Imported Upstream version 6.10.0.49

Former-commit-id: 1d6753294b2993e1fbf92de9366bb9544db4189b
2020-01-16 16:38:04 +00:00
parent d94e79959b
commit 468663ddbb
48518 changed files with 2789335 additions and 61176 deletions
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Inputs/no-interception-dso.c
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Inputs/no-interception-dso.c
@@ -0,0 +1,3 @@
+int dso_function(int i) {
+  return i + 1;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Inputs/returns-unexpectedly.c
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Inputs/returns-unexpectedly.c
@@ -0,0 +1 @@
+void returns_unexpectedly() {}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Linux/lit.local.cfg
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Linux/lit.local.cfg
@@ -0,0 +1,9 @@
+def getRoot(config):
+  if not config.parent:
+    return config
+  return getRoot(config.parent)
+
+root = getRoot(config)
+
+if root.host_os not in ['Linux']:
+  config.unsupported = True
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Linux/print_stack_trace.cc
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Linux/print_stack_trace.cc
@@ -0,0 +1,23 @@
+// RUN: %clangxx -fsanitize=undefined -O0 %s -o %t && UBSAN_OPTIONS=stack_trace_format=DEFAULT:fast_unwind_on_fatal=1 %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx -fsanitize=undefined -O0 %s -o %t && UBSAN_OPTIONS=stack_trace_format=DEFAULT:fast_unwind_on_fatal=0 %run %t 2>&1 | FileCheck %s
+
+// This test is temporarily disabled due to broken unwinding on ARM.
+// UNSUPPORTED: -linux-
+
+// The test doesn't pass on Darwin in UBSan-TSan configuration, because TSan is
+// using the slow unwinder which is not supported on Darwin. The test should
+// be universal after landing of https://reviews.llvm.org/D32806.
+
+#include <sanitizer/common_interface_defs.h>
+
+static inline void FooBarBaz() {
+  __sanitizer_print_stack_trace();
+}
+
+int main() {
+  FooBarBaz();
+  return 0;
+}
+
+// CHECK: {{.*}} in FooBarBaz{{.*}}print_stack_trace.cc{{.*}}
+// CHECK: {{.*}} in main{{.*}}print_stack_trace.cc{{.*}}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Linux/ubsan_options.cc
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/Linux/ubsan_options.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx -fsanitize=integer -fsanitize-recover=integer %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+
+// __ubsan_default_options() doesn't work on Darwin.
+// XFAIL: darwin
+
+#include <stdint.h>
+
+extern "C" const char *__ubsan_default_options() {
+  return "halt_on_error=1";
+}
+
+int main() {
+  (void)(uint64_t(10000000000000000000ull) + uint64_t(9000000000000000000ull));
+  // CHECK: ubsan_options.cc:[[@LINE-1]]:44: runtime error: unsigned integer overflow
+  return 0;
+}
+
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/bool.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/bool.cpp
@@ -0,0 +1,13 @@
+// RUN: %clangxx -fsanitize=bool %s -O3 -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+// RUN: %env_ubsan_opts=print_summary=1:report_error_type=1 not %run %t 2>&1 | FileCheck %s --check-prefix=SUMMARY
+
+unsigned char NotABool = 123;
+
+int main(int argc, char **argv) {
+  bool *p = (bool*)&NotABool;
+
+  // CHECK: bool.cpp:[[@LINE+1]]:10: runtime error: load of value 123, which is not a valid value for type 'bool'
+  return *p;
+  // SUMMARY: SUMMARY: {{.*}}Sanitizer: invalid-bool-load {{.*}}bool.cpp:[[@LINE-1]]
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/bool.m
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/bool.m
@@ -0,0 +1,14 @@
+// RUN: %clang -fsanitize=bool %s -O3 -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+// RUN: %env_ubsan_opts=print_summary=1:report_error_type=1 not %run %t 2>&1 | FileCheck %s --check-prefix=SUMMARY
+
+typedef char BOOL;
+unsigned char NotABool = 123;
+
+int main(int argc, char **argv) {
+  BOOL *p = (BOOL*)&NotABool;
+
+  // CHECK: bool.m:[[@LINE+1]]:10: runtime error: load of value 123, which is not a valid value for type 'BOOL'
+  return *p;
+  // SUMMARY: SUMMARY: {{.*}}Sanitizer: invalid-bool-load {{.*}}bool.m:[[@LINE-1]]
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/bounds.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/bounds.cpp
@@ -0,0 +1,31 @@
+// RUN: %clangxx -fsanitize=bounds %s -O3 -o %t
+// RUN: %run %t 0 0 0
+// RUN: %run %t 1 2 3
+// RUN: %expect_crash %run %t 2 0 0 2>&1 | FileCheck %s --check-prefix=CHECK-A-2
+// RUN: %run %t 0 3 0 2>&1 | FileCheck %s --check-prefix=CHECK-B-3
+// RUN: %run %t 0 0 4 2>&1 | FileCheck %s --check-prefix=CHECK-C-4
+
+int get_int(int *const p __attribute__((pass_object_size(0))), int i) {
+  // CHECK-A-2: bounds.cpp:[[@LINE+1]]:10: runtime error: index 2 out of bounds for type 'int *'
+  return p[i];
+}
+
+int get_double(double *const p __attribute__((pass_object_size(0))), int i) {
+  // CHECK-A-2: bounds.cpp:[[@LINE+1]]:10: runtime error: index 2 out of bounds for type 'double *'
+  return p[i];
+}
+
+int main(int argc, char **argv) {
+  int bar[2];
+  get_int(bar, argv[1][0] - '0');
+
+  double baz[2];
+  get_double(baz, argv[1][0] - '0');
+
+  int arr[2][3][4] = {};
+
+  return arr[argv[1][0] - '0'][argv[2][0] - '0'][argv[3][0] - '0'];
+  // CHECK-A-2: bounds.cpp:[[@LINE-1]]:10: runtime error: index 2 out of bounds for type 'int [2][3][4]'
+  // CHECK-B-3: bounds.cpp:[[@LINE-2]]:10: runtime error: index 3 out of bounds for type 'int [3][4]'
+  // CHECK-C-4: bounds.cpp:[[@LINE-3]]:10: runtime error: index 4 out of bounds for type 'int [4]'
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/builtins.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/builtins.cpp
@@ -0,0 +1,35 @@
+// REQUIRES: arch=x86_64
+//
+// RUN: %clangxx -fsanitize=builtin -w %s -O3 -o %t
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
+// RUN: %clangxx -fsanitize=builtin -fno-sanitize-recover=builtin -w %s -O3 -o %t.abort
+// RUN: not %run %t.abort 2>&1 | FileCheck %s --check-prefix=ABORT
+
+void check_ctz(int n) {
+  // ABORT: builtins.cpp:[[@LINE+2]]:17: runtime error: passing zero to ctz(), which is not a valid argument
+  // RECOVER: builtins.cpp:[[@LINE+1]]:17: runtime error: passing zero to ctz(), which is not a valid argument
+  __builtin_ctz(n);
+
+  // RECOVER: builtins.cpp:[[@LINE+1]]:18: runtime error: passing zero to ctz(), which is not a valid argument
+  __builtin_ctzl(n);
+
+  // RECOVER: builtins.cpp:[[@LINE+1]]:19: runtime error: passing zero to ctz(), which is not a valid argument
+  __builtin_ctzll(n);
+}
+
+void check_clz(int n) {
+  // RECOVER: builtins.cpp:[[@LINE+1]]:17: runtime error: passing zero to clz(), which is not a valid argument
+  __builtin_clz(n);
+
+  // RECOVER: builtins.cpp:[[@LINE+1]]:18: runtime error: passing zero to clz(), which is not a valid argument
+  __builtin_clzl(n);
+
+  // RECOVER: builtins.cpp:[[@LINE+1]]:19: runtime error: passing zero to clz(), which is not a valid argument
+  __builtin_clzll(n);
+}
+
+int main() {
+  check_ctz(0);
+  check_clz(0);
+  return 0;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/coverage-levels.cc
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/coverage-levels.cc
@@ -0,0 +1,46 @@
+// Test various levels of coverage
+//
+// FIXME: Port the environment variable logic below for the lit shell.
+// REQUIRES: shell
+//
+// RUN: rm -rf %T/coverage-levels && mkdir %T/coverage-levels
+// RUN: %clangxx -fsanitize=shift                        -DGOOD_SHIFT=1 -O1 -fsanitize-coverage=func  %s -o %t
+// RUN: %env_ubsan_opts=coverage=1:verbosity=1:coverage_dir='"%T/coverage-levels"' %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1 --check-prefix=CHECK_NOWARN
+// RUN: %clangxx -fsanitize=undefined                    -DGOOD_SHIFT=1 -O1 -fsanitize-coverage=func  %s -o %t
+// RUN: %env_ubsan_opts=coverage=1:verbosity=1:coverage_dir='"%T/coverage-levels"' %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1 --check-prefix=CHECK_NOWARN
+
+// Also works without any sanitizer.
+// RUN: %clangxx                                         -DGOOD_SHIFT=1 -O1 -fsanitize-coverage=func  %s -o %t
+// RUN: %env_ubsan_opts=coverage=1:verbosity=1:coverage_dir='"%T/coverage-levels"' %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1 --check-prefix=CHECK_NOWARN
+
+// RUN: %clangxx -fsanitize=shift -O1 -fsanitize-coverage=func  %s -o %t
+// RUN: %env_ubsan_opts=coverage=1:verbosity=1:coverage_dir='"%T/coverage-levels"' %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1 --check-prefix=CHECK_WARN
+// RUN: %clangxx -fsanitize=shift -O1 -fsanitize-coverage=bb  %s -o %t
+// RUN: %env_ubsan_opts=coverage=1:verbosity=1:coverage_dir='"%T/coverage-levels"' %run %t 2>&1 | FileCheck %s --check-prefix=CHECK2 --check-prefix=CHECK_WARN
+// RUN: %clangxx -fsanitize=shift -O1 -fsanitize-coverage=edge  %s -o %t
+// RUN: %env_ubsan_opts=coverage=1:verbosity=1:coverage_dir='"%T/coverage-levels"' %run %t 2>&1 | FileCheck %s --check-prefix=CHECK3 --check-prefix=CHECK_WARN
+
+// Coverage is not yet implemented in TSan.
+// XFAIL: ubsan-tsan
+// UNSUPPORTED: ubsan-standalone-static
+
+volatile int sink;
+int main(int argc, char **argv) {
+  int shift = argc * 32;
+#if GOOD_SHIFT
+  shift = 3;
+#endif
+  if ((argc << shift) == 16)  // False.
+    return 1;
+  return 0;
+}
+
+// CHECK_WARN: shift exponent 32 is too large
+// CHECK_NOWARN-NOT: ERROR
+// FIXME: Currently, coverage instrumentation kicks in after ubsan, so we get
+// more than the minimal number of instrumented blocks.
+// FIXME: Currently, ubsan with -fno-sanitize-recover and w/o asan will fail
+// to dump coverage.
+// CHECK1:  1 PCs written
+// CHECK2:  2 PCs written
+// CHECK3:  2 PCs written
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/deduplication.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/deduplication.cpp
@@ -0,0 +1,26 @@
+// RUN: %clangxx -fsanitize=undefined %s -o %t && %run %t 2>&1 | FileCheck %s
+// Verify deduplication works by ensuring only one diag is emitted.
+#include <limits.h>
+#include <stdio.h>
+
+void overflow() {
+  int i = INT_MIN;
+  --i;
+}
+
+int main() {
+  // CHECK: Start
+  fprintf(stderr, "Start\n");
+  fflush(stderr);
+
+  // CHECK: runtime error
+  // CHECK-NOT: runtime error
+  // CHECK-NOT: runtime error
+  overflow();
+  overflow();
+  overflow();
+
+  // CHECK: End
+  fprintf(stderr, "End\n");
+  return 0;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/enum.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/enum.cpp
@@ -0,0 +1,21 @@
+// RUN: %clangxx -fsanitize=enum %s -O3 -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-PLAIN
+// RUN: %clangxx -fsanitize=enum -std=c++11 -DE="class E" %s -O3 -o %t && %run %t
+// RUN: %clangxx -fsanitize=enum -std=c++11 -DE="class E : bool" %s -O3 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-BOOL
+
+// FIXME: UBSan fails to add the correct instrumentation code for some reason on
+// Windows.
+// XFAIL: win32
+
+enum E { a = 1 } e;
+#undef E
+
+int main(int argc, char **argv) {
+  // memset(&e, 0xff, sizeof(e));
+  for (unsigned char *p = (unsigned char*)&e; p != (unsigned char*)(&e + 1); ++p)
+    *p = 0xff;
+
+  // CHECK-PLAIN: error: load of value 4294967295, which is not a valid value for type 'enum E'
+  // FIXME: Support marshalling and display of enum class values.
+  // CHECK-BOOL: error: load of value <unknown>, which is not a valid value for type 'enum E'
+  return (int)e != -1;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/log-path_test.cc
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/log-path_test.cc
@@ -0,0 +1,36 @@
+// FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316
+// XFAIL: android
+
+// The globs below do not work in the lit shell.
+// REQUIRES: shell
+
+// RUN: %clangxx -fsanitize=undefined %s -O1 -o %t
+
+// Regular run.
+// RUN: %run %t -4 2> %t.out
+// RUN: FileCheck %s --check-prefix=CHECK-ERROR < %t.out
+
+// Good log_path.
+// RUN: rm -f %t.log.*
+// RUN: %env_ubsan_opts=log_path='"%t.log"' %run %t -4 2> %t.out
+// RUN: FileCheck %s --check-prefix=CHECK-ERROR < %t.log.*
+
+// Run w/o errors should not produce any log.
+// RUN: rm -f %t.log.*
+// RUN: %env_ubsan_opts=log_path='"%t.log"'  %run %t 4
+// RUN: not cat %t.log.*
+
+// FIXME: log_path is not supported on Windows yet.
+// XFAIL: win32
+
+#include <stdio.h>
+#include <stdlib.h>
+int main(int argc, char *argv[]) {
+  double a = atof(argv[1]);
+  unsigned int ai = (unsigned int) a;
+  printf("%f %u\n", a, ai);
+  return 0;
+}
+
+// CHECK-ERROR: runtime error: -4 is outside the range of representable values of type 'unsigned int'
+
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/missing_return.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/missing_return.cpp
@@ -0,0 +1,12 @@
+// RUN: %clangxx -fsanitize=return %gmlt %s -O3 -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+// RUN: %env_ubsan_opts=print_stacktrace=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-STACKTRACE
+
+// CHECK: missing_return.cpp:[[@LINE+1]]:5: runtime error: execution reached the end of a value-returning function without returning a value
+int f() {
+// CHECK-STACKTRACE: #0 {{.*}}f{{.*}}missing_return.cpp:[[@LINE-1]]
+}
+
+int main(int, char **argv) {
+  return f();
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/no-interception.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/no-interception.cpp
@@ -0,0 +1,20 @@
+// REQUIRES: android
+
+// Tests that ubsan can detect errors on Android if libc appears before the
+// runtime in the library search order, which means that we cannot intercept
+// symbols.
+
+// RUN: %clangxx %p/Inputs/no-interception-dso.c -fsanitize=undefined -fPIC -shared -o %dynamiclib %ld_flags_rpath_so
+
+// Make sure that libc is first in DT_NEEDED.
+// RUN: %clangxx %s -lc -o %t %ld_flags_rpath_exe
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#include <limits.h>
+
+int dso_function(int);
+
+int main(int argc, char **argv) {
+  // CHECK: signed integer overflow
+  dso_function(INT_MAX);
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/nonnull-arg.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/nonnull-arg.cpp
@@ -0,0 +1,61 @@
+// RUN: %clangxx -fsanitize=nonnull-attribute -fno-sanitize-recover=all %s -O3 -o %t
+// RUN: %run %t nc
+// RUN: %run %t nm
+// RUN: %run %t nf
+// RUN: %run %t nv
+// RUN: not %run %t 0c 2>&1 | FileCheck %s --check-prefix=CTOR
+// RUN: not %run %t 0m 2>&1 | FileCheck %s --check-prefix=METHOD
+// RUN: not %run %t 0f 2>&1 | FileCheck %s --check-prefix=FUNC
+// RUN: not %run %t 0v 2>&1 | FileCheck %s --check-prefix=VARIADIC
+//
+// AArch64 lacks variadic instrumentation for MSAN.
+// REQUIRES: stable-runtime
+
+class C {
+  int *null_;
+  int *nonnull_;
+
+public:
+  C(int *null, __attribute__((nonnull)) int *nonnull)
+      : null_(null), nonnull_(nonnull) {}
+  int value() { return *nonnull_; }
+  int method(int *nonnull, int *null) __attribute__((nonnull(2))) {
+    return *nonnull_ + *nonnull;
+  }
+};
+
+__attribute__((nonnull)) int func(int *nonnull) { return *nonnull; }
+
+#include <stdarg.h>
+__attribute__((nonnull)) int variadic(int x, ...) {
+  va_list args;
+  va_start(args, x);
+  int *nonnull = va_arg(args, int*);
+  int res = *nonnull;
+  va_end(args);
+  return res;
+}
+
+int main(int argc, char *argv[]) {
+  int local = 0;
+  int *arg = (argv[1][0] == '0') ? 0x0 : &local;
+  switch (argv[1][1]) {
+    case 'c':
+      return C(0x0, arg).value();
+      // CTOR: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:21: runtime error: null pointer passed as argument 2, which is declared to never be null
+      // CTOR-NEXT: {{.*}}nonnull-arg.cpp:19:31: note: nonnull attribute specified here
+    case 'm':
+      return C(0x0, &local).method(arg, 0x0);
+      // METHOD: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:36: runtime error: null pointer passed as argument 1, which is declared to never be null
+      // METHOD-NEXT: {{.*}}nonnull-arg.cpp:22:54: note: nonnull attribute specified here
+    case 'f':
+      return func(arg);
+      // FUNC: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:19: runtime error: null pointer passed as argument 1, which is declared to never be null
+      // FUNC-NEXT: {{.*}}nonnull-arg.cpp:27:16: note: nonnull attribute specified here
+    case 'v':
+      return variadic(42, arg);
+    // VARIADIC: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:27: runtime error: null pointer passed as argument 2, which is declared to never be null
+    // VARIADIC-NEXT: {{.*}}nonnull-arg.cpp:30:16: note: nonnull attribute specified here
+  }
+  return 0;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/nonnull.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/nonnull.cpp
@@ -0,0 +1,42 @@
+// RUN: %clangxx -fsanitize=returns-nonnull-attribute -w %s -O3 -o %t
+// RUN: %run %t foo 2>&1 | count 0
+// RUN: %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx -fsanitize=returns-nonnull-attribute -fno-sanitize-recover=returns-nonnull-attribute -w %s -O3 -o %t.abort
+// RUN: not %run %t.abort &> /dev/null
+
+__attribute__((returns_nonnull)) char *foo(char *a);
+
+char *foo(char *a) {
+  // CHECK: nonnull.cpp:[[@LINE+2]]:3: runtime error: null pointer returned from function declared to never return null
+  // CHECK-NEXT: nonnull.cpp:[[@LINE-4]]:16: note: returns_nonnull attribute specified here
+  return a;
+}
+
+__attribute__((returns_nonnull)) char *bar(int x, char *a) {
+  if (x > 10) {
+    // CHECK: nonnull.cpp:[[@LINE+2]]:5: runtime error: null pointer returned from function declared to never return null
+    // CHECK-NEXT: nonnull.cpp:[[@LINE-3]]:16: note: returns_nonnull attribute specified here
+    return a;
+  } else {
+    // CHECK: nonnull.cpp:[[@LINE+2]]:5: runtime error: null pointer returned from function declared to never return null
+    // CHECK-NEXT: nonnull.cpp:[[@LINE-7]]:16: note: returns_nonnull attribute specified here
+    return a;
+  }
+}
+
+int main(int argc, char **argv) {
+  char *a = argv[1];
+
+  foo(a);
+
+  bar(20, a);
+
+  // We expect to see a runtime error the first time we cover the "else"...
+  bar(5, a);
+
+  // ... but not a second time.
+  // CHECK-NOT: runtime error
+  bar(5, a);
+
+  return 0;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/nullability.c
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/nullability.c
@@ -0,0 +1,62 @@
+// RUN: %clang -w -fsanitize=nullability-arg,nullability-assign,nullability-return %s -O3 -o %t
+// RUN: %run %t foo 2>&1 | count 0
+// RUN: %run %t 2>&1 | FileCheck %s
+
+// CHECK: nullability.c:[[@LINE+2]]:41: runtime error: null pointer returned from function declared to never return null
+// CHECK-NEXT: nullability.c:[[@LINE+1]]:6: note: _Nonnull return type annotation specified here
+int *_Nonnull nonnull_retval1(int *p) { return p; }
+
+// CHECK: nullability.c:1001:22: runtime error: null pointer passed as argument 2, which is declared to never be null
+// CHECK-NEXT: nullability.c:[[@LINE+1]]:56: note: _Nonnull type annotation specified here
+int *_Nonnull nonnull_retval2(int *_Nonnull arg1, int *_Nonnull arg2,
+                              int *_Nullable arg3, int *arg4, int arg5, ...) {
+  return arg1;
+}
+
+// CHECK: nullability.c:1002:15: runtime error: null pointer passed as argument 1, which is declared to never be null
+// CHECK-NEXT: nullability.c:[[@LINE+1]]:23: note: _Nonnull type annotation specified here
+void nonnull_arg(int *_Nonnull p) {}
+
+void nonnull_assign1(int *p) {
+  int *_Nonnull local;
+// CHECK: nullability.c:[[@LINE+1]]:9: runtime error: _Nonnull binding to null pointer of type 'int * _Nonnull'
+  local = p;
+}
+
+void nonnull_assign2(int *p) {
+  int *_Nonnull arr[1];
+  // CHECK: nullability.c:[[@LINE+1]]:10: runtime error: _Nonnull binding to null pointer of type 'int * _Nonnull'
+  arr[0] = p;
+}
+
+struct S1 {
+  int *_Nonnull mptr;
+};
+
+void nonnull_assign3(int *p) {
+  struct S1 s;
+  // CHECK: nullability.c:[[@LINE+1]]:10: runtime error: _Nonnull binding to null pointer of type 'int * _Nonnull'
+  s.mptr = p;
+}
+
+// CHECK: nullability.c:[[@LINE+1]]:52: runtime error: _Nonnull binding to null pointer of type 'int * _Nonnull'
+void nonnull_init1(int *p) { int *_Nonnull local = p; }
+
+// CHECK: nullability.c:[[@LINE+2]]:53: runtime error: _Nonnull binding to null pointer of type 'int * _Nonnull'
+// CHECK: nullability.c:[[@LINE+1]]:56: runtime error: _Nonnull binding to null pointer of type 'int * _Nonnull'
+void nonnull_init2(int *p) { int *_Nonnull arr[] = {p, p}; }
+
+int main(int argc, char **argv) {
+  int *p = (argc > 1) ? &argc : ((int *)0);
+
+#line 1000
+  nonnull_retval1(p);
+  nonnull_retval2(p, p, p, p, 0, 0, 0, 0);
+  nonnull_arg(p);
+  nonnull_assign1(p);
+  nonnull_assign2(p);
+  nonnull_assign3(p);
+  nonnull_init1(p);
+  nonnull_init2(p);
+  return 0;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/unreachable.cpp
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/unreachable.cpp
@@ -0,0 +1,25 @@
+// RUN: %clang %S/Inputs/returns-unexpectedly.c -O3 -c -o %t.ru.o
+// RUN: %clangxx -fsanitize=unreachable -O3 -o %t %s %t.ru.o
+// RUN: not %run %t builtin 2>&1 | FileCheck %s -check-prefix=BUILTIN
+// RUN: not %run %t noreturn-callee-marked 2>&1 | FileCheck %s -check-prefix=NORETURN1
+// RUN: not %run %t noreturn-caller-marked 2>&1 | FileCheck %s -check-prefix=NORETURN2
+
+#include <string.h>
+
+void __attribute__((noreturn)) callee_marked_noreturn() {
+  // NORETURN1: unreachable.cpp:[[@LINE+1]]:1: runtime error: execution reached an unreachable program point
+}
+
+extern "C" void __attribute__((noreturn)) returns_unexpectedly();
+
+int main(int, char **argv) {
+  if (strcmp(argv[1], "builtin") == 0)
+    // BUILTIN: unreachable.cpp:[[@LINE+1]]:5: runtime error: execution reached an unreachable program point
+    __builtin_unreachable();
+  else if (strcmp(argv[1], "noreturn-callee-marked") == 0)
+    callee_marked_noreturn();
+  else if (strcmp(argv[1], "noreturn-caller-marked") == 0)
+    // NORETURN2: unreachable.cpp:[[@LINE+1]]:5: runtime error: execution reached an unreachable program point
+    returns_unexpectedly();
+  return 0;
+}
--- a/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/vla.c
+++ b/external/llvm-project/compiler-rt/test/ubsan/TestCases/Misc/vla.c
@@ -0,0 +1,11 @@
+// RUN: %clang -fsanitize=vla-bound %s -O3 -o %t
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-MINUS-ONE
+// RUN: %run %t a 2>&1 | FileCheck %s --check-prefix=CHECK-ZERO
+// RUN: %run %t a b
+
+int main(int argc, char **argv) {
+  // CHECK-MINUS-ONE: vla.c:[[@LINE+2]]:11: runtime error: variable length array bound evaluates to non-positive value -1
+  // CHECK-ZERO: vla.c:[[@LINE+1]]:11: runtime error: variable length array bound evaluates to non-positive value 0
+  int arr[argc - 2];
+  return 0;
+}