msan_test.cc revision 369a9a6d4297af031227db1c6fedd21ee7033dc1
1//===-- msan_test.cc ------------------------------------------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file is a part of MemorySanitizer. 11// 12// MemorySanitizer unit tests. 13//===----------------------------------------------------------------------===// 14 15#ifndef MSAN_EXTERNAL_TEST_CONFIG 16#include "msan_test_config.h" 17#endif // MSAN_EXTERNAL_TEST_CONFIG 18 19#include "sanitizer/msan_interface.h" 20#include "msandr_test_so.h" 21 22#include <inttypes.h> 23#include <stdlib.h> 24#include <stdarg.h> 25#include <stdio.h> 26#include <assert.h> 27#include <wchar.h> 28#include <math.h> 29#include <malloc.h> 30 31#include <arpa/inet.h> 32#include <dlfcn.h> 33#include <grp.h> 34#include <unistd.h> 35#include <link.h> 36#include <limits.h> 37#include <sys/time.h> 38#include <poll.h> 39#include <sys/types.h> 40#include <sys/stat.h> 41#include <fcntl.h> 42#include <sys/resource.h> 43#include <sys/ioctl.h> 44#include <sys/statvfs.h> 45#include <sys/sysinfo.h> 46#include <sys/utsname.h> 47#include <sys/mman.h> 48#include <sys/vfs.h> 49#include <dirent.h> 50#include <pwd.h> 51#include <sys/socket.h> 52#include <netdb.h> 53#include <wordexp.h> 54#include <mntent.h> 55#include <netinet/ether.h> 56 57#if defined(__i386__) || defined(__x86_64__) 58# include <emmintrin.h> 59# define MSAN_HAS_M128 1 60#else 61# define MSAN_HAS_M128 0 62#endif 63 64static const int kPageSize = 4096; 65 66typedef unsigned char U1; 67typedef unsigned short U2; // NOLINT 68typedef unsigned int U4; 69typedef unsigned long long U8; // NOLINT 70typedef signed char S1; 71typedef signed short S2; // NOLINT 72typedef signed int S4; 73typedef signed long long S8; // NOLINT 74#define NOINLINE __attribute__((noinline)) 75#define INLINE __attribute__((always_inline)) 76 77static bool TrackingOrigins() { 78 S8 x; 79 __msan_set_origin(&x, sizeof(x), 0x1234); 80 U4 origin = __msan_get_origin(&x); 81 __msan_set_origin(&x, sizeof(x), 0); 82 return origin == 0x1234; 83} 84 85#define EXPECT_UMR(action) \ 86 do { \ 87 __msan_set_expect_umr(1); \ 88 action; \ 89 __msan_set_expect_umr(0); \ 90 } while (0) 91 92#define EXPECT_UMR_O(action, origin) \ 93 do { \ 94 __msan_set_expect_umr(1); \ 95 action; \ 96 __msan_set_expect_umr(0); \ 97 if (TrackingOrigins()) \ 98 EXPECT_EQ(origin, __msan_get_umr_origin()); \ 99 } while (0) 100 101#define EXPECT_UMR_S(action, stack_origin) \ 102 do { \ 103 __msan_set_expect_umr(1); \ 104 action; \ 105 __msan_set_expect_umr(0); \ 106 U4 id = __msan_get_umr_origin(); \ 107 const char *str = __msan_get_origin_descr_if_stack(id); \ 108 if (!str || strcmp(str, stack_origin)) { \ 109 fprintf(stderr, "EXPECT_POISONED_S: id=%u %s, %s", \ 110 id, stack_origin, str); \ 111 EXPECT_EQ(1, 0); \ 112 } \ 113 } while (0) 114 115#define EXPECT_POISONED(x) ExpectPoisoned(x) 116 117template<typename T> 118void ExpectPoisoned(const T& t) { 119 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 120} 121 122#define EXPECT_POISONED_O(x, origin) \ 123 ExpectPoisonedWithOrigin(x, origin) 124 125template<typename T> 126void ExpectPoisonedWithOrigin(const T& t, unsigned origin) { 127 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 128 if (TrackingOrigins()) 129 EXPECT_EQ(origin, __msan_get_origin((void*)&t)); 130} 131 132#define EXPECT_POISONED_S(x, stack_origin) \ 133 ExpectPoisonedWithStackOrigin(x, stack_origin) 134 135template<typename T> 136void ExpectPoisonedWithStackOrigin(const T& t, const char *stack_origin) { 137 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 138 U4 id = __msan_get_origin((void*)&t); 139 const char *str = __msan_get_origin_descr_if_stack(id); 140 if (!str || strcmp(str, stack_origin)) { 141 fprintf(stderr, "EXPECT_POISONED_S: id=%u %s, %s", 142 id, stack_origin, str); 143 EXPECT_EQ(1, 0); 144 } 145} 146 147#define EXPECT_NOT_POISONED(x) ExpectNotPoisoned(x) 148 149template<typename T> 150void ExpectNotPoisoned(const T& t) { 151 EXPECT_EQ(-1, __msan_test_shadow((void*)&t, sizeof(t))); 152} 153 154static U8 poisoned_array[100]; 155template<class T> 156T *GetPoisoned(int i = 0, T val = 0) { 157 T *res = (T*)&poisoned_array[i]; 158 *res = val; 159 __msan_poison(&poisoned_array[i], sizeof(T)); 160 return res; 161} 162 163template<class T> 164T *GetPoisonedO(int i, U4 origin, T val = 0) { 165 T *res = (T*)&poisoned_array[i]; 166 *res = val; 167 __msan_poison(&poisoned_array[i], sizeof(T)); 168 __msan_set_origin(&poisoned_array[i], sizeof(T), origin); 169 return res; 170} 171 172// This function returns its parameter but in such a way that compiler 173// can not prove it. 174template<class T> 175NOINLINE 176static T Ident(T t) { 177 volatile T ret = t; 178 return ret; 179} 180 181template<class T> NOINLINE T ReturnPoisoned() { return *GetPoisoned<T>(); } 182 183static volatile int g_one = 1; 184static volatile int g_zero = 0; 185static volatile int g_0 = 0; 186static volatile int g_1 = 1; 187 188S4 a_s4[100]; 189S8 a_s8[100]; 190 191// Check that malloc poisons memory. 192// A lot of tests below depend on this. 193TEST(MemorySanitizerSanity, PoisonInMalloc) { 194 int *x = (int*)malloc(sizeof(int)); 195 EXPECT_POISONED(*x); 196 free(x); 197} 198 199TEST(MemorySanitizer, NegativeTest1) { 200 S4 *x = GetPoisoned<S4>(); 201 if (g_one) 202 *x = 0; 203 EXPECT_NOT_POISONED(*x); 204} 205 206TEST(MemorySanitizer, PositiveTest1) { 207 // Load to store. 208 EXPECT_POISONED(*GetPoisoned<S1>()); 209 EXPECT_POISONED(*GetPoisoned<S2>()); 210 EXPECT_POISONED(*GetPoisoned<S4>()); 211 EXPECT_POISONED(*GetPoisoned<S8>()); 212 213 // S->S conversions. 214 EXPECT_POISONED(*GetPoisoned<S1>()); 215 EXPECT_POISONED(*GetPoisoned<S1>()); 216 EXPECT_POISONED(*GetPoisoned<S1>()); 217 218 EXPECT_POISONED(*GetPoisoned<S2>()); 219 EXPECT_POISONED(*GetPoisoned<S2>()); 220 EXPECT_POISONED(*GetPoisoned<S2>()); 221 222 EXPECT_POISONED(*GetPoisoned<S4>()); 223 EXPECT_POISONED(*GetPoisoned<S4>()); 224 EXPECT_POISONED(*GetPoisoned<S4>()); 225 226 EXPECT_POISONED(*GetPoisoned<S8>()); 227 EXPECT_POISONED(*GetPoisoned<S8>()); 228 EXPECT_POISONED(*GetPoisoned<S8>()); 229 230 // ZExt 231 EXPECT_POISONED(*GetPoisoned<U1>()); 232 EXPECT_POISONED(*GetPoisoned<U1>()); 233 EXPECT_POISONED(*GetPoisoned<U1>()); 234 EXPECT_POISONED(*GetPoisoned<U2>()); 235 EXPECT_POISONED(*GetPoisoned<U2>()); 236 EXPECT_POISONED(*GetPoisoned<U4>()); 237 238 // Unary ops. 239 EXPECT_POISONED(- *GetPoisoned<S4>()); 240 241 EXPECT_UMR(a_s4[g_zero] = 100 / *GetPoisoned<S4>(0, 1)); 242 243 244 a_s4[g_zero] = 1 - *GetPoisoned<S4>(); 245 a_s4[g_zero] = 1 + *GetPoisoned<S4>(); 246} 247 248TEST(MemorySanitizer, Phi1) { 249 S4 c; 250 if (g_one) { 251 c = *GetPoisoned<S4>(); 252 } else { 253 break_optimization(0); 254 c = 0; 255 } 256 EXPECT_POISONED(c); 257} 258 259TEST(MemorySanitizer, Phi2) { 260 S4 i = *GetPoisoned<S4>(); 261 S4 n = g_one; 262 EXPECT_UMR(for (; i < g_one; i++);); 263 EXPECT_POISONED(i); 264} 265 266NOINLINE void Arg1ExpectUMR(S4 a1) { EXPECT_POISONED(a1); } 267NOINLINE void Arg2ExpectUMR(S4 a1, S4 a2) { EXPECT_POISONED(a2); } 268NOINLINE void Arg3ExpectUMR(S1 a1, S4 a2, S8 a3) { EXPECT_POISONED(a3); } 269 270TEST(MemorySanitizer, ArgTest) { 271 Arg1ExpectUMR(*GetPoisoned<S4>()); 272 Arg2ExpectUMR(0, *GetPoisoned<S4>()); 273 Arg3ExpectUMR(0, 1, *GetPoisoned<S8>()); 274} 275 276 277TEST(MemorySanitizer, CallAndRet) { 278 if (!__msan_has_dynamic_component()) return; 279 ReturnPoisoned<S1>(); 280 ReturnPoisoned<S2>(); 281 ReturnPoisoned<S4>(); 282 ReturnPoisoned<S8>(); 283 284 EXPECT_POISONED(ReturnPoisoned<S1>()); 285 EXPECT_POISONED(ReturnPoisoned<S2>()); 286 EXPECT_POISONED(ReturnPoisoned<S4>()); 287 EXPECT_POISONED(ReturnPoisoned<S8>()); 288} 289 290// malloc() in the following test may be optimized to produce a compile-time 291// undef value. Check that we trap on the volatile assignment anyway. 292TEST(MemorySanitizer, DISABLED_MallocNoIdent) { 293 S4 *x = (int*)malloc(sizeof(S4)); 294 EXPECT_POISONED(*x); 295 free(x); 296} 297 298TEST(MemorySanitizer, Malloc) { 299 S4 *x = (int*)Ident(malloc(sizeof(S4))); 300 EXPECT_POISONED(*x); 301 free(x); 302} 303 304TEST(MemorySanitizer, Realloc) { 305 S4 *x = (int*)Ident(realloc(0, sizeof(S4))); 306 EXPECT_POISONED(x[0]); 307 x[0] = 1; 308 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 309 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 310 EXPECT_POISONED(x[1]); 311 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 312 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 313 EXPECT_POISONED(x[2]); 314 EXPECT_POISONED(x[1]); 315 x[2] = 1; // Init this here. Check that after realloc it is poisoned again. 316 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 317 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 318 EXPECT_POISONED(x[1]); 319 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 320 EXPECT_POISONED(x[1]); 321 EXPECT_POISONED(x[2]); 322 free(x); 323} 324 325TEST(MemorySanitizer, Calloc) { 326 S4 *x = (int*)Ident(calloc(1, sizeof(S4))); 327 EXPECT_NOT_POISONED(*x); // Should not be poisoned. 328 // EXPECT_EQ(0, *x); 329 free(x); 330} 331 332TEST(MemorySanitizer, AndOr) { 333 U4 *p = GetPoisoned<U4>(); 334 // We poison two bytes in the midle of a 4-byte word to make the test 335 // correct regardless of endianness. 336 ((U1*)p)[1] = 0; 337 ((U1*)p)[2] = 0xff; 338 EXPECT_NOT_POISONED(*p & 0x00ffff00); 339 EXPECT_NOT_POISONED(*p & 0x00ff0000); 340 EXPECT_NOT_POISONED(*p & 0x0000ff00); 341 EXPECT_POISONED(*p & 0xff000000); 342 EXPECT_POISONED(*p & 0x000000ff); 343 EXPECT_POISONED(*p & 0x0000ffff); 344 EXPECT_POISONED(*p & 0xffff0000); 345 346 EXPECT_NOT_POISONED(*p | 0xff0000ff); 347 EXPECT_NOT_POISONED(*p | 0xff00ffff); 348 EXPECT_NOT_POISONED(*p | 0xffff00ff); 349 EXPECT_POISONED(*p | 0xff000000); 350 EXPECT_POISONED(*p | 0x000000ff); 351 EXPECT_POISONED(*p | 0x0000ffff); 352 EXPECT_POISONED(*p | 0xffff0000); 353 354 EXPECT_POISONED(*GetPoisoned<bool>() & *GetPoisoned<bool>()); 355} 356 357template<class T> 358static bool applyNot(T value, T shadow) { 359 __msan_partial_poison(&value, &shadow, sizeof(T)); 360 return !value; 361} 362 363TEST(MemorySanitizer, Not) { 364 EXPECT_NOT_POISONED(applyNot<U4>(0x0, 0x0)); 365 EXPECT_NOT_POISONED(applyNot<U4>(0xFFFFFFFF, 0x0)); 366 EXPECT_POISONED(applyNot<U4>(0xFFFFFFFF, 0xFFFFFFFF)); 367 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0FFFFFFF)); 368 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00FFFFFF)); 369 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0000FFFF)); 370 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00000000)); 371 EXPECT_POISONED(applyNot<U4>(0xFF000000, 0xFF000000)); 372 EXPECT_NOT_POISONED(applyNot<U4>(0xFF800000, 0xFF000000)); 373 EXPECT_POISONED(applyNot<U4>(0x00008000, 0x00008000)); 374 375 EXPECT_NOT_POISONED(applyNot<U1>(0x0, 0x0)); 376 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0xFE)); 377 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0x0)); 378 EXPECT_POISONED(applyNot<U1>(0xFF, 0xFF)); 379 380 EXPECT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-1))); 381 EXPECT_NOT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-2))); 382} 383 384TEST(MemorySanitizer, Shift) { 385 U4 *up = GetPoisoned<U4>(); 386 ((U1*)up)[0] = 0; 387 ((U1*)up)[3] = 0xff; 388 EXPECT_NOT_POISONED(*up >> 30); 389 EXPECT_NOT_POISONED(*up >> 24); 390 EXPECT_POISONED(*up >> 23); 391 EXPECT_POISONED(*up >> 10); 392 393 EXPECT_NOT_POISONED(*up << 30); 394 EXPECT_NOT_POISONED(*up << 24); 395 EXPECT_POISONED(*up << 23); 396 EXPECT_POISONED(*up << 10); 397 398 S4 *sp = (S4*)up; 399 EXPECT_NOT_POISONED(*sp >> 30); 400 EXPECT_NOT_POISONED(*sp >> 24); 401 EXPECT_POISONED(*sp >> 23); 402 EXPECT_POISONED(*sp >> 10); 403 404 sp = GetPoisoned<S4>(); 405 ((S1*)sp)[1] = 0; 406 ((S1*)sp)[2] = 0; 407 EXPECT_POISONED(*sp >> 31); 408 409 EXPECT_POISONED(100 >> *GetPoisoned<S4>()); 410 EXPECT_POISONED(100U >> *GetPoisoned<S4>()); 411} 412 413NOINLINE static int GetPoisonedZero() { 414 int *zero = new int; 415 *zero = 0; 416 __msan_poison(zero, sizeof(*zero)); 417 int res = *zero; 418 delete zero; 419 return res; 420} 421 422TEST(MemorySanitizer, LoadFromDirtyAddress) { 423 int *a = new int; 424 *a = 0; 425 EXPECT_UMR(break_optimization((void*)(U8)a[GetPoisonedZero()])); 426 delete a; 427} 428 429TEST(MemorySanitizer, StoreToDirtyAddress) { 430 int *a = new int; 431 EXPECT_UMR(a[GetPoisonedZero()] = 0); 432 break_optimization(a); 433 delete a; 434} 435 436 437NOINLINE void StackTestFunc() { 438 S4 p4; 439 S4 ok4 = 1; 440 S2 p2; 441 S2 ok2 = 1; 442 S1 p1; 443 S1 ok1 = 1; 444 break_optimization(&p4); 445 break_optimization(&ok4); 446 break_optimization(&p2); 447 break_optimization(&ok2); 448 break_optimization(&p1); 449 break_optimization(&ok1); 450 451 EXPECT_POISONED(p4); 452 EXPECT_POISONED(p2); 453 EXPECT_POISONED(p1); 454 EXPECT_NOT_POISONED(ok1); 455 EXPECT_NOT_POISONED(ok2); 456 EXPECT_NOT_POISONED(ok4); 457} 458 459TEST(MemorySanitizer, StackTest) { 460 StackTestFunc(); 461} 462 463NOINLINE void StackStressFunc() { 464 int foo[10000]; 465 break_optimization(foo); 466} 467 468TEST(MemorySanitizer, DISABLED_StackStressTest) { 469 for (int i = 0; i < 1000000; i++) 470 StackStressFunc(); 471} 472 473template<class T> 474void TestFloatingPoint() { 475 static volatile T v; 476 static T g[100]; 477 break_optimization(&g); 478 T *x = GetPoisoned<T>(); 479 T *y = GetPoisoned<T>(1); 480 EXPECT_POISONED(*x); 481 EXPECT_POISONED((long long)*x); 482 EXPECT_POISONED((int)*x); 483 g[0] = *x; 484 g[1] = *x + *y; 485 g[2] = *x - *y; 486 g[3] = *x * *y; 487} 488 489TEST(MemorySanitizer, FloatingPointTest) { 490 TestFloatingPoint<float>(); 491 TestFloatingPoint<double>(); 492} 493 494TEST(MemorySanitizer, DynMem) { 495 S4 x = 0; 496 S4 *y = GetPoisoned<S4>(); 497 memcpy(y, &x, g_one * sizeof(S4)); 498 EXPECT_NOT_POISONED(*y); 499} 500 501static char *DynRetTestStr; 502 503TEST(MemorySanitizer, DynRet) { 504 if (!__msan_has_dynamic_component()) return; 505 ReturnPoisoned<S8>(); 506 EXPECT_NOT_POISONED(clearenv()); 507} 508 509 510TEST(MemorySanitizer, DynRet1) { 511 if (!__msan_has_dynamic_component()) return; 512 ReturnPoisoned<S8>(); 513} 514 515struct LargeStruct { 516 S4 x[10]; 517}; 518 519NOINLINE 520LargeStruct LargeRetTest() { 521 LargeStruct res; 522 res.x[0] = *GetPoisoned<S4>(); 523 res.x[1] = *GetPoisoned<S4>(); 524 res.x[2] = *GetPoisoned<S4>(); 525 res.x[3] = *GetPoisoned<S4>(); 526 res.x[4] = *GetPoisoned<S4>(); 527 res.x[5] = *GetPoisoned<S4>(); 528 res.x[6] = *GetPoisoned<S4>(); 529 res.x[7] = *GetPoisoned<S4>(); 530 res.x[8] = *GetPoisoned<S4>(); 531 res.x[9] = *GetPoisoned<S4>(); 532 return res; 533} 534 535TEST(MemorySanitizer, strcmp) { 536 char s1[10]; 537 char s2[10]; 538 strncpy(s1, "foo", 10); 539 s2[0] = 'f'; 540 s2[1] = 'n'; 541 EXPECT_GT(strcmp(s1, s2), 0); 542 s2[1] = 'o'; 543 int res; 544 EXPECT_UMR(res = strcmp(s1, s2)); 545 EXPECT_NOT_POISONED(res); 546 EXPECT_EQ(strncmp(s1, s2, 1), 0); 547} 548 549TEST(MemorySanitizer, LargeRet) { 550 LargeStruct a = LargeRetTest(); 551 EXPECT_POISONED(a.x[0]); 552 EXPECT_POISONED(a.x[9]); 553} 554 555TEST(MemorySanitizer, strerror) { 556 char *buf = strerror(EINVAL); 557 EXPECT_NOT_POISONED(strlen(buf)); 558 buf = strerror(123456); 559 EXPECT_NOT_POISONED(strlen(buf)); 560} 561 562TEST(MemorySanitizer, strerror_r) { 563 errno = 0; 564 char buf[1000]; 565 char *res = strerror_r(EINVAL, buf, sizeof(buf)); 566 ASSERT_EQ(0, errno); 567 if (!res) res = buf; // POSIX version success. 568 EXPECT_NOT_POISONED(strlen(res)); 569} 570 571TEST(MemorySanitizer, fread) { 572 char *x = new char[32]; 573 FILE *f = fopen("/proc/self/stat", "r"); 574 assert(f); 575 fread(x, 1, 32, f); 576 EXPECT_NOT_POISONED(x[0]); 577 EXPECT_NOT_POISONED(x[16]); 578 EXPECT_NOT_POISONED(x[31]); 579 fclose(f); 580 delete x; 581} 582 583TEST(MemorySanitizer, read) { 584 char *x = new char[32]; 585 int fd = open("/proc/self/stat", O_RDONLY); 586 assert(fd > 0); 587 int sz = read(fd, x, 32); 588 assert(sz == 32); 589 EXPECT_NOT_POISONED(x[0]); 590 EXPECT_NOT_POISONED(x[16]); 591 EXPECT_NOT_POISONED(x[31]); 592 close(fd); 593 delete x; 594} 595 596TEST(MemorySanitizer, pread) { 597 char *x = new char[32]; 598 int fd = open("/proc/self/stat", O_RDONLY); 599 assert(fd > 0); 600 int sz = pread(fd, x, 32, 0); 601 assert(sz == 32); 602 EXPECT_NOT_POISONED(x[0]); 603 EXPECT_NOT_POISONED(x[16]); 604 EXPECT_NOT_POISONED(x[31]); 605 close(fd); 606 delete x; 607} 608 609TEST(MemorySanitizer, readv) { 610 char buf[2011]; 611 struct iovec iov[2]; 612 iov[0].iov_base = buf + 1; 613 iov[0].iov_len = 5; 614 iov[1].iov_base = buf + 10; 615 iov[1].iov_len = 2000; 616 int fd = open("/proc/self/stat", O_RDONLY); 617 assert(fd > 0); 618 int sz = readv(fd, iov, 2); 619 ASSERT_LT(sz, 5 + 2000); 620 ASSERT_GT(sz, iov[0].iov_len); 621 EXPECT_POISONED(buf[0]); 622 EXPECT_NOT_POISONED(buf[1]); 623 EXPECT_NOT_POISONED(buf[5]); 624 EXPECT_POISONED(buf[6]); 625 EXPECT_POISONED(buf[9]); 626 EXPECT_NOT_POISONED(buf[10]); 627 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 628 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 629 close(fd); 630} 631 632TEST(MemorySanitizer, preadv) { 633 char buf[2011]; 634 struct iovec iov[2]; 635 iov[0].iov_base = buf + 1; 636 iov[0].iov_len = 5; 637 iov[1].iov_base = buf + 10; 638 iov[1].iov_len = 2000; 639 int fd = open("/proc/self/stat", O_RDONLY); 640 assert(fd > 0); 641 int sz = preadv(fd, iov, 2, 3); 642 ASSERT_LT(sz, 5 + 2000); 643 ASSERT_GT(sz, iov[0].iov_len); 644 EXPECT_POISONED(buf[0]); 645 EXPECT_NOT_POISONED(buf[1]); 646 EXPECT_NOT_POISONED(buf[5]); 647 EXPECT_POISONED(buf[6]); 648 EXPECT_POISONED(buf[9]); 649 EXPECT_NOT_POISONED(buf[10]); 650 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 651 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 652 close(fd); 653} 654 655// FIXME: fails now. 656TEST(MemorySanitizer, DISABLED_ioctl) { 657 struct winsize ws; 658 EXPECT_EQ(ioctl(2, TIOCGWINSZ, &ws), 0); 659 EXPECT_NOT_POISONED(ws.ws_col); 660} 661 662TEST(MemorySanitizer, readlink) { 663 char *x = new char[1000]; 664 readlink("/proc/self/exe", x, 1000); 665 EXPECT_NOT_POISONED(x[0]); 666 delete [] x; 667} 668 669 670TEST(MemorySanitizer, stat) { 671 struct stat* st = new struct stat; 672 int res = stat("/proc/self/stat", st); 673 assert(!res); 674 EXPECT_NOT_POISONED(st->st_dev); 675 EXPECT_NOT_POISONED(st->st_mode); 676 EXPECT_NOT_POISONED(st->st_size); 677} 678 679TEST(MemorySanitizer, fstatat) { 680 struct stat* st = new struct stat; 681 int dirfd = open("/proc/self", O_RDONLY); 682 assert(dirfd > 0); 683 int res = fstatat(dirfd, "stat", st, 0); 684 assert(!res); 685 EXPECT_NOT_POISONED(st->st_dev); 686 EXPECT_NOT_POISONED(st->st_mode); 687 EXPECT_NOT_POISONED(st->st_size); 688 close(dirfd); 689} 690 691TEST(MemorySanitizer, statfs) { 692 struct statfs st; 693 int res = statfs("/", &st); 694 assert(!res); 695 EXPECT_NOT_POISONED(st.f_type); 696 EXPECT_NOT_POISONED(st.f_bfree); 697 EXPECT_NOT_POISONED(st.f_namelen); 698} 699 700TEST(MemorySanitizer, statvfs) { 701 struct statvfs st; 702 int res = statvfs("/", &st); 703 assert(!res); 704 EXPECT_NOT_POISONED(st.f_bsize); 705 EXPECT_NOT_POISONED(st.f_blocks); 706 EXPECT_NOT_POISONED(st.f_bfree); 707 EXPECT_NOT_POISONED(st.f_namemax); 708} 709 710TEST(MemorySanitizer, fstatvfs) { 711 struct statvfs st; 712 int fd = open("/", O_RDONLY | O_DIRECTORY); 713 int res = fstatvfs(fd, &st); 714 assert(!res); 715 EXPECT_NOT_POISONED(st.f_bsize); 716 EXPECT_NOT_POISONED(st.f_blocks); 717 EXPECT_NOT_POISONED(st.f_bfree); 718 EXPECT_NOT_POISONED(st.f_namemax); 719 close(fd); 720} 721 722TEST(MemorySanitizer, pipe) { 723 int* pipefd = new int[2]; 724 int res = pipe(pipefd); 725 assert(!res); 726 EXPECT_NOT_POISONED(pipefd[0]); 727 EXPECT_NOT_POISONED(pipefd[1]); 728 close(pipefd[0]); 729 close(pipefd[1]); 730} 731 732TEST(MemorySanitizer, pipe2) { 733 int* pipefd = new int[2]; 734 int res = pipe2(pipefd, O_NONBLOCK); 735 assert(!res); 736 EXPECT_NOT_POISONED(pipefd[0]); 737 EXPECT_NOT_POISONED(pipefd[1]); 738 close(pipefd[0]); 739 close(pipefd[1]); 740} 741 742TEST(MemorySanitizer, socketpair) { 743 int sv[2]; 744 int res = socketpair(AF_UNIX, SOCK_STREAM, 0, sv); 745 assert(!res); 746 EXPECT_NOT_POISONED(sv[0]); 747 EXPECT_NOT_POISONED(sv[1]); 748 close(sv[0]); 749 close(sv[1]); 750} 751 752TEST(MemorySanitizer, poll) { 753 int* pipefd = new int[2]; 754 int res = pipe(pipefd); 755 ASSERT_EQ(0, res); 756 757 char data = 42; 758 res = write(pipefd[1], &data, 1); 759 ASSERT_EQ(1, res); 760 761 pollfd fds[2]; 762 fds[0].fd = pipefd[0]; 763 fds[0].events = POLLIN; 764 fds[1].fd = pipefd[1]; 765 fds[1].events = POLLIN; 766 res = poll(fds, 2, 500); 767 ASSERT_EQ(1, res); 768 EXPECT_NOT_POISONED(fds[0].revents); 769 EXPECT_NOT_POISONED(fds[1].revents); 770 771 close(pipefd[0]); 772 close(pipefd[1]); 773} 774 775TEST(MemorySanitizer, ppoll) { 776 int* pipefd = new int[2]; 777 int res = pipe(pipefd); 778 ASSERT_EQ(0, res); 779 780 char data = 42; 781 res = write(pipefd[1], &data, 1); 782 ASSERT_EQ(1, res); 783 784 pollfd fds[2]; 785 fds[0].fd = pipefd[0]; 786 fds[0].events = POLLIN; 787 fds[1].fd = pipefd[1]; 788 fds[1].events = POLLIN; 789 sigset_t ss; 790 sigemptyset(&ss); 791 res = ppoll(fds, 2, NULL, &ss); 792 ASSERT_EQ(1, res); 793 EXPECT_NOT_POISONED(fds[0].revents); 794 EXPECT_NOT_POISONED(fds[1].revents); 795 796 close(pipefd[0]); 797 close(pipefd[1]); 798} 799 800TEST(MemorySanitizer, poll_positive) { 801 int* pipefd = new int[2]; 802 int res = pipe(pipefd); 803 ASSERT_EQ(0, res); 804 805 pollfd fds[2]; 806 fds[0].fd = pipefd[0]; 807 fds[0].events = POLLIN; 808 // fds[1].fd uninitialized 809 fds[1].events = POLLIN; 810 EXPECT_UMR(poll(fds, 2, 0)); 811 812 close(pipefd[0]); 813 close(pipefd[1]); 814} 815 816TEST(MemorySanitizer, bind_getsockname) { 817 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 818 819 struct sockaddr_in sai; 820 memset(&sai, 0, sizeof(sai)); 821 sai.sin_family = AF_UNIX; 822 int res = bind(sock, (struct sockaddr *)&sai, sizeof(sai)); 823 824 assert(!res); 825 char buf[200]; 826 socklen_t addrlen; 827 EXPECT_UMR(getsockname(sock, (struct sockaddr *)&buf, &addrlen)); 828 829 addrlen = sizeof(buf); 830 res = getsockname(sock, (struct sockaddr *)&buf, &addrlen); 831 EXPECT_NOT_POISONED(addrlen); 832 EXPECT_NOT_POISONED(buf[0]); 833 EXPECT_NOT_POISONED(buf[addrlen - 1]); 834 EXPECT_POISONED(buf[addrlen]); 835 close(sock); 836} 837 838TEST(MemorySanitizer, accept) { 839 int listen_socket = socket(AF_INET, SOCK_STREAM, 0); 840 ASSERT_LT(0, listen_socket); 841 842 struct sockaddr_in sai; 843 memset(&sai, 0, sizeof(sai)); 844 sai.sin_family = AF_INET; 845 sai.sin_port = 0; 846 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 847 int res = bind(listen_socket, (struct sockaddr *)&sai, sizeof(sai)); 848 ASSERT_EQ(0, res); 849 850 res = listen(listen_socket, 1); 851 ASSERT_EQ(0, res); 852 853 socklen_t sz = sizeof(sai); 854 res = getsockname(listen_socket, (struct sockaddr *)&sai, &sz); 855 ASSERT_EQ(0, res); 856 ASSERT_EQ(sizeof(sai), sz); 857 858 int connect_socket = socket(AF_INET, SOCK_STREAM, 0); 859 ASSERT_LT(0, connect_socket); 860 res = fcntl(connect_socket, F_SETFL, O_NONBLOCK); 861 ASSERT_EQ(0, res); 862 res = connect(connect_socket, (struct sockaddr *)&sai, sizeof(sai)); 863 ASSERT_EQ(-1, res); 864 ASSERT_EQ(EINPROGRESS, errno); 865 866 __msan_poison(&sai, sizeof(sai)); 867 int new_sock = accept(listen_socket, (struct sockaddr *)&sai, &sz); 868 ASSERT_LT(0, new_sock); 869 ASSERT_EQ(sizeof(sai), sz); 870 EXPECT_NOT_POISONED(sai); 871 872 __msan_poison(&sai, sizeof(sai)); 873 res = getpeername(new_sock, (struct sockaddr *)&sai, &sz); 874 ASSERT_EQ(0, res); 875 ASSERT_EQ(sizeof(sai), sz); 876 EXPECT_NOT_POISONED(sai); 877 878 close(new_sock); 879 close(connect_socket); 880 close(listen_socket); 881} 882 883TEST(MemorySanitizer, getaddrinfo) { 884 struct addrinfo *ai; 885 struct addrinfo hints; 886 memset(&hints, 0, sizeof(hints)); 887 hints.ai_family = AF_INET; 888 int res = getaddrinfo("localhost", NULL, &hints, &ai); 889 ASSERT_EQ(0, res); 890 EXPECT_NOT_POISONED(*ai); 891 ASSERT_EQ(sizeof(sockaddr_in), ai->ai_addrlen); 892 EXPECT_NOT_POISONED(*(sockaddr_in*)ai->ai_addr); 893} 894 895TEST(MemorySanitizer, getnameinfo) { 896 struct sockaddr_in sai; 897 memset(&sai, 0, sizeof(sai)); 898 sai.sin_family = AF_INET; 899 sai.sin_port = 80; 900 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 901 char host[500]; 902 char serv[500]; 903 int res = getnameinfo((struct sockaddr *)&sai, sizeof(sai), host, 904 sizeof(host), serv, sizeof(serv), 0); 905 ASSERT_EQ(0, res); 906 EXPECT_NOT_POISONED(host[0]); 907 EXPECT_POISONED(host[sizeof(host) - 1]); 908 909 ASSERT_NE(0, strlen(host)); 910 EXPECT_NOT_POISONED(serv[0]); 911 EXPECT_POISONED(serv[sizeof(serv) - 1]); 912 ASSERT_NE(0, strlen(serv)); 913} 914 915#define EXPECT_HOSTENT_NOT_POISONED(he) \ 916 do { \ 917 EXPECT_NOT_POISONED(*(he)); \ 918 ASSERT_NE((void *) 0, (he)->h_name); \ 919 ASSERT_NE((void *) 0, (he)->h_aliases); \ 920 ASSERT_NE((void *) 0, (he)->h_addr_list); \ 921 EXPECT_NOT_POISONED(strlen((he)->h_name)); \ 922 char **p = (he)->h_aliases; \ 923 while (*p) { \ 924 EXPECT_NOT_POISONED(strlen(*p)); \ 925 ++p; \ 926 } \ 927 char **q = (he)->h_addr_list; \ 928 while (*q) { \ 929 EXPECT_NOT_POISONED(*q[0]); \ 930 ++q; \ 931 } \ 932 EXPECT_NOT_POISONED(*q); \ 933 } while (0) 934 935TEST(MemorySanitizer, gethostent) { 936 struct hostent *he = gethostent(); 937 ASSERT_NE((void *)NULL, he); 938 EXPECT_HOSTENT_NOT_POISONED(he); 939} 940 941#ifndef MSAN_TEST_DISABLE_GETHOSTBYNAME 942 943TEST(MemorySanitizer, gethostbyname) { 944 struct hostent *he = gethostbyname("localhost"); 945 ASSERT_NE((void *)NULL, he); 946 EXPECT_HOSTENT_NOT_POISONED(he); 947} 948 949#endif // MSAN_TEST_DISABLE_GETHOSTBYNAME 950 951TEST(MemorySanitizer, recvmsg) { 952 int server_socket = socket(AF_INET, SOCK_DGRAM, 0); 953 ASSERT_LT(0, server_socket); 954 955 struct sockaddr_in sai; 956 memset(&sai, 0, sizeof(sai)); 957 sai.sin_family = AF_INET; 958 sai.sin_port = 0; 959 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 960 int res = bind(server_socket, (struct sockaddr *)&sai, sizeof(sai)); 961 ASSERT_EQ(0, res); 962 963 socklen_t sz = sizeof(sai); 964 res = getsockname(server_socket, (struct sockaddr *)&sai, &sz); 965 ASSERT_EQ(0, res); 966 ASSERT_EQ(sizeof(sai), sz); 967 968 969 int client_socket = socket(AF_INET, SOCK_DGRAM, 0); 970 ASSERT_LT(0, client_socket); 971 972 struct sockaddr_in client_sai; 973 memset(&client_sai, 0, sizeof(client_sai)); 974 client_sai.sin_family = AF_INET; 975 client_sai.sin_port = 0; 976 client_sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 977 res = bind(client_socket, (struct sockaddr *)&client_sai, sizeof(client_sai)); 978 ASSERT_EQ(0, res); 979 980 sz = sizeof(client_sai); 981 res = getsockname(client_socket, (struct sockaddr *)&client_sai, &sz); 982 ASSERT_EQ(0, res); 983 ASSERT_EQ(sizeof(client_sai), sz); 984 985 986 const char *s = "message text"; 987 struct iovec iov; 988 iov.iov_base = (void *)s; 989 iov.iov_len = strlen(s) + 1; 990 struct msghdr msg; 991 memset(&msg, 0, sizeof(msg)); 992 msg.msg_name = &sai; 993 msg.msg_namelen = sizeof(sai); 994 msg.msg_iov = &iov; 995 msg.msg_iovlen = 1; 996 res = sendmsg(client_socket, &msg, 0); 997 ASSERT_LT(0, res); 998 999 1000 char buf[1000]; 1001 struct iovec recv_iov; 1002 recv_iov.iov_base = (void *)&buf; 1003 recv_iov.iov_len = sizeof(buf); 1004 struct sockaddr_in recv_sai; 1005 struct msghdr recv_msg; 1006 memset(&recv_msg, 0, sizeof(recv_msg)); 1007 recv_msg.msg_name = &recv_sai; 1008 recv_msg.msg_namelen = sizeof(recv_sai); 1009 recv_msg.msg_iov = &recv_iov; 1010 recv_msg.msg_iovlen = 1; 1011 res = recvmsg(server_socket, &recv_msg, 0); 1012 ASSERT_LT(0, res); 1013 1014 ASSERT_EQ(sizeof(recv_sai), recv_msg.msg_namelen); 1015 EXPECT_NOT_POISONED(*(struct sockaddr_in *)recv_msg.msg_name); 1016 EXPECT_STREQ(s, buf); 1017 1018 close(server_socket); 1019 close(client_socket); 1020} 1021 1022TEST(MemorySanitizer, gethostbyname2) { 1023 struct hostent *he = gethostbyname2("localhost", AF_INET); 1024 ASSERT_NE((void *)NULL, he); 1025 EXPECT_HOSTENT_NOT_POISONED(he); 1026} 1027 1028TEST(MemorySanitizer, gethostbyaddr) { 1029 in_addr_t addr = inet_addr("127.0.0.1"); 1030 EXPECT_NOT_POISONED(addr); 1031 struct hostent *he = gethostbyaddr(&addr, sizeof(addr), AF_INET); 1032 ASSERT_NE((void *)NULL, he); 1033 EXPECT_HOSTENT_NOT_POISONED(he); 1034} 1035 1036TEST(MemorySanitizer, gethostent_r) { 1037 char buf[2000]; 1038 struct hostent he; 1039 struct hostent *result; 1040 int err; 1041 int res = gethostent_r(&he, buf, sizeof(buf), &result, &err); 1042 ASSERT_EQ(0, res); 1043 EXPECT_NOT_POISONED(result); 1044 ASSERT_NE((void *)NULL, result); 1045 EXPECT_HOSTENT_NOT_POISONED(result); 1046 EXPECT_NOT_POISONED(err); 1047} 1048 1049TEST(MemorySanitizer, gethostbyname_r) { 1050 char buf[2000]; 1051 struct hostent he; 1052 struct hostent *result; 1053 int err; 1054 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err); 1055 ASSERT_EQ(0, res); 1056 EXPECT_NOT_POISONED(result); 1057 ASSERT_NE((void *)NULL, result); 1058 EXPECT_HOSTENT_NOT_POISONED(result); 1059 EXPECT_NOT_POISONED(err); 1060} 1061 1062TEST(MemorySanitizer, gethostbyname2_r) { 1063 char buf[2000]; 1064 struct hostent he; 1065 struct hostent *result; 1066 int err; 1067 int res = gethostbyname2_r("localhost", AF_INET, &he, buf, sizeof(buf), 1068 &result, &err); 1069 ASSERT_EQ(0, res); 1070 EXPECT_NOT_POISONED(result); 1071 ASSERT_NE((void *)NULL, result); 1072 EXPECT_HOSTENT_NOT_POISONED(result); 1073 EXPECT_NOT_POISONED(err); 1074} 1075 1076TEST(MemorySanitizer, gethostbyaddr_r) { 1077 char buf[2000]; 1078 struct hostent he; 1079 struct hostent *result; 1080 int err; 1081 in_addr_t addr = inet_addr("127.0.0.1"); 1082 EXPECT_NOT_POISONED(addr); 1083 int res = gethostbyaddr_r(&addr, sizeof(addr), AF_INET, &he, buf, sizeof(buf), 1084 &result, &err); 1085 ASSERT_EQ(0, res); 1086 EXPECT_NOT_POISONED(result); 1087 ASSERT_NE((void *)NULL, result); 1088 EXPECT_HOSTENT_NOT_POISONED(result); 1089 EXPECT_NOT_POISONED(err); 1090} 1091 1092TEST(MemorySanitizer, getsockopt) { 1093 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 1094 struct linger l[2]; 1095 socklen_t sz = sizeof(l[0]); 1096 int res = getsockopt(sock, SOL_SOCKET, SO_LINGER, &l[0], &sz); 1097 ASSERT_EQ(0, res); 1098 ASSERT_EQ(sizeof(l[0]), sz); 1099 EXPECT_NOT_POISONED(l[0]); 1100 EXPECT_POISONED(*(char *)(l + 1)); 1101} 1102 1103TEST(MemorySanitizer, getcwd) { 1104 char path[PATH_MAX + 1]; 1105 char* res = getcwd(path, sizeof(path)); 1106 assert(res); 1107 EXPECT_NOT_POISONED(path[0]); 1108} 1109 1110TEST(MemorySanitizer, getcwd_gnu) { 1111 char* res = getcwd(NULL, 0); 1112 assert(res); 1113 EXPECT_NOT_POISONED(res[0]); 1114 free(res); 1115} 1116 1117TEST(MemorySanitizer, get_current_dir_name) { 1118 char* res = get_current_dir_name(); 1119 assert(res); 1120 EXPECT_NOT_POISONED(res[0]); 1121 free(res); 1122} 1123 1124TEST(MemorySanitizer, confstr) { 1125 char buf[3]; 1126 size_t res = confstr(_CS_PATH, buf, sizeof(buf)); 1127 ASSERT_GT(res, sizeof(buf)); 1128 EXPECT_NOT_POISONED(buf[0]); 1129 EXPECT_NOT_POISONED(buf[sizeof(buf) - 1]); 1130 1131 char buf2[1000]; 1132 res = confstr(_CS_PATH, buf2, sizeof(buf2)); 1133 ASSERT_LT(res, sizeof(buf2)); 1134 EXPECT_NOT_POISONED(buf2[0]); 1135 EXPECT_NOT_POISONED(buf2[res - 1]); 1136 EXPECT_POISONED(buf2[res]); 1137 ASSERT_EQ(res, strlen(buf2) + 1); 1138} 1139 1140TEST(MemorySanitizer, readdir) { 1141 DIR *dir = opendir("."); 1142 struct dirent *d = readdir(dir); 1143 assert(d); 1144 EXPECT_NOT_POISONED(d->d_name[0]); 1145 closedir(dir); 1146} 1147 1148TEST(MemorySanitizer, readdir_r) { 1149 DIR *dir = opendir("."); 1150 struct dirent d; 1151 struct dirent *pd; 1152 int res = readdir_r(dir, &d, &pd); 1153 assert(!res); 1154 EXPECT_NOT_POISONED(pd); 1155 EXPECT_NOT_POISONED(d.d_name[0]); 1156 closedir(dir); 1157} 1158 1159TEST(MemorySanitizer, realpath) { 1160 const char* relpath = "."; 1161 char path[PATH_MAX + 1]; 1162 char* res = realpath(relpath, path); 1163 assert(res); 1164 EXPECT_NOT_POISONED(path[0]); 1165} 1166 1167TEST(MemorySanitizer, realpath_null) { 1168 const char* relpath = "."; 1169 char* res = realpath(relpath, NULL); 1170 printf("%d, %s\n", errno, strerror(errno)); 1171 assert(res); 1172 EXPECT_NOT_POISONED(res[0]); 1173 free(res); 1174} 1175 1176TEST(MemorySanitizer, canonicalize_file_name) { 1177 const char* relpath = "."; 1178 char* res = canonicalize_file_name(relpath); 1179 assert(res); 1180 EXPECT_NOT_POISONED(res[0]); 1181 free(res); 1182} 1183 1184extern char **environ; 1185 1186TEST(MemorySanitizer, setenv) { 1187 setenv("AAA", "BBB", 1); 1188 for (char **envp = environ; *envp; ++envp) { 1189 EXPECT_NOT_POISONED(*envp); 1190 EXPECT_NOT_POISONED(*envp[0]); 1191 } 1192} 1193 1194TEST(MemorySanitizer, putenv) { 1195 char s[] = "AAA=BBB"; 1196 putenv(s); 1197 for (char **envp = environ; *envp; ++envp) { 1198 EXPECT_NOT_POISONED(*envp); 1199 EXPECT_NOT_POISONED(*envp[0]); 1200 } 1201} 1202 1203TEST(MemorySanitizer, memcpy) { 1204 char* x = new char[2]; 1205 char* y = new char[2]; 1206 x[0] = 1; 1207 x[1] = *GetPoisoned<char>(); 1208 memcpy(y, x, 2); 1209 EXPECT_NOT_POISONED(y[0]); 1210 EXPECT_POISONED(y[1]); 1211} 1212 1213TEST(MemorySanitizer, memmove) { 1214 char* x = new char[2]; 1215 char* y = new char[2]; 1216 x[0] = 1; 1217 x[1] = *GetPoisoned<char>(); 1218 memmove(y, x, 2); 1219 EXPECT_NOT_POISONED(y[0]); 1220 EXPECT_POISONED(y[1]); 1221} 1222 1223TEST(MemorySanitizer, bcopy) { 1224 char* x = new char[2]; 1225 char* y = new char[2]; 1226 x[0] = 1; 1227 x[1] = *GetPoisoned<char>(); 1228 bcopy(x, y, 2); 1229 EXPECT_NOT_POISONED(y[0]); 1230 EXPECT_POISONED(y[1]); 1231} 1232 1233TEST(MemorySanitizer, strdup) { 1234 char buf[4] = "abc"; 1235 __msan_poison(buf + 2, sizeof(*buf)); 1236 char *x = strdup(buf); 1237 EXPECT_NOT_POISONED(x[0]); 1238 EXPECT_NOT_POISONED(x[1]); 1239 EXPECT_POISONED(x[2]); 1240 EXPECT_NOT_POISONED(x[3]); 1241 free(x); 1242} 1243 1244TEST(MemorySanitizer, strndup) { 1245 char buf[4] = "abc"; 1246 __msan_poison(buf + 2, sizeof(*buf)); 1247 char *x = strndup(buf, 3); 1248 EXPECT_NOT_POISONED(x[0]); 1249 EXPECT_NOT_POISONED(x[1]); 1250 EXPECT_POISONED(x[2]); 1251 EXPECT_NOT_POISONED(x[3]); 1252 free(x); 1253} 1254 1255TEST(MemorySanitizer, strndup_short) { 1256 char buf[4] = "abc"; 1257 __msan_poison(buf + 1, sizeof(*buf)); 1258 __msan_poison(buf + 2, sizeof(*buf)); 1259 char *x = strndup(buf, 2); 1260 EXPECT_NOT_POISONED(x[0]); 1261 EXPECT_POISONED(x[1]); 1262 EXPECT_NOT_POISONED(x[2]); 1263 free(x); 1264} 1265 1266 1267template<class T, int size> 1268void TestOverlapMemmove() { 1269 T *x = new T[size]; 1270 assert(size >= 3); 1271 x[2] = 0; 1272 memmove(x, x + 1, (size - 1) * sizeof(T)); 1273 EXPECT_NOT_POISONED(x[1]); 1274 if (!__msan_has_dynamic_component()) { 1275 // FIXME: under DR we will lose this information 1276 // because accesses in memmove will unpoisin the shadow. 1277 // We need to use our own memove implementation instead of libc's. 1278 EXPECT_POISONED(x[0]); 1279 EXPECT_POISONED(x[2]); 1280 } 1281 delete [] x; 1282} 1283 1284TEST(MemorySanitizer, overlap_memmove) { 1285 TestOverlapMemmove<U1, 10>(); 1286 TestOverlapMemmove<U1, 1000>(); 1287 TestOverlapMemmove<U8, 4>(); 1288 TestOverlapMemmove<U8, 1000>(); 1289} 1290 1291TEST(MemorySanitizer, strcpy) { // NOLINT 1292 char* x = new char[3]; 1293 char* y = new char[3]; 1294 x[0] = 'a'; 1295 x[1] = *GetPoisoned<char>(1, 1); 1296 x[2] = 0; 1297 strcpy(y, x); // NOLINT 1298 EXPECT_NOT_POISONED(y[0]); 1299 EXPECT_POISONED(y[1]); 1300 EXPECT_NOT_POISONED(y[2]); 1301} 1302 1303TEST(MemorySanitizer, strncpy) { // NOLINT 1304 char* x = new char[3]; 1305 char* y = new char[3]; 1306 x[0] = 'a'; 1307 x[1] = *GetPoisoned<char>(1, 1); 1308 x[2] = 0; 1309 strncpy(y, x, 2); // NOLINT 1310 EXPECT_NOT_POISONED(y[0]); 1311 EXPECT_POISONED(y[1]); 1312 EXPECT_POISONED(y[2]); 1313} 1314 1315TEST(MemorySanitizer, stpcpy) { // NOLINT 1316 char* x = new char[3]; 1317 char* y = new char[3]; 1318 x[0] = 'a'; 1319 x[1] = *GetPoisoned<char>(1, 1); 1320 x[2] = 0; 1321 char *res = stpcpy(y, x); // NOLINT 1322 ASSERT_EQ(res, y + 2); 1323 EXPECT_NOT_POISONED(y[0]); 1324 EXPECT_POISONED(y[1]); 1325 EXPECT_NOT_POISONED(y[2]); 1326} 1327 1328TEST(MemorySanitizer, strtol) { 1329 char *e; 1330 assert(1 == strtol("1", &e, 10)); 1331 EXPECT_NOT_POISONED((S8) e); 1332} 1333 1334TEST(MemorySanitizer, strtoll) { 1335 char *e; 1336 assert(1 == strtoll("1", &e, 10)); 1337 EXPECT_NOT_POISONED((S8) e); 1338} 1339 1340TEST(MemorySanitizer, strtoul) { 1341 char *e; 1342 assert(1 == strtoul("1", &e, 10)); 1343 EXPECT_NOT_POISONED((S8) e); 1344} 1345 1346TEST(MemorySanitizer, strtoull) { 1347 char *e; 1348 assert(1 == strtoull("1", &e, 10)); 1349 EXPECT_NOT_POISONED((S8) e); 1350} 1351 1352TEST(MemorySanitizer, strtoimax) { 1353 char *e; 1354 assert(1 == strtoimax("1", &e, 10)); 1355 EXPECT_NOT_POISONED((S8) e); 1356} 1357 1358TEST(MemorySanitizer, strtoumax) { 1359 char *e; 1360 assert(1 == strtoumax("1", &e, 10)); 1361 EXPECT_NOT_POISONED((S8) e); 1362} 1363 1364TEST(MemorySanitizer, strtod) { 1365 char *e; 1366 assert(0 != strtod("1.5", &e)); 1367 EXPECT_NOT_POISONED((S8) e); 1368} 1369 1370#ifdef __GLIBC__ 1371extern "C" double __strtod_l(const char *nptr, char **endptr, locale_t loc); 1372TEST(MemorySanitizer, __strtod_l) { 1373 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); 1374 char *e; 1375 assert(0 != __strtod_l("1.5", &e, loc)); 1376 EXPECT_NOT_POISONED((S8) e); 1377 freelocale(loc); 1378} 1379#endif // __GLIBC__ 1380 1381TEST(MemorySanitizer, strtof) { 1382 char *e; 1383 assert(0 != strtof("1.5", &e)); 1384 EXPECT_NOT_POISONED((S8) e); 1385} 1386 1387TEST(MemorySanitizer, strtold) { 1388 char *e; 1389 assert(0 != strtold("1.5", &e)); 1390 EXPECT_NOT_POISONED((S8) e); 1391} 1392 1393TEST(MemorySanitizer, modf) { 1394 double x, y; 1395 x = modf(2.1, &y); 1396 EXPECT_NOT_POISONED(y); 1397} 1398 1399TEST(MemorySanitizer, modff) { 1400 float x, y; 1401 x = modff(2.1, &y); 1402 EXPECT_NOT_POISONED(y); 1403} 1404 1405TEST(MemorySanitizer, modfl) { 1406 long double x, y; 1407 x = modfl(2.1, &y); 1408 EXPECT_NOT_POISONED(y); 1409} 1410 1411TEST(MemorySanitizer, sprintf) { // NOLINT 1412 char buff[10]; 1413 break_optimization(buff); 1414 EXPECT_POISONED(buff[0]); 1415 int res = sprintf(buff, "%d", 1234567); // NOLINT 1416 assert(res == 7); 1417 assert(buff[0] == '1'); 1418 assert(buff[1] == '2'); 1419 assert(buff[2] == '3'); 1420 assert(buff[6] == '7'); 1421 assert(buff[7] == 0); 1422 EXPECT_POISONED(buff[8]); 1423} 1424 1425TEST(MemorySanitizer, snprintf) { 1426 char buff[10]; 1427 break_optimization(buff); 1428 EXPECT_POISONED(buff[0]); 1429 int res = snprintf(buff, sizeof(buff), "%d", 1234567); 1430 assert(res == 7); 1431 assert(buff[0] == '1'); 1432 assert(buff[1] == '2'); 1433 assert(buff[2] == '3'); 1434 assert(buff[6] == '7'); 1435 assert(buff[7] == 0); 1436 EXPECT_POISONED(buff[8]); 1437} 1438 1439TEST(MemorySanitizer, swprintf) { 1440 wchar_t buff[10]; 1441 assert(sizeof(wchar_t) == 4); 1442 break_optimization(buff); 1443 EXPECT_POISONED(buff[0]); 1444 int res = swprintf(buff, 9, L"%d", 1234567); 1445 assert(res == 7); 1446 assert(buff[0] == '1'); 1447 assert(buff[1] == '2'); 1448 assert(buff[2] == '3'); 1449 assert(buff[6] == '7'); 1450 assert(buff[7] == 0); 1451 EXPECT_POISONED(buff[8]); 1452} 1453 1454TEST(MemorySanitizer, asprintf) { // NOLINT 1455 char *pbuf; 1456 EXPECT_POISONED(pbuf); 1457 int res = asprintf(&pbuf, "%d", 1234567); // NOLINT 1458 assert(res == 7); 1459 EXPECT_NOT_POISONED(pbuf); 1460 assert(pbuf[0] == '1'); 1461 assert(pbuf[1] == '2'); 1462 assert(pbuf[2] == '3'); 1463 assert(pbuf[6] == '7'); 1464 assert(pbuf[7] == 0); 1465 free(pbuf); 1466} 1467 1468TEST(MemorySanitizer, mbstowcs) { 1469 const char *x = "abc"; 1470 wchar_t buff[10]; 1471 int res = mbstowcs(buff, x, 2); 1472 EXPECT_EQ(2, res); 1473 EXPECT_EQ(L'a', buff[0]); 1474 EXPECT_EQ(L'b', buff[1]); 1475 EXPECT_POISONED(buff[2]); 1476 res = mbstowcs(buff, x, 10); 1477 EXPECT_EQ(3, res); 1478 EXPECT_NOT_POISONED(buff[3]); 1479} 1480 1481TEST(MemorySanitizer, wcstombs) { 1482 const wchar_t *x = L"abc"; 1483 char buff[10]; 1484 int res = wcstombs(buff, x, 4); 1485 EXPECT_EQ(res, 3); 1486 EXPECT_EQ(buff[0], 'a'); 1487 EXPECT_EQ(buff[1], 'b'); 1488 EXPECT_EQ(buff[2], 'c'); 1489} 1490 1491TEST(MemorySanitizer, wcsrtombs) { 1492 const wchar_t *x = L"abc"; 1493 const wchar_t *p = x; 1494 char buff[10]; 1495 mbstate_t mbs; 1496 memset(&mbs, 0, sizeof(mbs)); 1497 int res = wcsrtombs(buff, &p, 4, &mbs); 1498 EXPECT_EQ(res, 3); 1499 EXPECT_EQ(buff[0], 'a'); 1500 EXPECT_EQ(buff[1], 'b'); 1501 EXPECT_EQ(buff[2], 'c'); 1502 EXPECT_EQ(buff[3], '\0'); 1503 EXPECT_POISONED(buff[4]); 1504} 1505 1506TEST(MemorySanitizer, wcsnrtombs) { 1507 const wchar_t *x = L"abc"; 1508 const wchar_t *p = x; 1509 char buff[10]; 1510 mbstate_t mbs; 1511 memset(&mbs, 0, sizeof(mbs)); 1512 int res = wcsnrtombs(buff, &p, 2, 4, &mbs); 1513 EXPECT_EQ(res, 2); 1514 EXPECT_EQ(buff[0], 'a'); 1515 EXPECT_EQ(buff[1], 'b'); 1516 EXPECT_POISONED(buff[2]); 1517} 1518 1519TEST(MemorySanitizer, mbtowc) { 1520 const char *x = "abc"; 1521 wchar_t wx; 1522 int res = mbtowc(&wx, x, 3); 1523 EXPECT_GT(res, 0); 1524 EXPECT_NOT_POISONED(wx); 1525} 1526 1527TEST(MemorySanitizer, mbrtowc) { 1528 const char *x = "abc"; 1529 wchar_t wx; 1530 mbstate_t mbs; 1531 memset(&mbs, 0, sizeof(mbs)); 1532 int res = mbrtowc(&wx, x, 3, &mbs); 1533 EXPECT_GT(res, 0); 1534 EXPECT_NOT_POISONED(wx); 1535} 1536 1537TEST(MemorySanitizer, gettimeofday) { 1538 struct timeval tv; 1539 struct timezone tz; 1540 break_optimization(&tv); 1541 break_optimization(&tz); 1542 assert(sizeof(tv) == 16); 1543 assert(sizeof(tz) == 8); 1544 EXPECT_POISONED(tv.tv_sec); 1545 EXPECT_POISONED(tv.tv_usec); 1546 EXPECT_POISONED(tz.tz_minuteswest); 1547 EXPECT_POISONED(tz.tz_dsttime); 1548 assert(0 == gettimeofday(&tv, &tz)); 1549 EXPECT_NOT_POISONED(tv.tv_sec); 1550 EXPECT_NOT_POISONED(tv.tv_usec); 1551 EXPECT_NOT_POISONED(tz.tz_minuteswest); 1552 EXPECT_NOT_POISONED(tz.tz_dsttime); 1553} 1554 1555TEST(MemorySanitizer, clock_gettime) { 1556 struct timespec tp; 1557 EXPECT_POISONED(tp.tv_sec); 1558 EXPECT_POISONED(tp.tv_nsec); 1559 assert(0 == clock_gettime(CLOCK_REALTIME, &tp)); 1560 EXPECT_NOT_POISONED(tp.tv_sec); 1561 EXPECT_NOT_POISONED(tp.tv_nsec); 1562} 1563 1564TEST(MemorySanitizer, clock_getres) { 1565 struct timespec tp; 1566 EXPECT_POISONED(tp.tv_sec); 1567 EXPECT_POISONED(tp.tv_nsec); 1568 assert(0 == clock_getres(CLOCK_REALTIME, 0)); 1569 EXPECT_POISONED(tp.tv_sec); 1570 EXPECT_POISONED(tp.tv_nsec); 1571 assert(0 == clock_getres(CLOCK_REALTIME, &tp)); 1572 EXPECT_NOT_POISONED(tp.tv_sec); 1573 EXPECT_NOT_POISONED(tp.tv_nsec); 1574} 1575 1576TEST(MemorySanitizer, getitimer) { 1577 struct itimerval it1, it2; 1578 int res; 1579 EXPECT_POISONED(it1.it_interval.tv_sec); 1580 EXPECT_POISONED(it1.it_interval.tv_usec); 1581 EXPECT_POISONED(it1.it_value.tv_sec); 1582 EXPECT_POISONED(it1.it_value.tv_usec); 1583 res = getitimer(ITIMER_VIRTUAL, &it1); 1584 assert(!res); 1585 EXPECT_NOT_POISONED(it1.it_interval.tv_sec); 1586 EXPECT_NOT_POISONED(it1.it_interval.tv_usec); 1587 EXPECT_NOT_POISONED(it1.it_value.tv_sec); 1588 EXPECT_NOT_POISONED(it1.it_value.tv_usec); 1589 1590 it1.it_interval.tv_sec = it1.it_value.tv_sec = 10000; 1591 it1.it_interval.tv_usec = it1.it_value.tv_usec = 0; 1592 1593 res = setitimer(ITIMER_VIRTUAL, &it1, &it2); 1594 assert(!res); 1595 EXPECT_NOT_POISONED(it2.it_interval.tv_sec); 1596 EXPECT_NOT_POISONED(it2.it_interval.tv_usec); 1597 EXPECT_NOT_POISONED(it2.it_value.tv_sec); 1598 EXPECT_NOT_POISONED(it2.it_value.tv_usec); 1599 1600 // Check that old_value can be 0, and disable the timer. 1601 memset(&it1, 0, sizeof(it1)); 1602 res = setitimer(ITIMER_VIRTUAL, &it1, 0); 1603 assert(!res); 1604} 1605 1606TEST(MemorySanitizer, setitimer_null) { 1607 setitimer(ITIMER_VIRTUAL, 0, 0); 1608 // Not testing the return value, since it the behaviour seems to differ 1609 // between libc implementations and POSIX. 1610 // Should never crash, though. 1611} 1612 1613TEST(MemorySanitizer, time) { 1614 time_t t; 1615 EXPECT_POISONED(t); 1616 time_t t2 = time(&t); 1617 assert(t2 != (time_t)-1); 1618 EXPECT_NOT_POISONED(t); 1619} 1620 1621TEST(MemorySanitizer, localtime) { 1622 time_t t = 123; 1623 struct tm *time = localtime(&t); 1624 assert(time != 0); 1625 EXPECT_NOT_POISONED(time->tm_sec); 1626 EXPECT_NOT_POISONED(time->tm_hour); 1627 EXPECT_NOT_POISONED(time->tm_year); 1628 EXPECT_NOT_POISONED(time->tm_isdst); 1629 EXPECT_NE(0, strlen(time->tm_zone)); 1630} 1631 1632TEST(MemorySanitizer, localtime_r) { 1633 time_t t = 123; 1634 struct tm time; 1635 struct tm *res = localtime_r(&t, &time); 1636 assert(res != 0); 1637 EXPECT_NOT_POISONED(time.tm_sec); 1638 EXPECT_NOT_POISONED(time.tm_hour); 1639 EXPECT_NOT_POISONED(time.tm_year); 1640 EXPECT_NOT_POISONED(time.tm_isdst); 1641 EXPECT_NE(0, strlen(time.tm_zone)); 1642} 1643 1644TEST(MemorySanitizer, getmntent) { 1645 FILE *fp = setmntent("/etc/fstab", "r"); 1646 struct mntent *mnt = getmntent(fp); 1647 ASSERT_NE((void *)0, mnt); 1648 ASSERT_NE(0, strlen(mnt->mnt_fsname)); 1649 ASSERT_NE(0, strlen(mnt->mnt_dir)); 1650 ASSERT_NE(0, strlen(mnt->mnt_type)); 1651 ASSERT_NE(0, strlen(mnt->mnt_opts)); 1652 EXPECT_NOT_POISONED(mnt->mnt_freq); 1653 EXPECT_NOT_POISONED(mnt->mnt_passno); 1654 fclose(fp); 1655} 1656 1657TEST(MemorySanitizer, getmntent_r) { 1658 FILE *fp = setmntent("/etc/fstab", "r"); 1659 struct mntent mntbuf; 1660 char buf[1000]; 1661 struct mntent *mnt = getmntent_r(fp, &mntbuf, buf, sizeof(buf)); 1662 ASSERT_NE((void *)0, mnt); 1663 ASSERT_NE(0, strlen(mnt->mnt_fsname)); 1664 ASSERT_NE(0, strlen(mnt->mnt_dir)); 1665 ASSERT_NE(0, strlen(mnt->mnt_type)); 1666 ASSERT_NE(0, strlen(mnt->mnt_opts)); 1667 EXPECT_NOT_POISONED(mnt->mnt_freq); 1668 EXPECT_NOT_POISONED(mnt->mnt_passno); 1669 fclose(fp); 1670} 1671 1672TEST(MemorySanitizer, ether) { 1673 const char *asc = "11:22:33:44:55:66"; 1674 struct ether_addr *paddr = ether_aton(asc); 1675 EXPECT_NOT_POISONED(*paddr); 1676 1677 struct ether_addr addr; 1678 paddr = ether_aton_r(asc, &addr); 1679 ASSERT_EQ(paddr, &addr); 1680 EXPECT_NOT_POISONED(addr); 1681 1682 char *s = ether_ntoa(&addr); 1683 ASSERT_NE(0, strlen(s)); 1684 1685 char buf[100]; 1686 s = ether_ntoa_r(&addr, buf); 1687 ASSERT_EQ(s, buf); 1688 ASSERT_NE(0, strlen(buf)); 1689} 1690 1691TEST(MemorySanitizer, mmap) { 1692 const int size = 4096; 1693 void *p1, *p2; 1694 p1 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 1695 __msan_poison(p1, size); 1696 munmap(p1, size); 1697 for (int i = 0; i < 1000; i++) { 1698 p2 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 1699 if (p2 == p1) 1700 break; 1701 else 1702 munmap(p2, size); 1703 } 1704 if (p1 == p2) { 1705 EXPECT_NOT_POISONED(*(char*)p2); 1706 munmap(p2, size); 1707 } 1708} 1709 1710// FIXME: enable and add ecvt. 1711// FIXME: check why msandr does nt handle fcvt. 1712TEST(MemorySanitizer, fcvt) { 1713 int a, b; 1714 break_optimization(&a); 1715 break_optimization(&b); 1716 EXPECT_POISONED(a); 1717 EXPECT_POISONED(b); 1718 char *str = fcvt(12345.6789, 10, &a, &b); 1719 EXPECT_NOT_POISONED(a); 1720 EXPECT_NOT_POISONED(b); 1721} 1722 1723TEST(MemorySanitizer, frexp) { 1724 int x; 1725 x = *GetPoisoned<int>(); 1726 double r = frexp(1.1, &x); 1727 EXPECT_NOT_POISONED(r); 1728 EXPECT_NOT_POISONED(x); 1729 1730 x = *GetPoisoned<int>(); 1731 float rf = frexpf(1.1, &x); 1732 EXPECT_NOT_POISONED(rf); 1733 EXPECT_NOT_POISONED(x); 1734 1735 x = *GetPoisoned<int>(); 1736 double rl = frexpl(1.1, &x); 1737 EXPECT_NOT_POISONED(rl); 1738 EXPECT_NOT_POISONED(x); 1739} 1740 1741namespace { 1742 1743static int cnt; 1744 1745void SigactionHandler(int signo, siginfo_t* si, void* uc) { 1746 assert(signo == SIGPROF); 1747 assert(si); 1748 EXPECT_NOT_POISONED(si->si_errno); 1749 EXPECT_NOT_POISONED(si->si_pid); 1750#if __linux__ 1751# if defined(__x86_64__) 1752 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_RIP]); 1753# elif defined(__i386__) 1754 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_EIP]); 1755# endif 1756#endif 1757 ++cnt; 1758} 1759 1760TEST(MemorySanitizer, sigaction) { 1761 struct sigaction act = {}; 1762 struct sigaction oldact = {}; 1763 struct sigaction origact = {}; 1764 1765 sigaction(SIGPROF, 0, &origact); 1766 1767 act.sa_flags |= SA_SIGINFO; 1768 act.sa_sigaction = &SigactionHandler; 1769 sigaction(SIGPROF, &act, 0); 1770 1771 kill(getpid(), SIGPROF); 1772 1773 act.sa_flags &= ~SA_SIGINFO; 1774 act.sa_handler = SIG_DFL; 1775 sigaction(SIGPROF, &act, 0); 1776 1777 act.sa_flags &= ~SA_SIGINFO; 1778 act.sa_handler = SIG_IGN; 1779 sigaction(SIGPROF, &act, &oldact); 1780 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 1781 EXPECT_EQ(SIG_DFL, oldact.sa_handler); 1782 kill(getpid(), SIGPROF); 1783 1784 act.sa_flags |= SA_SIGINFO; 1785 act.sa_sigaction = &SigactionHandler; 1786 sigaction(SIGPROF, &act, &oldact); 1787 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 1788 EXPECT_EQ(SIG_IGN, oldact.sa_handler); 1789 kill(getpid(), SIGPROF); 1790 1791 act.sa_flags &= ~SA_SIGINFO; 1792 act.sa_handler = SIG_DFL; 1793 sigaction(SIGPROF, &act, &oldact); 1794 EXPECT_TRUE(oldact.sa_flags & SA_SIGINFO); 1795 EXPECT_EQ(&SigactionHandler, oldact.sa_sigaction); 1796 EXPECT_EQ(2, cnt); 1797 1798 sigaction(SIGPROF, &origact, 0); 1799} 1800 1801} // namespace 1802 1803 1804TEST(MemorySanitizer, sigemptyset) { 1805 sigset_t s; 1806 EXPECT_POISONED(s); 1807 int res = sigemptyset(&s); 1808 ASSERT_EQ(0, res); 1809 EXPECT_NOT_POISONED(s); 1810} 1811 1812TEST(MemorySanitizer, sigfillset) { 1813 sigset_t s; 1814 EXPECT_POISONED(s); 1815 int res = sigfillset(&s); 1816 ASSERT_EQ(0, res); 1817 EXPECT_NOT_POISONED(s); 1818} 1819 1820TEST(MemorySanitizer, sigpending) { 1821 sigset_t s; 1822 EXPECT_POISONED(s); 1823 int res = sigpending(&s); 1824 ASSERT_EQ(0, res); 1825 EXPECT_NOT_POISONED(s); 1826} 1827 1828TEST(MemorySanitizer, sigprocmask) { 1829 sigset_t s; 1830 EXPECT_POISONED(s); 1831 int res = sigprocmask(SIG_BLOCK, 0, &s); 1832 ASSERT_EQ(0, res); 1833 EXPECT_NOT_POISONED(s); 1834} 1835 1836struct StructWithDtor { 1837 ~StructWithDtor(); 1838}; 1839 1840NOINLINE StructWithDtor::~StructWithDtor() { 1841 break_optimization(0); 1842} 1843 1844TEST(MemorySanitizer, Invoke) { 1845 StructWithDtor s; // Will cause the calls to become invokes. 1846 EXPECT_NOT_POISONED(0); 1847 EXPECT_POISONED(*GetPoisoned<int>()); 1848 EXPECT_NOT_POISONED(0); 1849 EXPECT_POISONED(*GetPoisoned<int>()); 1850 EXPECT_POISONED(ReturnPoisoned<S4>()); 1851} 1852 1853TEST(MemorySanitizer, ptrtoint) { 1854 // Test that shadow is propagated through pointer-to-integer conversion. 1855 void* p = (void*)0xABCD; 1856 __msan_poison(((char*)&p) + 1, sizeof(p)); 1857 EXPECT_NOT_POISONED((((uintptr_t)p) & 0xFF) == 0); 1858 1859 void* q = (void*)0xABCD; 1860 __msan_poison(&q, sizeof(q) - 1); 1861 EXPECT_POISONED((((uintptr_t)q) & 0xFF) == 0); 1862} 1863 1864static void vaargsfn2(int guard, ...) { 1865 va_list vl; 1866 va_start(vl, guard); 1867 EXPECT_NOT_POISONED(va_arg(vl, int)); 1868 EXPECT_NOT_POISONED(va_arg(vl, int)); 1869 EXPECT_NOT_POISONED(va_arg(vl, int)); 1870 EXPECT_POISONED(va_arg(vl, double)); 1871 va_end(vl); 1872} 1873 1874static void vaargsfn(int guard, ...) { 1875 va_list vl; 1876 va_start(vl, guard); 1877 EXPECT_NOT_POISONED(va_arg(vl, int)); 1878 EXPECT_POISONED(va_arg(vl, int)); 1879 // The following call will overwrite __msan_param_tls. 1880 // Checks after it test that arg shadow was somehow saved across the call. 1881 vaargsfn2(1, 2, 3, 4, *GetPoisoned<double>()); 1882 EXPECT_NOT_POISONED(va_arg(vl, int)); 1883 EXPECT_POISONED(va_arg(vl, int)); 1884 va_end(vl); 1885} 1886 1887TEST(MemorySanitizer, VAArgTest) { 1888 int* x = GetPoisoned<int>(); 1889 int* y = GetPoisoned<int>(4); 1890 vaargsfn(1, 13, *x, 42, *y); 1891} 1892 1893static void vaargsfn_many(int guard, ...) { 1894 va_list vl; 1895 va_start(vl, guard); 1896 EXPECT_NOT_POISONED(va_arg(vl, int)); 1897 EXPECT_POISONED(va_arg(vl, int)); 1898 EXPECT_NOT_POISONED(va_arg(vl, int)); 1899 EXPECT_NOT_POISONED(va_arg(vl, int)); 1900 EXPECT_NOT_POISONED(va_arg(vl, int)); 1901 EXPECT_NOT_POISONED(va_arg(vl, int)); 1902 EXPECT_NOT_POISONED(va_arg(vl, int)); 1903 EXPECT_NOT_POISONED(va_arg(vl, int)); 1904 EXPECT_NOT_POISONED(va_arg(vl, int)); 1905 EXPECT_POISONED(va_arg(vl, int)); 1906 va_end(vl); 1907} 1908 1909TEST(MemorySanitizer, VAArgManyTest) { 1910 int* x = GetPoisoned<int>(); 1911 int* y = GetPoisoned<int>(4); 1912 vaargsfn_many(1, 2, *x, 3, 4, 5, 6, 7, 8, 9, *y); 1913} 1914 1915static void vaargsfn_pass2(va_list vl) { 1916 EXPECT_NOT_POISONED(va_arg(vl, int)); 1917 EXPECT_NOT_POISONED(va_arg(vl, int)); 1918 EXPECT_POISONED(va_arg(vl, int)); 1919} 1920 1921static void vaargsfn_pass(int guard, ...) { 1922 va_list vl; 1923 va_start(vl, guard); 1924 EXPECT_POISONED(va_arg(vl, int)); 1925 vaargsfn_pass2(vl); 1926 va_end(vl); 1927} 1928 1929TEST(MemorySanitizer, VAArgPass) { 1930 int* x = GetPoisoned<int>(); 1931 int* y = GetPoisoned<int>(4); 1932 vaargsfn_pass(1, *x, 2, 3, *y); 1933} 1934 1935static void vaargsfn_copy2(va_list vl) { 1936 EXPECT_NOT_POISONED(va_arg(vl, int)); 1937 EXPECT_POISONED(va_arg(vl, int)); 1938} 1939 1940static void vaargsfn_copy(int guard, ...) { 1941 va_list vl; 1942 va_start(vl, guard); 1943 EXPECT_NOT_POISONED(va_arg(vl, int)); 1944 EXPECT_POISONED(va_arg(vl, int)); 1945 va_list vl2; 1946 va_copy(vl2, vl); 1947 vaargsfn_copy2(vl2); 1948 EXPECT_NOT_POISONED(va_arg(vl, int)); 1949 EXPECT_POISONED(va_arg(vl, int)); 1950 va_end(vl); 1951} 1952 1953TEST(MemorySanitizer, VAArgCopy) { 1954 int* x = GetPoisoned<int>(); 1955 int* y = GetPoisoned<int>(4); 1956 vaargsfn_copy(1, 2, *x, 3, *y); 1957} 1958 1959static void vaargsfn_ptr(int guard, ...) { 1960 va_list vl; 1961 va_start(vl, guard); 1962 EXPECT_NOT_POISONED(va_arg(vl, int*)); 1963 EXPECT_POISONED(va_arg(vl, int*)); 1964 EXPECT_NOT_POISONED(va_arg(vl, int*)); 1965 EXPECT_POISONED(va_arg(vl, double*)); 1966 va_end(vl); 1967} 1968 1969TEST(MemorySanitizer, VAArgPtr) { 1970 int** x = GetPoisoned<int*>(); 1971 double** y = GetPoisoned<double*>(8); 1972 int z; 1973 vaargsfn_ptr(1, &z, *x, &z, *y); 1974} 1975 1976static void vaargsfn_overflow(int guard, ...) { 1977 va_list vl; 1978 va_start(vl, guard); 1979 EXPECT_NOT_POISONED(va_arg(vl, int)); 1980 EXPECT_NOT_POISONED(va_arg(vl, int)); 1981 EXPECT_POISONED(va_arg(vl, int)); 1982 EXPECT_NOT_POISONED(va_arg(vl, int)); 1983 EXPECT_NOT_POISONED(va_arg(vl, int)); 1984 EXPECT_NOT_POISONED(va_arg(vl, int)); 1985 1986 EXPECT_NOT_POISONED(va_arg(vl, double)); 1987 EXPECT_NOT_POISONED(va_arg(vl, double)); 1988 EXPECT_NOT_POISONED(va_arg(vl, double)); 1989 EXPECT_POISONED(va_arg(vl, double)); 1990 EXPECT_NOT_POISONED(va_arg(vl, double)); 1991 EXPECT_POISONED(va_arg(vl, int*)); 1992 EXPECT_NOT_POISONED(va_arg(vl, double)); 1993 EXPECT_NOT_POISONED(va_arg(vl, double)); 1994 1995 EXPECT_POISONED(va_arg(vl, int)); 1996 EXPECT_POISONED(va_arg(vl, double)); 1997 EXPECT_POISONED(va_arg(vl, int*)); 1998 1999 EXPECT_NOT_POISONED(va_arg(vl, int)); 2000 EXPECT_NOT_POISONED(va_arg(vl, double)); 2001 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2002 2003 EXPECT_POISONED(va_arg(vl, int)); 2004 EXPECT_POISONED(va_arg(vl, double)); 2005 EXPECT_POISONED(va_arg(vl, int*)); 2006 2007 va_end(vl); 2008} 2009 2010TEST(MemorySanitizer, VAArgOverflow) { 2011 int* x = GetPoisoned<int>(); 2012 double* y = GetPoisoned<double>(8); 2013 int** p = GetPoisoned<int*>(16); 2014 int z; 2015 vaargsfn_overflow(1, 2016 1, 2, *x, 4, 5, 6, 2017 1.1, 2.2, 3.3, *y, 5.5, *p, 7.7, 8.8, 2018 // the following args will overflow for sure 2019 *x, *y, *p, 2020 7, 9.9, &z, 2021 *x, *y, *p); 2022} 2023 2024static void vaargsfn_tlsoverwrite2(int guard, ...) { 2025 va_list vl; 2026 va_start(vl, guard); 2027 for (int i = 0; i < 20; ++i) 2028 EXPECT_NOT_POISONED(va_arg(vl, int)); 2029 va_end(vl); 2030} 2031 2032static void vaargsfn_tlsoverwrite(int guard, ...) { 2033 // This call will overwrite TLS contents unless it's backed up somewhere. 2034 vaargsfn_tlsoverwrite2(2, 2035 42, 42, 42, 42, 42, 2036 42, 42, 42, 42, 42, 2037 42, 42, 42, 42, 42, 2038 42, 42, 42, 42, 42); // 20x 2039 va_list vl; 2040 va_start(vl, guard); 2041 for (int i = 0; i < 20; ++i) 2042 EXPECT_POISONED(va_arg(vl, int)); 2043 va_end(vl); 2044} 2045 2046TEST(MemorySanitizer, VAArgTLSOverwrite) { 2047 int* x = GetPoisoned<int>(); 2048 vaargsfn_tlsoverwrite(1, 2049 *x, *x, *x, *x, *x, 2050 *x, *x, *x, *x, *x, 2051 *x, *x, *x, *x, *x, 2052 *x, *x, *x, *x, *x); // 20x 2053 2054} 2055 2056struct StructByVal { 2057 int a, b, c, d, e, f; 2058}; 2059 2060NOINLINE void StructByValTestFunc(struct StructByVal s) { 2061 EXPECT_NOT_POISONED(s.a); 2062 EXPECT_POISONED(s.b); 2063 EXPECT_NOT_POISONED(s.c); 2064 EXPECT_POISONED(s.d); 2065 EXPECT_NOT_POISONED(s.e); 2066 EXPECT_POISONED(s.f); 2067} 2068 2069NOINLINE void StructByValTestFunc1(struct StructByVal s) { 2070 StructByValTestFunc(s); 2071} 2072 2073NOINLINE void StructByValTestFunc2(int z, struct StructByVal s) { 2074 StructByValTestFunc(s); 2075} 2076 2077TEST(MemorySanitizer, StructByVal) { 2078 // Large aggregates are passed as "byval" pointer argument in LLVM. 2079 struct StructByVal s; 2080 s.a = 1; 2081 s.b = *GetPoisoned<int>(); 2082 s.c = 2; 2083 s.d = *GetPoisoned<int>(); 2084 s.e = 3; 2085 s.f = *GetPoisoned<int>(); 2086 StructByValTestFunc(s); 2087 StructByValTestFunc1(s); 2088 StructByValTestFunc2(0, s); 2089} 2090 2091 2092#if MSAN_HAS_M128 2093NOINLINE __m128i m128Eq(__m128i *a, __m128i *b) { return _mm_cmpeq_epi16(*a, *b); } 2094NOINLINE __m128i m128Lt(__m128i *a, __m128i *b) { return _mm_cmplt_epi16(*a, *b); } 2095TEST(MemorySanitizer, m128) { 2096 __m128i a = _mm_set1_epi16(0x1234); 2097 __m128i b = _mm_set1_epi16(0x7890); 2098 EXPECT_NOT_POISONED(m128Eq(&a, &b)); 2099 EXPECT_NOT_POISONED(m128Lt(&a, &b)); 2100} 2101// FIXME: add more tests for __m128i. 2102#endif // MSAN_HAS_M128 2103 2104// We should not complain when copying this poisoned hole. 2105struct StructWithHole { 2106 U4 a; 2107 // 4-byte hole. 2108 U8 b; 2109}; 2110 2111NOINLINE StructWithHole ReturnStructWithHole() { 2112 StructWithHole res; 2113 __msan_poison(&res, sizeof(res)); 2114 res.a = 1; 2115 res.b = 2; 2116 return res; 2117} 2118 2119TEST(MemorySanitizer, StructWithHole) { 2120 StructWithHole a = ReturnStructWithHole(); 2121 break_optimization(&a); 2122} 2123 2124template <class T> 2125NOINLINE T ReturnStruct() { 2126 T res; 2127 __msan_poison(&res, sizeof(res)); 2128 res.a = 1; 2129 return res; 2130} 2131 2132template <class T> 2133NOINLINE void TestReturnStruct() { 2134 T s1 = ReturnStruct<T>(); 2135 EXPECT_NOT_POISONED(s1.a); 2136 EXPECT_POISONED(s1.b); 2137} 2138 2139struct SSS1 { 2140 int a, b, c; 2141}; 2142struct SSS2 { 2143 int b, a, c; 2144}; 2145struct SSS3 { 2146 int b, c, a; 2147}; 2148struct SSS4 { 2149 int c, b, a; 2150}; 2151 2152struct SSS5 { 2153 int a; 2154 float b; 2155}; 2156struct SSS6 { 2157 int a; 2158 double b; 2159}; 2160struct SSS7 { 2161 S8 b; 2162 int a; 2163}; 2164struct SSS8 { 2165 S2 b; 2166 S8 a; 2167}; 2168 2169TEST(MemorySanitizer, IntStruct3) { 2170 TestReturnStruct<SSS1>(); 2171 TestReturnStruct<SSS2>(); 2172 TestReturnStruct<SSS3>(); 2173 TestReturnStruct<SSS4>(); 2174 TestReturnStruct<SSS5>(); 2175 TestReturnStruct<SSS6>(); 2176 TestReturnStruct<SSS7>(); 2177 TestReturnStruct<SSS8>(); 2178} 2179 2180struct LongStruct { 2181 U1 a1, b1; 2182 U2 a2, b2; 2183 U4 a4, b4; 2184 U8 a8, b8; 2185}; 2186 2187NOINLINE LongStruct ReturnLongStruct1() { 2188 LongStruct res; 2189 __msan_poison(&res, sizeof(res)); 2190 res.a1 = res.a2 = res.a4 = res.a8 = 111; 2191 // leaves b1, .., b8 poisoned. 2192 return res; 2193} 2194 2195NOINLINE LongStruct ReturnLongStruct2() { 2196 LongStruct res; 2197 __msan_poison(&res, sizeof(res)); 2198 res.b1 = res.b2 = res.b4 = res.b8 = 111; 2199 // leaves a1, .., a8 poisoned. 2200 return res; 2201} 2202 2203TEST(MemorySanitizer, LongStruct) { 2204 LongStruct s1 = ReturnLongStruct1(); 2205 __msan_print_shadow(&s1, sizeof(s1)); 2206 EXPECT_NOT_POISONED(s1.a1); 2207 EXPECT_NOT_POISONED(s1.a2); 2208 EXPECT_NOT_POISONED(s1.a4); 2209 EXPECT_NOT_POISONED(s1.a8); 2210 2211 EXPECT_POISONED(s1.b1); 2212 EXPECT_POISONED(s1.b2); 2213 EXPECT_POISONED(s1.b4); 2214 EXPECT_POISONED(s1.b8); 2215 2216 LongStruct s2 = ReturnLongStruct2(); 2217 __msan_print_shadow(&s2, sizeof(s2)); 2218 EXPECT_NOT_POISONED(s2.b1); 2219 EXPECT_NOT_POISONED(s2.b2); 2220 EXPECT_NOT_POISONED(s2.b4); 2221 EXPECT_NOT_POISONED(s2.b8); 2222 2223 EXPECT_POISONED(s2.a1); 2224 EXPECT_POISONED(s2.a2); 2225 EXPECT_POISONED(s2.a4); 2226 EXPECT_POISONED(s2.a8); 2227} 2228 2229TEST(MemorySanitizer, getrlimit) { 2230 struct rlimit limit; 2231 __msan_poison(&limit, sizeof(limit)); 2232 int result = getrlimit(RLIMIT_DATA, &limit); 2233 assert(result == 0); 2234 EXPECT_NOT_POISONED(limit.rlim_cur); 2235 EXPECT_NOT_POISONED(limit.rlim_max); 2236} 2237 2238TEST(MemorySanitizer, getrusage) { 2239 struct rusage usage; 2240 __msan_poison(&usage, sizeof(usage)); 2241 int result = getrusage(RUSAGE_SELF, &usage); 2242 assert(result == 0); 2243 EXPECT_NOT_POISONED(usage.ru_utime.tv_sec); 2244 EXPECT_NOT_POISONED(usage.ru_utime.tv_usec); 2245 EXPECT_NOT_POISONED(usage.ru_stime.tv_sec); 2246 EXPECT_NOT_POISONED(usage.ru_stime.tv_usec); 2247 EXPECT_NOT_POISONED(usage.ru_maxrss); 2248 EXPECT_NOT_POISONED(usage.ru_minflt); 2249 EXPECT_NOT_POISONED(usage.ru_majflt); 2250 EXPECT_NOT_POISONED(usage.ru_inblock); 2251 EXPECT_NOT_POISONED(usage.ru_oublock); 2252 EXPECT_NOT_POISONED(usage.ru_nvcsw); 2253 EXPECT_NOT_POISONED(usage.ru_nivcsw); 2254} 2255 2256#ifdef __GLIBC__ 2257extern char *program_invocation_name; 2258#else // __GLIBC__ 2259# error "TODO: port this" 2260#endif 2261 2262static void dladdr_testfn() {} 2263 2264TEST(MemorySanitizer, dladdr) { 2265 Dl_info info; 2266 __msan_poison(&info, sizeof(info)); 2267 int result = dladdr((const void*)dladdr_testfn, &info); 2268 assert(result != 0); 2269 EXPECT_NOT_POISONED((unsigned long)info.dli_fname); 2270 if (info.dli_fname) 2271 EXPECT_NOT_POISONED(strlen(info.dli_fname)); 2272 EXPECT_NOT_POISONED((unsigned long)info.dli_fbase); 2273 EXPECT_NOT_POISONED((unsigned long)info.dli_sname); 2274 if (info.dli_sname) 2275 EXPECT_NOT_POISONED(strlen(info.dli_sname)); 2276 EXPECT_NOT_POISONED((unsigned long)info.dli_saddr); 2277} 2278 2279#ifndef MSAN_TEST_DISABLE_DLOPEN 2280 2281static int dl_phdr_callback(struct dl_phdr_info *info, size_t size, void *data) { 2282 (*(int *)data)++; 2283 EXPECT_NOT_POISONED(info->dlpi_addr); 2284 EXPECT_NOT_POISONED(strlen(info->dlpi_name)); 2285 EXPECT_NOT_POISONED(info->dlpi_phnum); 2286 for (int i = 0; i < info->dlpi_phnum; ++i) 2287 EXPECT_NOT_POISONED(info->dlpi_phdr[i]); 2288 return 0; 2289} 2290 2291// Compute the path to our loadable DSO. We assume it's in the same 2292// directory. Only use string routines that we intercept so far to do this. 2293static int PathToLoadable(char *buf, size_t sz) { 2294 const char *basename = "libmsan_loadable.x86_64.so"; 2295 char *argv0 = program_invocation_name; 2296 char *last_slash = strrchr(argv0, '/'); 2297 assert(last_slash); 2298 int res = 2299 snprintf(buf, sz, "%.*s/%s", int(last_slash - argv0), argv0, basename); 2300 return res < sz ? 0 : res; 2301} 2302 2303TEST(MemorySanitizer, dl_iterate_phdr) { 2304 char path[4096]; 2305 int res = PathToLoadable(path, sizeof(path)); 2306 assert(!res); 2307 2308 // Having at least one dlopen'ed library in the process makes this more 2309 // entertaining. 2310 void *lib = dlopen(path, RTLD_LAZY); 2311 ASSERT_NE((void*)0, lib); 2312 2313 int count = 0; 2314 int result = dl_iterate_phdr(dl_phdr_callback, &count); 2315 assert(count > 0); 2316 2317 dlclose(lib); 2318} 2319 2320 2321TEST(MemorySanitizer, dlopen) { 2322 char path[4096]; 2323 int res = PathToLoadable(path, sizeof(path)); 2324 assert(!res); 2325 2326 // We need to clear shadow for globals when doing dlopen. In order to test 2327 // this, we have to poison the shadow for the DSO before we load it. In 2328 // general this is difficult, but the loader tends to reload things in the 2329 // same place, so we open, close, and then reopen. The global should always 2330 // start out clean after dlopen. 2331 for (int i = 0; i < 2; i++) { 2332 void *lib = dlopen(path, RTLD_LAZY); 2333 if (lib == NULL) { 2334 printf("dlerror: %s\n", dlerror()); 2335 assert(lib != NULL); 2336 } 2337 void **(*get_dso_global)() = (void **(*)())dlsym(lib, "get_dso_global"); 2338 assert(get_dso_global); 2339 void **dso_global = get_dso_global(); 2340 EXPECT_NOT_POISONED(*dso_global); 2341 __msan_poison(dso_global, sizeof(*dso_global)); 2342 EXPECT_POISONED(*dso_global); 2343 dlclose(lib); 2344 } 2345} 2346 2347// Regression test for a crash in dlopen() interceptor. 2348TEST(MemorySanitizer, dlopenFailed) { 2349 const char *path = "/libmsan_loadable_does_not_exist.x86_64.so"; 2350 void *lib = dlopen(path, RTLD_LAZY); 2351 ASSERT_EQ(0, lib); 2352} 2353 2354#endif // MSAN_TEST_DISABLE_DLOPEN 2355 2356TEST(MemorySanitizer, sched_getaffinity) { 2357 cpu_set_t mask; 2358 int res = sched_getaffinity(getpid(), sizeof(mask), &mask); 2359 ASSERT_EQ(0, res); 2360 EXPECT_NOT_POISONED(mask); 2361} 2362 2363TEST(MemorySanitizer, scanf) { 2364 const char *input = "42 hello"; 2365 int* d = new int; 2366 char* s = new char[7]; 2367 int res = sscanf(input, "%d %5s", d, s); 2368 printf("res %d\n", res); 2369 assert(res == 2); 2370 EXPECT_NOT_POISONED(*d); 2371 EXPECT_NOT_POISONED(s[0]); 2372 EXPECT_NOT_POISONED(s[1]); 2373 EXPECT_NOT_POISONED(s[2]); 2374 EXPECT_NOT_POISONED(s[3]); 2375 EXPECT_NOT_POISONED(s[4]); 2376 EXPECT_NOT_POISONED(s[5]); 2377 EXPECT_POISONED(s[6]); 2378 delete s; 2379 delete d; 2380} 2381 2382static void *SimpleThread_threadfn(void* data) { 2383 return new int; 2384} 2385 2386TEST(MemorySanitizer, SimpleThread) { 2387 pthread_t t; 2388 void *p; 2389 int res = pthread_create(&t, NULL, SimpleThread_threadfn, NULL); 2390 assert(!res); 2391 EXPECT_NOT_POISONED(t); 2392 res = pthread_join(t, &p); 2393 assert(!res); 2394 EXPECT_NOT_POISONED(p); 2395 delete (int*)p; 2396} 2397 2398static void *SmallStackThread_threadfn(void* data) { 2399 return 0; 2400} 2401 2402TEST(MemorySanitizer, SmallStackThread) { 2403 pthread_attr_t attr; 2404 pthread_t t; 2405 void *p; 2406 int res; 2407 res = pthread_attr_init(&attr); 2408 ASSERT_EQ(0, res); 2409 res = pthread_attr_setstacksize(&attr, 64 * 1024); 2410 ASSERT_EQ(0, res); 2411 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 2412 ASSERT_EQ(0, res); 2413 res = pthread_join(t, &p); 2414 ASSERT_EQ(0, res); 2415 res = pthread_attr_destroy(&attr); 2416 ASSERT_EQ(0, res); 2417} 2418 2419TEST(MemorySanitizer, PreAllocatedStackThread) { 2420 pthread_attr_t attr; 2421 pthread_t t; 2422 int res; 2423 res = pthread_attr_init(&attr); 2424 ASSERT_EQ(0, res); 2425 void *stack; 2426 const size_t kStackSize = 64 * 1024; 2427 res = posix_memalign(&stack, 4096, kStackSize); 2428 ASSERT_EQ(0, res); 2429 res = pthread_attr_setstack(&attr, stack, kStackSize); 2430 ASSERT_EQ(0, res); 2431 // A small self-allocated stack can not be extended by the tool. 2432 // In this case pthread_create is expected to fail. 2433 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 2434 EXPECT_NE(0, res); 2435 res = pthread_attr_destroy(&attr); 2436 ASSERT_EQ(0, res); 2437} 2438 2439TEST(MemorySanitizer, pthread_getschedparam) { 2440 int policy; 2441 struct sched_param param; 2442 int res = pthread_getschedparam(pthread_self(), &policy, ¶m); 2443 ASSERT_EQ(0, res); 2444 EXPECT_NOT_POISONED(policy); 2445 EXPECT_NOT_POISONED(param.sched_priority); 2446} 2447 2448TEST(MemorySanitizer, pthread_key_create) { 2449 pthread_key_t key; 2450 int res = pthread_key_create(&key, NULL); 2451 assert(!res); 2452 EXPECT_NOT_POISONED(key); 2453 res = pthread_key_delete(key); 2454 assert(!res); 2455} 2456 2457namespace { 2458struct SignalCondArg { 2459 pthread_cond_t* cond; 2460 pthread_mutex_t* mu; 2461 bool broadcast; 2462}; 2463 2464void *SignalCond(void *param) { 2465 SignalCondArg *arg = reinterpret_cast<SignalCondArg *>(param); 2466 pthread_mutex_lock(arg->mu); 2467 if (arg->broadcast) 2468 pthread_cond_broadcast(arg->cond); 2469 else 2470 pthread_cond_signal(arg->cond); 2471 pthread_mutex_unlock(arg->mu); 2472 return 0; 2473} 2474} // namespace 2475 2476TEST(MemorySanitizer, pthread_cond_wait) { 2477 pthread_cond_t cond; 2478 pthread_mutex_t mu; 2479 SignalCondArg args = {&cond, &mu, false}; 2480 pthread_cond_init(&cond, 0); 2481 pthread_mutex_init(&mu, 0); 2482 pthread_mutex_lock(&mu); 2483 2484 // signal 2485 pthread_t thr; 2486 pthread_create(&thr, 0, SignalCond, &args); 2487 int res = pthread_cond_wait(&cond, &mu); 2488 assert(!res); 2489 pthread_join(thr, 0); 2490 2491 // broadcast 2492 args.broadcast = true; 2493 pthread_create(&thr, 0, SignalCond, &args); 2494 res = pthread_cond_wait(&cond, &mu); 2495 assert(!res); 2496 pthread_join(thr, 0); 2497 2498 pthread_mutex_unlock(&mu); 2499 pthread_mutex_destroy(&mu); 2500 pthread_cond_destroy(&cond); 2501} 2502 2503TEST(MemorySanitizer, posix_memalign) { 2504 void *p; 2505 EXPECT_POISONED(p); 2506 int res = posix_memalign(&p, 4096, 13); 2507 ASSERT_EQ(0, res); 2508 EXPECT_NOT_POISONED(p); 2509 EXPECT_EQ(0U, (uintptr_t)p % 4096); 2510 free(p); 2511} 2512 2513TEST(MemorySanitizer, memalign) { 2514 void *p = memalign(4096, 13); 2515 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 2516 free(p); 2517} 2518 2519TEST(MemorySanitizer, valloc) { 2520 void *a = valloc(100); 2521 EXPECT_EQ(0U, (uintptr_t)a % kPageSize); 2522 free(a); 2523} 2524 2525TEST(MemorySanitizer, pvalloc) { 2526 void *p = pvalloc(kPageSize + 100); 2527 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 2528 EXPECT_EQ(2 * kPageSize, __msan_get_allocated_size(p)); 2529 free(p); 2530 2531 p = pvalloc(0); // pvalloc(0) should allocate at least one page. 2532 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 2533 EXPECT_EQ(kPageSize, __msan_get_allocated_size(p)); 2534 free(p); 2535} 2536 2537TEST(MemorySanitizer, inet_pton) { 2538 const char *s = "1:0:0:0:0:0:0:8"; 2539 unsigned char buf[sizeof(struct in6_addr)]; 2540 int res = inet_pton(AF_INET6, s, buf); 2541 ASSERT_EQ(1, res); 2542 EXPECT_NOT_POISONED(buf[0]); 2543 EXPECT_NOT_POISONED(buf[sizeof(struct in6_addr) - 1]); 2544 2545 char s_out[INET6_ADDRSTRLEN]; 2546 EXPECT_POISONED(s_out[3]); 2547 const char *q = inet_ntop(AF_INET6, buf, s_out, INET6_ADDRSTRLEN); 2548 ASSERT_NE((void*)0, q); 2549 EXPECT_NOT_POISONED(s_out[3]); 2550} 2551 2552TEST(MemorySanitizer, inet_aton) { 2553 const char *s = "127.0.0.1"; 2554 struct in_addr in[2]; 2555 int res = inet_aton(s, in); 2556 ASSERT_NE(0, res); 2557 EXPECT_NOT_POISONED(in[0]); 2558 EXPECT_POISONED(*(char *)(in + 1)); 2559} 2560 2561TEST(MemorySanitizer, uname) { 2562 struct utsname u; 2563 int res = uname(&u); 2564 assert(!res); 2565 EXPECT_NOT_POISONED(strlen(u.sysname)); 2566 EXPECT_NOT_POISONED(strlen(u.nodename)); 2567 EXPECT_NOT_POISONED(strlen(u.release)); 2568 EXPECT_NOT_POISONED(strlen(u.version)); 2569 EXPECT_NOT_POISONED(strlen(u.machine)); 2570} 2571 2572TEST(MemorySanitizer, gethostname) { 2573 char buf[100]; 2574 int res = gethostname(buf, 100); 2575 assert(!res); 2576 EXPECT_NOT_POISONED(strlen(buf)); 2577} 2578 2579TEST(MemorySanitizer, sysinfo) { 2580 struct sysinfo info; 2581 int res = sysinfo(&info); 2582 assert(!res); 2583 EXPECT_NOT_POISONED(info); 2584} 2585 2586TEST(MemorySanitizer, getpwuid) { 2587 struct passwd *p = getpwuid(0); // root 2588 assert(p); 2589 EXPECT_NOT_POISONED(p->pw_name); 2590 assert(p->pw_name); 2591 EXPECT_NOT_POISONED(p->pw_name[0]); 2592 EXPECT_NOT_POISONED(p->pw_uid); 2593 assert(p->pw_uid == 0); 2594} 2595 2596TEST(MemorySanitizer, getpwnam_r) { 2597 struct passwd pwd; 2598 struct passwd *pwdres; 2599 char buf[10000]; 2600 int res = getpwnam_r("root", &pwd, buf, sizeof(buf), &pwdres); 2601 assert(!res); 2602 EXPECT_NOT_POISONED(pwd.pw_name); 2603 assert(pwd.pw_name); 2604 EXPECT_NOT_POISONED(pwd.pw_name[0]); 2605 EXPECT_NOT_POISONED(pwd.pw_uid); 2606 assert(pwd.pw_uid == 0); 2607} 2608 2609TEST(MemorySanitizer, getpwnam_r_positive) { 2610 struct passwd pwd; 2611 struct passwd *pwdres; 2612 char s[5]; 2613 strncpy(s, "abcd", 5); 2614 __msan_poison(s, 5); 2615 char buf[10000]; 2616 int res; 2617 EXPECT_UMR(res = getpwnam_r(s, &pwd, buf, sizeof(buf), &pwdres)); 2618} 2619 2620TEST(MemorySanitizer, getgrnam_r) { 2621 struct group grp; 2622 struct group *grpres; 2623 char buf[10000]; 2624 int res = getgrnam_r("root", &grp, buf, sizeof(buf), &grpres); 2625 assert(!res); 2626 EXPECT_NOT_POISONED(grp.gr_name); 2627 assert(grp.gr_name); 2628 EXPECT_NOT_POISONED(grp.gr_name[0]); 2629 EXPECT_NOT_POISONED(grp.gr_gid); 2630} 2631 2632TEST(MemorySanitizer, getgroups) { 2633 int n = getgroups(0, 0); 2634 gid_t *gids = new gid_t[n]; 2635 int res = getgroups(n, gids); 2636 ASSERT_EQ(n, res); 2637 for (int i = 0; i < n; ++i) 2638 EXPECT_NOT_POISONED(gids[i]); 2639} 2640 2641TEST(MemorySanitizer, wordexp) { 2642 wordexp_t w; 2643 int res = wordexp("a b c", &w, 0); 2644 ASSERT_EQ(0, res); 2645 ASSERT_EQ(3, w.we_wordc); 2646 ASSERT_STREQ("a", w.we_wordv[0]); 2647 ASSERT_STREQ("b", w.we_wordv[1]); 2648 ASSERT_STREQ("c", w.we_wordv[2]); 2649} 2650 2651template<class T> 2652static bool applySlt(T value, T shadow) { 2653 __msan_partial_poison(&value, &shadow, sizeof(T)); 2654 volatile bool zzz = true; 2655 // This "|| zzz" trick somehow makes LLVM emit "icmp slt" instead of 2656 // a shift-and-trunc to get at the highest bit. 2657 volatile bool v = value < 0 || zzz; 2658 return v; 2659} 2660 2661TEST(MemorySanitizer, SignedCompareWithZero) { 2662 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xF)); 2663 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFF)); 2664 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFFFFFF)); 2665 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0x7FFFFFF)); 2666 EXPECT_UMR(applySlt<S4>(0xF, 0x80FFFFFF)); 2667 EXPECT_UMR(applySlt<S4>(0xF, 0xFFFFFFFF)); 2668} 2669 2670template <class T, class S> 2671static T poisoned(T Va, S Sa) { 2672 char SIZE_CHECK1[(ssize_t)sizeof(T) - (ssize_t)sizeof(S)]; 2673 char SIZE_CHECK2[(ssize_t)sizeof(S) - (ssize_t)sizeof(T)]; 2674 T a; 2675 a = Va; 2676 __msan_partial_poison(&a, &Sa, sizeof(T)); 2677 return a; 2678} 2679 2680TEST(MemorySanitizer, ICmpRelational) { 2681 EXPECT_NOT_POISONED(poisoned(0, 0) < poisoned(0, 0)); 2682 EXPECT_NOT_POISONED(poisoned(0U, 0) < poisoned(0U, 0)); 2683 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) < poisoned(0LL, 0LLU)); 2684 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) < poisoned(0LLU, 0LLU)); 2685 EXPECT_POISONED(poisoned(0xFF, 0xFF) < poisoned(0xFF, 0xFF)); 2686 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) < 2687 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2688 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) < 2689 poisoned(-1, 0xFFFFFFFFU)); 2690 2691 EXPECT_NOT_POISONED(poisoned(0, 0) <= poisoned(0, 0)); 2692 EXPECT_NOT_POISONED(poisoned(0U, 0) <= poisoned(0U, 0)); 2693 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) <= poisoned(0LL, 0LLU)); 2694 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) <= poisoned(0LLU, 0LLU)); 2695 EXPECT_POISONED(poisoned(0xFF, 0xFF) <= poisoned(0xFF, 0xFF)); 2696 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <= 2697 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2698 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <= 2699 poisoned(-1, 0xFFFFFFFFU)); 2700 2701 EXPECT_NOT_POISONED(poisoned(0, 0) > poisoned(0, 0)); 2702 EXPECT_NOT_POISONED(poisoned(0U, 0) > poisoned(0U, 0)); 2703 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) > poisoned(0LL, 0LLU)); 2704 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) > poisoned(0LLU, 0LLU)); 2705 EXPECT_POISONED(poisoned(0xFF, 0xFF) > poisoned(0xFF, 0xFF)); 2706 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) > 2707 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2708 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) > 2709 poisoned(-1, 0xFFFFFFFFU)); 2710 2711 EXPECT_NOT_POISONED(poisoned(0, 0) >= poisoned(0, 0)); 2712 EXPECT_NOT_POISONED(poisoned(0U, 0) >= poisoned(0U, 0)); 2713 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) >= poisoned(0LL, 0LLU)); 2714 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) >= poisoned(0LLU, 0LLU)); 2715 EXPECT_POISONED(poisoned(0xFF, 0xFF) >= poisoned(0xFF, 0xFF)); 2716 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >= 2717 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2718 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >= 2719 poisoned(-1, 0xFFFFFFFFU)); 2720 2721 EXPECT_POISONED(poisoned(6, 0xF) > poisoned(7, 0)); 2722 EXPECT_POISONED(poisoned(0xF, 0xF) > poisoned(7, 0)); 2723 2724 EXPECT_NOT_POISONED(poisoned(-1, 0x80000000U) >= poisoned(-1, 0U)); 2725} 2726 2727#if MSAN_HAS_M128 2728TEST(MemorySanitizer, ICmpVectorRelational) { 2729 EXPECT_NOT_POISONED( 2730 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)), 2731 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)))); 2732 EXPECT_NOT_POISONED( 2733 _mm_cmplt_epi16(poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)), 2734 poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)))); 2735 EXPECT_POISONED( 2736 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)), 2737 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)))); 2738 EXPECT_POISONED(_mm_cmpgt_epi16(poisoned(_mm_set1_epi16(6), _mm_set1_epi16(0xF)), 2739 poisoned(_mm_set1_epi16(7), _mm_set1_epi16(0)))); 2740} 2741#endif 2742 2743// Volatile bitfield store is implemented as load-mask-store 2744// Test that we don't warn on the store of (uninitialized) padding. 2745struct VolatileBitfieldStruct { 2746 volatile unsigned x : 1; 2747 unsigned y : 1; 2748}; 2749 2750TEST(MemorySanitizer, VolatileBitfield) { 2751 VolatileBitfieldStruct *S = new VolatileBitfieldStruct; 2752 S->x = 1; 2753 EXPECT_NOT_POISONED((unsigned)S->x); 2754 EXPECT_POISONED((unsigned)S->y); 2755} 2756 2757TEST(MemorySanitizer, UnalignedLoad) { 2758 char x[32]; 2759 memset(x + 8, 0, 16); 2760 EXPECT_POISONED(__sanitizer_unaligned_load16(x+6)); 2761 EXPECT_POISONED(__sanitizer_unaligned_load16(x+7)); 2762 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x+8)); 2763 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x+9)); 2764 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x+22)); 2765 EXPECT_POISONED(__sanitizer_unaligned_load16(x+23)); 2766 EXPECT_POISONED(__sanitizer_unaligned_load16(x+24)); 2767 2768 EXPECT_POISONED(__sanitizer_unaligned_load32(x+4)); 2769 EXPECT_POISONED(__sanitizer_unaligned_load32(x+7)); 2770 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x+8)); 2771 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x+9)); 2772 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x+20)); 2773 EXPECT_POISONED(__sanitizer_unaligned_load32(x+21)); 2774 EXPECT_POISONED(__sanitizer_unaligned_load32(x+24)); 2775 2776 EXPECT_POISONED(__sanitizer_unaligned_load64(x)); 2777 EXPECT_POISONED(__sanitizer_unaligned_load64(x+1)); 2778 EXPECT_POISONED(__sanitizer_unaligned_load64(x+7)); 2779 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x+8)); 2780 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x+9)); 2781 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x+16)); 2782 EXPECT_POISONED(__sanitizer_unaligned_load64(x+17)); 2783 EXPECT_POISONED(__sanitizer_unaligned_load64(x+21)); 2784 EXPECT_POISONED(__sanitizer_unaligned_load64(x+24)); 2785} 2786 2787TEST(MemorySanitizer, UnalignedStore16) { 2788 char x[5]; 2789 U2 y = 0; 2790 __msan_poison(&y, 1); 2791 __sanitizer_unaligned_store16(x + 1, y); 2792 EXPECT_POISONED(x[0]); 2793 EXPECT_POISONED(x[1]); 2794 EXPECT_NOT_POISONED(x[2]); 2795 EXPECT_POISONED(x[3]); 2796 EXPECT_POISONED(x[4]); 2797} 2798 2799TEST(MemorySanitizer, UnalignedStore32) { 2800 char x[8]; 2801 U4 y4 = 0; 2802 __msan_poison(&y4, 2); 2803 __sanitizer_unaligned_store32(x+3, y4); 2804 EXPECT_POISONED(x[0]); 2805 EXPECT_POISONED(x[1]); 2806 EXPECT_POISONED(x[2]); 2807 EXPECT_POISONED(x[3]); 2808 EXPECT_POISONED(x[4]); 2809 EXPECT_NOT_POISONED(x[5]); 2810 EXPECT_NOT_POISONED(x[6]); 2811 EXPECT_POISONED(x[7]); 2812} 2813 2814TEST(MemorySanitizer, UnalignedStore64) { 2815 char x[16]; 2816 U8 y = 0; 2817 __msan_poison(&y, 3); 2818 __msan_poison(((char *)&y) + sizeof(y) - 2, 1); 2819 __sanitizer_unaligned_store64(x+3, y); 2820 EXPECT_POISONED(x[0]); 2821 EXPECT_POISONED(x[1]); 2822 EXPECT_POISONED(x[2]); 2823 EXPECT_POISONED(x[3]); 2824 EXPECT_POISONED(x[4]); 2825 EXPECT_POISONED(x[5]); 2826 EXPECT_NOT_POISONED(x[6]); 2827 EXPECT_NOT_POISONED(x[7]); 2828 EXPECT_NOT_POISONED(x[8]); 2829 EXPECT_POISONED(x[9]); 2830 EXPECT_NOT_POISONED(x[10]); 2831 EXPECT_POISONED(x[11]); 2832} 2833 2834TEST(MemorySanitizerDr, StoreInDSOTest) { 2835 if (!__msan_has_dynamic_component()) return; 2836 char* s = new char[10]; 2837 dso_memfill(s, 9); 2838 EXPECT_NOT_POISONED(s[5]); 2839 EXPECT_POISONED(s[9]); 2840} 2841 2842int return_poisoned_int() { 2843 return ReturnPoisoned<U8>(); 2844} 2845 2846TEST(MemorySanitizerDr, ReturnFromDSOTest) { 2847 if (!__msan_has_dynamic_component()) return; 2848 EXPECT_NOT_POISONED(dso_callfn(return_poisoned_int)); 2849} 2850 2851NOINLINE int TrashParamTLS(long long x, long long y, long long z) { //NOLINT 2852 EXPECT_POISONED(x); 2853 EXPECT_POISONED(y); 2854 EXPECT_POISONED(z); 2855 return 0; 2856} 2857 2858static int CheckParamTLS(long long x, long long y, long long z) { //NOLINT 2859 EXPECT_NOT_POISONED(x); 2860 EXPECT_NOT_POISONED(y); 2861 EXPECT_NOT_POISONED(z); 2862 return 0; 2863} 2864 2865TEST(MemorySanitizerDr, CallFromDSOTest) { 2866 if (!__msan_has_dynamic_component()) return; 2867 S8* x = GetPoisoned<S8>(); 2868 S8* y = GetPoisoned<S8>(); 2869 S8* z = GetPoisoned<S8>(); 2870 EXPECT_NOT_POISONED(TrashParamTLS(*x, *y, *z)); 2871 EXPECT_NOT_POISONED(dso_callfn1(CheckParamTLS)); 2872} 2873 2874static void StackStoreInDSOFn(int* x, int* y) { 2875 EXPECT_NOT_POISONED(*x); 2876 EXPECT_NOT_POISONED(*y); 2877} 2878 2879TEST(MemorySanitizerDr, StackStoreInDSOTest) { 2880 if (!__msan_has_dynamic_component()) return; 2881 dso_stack_store(StackStoreInDSOFn, 1); 2882} 2883 2884TEST(MemorySanitizerOrigins, SetGet) { 2885 EXPECT_EQ(TrackingOrigins(), __msan_get_track_origins()); 2886 if (!TrackingOrigins()) return; 2887 int x; 2888 __msan_set_origin(&x, sizeof(x), 1234); 2889 EXPECT_EQ(1234, __msan_get_origin(&x)); 2890 __msan_set_origin(&x, sizeof(x), 5678); 2891 EXPECT_EQ(5678, __msan_get_origin(&x)); 2892 __msan_set_origin(&x, sizeof(x), 0); 2893 EXPECT_EQ(0, __msan_get_origin(&x)); 2894} 2895 2896namespace { 2897struct S { 2898 U4 dummy; 2899 U2 a; 2900 U2 b; 2901}; 2902 2903// http://code.google.com/p/memory-sanitizer/issues/detail?id=6 2904TEST(MemorySanitizerOrigins, DISABLED_InitializedStoreDoesNotChangeOrigin) { 2905 if (!TrackingOrigins()) return; 2906 2907 S s; 2908 U4 origin = rand(); // NOLINT 2909 s.a = *GetPoisonedO<U2>(0, origin); 2910 EXPECT_EQ(origin, __msan_get_origin(&s.a)); 2911 EXPECT_EQ(origin, __msan_get_origin(&s.b)); 2912 2913 s.b = 42; 2914 EXPECT_EQ(origin, __msan_get_origin(&s.a)); 2915 EXPECT_EQ(origin, __msan_get_origin(&s.b)); 2916} 2917} // namespace 2918 2919template<class T, class BinaryOp> 2920INLINE 2921void BinaryOpOriginTest(BinaryOp op) { 2922 U4 ox = rand(); //NOLINT 2923 U4 oy = rand(); //NOLINT 2924 T *x = GetPoisonedO<T>(0, ox, 0); 2925 T *y = GetPoisonedO<T>(1, oy, 0); 2926 T *z = GetPoisonedO<T>(2, 0, 0); 2927 2928 *z = op(*x, *y); 2929 U4 origin = __msan_get_origin(z); 2930 EXPECT_POISONED_O(*z, origin); 2931 EXPECT_EQ(true, origin == ox || origin == oy); 2932 2933 // y is poisoned, x is not. 2934 *x = 10101; 2935 *y = *GetPoisonedO<T>(1, oy); 2936 break_optimization(x); 2937 __msan_set_origin(z, sizeof(*z), 0); 2938 *z = op(*x, *y); 2939 EXPECT_POISONED_O(*z, oy); 2940 EXPECT_EQ(__msan_get_origin(z), oy); 2941 2942 // x is poisoned, y is not. 2943 *x = *GetPoisonedO<T>(0, ox); 2944 *y = 10101010; 2945 break_optimization(y); 2946 __msan_set_origin(z, sizeof(*z), 0); 2947 *z = op(*x, *y); 2948 EXPECT_POISONED_O(*z, ox); 2949 EXPECT_EQ(__msan_get_origin(z), ox); 2950} 2951 2952template<class T> INLINE T XOR(const T &a, const T&b) { return a ^ b; } 2953template<class T> INLINE T ADD(const T &a, const T&b) { return a + b; } 2954template<class T> INLINE T SUB(const T &a, const T&b) { return a - b; } 2955template<class T> INLINE T MUL(const T &a, const T&b) { return a * b; } 2956template<class T> INLINE T AND(const T &a, const T&b) { return a & b; } 2957template<class T> INLINE T OR (const T &a, const T&b) { return a | b; } 2958 2959TEST(MemorySanitizerOrigins, BinaryOp) { 2960 if (!TrackingOrigins()) return; 2961 BinaryOpOriginTest<S8>(XOR<S8>); 2962 BinaryOpOriginTest<U8>(ADD<U8>); 2963 BinaryOpOriginTest<S4>(SUB<S4>); 2964 BinaryOpOriginTest<S4>(MUL<S4>); 2965 BinaryOpOriginTest<U4>(OR<U4>); 2966 BinaryOpOriginTest<U4>(AND<U4>); 2967 BinaryOpOriginTest<double>(ADD<U4>); 2968 BinaryOpOriginTest<float>(ADD<S4>); 2969 BinaryOpOriginTest<double>(ADD<double>); 2970 BinaryOpOriginTest<float>(ADD<double>); 2971} 2972 2973TEST(MemorySanitizerOrigins, Unary) { 2974 if (!TrackingOrigins()) return; 2975 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2976 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2977 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2978 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2979 2980 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2981 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2982 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2983 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2984 2985 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2986 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2987 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2988 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2989 2990 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2991 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2992 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2993 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2994 2995 EXPECT_POISONED_O((void*)*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2996 EXPECT_POISONED_O((U8)*GetPoisonedO<void*>(0, __LINE__), __LINE__); 2997} 2998 2999TEST(MemorySanitizerOrigins, EQ) { 3000 if (!TrackingOrigins()) return; 3001 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) <= 11, __LINE__); 3002 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) == 11, __LINE__); 3003 EXPECT_POISONED_O(*GetPoisonedO<float>(0, __LINE__) == 1.1, __LINE__); 3004} 3005 3006TEST(MemorySanitizerOrigins, DIV) { 3007 if (!TrackingOrigins()) return; 3008 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) / 100, __LINE__); 3009 unsigned o = __LINE__; 3010 EXPECT_UMR_O(volatile unsigned y = 100 / *GetPoisonedO<S4>(0, o, 1), o); 3011} 3012 3013TEST(MemorySanitizerOrigins, SHIFT) { 3014 if (!TrackingOrigins()) return; 3015 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) >> 10, __LINE__); 3016 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) >> 10, __LINE__); 3017 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) << 10, __LINE__); 3018 EXPECT_POISONED_O(10U << *GetPoisonedO<U8>(0, __LINE__), __LINE__); 3019 EXPECT_POISONED_O(-10 >> *GetPoisonedO<S8>(0, __LINE__), __LINE__); 3020 EXPECT_POISONED_O(-10 << *GetPoisonedO<S8>(0, __LINE__), __LINE__); 3021} 3022 3023template<class T, int N> 3024void MemCpyTest() { 3025 int ox = __LINE__; 3026 T *x = new T[N]; 3027 T *y = new T[N]; 3028 T *z = new T[N]; 3029 T *q = new T[N]; 3030 __msan_poison(x, N * sizeof(T)); 3031 __msan_set_origin(x, N * sizeof(T), ox); 3032 __msan_set_origin(y, N * sizeof(T), 777777); 3033 __msan_set_origin(z, N * sizeof(T), 888888); 3034 EXPECT_NOT_POISONED(x); 3035 memcpy(y, x, N * sizeof(T)); 3036 EXPECT_POISONED_O(y[0], ox); 3037 EXPECT_POISONED_O(y[N/2], ox); 3038 EXPECT_POISONED_O(y[N-1], ox); 3039 EXPECT_NOT_POISONED(x); 3040 void *res = mempcpy(q, x, N * sizeof(T)); 3041 ASSERT_EQ(q + N, res); 3042 EXPECT_POISONED_O(q[0], ox); 3043 EXPECT_POISONED_O(q[N/2], ox); 3044 EXPECT_POISONED_O(q[N-1], ox); 3045 EXPECT_NOT_POISONED(x); 3046 memmove(z, x, N * sizeof(T)); 3047 EXPECT_POISONED_O(z[0], ox); 3048 EXPECT_POISONED_O(z[N/2], ox); 3049 EXPECT_POISONED_O(z[N-1], ox); 3050} 3051 3052TEST(MemorySanitizerOrigins, LargeMemCpy) { 3053 if (!TrackingOrigins()) return; 3054 MemCpyTest<U1, 10000>(); 3055 MemCpyTest<U8, 10000>(); 3056} 3057 3058TEST(MemorySanitizerOrigins, SmallMemCpy) { 3059 if (!TrackingOrigins()) return; 3060 MemCpyTest<U8, 1>(); 3061 MemCpyTest<U8, 2>(); 3062 MemCpyTest<U8, 3>(); 3063} 3064 3065TEST(MemorySanitizerOrigins, Select) { 3066 if (!TrackingOrigins()) return; 3067 EXPECT_NOT_POISONED(g_one ? 1 : *GetPoisonedO<S4>(0, __LINE__)); 3068 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3069 S4 x; 3070 break_optimization(&x); 3071 x = g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 0; 3072 3073 EXPECT_POISONED_O(g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 1, __LINE__); 3074 EXPECT_POISONED_O(g_0 ? 1 : *GetPoisonedO<S4>(0, __LINE__), __LINE__); 3075} 3076 3077extern "C" 3078NOINLINE char AllocaTO() { 3079 int ar[100]; 3080 break_optimization(ar); 3081 return ar[10]; 3082 // fprintf(stderr, "Descr: %s\n", 3083 // __msan_get_origin_descr_if_stack(__msan_get_origin_tls())); 3084} 3085 3086TEST(MemorySanitizerOrigins, Alloca) { 3087 if (!TrackingOrigins()) return; 3088 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 3089 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 3090 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 3091 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 3092} 3093 3094// FIXME: replace with a lit-like test. 3095TEST(MemorySanitizerOrigins, DISABLED_AllocaDeath) { 3096 if (!TrackingOrigins()) return; 3097 EXPECT_DEATH(AllocaTO(), "ORIGIN: stack allocation: ar@AllocaTO"); 3098} 3099 3100NOINLINE int RetvalOriginTest(U4 origin) { 3101 int *a = new int; 3102 break_optimization(a); 3103 __msan_set_origin(a, sizeof(*a), origin); 3104 int res = *a; 3105 delete a; 3106 return res; 3107} 3108 3109TEST(MemorySanitizerOrigins, Retval) { 3110 if (!TrackingOrigins()) return; 3111 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 3112} 3113 3114NOINLINE void ParamOriginTest(int param, U4 origin) { 3115 EXPECT_POISONED_O(param, origin); 3116} 3117 3118TEST(MemorySanitizerOrigins, Param) { 3119 if (!TrackingOrigins()) return; 3120 int *a = new int; 3121 U4 origin = __LINE__; 3122 break_optimization(a); 3123 __msan_set_origin(a, sizeof(*a), origin); 3124 ParamOriginTest(*a, origin); 3125 delete a; 3126} 3127 3128TEST(MemorySanitizerOrigins, Invoke) { 3129 if (!TrackingOrigins()) return; 3130 StructWithDtor s; // Will cause the calls to become invokes. 3131 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 3132} 3133 3134TEST(MemorySanitizerOrigins, strlen) { 3135 S8 alignment; 3136 break_optimization(&alignment); 3137 char x[4] = {'a', 'b', 0, 0}; 3138 __msan_poison(&x[2], 1); 3139 U4 origin = __LINE__; 3140 __msan_set_origin(x, sizeof(x), origin); 3141 EXPECT_UMR_O(volatile unsigned y = strlen(x), origin); 3142} 3143 3144TEST(MemorySanitizerOrigins, wcslen) { 3145 wchar_t w[3] = {'a', 'b', 0}; 3146 U4 origin = __LINE__; 3147 __msan_set_origin(w, sizeof(w), origin); 3148 __msan_poison(&w[2], sizeof(wchar_t)); 3149 EXPECT_UMR_O(volatile unsigned y = wcslen(w), origin); 3150} 3151 3152#if MSAN_HAS_M128 3153TEST(MemorySanitizerOrigins, StoreIntrinsic) { 3154 __m128 x, y; 3155 U4 origin = __LINE__; 3156 __msan_set_origin(&x, sizeof(x), origin); 3157 __msan_poison(&x, sizeof(x)); 3158 __builtin_ia32_storeups((float*)&y, x); 3159 EXPECT_POISONED_O(y, origin); 3160} 3161#endif 3162 3163NOINLINE void RecursiveMalloc(int depth) { 3164 static int count; 3165 count++; 3166 if ((count % (1024 * 1024)) == 0) 3167 printf("RecursiveMalloc: %d\n", count); 3168 int *x1 = new int; 3169 int *x2 = new int; 3170 break_optimization(x1); 3171 break_optimization(x2); 3172 if (depth > 0) { 3173 RecursiveMalloc(depth-1); 3174 RecursiveMalloc(depth-1); 3175 } 3176 delete x1; 3177 delete x2; 3178} 3179 3180TEST(MemorySanitizer, Select) { 3181 int x; 3182 int volatile* p = &x; 3183 int z = *p ? 1 : 0; 3184 EXPECT_POISONED(z); 3185} 3186 3187TEST(MemorySanitizerStress, DISABLED_MallocStackTrace) { 3188 RecursiveMalloc(22); 3189} 3190 3191TEST(MemorySanitizerAllocator, get_estimated_allocated_size) { 3192 size_t sizes[] = {0, 20, 5000, 1<<20}; 3193 for (size_t i = 0; i < sizeof(sizes) / sizeof(*sizes); ++i) { 3194 size_t alloc_size = __msan_get_estimated_allocated_size(sizes[i]); 3195 EXPECT_EQ(alloc_size, sizes[i]); 3196 } 3197} 3198 3199TEST(MemorySanitizerAllocator, get_allocated_size_and_ownership) { 3200 char *array = reinterpret_cast<char*>(malloc(100)); 3201 int *int_ptr = new int; 3202 3203 EXPECT_TRUE(__msan_get_ownership(array)); 3204 EXPECT_EQ(100, __msan_get_allocated_size(array)); 3205 3206 EXPECT_TRUE(__msan_get_ownership(int_ptr)); 3207 EXPECT_EQ(sizeof(*int_ptr), __msan_get_allocated_size(int_ptr)); 3208 3209 void *wild_addr = reinterpret_cast<void*>(0x1); 3210 EXPECT_FALSE(__msan_get_ownership(wild_addr)); 3211 EXPECT_EQ(0, __msan_get_allocated_size(wild_addr)); 3212 3213 EXPECT_FALSE(__msan_get_ownership(array + 50)); 3214 EXPECT_EQ(0, __msan_get_allocated_size(array + 50)); 3215 3216 // NULL is a valid argument for GetAllocatedSize but is not owned. 3217 EXPECT_FALSE(__msan_get_ownership(NULL)); 3218 EXPECT_EQ(0, __msan_get_allocated_size(NULL)); 3219 3220 free(array); 3221 EXPECT_FALSE(__msan_get_ownership(array)); 3222 EXPECT_EQ(0, __msan_get_allocated_size(array)); 3223 3224 delete int_ptr; 3225} 3226