This is an archive of the discontinued LLVM Phabricator instance.

Port msan and stand-alone lsan to Android
Needs ReviewPublic

Authored by thurston on Jul 19 2016, 4:19 PM.

Download Raw Diff

Details

Reviewers

Summary

thread cannot be used for lsan or msan on Android, because its emutls implementation relies on functions that will be intercepted. This revision replaces thread with a struct stored in TLS_SLOT_TSAN.

msan requires corresponding changes (D22550) to LLVM MemorySanitizer.cpp.

Diff Detail

Event Timeline

thurston updated this revision to Diff 64596.Jul 19 2016, 4:19 PM

thurston retitled this revision from to Port msan and stand-alone lsan to Android.

thurston updated this object.

thurston added a reviewer: eugenis.

thurston added a project: Restricted Project.

Herald added subscribers: kubamracek, srhines, danalbert, tberghammer. · View Herald TranscriptJul 19 2016, 4:19 PM

thurston mentioned this in D22550: Port MemorySanitizer.cpp (compiler transform) to Android.Jul 19 2016, 4:20 PM

thurston updated this object.

Please reupload with context, see http://llvm.org/docs/Phabricator.html (git diff -U999999).

Reuploaded with context

This is way too intrusive.
How about something like this:

keep LSan allocator cache thread-local on non-Android, store a pointer to it in TLS_SLOT_TSAN on Android. Implement Cache *getAllocatorCache() function that would do the right thing depending on the platform.

Move the contents of MsanTLSSlotStruct directly into MsanThread so that they can be accessed as, for example, getCurrentThread()->in_interceptor_scope. This might slow down other platforms a little bit, but that's acceptable. Again, no #ifdefs - the same code on all platforms. Change __msan::GetCurrentThread to use TLS_SLOT_TSAN on Android and a usual thread-local var on other platforms.

It would be easier to review if you did one of the tools first (maybe LSan?) and uploaded that as a separate change.

lib/lsan/lsan.cc
16	No system headers in this file. This code should go in sanitizer_common as something similar to InstallDeadlySignalHandlers. We can use it in other sanitizers to dump allocator stats, for example. Please upload it as a separate change.
111	This should be done after the flags are initialized. Add a flag "handle_sighup" to sanitizer_flags.inc.
133	No need for #if / #endif
lib/msan/msan.cc
424	I imagine this would be very bad for performance and code size. Instead, move these arrays to the beginning of MsanThread so that their offsets for TLS_SLOT_TSAN can be hardcoded and compile-time verified. Then make the compiler (MemorySanitizer.cpp) emit the tls access code inline. Search for "getIRStackGuard" for inspiration.
lib/sanitizer_common/sanitizer_platform_limits_posix.cc
238	move from under #if
lib/sanitizer_common/sanitizer_platform_limits_posix.h
177	There is the same declaration 9 lines below.

thurston mentioned this in D22631: Port stand-alone lsan to Android (revised).Jul 21 2016, 9:54 AM

In D22549#490474, @eugenis wrote:

This is way too intrusive.
How about something like this:

Move the contents of MsanTLSSlotStruct directly into MsanThread so that they can be accessed as, for example, getCurrentThread()->in_interceptor_scope. This might slow down other platforms a little bit, but that's acceptable. Again, no #ifdefs - the same code on all platforms. Change __msan::GetCurrentThread to use TLS_SLOT_TSAN on Android and a usual thread-local var on other platforms.

For MSan, would it be ok if I:

changed the compiler instrumentation to the emit the MsanTLSSlot access code inline
and used a GetTLS()-like abstraction to access MsanTLSSlot variables
but not move the MsanTLSSlot contents into MsanThread (i.e., keep the current separation of variables between struct MsanTLSSlot and MsanThread)?

There's a few variables (e.g., in_interceptor_scope) that are accessed very early on, before MsanThread::Create() has been (or can be) called. If I moved all TLS variables into MsanThread, I could allocate MsanThread in the TLS_SLOT as soon as in_interceptor_scope is needed, but some of the MsanThread contents are not initialized until MsanThread::Create()+SetCurrentThread(). This means Create and SetCurrentThread would no longer be handling the entire MsanThread state, which is a bit confusing, and difficult for the pthread_create interceptor (which uses Create+SetCurrentThread).

In D22549#497725, @thurston wrote:

In D22549#490474, @eugenis wrote:

This is way too intrusive.
How about something like this:

Move the contents of MsanTLSSlotStruct directly into MsanThread so that they can be accessed as, for example, getCurrentThread()->in_interceptor_scope. This might slow down other platforms a little bit, but that's acceptable. Again, no #ifdefs - the same code on all platforms. Change __msan::GetCurrentThread to use TLS_SLOT_TSAN on Android and a usual thread-local var on other platforms.

For MSan, would it be ok if I:

changed the compiler instrumentation to the emit the MsanTLSSlot access code inline

and used a GetTLS()-like abstraction to access MsanTLSSlot variables

but not move the MsanTLSSlot contents into MsanThread (i.e., keep the current separation of variables between struct MsanTLSSlot and MsanThread)?

There's a few variables (e.g., in_interceptor_scope) that are accessed very early on, before MsanThread::Create() has been (or can be) called. If I moved all TLS variables into MsanThread, I could allocate MsanThread in the TLS_SLOT as soon as in_interceptor_scope is needed, but some of the MsanThread contents are not initialized until MsanThread::Create()+SetCurrentThread(). This means Create and SetCurrentThread would no longer be handling the entire MsanThread state, which is a bit confusing, and difficult for the pthread_create interceptor (which uses Create+SetCurrentThread).

OK, sounds reasonable.

thurston mentioned this in D23369: Port msan to Android (revised).Aug 10 2016, 1:21 PM

Revision Contents

Path

Size

lib/

lsan/

45 lines

62 lines

76 lines

2 lines

16 lines

5 lines

12 lines

msan/

63 lines

167 lines

4 lines

39 lines

msan_interface_internal.h

24 lines

msan_linux.cc

28 lines

msan_poisoning.cc

6 lines

msan_thread.cc

2 lines

sanitizer_common/

sanitizer_platform_limits_posix.h

5 lines

sanitizer_platform_limits_posix.cc

8 lines

Diff 64616

lib/lsan/lsan.cc

//=-- lsan.cc -------------------------------------------------------------===//		//=-- lsan.cc -------------------------------------------------------------===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
// This file is a part of LeakSanitizer.		// This file is a part of LeakSanitizer.
// Standalone LSan RTL.		// Standalone LSan RTL.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

		#include <signal.h>
		#include <syslog.h>
		eugenisUnsubmitted Not Done Reply Inline Actions No system headers in this file. This code should go in sanitizer_common as something similar to InstallDeadlySignalHandlers. We can use it in other sanitizers to dump allocator stats, for example. Please upload it as a separate change. eugenis: No system headers in this file. This code should go in sanitizer_common as something similar to…

#include "lsan.h"		#include "lsan.h"

#include "sanitizer_common/sanitizer_flags.h"		#include "sanitizer_common/sanitizer_flags.h"
#include "sanitizer_common/sanitizer_flag_parser.h"		#include "sanitizer_common/sanitizer_flag_parser.h"
#include "sanitizer_common/sanitizer_stacktrace.h"		#include "sanitizer_common/sanitizer_stacktrace.h"
#include "lsan_allocator.h"		#include "lsan_allocator.h"
#include "lsan_common.h"		#include "lsan_common.h"
#include "lsan_thread.h"		#include "lsan_thread.h"

bool lsan_inited;		bool lsan_inited;
bool lsan_init_is_running;		bool lsan_init_is_running;

namespace __lsan {		namespace __lsan {

///// Interface to the common LSan module. /////		///// Interface to the common LSan module. /////
bool WordIsPoisoned(uptr addr) {		bool WordIsPoisoned(uptr addr) {
return false;		return false;
}		}

} // namespace __lsan		} // namespace __lsan

using namespace __lsan; // NOLINT		using namespace __lsan; // NOLINT


		#if SANITIZER_ANDROID
		extern "C" {
		int __lsan_do_recoverable_leak_check();
		}


		static void mySigHandler (int sig) {
		Printf ("Performing recoverable leak check ...\n");
		int result = __lsan_do_recoverable_leak_check ();
		Printf ("Leak result: %d\n", result);
		}


		static void SetSIGHUPHandler() {
		sigset_t set;
		if (sigfillset (&set) != 0) {
		Printf ("Failed to fill signal set\n");
		}

		struct sigaction act;
		act.sa_handler = &mySigHandler;
		act.sa_mask = set;
		act.sa_flags = 0;

		if (sigaction (SIGHUP, &act, NULL) != 0) {
		Printf ("Failed to set signal handler\n");
		}
		}
		#endif // SANITIZER_ANDROID


static void InitializeFlags() {		static void InitializeFlags() {
// Set all the default values.		// Set all the default values.
SetCommonFlagsDefaults();		SetCommonFlagsDefaults();
{		{
CommonFlags cf;		CommonFlags cf;
cf.CopyFrom(*common_flags());		cf.CopyFrom(*common_flags());
cf.external_symbolizer_path = GetEnv("LSAN_SYMBOLIZER_PATH");		cf.external_symbolizer_path = GetEnv("LSAN_SYMBOLIZER_PATH");
cf.malloc_context_size = 30;		cf.malloc_context_size = 30;
Show All 19 Lines	static void InitializeFlags() {
if (common_flags()->help) parser.PrintFlagDescriptions();		if (common_flags()->help) parser.PrintFlagDescriptions();
}		}

extern "C" void __lsan_init() {		extern "C" void __lsan_init() {
CHECK(!lsan_init_is_running);		CHECK(!lsan_init_is_running);
if (lsan_inited)		if (lsan_inited)
return;		return;
lsan_init_is_running = true;		lsan_init_is_running = true;

		#if SANITIZER_ANDROID
		EnsureTLSSlotInit();
		SetSIGHUPHandler();
		eugenisUnsubmitted Not Done Reply Inline Actions This should be done after the flags are initialized. Add a flag "handle_sighup" to sanitizer_flags.inc. eugenis: This should be done after the flags are initialized. Add a flag "handle_sighup" to…
		#endif // SANITIZER_ANDROID

SanitizerToolName = "LeakSanitizer";		SanitizerToolName = "LeakSanitizer";
CacheBinaryName();		CacheBinaryName();
AvoidCVE_2016_2143();		AvoidCVE_2016_2143();
InitializeFlags();		InitializeFlags();
InitCommonLsan();		InitCommonLsan();
InitializeAllocator();		InitializeAllocator();
InitTlsSize();		InitTlsSize();
InitializeInterceptors();		InitializeInterceptors();
InitializeThreadRegistry();		InitializeThreadRegistry();
u32 tid = ThreadCreate(0, 0, true);		u32 tid = ThreadCreate(0, 0, true);
CHECK_EQ(tid, 0);		CHECK_EQ(tid, 0);
ThreadStart(tid, GetTid());		ThreadStart(tid, GetTid());
SetCurrentThread(tid);		SetCurrentThread(tid);

if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit)		if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit)
Atexit(DoLeakCheck);		Atexit(DoLeakCheck);

InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir);		InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir);

		#if SANITIZER_ANDROID
		eugenisUnsubmitted Not Done Reply Inline Actions No need for #if / #endif eugenis: No need for #if / #endif
		AndroidLogInit();
		#endif

lsan_inited = true;		lsan_inited = true;
lsan_init_is_running = false;		lsan_init_is_running = false;
}		}

extern "C" SANITIZER_INTERFACE_ATTRIBUTE		extern "C" SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_print_stack_trace() {		void __sanitizer_print_stack_trace() {
GET_STACK_TRACE_FATAL;		GET_STACK_TRACE_FATAL;
stack.Print();		stack.Print();
}		}

lib/lsan/lsan_allocator.h

	Show All 12 Lines
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#ifndef LSAN_ALLOCATOR_H			#ifndef LSAN_ALLOCATOR_H
	#define LSAN_ALLOCATOR_H			#define LSAN_ALLOCATOR_H

	#include "sanitizer_common/sanitizer_common.h"			#include "sanitizer_common/sanitizer_common.h"
	#include "sanitizer_common/sanitizer_internal_defs.h"			#include "sanitizer_common/sanitizer_internal_defs.h"

				#include "lsan_common.h"


				#if SANITIZER_ANDROID
				// Voodoo from tsan
				#if defined(__aarch64__)
				# define __get_tls() ({ void** __val; __asm__("mrs %0, tpidr_el0" : "=r"(__val)); __val; })
				#elif defined(__x86_64__)
				# define __get_tls() ({ void** __val; __asm__("mov %%fs:0, %0" : "=r"(__val)); __val; })
				#else
				#error unsupported architecture
				#endif
				#endif // SANITIZER_ANDROID


				static const int TLS_SLOT_TSAN = 8;


				#define LsanTLSSlotBigStruct ((struct LsanTLSSlotBig*)(__get_tls()[TLS_SLOT_TSAN]))


	namespace __lsan {			namespace __lsan {


				struct ChunkMetadata {
				u8 allocated : 8; // Must be first.
				ChunkTag tag : 2;
				uptr requested_size : 54;
				u32 stack_trace_id;
				};

				#if defined(__mips64) \|\| defined(__aarch64__)
				static const uptr kMaxAllowedMallocSize = 4UL << 30;
				static const uptr kRegionSizeLog = 20;
				static const uptr kNumRegions = SANITIZER_MMAP_RANGE_SIZE >> kRegionSizeLog;
				typedef TwoLevelByteMap<(kNumRegions >> 12), 1 << 12> ByteMap;
				typedef CompactSizeClassMap SizeClassMap;
				typedef SizeClassAllocator32<0, SANITIZER_MMAP_RANGE_SIZE,
				sizeof(ChunkMetadata), SizeClassMap, kRegionSizeLog, ByteMap>
				PrimaryAllocator;
				#else
				static const uptr kMaxAllowedMallocSize = 8UL << 30;
				static const uptr kAllocatorSpace = 0x600000000000ULL;
				static const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
				typedef SizeClassAllocator64<kAllocatorSpace, kAllocatorSize,
				sizeof(ChunkMetadata), DefaultSizeClassMap> PrimaryAllocator;
				#endif
				typedef SizeClassAllocatorLocalCache<PrimaryAllocator> AllocatorCache;
				typedef LargeMmapAllocator<> SecondaryAllocator;
				typedef CombinedAllocator<PrimaryAllocator, AllocatorCache,
				SecondaryAllocator> Allocator;


				#if SANITIZER_ANDROID
				struct LsanTLSSlotBig {
				int disable_counter_D;
				u32 current_thread_tid_D;
				AllocatorCache cache_D;
				};
				#endif // SANITIZER_ANDROID


	void *Allocate(const StackTrace &stack, uptr size, uptr alignment,			void *Allocate(const StackTrace &stack, uptr size, uptr alignment,
	bool cleared);			bool cleared);
	void Deallocate(void *p);			void Deallocate(void *p);
	void Reallocate(const StackTrace &stack, void p, uptr new_size,			void Reallocate(const StackTrace &stack, void p, uptr new_size,
	uptr alignment);			uptr alignment);
	uptr GetMallocUsableSize(const void *p);			uptr GetMallocUsableSize(const void *p);

	template<typename Callable>			template<typename Callable>
	void ForEachChunk(const Callable &callback);			void ForEachChunk(const Callable &callback);

	void GetAllocatorCacheRange(uptr begin, uptr end);			void GetAllocatorCacheRange(uptr begin, uptr end);
	void AllocatorThreadFinish();			void AllocatorThreadFinish();
	void InitializeAllocator();			void InitializeAllocator();

				void EnsureTLSSlotInit(void);

	} // namespace __lsan			} // namespace __lsan

	#endif // LSAN_ALLOCATOR_H			#endif // LSAN_ALLOCATOR_H

lib/lsan/lsan_allocator.cc

	Show All 13 Lines

	#include "lsan_allocator.h"			#include "lsan_allocator.h"

	#include "sanitizer_common/sanitizer_allocator.h"			#include "sanitizer_common/sanitizer_allocator.h"
	#include "sanitizer_common/sanitizer_allocator_interface.h"			#include "sanitizer_common/sanitizer_allocator_interface.h"
	#include "sanitizer_common/sanitizer_internal_defs.h"			#include "sanitizer_common/sanitizer_internal_defs.h"
	#include "sanitizer_common/sanitizer_stackdepot.h"			#include "sanitizer_common/sanitizer_stackdepot.h"
	#include "sanitizer_common/sanitizer_stacktrace.h"			#include "sanitizer_common/sanitizer_stacktrace.h"
	#include "lsan_common.h"

	extern "C" void memset(void ptr, int value, uptr num);			extern "C" void memset(void ptr, int value, uptr num);

	namespace __lsan {			namespace __lsan {

	struct ChunkMetadata {
	u8 allocated : 8; // Must be first.
	ChunkTag tag : 2;
	uptr requested_size : 54;
	u32 stack_trace_id;
	};

	#if defined(__mips64) \|\| defined(__aarch64__)
	static const uptr kMaxAllowedMallocSize = 4UL << 30;
	static const uptr kRegionSizeLog = 20;
	static const uptr kNumRegions = SANITIZER_MMAP_RANGE_SIZE >> kRegionSizeLog;
	typedef TwoLevelByteMap<(kNumRegions >> 12), 1 << 12> ByteMap;
	typedef CompactSizeClassMap SizeClassMap;
	typedef SizeClassAllocator32<0, SANITIZER_MMAP_RANGE_SIZE,
	sizeof(ChunkMetadata), SizeClassMap, kRegionSizeLog, ByteMap>
	PrimaryAllocator;
	#else
	static const uptr kMaxAllowedMallocSize = 8UL << 30;
	static const uptr kAllocatorSpace = 0x600000000000ULL;
	static const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
	typedef SizeClassAllocator64<kAllocatorSpace, kAllocatorSize,
	sizeof(ChunkMetadata), DefaultSizeClassMap> PrimaryAllocator;
	#endif
	typedef SizeClassAllocatorLocalCache<PrimaryAllocator> AllocatorCache;
	typedef LargeMmapAllocator<> SecondaryAllocator;
	typedef CombinedAllocator<PrimaryAllocator, AllocatorCache,
	SecondaryAllocator> Allocator;

	static Allocator allocator;			static Allocator allocator;
				#if !SANITIZER_ANDROID
	static THREADLOCAL AllocatorCache cache;			static THREADLOCAL AllocatorCache cache;
				#endif // !SANITIZER_ANDROID

				#if SANITIZER_ANDROID
				void EnsureTLSSlotInit(void) {
				if (LsanTLSSlotBigStruct == nullptr) {
				struct LsanTLSSlotBig* tlsSlotBigStruct
				= (struct LsanTLSSlotBig*) MmapOrDie (sizeof (struct LsanTLSSlotBig), "tlsSlotBigStruct", false);
				Printf ("%d calloc'ed tls slot big struct %p (size %d)\n",
				GetTid(), tlsSlotBigStruct, sizeof (struct LsanTLSSlotBig));

				unsigned long i;
				for (i = 0; i < sizeof (struct LsanTLSSlotBig); i++) {
				((char*) tlsSlotBigStruct) [i] = 0;
				}

				tlsSlotBigStruct->disable_counter_D = 0; // Redundant
				tlsSlotBigStruct->current_thread_tid_D = -1; // kInvalidTid;

				__get_tls()[TLS_SLOT_TSAN] = tlsSlotBigStruct;
				}
				}
				#endif // SANITIZER_ANDROID

	void InitializeAllocator() {			void InitializeAllocator() {
	allocator.InitLinkerInitialized(common_flags()->allocator_may_return_null);			allocator.InitLinkerInitialized(common_flags()->allocator_may_return_null);
	}			}

	void AllocatorThreadFinish() {			void AllocatorThreadFinish() {
				#if SANITIZER_ANDROID
				allocator.SwallowCache(&(LsanTLSSlotBigStruct->cache_D));
				#else
	allocator.SwallowCache(&cache);			allocator.SwallowCache(&cache);
				#endif // SANITIZER_ANDROID
	}			}

	static ChunkMetadata Metadata(const void p) {			static ChunkMetadata Metadata(const void p) {
	return reinterpret_cast<ChunkMetadata *>(allocator.GetMetaData(p));			return reinterpret_cast<ChunkMetadata *>(allocator.GetMetaData(p));
	}			}

	static void RegisterAllocation(const StackTrace &stack, void *p, uptr size) {			static void RegisterAllocation(const StackTrace &stack, void *p, uptr size) {
	if (!p) return;			if (!p) return;
	Show All 15 Lines
	void *Allocate(const StackTrace &stack, uptr size, uptr alignment,			void *Allocate(const StackTrace &stack, uptr size, uptr alignment,
	bool cleared) {			bool cleared) {
	if (size == 0)			if (size == 0)
	size = 1;			size = 1;
	if (size > kMaxAllowedMallocSize) {			if (size > kMaxAllowedMallocSize) {
	Report("WARNING: LeakSanitizer failed to allocate %zu bytes\n", size);			Report("WARNING: LeakSanitizer failed to allocate %zu bytes\n", size);
	return nullptr;			return nullptr;
	}			}
				#if SANITIZER_ANDROID
				void *p = allocator.Allocate(&(LsanTLSSlotBigStruct->cache_D), size, alignment, false);
				#else
	void *p = allocator.Allocate(&cache, size, alignment, false);			void *p = allocator.Allocate(&cache, size, alignment, false);
				#endif // SANITIZER_ANDROID
	// Do not rely on the allocator to clear the memory (it's slow).			// Do not rely on the allocator to clear the memory (it's slow).
	if (cleared && allocator.FromPrimary(p))			if (cleared && allocator.FromPrimary(p))
	memset(p, 0, size);			memset(p, 0, size);
	RegisterAllocation(stack, p, size);			RegisterAllocation(stack, p, size);
	if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(p, size);			if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(p, size);
	RunMallocHooks(p, size);			RunMallocHooks(p, size);
	return p;			return p;
	}			}

	void Deallocate(void *p) {			void Deallocate(void *p) {
	if (&__sanitizer_free_hook) __sanitizer_free_hook(p);			if (&__sanitizer_free_hook) __sanitizer_free_hook(p);
	RunFreeHooks(p);			RunFreeHooks(p);
	RegisterDeallocation(p);			RegisterDeallocation(p);
				#if SANITIZER_ANDROID
				allocator.Deallocate(&(LsanTLSSlotBigStruct->cache_D), p);
				#else
	allocator.Deallocate(&cache, p);			allocator.Deallocate(&cache, p);
				#endif // SANITIZER_ANDROID
	}			}

	void Reallocate(const StackTrace &stack, void p, uptr new_size,			void Reallocate(const StackTrace &stack, void p, uptr new_size,
	uptr alignment) {			uptr alignment) {
	RegisterDeallocation(p);			RegisterDeallocation(p);
	if (new_size > kMaxAllowedMallocSize) {			if (new_size > kMaxAllowedMallocSize) {
	Report("WARNING: LeakSanitizer failed to allocate %zu bytes\n", new_size);			Report("WARNING: LeakSanitizer failed to allocate %zu bytes\n", new_size);
				#if SANITIZER_ANDROID
				allocator.Deallocate(&(LsanTLSSlotBigStruct->cache_D), p);
				#else
	allocator.Deallocate(&cache, p);			allocator.Deallocate(&cache, p);
				#endif // SANITIZER_ANDROID
	return nullptr;			return nullptr;
	}			}
				#if SANITIZER_ANDROID
				p = allocator.Reallocate(&(LsanTLSSlotBigStruct->cache_D), p, new_size, alignment);
				#else
	p = allocator.Reallocate(&cache, p, new_size, alignment);			p = allocator.Reallocate(&cache, p, new_size, alignment);
				#endif // SANITIZER_ANDROID
	RegisterAllocation(stack, p, new_size);			RegisterAllocation(stack, p, new_size);
	return p;			return p;
	}			}

	void GetAllocatorCacheRange(uptr begin, uptr end) {			void GetAllocatorCacheRange(uptr begin, uptr end) {
				#if SANITIZER_ANDROID
				*begin = (uptr)&(LsanTLSSlotBigStruct->cache_D);
				end = begin + sizeof(LsanTLSSlotBigStruct->cache_D);
				#else
	*begin = (uptr)&cache;			*begin = (uptr)&cache;
	end = begin + sizeof(cache);			end = begin + sizeof(cache);
				#endif // SANITIZER_ANDROID
	}			}

	uptr GetMallocUsableSize(const void *p) {			uptr GetMallocUsableSize(const void *p) {
	ChunkMetadata *m = Metadata(p);			ChunkMetadata *m = Metadata(p);
	if (!m) return 0;			if (!m) return 0;
	return m->requested_size;			return m->requested_size;
	}			}

	▲ Show 20 Lines • Show All 116 Lines • Show Last 20 Lines

lib/lsan/lsan_common.h

	Show All 16 Lines

	#include "sanitizer_common/sanitizer_allocator.h"			#include "sanitizer_common/sanitizer_allocator.h"
	#include "sanitizer_common/sanitizer_common.h"			#include "sanitizer_common/sanitizer_common.h"
	#include "sanitizer_common/sanitizer_internal_defs.h"			#include "sanitizer_common/sanitizer_internal_defs.h"
	#include "sanitizer_common/sanitizer_platform.h"			#include "sanitizer_common/sanitizer_platform.h"
	#include "sanitizer_common/sanitizer_stoptheworld.h"			#include "sanitizer_common/sanitizer_stoptheworld.h"
	#include "sanitizer_common/sanitizer_symbolizer.h"			#include "sanitizer_common/sanitizer_symbolizer.h"

	#if (SANITIZER_LINUX && !SANITIZER_ANDROID) && (SANITIZER_WORDSIZE == 64) \			#if (SANITIZER_LINUX) && (SANITIZER_WORDSIZE == 64) \
	&& (defined(__x86_64__) \|\| defined(__mips64) \|\| defined(__aarch64__))			&& (defined(__x86_64__) \|\| defined(__mips64) \|\| defined(__aarch64__))
	#define CAN_SANITIZE_LEAKS 1			#define CAN_SANITIZE_LEAKS 1
	#else			#else
	#define CAN_SANITIZE_LEAKS 0			#define CAN_SANITIZE_LEAKS 0
	#endif			#endif

	namespace __sanitizer {			namespace __sanitizer {
	class FlagParser;			class FlagParser;
	▲ Show 20 Lines • Show All 164 Lines • Show Last 20 Lines

lib/lsan/lsan_common.cc

	//=-- lsan_common.cc ------------------------------------------------------===//			//=-- lsan_common.cc ------------------------------------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	// This file is a part of LeakSanitizer.			// This file is a part of LeakSanitizer.
	// Implementation of common leak checking functionality.			// Implementation of common leak checking functionality.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "lsan_common.h"			#include "lsan_common.h"

				#include "lsan_allocator.h"

	#include "sanitizer_common/sanitizer_common.h"			#include "sanitizer_common/sanitizer_common.h"
	#include "sanitizer_common/sanitizer_flags.h"			#include "sanitizer_common/sanitizer_flags.h"
	#include "sanitizer_common/sanitizer_flag_parser.h"			#include "sanitizer_common/sanitizer_flag_parser.h"
	#include "sanitizer_common/sanitizer_placement_new.h"			#include "sanitizer_common/sanitizer_placement_new.h"
	#include "sanitizer_common/sanitizer_procmaps.h"			#include "sanitizer_common/sanitizer_procmaps.h"
	#include "sanitizer_common/sanitizer_stackdepot.h"			#include "sanitizer_common/sanitizer_stackdepot.h"
	#include "sanitizer_common/sanitizer_stacktrace.h"			#include "sanitizer_common/sanitizer_stacktrace.h"
	#include "sanitizer_common/sanitizer_suppressions.h"			#include "sanitizer_common/sanitizer_suppressions.h"
	#include "sanitizer_common/sanitizer_report_decorator.h"			#include "sanitizer_common/sanitizer_report_decorator.h"
	#include "sanitizer_common/sanitizer_tls_get_addr.h"			#include "sanitizer_common/sanitizer_tls_get_addr.h"

	#if CAN_SANITIZE_LEAKS			#if CAN_SANITIZE_LEAKS
	namespace __lsan {			namespace __lsan {

	// This mutex is used to prevent races between DoLeakCheck and IgnoreObject, and			// This mutex is used to prevent races between DoLeakCheck and IgnoreObject, and
	// also to protect the global list of root regions.			// also to protect the global list of root regions.
	BlockingMutex global_mutex(LINKER_INITIALIZED);			BlockingMutex global_mutex(LINKER_INITIALIZED);

				#if SANITIZER_ANDROID
				THREADLOCAL int disable_counter;
				bool DisabledInThisThread() { return LsanTLSSlotBigStruct->disable_counter_D > 0; }
				void DisableInThisThread() { LsanTLSSlotBigStruct->disable_counter_D++; }
				void EnableInThisThread() {
				if (!LsanTLSSlotBigStruct->disable_counter_D && common_flags()->detect_leaks) {
				Report("Unmatched call to __lsan_enable().\n");
				Die();
				}
				LsanTLSSlotBigStruct->disable_counter_D--;
				}
				#else
	THREADLOCAL int disable_counter;			THREADLOCAL int disable_counter;
	bool DisabledInThisThread() { return disable_counter > 0; }			bool DisabledInThisThread() { return disable_counter > 0; }
	void DisableInThisThread() { disable_counter++; }			void DisableInThisThread() { disable_counter++; }
	void EnableInThisThread() {			void EnableInThisThread() {
	if (!disable_counter && common_flags()->detect_leaks) {			if (!disable_counter && common_flags()->detect_leaks) {
	Report("Unmatched call to __lsan_enable().\n");			Report("Unmatched call to __lsan_enable().\n");
	Die();			Die();
	}			}
	disable_counter--;			disable_counter--;
	}			}
				#endif // SANITIZER_ANDROID


	Flags lsan_flags;			Flags lsan_flags;

	void Flags::SetDefaults() {			void Flags::SetDefaults() {
	#define LSAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;			#define LSAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
	#include "lsan_flags.inc"			#include "lsan_flags.inc"
	#undef LSAN_FLAG			#undef LSAN_FLAG
	}			}
	▲ Show 20 Lines • Show All 707 Lines • Show Last 20 Lines

lib/lsan/lsan_flags.inc

Show All 24 Lines	LSAN_FLAG(
"zero, the entire stack trace must match.")		"zero, the entire stack trace must match.")
LSAN_FLAG(int, max_leaks, 0, "The number of leaks reported.")		LSAN_FLAG(int, max_leaks, 0, "The number of leaks reported.")

// Flags controlling the root set of reachable memory.		// Flags controlling the root set of reachable memory.
LSAN_FLAG(bool, use_globals, true,		LSAN_FLAG(bool, use_globals, true,
"Root set: include global variables (.data and .bss)")		"Root set: include global variables (.data and .bss)")
LSAN_FLAG(bool, use_stacks, true, "Root set: include thread stacks")		LSAN_FLAG(bool, use_stacks, true, "Root set: include thread stacks")
LSAN_FLAG(bool, use_registers, true, "Root set: include thread registers")		LSAN_FLAG(bool, use_registers, true, "Root set: include thread registers")
		#if SANITIZER_ANDROID
		LSAN_FLAG(bool, use_tls, false,
		"Root set: include TLS and thread-specific storage")
		#else
LSAN_FLAG(bool, use_tls, true,		LSAN_FLAG(bool, use_tls, true,
"Root set: include TLS and thread-specific storage")		"Root set: include TLS and thread-specific storage")
		#endif // SANITIZER_ANDROID
LSAN_FLAG(bool, use_root_regions, true,		LSAN_FLAG(bool, use_root_regions, true,
"Root set: include regions added via __lsan_register_root_region().")		"Root set: include regions added via __lsan_register_root_region().")
LSAN_FLAG(bool, use_ld_allocations, true,		LSAN_FLAG(bool, use_ld_allocations, true,
"Root set: mark as reachable all allocations made from dynamic "		"Root set: mark as reachable all allocations made from dynamic "
"linker. This was the old way to handle dynamic TLS, and will "		"linker. This was the old way to handle dynamic TLS, and will "
"be removed soon. Do not use this flag.")		"be removed soon. Do not use this flag.")

LSAN_FLAG(bool, use_unaligned, false, "Consider unaligned pointers valid.")		LSAN_FLAG(bool, use_unaligned, false, "Consider unaligned pointers valid.")
LSAN_FLAG(bool, use_poisoned, false,		LSAN_FLAG(bool, use_poisoned, false,
"Consider pointers found in poisoned memory to be valid.")		"Consider pointers found in poisoned memory to be valid.")
LSAN_FLAG(bool, log_pointers, false, "Debug logging")		LSAN_FLAG(bool, log_pointers, false, "Debug logging")
LSAN_FLAG(bool, log_threads, false, "Debug logging")		LSAN_FLAG(bool, log_threads, false, "Debug logging")
LSAN_FLAG(const char *, suppressions, "", "Suppressions file name.")		LSAN_FLAG(const char *, suppressions, "", "Suppressions file name.")

lib/lsan/lsan_thread.cc

	Show All 19 Lines
	#include "sanitizer_common/sanitizer_tls_get_addr.h"			#include "sanitizer_common/sanitizer_tls_get_addr.h"
	#include "lsan_allocator.h"			#include "lsan_allocator.h"

	namespace __lsan {			namespace __lsan {

	const u32 kInvalidTid = (u32) -1;			const u32 kInvalidTid = (u32) -1;

	static ThreadRegistry *thread_registry;			static ThreadRegistry *thread_registry;
				#if !SANITIZER_ANDROID
	static THREADLOCAL u32 current_thread_tid = kInvalidTid;			static THREADLOCAL u32 current_thread_tid = kInvalidTid;
				#endif // SANITIZER_ANDROID

	static ThreadContextBase *CreateThreadContext(u32 tid) {			static ThreadContextBase *CreateThreadContext(u32 tid) {
	void *mem = MmapOrDie(sizeof(ThreadContext), "ThreadContext");			void *mem = MmapOrDie(sizeof(ThreadContext), "ThreadContext");
	return new(mem) ThreadContext(tid);			return new(mem) ThreadContext(tid);
	}			}

	static const uptr kMaxThreads = 1 << 13;			static const uptr kMaxThreads = 1 << 13;
	static const uptr kThreadQuarantineSize = 64;			static const uptr kThreadQuarantineSize = 64;

	void InitializeThreadRegistry() {			void InitializeThreadRegistry() {
	static char thread_registry_placeholder[sizeof(ThreadRegistry)] ALIGNED(64);			static char thread_registry_placeholder[sizeof(ThreadRegistry)] ALIGNED(64);
	thread_registry = new(thread_registry_placeholder)			thread_registry = new(thread_registry_placeholder)
	ThreadRegistry(CreateThreadContext, kMaxThreads, kThreadQuarantineSize);			ThreadRegistry(CreateThreadContext, kMaxThreads, kThreadQuarantineSize);
	}			}

	u32 GetCurrentThread() {			u32 GetCurrentThread() {
				#if SANITIZER_ANDROID
				return LsanTLSSlotBigStruct->current_thread_tid_D;
				#else
	return current_thread_tid;			return current_thread_tid;
				#endif // SANITIZER_ANDROID
	}			}

	void SetCurrentThread(u32 tid) {			void SetCurrentThread(u32 tid) {
				#if SANITIZER_ANDROID
				EnsureTLSSlotInit();

				LsanTLSSlotBigStruct->current_thread_tid_D = tid;
				#else
	current_thread_tid = tid;			current_thread_tid = tid;
				#endif // SANITIZER_ANDROID
	}			}

	ThreadContext::ThreadContext(int tid)			ThreadContext::ThreadContext(int tid)
	: ThreadContextBase(tid),			: ThreadContextBase(tid),
	stack_begin_(0),			stack_begin_(0),
	stack_end_(0),			stack_end_(0),
	cache_begin_(0),			cache_begin_(0),
	cache_end_(0),			cache_end_(0),
	▲ Show 20 Lines • Show All 110 Lines • Show Last 20 Lines

lib/msan/msan.h

	Show All 16 Lines

	#include "sanitizer_common/sanitizer_flags.h"			#include "sanitizer_common/sanitizer_flags.h"
	#include "sanitizer_common/sanitizer_internal_defs.h"			#include "sanitizer_common/sanitizer_internal_defs.h"
	#include "sanitizer_common/sanitizer_stacktrace.h"			#include "sanitizer_common/sanitizer_stacktrace.h"
	#include "msan_interface_internal.h"			#include "msan_interface_internal.h"
	#include "msan_flags.h"			#include "msan_flags.h"
	#include "ubsan/ubsan_platform.h"			#include "ubsan/ubsan_platform.h"

				#if SANITIZER_ANDROID
				#include "msan_thread.h"
				#endif // SANITIZER_ANDROID

	#ifndef MSAN_REPLACE_OPERATORS_NEW_AND_DELETE			#ifndef MSAN_REPLACE_OPERATORS_NEW_AND_DELETE
	# define MSAN_REPLACE_OPERATORS_NEW_AND_DELETE 1			# define MSAN_REPLACE_OPERATORS_NEW_AND_DELETE 1
	#endif			#endif

				#if SANITIZER_ANDROID
				#define MSAN_CONTAINS_UBSAN 0
				#endif // SANITIZER_ANDROID

	#ifndef MSAN_CONTAINS_UBSAN			#ifndef MSAN_CONTAINS_UBSAN
	# define MSAN_CONTAINS_UBSAN CAN_SANITIZE_UB			# define MSAN_CONTAINS_UBSAN CAN_SANITIZE_UB
	#endif			#endif

	struct MappingDesc {			struct MappingDesc {
	uptr start;			uptr start;
	uptr end;			uptr end;
	enum Type {			enum Type {
	▲ Show 20 Lines • Show All 174 Lines • ▼ Show 20 Lines
	#define MEM_IS_APP(mem) addr_is_type((uptr)(mem), MappingDesc::APP)			#define MEM_IS_APP(mem) addr_is_type((uptr)(mem), MappingDesc::APP)
	#define MEM_IS_SHADOW(mem) addr_is_type((uptr)(mem), MappingDesc::SHADOW)			#define MEM_IS_SHADOW(mem) addr_is_type((uptr)(mem), MappingDesc::SHADOW)
	#define MEM_IS_ORIGIN(mem) addr_is_type((uptr)(mem), MappingDesc::ORIGIN)			#define MEM_IS_ORIGIN(mem) addr_is_type((uptr)(mem), MappingDesc::ORIGIN)

	// These constants must be kept in sync with the ones in MemorySanitizer.cc.			// These constants must be kept in sync with the ones in MemorySanitizer.cc.
	const int kMsanParamTlsSize = 800;			const int kMsanParamTlsSize = 800;
	const int kMsanRetvalTlsSize = 800;			const int kMsanRetvalTlsSize = 800;

				#if SANITIZER_ANDROID

				// Voodoo from tsan
				#if defined(__aarch64__)
				# define __get_tls() ({ void** __val; __asm__("mrs %0, tpidr_el0" : "=r"(__val)); __val; })
				#elif defined(__x86_64__)
				# define __get_tls() ({ void** __val; __asm__("mov %%fs:0, %0" : "=r"(__val)); __val; })
				#else
				#error unsupported architecture
				#endif

				static const int TLS_SLOT_TSAN = 8;


				struct MsanTLSSlot {
				int dummy;

				__msan::MsanThread* thread_D;

				int in_interceptor_scope_D;
				int is_in_symbolizer_D;

				int msan_expect_umr_D = 0;
				int msan_expected_umr_found_D = 0;

				SANITIZER_INTERFACE_ATTRIBUTE
				u64 __msan_param_tls_D[kMsanParamTlsSize / sizeof(u64)];

				SANITIZER_INTERFACE_ATTRIBUTE
				u32 __msan_param_origin_tls_D[kMsanParamTlsSize / sizeof(u32)];

				SANITIZER_INTERFACE_ATTRIBUTE
				u64 __msan_retval_tls_D[kMsanRetvalTlsSize / sizeof(u64)];

				SANITIZER_INTERFACE_ATTRIBUTE
				u32 __msan_retval_origin_tls_D;

				SANITIZER_INTERFACE_ATTRIBUTE
				ALIGNED(16) u64 __msan_va_arg_tls_D[kMsanParamTlsSize / sizeof(u64)];

				SANITIZER_INTERFACE_ATTRIBUTE
				u64 __msan_va_arg_overflow_size_tls_D;

				SANITIZER_INTERFACE_ATTRIBUTE
				u32 __msan_origin_tls_D;
				};


				#define MsanTLSSlotStruct ((struct MsanTLSSlot*)(__get_tls()[TLS_SLOT_TSAN]))


				void EnsureTLSSlotInit(void);
				#endif // SANITIZER_ANDROID


	namespace __msan {			namespace __msan {
	extern int msan_inited;			extern int msan_inited;
	extern bool msan_init_is_running;			extern bool msan_init_is_running;
	extern int msan_report_count;			extern int msan_report_count;

	bool ProtectRange(uptr beg, uptr end);			bool ProtectRange(uptr beg, uptr end);
	bool InitShadow(bool init_origins);			bool InitShadow(bool init_origins);
	char *GetProcSelfMaps();			char *GetProcSelfMaps();
	▲ Show 20 Lines • Show All 103 Lines • Show Last 20 Lines

lib/msan/msan.cc

Show All 27 Lines
#include "sanitizer_common/sanitizer_stackdepot.h"		#include "sanitizer_common/sanitizer_stackdepot.h"
#include "ubsan/ubsan_flags.h"		#include "ubsan/ubsan_flags.h"
#include "ubsan/ubsan_init.h"		#include "ubsan/ubsan_init.h"

// ACHTUNG! No system header includes in this file.		// ACHTUNG! No system header includes in this file.

using namespace __sanitizer;		using namespace __sanitizer;

		#if !SANITIZER_ANDROID
// Globals.		// Globals.
static THREADLOCAL int msan_expect_umr = 0;		static THREADLOCAL int msan_expect_umr = 0;
static THREADLOCAL int msan_expected_umr_found = 0;		static THREADLOCAL int msan_expected_umr_found = 0;

// Function argument shadow. Each argument starts at the next available 8-byte		// Function argument shadow. Each argument starts at the next available 8-byte
// aligned address.		// aligned address.
SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSize / sizeof(u64)];		THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSize / sizeof(u64)];
Show All 15 Lines

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_va_arg_overflow_size_tls;		THREADLOCAL u64 __msan_va_arg_overflow_size_tls;

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_origin_tls;		THREADLOCAL u32 __msan_origin_tls;

static THREADLOCAL int is_in_symbolizer;		static THREADLOCAL int is_in_symbolizer;
		#endif // SANITIZER_ANDROID

extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_track_origins;		extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_track_origins;

int __msan_get_track_origins() {		int __msan_get_track_origins() {
return &__msan_track_origins ? __msan_track_origins : 0;		return &__msan_track_origins ? __msan_track_origins : 0;
}		}

extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_keep_going;		extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_keep_going;

namespace __msan {		namespace __msan {

		#if SANITIZER_ANDROID
		void EnterSymbolizer() { ++(MsanTLSSlotStruct->is_in_symbolizer_D); }
		void ExitSymbolizer() { --(MsanTLSSlotStruct->is_in_symbolizer_D); }
		bool IsInSymbolizer() { return MsanTLSSlotStruct->is_in_symbolizer_D; }
		#else
void EnterSymbolizer() { ++is_in_symbolizer; }		void EnterSymbolizer() { ++is_in_symbolizer; }
void ExitSymbolizer() { --is_in_symbolizer; }		void ExitSymbolizer() { --is_in_symbolizer; }
bool IsInSymbolizer() { return is_in_symbolizer; }		bool IsInSymbolizer() { return is_in_symbolizer; }
		#endif // SANITIZER_ANDROID

static Flags msan_flags;		static Flags msan_flags;

Flags *flags() {		Flags *flags() {
return &msan_flags;		return &msan_flags;
}		}

int msan_inited = 0;		int msan_inited = 0;
▲ Show 20 Lines • Show All 136 Lines • ▼ Show 20 Lines	if (!t \|\| !StackTrace::WillUseFastUnwind(request_fast_unwind)) {
SymbolizerScope sym_scope;		SymbolizerScope sym_scope;
return stack->Unwind(max_s, pc, bp, nullptr, 0, 0, request_fast_unwind);		return stack->Unwind(max_s, pc, bp, nullptr, 0, 0, request_fast_unwind);
}		}
stack->Unwind(max_s, pc, bp, nullptr, t->stack_top(), t->stack_bottom(),		stack->Unwind(max_s, pc, bp, nullptr, t->stack_top(), t->stack_bottom(),
request_fast_unwind);		request_fast_unwind);
}		}

void PrintWarning(uptr pc, uptr bp) {		void PrintWarning(uptr pc, uptr bp) {
		#if SANITIZER_ANDROID
		PrintWarningWithOrigin(pc, bp, MsanTLSSlotStruct->__msan_origin_tls_D);
		#else
PrintWarningWithOrigin(pc, bp, __msan_origin_tls);		PrintWarningWithOrigin(pc, bp, __msan_origin_tls);
		#endif // SANITIZER_ANDROID
}		}

void PrintWarningWithOrigin(uptr pc, uptr bp, u32 origin) {		void PrintWarningWithOrigin(uptr pc, uptr bp, u32 origin) {
		#if SANITIZER_ANDROID
		if (MsanTLSSlotStruct->msan_expect_umr_D) {
		// Printf("Expected UMR\n");
		MsanTLSSlotStruct->__msan_origin_tls_D = origin;
		MsanTLSSlotStruct->msan_expected_umr_found_D = 1;
		return;
		}
		#else
if (msan_expect_umr) {		if (msan_expect_umr) {
// Printf("Expected UMR\n");		// Printf("Expected UMR\n");
__msan_origin_tls = origin;		__msan_origin_tls = origin;
msan_expected_umr_found = 1;		msan_expected_umr_found = 1;
return;		return;
}		}
		#endif // SANITIZER_ANDROID

++msan_report_count;		++msan_report_count;

GET_FATAL_STACK_TRACE_PC_BP(pc, bp);		GET_FATAL_STACK_TRACE_PC_BP(pc, bp);

u32 report_origin =		u32 report_origin =
(__msan_get_track_origins() && Origin::isValidId(origin)) ? origin : 0;		(__msan_get_track_origins() && Origin::isValidId(origin)) ? origin : 0;
ReportUMR(&stack, report_origin);		ReportUMR(&stack, report_origin);

if (__msan_get_track_origins() && !Origin::isValidId(origin)) {		if (__msan_get_track_origins() && !Origin::isValidId(origin)) {
Printf(		Printf(
" ORIGIN: invalid (%x). Might be a bug in MemorySanitizer origin "		" ORIGIN: invalid (%x). Might be a bug in MemorySanitizer origin "
"tracking.\n This could still be a bug in your code, too!\n",		"tracking.\n This could still be a bug in your code, too!\n",
origin);		origin);
}		}
}		}

void UnpoisonParam(uptr n) {		void UnpoisonParam(uptr n) {
		#if SANITIZER_ANDROID
		internal_memset(MsanTLSSlotStruct->__msan_param_tls_D, 0, n * sizeof(*MsanTLSSlotStruct->__msan_param_tls_D));
		#else
internal_memset(__msan_param_tls, 0, n * sizeof(*__msan_param_tls));		internal_memset(__msan_param_tls, 0, n * sizeof(*__msan_param_tls));
		#endif // SANITIZER_ANDROID
		}

		#if SANITIZER_ANDROID
		// Backup MSan runtime TLS state.
		// Implementation must be async-signal-safe.
		// Instances of this class may live on the signal handler stack, and data size
		// may be an issue.
		void ScopedThreadLocalStateBackup::Backup() {
		va_arg_overflow_size_tls = MsanTLSSlotStruct->__msan_va_arg_overflow_size_tls_D;
}		}

		void ScopedThreadLocalStateBackup::Restore() {
		// A lame implementation that only keeps essential state and resets the rest.
		MsanTLSSlotStruct->__msan_va_arg_overflow_size_tls_D = va_arg_overflow_size_tls;

		internal_memset(MsanTLSSlotStruct->__msan_param_tls_D, 0, sizeof(MsanTLSSlotStruct->__msan_param_tls_D));
		internal_memset(MsanTLSSlotStruct->__msan_retval_tls_D, 0, sizeof(MsanTLSSlotStruct->__msan_retval_tls_D));
		internal_memset(MsanTLSSlotStruct->__msan_va_arg_tls_D, 0, sizeof(MsanTLSSlotStruct->__msan_va_arg_tls_D));

		if (__msan_get_track_origins()) {
		internal_memset(&MsanTLSSlotStruct->__msan_retval_origin_tls_D, 0,
		sizeof(MsanTLSSlotStruct->__msan_retval_origin_tls_D));
		internal_memset(MsanTLSSlotStruct->__msan_param_origin_tls_D, 0,
		sizeof(MsanTLSSlotStruct->__msan_param_origin_tls_D));
		}
		}
		#else
// Backup MSan runtime TLS state.		// Backup MSan runtime TLS state.
// Implementation must be async-signal-safe.		// Implementation must be async-signal-safe.
// Instances of this class may live on the signal handler stack, and data size		// Instances of this class may live on the signal handler stack, and data size
// may be an issue.		// may be an issue.
void ScopedThreadLocalStateBackup::Backup() {		void ScopedThreadLocalStateBackup::Backup() {
va_arg_overflow_size_tls = __msan_va_arg_overflow_size_tls;		va_arg_overflow_size_tls = __msan_va_arg_overflow_size_tls;
}		}

void ScopedThreadLocalStateBackup::Restore() {		void ScopedThreadLocalStateBackup::Restore() {
// A lame implementation that only keeps essential state and resets the rest.		// A lame implementation that only keeps essential state and resets the rest.
__msan_va_arg_overflow_size_tls = va_arg_overflow_size_tls;		__msan_va_arg_overflow_size_tls = va_arg_overflow_size_tls;

internal_memset(__msan_param_tls, 0, sizeof(__msan_param_tls));		internal_memset(__msan_param_tls, 0, sizeof(__msan_param_tls));
internal_memset(__msan_retval_tls, 0, sizeof(__msan_retval_tls));		internal_memset(__msan_retval_tls, 0, sizeof(__msan_retval_tls));
internal_memset(__msan_va_arg_tls, 0, sizeof(__msan_va_arg_tls));		internal_memset(__msan_va_arg_tls, 0, sizeof(__msan_va_arg_tls));

if (__msan_get_track_origins()) {		if (__msan_get_track_origins()) {
internal_memset(&__msan_retval_origin_tls, 0,		internal_memset(&__msan_retval_origin_tls, 0,
sizeof(__msan_retval_origin_tls));		sizeof(__msan_retval_origin_tls));
internal_memset(__msan_param_origin_tls, 0,		internal_memset(__msan_param_origin_tls, 0,
sizeof(__msan_param_origin_tls));		sizeof(__msan_param_origin_tls));
}		}
}		}
		#endif // SANITIZER_ANDROID

void UnpoisonThreadLocalState() {		void UnpoisonThreadLocalState() {
}		}

const char GetStackOriginDescr(u32 id, uptr pc) {		const char GetStackOriginDescr(u32 id, uptr pc) {
CHECK_LT(id, kNumStackOriginDescrs);		CHECK_LT(id, kNumStackOriginDescrs);
if (pc) *pc = StackOriginPC[id];		if (pc) *pc = StackOriginPC[id];
return StackOriginDescr[id];		return StackOriginDescr[id];
▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines	void __msan_warning_noreturn() {
(void)sp;		(void)sp;
PrintWarning(pc, bp);		PrintWarning(pc, bp);
if (__msan::flags()->print_stats)		if (__msan::flags()->print_stats)
ReportStats();		ReportStats();
Printf("Exiting\n");		Printf("Exiting\n");
Die();		Die();
}		}

		#if SANITIZER_ANDROID
		u64* get__msan_param_tls0(void) {
		eugenisUnsubmitted Not Done Reply Inline Actions I imagine this would be very bad for performance and code size. Instead, move these arrays to the beginning of MsanThread so that their offsets for TLS_SLOT_TSAN can be hardcoded and compile-time verified. Then make the compiler (MemorySanitizer.cpp) emit the tls access code inline. Search for "getIRStackGuard" for inspiration. eugenis: I imagine this would be very bad for performance and code size. Instead, move these arrays to…
		return &(MsanTLSSlotStruct->__msan_param_tls_D [0]);
		}

		u32* get__msan_param_origin_tls0(void) {
		return &(MsanTLSSlotStruct->__msan_param_origin_tls_D [0]);
		}

		u64* get__msan_retval_tls0(void) {
		return &(MsanTLSSlotStruct->__msan_retval_tls_D [0]);
		}

		u32* get__msan_retval_origin_tls0(void) {
		return &(MsanTLSSlotStruct->__msan_retval_origin_tls_D);
		}

		u64* get__msan_va_arg_tls0(void) {
		return &(MsanTLSSlotStruct->__msan_va_arg_tls_D [0]);
		}

		u64* get__msan_va_arg_overflow_size_tls0(void) {
		return &(MsanTLSSlotStruct->__msan_va_arg_overflow_size_tls_D);
		}

		u32* get__msan_origin_tls0(void) {
		return &(MsanTLSSlotStruct->__msan_origin_tls_D);
		}

		void EnsureTLSSlotInit(void) {
		if (__get_tls()[TLS_SLOT_TSAN] == nullptr) {
		struct MsanTLSSlot* slot \
		= (struct MsanTLSSlot*)MmapOrDie(sizeof (struct MsanTLSSlot), __func__);
		CHECK_NE (slot, nullptr);
		slot->dummy = 42;
		slot->in_interceptor_scope_D = 0;
		slot->is_in_symbolizer_D = 0;
		slot->thread_D = nullptr;

		__get_tls()[TLS_SLOT_TSAN] = slot;
		VPrintf (0, "[EnsureTLSSlotInit] blah is at %p\n", slot);
		}
		}
		#endif // SANITIZER_ANDROID

void __msan_init() {		void __msan_init() {
CHECK(!msan_init_is_running);		CHECK(!msan_init_is_running);
if (msan_inited) return;		if (msan_inited) return;
msan_init_is_running = 1;		msan_init_is_running = 1;
SanitizerToolName = "MemorySanitizer";		SanitizerToolName = "MemorySanitizer";

		#if SANITIZER_ANDROID
		EnsureTLSSlotInit();
		#endif // SANITIZER_ANDROID

AvoidCVE_2016_2143();		AvoidCVE_2016_2143();
InitTlsSize();		InitTlsSize();

CacheBinaryName();		CacheBinaryName();
InitializeFlags();		InitializeFlags();

__sanitizer_set_report_path(common_flags()->log_path);		__sanitizer_set_report_path(common_flags()->log_path);

Show All 35 Lines	#endif // SANITIZER_ANDROID
main_thread->ThreadStart();		main_thread->ThreadStart();

#if MSAN_CONTAINS_UBSAN		#if MSAN_CONTAINS_UBSAN
__ubsan::InitAsPlugin();		__ubsan::InitAsPlugin();
#endif		#endif

VPrintf(1, "MemorySanitizer init done\n");		VPrintf(1, "MemorySanitizer init done\n");

		#if SANITIZER_ANDROID
		AndroidLogInit();
		#endif

msan_init_is_running = 0;		msan_init_is_running = 0;
msan_inited = 1;		msan_inited = 1;
}		}

void __msan_set_keep_going(int keep_going) {		void __msan_set_keep_going(int keep_going) {
flags()->halt_on_error = !keep_going;		flags()->halt_on_error = !keep_going;
}		}

void __msan_set_expect_umr(int expect_umr) {		void __msan_set_expect_umr(int expect_umr) {
if (expect_umr) {		if (expect_umr) {
		#if SANITIZER_ANDROID
		MsanTLSSlotStruct->msan_expected_umr_found_D = 0;
		} else if (!MsanTLSSlotStruct->msan_expected_umr_found_D) {
		#else
msan_expected_umr_found = 0;		msan_expected_umr_found = 0;
} else if (!msan_expected_umr_found) {		} else if (!msan_expected_umr_found) {
		#endif // SANITIZER_ANDROID
GET_CALLER_PC_BP_SP;		GET_CALLER_PC_BP_SP;
(void)sp;		(void)sp;
GET_FATAL_STACK_TRACE_PC_BP(pc, bp);		GET_FATAL_STACK_TRACE_PC_BP(pc, bp);
ReportExpectedUMRNotFound(&stack);		ReportExpectedUMRNotFound(&stack);
Die();		Die();
}		}
		#if SANITIZER_ANDROID
		MsanTLSSlotStruct->msan_expect_umr_D = expect_umr;
		#else
msan_expect_umr = expect_umr;		msan_expect_umr = expect_umr;
		#endif // SANITIZER_ANDROID
}		}

void __msan_print_shadow(const void *x, uptr size) {		void __msan_print_shadow(const void *x, uptr size) {
if (!MEM_IS_APP(x)) {		if (!MEM_IS_APP(x)) {
Printf("Not a valid application address: %p\n", x);		Printf("Not a valid application address: %p\n", x);
return;		return;
}		}

▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines	int __msan_set_poison_in_malloc(int do_poison) {
flags()->poison_in_malloc = do_poison;		flags()->poison_in_malloc = do_poison;
return old;		return old;
}		}

int __msan_has_dynamic_component() { return false; }		int __msan_has_dynamic_component() { return false; }

NOINLINE		NOINLINE
void __msan_clear_on_return() {		void __msan_clear_on_return() {
		#if SANITIZER_ANDROID
		MsanTLSSlotStruct->__msan_param_tls_D[0] = 0;
		#else
__msan_param_tls[0] = 0;		__msan_param_tls[0] = 0;
		#endif // SANITIZER_ANDROID
}		}

void __msan_partial_poison(const void* data, void* shadow, uptr size) {		void __msan_partial_poison(const void* data, void* shadow, uptr size) {
internal_memcpy((void*)MEM_TO_SHADOW((uptr)data), shadow, size);		internal_memcpy((void*)MEM_TO_SHADOW((uptr)data), shadow, size);
}		}

void __msan_load_unpoisoned(const void src, uptr size, void dst) {		void __msan_load_unpoisoned(const void src, uptr size, void dst) {
internal_memcpy(dst, src, size);		internal_memcpy(dst, src, size);
▲ Show 20 Lines • Show All 57 Lines • ▼ Show 20 Lines

int __msan_origin_is_descendant_or_same(u32 this_id, u32 prev_id) {		int __msan_origin_is_descendant_or_same(u32 this_id, u32 prev_id) {
Origin o = Origin::FromRawId(this_id);		Origin o = Origin::FromRawId(this_id);
while (o.raw_id() != prev_id && o.isChainedOrigin())		while (o.raw_id() != prev_id && o.isChainedOrigin())
o = o.getNextChainedOrigin(nullptr);		o = o.getNextChainedOrigin(nullptr);
return o.raw_id() == prev_id;		return o.raw_id() == prev_id;
}		}

		#if SANITIZER_ANDROID
		u32 __msan_get_umr_origin() {
		return MsanTLSSlotStruct->__msan_origin_tls_D;
		}

		u16 __sanitizer_unaligned_load16(const uu16 *p) {
		MsanTLSSlotStruct->__msan_retval_tls_D[0] = (uu16 )MEM_TO_SHADOW((uptr)p);
		if (__msan_get_track_origins())
		MsanTLSSlotStruct->__msan_retval_origin_tls_D = GetOriginIfPoisoned((uptr)p, sizeof(*p));
		return *p;
		}
		u32 __sanitizer_unaligned_load32(const uu32 *p) {
		MsanTLSSlotStruct->__msan_retval_tls_D[0] = (uu32 )MEM_TO_SHADOW((uptr)p);
		if (__msan_get_track_origins())
		MsanTLSSlotStruct->__msan_retval_origin_tls_D = GetOriginIfPoisoned((uptr)p, sizeof(*p));
		return *p;
		}
		u64 __sanitizer_unaligned_load64(const uu64 *p) {
		MsanTLSSlotStruct->__msan_retval_tls_D[0] = (uu64 )MEM_TO_SHADOW((uptr)p);
		if (__msan_get_track_origins())
		MsanTLSSlotStruct->__msan_retval_origin_tls_D = GetOriginIfPoisoned((uptr)p, sizeof(*p));
		return *p;
		}
		void __sanitizer_unaligned_store16(uu16 *p, u16 x) {
		u16 s = MsanTLSSlotStruct->__msan_param_tls_D[1];
		(uu16 )MEM_TO_SHADOW((uptr)p) = s;
		if (s && __msan_get_track_origins())
		if (uu32 o = MsanTLSSlotStruct->__msan_param_origin_tls_D[2])
		SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
		*p = x;
		}
		void __sanitizer_unaligned_store32(uu32 *p, u32 x) {
		u32 s = MsanTLSSlotStruct->__msan_param_tls_D[1];
		(uu32 )MEM_TO_SHADOW((uptr)p) = s;
		if (s && __msan_get_track_origins())
		if (uu32 o = MsanTLSSlotStruct->__msan_param_origin_tls_D[2])
		SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
		*p = x;
		}
		void __sanitizer_unaligned_store64(uu64 *p, u64 x) {
		u64 s = MsanTLSSlotStruct->__msan_param_tls_D[1];
		(uu64 )MEM_TO_SHADOW((uptr)p) = s;
		if (s && __msan_get_track_origins())
		if (uu32 o = MsanTLSSlotStruct->__msan_param_origin_tls_D[2])
		SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
		*p = x;
		}
		#else
u32 __msan_get_umr_origin() {		u32 __msan_get_umr_origin() {
return __msan_origin_tls;		return __msan_origin_tls;
}		}

u16 __sanitizer_unaligned_load16(const uu16 *p) {		u16 __sanitizer_unaligned_load16(const uu16 *p) {
(uu16 )&__msan_retval_tls[0] = (uu16 )MEM_TO_SHADOW((uptr)p);		(uu16 )&__msan_retval_tls[0] = (uu16 )MEM_TO_SHADOW((uptr)p);
if (__msan_get_track_origins())		if (__msan_get_track_origins())
__msan_retval_origin_tls = GetOriginIfPoisoned((uptr)p, sizeof(*p));		__msan_retval_origin_tls = GetOriginIfPoisoned((uptr)p, sizeof(*p));
Show All 30 Lines
void __sanitizer_unaligned_store64(uu64 *p, u64 x) {		void __sanitizer_unaligned_store64(uu64 *p, u64 x) {
u64 s = __msan_param_tls[1];		u64 s = __msan_param_tls[1];
(uu64 )MEM_TO_SHADOW((uptr)p) = s;		(uu64 )MEM_TO_SHADOW((uptr)p) = s;
if (s && __msan_get_track_origins())		if (s && __msan_get_track_origins())
if (uu32 o = __msan_param_origin_tls[2])		if (uu32 o = __msan_param_origin_tls[2])
SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);		SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
*p = x;		*p = x;
}		}
		#endif // SANITIZER_ANDROID


void __msan_set_death_callback(void (*callback)(void)) {		void __msan_set_death_callback(void (*callback)(void)) {
SetUserDieCallback(callback);		SetUserDieCallback(callback);
}		}

#if !SANITIZER_SUPPORTS_WEAK_HOOKS		#if !SANITIZER_SUPPORTS_WEAK_HOOKS
extern "C" {		extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
Show All 11 Lines

lib/msan/msan_flags.inc

	Show All 23 Lines
	MSAN_FLAG(bool, poison_heap_with_zeroes, false, "")			MSAN_FLAG(bool, poison_heap_with_zeroes, false, "")
	MSAN_FLAG(bool, poison_stack_with_zeroes, false, "")			MSAN_FLAG(bool, poison_stack_with_zeroes, false, "")
	MSAN_FLAG(bool, poison_in_malloc, true, "")			MSAN_FLAG(bool, poison_in_malloc, true, "")
	MSAN_FLAG(bool, poison_in_free, true, "")			MSAN_FLAG(bool, poison_in_free, true, "")
	MSAN_FLAG(bool, poison_in_dtor, false, "")			MSAN_FLAG(bool, poison_in_dtor, false, "")
	MSAN_FLAG(bool, report_umrs, true, "")			MSAN_FLAG(bool, report_umrs, true, "")
	MSAN_FLAG(bool, wrap_signals, true, "")			MSAN_FLAG(bool, wrap_signals, true, "")
	MSAN_FLAG(bool, print_stats, false, "")			MSAN_FLAG(bool, print_stats, false, "")
				#if SANITIZER_ANDROID
				MSAN_FLAG(bool, halt_on_error, false, "")
				#else
	MSAN_FLAG(bool, halt_on_error, !&__msan_keep_going, "")			MSAN_FLAG(bool, halt_on_error, !&__msan_keep_going, "")
				#endif // SANITIZER_ANDROID
	MSAN_FLAG(bool, atexit, false, "")			MSAN_FLAG(bool, atexit, false, "")
	MSAN_FLAG(int, store_context_size, 20,			MSAN_FLAG(int, store_context_size, 20,
	"Like malloc_context_size, but for uninit stores.")			"Like malloc_context_size, but for uninit stores.")

lib/msan/msan_interceptors.cc

Show First 20 Lines • Show All 44 Lines • ▼ Show 20 Lines

DECLARE_REAL(SIZE_T, strlen, const char *s)		DECLARE_REAL(SIZE_T, strlen, const char *s)
DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen)		DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen)

#if SANITIZER_FREEBSD		#if SANITIZER_FREEBSD
#define __errno_location __error		#define __errno_location __error
#endif		#endif

		#if SANITIZER_ANDROID
		// From bionic/libc/include/errno.h:
		// "internal function returning the address of the thread-specific errno"
		extern "C" volatile int* __errno(void);
		#define __errno_location (int*)__errno


		struct InterceptorScope {
		InterceptorScope() {
		EnsureTLSSlotInit();
		++(MsanTLSSlotStruct->in_interceptor_scope_D);
		}

		~InterceptorScope() {
		--(MsanTLSSlotStruct->in_interceptor_scope_D);
		}
		};

		bool IsInInterceptorScope() {
		EnsureTLSSlotInit();
		return MsanTLSSlotStruct->in_interceptor_scope_D;
		}
		#else
// True if this is a nested interceptor.		// True if this is a nested interceptor.
static THREADLOCAL int in_interceptor_scope;		static THREADLOCAL int in_interceptor_scope;

extern "C" int *__errno_location(void);		extern "C" int *__errno_location(void);

struct InterceptorScope {		struct InterceptorScope {
InterceptorScope() { ++in_interceptor_scope; }		InterceptorScope() { ++in_interceptor_scope; }
~InterceptorScope() { --in_interceptor_scope; }		~InterceptorScope() { --in_interceptor_scope; }
};		};

bool IsInInterceptorScope() {		bool IsInInterceptorScope() {
return in_interceptor_scope;		return in_interceptor_scope;
}		}
		#endif // SANITIZER_ANDROID

#define ENSURE_MSAN_INITED() do { \		#define ENSURE_MSAN_INITED() do { \
CHECK(!msan_init_is_running); \		CHECK(!msan_init_is_running); \
if (!msan_inited) { \		if (!msan_inited) { \
__msan_init(); \		__msan_init(); \
} \		} \
} while (0)		} while (0)

▲ Show 20 Lines • Show All 1,025 Lines • ▼ Show 20 Lines	if (flags()->wrap_signals) {
return REAL(signal)(signo, cb);		return REAL(signal)(signo, cb);
}		}
}		}

extern "C" int pthread_attr_init(void *attr);		extern "C" int pthread_attr_init(void *attr);
extern "C" int pthread_attr_destroy(void *attr);		extern "C" int pthread_attr_destroy(void *attr);

static void MsanThreadStartFunc(void arg) {		static void MsanThreadStartFunc(void arg) {
		#if SANITIZER_ANDROID
		EnsureTLSSlotInit();
		#endif // SANITIZER_ANDROID

MsanThread t = (MsanThread )arg;		MsanThread t = (MsanThread )arg;
SetCurrentThread(t);		SetCurrentThread(t);
return t->ThreadStart();		return t->ThreadStart();
}		}

INTERCEPTOR(int, pthread_create, void th, void attr, void (callback)(void*),		INTERCEPTOR(int, pthread_create, void th, void attr, void (callback)(void*),
void * param) {		void * param) {
ENSURE_MSAN_INITED(); // for GetTlsSize()		ENSURE_MSAN_INITED(); // for GetTlsSize()
▲ Show 20 Lines • Show All 68 Lines • ▼ Show 20 Lines	MSanAtExitRecord *r =
(MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord));		(MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord));
r->func = func;		r->func = func;
r->arg = arg;		r->arg = arg;
return REAL(__cxa_atexit)(MSanAtExitWrapper, r, dso_handle);		return REAL(__cxa_atexit)(MSanAtExitWrapper, r, dso_handle);
}		}

DECLARE_REAL(int, shmctl, int shmid, int cmd, void *buf)		DECLARE_REAL(int, shmctl, int shmid, int cmd, void *buf)

		#if !SANITIZER_ANDROID
INTERCEPTOR(void , shmat, int shmid, const void shmaddr, int shmflg) {		INTERCEPTOR(void , shmat, int shmid, const void shmaddr, int shmflg) {
ENSURE_MSAN_INITED();		ENSURE_MSAN_INITED();
void *p = REAL(shmat)(shmid, shmaddr, shmflg);		void *p = REAL(shmat)(shmid, shmaddr, shmflg);
if (p != (void *)-1) {		if (p != (void *)-1) {
__sanitizer_shmid_ds ds;		__sanitizer_shmid_ds ds;
int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds);		int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds);
if (!res) {		if (!res) {
__msan_unpoison(p, ds.shm_segsz);		__msan_unpoison(p, ds.shm_segsz);
}		}
}		}
return p;		return p;
}		}
		#define MSAN_MAYBE_INTERCEPT_SHMAT INTERCEPT_FUNCTION(shmat)
		#else
		#define MSAN_MAYBE_INTERCEPT_SHMAT
		#endif // !SANITIZER_ANDROID

static void BeforeFork() {		static void BeforeFork() {
StackDepotLockAll();		StackDepotLockAll();
ChainedOriginDepotLockAll();		ChainedOriginDepotLockAll();
}		}

static void AfterFork() {		static void AfterFork() {
ChainedOriginDepotUnlockAll();		ChainedOriginDepotUnlockAll();
▲ Show 20 Lines • Show All 130 Lines • ▼ Show 20 Lines	#define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \
do { \		do { \
} while (false)		} while (false)
#define COMMON_SYSCALL_POST_READ_RANGE(p, s) \		#define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
do { \		do { \
} while (false)		} while (false)
#define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s)		#define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s)
#include "sanitizer_common/sanitizer_common_syscalls.inc"		#include "sanitizer_common/sanitizer_common_syscalls.inc"

		#if !SANITIZER_ANDROID
struct dlinfo {		struct dlinfo {
char *dli_fname;		char *dli_fname;
void *dli_fbase;		void *dli_fbase;
char *dli_sname;		char *dli_sname;
void *dli_saddr;		void *dli_saddr;
};		};

INTERCEPTOR(int, dladdr, void addr, dlinfo info) {		INTERCEPTOR(int, dladdr, void addr, dlinfo info) {
▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines	INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) {
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data);		COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data);
dl_iterate_phdr_data cbdata;		dl_iterate_phdr_data cbdata;
cbdata.callback = callback;		cbdata.callback = callback;
cbdata.data = data;		cbdata.data = data;
int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata);		int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata);
return res;		return res;
}		}
		#endif // !SANITIZER_ANDROID

// These interface functions reside here so that they can use		// These interface functions reside here so that they can use
// REAL(memset), etc.		// REAL(memset), etc.
void __msan_unpoison(const void *a, uptr size) {		void __msan_unpoison(const void *a, uptr size) {
if (!MEM_IS_APP(a)) return;		if (!MEM_IS_APP(a)) return;
SetShadow(a, size, 0);		SetShadow(a, size, 0);
}		}

▲ Show 20 Lines • Show All 145 Lines • ▼ Show 20 Lines	#endif
INTERCEPT_FUNCTION(getrlimit);		INTERCEPT_FUNCTION(getrlimit);
MSAN_MAYBE_INTERCEPT_GETRLIMIT64;		MSAN_MAYBE_INTERCEPT_GETRLIMIT64;
MSAN_MAYBE_INTERCEPT_PRLIMIT;		MSAN_MAYBE_INTERCEPT_PRLIMIT;
MSAN_MAYBE_INTERCEPT_PRLIMIT64;		MSAN_MAYBE_INTERCEPT_PRLIMIT64;
MSAN_INTERCEPT_UNAME;		MSAN_INTERCEPT_UNAME;
INTERCEPT_FUNCTION(gethostname);		INTERCEPT_FUNCTION(gethostname);
MSAN_MAYBE_INTERCEPT_EPOLL_WAIT;		MSAN_MAYBE_INTERCEPT_EPOLL_WAIT;
MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT;		MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT;
		#if !SANITIZER_ANDROID
INTERCEPT_FUNCTION(dladdr);		INTERCEPT_FUNCTION(dladdr);
INTERCEPT_FUNCTION(dlerror);		INTERCEPT_FUNCTION(dlerror);
INTERCEPT_FUNCTION(dl_iterate_phdr);		INTERCEPT_FUNCTION(dl_iterate_phdr);
		#endif // !SANITIZER_ANDROID
INTERCEPT_FUNCTION(getrusage);		INTERCEPT_FUNCTION(getrusage);
INTERCEPT_FUNCTION(sigaction);		INTERCEPT_FUNCTION(sigaction);
INTERCEPT_FUNCTION(signal);		INTERCEPT_FUNCTION(signal);
#if defined(__mips__)		#if defined(__mips__)
INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2");		INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2");
#else		#else
INTERCEPT_FUNCTION(pthread_create);		INTERCEPT_FUNCTION(pthread_create);
#endif		#endif
INTERCEPT_FUNCTION(pthread_key_create);		INTERCEPT_FUNCTION(pthread_key_create);
INTERCEPT_FUNCTION(pthread_join);		INTERCEPT_FUNCTION(pthread_join);
INTERCEPT_FUNCTION(tzset);		INTERCEPT_FUNCTION(tzset);
INTERCEPT_FUNCTION(__cxa_atexit);		INTERCEPT_FUNCTION(__cxa_atexit);
INTERCEPT_FUNCTION(shmat);		MSAN_MAYBE_INTERCEPT_SHMAT;
INTERCEPT_FUNCTION(fork);		INTERCEPT_FUNCTION(fork);
INTERCEPT_FUNCTION(openpty);		INTERCEPT_FUNCTION(openpty);
INTERCEPT_FUNCTION(forkpty);		INTERCEPT_FUNCTION(forkpty);

inited = 1;		inited = 1;
}		}
} // namespace __msan		} // namespace __msan

lib/msan/msan_interface_internal.h

	Show First 20 Lines • Show All 158 Lines • ▼ Show 20 Lines
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __sanitizer_unaligned_store64(uu64 *p, u64 x);			void __sanitizer_unaligned_store64(uu64 *p, u64 x);

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_set_death_callback(void (*callback)(void));			void __msan_set_death_callback(void (*callback)(void));

	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	void __msan_copy_shadow(void dst, const void src, uptr size);			void __msan_copy_shadow(void dst, const void src, uptr size);

				#if SANITIZER_ANDROID
				SANITIZER_INTERFACE_ATTRIBUTE
				u64* get__msan_param_tls0(void);

				SANITIZER_INTERFACE_ATTRIBUTE
				u32* get__msan_param_origin_tls0(void);

				SANITIZER_INTERFACE_ATTRIBUTE
				u64* get__msan_retval_tls0(void);

				SANITIZER_INTERFACE_ATTRIBUTE
				u32* get__msan_retval_origin_tls0(void);

				SANITIZER_INTERFACE_ATTRIBUTE
				u64* get__msan_va_arg_tls0(void);

				SANITIZER_INTERFACE_ATTRIBUTE
				u64* get__msan_va_arg_overflow_size_tls0(void);

				SANITIZER_INTERFACE_ATTRIBUTE
				u32* get__msan_origin_tls0(void);
				#endif // SANITIZER_ANDROID

	} // extern "C"			} // extern "C"

	#endif // MSAN_INTERFACE_INTERNAL_H			#endif // MSAN_INTERFACE_INTERNAL_H

lib/msan/msan_linux.cc

	Show All 20 Lines
	#include <elf.h>			#include <elf.h>
	#include <link.h>			#include <link.h>
	#include <pthread.h>			#include <pthread.h>
	#include <stdio.h>			#include <stdio.h>
	#include <stdlib.h>			#include <stdlib.h>
	#include <signal.h>			#include <signal.h>
	#include <unistd.h>			#include <unistd.h>
	#include <unwind.h>			#include <unwind.h>

				#if !SANITIZER_ANDROID
	#include <execinfo.h>			#include <execinfo.h>
				#endif // !SANITIZER_ANDROID

	#include <sys/time.h>			#include <sys/time.h>
	#include <sys/resource.h>			#include <sys/resource.h>

	#include "sanitizer_common/sanitizer_common.h"			#include "sanitizer_common/sanitizer_common.h"
	#include "sanitizer_common/sanitizer_procmaps.h"			#include "sanitizer_common/sanitizer_procmaps.h"

	namespace __msan {			namespace __msan {

	▲ Show 20 Lines • Show All 130 Lines • ▼ Show 20 Lines
	}			}

	void InstallAtExitHandler() {			void InstallAtExitHandler() {
	atexit(MsanAtExit);			atexit(MsanAtExit);
	}			}

	// ---------------------- TSD ---------------- {{{1			// ---------------------- TSD ---------------- {{{1

				#if !SANITIZER_ANDROID
	static pthread_key_t tsd_key;			static pthread_key_t tsd_key;
				#endif // !SANITIZER_ANDROID
	static bool tsd_key_inited = false;			static bool tsd_key_inited = false;

	void MsanTSDInit(void (destructor)(void tsd)) {			void MsanTSDInit(void (destructor)(void tsd)) {
	CHECK(!tsd_key_inited);			CHECK(!tsd_key_inited);
	tsd_key_inited = true;			tsd_key_inited = true;
				#if !SANITIZER_ANDROID
	CHECK_EQ(0, pthread_key_create(&tsd_key, destructor));			CHECK_EQ(0, pthread_key_create(&tsd_key, destructor));
				#endif // SANITIZER_ANDROID
	}			}

				#if !SANITIZER_ANDROID
	static THREADLOCAL MsanThread* msan_current_thread;			static THREADLOCAL MsanThread* msan_current_thread;
				#endif // SANITIZER_ANDROID

	MsanThread *GetCurrentThread() {			MsanThread *GetCurrentThread() {
				#if SANITIZER_ANDROID
				return MsanTLSSlotStruct->thread_D;
				#else
	return msan_current_thread;			return msan_current_thread;
				#endif // SANITIZER_ANDROID
	}			}

	void SetCurrentThread(MsanThread *t) {			void SetCurrentThread(MsanThread *t) {
	// Make sure we do not reset the current MsanThread.			// Make sure we do not reset the current MsanThread.
				#if SANITIZER_ANDROID
				CHECK_EQ(0, MsanTLSSlotStruct->thread_D);
				MsanTLSSlotStruct->thread_D = t;
				#else
	CHECK_EQ(0, msan_current_thread);			CHECK_EQ(0, msan_current_thread);
	msan_current_thread = t;			msan_current_thread = t;
				#endif // SANITIZER_ANDROID
	// Make sure that MsanTSDDtor gets called at the end.			// Make sure that MsanTSDDtor gets called at the end.
	CHECK(tsd_key_inited);			CHECK(tsd_key_inited);

				#if !SANITIZER_ANDROID
	pthread_setspecific(tsd_key, (void *)t);			pthread_setspecific(tsd_key, (void *)t);
				#endif // !SANITIZER_ANDROID
	}			}

	void MsanTSDDtor(void *tsd) {			void MsanTSDDtor(void *tsd) {
	MsanThread t = (MsanThread)tsd;			MsanThread t = (MsanThread)tsd;
	if (t->destructor_iterations_ > 1) {			if (t->destructor_iterations_ > 1) {
	t->destructor_iterations_--;			t->destructor_iterations_--;
				#if !SANITIZER_ANDROID
	CHECK_EQ(0, pthread_setspecific(tsd_key, tsd));			CHECK_EQ(0, pthread_setspecific(tsd_key, tsd));
				#endif // SANITIZER_ANDROID
	return;			return;
	}			}
				#if SANITIZER_ANDROID
				MsanTLSSlotStruct->thread_D = nullptr;
				#else
	msan_current_thread = nullptr;			msan_current_thread = nullptr;
				#endif // SANITIZER_ANDROID
	// Make sure that signal handler can not see a stale current thread pointer.			// Make sure that signal handler can not see a stale current thread pointer.
	atomic_signal_fence(memory_order_seq_cst);			atomic_signal_fence(memory_order_seq_cst);
	MsanThread::TSDDtor(tsd);			MsanThread::TSDDtor(tsd);
	}			}

	} // namespace __msan			} // namespace __msan

	#endif // SANITIZER_FREEBSD \|\| SANITIZER_LINUX			#endif // SANITIZER_FREEBSD \|\| SANITIZER_LINUX

lib/msan/msan_poisoning.cc

	Show First 20 Lines • Show All 114 Lines • ▼ Show 20 Lines
	}			}

	void CopyMemory(void dst, const void src, uptr size, StackTrace *stack) {			void CopyMemory(void dst, const void src, uptr size, StackTrace *stack) {
	REAL(memcpy)(dst, src, size);			REAL(memcpy)(dst, src, size);
	CopyShadowAndOrigin(dst, src, size, stack);			CopyShadowAndOrigin(dst, src, size, stack);
	}			}

	void SetShadow(const void *ptr, uptr size, u8 value) {			void SetShadow(const void *ptr, uptr size, u8 value) {
				#if SANITIZER_ANDROID
				if (msan_init_is_running \|\| (!msan_inited)) {
				return;
				}
				#endif

	uptr PageSize = GetPageSizeCached();			uptr PageSize = GetPageSizeCached();
	uptr shadow_beg = MEM_TO_SHADOW(ptr);			uptr shadow_beg = MEM_TO_SHADOW(ptr);
	uptr shadow_end = shadow_beg + size;			uptr shadow_end = shadow_beg + size;
	if (value \|\|			if (value \|\|
	shadow_end - shadow_beg < common_flags()->clear_shadow_mmap_threshold) {			shadow_end - shadow_beg < common_flags()->clear_shadow_mmap_threshold) {
	REAL(memset)((void *)shadow_beg, value, shadow_end - shadow_beg);			REAL(memset)((void *)shadow_beg, value, shadow_end - shadow_beg);
	} else {			} else {
	uptr page_beg = RoundUpTo(shadow_beg, PageSize);			uptr page_beg = RoundUpTo(shadow_beg, PageSize);
	▲ Show 20 Lines • Show All 44 Lines • Show Last 20 Lines

lib/msan/msan_thread.cc

Show All 29 Lines	void MsanThread::SetThreadStackAndTls() {
int local;		int local;
CHECK(AddrIsInStack((uptr)&local));		CHECK(AddrIsInStack((uptr)&local));
}		}

void MsanThread::ClearShadowForThreadStackAndTLS() {		void MsanThread::ClearShadowForThreadStackAndTLS() {
__msan_unpoison((void *)stack_bottom_, stack_top_ - stack_bottom_);		__msan_unpoison((void *)stack_bottom_, stack_top_ - stack_bottom_);
if (tls_begin_ != tls_end_)		if (tls_begin_ != tls_end_)
__msan_unpoison((void *)tls_begin_, tls_end_ - tls_begin_);		__msan_unpoison((void *)tls_begin_, tls_end_ - tls_begin_);
		#if !SANITIZER_ANDROID
DTLS *dtls = DTLS_Get();		DTLS *dtls = DTLS_Get();
CHECK_NE(dtls, 0);		CHECK_NE(dtls, 0);
for (uptr i = 0; i < dtls->dtv_size; ++i)		for (uptr i = 0; i < dtls->dtv_size; ++i)
__msan_unpoison((void *)(dtls->dtv[i].beg), dtls->dtv[i].size);		__msan_unpoison((void *)(dtls->dtv[i].beg), dtls->dtv[i].size);
		#endif // !SANITIZER_ANDROID
}		}

void MsanThread::Init() {		void MsanThread::Init() {
SetThreadStackAndTls();		SetThreadStackAndTls();
CHECK(MEM_IS_APP(stack_bottom_));		CHECK(MEM_IS_APP(stack_bottom_));
CHECK(MEM_IS_APP(stack_top_ - 1));		CHECK(MEM_IS_APP(stack_top_ - 1));
ClearShadowForThreadStackAndTLS();		ClearShadowForThreadStackAndTLS();
}		}
Show All 33 Lines

lib/sanitizer_common/sanitizer_platform_limits_posix.h

Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines	#endif
extern unsigned struct_itimerspec_sz;		extern unsigned struct_itimerspec_sz;
extern unsigned struct_sigevent_sz;		extern unsigned struct_sigevent_sz;
extern unsigned struct_sched_param_sz;		extern unsigned struct_sched_param_sz;
extern unsigned struct_statfs64_sz;		extern unsigned struct_statfs64_sz;

#if !SANITIZER_ANDROID		#if !SANITIZER_ANDROID
extern unsigned struct_statfs_sz;		extern unsigned struct_statfs_sz;
extern unsigned struct_sockaddr_sz;		extern unsigned struct_sockaddr_sz;
extern unsigned ucontext_t_sz;
#endif // !SANITIZER_ANDROID		#endif // !SANITIZER_ANDROID

		extern unsigned ucontext_t_sz;

#if SANITIZER_LINUX		#if SANITIZER_LINUX

#if defined(__x86_64__)		#if defined(__x86_64__)
const unsigned struct_kernel_stat_sz = 144;		const unsigned struct_kernel_stat_sz = 144;
const unsigned struct_kernel_stat64_sz = 0;		const unsigned struct_kernel_stat64_sz = 0;
#elif defined(__i386__)		#elif defined(__i386__)
const unsigned struct_kernel_stat_sz = 64;		const unsigned struct_kernel_stat_sz = 64;
const unsigned struct_kernel_stat64_sz = 96;		const unsigned struct_kernel_stat64_sz = 96;
▲ Show 20 Lines • Show All 100 Lines • ▼ Show 20 Lines
#endif		#endif
};		};
#endif // SANITIZER_LINUX \|\| SANITIZER_FREEBSD		#endif // SANITIZER_LINUX \|\| SANITIZER_FREEBSD

#if SANITIZER_ANDROID		#if SANITIZER_ANDROID
struct __sanitizer_mallinfo {		struct __sanitizer_mallinfo {
uptr v[10];		uptr v[10];
};		};

		extern unsigned struct_rlimit64_sz;
		eugenisUnsubmitted Not Done Reply Inline Actions There is the same declaration 9 lines below. eugenis: There is the same declaration 9 lines below.
#endif		#endif

#if SANITIZER_LINUX && !SANITIZER_ANDROID		#if SANITIZER_LINUX && !SANITIZER_ANDROID
struct __sanitizer_mallinfo {		struct __sanitizer_mallinfo {
int v[10];		int v[10];
};		};

extern unsigned struct_ustat_sz;		extern unsigned struct_ustat_sz;
▲ Show 20 Lines • Show All 1,213 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_platform_limits_posix.cc

	Show First 20 Lines • Show All 227 Lines • ▼ Show 20 Lines
	#if SANITIZER_MAC && !SANITIZER_IOS			#if SANITIZER_MAC && !SANITIZER_IOS
	unsigned struct_statfs64_sz = sizeof(struct statfs64);			unsigned struct_statfs64_sz = sizeof(struct statfs64);
	#endif // SANITIZER_MAC && !SANITIZER_IOS			#endif // SANITIZER_MAC && !SANITIZER_IOS

	#if !SANITIZER_ANDROID			#if !SANITIZER_ANDROID
	unsigned struct_statfs_sz = sizeof(struct statfs);			unsigned struct_statfs_sz = sizeof(struct statfs);
	unsigned struct_sockaddr_sz = sizeof(struct sockaddr);			unsigned struct_sockaddr_sz = sizeof(struct sockaddr);
	unsigned ucontext_t_sz = sizeof(ucontext_t);			unsigned ucontext_t_sz = sizeof(ucontext_t);
				#else
				// Needed by msan for SignalAction()
				unsigned ucontext_t_sz = sizeof(ucontext_t);
				eugenisUnsubmitted Not Done Reply Inline Actions move from under #if eugenis: move from under #if
	#endif // !SANITIZER_ANDROID			#endif // !SANITIZER_ANDROID

	#if SANITIZER_LINUX			#if SANITIZER_LINUX
	unsigned struct_epoll_event_sz = sizeof(struct epoll_event);			unsigned struct_epoll_event_sz = sizeof(struct epoll_event);
	unsigned struct_sysinfo_sz = sizeof(struct sysinfo);			unsigned struct_sysinfo_sz = sizeof(struct sysinfo);
	unsigned __user_cap_header_struct_sz =			unsigned __user_cap_header_struct_sz =
	sizeof(struct __user_cap_header_struct);			sizeof(struct __user_cap_header_struct);
	unsigned __user_cap_data_struct_sz = sizeof(struct __user_cap_data_struct);			unsigned __user_cap_data_struct_sz = sizeof(struct __user_cap_data_struct);
	Show All 10 Lines
	#endif // SANITIZER_LINUX \|\| SANITIZER_FREEBSD			#endif // SANITIZER_LINUX \|\| SANITIZER_FREEBSD

	#if SANITIZER_LINUX && !SANITIZER_ANDROID			#if SANITIZER_LINUX && !SANITIZER_ANDROID
	unsigned struct_ustat_sz = sizeof(struct ustat);			unsigned struct_ustat_sz = sizeof(struct ustat);
	unsigned struct_rlimit64_sz = sizeof(struct rlimit64);			unsigned struct_rlimit64_sz = sizeof(struct rlimit64);
	unsigned struct_statvfs64_sz = sizeof(struct statvfs64);			unsigned struct_statvfs64_sz = sizeof(struct statvfs64);
	#endif // SANITIZER_LINUX && !SANITIZER_ANDROID			#endif // SANITIZER_LINUX && !SANITIZER_ANDROID

				#if SANITIZER_ANDROID
				// Needed by msan for getrlimit64()
				unsigned struct_rlimit64_sz = sizeof(struct rlimit64);
				#endif // SANITIZER_ANDROID

	#if (SANITIZER_LINUX \|\| SANITIZER_FREEBSD) && !SANITIZER_ANDROID			#if (SANITIZER_LINUX \|\| SANITIZER_FREEBSD) && !SANITIZER_ANDROID
	unsigned struct_timex_sz = sizeof(struct timex);			unsigned struct_timex_sz = sizeof(struct timex);
	unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds);			unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds);
	unsigned struct_mq_attr_sz = sizeof(struct mq_attr);			unsigned struct_mq_attr_sz = sizeof(struct mq_attr);
	unsigned struct_statvfs_sz = sizeof(struct statvfs);			unsigned struct_statvfs_sz = sizeof(struct statvfs);
	#endif // (SANITIZER_LINUX \|\| SANITIZER_FREEBSD) && !SANITIZER_ANDROID			#endif // (SANITIZER_LINUX \|\| SANITIZER_FREEBSD) && !SANITIZER_ANDROID

	uptr sig_ign = (uptr)SIG_IGN;			uptr sig_ign = (uptr)SIG_IGN;
	▲ Show 20 Lines • Show All 1,015 Lines • Show Last 20 Lines