This is an archive of the discontinued LLVM Phabricator instance.

Differential D131415

Remove function name from sanitize-memory-track-origins binary.
ClosedPublic

Authored by kda on Aug 8 2022, 10:18 AM.

Details

Reviewers
vitalybuka
Commits
rG057cabd997ae: Remove function name from sanitize-memory-track-origins binary.
Summary

This work is being done to reduce the size of MSAN with track origins binary.

Builds upon: https://reviews.llvm.org/D131205

Diff Detail

Event Timeline

kda created this revision.Aug 8 2022, 10:18 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 8 2022, 10:18 AM
Herald added subscribers: Enna1, hiraditya. · View Herald Transcript
kda requested review of this revision.Aug 8 2022, 10:18 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptAug 8 2022, 10:18 AM
Herald added subscribers: llvm-commits, Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B179954: Diff 450863.Aug 8 2022, 10:19 AM
kda updated this revision to Diff 450879.Aug 8 2022, 10:58 AM

collected all updates.

Herald added a subscriber: krytarowski. · View Herald TranscriptAug 8 2022, 10:58 AM
Harbormaster completed remote builds in B179969: Diff 450879.Aug 8 2022, 1:16 PM
kda updated this revision to Diff 450927.Aug 8 2022, 1:41 PM

removed those changes found in https://reviews.llvm.org/D131205

Harbormaster completed remote builds in B180004: Diff 450927.Aug 8 2022, 5:07 PM
kda updated this revision to Diff 451317.Aug 9 2022, 4:56 PM

Refactor to address function changes and print generic message regarding location of uninitialized stack variable.

Harbormaster completed remote builds in B180289: Diff 451317.Aug 9 2022, 4:56 PM
kda edited the summary of this revision. (Show Details)Aug 10 2022, 8:57 AM
kda added a reviewer: vitalybuka.
kcc added a subscriber: kcc.Aug 10 2022, 9:04 AM

please show an error message on a non-trivial test case
(lots of variables, some defined on the same line) before and after.
Code size is important, but we cannot decrease the report quality

kda added a comment.Aug 10 2022, 9:10 AM
In D131415#3713055, @kcc wrote:

please show an error message on a non-trivial test case
(lots of variables, some defined on the same line) before and after.
Code size is important, but we cannot decrease the report quality

Where can I get the name of the variable? (I think it is buried in the debug info some place, but I would need an example to help me extract it.)
An alternative I thought of was putting this behind a flag.

kcc added a comment.Aug 10 2022, 9:16 AM

Where can I get the name of the variable? (I think it is buried in the debug info some place, but I would need an example to help me extract it.)
An alternative I thought of was putting this behind a flag.

Not sure I understand the question. MSan gets the variable names today just fine:

% cat stack-uninit.c 
void bar(int *a) {}

int main() {
  int foo;
  bar(&foo);
  if (foo) return 42;
  return 0;
}

% clang -g -fsanitize=memory -fsanitize-memory-track-origins  stack-uninit.c && ./a.out 
==389328==WARNING: MemorySanitizer: use-of-uninitialized-value
...

  Uninitialized value was created by an allocation of 'foo' in the stack frame of function 'main'
kda added a comment.Aug 10 2022, 9:28 AM
In D131415#3713065, @kcc wrote:
Uninitialized value was created by an allocation of 'foo' in the stack frame of function 'main'

Absolutely. And this change will remove foo and main from the global.
The new message is:

Uninitialized value was created on the stack (first frame below should reference the variable)

I believe that foo is somewhere else in the binary, but I don't know the code which would be required to draw it out and display it in the message.
I'm looking for a hint.

vitalybuka added inline comments.Aug 10 2022, 9:59 AM
compiler-rt/lib/msan/msan_report.cpp
43

It technically not the stack, just a frame.
Shorter message like this has the same meaning:
"Uninitialized value was created here:"

vitalybuka added inline comments.Aug 10 2022, 10:01 AM
compiler-rt/lib/msan/msan_report.cpp
43

actually we still want to note that it's on that stack

"Uninitialized value was created by an allocation in the stack frame here:"

kda updated this revision to Diff 451578.Aug 10 2022, 11:16 AM

restore the variable name to the global and fix up tests

kda updated this revision to Diff 451579.Aug 10 2022, 11:18 AM

remove unnecessary allocation (no longer writing null byte in)

kda marked an inline comment as done.Aug 10 2022, 11:19 AM

Restored variable name. (Still dropping function name.)

kda retitled this revision from Remove variable names from sanitize-memory-track-origins binary. to Remove function name from sanitize-memory-track-origins binary..Aug 10 2022, 11:20 AM
vitalybuka accepted this revision.Aug 10 2022, 11:26 AM
vitalybuka added inline comments.
compiler-rt/lib/msan/msan_report.cpp
42–43

to many %s ?

This revision is now accepted and ready to land.Aug 10 2022, 11:26 AM
vitalybuka added inline comments.Aug 10 2022, 11:30 AM
compiler-rt/lib/msan/msan_report.cpp
42–43

my mistake, it matches.

kcc added a comment.Aug 10 2022, 12:06 PM

dropping the function name is fine, we have it from the stack traces.
the variable name can't be found anywhere else because in most cases
msan is used with -gline-tables-only, i.e. DWARF doesn't have the names of locals.

Harbormaster completed remote builds in B180479: Diff 451579.Aug 10 2022, 1:57 PM
kda marked 3 inline comments as done.Aug 10 2022, 3:31 PM
kda updated this revision to Diff 451659.Aug 10 2022, 3:32 PM

sync to head

This revision was landed with ongoing or failed builds.Aug 10 2022, 3:45 PM
Closed by commit rG057cabd997ae: Remove function name from sanitize-memory-track-origins binary. (authored by kda). · Explain Why
This revision was automatically updated to reflect the committed changes.
kda added a commit: rG057cabd997ae: Remove function name from sanitize-memory-track-origins binary..
kda mentioned this in D131631: [MSAN] Separate id ptr from constant string for variable names used in track origins..Aug 10 2022, 4:30 PM
Harbormaster completed remote builds in B180545: Diff 451659.Aug 10 2022, 6:51 PM
kda added a child revision: D131631: [MSAN] Separate id ptr from constant string for variable names used in track origins..Aug 11 2022, 1:49 PM
kda added a parent revision: D131205: Desist from passing function location to __msan_set_alloca_origin4..
kda mentioned this in rGec277b67eb36: [MSAN] Separate id ptr from constant string for variable names used in track….Aug 12 2022, 8:47 AM

Revision Contents

Diff 451662

compiler-rt/lib/msan/msan_report.cpp

Show All 30 Lines
public: public:
Decorator() : SanitizerCommonDecorator() { } Decorator() : SanitizerCommonDecorator() { }
const char *Origin() const { return Magenta(); } const char *Origin() const { return Magenta(); }
const char *Name() const { return Green(); } const char *Name() const { return Green(); }
}; };
static void DescribeStackOrigin(const char *so, uptr pc) { static void DescribeStackOrigin(const char *so, uptr pc) {
Decorator d; Decorator d;
char *s = internal_strdup(so);
char *sep = internal_strchr(s, '@');
CHECK(sep);
*sep = '\0';
Printf("%s", d.Origin()); Printf("%s", d.Origin());
Printf( Printf(
" %sUninitialized value was created by an allocation of '%s%s%s'" " %sUninitialized value was created by an allocation of '%s%s%s'"
" in the stack frame of function '%s%s%s'%s\n", " in the stack frame%s\n",
d.Origin(), d.Name(), s, d.Origin(), d.Name(), sep + 1, d.Origin(), d.Origin(), d.Name(), so, d.Origin(), d.Default());
vitalybukaUnsubmitted
Done
ReplyInline Actions

It technically not the stack, just a frame.
Shorter message like this has the same meaning:
"Uninitialized value was created here:"

vitalybuka: It technically not the stack, just a frame. Shorter message like this has the same meaning…
vitalybukaUnsubmitted
Done
ReplyInline Actions

actually we still want to note that it's on that stack

"Uninitialized value was created by an allocation in the stack frame here:"

vitalybuka: actually we still want to note that it's on that stack "Uninitialized value was created by an…
vitalybukaUnsubmitted
Done
ReplyInline Actions

to many %s ?

vitalybuka: to many %s ?
vitalybukaUnsubmitted
Done
ReplyInline Actions

my mistake, it matches.

vitalybuka: my mistake, it matches.
d.Default());
InternalFree(s);
if (pc) { if (pc) {
// For some reason function address in LLVM IR is 1 less then the address // For some reason function address in LLVM IR is 1 less then the address
// of the first instruction. // of the first instruction.
pc = StackTrace::GetNextInstructionPc(pc); pc = StackTrace::GetNextInstructionPc(pc);
StackTrace(&pc, 1).Print(); StackTrace(&pc, 1).Print();
} }
} }
▲ Show 20 LinesShow All 220 LinesShow Last 20 Lines

compiler-rt/test/msan/chained_origin.cpp

Show First 20 LinesShow All 54 Lines▼ Show 20 Lines
// CHECK-SHORT-STACK: {{#0 .* in fn_h.*chained_origin.cpp:}}[[@LINE-21]] // CHECK-SHORT-STACK: {{#0 .* in fn_h.*chained_origin.cpp:}}[[@LINE-21]]
// CHECK: Uninitialized value was stored to memory at // CHECK: Uninitialized value was stored to memory at
// CHECK-FULL-STACK: {{#0 .* in fn_g.*chained_origin.cpp:}}[[@LINE-34]] // CHECK-FULL-STACK: {{#0 .* in fn_g.*chained_origin.cpp:}}[[@LINE-34]]
// CHECK-FULL-STACK: {{#1 .* in fn_f.*chained_origin.cpp:}}[[@LINE-30]] // CHECK-FULL-STACK: {{#1 .* in fn_f.*chained_origin.cpp:}}[[@LINE-30]]
// CHECK-FULL-STACK: {{#2 .* in main.*chained_origin.cpp:}}[[@LINE-16]] // CHECK-FULL-STACK: {{#2 .* in main.*chained_origin.cpp:}}[[@LINE-16]]
// CHECK-SHORT-STACK: {{#0 .* in fn_g.*chained_origin.cpp:}}[[@LINE-37]] // CHECK-SHORT-STACK: {{#0 .* in fn_g.*chained_origin.cpp:}}[[@LINE-37]]
// CHECK-STACK: Uninitialized value was created by an allocation of 'z' in the stack frame of function 'main' // CHECK-STACK: Uninitialized value was created by an allocation of 'z' in the stack frame
// CHECK-STACK: {{#0 .* in main.*chained_origin.cpp:}}[[@LINE-22]] // CHECK-STACK: {{#0 .* in main.*chained_origin.cpp:}}[[@LINE-22]]
// CHECK-HEAP: Uninitialized value was created by a heap allocation // CHECK-HEAP: Uninitialized value was created by a heap allocation
// CHECK-HEAP: {{#1 .* in main.*chained_origin.cpp:}}[[@LINE-28]] // CHECK-HEAP: {{#1 .* in main.*chained_origin.cpp:}}[[@LINE-28]]

compiler-rt/test/msan/chained_origin_empty_stack.cpp

// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -O3 %s -o %t && \ // RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -O3 %s -o %t && \
// RUN: MSAN_OPTIONS=store_context_size=1 not %run %t 2>&1 | FileCheck %s // RUN: MSAN_OPTIONS=store_context_size=1 not %run %t 2>&1 | FileCheck %s
// Test that stack trace for the intermediate store is not empty. // Test that stack trace for the intermediate store is not empty.
// CHECK: MemorySanitizer: use-of-uninitialized-value // CHECK: MemorySanitizer: use-of-uninitialized-value
// CHECK: #0 {{.*}} in main // CHECK: #0 {{.*}} in main
// CHECK: Uninitialized value was stored to memory at // CHECK: Uninitialized value was stored to memory at
// CHECK: #0 {{.*}} in fn_g // CHECK: #0 {{.*}} in fn_g
// CHECK-NOT: #1 // CHECK-NOT: #1
// CHECK: Uninitialized value was created by an allocation of 'z' in the stack frame of function 'main' // CHECK: Uninitialized value was created by an allocation of 'z' in the stack frame
// CHECK: #0 {{.*}} in main // CHECK: #0 {{.*}} in main
#include <stdio.h> #include <stdio.h>
volatile int x; volatile int x;
__attribute__((noinline)) __attribute__((noinline))
void fn_g(int a) { void fn_g(int a) {
Show All 13 Lines

compiler-rt/test/msan/chained_origin_memcpy.cpp

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines
// CHECK-FULL-STACK: {{#1 .* in fn_h.*chained_origin_memcpy.cpp:}}[[@LINE-15]] // CHECK-FULL-STACK: {{#1 .* in fn_h.*chained_origin_memcpy.cpp:}}[[@LINE-15]]
// CHECK-SHORT-STACK: {{#0 .* in __msan_memcpy.*msan_interceptors.cpp:}} // CHECK-SHORT-STACK: {{#0 .* in __msan_memcpy.*msan_interceptors.cpp:}}
// CHECK: Uninitialized value was stored to memory at // CHECK: Uninitialized value was stored to memory at
// CHECK-FULL-STACK: {{#0 .* in fn_g.*chained_origin_memcpy.cpp:}}[[@LINE-29]] // CHECK-FULL-STACK: {{#0 .* in fn_g.*chained_origin_memcpy.cpp:}}[[@LINE-29]]
// CHECK-FULL-STACK: {{#1 .* in fn_f.*chained_origin_memcpy.cpp:}}[[@LINE-25]] // CHECK-FULL-STACK: {{#1 .* in fn_f.*chained_origin_memcpy.cpp:}}[[@LINE-25]]
// CHECK-SHORT-STACK: {{#0 .* in fn_g.*chained_origin_memcpy.cpp:}}[[@LINE-31]] // CHECK-SHORT-STACK: {{#0 .* in fn_g.*chained_origin_memcpy.cpp:}}[[@LINE-31]]
// CHECK-Z1: Uninitialized value was created by an allocation of 'z1' in the stack frame of function 'main' // CHECK-Z1: Uninitialized value was created by an allocation of 'z1' in the stack frame
// CHECK-Z2: Uninitialized value was created by an allocation of 'z2' in the stack frame of function 'main' // CHECK-Z2: Uninitialized value was created by an allocation of 'z2' in the stack frame
// CHECK-Z1: {{#0 .* in main.*chained_origin_memcpy.cpp:}}[[@LINE-21]] // CHECK-Z1: {{#0 .* in main.*chained_origin_memcpy.cpp:}}[[@LINE-21]]
// CHECK-Z2: {{#0 .* in main.*chained_origin_memcpy.cpp:}}[[@LINE-21]] // CHECK-Z2: {{#0 .* in main.*chained_origin_memcpy.cpp:}}[[@LINE-21]]

compiler-rt/test/msan/chained_origin_memmove.cpp

Show First 20 LinesShow All 46 Lines▼ Show 20 Lines
// CHECK-FULL-STACK: {{#1 .* in fn_h.*chained_origin_memmove.cpp:}}[[@LINE-15]] // CHECK-FULL-STACK: {{#1 .* in fn_h.*chained_origin_memmove.cpp:}}[[@LINE-15]]
// CHECK-SHORT-STACK: {{#0 .* in __msan_memmove.*msan_interceptors.cpp:}} // CHECK-SHORT-STACK: {{#0 .* in __msan_memmove.*msan_interceptors.cpp:}}
// CHECK: Uninitialized value was stored to memory at // CHECK: Uninitialized value was stored to memory at
// CHECK-FULL-STACK: {{#0 .* in fn_g.*chained_origin_memmove.cpp:}}[[@LINE-27]] // CHECK-FULL-STACK: {{#0 .* in fn_g.*chained_origin_memmove.cpp:}}[[@LINE-27]]
// CHECK-FULL-STACK: {{#1 .* in fn_f.*chained_origin_memmove.cpp:}}[[@LINE-24]] // CHECK-FULL-STACK: {{#1 .* in fn_f.*chained_origin_memmove.cpp:}}[[@LINE-24]]
// CHECK-SHORT-STACK: {{#0 .* in fn_g.*chained_origin_memmove.cpp:}}[[@LINE-29]] // CHECK-SHORT-STACK: {{#0 .* in fn_g.*chained_origin_memmove.cpp:}}[[@LINE-29]]
// CHECK-Z1: Uninitialized value was created by an allocation of 'z1' in the stack frame of function 'main' // CHECK-Z1: Uninitialized value was created by an allocation of 'z1' in the stack frame
// CHECK-Z2: Uninitialized value was created by an allocation of 'z2' in the stack frame of function 'main' // CHECK-Z2: Uninitialized value was created by an allocation of 'z2' in the stack frame
// CHECK-Z1: {{#0 .* in main.*chained_origin_memmove.cpp:}}[[@LINE-21]] // CHECK-Z1: {{#0 .* in main.*chained_origin_memmove.cpp:}}[[@LINE-21]]
// CHECK-Z2: {{#0 .* in main.*chained_origin_memmove.cpp:}}[[@LINE-21]] // CHECK-Z2: {{#0 .* in main.*chained_origin_memmove.cpp:}}[[@LINE-21]]

compiler-rt/test/msan/msan_print_shadow.cpp

Show First 20 LinesShow All 100 Lines▼ Show 20 Lines
// CHECK-ORIGINS: Origin B (origin_id {{.*}}): // CHECK-ORIGINS: Origin B (origin_id {{.*}}):
// CHECK-ORIGINS: Memory was marked as uninitialized // CHECK-ORIGINS: Memory was marked as uninitialized
// CHECK-ORIGINS: #0 {{.*}} in __msan_allocated_memory // CHECK-ORIGINS: #0 {{.*}} in __msan_allocated_memory
// CHECK-ORIGINS: #1 {{.*}} in main{{.*}}msan_print_shadow.cpp:18 // CHECK-ORIGINS: #1 {{.*}} in main{{.*}}msan_print_shadow.cpp:18
// CHECK-ORIGINS: Origin C (origin_id {{.*}}): // CHECK-ORIGINS: Origin C (origin_id {{.*}}):
// CHECK-ORIGINS-2: Uninitialized value was stored to memory at // CHECK-ORIGINS-2: Uninitialized value was stored to memory at
// CHECK-ORIGINS-2: #0 {{.*}} in main{{.*}}msan_print_shadow.cpp:48 // CHECK-ORIGINS-2: #0 {{.*}} in main{{.*}}msan_print_shadow.cpp:48
// CHECK-ORIGINS: Uninitialized value was created by an allocation of 'x' in the stack frame of function 'main' // CHECK-ORIGINS: Uninitialized value was created by an allocation of 'x' in the stack frame
// CHECK-ORIGINS: #0 {{.*}} in main{{.*}}msan_print_shadow.cpp:13 // CHECK-ORIGINS: #0 {{.*}} in main{{.*}}msan_print_shadow.cpp:13
// CHECK-ORIGINS: Origin D (origin_id {{.*}}): // CHECK-ORIGINS: Origin D (origin_id {{.*}}):
// CHECK-ORIGINS: Memory was marked as uninitialized // CHECK-ORIGINS: Memory was marked as uninitialized
// CHECK-ORIGINS: #0 {{.*}} in __msan_allocated_memory // CHECK-ORIGINS: #0 {{.*}} in __msan_allocated_memory
// CHECK-ORIGINS: #1 {{.*}} in main{{.*}}msan_print_shadow.cpp:20 // CHECK-ORIGINS: #1 {{.*}} in main{{.*}}msan_print_shadow.cpp:20
// ... // ...
// CHECK-ORIGINS: Origin Z (origin_id {{.*}}): // CHECK-ORIGINS: Origin Z (origin_id {{.*}}):
// CHECK-ORIGINS: Memory was marked as uninitialized // CHECK-ORIGINS: Memory was marked as uninitialized
// CHECK-ORIGINS: #0 {{.*}} in __msan_allocated_memory // CHECK-ORIGINS: #0 {{.*}} in __msan_allocated_memory
// CHECK-ORIGINS: #1 {{.*}} in main{{.*}}msan_print_shadow.cpp:42 // CHECK-ORIGINS: #1 {{.*}} in main{{.*}}msan_print_shadow.cpp:42

compiler-rt/test/msan/report-demangling.cpp

// Test that function name is mangled in the "created by an allocation" line, // Test that function name is mangled in the "created by an allocation" line,
// and demangled in the single-frame "stack trace" that follows. // and demangled in the single-frame "stack trace" that follows.
// RUN: %clangxx_msan -fsanitize-memory-track-origins -O0 %s -o %t && not %run %t >%t.out 2>&1 // RUN: %clangxx_msan -fsanitize-memory-track-origins -O0 %s -o %t && not %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out && FileCheck %s < %t.out // RUN: FileCheck %s < %t.out && FileCheck %s < %t.out
__attribute__((noinline)) __attribute__((noinline))
int f() { int f() {
int x; int x;
int *volatile p = &x; int *volatile p = &x;
return *p; return *p;
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
return f(); return f();
// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
// CHECK: Uninitialized value was created by an allocation of 'x' in the stack frame of function '_Z1fv' // CHECK: Uninitialized value was created by an allocation of 'x' in the stack frame
// CHECK: #0 {{.*}} in f{{.*}} {{.*}}report-demangling.cpp:[[@LINE-9]] // CHECK: #0 {{.*}} in f{{.*}} {{.*}}report-demangling.cpp:[[@LINE-9]]
} }

compiler-rt/test/msan/select_origin.cpp

Show All 11 Linesint *max_by_ptr(int *a, int *b) {
return *a < *b ? b : a; return *a < *b ? b : a;
} }
int main(void) { int main(void) {
int x; int x;
int *volatile px = &x; int *volatile px = &x;
int y = 43; int y = 43;
int *p = max_by_ptr(px, &y); int *p = max_by_ptr(px, &y);
// CHECK: Uninitialized value was created by an allocation of 'x' in the stack frame of function 'main' // CHECK: Uninitialized value was created by an allocation of 'x' in the stack frame
return *p; return *p;
} }

compiler-rt/test/msan/stack-origin.cpp

Show All 18 Lines
#include <stdlib.h> #include <stdlib.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
int x; int x;
int *volatile p = &x; int *volatile p = &x;
return *p; return *p;
// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
// CHECK: {{#0 0x.* in main .*stack-origin.cpp:}}[[@LINE-2]] // CHECK: {{#0 0x.* in main .*stack-origin.cpp:}}[[@LINE-2]]
// CHECK-ORIGINS: Uninitialized value was created by an allocation of 'x' in the stack frame of function 'main' // CHECK-ORIGINS: Uninitialized value was created by an allocation of 'x' in the stack frame
// CHECK-ORIGINS: {{#0 0x.* in main .*stack-origin.cpp:}}[[@LINE-7]] // CHECK-ORIGINS: {{#0 0x.* in main .*stack-origin.cpp:}}[[@LINE-7]]
// CHECK: SUMMARY: MemorySanitizer: use-of-uninitialized-value {{.*stack-origin.cpp:.* main}} // CHECK: SUMMARY: MemorySanitizer: use-of-uninitialized-value {{.*stack-origin.cpp:.* main}}
} }

compiler-rt/test/msan/stack-origin2.cpp

Show All 28 Linesint f(int depth) {
return *p; return *p;
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
return f(1); return f(1);
// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
// CHECK: {{#0 0x.* in main .*stack-origin2.cpp:}}[[@LINE-2]] // CHECK: {{#0 0x.* in main .*stack-origin2.cpp:}}[[@LINE-2]]
// CHECK-ORIGINS: Uninitialized value was created by an allocation of 'x' in the stack frame of function 'f' // CHECK-ORIGINS: Uninitialized value was created by an allocation of 'x' in the stack frame
// CHECK-ORIGINS: {{#0 0x.* in f .*stack-origin2.cpp:}}[[@LINE-11]] // CHECK-ORIGINS: {{#0 0x.* in f .*stack-origin2.cpp:}}[[@LINE-11]]
// CHECK: SUMMARY: MemorySanitizer: use-of-uninitialized-value {{.*stack-origin2.cpp:.* main}} // CHECK: SUMMARY: MemorySanitizer: use-of-uninitialized-value {{.*stack-origin2.cpp:.* main}}
} }

compiler-rt/test/msan/unaligned_read_origin.cpp

// RUN: %clangxx_msan -fsanitize-memory-track-origins -O0 %s -o %t && not %run %t >%t.out 2>&1 // RUN: %clangxx_msan -fsanitize-memory-track-origins -O0 %s -o %t && not %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out && FileCheck %s < %t.out // RUN: FileCheck %s < %t.out && FileCheck %s < %t.out
// RUN: %clangxx_msan -fsanitize-memory-track-origins -O3 %s -o %t && not %run %t >%t.out 2>&1 // RUN: %clangxx_msan -fsanitize-memory-track-origins -O3 %s -o %t && not %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out && FileCheck %s < %t.out // RUN: FileCheck %s < %t.out && FileCheck %s < %t.out
#include <sanitizer/msan_interface.h> #include <sanitizer/msan_interface.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
int x; int x;
int *volatile p = &x; int *volatile p = &x;
return __sanitizer_unaligned_load32(p); return __sanitizer_unaligned_load32(p);
// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
// CHECK: {{#0 0x.* in main .*unaligned_read_origin.cpp:}}[[@LINE-2]] // CHECK: {{#0 0x.* in main .*unaligned_read_origin.cpp:}}[[@LINE-2]]
// CHECK: Uninitialized value was created by an allocation of 'x' in the stack frame of function 'main' // CHECK: Uninitialized value was created by an allocation of 'x' in the stack frame
// CHECK: {{#0 0x.* in main .*unaligned_read_origin.cpp:}}[[@LINE-6]] // CHECK: {{#0 0x.* in main .*unaligned_read_origin.cpp:}}[[@LINE-6]]
} }

compiler-rt/test/msan/vararg.cpp

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines if (strcmp(argv[1], "overflow") == 0) {
a, a, a, a, a, a, uninit a, a, a, a, a, a, uninit
); );
} }
} }
return 0; return 0;
} }
// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
// CHECK-ORIGIN: Uninitialized value was created by an allocation of 'uninit' in the stack frame of function 'main' // CHECK-ORIGIN: Uninitialized value was created by an allocation of 'uninit' in the stack frame

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp

Show First 20 LinesShow All 3,869 Lines▼ Show 20 Lines
Value *getLocalVarDescription(AllocaInst &I) { Value *getLocalVarDescription(AllocaInst &I) {
SmallString<2048> StackDescriptionStorage; SmallString<2048> StackDescriptionStorage;
raw_svector_ostream StackDescription(StackDescriptionStorage); raw_svector_ostream StackDescription(StackDescriptionStorage);
// We create a string with a description of the stack allocation and // We create a string with a description of the stack allocation and
// pass it into __msan_set_alloca_origin. // pass it into __msan_set_alloca_origin.
// It will be printed by the run-time if stack-originated UMR is found. // It will be printed by the run-time if stack-originated UMR is found.
// The first 4 bytes of the string are set to '----' and will be replaced // The first 4 bytes of the string are set to '----' and will be replaced
// by __msan_va_arg_overflow_size_tls at the first call. // by __msan_va_arg_overflow_size_tls at the first call.
StackDescription << "----" << I.getName() << "@" << F.getName(); StackDescription << "----" << I.getName();
return createPrivateNonConstGlobalForString(*F.getParent(), return createPrivateNonConstGlobalForString(*F.getParent(),
StackDescription.str()); StackDescription.str());
} }
void poisonAllocaUserspace(AllocaInst &I, IRBuilder<> &IRB, Value *Len) { void poisonAllocaUserspace(AllocaInst &I, IRBuilder<> &IRB, Value *Len) {
if (PoisonStack && ClPoisonStackWithCall) { if (PoisonStack && ClPoisonStackWithCall) {
IRB.CreateCall(MS.MsanPoisonStackFn, IRB.CreateCall(MS.MsanPoisonStackFn,
{IRB.CreatePointerCast(&I, IRB.getInt8PtrTy()), Len}); {IRB.CreatePointerCast(&I, IRB.getInt8PtrTy()), Len});
▲ Show 20 LinesShow All 1,482 LinesShow Last 20 Lines