This is an archive of the discontinued LLVM Phabricator instance.

Differential D17129

[Compiler-rt][MSan] fix param_tls_limit test
ClosedPublic

Authored by mohit.bhakkad on Feb 10 2016, 10:20 PM.

Details

Reviewers
kcc
samsonov
eugenis
Commits
rGae945404fac2: Merging r262302: --------------------------------------------------------------…
rG94aa4d7e832b: [Compiler-rt][MSan] fix param_tls_limit test for platforms where big arguments…
rCRT262302: [Compiler-rt][MSan] fix param_tls_limit test for platforms where big arguments…
rL262302: [Compiler-rt][MSan] fix param_tls_limit test for platforms where big…
Summary

Looking at __msan_test_shadow definition, we can see that it returns index of first poisioned (uninitialized) member of the argument.

For example consider :

int i[10];
printf("\nBefore init: %d",__msan_test_shadow(&i, sizeof(i)));
i[0] = 7;
printf("\nAfter    init: %d",__msan_test_shadow(&i, sizeof(i)));

will give output:

Before init: 0
After init: 4

So to check for tls limit, I am initializing 801 size buffer till 800th value, and we can see that part which does not fit is considered fully initialized, i.e. instead of 800, __msan_test_shadow will return -1.

Please correct my understanding if its wrong, as I can see test fails on every arch except x86.

Diff Detail

Repository
rL LLVM

Event Timeline

mohit.bhakkad updated this revision to Diff 47599.Feb 10 2016, 10:20 PM
mohit.bhakkad retitled this revision from to [Compiler-rt][MSan] fix param_tls_limit test.
mohit.bhakkad updated this object.
mohit.bhakkad added reviewers: eugenis, kcc, samsonov.
mohit.bhakkad set the repository for this revision to rL LLVM.
mohit.bhakkad updated this object.
mohit.bhakkad added subscribers: slthakur, jaydeep.
mohit.bhakkad added a subscriber: llvm-commits.Feb 11 2016, 3:15 AM
eugenis edited edge metadata.Feb 11 2016, 1:06 PM

If an argument does not fit in param-tls, it becomes completely unpoisoned - not just the overflow part, but the entire argument.
I suspect that on non-x86 targets the large struct may be passed as several smaller arguments, and then the ones that fit (completely!) will be poisoned.

dsanders added a subscriber: dsanders.Feb 15 2016, 7:21 AM
In D17129#350594, @eugenis wrote:

If an argument does not fit in param-tls, it becomes completely unpoisoned - not just the overflow part, but the entire argument.
I suspect that on non-x86 targets the large struct may be passed as several smaller arguments, and then the ones that fit (completely!) will be poisoned.

I can confirm that we slice large aggregates into a series of smaller arguments (i32 on o32, i64 on n32/n64) in clang.

test/msan/param_tls_limit.cc
37 ↗(On Diff #47599)

Typo: poision

mohit.bhakkad added a comment.Feb 15 2016, 9:56 PM

Thanks,

So can we have modified test as a separate test for archs other than x86?

eugenis added a comment.Feb 16 2016, 4:11 PM

Maybe you can define PARTIAL_OVERFLOW() for the arguments that start in param-tls and end outside of it. It would be defined the same as OVERFLOW() on x86, and the same as NO_POISON() on other platforms, resulting in a slightly weaker test.

mohit.bhakkad added a comment.Feb 25 2016, 2:17 AM
In D17129#354099, @eugenis wrote:

Maybe you can define PARTIAL_OVERFLOW() for the arguments that start in param-tls and end outside of it. It would be defined the same as OVERFLOW() on x86, and the same as NO_POISON() on other platforms, resulting in a slightly weaker test.

Hi @eugenis, I didn't understood your suggestion clearly.
I understand OVERFLOW() and NO_POISON() will have same definition.

In this revision, I initiialized arguments that start in param-tls and end outside of it upto till param-tls size, so they will match condition of OVERFLOW().
Without initialing, they will match NO_OVERFLOW in archs other than x86.

What will be functionality of PARTIAL_OVERFLOW(), and if you want to keep same test for all archs, than should we initialize overflow arguments ?

eugenis added a comment.Feb 25 2016, 11:20 AM

Currently this test has OVERFLOW() and NO_OVERFLOW() checks.
Arguments that are entirely under the tls limit are poisoned on all platforms and can be checked with NO_OVERFLOW.
Arguments (at the source level) that are partially over limit are unpoisoned on X86, and partially poisoned on other platforms due to them being splitted into multiple IR arguments. We can check that with a PARTIAL_OVERFLOW() macro, defined differently based on the platform.

Please keep f_many and f_many2 tests, they are valuable.

PARTIALLY_INIT should not be necessary. If an argument partially overflows, at least the last byte of it will be unpoisoned in the callee - test for that.

mohit.bhakkad updated this revision to Diff 49166.Feb 26 2016, 1:49 AM
mohit.bhakkad edited edge metadata.

defining PARTIAL_OVERFLOW to check shadow of arguments greater than tls limit on platforms where big arguments are sliced in smaller ones.

eugenis added inline comments.Feb 26 2016, 12:39 PM
test/msan/param_tls_limit.cc
29 ↗(On Diff #49166)

800 in "&x + 800" would be 800 * sizeof(x).

something like this to test the last byte of x: (char *)(&(x) + 1) - 1

mohit.bhakkad updated this revision to Diff 49347.Feb 29 2016, 2:01 AM

Changed as suggested.

mohit.bhakkad updated this revision to Diff 49350.Feb 29 2016, 2:08 AM

Updating revision with full context patch

eugenis accepted this revision.Feb 29 2016, 1:01 PM
eugenis edited edge metadata.

LGTM

test/msan/param_tls_limit.cc
68 ↗(On Diff #49350)

This one is also PARTIAL_OVERFLOW. Does not really matter since "int", naturally, does not get split.

This revision is now accepted and ready to land.Feb 29 2016, 1:01 PM
Closed by commit rL262302: [Compiler-rt][MSan] fix param_tls_limit test for platforms where big… (authored by mohit.bhakkad). · Explain WhyFeb 29 2016, 9:58 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
test/
msan/
19 lines

Diff 49451

compiler-rt/trunk/test/msan/param_tls_limit.cc

Show All 14 Lines
// This test assumes that ParamTLS size is 800 bytes. // This test assumes that ParamTLS size is 800 bytes.
// This test passes poisoned values through function argument list. // This test passes poisoned values through function argument list.
// In case of overflow, argument is unpoisoned. // In case of overflow, argument is unpoisoned.
#define OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == -1) #define OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == -1)
// In case of no overflow, it is still poisoned. // In case of no overflow, it is still poisoned.
#define NO_OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == 0) #define NO_OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == 0)
#if defined(__x86_64__)
// In x86_64, if argument is partially outside tls, it is considered completly
// unpoisoned
#define PARTIAL_OVERFLOW(x) OVERFLOW(x)
#else
// In other archs, bigger arguments are splitted in multiple IR arguments, so
// they are considered poisoned till tls limit. Checking last byte of such arg:
#define PARTIAL_OVERFLOW(x) assert(__msan_test_shadow((char *)(&(x) + 1) - 1, 1) == -1)
#endif
template<int N> template<int N>
struct S { struct S {
char x[N]; char x[N];
}; };
void f100(S<100> s) { void f100(S<100> s) {
NO_OVERFLOW(s); NO_OVERFLOW(s);
} }
void f800(S<800> s) { void f800(S<800> s) {
NO_OVERFLOW(s); NO_OVERFLOW(s);
} }
void f801(S<801> s) { void f801(S<801> s) {
OVERFLOW(s); PARTIAL_OVERFLOW(s);
} }
void f1000(S<1000> s) { void f1000(S<1000> s) {
OVERFLOW(s); PARTIAL_OVERFLOW(s);
} }
void f_many(int a, double b, S<800> s, int c, double d) { void f_many(int a, double b, S<800> s, int c, double d) {
NO_OVERFLOW(a); NO_OVERFLOW(a);
NO_OVERFLOW(b); NO_OVERFLOW(b);
OVERFLOW(s); PARTIAL_OVERFLOW(s);
OVERFLOW(c); OVERFLOW(c);
OVERFLOW(d); OVERFLOW(d);
} }
// -8 bytes for "int a", aligned by 8 // -8 bytes for "int a", aligned by 8
// -2 to make "int c" a partial fit // -2 to make "int c" a partial fit
void f_many2(int a, S<800 - 8 - 2> s, int c, double d) { void f_many2(int a, S<800 - 8 - 2> s, int c, double d) {
NO_OVERFLOW(a); NO_OVERFLOW(a);
NO_OVERFLOW(s); NO_OVERFLOW(s);
OVERFLOW(c); PARTIAL_OVERFLOW(c);
OVERFLOW(d); OVERFLOW(d);
} }
int main(void) { int main(void) {
S<100> s100; S<100> s100;
S<800> s800; S<800> s800;
S<801> s801; S<801> s801;
S<1000> s1000; S<1000> s1000;
Show All 13 Lines