This is an archive of the discontinued LLVM Phabricator instance.

Differential D71780

[msan] Check qsort input.
ClosedPublic

Authored by eugenis on Dec 20 2019, 12:16 PM.

Details

Reviewers
vitalybuka
Commits
rGb5e7f95cfbeb: [msan] Check qsort input.
rGcaa48a6b88ae: [msan] Check qsort input.
rGddf897fc8049: [msan] Check qsort input.
Summary

Qsort interceptor suppresses all checks by unpoisoning the data in the
wrapper of a comparator function, and then unpoisoning the output array
as well.

This change adds an explicit run of the comparator on all elements of
the input array to catch any sanitizer bugs.

Diff Detail

Event Timeline

eugenis created this revision.Dec 20 2019, 12:16 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptDec 20 2019, 12:16 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
merge_guards_bot added a subscriber: merge_guards_bot.Dec 20 2019, 12:24 PM

Unit tests: unknown.

clang-tidy: unknown.

clang-format: unknown.

Build artifacts: diff.json, console-log.txt

Harbormaster failed remote builds in B42852: Diff 234944!Dec 20 2019, 12:24 PM
vitalybuka accepted this revision.Dec 20 2019, 12:34 PM

nice

This revision is now accepted and ready to land.Dec 20 2019, 12:34 PM
Closed by commit rGddf897fc8049: [msan] Check qsort input. (authored by eugenis). · Explain WhyDec 20 2019, 12:50 PM
This revision was automatically updated to reflect the committed changes.
eugenis added a comment.Dec 26 2019, 12:32 PM

This change actually broke llvm bootstrap and had to be reverted.
A stateful comparator? Investigating...

eugenis added a comment.Dec 26 2019, 12:56 PM

CompareOptionRecords checks that there are no duplicate options in the sorting comparator function.
I believe this is wrong, because I could not find a promise in POSIX nor in linux manpages that the comparator would never be called with the same object on both left and right hand side.

Nevertheless, I don't want sanitizers to enforce this peculiarity in the standard.

eugenis reopened this revision.Dec 26 2019, 1:06 PM
This revision is now accepted and ready to land.Dec 26 2019, 1:06 PM
eugenis updated this revision to Diff 235373.Dec 26 2019, 1:06 PM

avoid comparing an element to itself

vitalybuka accepted this revision.Dec 26 2019, 1:09 PM
vitalybuka added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
9678

maybe just:

compar(p, q);
compar(q, p);
eugenis updated this revision to Diff 235374.Dec 26 2019, 1:15 PM

removed the (i % 2) thing. Comparators should not be sensitive to the argument order.

eugenis marked an inline comment as done.Dec 26 2019, 1:17 PM
eugenis added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
9678

A sensible comparator should do the same work no matter what the order of arguments is. Just compar(p, q) should suffice.

merge_guards_bot added a comment.Dec 26 2019, 1:29 PM

Unit tests: pass. 61127 tests passed, 0 failed and 728 were skipped.

clang-tidy: pass.

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Harbormaster failed remote builds in B42968: Diff 235373!Dec 26 2019, 1:29 PM
merge_guards_bot added a comment.Dec 26 2019, 1:42 PM

Unit tests: pass. 61127 tests passed, 0 failed and 728 were skipped.

clang-tidy: pass.

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Harbormaster failed remote builds in B42969: Diff 235374!Dec 26 2019, 1:46 PM
eugenis added a comment.Dec 27 2019, 11:53 AM

ping

vitalybuka accepted this revision.Jan 6 2020, 2:00 PM

what is about clang-format?

eugenis added a comment.Jan 6 2020, 3:00 PM
In D71780#1806823, @vitalybuka wrote:

what is about clang-format?

it's nonsense

Closed by commit rGb5e7f95cfbeb: [msan] Check qsort input. (authored by eugenis). · Explain WhyJan 6 2020, 3:13 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
14 lines
test/
msan/
5 lines

Diff 236470

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 9,664 Lines▼ Show 20 Linesint wrapped_qsort_compar(const void *a, const void *b) {
COMMON_INTERCEPTOR_INITIALIZE_RANGE(b, qsort_size); COMMON_INTERCEPTOR_INITIALIZE_RANGE(b, qsort_size);
return qsort_compar(a, b); return qsort_compar(a, b);
} }
INTERCEPTOR(void, qsort, void *base, SIZE_T nmemb, SIZE_T size, INTERCEPTOR(void, qsort, void *base, SIZE_T nmemb, SIZE_T size,
qsort_compar_f compar) { qsort_compar_f compar) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, qsort, base, nmemb, size, compar); COMMON_INTERCEPTOR_ENTER(ctx, qsort, base, nmemb, size, compar);
// Run the comparator over all array elements to detect any memory issues.
for (SIZE_T i = 0; i < nmemb - 1; ++i) {
void *p = (void *)((char *)base + i * size);
void *q = (void *)((char *)base + (i + 1) * size);
COMMON_INTERCEPTOR_UNPOISON_PARAM(2);
compar(p, q);
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

maybe just:

compar(p, q);
compar(q, p);
vitalybuka: maybe just: ``` compar(p, q); compar(q, p); ```
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

A sensible comparator should do the same work no matter what the order of arguments is. Just compar(p, q) should suffice.

eugenis: A sensible comparator should do the same work no matter what the order of arguments is. Just…
}
qsort_compar_f old_compar = qsort_compar; qsort_compar_f old_compar = qsort_compar;
qsort_compar = compar; qsort_compar = compar;
SIZE_T old_size = qsort_size; SIZE_T old_size = qsort_size;
qsort_size = size; qsort_size = size;
REAL(qsort)(base, nmemb, size, wrapped_qsort_compar); REAL(qsort)(base, nmemb, size, wrapped_qsort_compar);
qsort_compar = old_compar; qsort_compar = old_compar;
qsort_size = old_size; qsort_size = old_size;
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, base, nmemb * size); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, base, nmemb * size);
Show All 13 Linesint wrapped_qsort_r_compar(const void *a, const void *b, void *arg) {
COMMON_INTERCEPTOR_INITIALIZE_RANGE(b, qsort_r_size); COMMON_INTERCEPTOR_INITIALIZE_RANGE(b, qsort_r_size);
return qsort_r_compar(a, b, arg); return qsort_r_compar(a, b, arg);
} }
INTERCEPTOR(void, qsort_r, void *base, SIZE_T nmemb, SIZE_T size, INTERCEPTOR(void, qsort_r, void *base, SIZE_T nmemb, SIZE_T size,
qsort_r_compar_f compar, void *arg) { qsort_r_compar_f compar, void *arg) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, qsort_r, base, nmemb, size, compar, arg); COMMON_INTERCEPTOR_ENTER(ctx, qsort_r, base, nmemb, size, compar, arg);
// Run the comparator over all array elements to detect any memory issues.
for (SIZE_T i = 0; i < nmemb - 1; ++i) {
void *p = (void *)((char *)base + i * size);
void *q = (void *)((char *)base + (i + 1) * size);
COMMON_INTERCEPTOR_UNPOISON_PARAM(3);
compar(p, q, arg);
}
qsort_r_compar_f old_compar = qsort_r_compar; qsort_r_compar_f old_compar = qsort_r_compar;
qsort_r_compar = compar; qsort_r_compar = compar;
SIZE_T old_size = qsort_r_size; SIZE_T old_size = qsort_r_size;
qsort_r_size = size; qsort_r_size = size;
REAL(qsort_r)(base, nmemb, size, wrapped_qsort_r_compar, arg); REAL(qsort_r)(base, nmemb, size, wrapped_qsort_r_compar, arg);
qsort_r_compar = old_compar; qsort_r_compar = old_compar;
qsort_r_size = old_size; qsort_r_size = old_size;
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, base, nmemb * size); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, base, nmemb * size);
▲ Show 20 LinesShow All 314 LinesShow Last 20 Lines

compiler-rt/test/msan/qsort.cpp

// RUN: %clangxx_msan -O0 -g %s -o %t && %run %t // RUN: %clangxx_msan -O0 -g %s -o %t && %run %t
// RUN: %clangxx_msan -DPOISON -O0 -g %s -o %t && not %run %t 2>&1 | FileCheck %s
#include <assert.h> #include <assert.h>
#include <errno.h> #include <errno.h>
#include <glob.h> #include <glob.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Lines
} }
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
long *p = new long[kSize1]; long *p = new long[kSize1];
// kind of random // kind of random
for (int i = 0; i < kSize1; ++i) for (int i = 0; i < kSize1; ++i)
p[i] = i * 2 + (i % 3 - 1) * 3; p[i] = i * 2 + (i % 3 - 1) * 3;
poison_stack_and_param(); poison_stack_and_param();
#ifdef POISON
__msan_poison(p + 1, sizeof(long));
// CHECK: Uninitialized bytes in __msan_check_mem_is_initialized at offset 0 inside [{{.*}}, 8)
#endif
qsort(p, kSize1, sizeof(long), compar1); qsort(p, kSize1, sizeof(long), compar1);
__msan_check_mem_is_initialized(p, sizeof(long) * kSize1); __msan_check_mem_is_initialized(p, sizeof(long) * kSize1);
assert(seen2); assert(seen2);
delete[] p; delete[] p;
return 0; return 0;
} }