This is an archive of the discontinued LLVM Phabricator instance.

runtime flag for use-after dtor and v simple runtime test
ClosedPublic

Authored by nmusgrave on Jul 16 2015, 4:24 PM.

Download Raw Diff

Details

Reviewers

kcc
eugenis

Diff Detail

Event Timeline

nmusgrave updated this revision to Diff 29961.Jul 16 2015, 4:24 PM

nmusgrave retitled this revision from to runtime flag for use-after dtor and v simple runtime test.

nmusgrave updated this object.

nmusgrave added reviewers: kcc, eugenis.

nmusgrave added a subscriber: cfe-commits.

eugenis added inline comments.Jul 16 2015, 4:35 PM

include/sanitizer/msan_interface.h
96	Make it "const volatile *".
lib/msan/msan_interface_internal.h
120	Don't need this.
test/msan/dtor-member.cc
2	Add -O1 and -O2 runs.
20	return is unnecessary

nmusgrave marked 3 inline comments as done.Jul 16 2015, 4:43 PM

nmusgrave added inline comments.

include/sanitizer/msan_interface.h
96	why? I was looking at msan_allocated_memory and saw the const volatile void* parameter, but don't understand why its const. Since the memory is being poisoned, shouldn't it -not- be const? ...or can the parameter be const since its not the memory at this location, but the shadow memory, that's marked as poisoned? also: naming conventions. Shouldn't it be __msan_dtor_callback? That seems to align better with the other msan runtime functions here. If so, I'll change the naming in codegen/

eugenis added inline comments.Jul 16 2015, 4:49 PM

include/sanitizer/msan_interface.h
96	This only really matters for functions the would be called from the user code. The idea is that even if some memory is "const", we can mark it as uninitialized or not. The name starts with __sanitizer because it may be implemented in other sanitizers, too. Maybe in the future. ASan can be taught to detect use-after-dtor too, for example, but with some false positives.

resolved runtime function parameters

eugenis added inline comments.Jul 17 2015, 10:16 AM

test/msan/dtor-member.cc
10	Please add run lines without (a) compiler flag and (b) runtime flag.
23	If we don't crash on the next line (in the negative test), there will be a second destructor call at the function exit, which invokes undefined behavior. Let's change the code to smth like this: unsigned long buf[1]; assert(sizeof(Simple) <= sizeof(buf)); Simple *s = new(&buf) Simple(); s->~Simple();

added tests for without compile and runtime flags

LGTM

lib/msan/msan_interceptors.cc
1011	FYI, this tag affects the wording of MSan reports. We may want to introduce a new tag, specifically for use-after-dtor. Not in this commit.
test/msan/dtor-member.cc
12	Could just call it "CHECK-NO" and save one line of code.
19	I don't think this include is needed.
37	"interfere"

This revision is now accepted and ready to land.Jul 17 2015, 1:25 PM

modified run prefix

nmusgrave added inline comments.Jul 17 2015, 4:58 PM

test/msan/dtor-member.cc
20	needed for main- can't have void main function. may rename as add more test cases.

revision alterations have been landed and changes pushed onto trunk

Revision Contents

Path

Size

include/

sanitizer/

msan_interface.h

3 lines

lib/

msan/

msan.cc

2 lines

msan_flags.inc

1 line

msan_interceptors.cc

8 lines

msan_interface_internal.h

5 lines

test/

msan/

dtor-member.cc

48 lines

Diff 30033

include/sanitizer/msan_interface.h

Show First 20 Lines • Show All 86 Lines • ▼ Show 20 Lines	#endif

/* Returns true if running under a dynamic tool (DynamoRio-based). */		/* Returns true if running under a dynamic tool (DynamoRio-based). */
int __msan_has_dynamic_component();		int __msan_has_dynamic_component();

/* Tell MSan about newly allocated memory (ex.: custom allocator).		/* Tell MSan about newly allocated memory (ex.: custom allocator).
Memory will be marked uninitialized, with origin at the call site. */		Memory will be marked uninitialized, with origin at the call site. */
void __msan_allocated_memory(const volatile void* data, size_t size);		void __msan_allocated_memory(const volatile void* data, size_t size);

		/* Tell MSan about newly destroyed memory. Mark memory as uninitialized. */
		void __sanitizer_dtor_callback(const volatile void* data, size_t size);
		eugenisUnsubmitted Not Done Reply Inline Actions Make it "const volatile ". eugenis:* Make it "const volatile *".
		nmusgraveAuthorUnsubmitted Not Done Reply Inline Actions why? I was looking at msan_allocated_memory and saw the const volatile void* parameter, but don't understand why its const. Since the memory is being poisoned, shouldn't it -not- be const? ...or can the parameter be const since its not the memory at this location, but the shadow memory, that's marked as poisoned? also: naming conventions. Shouldn't it be __msan_dtor_callback? That seems to align better with the other msan runtime functions here. If so, I'll change the naming in codegen/ nmusgrave: - why? I was looking at msan_allocated_memory and saw the const volatile void* parameter, but…
		eugenisUnsubmitted Not Done Reply Inline Actions This only really matters for functions the would be called from the user code. The idea is that even if some memory is "const", we can mark it as uninitialized or not. The name starts with __sanitizer because it may be implemented in other sanitizers, too. Maybe in the future. ASan can be taught to detect use-after-dtor too, for example, but with some false positives. eugenis: This only really matters for functions the would be called from the user code. The idea is that…

/* This function may be optionally provided by user and should return		/* This function may be optionally provided by user and should return
a string containing Msan runtime options. See msan_flags.h for details. */		a string containing Msan runtime options. See msan_flags.h for details. */
const char* __msan_default_options();		const char* __msan_default_options();

/* Sets the callback to be called right before death on error.		/* Sets the callback to be called right before death on error.
Passing 0 will unset the callback. */		Passing 0 will unset the callback. */
void __msan_set_death_callback(void (*callback)(void));		void __msan_set_death_callback(void (*callback)(void));

#ifdef __cplusplus		#ifdef __cplusplus
} // extern "C"		} // extern "C"
#endif		#endif

#endif		#endif

lib/msan/msan.cc

	Show First 20 Lines • Show All 505 Lines • ▼ Show 20 Lines
	void __msan_clear_on_return() {			void __msan_clear_on_return() {
	__msan_param_tls[0] = 0;			__msan_param_tls[0] = 0;
	}			}

	void __msan_partial_poison(const void* data, void* shadow, uptr size) {			void __msan_partial_poison(const void* data, void* shadow, uptr size) {
	internal_memcpy((void*)MEM_TO_SHADOW((uptr)data), shadow, size);			internal_memcpy((void*)MEM_TO_SHADOW((uptr)data), shadow, size);
	}			}

	void __msan_load_unpoisoned(void src, uptr size, void dst) {			void __msan_load_unpoisoned(const void src, uptr size, void dst) {
	internal_memcpy(dst, src, size);			internal_memcpy(dst, src, size);
	__msan_unpoison(dst, size);			__msan_unpoison(dst, size);
	}			}

	void __msan_set_origin(const void *a, uptr size, u32 origin) {			void __msan_set_origin(const void *a, uptr size, u32 origin) {
	if (__msan_get_track_origins()) SetOrigin(a, size, origin);			if (__msan_get_track_origins()) SetOrigin(a, size, origin);
	}			}

	▲ Show 20 Lines • Show All 116 Lines • Show Last 20 Lines

lib/msan/msan_flags.inc

	Show All 18 Lines

	MSAN_FLAG(int, exit_code, 77, "")			MSAN_FLAG(int, exit_code, 77, "")
	MSAN_FLAG(int, origin_history_size, Origin::kMaxDepth, "")			MSAN_FLAG(int, origin_history_size, Origin::kMaxDepth, "")
	MSAN_FLAG(int, origin_history_per_stack_limit, 20000, "")			MSAN_FLAG(int, origin_history_per_stack_limit, 20000, "")
	MSAN_FLAG(bool, poison_heap_with_zeroes, false, "")			MSAN_FLAG(bool, poison_heap_with_zeroes, false, "")
	MSAN_FLAG(bool, poison_stack_with_zeroes, false, "")			MSAN_FLAG(bool, poison_stack_with_zeroes, false, "")
	MSAN_FLAG(bool, poison_in_malloc, true, "")			MSAN_FLAG(bool, poison_in_malloc, true, "")
	MSAN_FLAG(bool, poison_in_free, true, "")			MSAN_FLAG(bool, poison_in_free, true, "")
				MSAN_FLAG(bool, poison_in_dtor, false, "")
	MSAN_FLAG(bool, report_umrs, true, "")			MSAN_FLAG(bool, report_umrs, true, "")
	MSAN_FLAG(bool, wrap_signals, true, "")			MSAN_FLAG(bool, wrap_signals, true, "")
	MSAN_FLAG(bool, print_stats, false, "")			MSAN_FLAG(bool, print_stats, false, "")
	MSAN_FLAG(bool, halt_on_error, !&__msan_keep_going, "")			MSAN_FLAG(bool, halt_on_error, !&__msan_keep_going, "")
	MSAN_FLAG(bool, atexit, false, "")			MSAN_FLAG(bool, atexit, false, "")
	MSAN_FLAG(int, store_context_size, 20,			MSAN_FLAG(int, store_context_size, 20,
	"Like malloc_context_size, but for uninit stores.")			"Like malloc_context_size, but for uninit stores.")

lib/msan/msan_interceptors.cc

	Show First 20 Lines • Show All 999 Lines • ▼ Show 20 Lines
	void __msan_allocated_memory(const void *data, uptr size) {			void __msan_allocated_memory(const void *data, uptr size) {
	GET_MALLOC_STACK_TRACE;			GET_MALLOC_STACK_TRACE;
	if (flags()->poison_in_malloc) {			if (flags()->poison_in_malloc) {
	stack.tag = STACK_TRACE_TAG_POISON;			stack.tag = STACK_TRACE_TAG_POISON;
	PoisonMemory(data, size, &stack);			PoisonMemory(data, size, &stack);
	}			}
	}			}

				void __sanitizer_dtor_callback(const void *data, uptr size) {
				GET_MALLOC_STACK_TRACE;
				if (flags()->poison_in_dtor) {
				stack.tag = STACK_TRACE_TAG_POISON;
				eugenisUnsubmitted Not Done Reply Inline Actions FYI, this tag affects the wording of MSan reports. We may want to introduce a new tag, specifically for use-after-dtor. Not in this commit. eugenis: FYI, this tag affects the wording of MSan reports. We may want to introduce a new tag…
				PoisonMemory(data, size, &stack);
				}
				}

	INTERCEPTOR(void , mmap, void addr, SIZE_T length, int prot, int flags,			INTERCEPTOR(void , mmap, void addr, SIZE_T length, int prot, int flags,
	int fd, OFF_T offset) {			int fd, OFF_T offset) {
	if (msan_init_is_running)			if (msan_init_is_running)
	return REAL(mmap)(addr, length, prot, flags, fd, offset);			return REAL(mmap)(addr, length, prot, flags, fd, offset);
	ENSURE_MSAN_INITED();			ENSURE_MSAN_INITED();
	if (addr && !MEM_IS_APP(addr)) {			if (addr && !MEM_IS_APP(addr)) {
	if (flags & map_fixed) {			if (flags & map_fixed) {
	*__errno_location() = errno_EINVAL;			*__errno_location() = errno_EINVAL;
	▲ Show 20 Lines • Show All 582 Lines • Show Last 20 Lines

lib/msan/msan_interface_internal.h

	Show First 20 Lines • Show All 111 Lines • ▼ Show 20 Lines

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_set_keep_going(int keep_going);			void __msan_set_keep_going(int keep_going);

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	int __msan_set_poison_in_malloc(int do_poison);			int __msan_set_poison_in_malloc(int do_poison);

	SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
	/* OPTIONAL / const char __msan_default_options();			/* OPTIONAL / const char __msan_default_options();
				eugenisUnsubmitted Done Reply Inline Actions Don't need this. eugenis: Don't need this.

	// For testing.			// For testing.
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_set_expect_umr(int expect_umr);			void __msan_set_expect_umr(int expect_umr);
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_print_shadow(const void *x, uptr size);			void __msan_print_shadow(const void *x, uptr size);
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_dump_shadow(const void *x, uptr size);			void __msan_dump_shadow(const void *x, uptr size);
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	int __msan_has_dynamic_component();			int __msan_has_dynamic_component();

	// For testing.			// For testing.
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	u32 __msan_get_umr_origin();			u32 __msan_get_umr_origin();
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_partial_poison(const void* data, void* shadow, uptr size);			void __msan_partial_poison(const void* data, void* shadow, uptr size);

	// Tell MSan about newly allocated memory (ex.: custom allocator).			// Tell MSan about newly allocated memory (ex.: custom allocator).
	// Memory will be marked uninitialized, with origin at the call site.			// Memory will be marked uninitialized, with origin at the call site.
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_allocated_memory(const void* data, uptr size);			void __msan_allocated_memory(const void* data, uptr size);

				// Tell MSan about newly destroyed memory. Memory will be marked
				// uninitialized.
				SANITIZER_INTERFACE_ATTRIBUTE
				void __sanitizer_dtor_callback(const void* data, uptr size);

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	u16 __sanitizer_unaligned_load16(const uu16 *p);			u16 __sanitizer_unaligned_load16(const uu16 *p);

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	u32 __sanitizer_unaligned_load32(const uu32 *p);			u32 __sanitizer_unaligned_load32(const uu32 *p);

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	u64 __sanitizer_unaligned_load64(const uu64 *p);			u64 __sanitizer_unaligned_load64(const uu64 *p);
	Show All 15 Lines

test/msan/dtor-member.cc

This file was added.

				// RUN: %clangxx_msan %s -fsanitize=memory -fsanitize-memory-use-after-dtor -o %t && MSAN_OPTIONS=poison_in_dtor=1 %run %t >%t.out 2>&1
				// RUN: FileCheck %s < %t.out
				eugenisUnsubmitted Done Reply Inline Actions Add -O1 and -O2 runs. eugenis: Add -O1 and -O2 runs.

				// RUN: %clangxx_msan %s -O1 -fsanitize=memory -fsanitize-memory-use-after-dtor -o %t && MSAN_OPTIONS=poison_in_dtor=1 %run %t >%t.out 2>&1
				// RUN: FileCheck %s < %t.out

				// RUN: %clangxx_msan %s -O2 -fsanitize=memory -fsanitize-memory-use-after-dtor -o %t && MSAN_OPTIONS=poison_in_dtor=1 %run %t >%t.out 2>&1
				// RUN: FileCheck %s < %t.out

				// RUN: %clangxx_msan %s -fsanitize=memory -o %t && MSAN_OPTIONS=poison_in_dtor=1 %run %t >%t.out 2>&1
				eugenisUnsubmitted Not Done Reply Inline Actions Please add run lines without (a) compiler flag and (b) runtime flag. eugenis: Please add run lines without (a) compiler flag and (b) runtime flag.
				// RUN: FileCheck %s --check-prefix=CHECK-NO-FLAG < %t.out

				eugenisUnsubmitted Not Done Reply Inline Actions Could just call it "CHECK-NO" and save one line of code. eugenis: Could just call it "CHECK-NO" and save one line of code.
				// RUN: %clangxx_msan -fsanitize=memory -fsanitize-memory-use-after-dtor %s -o %t && MSAN_OPTIONS=poison_in_dtor=0 %run %t >%t.out 2>&1
				// RUN: FileCheck %s --check-prefix=CHECK-NO-FLAG < %t.out

				#include <sanitizer/msan_interface.h>
				#include <assert.h>
				#include <stdio.h>
				#include <new>
				eugenisUnsubmitted Done Reply Inline Actions I don't think this include is needed. eugenis: I don't think this include is needed.

				eugenisUnsubmitted Done Reply Inline Actions return is unnecessary eugenis: return is unnecessary
				nmusgraveAuthorUnsubmitted Not Done Reply Inline Actions needed for main- can't have void main function. may rename as add more test cases. nmusgrave: needed for main- can't have void main function. may rename as add more test cases.
				struct Simple {
				int x_;
				Simple() {
				eugenisUnsubmitted Done Reply Inline Actions If we don't crash on the next line (in the negative test), there will be a second destructor call at the function exit, which invokes undefined behavior. Let's change the code to smth like this: unsigned long buf[1]; assert(sizeof(Simple) <= sizeof(buf)); Simple s = new(&buf) Simple(); s->~Simple(); eugenis:* If we don't crash on the next line (in the negative test), there will be a second destructor…
				x_ = 5;
				}
				~Simple() { }
				};

				int main() {
				unsigned long buf[1];
				assert(sizeof(Simple) <= sizeof(buf));

				// The placement new operator forces the object to be constructed in the
				// memory location &buf. Since objects made in this way must be explicitly
				// destroyed, there are no implicit calls inserted that would interfere with
				// test behavior.
				Simple *s = new(&buf) Simple();
				eugenisUnsubmitted Done Reply Inline Actions "interfere" eugenis: "interfere"
				s->~Simple();

				if (__msan_test_shadow(s, sizeof(*s)) != -1)
				printf("s is poisoned\n");
				else
				printf("s is not poisoned\n");
				// CHECK: s is poisoned
				// CHECK-NO-FLAG: s is not poisoned

				return 0;
				}