[asan] Make frame number checks more flexable

[hau-hsu]

Use more flexable regex ([0-9]+) for frame number checks. Since the frame numbers might change if some functions are not inlined.

Similar to

• 0360f32
• 404bc5c

[llvmbot]

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: Hau Hsu (hau-hsu)

Changes

Use more flexable regex ([0-9]+) for frame number checks. Since the frame numbers might change if some functions are not inlined.

Similar to

• 0360f32
• 404bc5c

---

Full diff: https://github.com/llvm/llvm-project/pull/94307.diff

11 Files Affected:

• (modified) compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp (+3-3)
• (modified) compiler-rt/test/asan/TestCases/Posix/strndup_oob_test.cpp (+2-2)
• (modified) compiler-rt/test/asan/TestCases/calloc-overflow.cpp (+2-2)
• (modified) compiler-rt/test/asan/TestCases/debug_stacks.cpp (+4-4)
• (modified) compiler-rt/test/asan/TestCases/double-free.cpp (+3-3)
• (modified) compiler-rt/test/asan/TestCases/malloc-size-too-big.cpp (+2-2)
• (modified) compiler-rt/test/asan/TestCases/strcpy-overlap.cpp (+3-3)
• (modified) compiler-rt/test/asan/TestCases/strdup_oob_test.cpp (+1-1)
• (modified) compiler-rt/test/asan/TestCases/strncpy-overflow.cpp (+4-4)
• (modified) compiler-rt/test/asan/TestCases/use-after-free-right.cpp (+5-5)
• (modified) compiler-rt/test/asan/TestCases/use-after-free.cpp (+5-5)

diff --git a/compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp b/compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp
index 899e0dfc6bda5..0456c1ac3ac96 100644
--- a/compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp
+++ b/compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp
@@ -41,6 +41,6 @@ int main(int argc, char **argv) {
 }
 #endif
 
-// CHECK: {{    #0 0x.* in (__interceptor_)?malloc}}
-// CHECK: {{    #1 0x.* \(<unknown module>\)}}
-// CHECK: {{    #2 0x.* in main}}
+// CHECK: {{    #[0-9]+ 0x.* in (__interceptor_)?malloc}}
+// CHECK: {{    #[0-9]+ 0x.* \(<unknown module>\)}}
+// CHECK: {{    #[0-9]+ 0x.* in main}}
diff --git a/compiler-rt/test/asan/TestCases/Posix/strndup_oob_test.cpp b/compiler-rt/test/asan/TestCases/Posix/strndup_oob_test.cpp
index 43e554723bd95..b938f2bfaa8d9 100644
--- a/compiler-rt/test/asan/TestCases/Posix/strndup_oob_test.cpp
+++ b/compiler-rt/test/asan/TestCases/Posix/strndup_oob_test.cpp
@@ -17,9 +17,9 @@ int main(int argc, char **argv) {
   char *copy = strndup(kString, 2);
   int x = copy[2 + argc];  // BOOM
   // CHECK: AddressSanitizer: heap-buffer-overflow
-  // CHECK: #0 {{.*}}main {{.*}}strndup_oob_test.cpp:[[@LINE-2]]
+  // CHECK: #{{[0-9]+}} {{.*}}main {{.*}}strndup_oob_test.cpp:[[@LINE-2]]
   // CHECK-LABEL: allocated by thread T{{.*}} here:
-  // CHECK: #{{[01]}} {{.*}}strndup
+  // CHECK: #{{[0-9]+}} {{.*}}strndup
   // CHECK: #{{.*}}main {{.*}}strndup_oob_test.cpp:[[@LINE-6]]
   // CHECK-LABEL: SUMMARY
   // CHECK: strndup_oob_test.cpp:[[@LINE-7]]
diff --git a/compiler-rt/test/asan/TestCases/calloc-overflow.cpp b/compiler-rt/test/asan/TestCases/calloc-overflow.cpp
index b930b65cd8c3b..e46c5bba2a857 100644
--- a/compiler-rt/test/asan/TestCases/calloc-overflow.cpp
+++ b/compiler-rt/test/asan/TestCases/calloc-overflow.cpp
@@ -10,8 +10,8 @@
 int main() {
   void *p = calloc(-1, 1000);
   // CHECK: {{ERROR: AddressSanitizer: calloc parameters overflow: count \* size \(.* \* 1000\) cannot be represented in type size_t}}
-  // CHECK: {{#0 0x.* in .*calloc}}
-  // CHECK: {{#[1-3] 0x.* in main .*calloc-overflow.cpp:}}[[@LINE-3]]
+  // CHECK: {{#[0-9]+ 0x.* in calloc .*.cpp}}
+  // CHECK: {{#[0-9]+ 0x.* in main .*calloc-overflow.cpp:}}[[@LINE-3]]
   // CHECK: SUMMARY: AddressSanitizer: calloc-overflow
 
   printf("calloc returned: %zu\n", (size_t)p);
diff --git a/compiler-rt/test/asan/TestCases/debug_stacks.cpp b/compiler-rt/test/asan/TestCases/debug_stacks.cpp
index 7c320bfcb2d98..d642e1770fadf 100644
--- a/compiler-rt/test/asan/TestCases/debug_stacks.cpp
+++ b/compiler-rt/test/asan/TestCases/debug_stacks.cpp
@@ -64,11 +64,11 @@ int main() {
   // CHECK: ERROR: AddressSanitizer: heap-use-after-free
   // CHECK: WRITE of size 1 at 0x{{.*}}
   // CHECK: freed by thread T0 here:
-  // CHECK: #0 [[FREE_FRAME_0]]
-  // CHECK: #1 [[FREE_FRAME_1]]
+  // CHECK: #{{[0-9]+}} [[FREE_FRAME_0]]
+  // CHECK: #{{[0-9]+}} [[FREE_FRAME_1]]
   // CHECK: previously allocated by thread T0 here:
-  // CHECK: #0 [[ALLOC_FRAME_0]]
-  // CHECK: #1 [[ALLOC_FRAME_1]]
+  // CHECK: #{{[0-9+]}} [[ALLOC_FRAME_0]]
+  // CHECK: #{{[0-9+]}} [[ALLOC_FRAME_1]]
 
   return 0;
 }
diff --git a/compiler-rt/test/asan/TestCases/double-free.cpp b/compiler-rt/test/asan/TestCases/double-free.cpp
index 7b61df0715afa..93c860613735e 100644
--- a/compiler-rt/test/asan/TestCases/double-free.cpp
+++ b/compiler-rt/test/asan/TestCases/double-free.cpp
@@ -18,11 +18,11 @@ int main(int argc, char **argv) {
   free(x);
   free(x + argc - 1);  // BOOM
   // CHECK: AddressSanitizer: attempting double-free{{.*}}in thread T0
-  // CHECK: #0 0x{{.*}} in {{.*}}free
-  // CHECK: #{{[1-3]}} 0x{{.*}} in main {{.*}}double-free.cpp:[[@LINE-3]]
+  // CHECK: #{{[0-9]+}} 0x{{.*}} in {{.*}}free
+  // CHECK: #{{[0-9]+}} 0x{{.*}} in main {{.*}}double-free.cpp:[[@LINE-3]]
   // CHECK: freed by thread T0 here:
   // MALLOC-CTX: #0 0x{{.*}} in {{.*}}free
-  // MALLOC-CTX: #{{[1-3]}} 0x{{.*}} in main {{.*}}double-free.cpp:[[@LINE-7]]
+  // MALLOC-CTX: #{{[0-9]+}} 0x{{.*}} in main {{.*}}double-free.cpp:[[@LINE-7]]
   // CHECK: allocated by thread T0 here:
   // MALLOC-CTX: double-free.cpp:[[@LINE-12]]
   // CHECK-RECOVER: AddressSanitizer: attempting double-free{{.*}}in thread T0
diff --git a/compiler-rt/test/asan/TestCases/malloc-size-too-big.cpp b/compiler-rt/test/asan/TestCases/malloc-size-too-big.cpp
index 771640a4ac08d..3906ff5057fd8 100644
--- a/compiler-rt/test/asan/TestCases/malloc-size-too-big.cpp
+++ b/compiler-rt/test/asan/TestCases/malloc-size-too-big.cpp
@@ -17,8 +17,8 @@ static const size_t kMaxAllowedMallocSizePlusOne =
 int main() {
   void *p = malloc(kMaxAllowedMallocSizePlusOne);
   // CHECK: {{ERROR: AddressSanitizer: requested allocation size .* \(.* after adjustments for alignment, red zones etc\.\) exceeds maximum supported size}}
-  // CHECK: {{#0 0x.* in .*malloc}}
-  // CHECK: {{#[1-3] 0x.* in main .*malloc-size-too-big.cpp:}}[[@LINE-3]]
+  // CHECK: {{#[0-9] 0x.* in .*malloc}}
+  // CHECK: {{#[0-9] 0x.* in main .*malloc-size-too-big.cpp:}}[[@LINE-3]]
   // CHECK: SUMMARY: AddressSanitizer: allocation-size-too-big
 
   printf("malloc returned: %zu\n", (size_t)p);
diff --git a/compiler-rt/test/asan/TestCases/strcpy-overlap.cpp b/compiler-rt/test/asan/TestCases/strcpy-overlap.cpp
index efd2e6b7521ef..f7b7b70a302c2 100644
--- a/compiler-rt/test/asan/TestCases/strcpy-overlap.cpp
+++ b/compiler-rt/test/asan/TestCases/strcpy-overlap.cpp
@@ -36,9 +36,9 @@ __attribute__((noinline)) void bad_function() {
   char buffer[] = "hello";
   // CHECK: strcpy-param-overlap: memory ranges
   // CHECK: [{{0x.*,[ ]*0x.*}}) and [{{0x.*,[ ]*0x.*}}) overlap
-  // CHECK: {{#0 0x.* in .*strcpy}}
-  // CHECK: {{#1 0x.* in bad_function.*strcpy-overlap.cpp:}}[[@LINE+2]]
-  // CHECK: {{#2 0x.* in main .*strcpy-overlap.cpp:}}[[@LINE+5]]
+  // CHECK: {{#[0-9]+ 0x.* in .*strcpy .*.cpp}}
+  // CHECK: {{#[0-9]+ 0x.* in bad_function.*strcpy-overlap.cpp:}}[[@LINE+2]]
+  // CHECK: {{#[0-9]+ 0x.* in main .*strcpy-overlap.cpp:}}[[@LINE+5]]
   strcpy(buffer, buffer + 1); // BOOM
 }
 
diff --git a/compiler-rt/test/asan/TestCases/strdup_oob_test.cpp b/compiler-rt/test/asan/TestCases/strdup_oob_test.cpp
index 14791e46d3a95..c3cbcf3bcf544 100644
--- a/compiler-rt/test/asan/TestCases/strdup_oob_test.cpp
+++ b/compiler-rt/test/asan/TestCases/strdup_oob_test.cpp
@@ -23,7 +23,7 @@ int main(int argc, char **argv) {
   // CHECK: AddressSanitizer: heap-buffer-overflow
   // CHECK: #0 {{.*}}main {{.*}}strdup_oob_test.cpp:[[@LINE-2]]
   // CHECK-LABEL: allocated by thread T{{.*}} here:
-  // CHECK: #{{[01]}} {{.*}}strdup
+  // CHECK: #{{[0-9]}}+ {{.*}}strdup
   // CHECK: #{{.*}}main {{.*}}strdup_oob_test.cpp:[[@LINE-6]]
   // CHECK-LABEL: SUMMARY
   // CHECK: strdup_oob_test.cpp:[[@LINE-7]]
diff --git a/compiler-rt/test/asan/TestCases/strncpy-overflow.cpp b/compiler-rt/test/asan/TestCases/strncpy-overflow.cpp
index ff84052a94987..3d9c2b556d263 100644
--- a/compiler-rt/test/asan/TestCases/strncpy-overflow.cpp
+++ b/compiler-rt/test/asan/TestCases/strncpy-overflow.cpp
@@ -28,11 +28,11 @@ int main(int argc, char **argv) {
   char *short_buffer = (char*)malloc(9);
   strncpy(short_buffer, hello, 10);  // BOOM
   // CHECK: {{WRITE of size 10 at 0x.* thread T0}}
-  // CHECK: {{    #0 0x.* in .*strncpy}}
-  // CHECK: {{    #1 0x.* in main .*strncpy-overflow.cpp:}}[[@LINE-3]]
+  // CHECK: {{    #[0-9]+ 0x.* in .*strncpy .*.cpp}}
+  // CHECK: {{    #[0-9]+ 0x.* in main .*strncpy-overflow.cpp:}}[[@LINE-3]]
   // CHECK: {{0x.* is located 0 bytes after 9-byte region}}
   // CHECK: {{allocated by thread T0 here:}}
-  // CHECK: {{    #0 0x.* in .*malloc}}
-  // CHECK: {{    #[1-3] 0x.* in main .*strncpy-overflow.cpp:}}[[@LINE-8]]
+  // CHECK: {{    #[0-9]+ 0x.* in .*malloc}}
+  // CHECK: {{    #[0-9]+ 0x.* in main .*strncpy-overflow.cpp:}}[[@LINE-8]]
   return rval + sink_memory(9, short_buffer);
 }
diff --git a/compiler-rt/test/asan/TestCases/use-after-free-right.cpp b/compiler-rt/test/asan/TestCases/use-after-free-right.cpp
index 11011e4b4fb1a..a102de42d7adf 100644
--- a/compiler-rt/test/asan/TestCases/use-after-free-right.cpp
+++ b/compiler-rt/test/asan/TestCases/use-after-free-right.cpp
@@ -15,13 +15,13 @@ int main() {
   // CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
   // CHECK:   {{0x.* at pc 0x.* bp 0x.* sp 0x.*}}
   // CHECK: {{WRITE of size 1 at 0x.* thread T0}}
-  // CHECK: {{    #0 0x.* in main .*use-after-free-right.cpp:}}[[@LINE-4]]
+  // CHECK: {{    #[0-9]+ 0x.* in main .*use-after-free-right.cpp:}}[[@LINE-4]]
   // CHECK: {{0x.* is located 0 bytes inside of 1-byte region .0x.*,0x.*}}
   // CHECK: {{freed by thread T0 here:}}
-  // CHECK: {{    #0 0x.* in .*free}}
-  // CHECK: {{    #[1-3] 0x.* in main .*use-after-free-right.cpp:}}[[@LINE-9]]
+  // CHECK: {{    #[0-9]+ 0x.* in .*free .*.cpp}}
+  // CHECK: {{    #[0-9]+ 0x.* in main .*use-after-free-right.cpp:}}[[@LINE-9]]
 
   // CHECK: {{previously allocated by thread T0 here:}}
-  // CHECK: {{    #0 0x.* in .*malloc}}
-  // CHECK: {{    #[1-3] 0x.* in main .*use-after-free-right.cpp:}}[[@LINE-14]]
+  // CHECK: {{    #[0-9]+ 0x.* in .*malloc}}
+  // CHECK: {{    #[0-9]+ 0x.* in main .*use-after-free-right.cpp:}}[[@LINE-14]]
 }
diff --git a/compiler-rt/test/asan/TestCases/use-after-free.cpp b/compiler-rt/test/asan/TestCases/use-after-free.cpp
index f19c461960d36..d54caef14fb9f 100644
--- a/compiler-rt/test/asan/TestCases/use-after-free.cpp
+++ b/compiler-rt/test/asan/TestCases/use-after-free.cpp
@@ -12,15 +12,15 @@ int main() {
   // CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
   // CHECK:   {{0x.* at pc 0x.* bp 0x.* sp 0x.*}}
   // CHECK: {{READ of size 1 at 0x.* thread T0}}
-  // CHECK: {{    #0 0x.* in main .*use-after-free.cpp:}}[[@LINE-4]]
+  // CHECK: {{    #[0-9]+ 0x.* in main .*use-after-free.cpp:}}[[@LINE-4]]
   // CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.*,0x.*}}
   // CHECK: {{freed by thread T0 here:}}
-  // CHECK: {{    #0 0x.* in .*free}}
-  // CHECK: {{    #[1-3] 0x.* in main .*use-after-free.cpp:}}[[@LINE-9]]
+  // CHECK: {{    #[0-9]+ 0x.* in .*free}}
+  // CHECK: {{    #[0-9]+ 0x.* in main .*use-after-free.cpp:}}[[@LINE-9]]
 
   // CHECK: {{previously allocated by thread T0 here:}}
-  // CHECK: {{    #0 0x.* in .*malloc}}
-  // CHECK: {{    #[1-3] 0x.* in main .*use-after-free.cpp:}}[[@LINE-14]]
+  // CHECK: {{    #[0-9]+ 0x.* in .*malloc}}
+  // CHECK: {{    #[0-9]+ 0x.* in main .*use-after-free.cpp:}}[[@LINE-14]]
   // CHECK: Shadow byte legend (one shadow byte represents {{[0-9]+}} application bytes):
   // CHECK: Global redzone:
   // CHECK: ASan internal:

[MaskRay]

Use more flexable regex ([0-9]+) for frame number checks. Since the frame numbers might change if some functions are not inlined.

Can you mention why some functions might be inlined. We use -O0 to prevent that. This change is probably still good but we need concrete examples.

[hau-hsu]

Use more flexable regex ([0-9]+) for frame number checks. Since the frame numbers might change if some functions are not inlined.

Can you mention why some functions might be inlined. We use -O0 to prevent that. This change is probably still good but we need concrete examples.

Take compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp as an example, the FileChecks are:

// CHECK: {{    #0 0x.* in (__interceptor_)?malloc}}
// CHECK: {{    #1 0x.* \(<unknown module>\)}}
// CHECK: {{    #2 0x.* in main}}

but the call stack looks like:

previously allocated by thread T0 here:
    #0 0x2aaeb3662a in operator[] /home/root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
    #1 0x2aaeb3662a in GetSizeClass /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_primary32.h:203:44
    #2 0x2aaeb3662a in PointerIsMine /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_primary32.h:198:12
    #3 0x2aaeb3662a in FromPrimary /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_combined.h:121:59
    #4 0x2aaeb3662a in Allocate /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_dlsym.h:36:5
    #5 0x2aaeb3662a in malloc /home/root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:67:12
    #6 0x3fb7319a0a  (<unknown module>)
    #7 0x2aaeb6e996 in main /home/root/llvm-project/compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp:33:13
    #8 0x3fb770dd74  (/lib/libc.so.6+0x29d74)

[vitalybuka]

Is this for clang or gcc?

[hau-hsu]

Is this for clang or gcc?

For clang.

[vitalybuka]

Do you have guess why this you have this issue and we don't?

[vitalybuka]

Do you have guess why this you have this issue and we don't?

E.g. 0360f32 probably caused by recent Windows changes.

[hau-hsu]

Do you have guess why this you have this issue and we don't?

I forgot to mention, this happens on RISC-V target.
I was testing the for #66743 on RISC-V Qemu (system mode).

The stack trace in the previous comment:

previously allocated by thread T0 here:
    #0 0x2aaeb3662a in operator[] /home/root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
    #1 0x2aaeb3662a in GetSizeClass /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_primary32.h:203:44
    #2 0x2aaeb3662a in PointerIsMine /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_primary32.h:198:12
    #3 0x2aaeb3662a in FromPrimary /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_combined.h:121:59
    #4 0x2aaeb3662a in Allocate /home/root/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_dlsym.h:36:5
    #5 0x2aaeb3662a in malloc /home/root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:67:12
    #6 0x3fb7319a0a  (<unknown module>)
    #7 0x2aaeb6e996 in main /home/root/llvm-project/compiler-rt/test/asan/TestCases/Linux/stack-trace-dlclose.cpp:33:13
    #8 0x3fb770dd74  (/lib/libc.so.6+0x29d74)

stack 0~5 have the same PC, and are inlined functions.

I compared the executable and dwarf between RISC-V and X86, found that Allocate is inlined in RISC-V but not in X86:

llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp

Lines 65 to 70 in 638d968

	INTERCEPTOR(void*, malloc, uptr size) {
	if (DlsymAlloc::Use())
	return DlsymAlloc::Allocate(size);
	GET_STACK_TRACE_MALLOC;
	return asan_malloc(size, &stack);
	}

Thus the stack trace looks different. This happens in several test cases. So I created this PR.

[hau-hsu]

Force pushed to refine the commit message.

[hau-hsu]

@vitalybuka could you also help to review #66743?
I think there is no critical issues for the PR.
Thank you

[dyung]

Should the + be inside the double braces since I assume you are trying to use it as a regex and not explicitly match it? I believe this is causing a test failure on a bot because of this misplacement of the + on https://lab.llvm.org/buildbot/#/builders/77/builds/38204

[hau-hsu]

Yeah I had the same change locally but forgot to update the commit ...
Thanks

[MaskRay]

Do you have guess why this you have this issue and we don't?

I forgot to mention, this happens on RISC-V target. I was testing the for #66743 on RISC-V Qemu (system mode).

This is an important detail. Please include such details in the future when you anticipate the question "why we don't see the failure while you do..."

[hau-hsu]

This is an important detail. Please include such details in the future when you anticipate the question "why we don't see the failure while you do..."

Yeah sorry about that. I'll do better next time.

[zmodem]

Chromium is seeing failures which seem related: https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket/8745260118721805409/+/u/package_clang/stdout

and so is green dragon: https://green.lab.llvm.org/job/llvm.org/job/clang-stage1-RA/1095/console

[vitalybuka]

was that caused by unnecessary check.*.cpp ?

[hau-hsu]

was that caused by unnecessary check.*.cpp ?

Yes. My bad.

I added .*.cpp because I got some FileCheck errors after I apply the [0-9a-f]+ regex for frame numbers.
Then I thought they were caused by greedy matching of *.

For example, without .*.cpp, the checks are:

CHECK: {{    #[0-9]+ 0x.* in .*strncpy}}
CHECK: {{    #[0-9]+ 0x.* in main .*strncpy-overflow.cpp:}}[[@LINE-3]]

I got the error like:

error: CHECK: expected string not found in input
 // CHECK: {{#[0-9]+ 0x.* in bad_function.*strcpy-overlap.cpp:}}[[@LINE+2]]

I thought the first check (#[0-9]+ 0x.* in .*strncpy) matches 2 lines

    #0 0x2aaab49acc in strcpy .../asan_interceptors.cpp:554:5
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    #1 0x2aaab98796 in bad_function() .../strcpy-overlap.cpp:42:3
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

So I added .*.cpp to prevent that.
But it seems that I shouldn't do this, and this is not the root cause of the error.

I'll review the patch and send it again. Sorry about that.