From 88b2b45ec8e0436c3bc7aef8e0d8869132961e1d Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Tue, 26 Mar 2013 08:01:37 +0000
Subject: [PATCH] [asan] print thread number while reporting invalid-free and
 double-free; add tests; also add a test for use-after-poison

llvm-svn: 177993
---
 compiler-rt/lib/asan/asan_report.cc                | 13 +++++++++++--
 compiler-rt/lib/asan/lit_tests/double-free.cc      | 18 ++++++++++++++++++
 compiler-rt/lib/asan/lit_tests/invalid-free.cc     | 16 ++++++++++++++++
 compiler-rt/lib/asan/lit_tests/use-after-poison.cc | 19 +++++++++++++++++++
 4 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 compiler-rt/lib/asan/lit_tests/double-free.cc
 create mode 100644 compiler-rt/lib/asan/lit_tests/invalid-free.cc
 create mode 100644 compiler-rt/lib/asan/lit_tests/use-after-poison.cc

diff --git a/compiler-rt/lib/asan/asan_report.cc b/compiler-rt/lib/asan/asan_report.cc
index ba73055..11ffa43 100644
--- a/compiler-rt/lib/asan/asan_report.cc
+++ b/compiler-rt/lib/asan/asan_report.cc
@@ -516,7 +516,13 @@ void ReportDoubleFree(uptr addr, StackTrace *stack) {
   ScopedInErrorReport in_report;
   Decorator d;
   Printf("%s", d.Warning());
-  Report("ERROR: AddressSanitizer: attempting double-free on %p:\n", addr);
+  char tname[128];
+  u32 curr_tid = GetCurrentTidOrInvalid();
+  Report("ERROR: AddressSanitizer: attempting double-free on %p in "
+         "thread T%d%s:\n",
+         addr, curr_tid,
+         ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)));
+
   Printf("%s", d.EndWarning());
   PrintStack(stack);
   DescribeHeapAddress(addr, 1);
@@ -527,8 +533,11 @@ void ReportFreeNotMalloced(uptr addr, StackTrace *stack) {
   ScopedInErrorReport in_report;
   Decorator d;
   Printf("%s", d.Warning());
+  char tname[128];
+  u32 curr_tid = GetCurrentTidOrInvalid();
   Report("ERROR: AddressSanitizer: attempting free on address "
-             "which was not malloc()-ed: %p\n", addr);
+             "which was not malloc()-ed: %p in thread T%d%s\n", addr,
+         curr_tid, ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)));
   Printf("%s", d.EndWarning());
   PrintStack(stack);
   DescribeHeapAddress(addr, 1);
diff --git a/compiler-rt/lib/asan/lit_tests/double-free.cc b/compiler-rt/lib/asan/lit_tests/double-free.cc
new file mode 100644
index 0000000..9e20111
--- /dev/null
+++ b/compiler-rt/lib/asan/lit_tests/double-free.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -m64 -O0 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+  char *x = (char*)malloc(10 * sizeof(char));
+  memset(x, 0, 10);
+  int res = x[argc];
+  free(x);
+  free(x + argc - 1);  // BOOM
+  // CHECK: AddressSanitizer: attempting double-free{{.*}}in thread T0
+  // CHECK: double-free.cc:[[@LINE-2]]
+  // CHECK: freed by thread T0 here:
+  // CHECK: double-free.cc:[[@LINE-5]]
+  // CHECK: allocated by thread T0 here:
+  // CHECK: double-free.cc:[[@LINE-10]]
+  return res;
+}
diff --git a/compiler-rt/lib/asan/lit_tests/invalid-free.cc b/compiler-rt/lib/asan/lit_tests/invalid-free.cc
new file mode 100644
index 0000000..0ef0640
--- /dev/null
+++ b/compiler-rt/lib/asan/lit_tests/invalid-free.cc
@@ -0,0 +1,16 @@
+// RUN: %clangxx_asan -m64 -O0 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+
+#include <stdlib.h>
+#include <string.h>
+int main(int argc, char **argv) {
+  char *x = (char*)malloc(10 * sizeof(char));
+  memset(x, 0, 10);
+  int res = x[argc];
+  free(x + 5);  // BOOM
+  // CHECK: AddressSanitizer: attempting free on address{{.*}}in thread T0
+  // CHECK: invalid-free.cc:[[@LINE-2]]
+  // CHECK: is located 5 bytes inside of 10-byte region
+  // CHECK: allocated by thread T0 here:
+  // CHECK: invalid-free.cc:[[@LINE-8]]
+  return res;
+}
diff --git a/compiler-rt/lib/asan/lit_tests/use-after-poison.cc b/compiler-rt/lib/asan/lit_tests/use-after-poison.cc
new file mode 100644
index 0000000..634eb80
--- /dev/null
+++ b/compiler-rt/lib/asan/lit_tests/use-after-poison.cc
@@ -0,0 +1,19 @@
+// Check that __asan_poison_memory_region works.
+// RUN: %clangxx_asan -m64 -O0 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+//
+// Check that we can disable it
+// RUN: ASAN_OPTIONS=allow_user_poisoning=0 %t
+
+#include <stdlib.h>
+
+extern "C" void __asan_poison_memory_region(void *, size_t);
+
+int main(int argc, char **argv) {
+  char *x = new char[16];
+  __asan_poison_memory_region(x, 16);
+  int res = x[argc * 10];  // BOOOM
+  // CHECK: ERROR: AddressSanitizer: use-after-poison
+  // CHECK: main{{.*}}use-after-poison.cc:[[@LINE-2]]
+  delete [] x;
+  return res;
+}
-- 
2.7.4