<br>
-// RUN: not %run %t 1 2>&1 | FileCheck %s --check-prefix=CHECK1<br>
-// RUN: not %run %t 2 2>&1 | FileCheck %s --check-prefix=CHECK2<br>
-// RUN: not %run %t 3 2>&1 | FileCheck %s --check-prefix=CHECK3<br>
-// RUN: not %run %t 4 2>&1 | FileCheck %s --check-prefix=CHECK4<br>
-// RUN: not %run %t 5 2>&1 | FileCheck %s --check-prefix=CHECK5<br>
-// RUN: not %run %t 6 2>&1 | FileCheck %s --check-prefix=CHECK6<br>
-// RUN: not %run %t 7 2>&1 | FileCheck %s --check-prefix=CHECK7<br>
-// RUN: not %run %t 8 2>&1 | FileCheck %s --check-prefix=CHECK8<br>
-// RUN: not %run %t 9 2>&1 | FileCheck %s --check-prefix=CHECK9<br>
-// RUN: not %run %t 10 2>&1 | FileCheck %s --check-prefix=CHECK10<br>
-// RUN: not %run %t 11 2>&1 | FileCheck %s --check-prefix=CHECK11<br>
-// RUN: not %run %t 12 2>&1 | FileCheck %s --check-prefix=CHECK12<br>
-// RUN: not %run %t 13 2>&1 | FileCheck %s --check-prefix=CHECK13<br>
-// RUN: not %run %t 14 2>&1 | FileCheck %s --check-prefix=CHECK14<br>
-// RUN: not %run %t 15 2>&1 | FileCheck %s --check-prefix=CHECK15<br>
-// RUN: not %run %t 16 2>&1 | FileCheck %s --check-prefix=CHECK16<br>
-// RUN: not %run %t 17 2>&1 | FileCheck %s --check-prefix=CHECK17<br>
-// Stack overflow may not trigger under GNU make.<br>
-// DISABLED: not %run %t 18 2>&1 | FileCheck %s --check-prefix=CHECK18<br>
-// RUN: not %run %t 19 2>&1 | FileCheck %s --check-prefix=CHECK19<br>
-// RUN: not %run %t 20 2>&1 | FileCheck %s --check-prefix=CHECK20<br>
-// RUN: not %run %t 21 2>&1 | FileCheck %s --check-prefix=CHECK21<br>
-// RUN: not %run %t 22 2>&1 | FileCheck %s --check-prefix=CHECK22<br>
-// RUN: not %run %t 23 2>&1 | FileCheck %s --check-prefix=CHECK23<br>
-// RUN: not %run %t 24 2>&1 | FileCheck %s --check-prefix=CHECK24<br>
-// RUN: not %run %t 25 2>&1 | FileCheck %s --check-prefix=CHECK25<br>
-// RUN: not %run %t 26 2>&1 | FileCheck %s --check-prefix=CHECK26<br>
-// Parts of the test are too platform-specific:<br>
-// REQUIRES: x86_64-supported-target<br>
-#include <stdlib.h><br>
-#include <stdio.h><br>
-#include <string.h><br>
-<br>
-enum ReadOrWrite { Read = 0, Write = 1 };<br>
-<br>
-struct S32 {<br>
- char x[32];<br>
-};<br>
-<br>
-template<class T><br>
-void HeapBuferOverflow(int Idx, ReadOrWrite w) {<br>
- T *t = new T[100];<br>
- static T sink;<br>
- if (w)<br>
- t[100 + Idx] = T();<br>
- else<br>
- sink = t[100 + Idx];<br>
- delete [] t;<br>
-}<br>
-<br>
-template<class T><br>
-void HeapUseAfterFree(int Idx, ReadOrWrite w) {<br>
- T *t = new T[100];<br>
- static T sink;<br>
- sink = t[0];<br>
- delete [] t;<br>
- if (w)<br>
- t[Idx] = T();<br>
- else<br>
- sink = t[Idx];<br>
-}<br>
-<br>
-template<class T><br>
-void StackBufferOverflow(int Idx, ReadOrWrite w) {<br>
- T t[100];<br>
- static T sink;<br>
- sink = t[Idx];<br>
- if (w)<br>
- t[100 + Idx] = T();<br>
- else<br>
- sink = t[100 + Idx];<br>
-}<br>
-<br>
-template<class T><br>
-T *LeakStack() {<br>
- T t[100];<br>
- static volatile T *x;<br>
- x = &t[0];<br>
- return (T*)x;<br>
-}<br>
-<br>
-template<class T><br>
-void StackUseAfterReturn(int Idx, ReadOrWrite w) {<br>
- static T sink;<br>
- T *t = LeakStack<T>();<br>
- if (w)<br>
- t[100 + Idx] = T();<br>
- else<br>
- sink = t[100 + Idx];<br>
-}<br>
-<br>
-char g1[100];<br>
-short g2[100];<br>
-int g4[100];<br>
-int64_t g8[100];<br>
-S32 gm[100];<br>
-<br>
-void DoubleFree() {<br>
- int *x = new int;<br>
- static volatile int two = 2;<br>
- for (int i = 0; i < two; i++)<br>
- delete x;<br>
-}<br>
-<br>
-void StackOverflow(int Idx) {<br>
- int some_stack[10000];<br>
- static volatile int *x;<br>
- x = &some_stack[0];<br>
- if (Idx > 0)<br>
- StackOverflow(Idx - 1);<br>
-}<br>
-<br>
-int main(int argc, char **argv) {<br>
- char arr[100];<br>
- static volatile int zero = 0;<br>
- static volatile int *zero_ptr = 0;<br>
- static volatile int *wild_addr = (int*)0x10000000; // System-dependent.<br>
- if (argc != 2) return 1;<br>
- int kind = atoi(argv[1]);<br>
- switch (kind) {<br>
- case 1: HeapBuferOverflow<char>(0, Read); break;<br>
- case 2: HeapBuferOverflow<int>(0, Read); break;<br>
- case 3: HeapBuferOverflow<short>(0, Write); break;<br>
- case 4: HeapBuferOverflow<int64_t>(2, Write); break;<br>
- case 5: HeapBuferOverflow<S32>(4, Write); break;<br>
- case 6: HeapUseAfterFree<char>(0, Read); break;<br>
- case 7: HeapUseAfterFree<int>(0, Write); break;<br>
- case 8: HeapUseAfterFree<int64_t>(0, Read); break;<br>
- case 9: HeapUseAfterFree<S32>(0, Write); break;<br>
- case 10: StackBufferOverflow<char>(0, Write); break;<br>
- case 11: StackBufferOverflow<int64_t>(0, Read); break;<br>
- case 12: StackBufferOverflow<int>(4, Write); break;<br>
- case 13: StackUseAfterReturn<char>(0, Read); break;<br>
- case 14: StackUseAfterReturn<S32>(0, Write); break;<br>
- case 15: g1[zero + 100] = 0; break;<br>
- case 16: gm[0] = gm[zero + 100 + 1]; break;<br>
- case 17: DoubleFree(); break;<br>
- case 18: StackOverflow(1000000); break;<br>
- case 19: *zero_ptr = 0; break;<br>
- case 20: *wild_addr = 0; break;<br>
- case 21: zero = *wild_addr; break;<br>
- case 22: abort(); break;<br>
- case 23: ((void (*)(void))wild_addr)(); break;<br>
- case 24: delete (new int[10]); break;<br>
- case 25: free((char*)malloc(100) + 10); break;<br>
- case 26: memcpy(arr, arr+10, 20); break;<br>
- // CHECK1: SCARINESS: 12 (1-byte-read-heap-buffer-overflow)<br>
- // CHECK2: SCARINESS: 17 (4-byte-read-heap-buffer-overflow)<br>
- // CHECK3: SCARINESS: 33 (2-byte-write-heap-buffer-overflow)<br>
- // CHECK4: SCARINESS: 52 (8-byte-write-heap-buffer-overflow-far-from-bounds)<br>
- // CHECK5: SCARINESS: 55 (multi-byte-write-heap-buffer-overflow-far-from-bounds)<br>
- // CHECK6: SCARINESS: 22 (1-byte-read-heap-use-after-free)<br>
- // CHECK7: SCARINESS: 46 (4-byte-write-heap-use-after-free)<br>
- // CHECK8: SCARINESS: 33 (8-byte-read-heap-use-after-free)<br>
- // CHECK9: SCARINESS: 55 (multi-byte-write-heap-use-after-free)<br>
- // CHECK10: SCARINESS: 46 (1-byte-write-stack-buffer-overflow)<br>
- // CHECK11: SCARINESS: 38 (8-byte-read-stack-buffer-overflow)<br>
- // CHECK12: SCARINESS: 61 (4-byte-write-stack-buffer-overflow-far-from-bounds)<br>
- // CHECK13: SCARINESS: 32 (1-byte-read-stack-use-after-return)<br>
- // CHECK14: SCARINESS: 65 (multi-byte-write-stack-use-after-return)<br>
- // CHECK15: SCARINESS: 31 (1-byte-write-global-buffer-overflow)<br>
- // CHECK16: SCARINESS: 36 (multi-byte-read-global-buffer-overflow-far-from-bounds)<br>
- // CHECK17: SCARINESS: 42 (double-free)<br>
- // CHECK18: SCARINESS: 15 (stack-overflow)<br>
- // CHECK19: SCARINESS: 10 (null-deref)<br>
- // CHECK20: SCARINESS: 30 (wild-addr-write)<br>
- // CHECK21: SCARINESS: 20 (wild-addr-read)<br>
- // CHECK22: SCARINESS: 10 (signal)<br>
- // CHECK23: SCARINESS: 60 (wild-jump)<br>
- // CHECK24: SCARINESS: 10 (alloc-dealloc-mismatch)<br>
- // CHECK25: SCARINESS: 10 (bad-free)<br>
- // CHECK26: SCARINESS: 10 (memcpy-param-overlap)<br>
- }<br>
-}<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div>