[asan] Enable detect_stack_use_after_return=1 by default

By default -fsanitize=address already compiles with this check,
why not use it.
For compatibly it can be disabled with env ASAN_OPTIONS=detect_stack_use_after_return=0.

Reviewed By: eugenis, kda, #sanitizers, hans

Differential Revision: https://reviews.llvm.org/D124057

Author: vitalybuka

clang/docs/AddressSanitizer.rst

@@ -15,7 +15,7 @@ following types of bugs:
 * Out-of-bounds accesses to heap, stack and globals
 * Use-after-free
 * Use-after-return (clang flag ``-fsanitize-address-use-after-return=(never|runtime|always)`` default: ``runtime``)
-    * Enable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=1``
+    * Disable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=0``
 * Use-after-scope (clang flag ``-fsanitize-address-use-after-scope``)
 * Double-free, invalid free
 * Memory leaks (experimental)
@@ -143,17 +143,17 @@ Stack Use After Return (UAR)
 AddressSanitizer can optionally detect stack use after return problems.
 This is available by default, or explicitly
 (``-fsanitize-address-use-after-return=runtime``).
-To enable this check at runtime, set the environment variable
-``ASAN_OPTIONS=detect_stack_use_after_return=1``.
+To disable this check at runtime, set the environment variable
+``ASAN_OPTIONS=detect_stack_use_after_return=0``.
 
 Enabling this check (``-fsanitize-address-use-after-return=always``) will
 reduce code size.  The code size may be reduced further by completely
 eliminating this check (``-fsanitize-address-use-after-return=never``).
 
 To summarize: ``-fsanitize-address-use-after-return=<mode>``
   * ``never``: Completely disables detection of UAR errors (reduces code size).
-  * ``runtime``: Adds the code for detection, but must be enabled via the
-    runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=1``).
+  * ``runtime``: Adds the code for detection, but it can be disable via the
+    runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=0``).
   * ``always``: Enables detection of UAR errors in all cases. (reduces code
     size, but not as much as ``never``).
 

clang/docs/ReleaseNotes.rst

@@ -173,7 +173,8 @@ Non-comprehensive list of changes in this release
   - Improve the dump format, dump both bitwidth(if its a bitfield) and field value.
   - Remove anonymous tag locations.
   - Beautify dump format, add indent for nested struct and struct members.
-- Previously disabled sanitizer options now enabled by default
+- Previously disabled sanitizer options now enabled by default:
+  - ASAN_OPTIONS=detect_stack_use_after_return=1.
   - MSAN_OPTIONS=poison_in_dtor=1.
 
 New Compiler Flags

compiler-rt/lib/asan/asan_flags.inc

@@ -49,7 +49,7 @@ ASAN_FLAG(
     "to find more errors.")
 ASAN_FLAG(bool, replace_intrin, true,
           "If set, uses custom wrappers for memset/memcpy/memmove intrinsics.")
-ASAN_FLAG(bool, detect_stack_use_after_return, false,
+ASAN_FLAG(bool, detect_stack_use_after_return, true,
           "Enables stack-use-after-return checking at run-time.")
 ASAN_FLAG(int, min_uar_stack_size_log, 16, // We can't do smaller anyway.
           "Minimum fake stack size log.")

compiler-rt/lib/asan/tests/asan_interface_test.cpp

@@ -413,6 +413,9 @@ TEST(AddressSanitizerInterface, HandleNoReturnTest) {
   __asan_poison_memory_region(array, sizeof(array));
   BAD_ACCESS(array, 20);
   __asan_handle_no_return();
+  // Fake stack does not need to be unpoisoned.
+  if (__asan_get_current_fake_stack())
+    return;
   // It unpoisons the whole thread stack.
   GOOD_ACCESS(array, 20);
 }

compiler-rt/test/asan/TestCases/Posix/gc-test.cpp

@@ -1,9 +1,11 @@
 // RUN: %clangxx_asan %s -pthread -o %t
 // RUN: %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // RUN: %clangxx_asan -O3 %s -pthread -o %t
 // RUN: %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // REQUIRES: stable-runtime
 
 #include <assert.h>

compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp

@@ -2,6 +2,7 @@
 // RUN: %clangxx_asan  -O1 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan  -O2 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan  -O3 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
 // RUN: %clangxx_asan  -O0 %s -pthread -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan  -O1 %s -pthread -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s

compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp

@@ -4,7 +4,7 @@
 // Don't optimize, otherwise the variables which create redzones might be
 // dropped.
 // RUN: %clangxx_asan -fexceptions -O0 %s -o %t -pthread
-// RUN: %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
 
 #include <algorithm>
 #include <cassert>

compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp

@@ -1,5 +1,6 @@
 // RUN: %clang_cl_asan -Od %s -Fe%t
 // RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
 // RUN: %clang_cl_asan -Od %s -Fe%t -fsanitize-address-use-after-return=always
 // RUN: not %run %t 2>&1 | FileCheck %s
 

compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp

@@ -1,5 +1,5 @@
 // RUN: %clangxx_asan -O0 -mllvm -asan-instrument-dynamic-allocas %s -o %t
-// RUN: %run %t 2>&1
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1
 //
 // REQUIRES: stable-runtime
 

compiler-rt/test/asan/TestCases/contiguous_container.cpp

@@ -1,4 +1,4 @@
-// RUN: %clangxx_asan -fexceptions -O %s -o %t && %run %t
+// RUN: %clangxx_asan -fexceptions -O %s -o %t && %env_asan_opts=detect_stack_use_after_return=0 %run %t
 //
 // Test __sanitizer_annotate_contiguous_container.
 

compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp

@@ -1,9 +1,9 @@
 // Regression test: __asan_handle_no_return should unpoison stack even with poison_heap=0.
 // Fails with debug checks: https://bugs.llvm.org/show_bug.cgi?id=46862
 // XFAIL: !compiler-rt-optimized
-// RUN: %clangxx_asan -O0 %s -o %t && \
-// RUN: %env_asan_opts=poison_heap=1 %run %t && \
-// RUN: %env_asan_opts=poison_heap=0 %run %t
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0:poison_heap=1 %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0:poison_heap=0 %run %t
 
 #include <sanitizer/asan_interface.h>
 

compiler-rt/test/asan/TestCases/heavy_uar_test.cpp

@@ -1,5 +1,7 @@
-// RUN: %clangxx_asan -O0 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
-// RUN: %clangxx_asan -O2 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan -O2 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
 // XFAIL: windows-msvc

compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp

@@ -4,7 +4,7 @@
 // REQUIRES: shared_cxxabi
 
 // RUN: %clangxx_asan -fexceptions -O0 %s -o %t
-// RUN: %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
 
 // The current implementation of this functionality requires special
 // combination of libraries that are not used by default on NetBSD

compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp

@@ -1,7 +1,7 @@
 // RUN: %clangxx_asan -O0 %s -o %t -mllvm -asan-detect-invalid-pointer-pair
 
 // RUN: %env_asan_opts=detect_invalid_pointer_pairs=2 %run %t
-// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2,detect_stack_use_after_return=1 %run %t
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2,detect_stack_use_after_return=0 %run %t
 
 #include <assert.h>
 #include <stdlib.h>

llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h

@@ -22,8 +22,8 @@ enum class AsanDtorKind {
 /// Mode of ASan detect stack use after return
 enum class AsanDetectStackUseAfterReturnMode {
   Never,   ///< Never detect stack use after return.
-  Runtime, ///< Detect stack use after return if runtime flag is enabled
-           ///< (ASAN_OPTIONS=detect_stack_use_after_return=1)
+  Runtime, ///< Detect stack use after return if not disabled runtime with
+           ///< (ASAN_OPTIONS=detect_stack_use_after_return=0).
   Always,  ///< Always detect stack use after return.
   Invalid, ///< Not a valid detect mode.
 };