[clang-cl][sanitizer] Add -fsanitize-address-use-after-return to clang.

Also:
  - add driver test (fsanitize-use-after-return.c)
  - add basic IR test (asan-use-after-return.cpp)
  - (NFC) cleaned up logic for generating table of __asan_stack_malloc
    depending on flag.

for issue: google/sanitizers#1394

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D104076

Author: kda

clang/include/clang/Basic/CodeGenOptions.def

@@ -212,6 +212,10 @@ CODEGENOPT(NewStructPathTBAA , 1, 0) ///< Whether or not to use enhanced struct-
 CODEGENOPT(SaveTempLabels    , 1, 0) ///< Save temporary labels.
 CODEGENOPT(SanitizeAddressUseAfterScope , 1, 0) ///< Enable use-after-scope detection
                                                 ///< in AddressSanitizer
+ENUM_CODEGENOPT(SanitizeAddressUseAfterReturn,
+                llvm::AsanDetectStackUseAfterReturnMode, 2,
+                llvm::AsanDetectStackUseAfterReturnMode::Runtime
+                ) ///< Set detection mode for stack-use-after-return.
 CODEGENOPT(SanitizeAddressPoisonCustomArrayCookie, 1,
            0) ///< Enable poisoning operator new[] which is not a replaceable
               ///< global allocation function in AddressSanitizer

clang/include/clang/Basic/Sanitizers.h

@@ -192,6 +192,12 @@ StringRef AsanDtorKindToString(llvm::AsanDtorKind kind);
 
 llvm::AsanDtorKind AsanDtorKindFromString(StringRef kind);
 
+StringRef AsanDetectStackUseAfterReturnModeToString(
+    llvm::AsanDetectStackUseAfterReturnMode mode);
+
+llvm::AsanDetectStackUseAfterReturnMode
+AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr);
+
 } // namespace clang
 
 #endif // LLVM_CLANG_BASIC_SANITIZERS_H

clang/include/clang/Driver/Options.td

@@ -1587,6 +1587,16 @@ defm sanitize_address_use_after_scope : BoolOption<"f", "sanitize-address-use-af
   PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">,
   BothFlags<[], " use-after-scope detection in AddressSanitizer">>,
   Group<f_clang_Group>;
+def sanitize_address_use_after_return_EQ
+  : Joined<["-"], "fsanitize-address-use-after-return=">,
+    MetaVarName<"<mode>">,
+    Flags<[CC1Option]>,
+    HelpText<"Select the mode of detecting stack use-after-return in AddressSanitizer">,
+    Group<f_clang_Group>,
+    Values<"never,runtime,always">,
+    NormalizedValuesScope<"llvm::AsanDetectStackUseAfterReturnMode">,
+    NormalizedValues<["Never", "Runtime", "Always"]>,
+    MarshallingInfoEnum<CodeGenOpts<"SanitizeAddressUseAfterReturn">, "Runtime">;
 defm sanitize_address_poison_custom_array_cookie : BoolOption<"f", "sanitize-address-poison-custom-array-cookie",
   CodeGenOpts<"SanitizeAddressPoisonCustomArrayCookie">, DefaultFalse,
   PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [], "Disable">,

clang/include/clang/Driver/SanitizerArgs.h

@@ -12,6 +12,7 @@
 #include "clang/Driver/Types.h"
 #include "llvm/Option/Arg.h"
 #include "llvm/Option/ArgList.h"
+#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
 #include <string>
 #include <vector>
 
@@ -58,6 +59,8 @@ class SanitizerArgs {
   bool ImplicitCfiRuntime = false;
   bool NeedsMemProfRt = false;
   bool HwasanUseAliases = false;
+  llvm::AsanDetectStackUseAfterReturnMode AsanUseAfterReturn =
+      llvm::AsanDetectStackUseAfterReturnMode::Invalid;
 
 public:
   /// Parses the sanitizer arguments from an argument list.

clang/lib/Basic/Sanitizers.cpp

@@ -88,4 +88,28 @@ llvm::AsanDtorKind AsanDtorKindFromString(StringRef kindStr) {
       .Default(llvm::AsanDtorKind::Invalid);
 }
 
+StringRef AsanDetectStackUseAfterReturnModeToString(
+    llvm::AsanDetectStackUseAfterReturnMode mode) {
+  switch (mode) {
+  case llvm::AsanDetectStackUseAfterReturnMode::Always:
+    return "always";
+  case llvm::AsanDetectStackUseAfterReturnMode::Runtime:
+    return "runtime";
+  case llvm::AsanDetectStackUseAfterReturnMode::Never:
+    return "never";
+  case llvm::AsanDetectStackUseAfterReturnMode::Invalid:
+    return "invalid";
+  }
+  return "invalid";
+}
+
+llvm::AsanDetectStackUseAfterReturnMode
+AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr) {
+  return llvm::StringSwitch<llvm::AsanDetectStackUseAfterReturnMode>(modeStr)
+      .Case("always", llvm::AsanDetectStackUseAfterReturnMode::Always)
+      .Case("runtime", llvm::AsanDetectStackUseAfterReturnMode::Runtime)
+      .Case("never", llvm::AsanDetectStackUseAfterReturnMode::Never)
+      .Default(llvm::AsanDetectStackUseAfterReturnMode::Invalid);
+}
+
 } // namespace clang

clang/lib/CodeGen/BackendUtil.cpp

@@ -65,6 +65,7 @@
 #include "llvm/Transforms/InstCombine/InstCombine.h"
 #include "llvm/Transforms/Instrumentation.h"
 #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
+#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
 #include "llvm/Transforms/Instrumentation/BoundsChecking.h"
 #include "llvm/Transforms/Instrumentation/DataFlowSanitizer.h"
 #include "llvm/Transforms/Instrumentation/GCOVProfiler.h"
@@ -288,8 +289,10 @@ static void addAddressSanitizerPasses(const PassManagerBuilder &Builder,
   bool UseOdrIndicator = CGOpts.SanitizeAddressUseOdrIndicator;
   bool UseGlobalsGC = asanUseGlobalsGC(T, CGOpts);
   llvm::AsanDtorKind DestructorKind = CGOpts.getSanitizeAddressDtor();
+  llvm::AsanDetectStackUseAfterReturnMode UseAfterReturn =
+      CGOpts.getSanitizeAddressUseAfterReturn();
   PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/ false, Recover,
-                                            UseAfterScope));
+                                            UseAfterScope, UseAfterReturn));
   PM.add(createModuleAddressSanitizerLegacyPassPass(
       /*CompileKernel*/ false, Recover, UseGlobalsGC, UseOdrIndicator,
       DestructorKind));
@@ -298,7 +301,8 @@ static void addAddressSanitizerPasses(const PassManagerBuilder &Builder,
 static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder,
                                             legacy::PassManagerBase &PM) {
   PM.add(createAddressSanitizerFunctionPass(
-      /*CompileKernel*/ true, /*Recover*/ true, /*UseAfterScope*/ false));
+      /*CompileKernel*/ true, /*Recover*/ true, /*UseAfterScope*/ false,
+      /*UseAfterReturn*/ llvm::AsanDetectStackUseAfterReturnMode::Never));
   PM.add(createModuleAddressSanitizerLegacyPassPass(
       /*CompileKernel*/ true, /*Recover*/ true, /*UseGlobalsGC*/ true,
       /*UseOdrIndicator*/ false));
@@ -1144,12 +1148,14 @@ static void addSanitizers(const Triple &TargetTriple,
         bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator;
         llvm::AsanDtorKind DestructorKind =
             CodeGenOpts.getSanitizeAddressDtor();
+        llvm::AsanDetectStackUseAfterReturnMode UseAfterReturn =
+            CodeGenOpts.getSanitizeAddressUseAfterReturn();
         MPM.addPass(RequireAnalysisPass<ASanGlobalsMetadataAnalysis, Module>());
         MPM.addPass(ModuleAddressSanitizerPass(
             CompileKernel, Recover, ModuleUseAfterScope, UseOdrIndicator,
             DestructorKind));
-        MPM.addPass(createModuleToFunctionPassAdaptor(
-            AddressSanitizerPass(CompileKernel, Recover, UseAfterScope)));
+        MPM.addPass(createModuleToFunctionPassAdaptor(AddressSanitizerPass(
+            CompileKernel, Recover, UseAfterScope, UseAfterReturn)));
       }
     };
     ASanPass(SanitizerKind::Address, false);

clang/lib/Driver/SanitizerArgs.cpp

@@ -18,6 +18,7 @@
 #include "llvm/Support/SpecialCaseList.h"
 #include "llvm/Support/TargetParser.h"
 #include "llvm/Support/VirtualFileSystem.h"
+#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
 #include <memory>
 
 using namespace clang;
@@ -841,6 +842,18 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC,
       AsanDtorKind = parsedAsanDtorKind;
     }
 
+    if (const auto *Arg = Args.getLastArg(
+            options::OPT_sanitize_address_use_after_return_EQ)) {
+      auto parsedAsanUseAfterReturn =
+          AsanDetectStackUseAfterReturnModeFromString(Arg->getValue());
+      if (parsedAsanUseAfterReturn ==
+          llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
+        TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
+            << Arg->getOption().getName() << Arg->getValue();
+      }
+      AsanUseAfterReturn = parsedAsanUseAfterReturn;
+    }
+
   } else {
     AsanUseAfterScope = false;
     // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
@@ -1112,6 +1125,12 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
                                          AsanDtorKindToString(AsanDtorKind)));
   }
 
+  if (AsanUseAfterReturn != llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
+    CmdArgs.push_back(Args.MakeArgString(
+        "-fsanitize-address-use-after-return=" +
+        AsanDetectStackUseAfterReturnModeToString(AsanUseAfterReturn)));
+  }
+
   if (!HwasanAbi.empty()) {
     CmdArgs.push_back("-default-function-attr");
     CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));

clang/test/CodeGen/asan-use-after-return.cpp

@@ -0,0 +1,33 @@
+// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
+// RUN:     | FileCheck %s --check-prefixes=CHECK-RUNTIME \
+// RUN:         --implicit-check-not="__asan_stack_malloc_always_"
+// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
+// RUN:         -fsanitize-address-use-after-return=runtime \
+// RUN:     | FileCheck %s --check-prefixes=CHECK-RUNTIME \
+// RUN:         --implicit-check-not="__asan_stack_malloc_always_"
+// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
+// RUN:         -fsanitize-address-use-after-return=always \
+// RUN:     | FileCheck %s --check-prefixes=CHECK-ALWAYS \
+// RUN:         --implicit-check-not=__asan_option_detect_stack_use_after_return \
+// RUN:         --implicit-check-not="__asan_stack_malloc_{{[0-9]}}"
+// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
+// RUN:         -fsanitize-address-use-after-return=never \
+// RUN:     | FileCheck %s \
+// RUN:         --implicit-check-not=__asan_option_detect_stack_use_after_return \
+// RUN:         --implicit-check-not="__asan_stack_malloc_"
+
+// CHECK-RUNTIME: load{{.*}}@__asan_option_detect_stack_use_after_return
+// CHECK-RUNTIME: call{{.*}}__asan_stack_malloc_0
+// CHECK-ALWAYS: call{{.*}}__asan_stack_malloc_always_0
+
+int *function1() {
+  int x = 0;
+
+#pragma clang diagnostic ignored "-Wreturn-stack-address"
+  return &x;
+}
+
+int main() {
+  auto px = function1();
+  return 0;
+}

clang/test/Driver/cl-options.c

@@ -452,7 +452,6 @@
 // RUN:     /FAs \
 // RUN:     /FAu \
 // RUN:     /favor:blend \
-// RUN:     /fsanitize-address-use-after-return \
 // RUN:     /fno-sanitize-address-vcasan-lib \
 // RUN:     /Fifoo \
 // RUN:     /Fmfoo \

clang/test/Driver/fsanitize-use-after-return.c

@@ -0,0 +1,30 @@
+// Option should not be passed to the frontend by default.
+// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address %s \
+// RUN:   -### 2>&1 | \
+// RUN:   FileCheck %s
+// CHECK-NOT: -fsanitize-address-use-after-return
+
+// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
+// RUN:   -fsanitize-address-use-after-return=never %s -### 2>&1 | \
+// RUN:   FileCheck -check-prefix=CHECK-NEVER-ARG %s
+// CHECK-NEVER-ARG: "-fsanitize-address-use-after-return=never"
+
+// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
+// RUN:   -fsanitize-address-use-after-return=runtime %s -### 2>&1 | \
+// RUN:   FileCheck -check-prefix=CHECK-RUNTIME %s
+// CHECK-RUNTIME: "-fsanitize-address-use-after-return=runtime"
+
+// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
+// RUN:   -fsanitize-address-use-after-return=always %s -### 2>&1 | \
+// RUN:   FileCheck -check-prefix=CHECK-ALWAYS-ARG %s
+
+// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
+// RUN:   -fsanitize-address-use-after-return=never \
+// RUN:   -fsanitize-address-use-after-return=always %s -### 2>&1 | \
+// RUN:   FileCheck -check-prefix=CHECK-ALWAYS-ARG %s
+// CHECK-ALWAYS-ARG: "-fsanitize-address-use-after-return=always"
+
+// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
+// RUN:   -fsanitize-address-use-after-return=bad_arg %s -### 2>&1 | \
+// RUN:   FileCheck -check-prefix=CHECK-INVALID-ARG %s
+// CHECK-INVALID-ARG: error: unsupported argument 'bad_arg' to option 'fsanitize-address-use-after-return='