msan_test.cc revision 5d71de26cedae3dafc17449fe0182045c0bd20e8
1//===-- msan_test.cc ------------------------------------------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file is a part of MemorySanitizer. 11// 12// MemorySanitizer unit tests. 13//===----------------------------------------------------------------------===// 14 15#ifndef MSAN_EXTERNAL_TEST_CONFIG 16#include "msan_test_config.h" 17#endif // MSAN_EXTERNAL_TEST_CONFIG 18 19#include "sanitizer_common/tests/sanitizer_test_utils.h" 20 21#include "sanitizer/allocator_interface.h" 22#include "sanitizer/msan_interface.h" 23#include "msandr_test_so.h" 24 25#include <inttypes.h> 26#include <stdlib.h> 27#include <stdarg.h> 28#include <stdio.h> 29#include <wchar.h> 30#include <math.h> 31#include <malloc.h> 32 33#include <arpa/inet.h> 34#include <dlfcn.h> 35#include <grp.h> 36#include <unistd.h> 37#include <link.h> 38#include <limits.h> 39#include <sys/time.h> 40#include <poll.h> 41#include <sys/types.h> 42#include <sys/stat.h> 43#include <fcntl.h> 44#include <sys/resource.h> 45#include <sys/ioctl.h> 46#include <sys/statvfs.h> 47#include <sys/sysinfo.h> 48#include <sys/utsname.h> 49#include <sys/mman.h> 50#include <sys/vfs.h> 51#include <dirent.h> 52#include <pwd.h> 53#include <sys/socket.h> 54#include <netdb.h> 55#include <wordexp.h> 56#include <mntent.h> 57#include <netinet/ether.h> 58#include <sys/ipc.h> 59#include <sys/shm.h> 60 61#if defined(__i386__) || defined(__x86_64__) 62# include <emmintrin.h> 63# define MSAN_HAS_M128 1 64#else 65# define MSAN_HAS_M128 0 66#endif 67 68#ifdef __AVX2__ 69# include <immintrin.h> 70#endif 71 72static const size_t kPageSize = 4096; 73 74typedef unsigned char U1; 75typedef unsigned short U2; // NOLINT 76typedef unsigned int U4; 77typedef unsigned long long U8; // NOLINT 78typedef signed char S1; 79typedef signed short S2; // NOLINT 80typedef signed int S4; 81typedef signed long long S8; // NOLINT 82#define NOINLINE __attribute__((noinline)) 83#define INLINE __attribute__((always_inline)) 84 85static bool TrackingOrigins() { 86 S8 x; 87 __msan_set_origin(&x, sizeof(x), 0x1234); 88 U4 origin = __msan_get_origin(&x); 89 __msan_set_origin(&x, sizeof(x), 0); 90 return origin == 0x1234; 91} 92 93#define EXPECT_UMR(action) \ 94 do { \ 95 __msan_set_expect_umr(1); \ 96 action; \ 97 __msan_set_expect_umr(0); \ 98 } while (0) 99 100#define EXPECT_UMR_O(action, origin) \ 101 do { \ 102 __msan_set_expect_umr(1); \ 103 action; \ 104 __msan_set_expect_umr(0); \ 105 if (TrackingOrigins()) \ 106 EXPECT_EQ(origin, __msan_get_umr_origin()); \ 107 } while (0) 108 109#define EXPECT_POISONED(x) ExpectPoisoned(x) 110 111template<typename T> 112void ExpectPoisoned(const T& t) { 113 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 114} 115 116#define EXPECT_POISONED_O(x, origin) \ 117 ExpectPoisonedWithOrigin(x, origin) 118 119template<typename T> 120void ExpectPoisonedWithOrigin(const T& t, unsigned origin) { 121 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 122 if (TrackingOrigins()) 123 EXPECT_EQ(origin, __msan_get_origin((void*)&t)); 124} 125 126#define EXPECT_NOT_POISONED(x) ExpectNotPoisoned(x) 127 128template<typename T> 129void ExpectNotPoisoned(const T& t) { 130 EXPECT_EQ(-1, __msan_test_shadow((void*)&t, sizeof(t))); 131} 132 133static U8 poisoned_array[100]; 134template<class T> 135T *GetPoisoned(int i = 0, T val = 0) { 136 T *res = (T*)&poisoned_array[i]; 137 *res = val; 138 __msan_poison(&poisoned_array[i], sizeof(T)); 139 return res; 140} 141 142template<class T> 143T *GetPoisonedO(int i, U4 origin, T val = 0) { 144 T *res = (T*)&poisoned_array[i]; 145 *res = val; 146 __msan_poison(&poisoned_array[i], sizeof(T)); 147 __msan_set_origin(&poisoned_array[i], sizeof(T), origin); 148 return res; 149} 150 151template<typename T> 152T Poisoned(T v = 0, T s = (T)(-1)) { 153 __msan_partial_poison(&v, &s, sizeof(T)); 154 return v; 155} 156 157template<class T> NOINLINE T ReturnPoisoned() { return *GetPoisoned<T>(); } 158 159static volatile int g_one = 1; 160static volatile int g_zero = 0; 161static volatile int g_0 = 0; 162static volatile int g_1 = 1; 163 164S4 a_s4[100]; 165S8 a_s8[100]; 166 167// Check that malloc poisons memory. 168// A lot of tests below depend on this. 169TEST(MemorySanitizerSanity, PoisonInMalloc) { 170 int *x = (int*)malloc(sizeof(int)); 171 EXPECT_POISONED(*x); 172 free(x); 173} 174 175TEST(MemorySanitizer, NegativeTest1) { 176 S4 *x = GetPoisoned<S4>(); 177 if (g_one) 178 *x = 0; 179 EXPECT_NOT_POISONED(*x); 180} 181 182TEST(MemorySanitizer, PositiveTest1) { 183 // Load to store. 184 EXPECT_POISONED(*GetPoisoned<S1>()); 185 EXPECT_POISONED(*GetPoisoned<S2>()); 186 EXPECT_POISONED(*GetPoisoned<S4>()); 187 EXPECT_POISONED(*GetPoisoned<S8>()); 188 189 // S->S conversions. 190 EXPECT_POISONED(*GetPoisoned<S1>()); 191 EXPECT_POISONED(*GetPoisoned<S1>()); 192 EXPECT_POISONED(*GetPoisoned<S1>()); 193 194 EXPECT_POISONED(*GetPoisoned<S2>()); 195 EXPECT_POISONED(*GetPoisoned<S2>()); 196 EXPECT_POISONED(*GetPoisoned<S2>()); 197 198 EXPECT_POISONED(*GetPoisoned<S4>()); 199 EXPECT_POISONED(*GetPoisoned<S4>()); 200 EXPECT_POISONED(*GetPoisoned<S4>()); 201 202 EXPECT_POISONED(*GetPoisoned<S8>()); 203 EXPECT_POISONED(*GetPoisoned<S8>()); 204 EXPECT_POISONED(*GetPoisoned<S8>()); 205 206 // ZExt 207 EXPECT_POISONED(*GetPoisoned<U1>()); 208 EXPECT_POISONED(*GetPoisoned<U1>()); 209 EXPECT_POISONED(*GetPoisoned<U1>()); 210 EXPECT_POISONED(*GetPoisoned<U2>()); 211 EXPECT_POISONED(*GetPoisoned<U2>()); 212 EXPECT_POISONED(*GetPoisoned<U4>()); 213 214 // Unary ops. 215 EXPECT_POISONED(- *GetPoisoned<S4>()); 216 217 EXPECT_UMR(a_s4[g_zero] = 100 / *GetPoisoned<S4>(0, 1)); 218 219 220 a_s4[g_zero] = 1 - *GetPoisoned<S4>(); 221 a_s4[g_zero] = 1 + *GetPoisoned<S4>(); 222} 223 224TEST(MemorySanitizer, Phi1) { 225 S4 c; 226 if (g_one) { 227 c = *GetPoisoned<S4>(); 228 } else { 229 break_optimization(0); 230 c = 0; 231 } 232 EXPECT_POISONED(c); 233} 234 235TEST(MemorySanitizer, Phi2) { 236 S4 i = *GetPoisoned<S4>(); 237 S4 n = g_one; 238 EXPECT_UMR(for (; i < g_one; i++);); 239 EXPECT_POISONED(i); 240} 241 242NOINLINE void Arg1ExpectUMR(S4 a1) { EXPECT_POISONED(a1); } 243NOINLINE void Arg2ExpectUMR(S4 a1, S4 a2) { EXPECT_POISONED(a2); } 244NOINLINE void Arg3ExpectUMR(S1 a1, S4 a2, S8 a3) { EXPECT_POISONED(a3); } 245 246TEST(MemorySanitizer, ArgTest) { 247 Arg1ExpectUMR(*GetPoisoned<S4>()); 248 Arg2ExpectUMR(0, *GetPoisoned<S4>()); 249 Arg3ExpectUMR(0, 1, *GetPoisoned<S8>()); 250} 251 252 253TEST(MemorySanitizer, CallAndRet) { 254 if (!__msan_has_dynamic_component()) return; 255 ReturnPoisoned<S1>(); 256 ReturnPoisoned<S2>(); 257 ReturnPoisoned<S4>(); 258 ReturnPoisoned<S8>(); 259 260 EXPECT_POISONED(ReturnPoisoned<S1>()); 261 EXPECT_POISONED(ReturnPoisoned<S2>()); 262 EXPECT_POISONED(ReturnPoisoned<S4>()); 263 EXPECT_POISONED(ReturnPoisoned<S8>()); 264} 265 266// malloc() in the following test may be optimized to produce a compile-time 267// undef value. Check that we trap on the volatile assignment anyway. 268TEST(MemorySanitizer, DISABLED_MallocNoIdent) { 269 S4 *x = (int*)malloc(sizeof(S4)); 270 EXPECT_POISONED(*x); 271 free(x); 272} 273 274TEST(MemorySanitizer, Malloc) { 275 S4 *x = (int*)Ident(malloc(sizeof(S4))); 276 EXPECT_POISONED(*x); 277 free(x); 278} 279 280TEST(MemorySanitizer, Realloc) { 281 S4 *x = (int*)Ident(realloc(0, sizeof(S4))); 282 EXPECT_POISONED(x[0]); 283 x[0] = 1; 284 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 285 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 286 EXPECT_POISONED(x[1]); 287 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 288 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 289 EXPECT_POISONED(x[2]); 290 EXPECT_POISONED(x[1]); 291 x[2] = 1; // Init this here. Check that after realloc it is poisoned again. 292 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 293 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 294 EXPECT_POISONED(x[1]); 295 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 296 EXPECT_POISONED(x[1]); 297 EXPECT_POISONED(x[2]); 298 free(x); 299} 300 301TEST(MemorySanitizer, Calloc) { 302 S4 *x = (int*)Ident(calloc(1, sizeof(S4))); 303 EXPECT_NOT_POISONED(*x); // Should not be poisoned. 304 EXPECT_EQ(0, *x); 305 free(x); 306} 307 308TEST(MemorySanitizer, CallocReturnsZeroMem) { 309 size_t sizes[] = {16, 1000, 10000, 100000, 2100000}; 310 for (size_t s = 0; s < sizeof(sizes)/sizeof(sizes[0]); s++) { 311 size_t size = sizes[s]; 312 for (size_t iter = 0; iter < 5; iter++) { 313 char *x = Ident((char*)calloc(1, size)); 314 EXPECT_EQ(x[0], 0); 315 EXPECT_EQ(x[size - 1], 0); 316 EXPECT_EQ(x[size / 2], 0); 317 EXPECT_EQ(x[size / 3], 0); 318 EXPECT_EQ(x[size / 4], 0); 319 memset(x, 0x42, size); 320 free(Ident(x)); 321 } 322 } 323} 324 325TEST(MemorySanitizer, AndOr) { 326 U4 *p = GetPoisoned<U4>(); 327 // We poison two bytes in the midle of a 4-byte word to make the test 328 // correct regardless of endianness. 329 ((U1*)p)[1] = 0; 330 ((U1*)p)[2] = 0xff; 331 EXPECT_NOT_POISONED(*p & 0x00ffff00); 332 EXPECT_NOT_POISONED(*p & 0x00ff0000); 333 EXPECT_NOT_POISONED(*p & 0x0000ff00); 334 EXPECT_POISONED(*p & 0xff000000); 335 EXPECT_POISONED(*p & 0x000000ff); 336 EXPECT_POISONED(*p & 0x0000ffff); 337 EXPECT_POISONED(*p & 0xffff0000); 338 339 EXPECT_NOT_POISONED(*p | 0xff0000ff); 340 EXPECT_NOT_POISONED(*p | 0xff00ffff); 341 EXPECT_NOT_POISONED(*p | 0xffff00ff); 342 EXPECT_POISONED(*p | 0xff000000); 343 EXPECT_POISONED(*p | 0x000000ff); 344 EXPECT_POISONED(*p | 0x0000ffff); 345 EXPECT_POISONED(*p | 0xffff0000); 346 347 EXPECT_POISONED(*GetPoisoned<bool>() & *GetPoisoned<bool>()); 348} 349 350template<class T> 351static bool applyNot(T value, T shadow) { 352 __msan_partial_poison(&value, &shadow, sizeof(T)); 353 return !value; 354} 355 356TEST(MemorySanitizer, Not) { 357 EXPECT_NOT_POISONED(applyNot<U4>(0x0, 0x0)); 358 EXPECT_NOT_POISONED(applyNot<U4>(0xFFFFFFFF, 0x0)); 359 EXPECT_POISONED(applyNot<U4>(0xFFFFFFFF, 0xFFFFFFFF)); 360 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0FFFFFFF)); 361 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00FFFFFF)); 362 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0000FFFF)); 363 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00000000)); 364 EXPECT_POISONED(applyNot<U4>(0xFF000000, 0xFF000000)); 365 EXPECT_NOT_POISONED(applyNot<U4>(0xFF800000, 0xFF000000)); 366 EXPECT_POISONED(applyNot<U4>(0x00008000, 0x00008000)); 367 368 EXPECT_NOT_POISONED(applyNot<U1>(0x0, 0x0)); 369 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0xFE)); 370 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0x0)); 371 EXPECT_POISONED(applyNot<U1>(0xFF, 0xFF)); 372 373 EXPECT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-1))); 374 EXPECT_NOT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-2))); 375} 376 377TEST(MemorySanitizer, Shift) { 378 U4 *up = GetPoisoned<U4>(); 379 ((U1*)up)[0] = 0; 380 ((U1*)up)[3] = 0xff; 381 EXPECT_NOT_POISONED(*up >> 30); 382 EXPECT_NOT_POISONED(*up >> 24); 383 EXPECT_POISONED(*up >> 23); 384 EXPECT_POISONED(*up >> 10); 385 386 EXPECT_NOT_POISONED(*up << 30); 387 EXPECT_NOT_POISONED(*up << 24); 388 EXPECT_POISONED(*up << 23); 389 EXPECT_POISONED(*up << 10); 390 391 S4 *sp = (S4*)up; 392 EXPECT_NOT_POISONED(*sp >> 30); 393 EXPECT_NOT_POISONED(*sp >> 24); 394 EXPECT_POISONED(*sp >> 23); 395 EXPECT_POISONED(*sp >> 10); 396 397 sp = GetPoisoned<S4>(); 398 ((S1*)sp)[1] = 0; 399 ((S1*)sp)[2] = 0; 400 EXPECT_POISONED(*sp >> 31); 401 402 EXPECT_POISONED(100 >> *GetPoisoned<S4>()); 403 EXPECT_POISONED(100U >> *GetPoisoned<S4>()); 404} 405 406NOINLINE static int GetPoisonedZero() { 407 int *zero = new int; 408 *zero = 0; 409 __msan_poison(zero, sizeof(*zero)); 410 int res = *zero; 411 delete zero; 412 return res; 413} 414 415TEST(MemorySanitizer, LoadFromDirtyAddress) { 416 int *a = new int; 417 *a = 0; 418 EXPECT_UMR(break_optimization((void*)(U8)a[GetPoisonedZero()])); 419 delete a; 420} 421 422TEST(MemorySanitizer, StoreToDirtyAddress) { 423 int *a = new int; 424 EXPECT_UMR(a[GetPoisonedZero()] = 0); 425 break_optimization(a); 426 delete a; 427} 428 429 430NOINLINE void StackTestFunc() { 431 S4 p4; 432 S4 ok4 = 1; 433 S2 p2; 434 S2 ok2 = 1; 435 S1 p1; 436 S1 ok1 = 1; 437 break_optimization(&p4); 438 break_optimization(&ok4); 439 break_optimization(&p2); 440 break_optimization(&ok2); 441 break_optimization(&p1); 442 break_optimization(&ok1); 443 444 EXPECT_POISONED(p4); 445 EXPECT_POISONED(p2); 446 EXPECT_POISONED(p1); 447 EXPECT_NOT_POISONED(ok1); 448 EXPECT_NOT_POISONED(ok2); 449 EXPECT_NOT_POISONED(ok4); 450} 451 452TEST(MemorySanitizer, StackTest) { 453 StackTestFunc(); 454} 455 456NOINLINE void StackStressFunc() { 457 int foo[10000]; 458 break_optimization(foo); 459} 460 461TEST(MemorySanitizer, DISABLED_StackStressTest) { 462 for (int i = 0; i < 1000000; i++) 463 StackStressFunc(); 464} 465 466template<class T> 467void TestFloatingPoint() { 468 static volatile T v; 469 static T g[100]; 470 break_optimization(&g); 471 T *x = GetPoisoned<T>(); 472 T *y = GetPoisoned<T>(1); 473 EXPECT_POISONED(*x); 474 EXPECT_POISONED((long long)*x); 475 EXPECT_POISONED((int)*x); 476 g[0] = *x; 477 g[1] = *x + *y; 478 g[2] = *x - *y; 479 g[3] = *x * *y; 480} 481 482TEST(MemorySanitizer, FloatingPointTest) { 483 TestFloatingPoint<float>(); 484 TestFloatingPoint<double>(); 485} 486 487TEST(MemorySanitizer, DynMem) { 488 S4 x = 0; 489 S4 *y = GetPoisoned<S4>(); 490 memcpy(y, &x, g_one * sizeof(S4)); 491 EXPECT_NOT_POISONED(*y); 492} 493 494static char *DynRetTestStr; 495 496TEST(MemorySanitizer, DynRet) { 497 if (!__msan_has_dynamic_component()) return; 498 ReturnPoisoned<S8>(); 499 EXPECT_NOT_POISONED(clearenv()); 500} 501 502 503TEST(MemorySanitizer, DynRet1) { 504 if (!__msan_has_dynamic_component()) return; 505 ReturnPoisoned<S8>(); 506} 507 508struct LargeStruct { 509 S4 x[10]; 510}; 511 512NOINLINE 513LargeStruct LargeRetTest() { 514 LargeStruct res; 515 res.x[0] = *GetPoisoned<S4>(); 516 res.x[1] = *GetPoisoned<S4>(); 517 res.x[2] = *GetPoisoned<S4>(); 518 res.x[3] = *GetPoisoned<S4>(); 519 res.x[4] = *GetPoisoned<S4>(); 520 res.x[5] = *GetPoisoned<S4>(); 521 res.x[6] = *GetPoisoned<S4>(); 522 res.x[7] = *GetPoisoned<S4>(); 523 res.x[8] = *GetPoisoned<S4>(); 524 res.x[9] = *GetPoisoned<S4>(); 525 return res; 526} 527 528TEST(MemorySanitizer, strcmp) { 529 char s1[10]; 530 char s2[10]; 531 strncpy(s1, "foo", 10); 532 s2[0] = 'f'; 533 s2[1] = 'n'; 534 EXPECT_GT(strcmp(s1, s2), 0); 535 s2[1] = 'o'; 536 int res; 537 EXPECT_UMR(res = strcmp(s1, s2)); 538 EXPECT_NOT_POISONED(res); 539 EXPECT_EQ(strncmp(s1, s2, 1), 0); 540} 541 542TEST(MemorySanitizer, LargeRet) { 543 LargeStruct a = LargeRetTest(); 544 EXPECT_POISONED(a.x[0]); 545 EXPECT_POISONED(a.x[9]); 546} 547 548TEST(MemorySanitizer, strerror) { 549 char *buf = strerror(EINVAL); 550 EXPECT_NOT_POISONED(strlen(buf)); 551 buf = strerror(123456); 552 EXPECT_NOT_POISONED(strlen(buf)); 553} 554 555TEST(MemorySanitizer, strerror_r) { 556 errno = 0; 557 char buf[1000]; 558 char *res = strerror_r(EINVAL, buf, sizeof(buf)); 559 ASSERT_EQ(0, errno); 560 if (!res) res = buf; // POSIX version success. 561 EXPECT_NOT_POISONED(strlen(res)); 562} 563 564TEST(MemorySanitizer, fread) { 565 char *x = new char[32]; 566 FILE *f = fopen("/proc/self/stat", "r"); 567 ASSERT_TRUE(f != NULL); 568 fread(x, 1, 32, f); 569 EXPECT_NOT_POISONED(x[0]); 570 EXPECT_NOT_POISONED(x[16]); 571 EXPECT_NOT_POISONED(x[31]); 572 fclose(f); 573 delete x; 574} 575 576TEST(MemorySanitizer, read) { 577 char *x = new char[32]; 578 int fd = open("/proc/self/stat", O_RDONLY); 579 ASSERT_GT(fd, 0); 580 int sz = read(fd, x, 32); 581 ASSERT_EQ(sz, 32); 582 EXPECT_NOT_POISONED(x[0]); 583 EXPECT_NOT_POISONED(x[16]); 584 EXPECT_NOT_POISONED(x[31]); 585 close(fd); 586 delete x; 587} 588 589TEST(MemorySanitizer, pread) { 590 char *x = new char[32]; 591 int fd = open("/proc/self/stat", O_RDONLY); 592 ASSERT_GT(fd, 0); 593 int sz = pread(fd, x, 32, 0); 594 ASSERT_EQ(sz, 32); 595 EXPECT_NOT_POISONED(x[0]); 596 EXPECT_NOT_POISONED(x[16]); 597 EXPECT_NOT_POISONED(x[31]); 598 close(fd); 599 delete x; 600} 601 602TEST(MemorySanitizer, readv) { 603 char buf[2011]; 604 struct iovec iov[2]; 605 iov[0].iov_base = buf + 1; 606 iov[0].iov_len = 5; 607 iov[1].iov_base = buf + 10; 608 iov[1].iov_len = 2000; 609 int fd = open("/proc/self/stat", O_RDONLY); 610 ASSERT_GT(fd, 0); 611 int sz = readv(fd, iov, 2); 612 ASSERT_GE(sz, 0); 613 ASSERT_LT(sz, 5 + 2000); 614 ASSERT_GT((size_t)sz, iov[0].iov_len); 615 EXPECT_POISONED(buf[0]); 616 EXPECT_NOT_POISONED(buf[1]); 617 EXPECT_NOT_POISONED(buf[5]); 618 EXPECT_POISONED(buf[6]); 619 EXPECT_POISONED(buf[9]); 620 EXPECT_NOT_POISONED(buf[10]); 621 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 622 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 623 close(fd); 624} 625 626TEST(MemorySanitizer, preadv) { 627 char buf[2011]; 628 struct iovec iov[2]; 629 iov[0].iov_base = buf + 1; 630 iov[0].iov_len = 5; 631 iov[1].iov_base = buf + 10; 632 iov[1].iov_len = 2000; 633 int fd = open("/proc/self/stat", O_RDONLY); 634 ASSERT_GT(fd, 0); 635 int sz = preadv(fd, iov, 2, 3); 636 ASSERT_GE(sz, 0); 637 ASSERT_LT(sz, 5 + 2000); 638 ASSERT_GT((size_t)sz, iov[0].iov_len); 639 EXPECT_POISONED(buf[0]); 640 EXPECT_NOT_POISONED(buf[1]); 641 EXPECT_NOT_POISONED(buf[5]); 642 EXPECT_POISONED(buf[6]); 643 EXPECT_POISONED(buf[9]); 644 EXPECT_NOT_POISONED(buf[10]); 645 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 646 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 647 close(fd); 648} 649 650// FIXME: fails now. 651TEST(MemorySanitizer, DISABLED_ioctl) { 652 struct winsize ws; 653 EXPECT_EQ(ioctl(2, TIOCGWINSZ, &ws), 0); 654 EXPECT_NOT_POISONED(ws.ws_col); 655} 656 657TEST(MemorySanitizer, readlink) { 658 char *x = new char[1000]; 659 readlink("/proc/self/exe", x, 1000); 660 EXPECT_NOT_POISONED(x[0]); 661 delete [] x; 662} 663 664 665TEST(MemorySanitizer, stat) { 666 struct stat* st = new struct stat; 667 int res = stat("/proc/self/stat", st); 668 ASSERT_EQ(0, res); 669 EXPECT_NOT_POISONED(st->st_dev); 670 EXPECT_NOT_POISONED(st->st_mode); 671 EXPECT_NOT_POISONED(st->st_size); 672} 673 674TEST(MemorySanitizer, fstatat) { 675 struct stat* st = new struct stat; 676 int dirfd = open("/proc/self", O_RDONLY); 677 ASSERT_GT(dirfd, 0); 678 int res = fstatat(dirfd, "stat", st, 0); 679 ASSERT_EQ(0, res); 680 EXPECT_NOT_POISONED(st->st_dev); 681 EXPECT_NOT_POISONED(st->st_mode); 682 EXPECT_NOT_POISONED(st->st_size); 683 close(dirfd); 684} 685 686TEST(MemorySanitizer, statfs) { 687 struct statfs st; 688 int res = statfs("/", &st); 689 ASSERT_EQ(0, res); 690 EXPECT_NOT_POISONED(st.f_type); 691 EXPECT_NOT_POISONED(st.f_bfree); 692 EXPECT_NOT_POISONED(st.f_namelen); 693} 694 695TEST(MemorySanitizer, statvfs) { 696 struct statvfs st; 697 int res = statvfs("/", &st); 698 ASSERT_EQ(0, res); 699 EXPECT_NOT_POISONED(st.f_bsize); 700 EXPECT_NOT_POISONED(st.f_blocks); 701 EXPECT_NOT_POISONED(st.f_bfree); 702 EXPECT_NOT_POISONED(st.f_namemax); 703} 704 705TEST(MemorySanitizer, fstatvfs) { 706 struct statvfs st; 707 int fd = open("/", O_RDONLY | O_DIRECTORY); 708 int res = fstatvfs(fd, &st); 709 ASSERT_EQ(0, res); 710 EXPECT_NOT_POISONED(st.f_bsize); 711 EXPECT_NOT_POISONED(st.f_blocks); 712 EXPECT_NOT_POISONED(st.f_bfree); 713 EXPECT_NOT_POISONED(st.f_namemax); 714 close(fd); 715} 716 717TEST(MemorySanitizer, pipe) { 718 int* pipefd = new int[2]; 719 int res = pipe(pipefd); 720 ASSERT_EQ(0, res); 721 EXPECT_NOT_POISONED(pipefd[0]); 722 EXPECT_NOT_POISONED(pipefd[1]); 723 close(pipefd[0]); 724 close(pipefd[1]); 725} 726 727TEST(MemorySanitizer, pipe2) { 728 int* pipefd = new int[2]; 729 int res = pipe2(pipefd, O_NONBLOCK); 730 ASSERT_EQ(0, res); 731 EXPECT_NOT_POISONED(pipefd[0]); 732 EXPECT_NOT_POISONED(pipefd[1]); 733 close(pipefd[0]); 734 close(pipefd[1]); 735} 736 737TEST(MemorySanitizer, socketpair) { 738 int sv[2]; 739 int res = socketpair(AF_UNIX, SOCK_STREAM, 0, sv); 740 ASSERT_EQ(0, res); 741 EXPECT_NOT_POISONED(sv[0]); 742 EXPECT_NOT_POISONED(sv[1]); 743 close(sv[0]); 744 close(sv[1]); 745} 746 747TEST(MemorySanitizer, poll) { 748 int* pipefd = new int[2]; 749 int res = pipe(pipefd); 750 ASSERT_EQ(0, res); 751 752 char data = 42; 753 res = write(pipefd[1], &data, 1); 754 ASSERT_EQ(1, res); 755 756 pollfd fds[2]; 757 fds[0].fd = pipefd[0]; 758 fds[0].events = POLLIN; 759 fds[1].fd = pipefd[1]; 760 fds[1].events = POLLIN; 761 res = poll(fds, 2, 500); 762 ASSERT_EQ(1, res); 763 EXPECT_NOT_POISONED(fds[0].revents); 764 EXPECT_NOT_POISONED(fds[1].revents); 765 766 close(pipefd[0]); 767 close(pipefd[1]); 768} 769 770TEST(MemorySanitizer, ppoll) { 771 int* pipefd = new int[2]; 772 int res = pipe(pipefd); 773 ASSERT_EQ(0, res); 774 775 char data = 42; 776 res = write(pipefd[1], &data, 1); 777 ASSERT_EQ(1, res); 778 779 pollfd fds[2]; 780 fds[0].fd = pipefd[0]; 781 fds[0].events = POLLIN; 782 fds[1].fd = pipefd[1]; 783 fds[1].events = POLLIN; 784 sigset_t ss; 785 sigemptyset(&ss); 786 res = ppoll(fds, 2, NULL, &ss); 787 ASSERT_EQ(1, res); 788 EXPECT_NOT_POISONED(fds[0].revents); 789 EXPECT_NOT_POISONED(fds[1].revents); 790 791 close(pipefd[0]); 792 close(pipefd[1]); 793} 794 795TEST(MemorySanitizer, poll_positive) { 796 int* pipefd = new int[2]; 797 int res = pipe(pipefd); 798 ASSERT_EQ(0, res); 799 800 pollfd fds[2]; 801 fds[0].fd = pipefd[0]; 802 fds[0].events = POLLIN; 803 // fds[1].fd uninitialized 804 fds[1].events = POLLIN; 805 EXPECT_UMR(poll(fds, 2, 0)); 806 807 close(pipefd[0]); 808 close(pipefd[1]); 809} 810 811TEST(MemorySanitizer, bind_getsockname) { 812 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 813 814 struct sockaddr_in sai; 815 memset(&sai, 0, sizeof(sai)); 816 sai.sin_family = AF_UNIX; 817 int res = bind(sock, (struct sockaddr *)&sai, sizeof(sai)); 818 819 ASSERT_EQ(0, res); 820 char buf[200]; 821 socklen_t addrlen; 822 EXPECT_UMR(getsockname(sock, (struct sockaddr *)&buf, &addrlen)); 823 824 addrlen = sizeof(buf); 825 res = getsockname(sock, (struct sockaddr *)&buf, &addrlen); 826 EXPECT_NOT_POISONED(addrlen); 827 EXPECT_NOT_POISONED(buf[0]); 828 EXPECT_NOT_POISONED(buf[addrlen - 1]); 829 EXPECT_POISONED(buf[addrlen]); 830 close(sock); 831} 832 833TEST(MemorySanitizer, accept) { 834 int listen_socket = socket(AF_INET, SOCK_STREAM, 0); 835 ASSERT_LT(0, listen_socket); 836 837 struct sockaddr_in sai; 838 memset(&sai, 0, sizeof(sai)); 839 sai.sin_family = AF_INET; 840 sai.sin_port = 0; 841 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 842 int res = bind(listen_socket, (struct sockaddr *)&sai, sizeof(sai)); 843 ASSERT_EQ(0, res); 844 845 res = listen(listen_socket, 1); 846 ASSERT_EQ(0, res); 847 848 socklen_t sz = sizeof(sai); 849 res = getsockname(listen_socket, (struct sockaddr *)&sai, &sz); 850 ASSERT_EQ(0, res); 851 ASSERT_EQ(sizeof(sai), sz); 852 853 int connect_socket = socket(AF_INET, SOCK_STREAM, 0); 854 ASSERT_LT(0, connect_socket); 855 res = fcntl(connect_socket, F_SETFL, O_NONBLOCK); 856 ASSERT_EQ(0, res); 857 res = connect(connect_socket, (struct sockaddr *)&sai, sizeof(sai)); 858 ASSERT_EQ(-1, res); 859 ASSERT_EQ(EINPROGRESS, errno); 860 861 __msan_poison(&sai, sizeof(sai)); 862 int new_sock = accept(listen_socket, (struct sockaddr *)&sai, &sz); 863 ASSERT_LT(0, new_sock); 864 ASSERT_EQ(sizeof(sai), sz); 865 EXPECT_NOT_POISONED(sai); 866 867 __msan_poison(&sai, sizeof(sai)); 868 res = getpeername(new_sock, (struct sockaddr *)&sai, &sz); 869 ASSERT_EQ(0, res); 870 ASSERT_EQ(sizeof(sai), sz); 871 EXPECT_NOT_POISONED(sai); 872 873 close(new_sock); 874 close(connect_socket); 875 close(listen_socket); 876} 877 878TEST(MemorySanitizer, getaddrinfo) { 879 struct addrinfo *ai; 880 struct addrinfo hints; 881 memset(&hints, 0, sizeof(hints)); 882 hints.ai_family = AF_INET; 883 int res = getaddrinfo("localhost", NULL, &hints, &ai); 884 ASSERT_EQ(0, res); 885 EXPECT_NOT_POISONED(*ai); 886 ASSERT_EQ(sizeof(sockaddr_in), ai->ai_addrlen); 887 EXPECT_NOT_POISONED(*(sockaddr_in*)ai->ai_addr); 888} 889 890TEST(MemorySanitizer, getnameinfo) { 891 struct sockaddr_in sai; 892 memset(&sai, 0, sizeof(sai)); 893 sai.sin_family = AF_INET; 894 sai.sin_port = 80; 895 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 896 char host[500]; 897 char serv[500]; 898 int res = getnameinfo((struct sockaddr *)&sai, sizeof(sai), host, 899 sizeof(host), serv, sizeof(serv), 0); 900 ASSERT_EQ(0, res); 901 EXPECT_NOT_POISONED(host[0]); 902 EXPECT_POISONED(host[sizeof(host) - 1]); 903 904 ASSERT_NE(0U, strlen(host)); 905 EXPECT_NOT_POISONED(serv[0]); 906 EXPECT_POISONED(serv[sizeof(serv) - 1]); 907 ASSERT_NE(0U, strlen(serv)); 908} 909 910#define EXPECT_HOSTENT_NOT_POISONED(he) \ 911 do { \ 912 EXPECT_NOT_POISONED(*(he)); \ 913 ASSERT_NE((void *) 0, (he)->h_name); \ 914 ASSERT_NE((void *) 0, (he)->h_aliases); \ 915 ASSERT_NE((void *) 0, (he)->h_addr_list); \ 916 EXPECT_NOT_POISONED(strlen((he)->h_name)); \ 917 char **p = (he)->h_aliases; \ 918 while (*p) { \ 919 EXPECT_NOT_POISONED(strlen(*p)); \ 920 ++p; \ 921 } \ 922 char **q = (he)->h_addr_list; \ 923 while (*q) { \ 924 EXPECT_NOT_POISONED(*q[0]); \ 925 ++q; \ 926 } \ 927 EXPECT_NOT_POISONED(*q); \ 928 } while (0) 929 930TEST(MemorySanitizer, gethostent) { 931 struct hostent *he = gethostent(); 932 ASSERT_NE((void *)NULL, he); 933 EXPECT_HOSTENT_NOT_POISONED(he); 934} 935 936#ifndef MSAN_TEST_DISABLE_GETHOSTBYNAME 937 938TEST(MemorySanitizer, gethostbyname) { 939 struct hostent *he = gethostbyname("localhost"); 940 ASSERT_NE((void *)NULL, he); 941 EXPECT_HOSTENT_NOT_POISONED(he); 942} 943 944#endif // MSAN_TEST_DISABLE_GETHOSTBYNAME 945 946TEST(MemorySanitizer, recvmsg) { 947 int server_socket = socket(AF_INET, SOCK_DGRAM, 0); 948 ASSERT_LT(0, server_socket); 949 950 struct sockaddr_in sai; 951 memset(&sai, 0, sizeof(sai)); 952 sai.sin_family = AF_INET; 953 sai.sin_port = 0; 954 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 955 int res = bind(server_socket, (struct sockaddr *)&sai, sizeof(sai)); 956 ASSERT_EQ(0, res); 957 958 socklen_t sz = sizeof(sai); 959 res = getsockname(server_socket, (struct sockaddr *)&sai, &sz); 960 ASSERT_EQ(0, res); 961 ASSERT_EQ(sizeof(sai), sz); 962 963 964 int client_socket = socket(AF_INET, SOCK_DGRAM, 0); 965 ASSERT_LT(0, client_socket); 966 967 struct sockaddr_in client_sai; 968 memset(&client_sai, 0, sizeof(client_sai)); 969 client_sai.sin_family = AF_INET; 970 client_sai.sin_port = 0; 971 client_sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 972 res = bind(client_socket, (struct sockaddr *)&client_sai, sizeof(client_sai)); 973 ASSERT_EQ(0, res); 974 975 sz = sizeof(client_sai); 976 res = getsockname(client_socket, (struct sockaddr *)&client_sai, &sz); 977 ASSERT_EQ(0, res); 978 ASSERT_EQ(sizeof(client_sai), sz); 979 980 981 const char *s = "message text"; 982 struct iovec iov; 983 iov.iov_base = (void *)s; 984 iov.iov_len = strlen(s) + 1; 985 struct msghdr msg; 986 memset(&msg, 0, sizeof(msg)); 987 msg.msg_name = &sai; 988 msg.msg_namelen = sizeof(sai); 989 msg.msg_iov = &iov; 990 msg.msg_iovlen = 1; 991 res = sendmsg(client_socket, &msg, 0); 992 ASSERT_LT(0, res); 993 994 995 char buf[1000]; 996 struct iovec recv_iov; 997 recv_iov.iov_base = (void *)&buf; 998 recv_iov.iov_len = sizeof(buf); 999 struct sockaddr_in recv_sai; 1000 struct msghdr recv_msg; 1001 memset(&recv_msg, 0, sizeof(recv_msg)); 1002 recv_msg.msg_name = &recv_sai; 1003 recv_msg.msg_namelen = sizeof(recv_sai); 1004 recv_msg.msg_iov = &recv_iov; 1005 recv_msg.msg_iovlen = 1; 1006 res = recvmsg(server_socket, &recv_msg, 0); 1007 ASSERT_LT(0, res); 1008 1009 ASSERT_EQ(sizeof(recv_sai), recv_msg.msg_namelen); 1010 EXPECT_NOT_POISONED(*(struct sockaddr_in *)recv_msg.msg_name); 1011 EXPECT_STREQ(s, buf); 1012 1013 close(server_socket); 1014 close(client_socket); 1015} 1016 1017TEST(MemorySanitizer, gethostbyname2) { 1018 struct hostent *he = gethostbyname2("localhost", AF_INET); 1019 ASSERT_NE((void *)NULL, he); 1020 EXPECT_HOSTENT_NOT_POISONED(he); 1021} 1022 1023TEST(MemorySanitizer, gethostbyaddr) { 1024 in_addr_t addr = inet_addr("127.0.0.1"); 1025 EXPECT_NOT_POISONED(addr); 1026 struct hostent *he = gethostbyaddr(&addr, sizeof(addr), AF_INET); 1027 ASSERT_NE((void *)NULL, he); 1028 EXPECT_HOSTENT_NOT_POISONED(he); 1029} 1030 1031TEST(MemorySanitizer, gethostent_r) { 1032 char buf[2000]; 1033 struct hostent he; 1034 struct hostent *result; 1035 int err; 1036 int res = gethostent_r(&he, buf, sizeof(buf), &result, &err); 1037 ASSERT_EQ(0, res); 1038 EXPECT_NOT_POISONED(result); 1039 ASSERT_NE((void *)NULL, result); 1040 EXPECT_HOSTENT_NOT_POISONED(result); 1041 EXPECT_NOT_POISONED(err); 1042} 1043 1044TEST(MemorySanitizer, gethostbyname_r) { 1045 char buf[2000]; 1046 struct hostent he; 1047 struct hostent *result; 1048 int err; 1049 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err); 1050 ASSERT_EQ(0, res); 1051 EXPECT_NOT_POISONED(result); 1052 ASSERT_NE((void *)NULL, result); 1053 EXPECT_HOSTENT_NOT_POISONED(result); 1054 EXPECT_NOT_POISONED(err); 1055} 1056 1057TEST(MemorySanitizer, gethostbyname_r_bad_host_name) { 1058 char buf[2000]; 1059 struct hostent he; 1060 struct hostent *result; 1061 int err; 1062 int res = gethostbyname_r("bad-host-name", &he, buf, sizeof(buf), &result, &err); 1063 ASSERT_EQ((struct hostent *)0, result); 1064 EXPECT_NOT_POISONED(err); 1065} 1066 1067TEST(MemorySanitizer, gethostbyname_r_erange) { 1068 char buf[5]; 1069 struct hostent he; 1070 struct hostent *result; 1071 int err; 1072 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err); 1073 ASSERT_EQ(ERANGE, res); 1074 EXPECT_NOT_POISONED(err); 1075} 1076 1077TEST(MemorySanitizer, gethostbyname2_r) { 1078 char buf[2000]; 1079 struct hostent he; 1080 struct hostent *result; 1081 int err; 1082 int res = gethostbyname2_r("localhost", AF_INET, &he, buf, sizeof(buf), 1083 &result, &err); 1084 ASSERT_EQ(0, res); 1085 EXPECT_NOT_POISONED(result); 1086 ASSERT_NE((void *)NULL, result); 1087 EXPECT_HOSTENT_NOT_POISONED(result); 1088 EXPECT_NOT_POISONED(err); 1089} 1090 1091TEST(MemorySanitizer, gethostbyaddr_r) { 1092 char buf[2000]; 1093 struct hostent he; 1094 struct hostent *result; 1095 int err; 1096 in_addr_t addr = inet_addr("127.0.0.1"); 1097 EXPECT_NOT_POISONED(addr); 1098 int res = gethostbyaddr_r(&addr, sizeof(addr), AF_INET, &he, buf, sizeof(buf), 1099 &result, &err); 1100 ASSERT_EQ(0, res); 1101 EXPECT_NOT_POISONED(result); 1102 ASSERT_NE((void *)NULL, result); 1103 EXPECT_HOSTENT_NOT_POISONED(result); 1104 EXPECT_NOT_POISONED(err); 1105} 1106 1107TEST(MemorySanitizer, getsockopt) { 1108 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 1109 struct linger l[2]; 1110 socklen_t sz = sizeof(l[0]); 1111 int res = getsockopt(sock, SOL_SOCKET, SO_LINGER, &l[0], &sz); 1112 ASSERT_EQ(0, res); 1113 ASSERT_EQ(sizeof(l[0]), sz); 1114 EXPECT_NOT_POISONED(l[0]); 1115 EXPECT_POISONED(*(char *)(l + 1)); 1116} 1117 1118TEST(MemorySanitizer, getcwd) { 1119 char path[PATH_MAX + 1]; 1120 char* res = getcwd(path, sizeof(path)); 1121 ASSERT_TRUE(res != NULL); 1122 EXPECT_NOT_POISONED(path[0]); 1123} 1124 1125TEST(MemorySanitizer, getcwd_gnu) { 1126 char* res = getcwd(NULL, 0); 1127 ASSERT_TRUE(res != NULL); 1128 EXPECT_NOT_POISONED(res[0]); 1129 free(res); 1130} 1131 1132TEST(MemorySanitizer, get_current_dir_name) { 1133 char* res = get_current_dir_name(); 1134 ASSERT_TRUE(res != NULL); 1135 EXPECT_NOT_POISONED(res[0]); 1136 free(res); 1137} 1138 1139TEST(MemorySanitizer, shmctl) { 1140 int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT); 1141 ASSERT_GT(id, -1); 1142 1143 struct shmid_ds ds; 1144 int res = shmctl(id, IPC_STAT, &ds); 1145 ASSERT_GT(res, -1); 1146 EXPECT_NOT_POISONED(ds); 1147 1148 struct shminfo si; 1149 res = shmctl(id, IPC_INFO, (struct shmid_ds *)&si); 1150 ASSERT_GT(res, -1); 1151 EXPECT_NOT_POISONED(si); 1152 1153 struct shm_info s_i; 1154 res = shmctl(id, SHM_INFO, (struct shmid_ds *)&s_i); 1155 ASSERT_GT(res, -1); 1156 EXPECT_NOT_POISONED(s_i); 1157 1158 res = shmctl(id, IPC_RMID, 0); 1159 ASSERT_GT(res, -1); 1160} 1161 1162TEST(MemorySanitizer, shmat) { 1163 void *p = mmap(NULL, 4096, PROT_READ | PROT_WRITE, 1164 MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); 1165 ASSERT_NE(MAP_FAILED, p); 1166 1167 ((char *)p)[10] = *GetPoisoned<U1>(); 1168 ((char *)p)[4095] = *GetPoisoned<U1>(); 1169 1170 int res = munmap(p, 4096); 1171 ASSERT_EQ(0, res); 1172 1173 int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT); 1174 ASSERT_GT(id, -1); 1175 1176 void *q = shmat(id, p, 0); 1177 ASSERT_EQ(p, q); 1178 1179 EXPECT_NOT_POISONED(((char *)q)[0]); 1180 EXPECT_NOT_POISONED(((char *)q)[10]); 1181 EXPECT_NOT_POISONED(((char *)q)[4095]); 1182 1183 res = shmdt(q); 1184 ASSERT_EQ(0, res); 1185 1186 res = shmctl(id, IPC_RMID, 0); 1187 ASSERT_GT(res, -1); 1188} 1189 1190TEST(MemorySanitizer, random_r) { 1191 int32_t x; 1192 char z[64]; 1193 memset(z, 0, sizeof(z)); 1194 1195 struct random_data buf; 1196 memset(&buf, 0, sizeof(buf)); 1197 1198 int res = initstate_r(0, z, sizeof(z), &buf); 1199 ASSERT_EQ(0, res); 1200 1201 res = random_r(&buf, &x); 1202 ASSERT_EQ(0, res); 1203 EXPECT_NOT_POISONED(x); 1204} 1205 1206TEST(MemorySanitizer, confstr) { 1207 char buf[3]; 1208 size_t res = confstr(_CS_PATH, buf, sizeof(buf)); 1209 ASSERT_GT(res, sizeof(buf)); 1210 EXPECT_NOT_POISONED(buf[0]); 1211 EXPECT_NOT_POISONED(buf[sizeof(buf) - 1]); 1212 1213 char buf2[1000]; 1214 res = confstr(_CS_PATH, buf2, sizeof(buf2)); 1215 ASSERT_LT(res, sizeof(buf2)); 1216 EXPECT_NOT_POISONED(buf2[0]); 1217 EXPECT_NOT_POISONED(buf2[res - 1]); 1218 EXPECT_POISONED(buf2[res]); 1219 ASSERT_EQ(res, strlen(buf2) + 1); 1220} 1221 1222TEST(MemorySanitizer, readdir) { 1223 DIR *dir = opendir("."); 1224 struct dirent *d = readdir(dir); 1225 ASSERT_TRUE(d != NULL); 1226 EXPECT_NOT_POISONED(d->d_name[0]); 1227 closedir(dir); 1228} 1229 1230TEST(MemorySanitizer, readdir_r) { 1231 DIR *dir = opendir("."); 1232 struct dirent d; 1233 struct dirent *pd; 1234 int res = readdir_r(dir, &d, &pd); 1235 ASSERT_EQ(0, res); 1236 EXPECT_NOT_POISONED(pd); 1237 EXPECT_NOT_POISONED(d.d_name[0]); 1238 closedir(dir); 1239} 1240 1241TEST(MemorySanitizer, realpath) { 1242 const char* relpath = "."; 1243 char path[PATH_MAX + 1]; 1244 char* res = realpath(relpath, path); 1245 ASSERT_TRUE(res != NULL); 1246 EXPECT_NOT_POISONED(path[0]); 1247} 1248 1249TEST(MemorySanitizer, realpath_null) { 1250 const char* relpath = "."; 1251 char* res = realpath(relpath, NULL); 1252 printf("%d, %s\n", errno, strerror(errno)); 1253 ASSERT_TRUE(res != NULL); 1254 EXPECT_NOT_POISONED(res[0]); 1255 free(res); 1256} 1257 1258TEST(MemorySanitizer, canonicalize_file_name) { 1259 const char* relpath = "."; 1260 char* res = canonicalize_file_name(relpath); 1261 ASSERT_TRUE(res != NULL); 1262 EXPECT_NOT_POISONED(res[0]); 1263 free(res); 1264} 1265 1266extern char **environ; 1267 1268TEST(MemorySanitizer, setenv) { 1269 setenv("AAA", "BBB", 1); 1270 for (char **envp = environ; *envp; ++envp) { 1271 EXPECT_NOT_POISONED(*envp); 1272 EXPECT_NOT_POISONED(*envp[0]); 1273 } 1274} 1275 1276TEST(MemorySanitizer, putenv) { 1277 char s[] = "AAA=BBB"; 1278 putenv(s); 1279 for (char **envp = environ; *envp; ++envp) { 1280 EXPECT_NOT_POISONED(*envp); 1281 EXPECT_NOT_POISONED(*envp[0]); 1282 } 1283} 1284 1285TEST(MemorySanitizer, memcpy) { 1286 char* x = new char[2]; 1287 char* y = new char[2]; 1288 x[0] = 1; 1289 x[1] = *GetPoisoned<char>(); 1290 memcpy(y, x, 2); 1291 EXPECT_NOT_POISONED(y[0]); 1292 EXPECT_POISONED(y[1]); 1293} 1294 1295void TestUnalignedMemcpy(unsigned left, unsigned right, bool src_is_aligned, 1296 bool src_is_poisoned, bool dst_is_poisoned) { 1297 fprintf(stderr, "%s(%d, %d, %d, %d, %d)\n", __func__, left, right, 1298 src_is_aligned, src_is_poisoned, dst_is_poisoned); 1299 1300 const unsigned sz = 20; 1301 U4 dst_origin, src_origin; 1302 char *dst = (char *)malloc(sz); 1303 if (dst_is_poisoned) 1304 dst_origin = __msan_get_origin(dst); 1305 else 1306 memset(dst, 0, sz); 1307 1308 char *src = (char *)malloc(sz); 1309 if (src_is_poisoned) 1310 src_origin = __msan_get_origin(src); 1311 else 1312 memset(src, 0, sz); 1313 1314 memcpy(dst + left, src_is_aligned ? src + left : src, sz - left - right); 1315 1316 for (unsigned i = 0; i < (left & (~3U)); ++i) 1317 if (dst_is_poisoned) 1318 EXPECT_POISONED_O(dst[i], dst_origin); 1319 else 1320 EXPECT_NOT_POISONED(dst[i]); 1321 1322 for (unsigned i = 0; i < (right & (~3U)); ++i) 1323 if (dst_is_poisoned) 1324 EXPECT_POISONED_O(dst[sz - i - 1], dst_origin); 1325 else 1326 EXPECT_NOT_POISONED(dst[sz - i - 1]); 1327 1328 for (unsigned i = left; i < sz - right; ++i) 1329 if (src_is_poisoned) 1330 EXPECT_POISONED_O(dst[i], src_origin); 1331 else 1332 EXPECT_NOT_POISONED(dst[i]); 1333 1334 free(dst); 1335 free(src); 1336} 1337 1338TEST(MemorySanitizer, memcpy_unaligned) { 1339 for (int i = 0; i < 10; ++i) 1340 for (int j = 0; j < 10; ++j) 1341 for (int aligned = 0; aligned < 2; ++aligned) 1342 for (int srcp = 0; srcp < 2; ++srcp) 1343 for (int dstp = 0; dstp < 2; ++dstp) 1344 TestUnalignedMemcpy(i, j, aligned, srcp, dstp); 1345} 1346 1347TEST(MemorySanitizer, memmove) { 1348 char* x = new char[2]; 1349 char* y = new char[2]; 1350 x[0] = 1; 1351 x[1] = *GetPoisoned<char>(); 1352 memmove(y, x, 2); 1353 EXPECT_NOT_POISONED(y[0]); 1354 EXPECT_POISONED(y[1]); 1355} 1356 1357TEST(MemorySanitizer, memccpy_nomatch) { 1358 char* x = new char[5]; 1359 char* y = new char[5]; 1360 strcpy(x, "abc"); 1361 memccpy(y, x, 'd', 4); 1362 EXPECT_NOT_POISONED(y[0]); 1363 EXPECT_NOT_POISONED(y[1]); 1364 EXPECT_NOT_POISONED(y[2]); 1365 EXPECT_NOT_POISONED(y[3]); 1366 EXPECT_POISONED(y[4]); 1367 delete[] x; 1368 delete[] y; 1369} 1370 1371TEST(MemorySanitizer, memccpy_match) { 1372 char* x = new char[5]; 1373 char* y = new char[5]; 1374 strcpy(x, "abc"); 1375 memccpy(y, x, 'b', 4); 1376 EXPECT_NOT_POISONED(y[0]); 1377 EXPECT_NOT_POISONED(y[1]); 1378 EXPECT_POISONED(y[2]); 1379 EXPECT_POISONED(y[3]); 1380 EXPECT_POISONED(y[4]); 1381 delete[] x; 1382 delete[] y; 1383} 1384 1385TEST(MemorySanitizer, memccpy_nomatch_positive) { 1386 char* x = new char[5]; 1387 char* y = new char[5]; 1388 strcpy(x, "abc"); 1389 EXPECT_UMR(memccpy(y, x, 'd', 5)); 1390 delete[] x; 1391 delete[] y; 1392} 1393 1394TEST(MemorySanitizer, memccpy_match_positive) { 1395 char* x = new char[5]; 1396 char* y = new char[5]; 1397 x[0] = 'a'; 1398 x[2] = 'b'; 1399 EXPECT_UMR(memccpy(y, x, 'b', 5)); 1400 delete[] x; 1401 delete[] y; 1402} 1403 1404TEST(MemorySanitizer, bcopy) { 1405 char* x = new char[2]; 1406 char* y = new char[2]; 1407 x[0] = 1; 1408 x[1] = *GetPoisoned<char>(); 1409 bcopy(x, y, 2); 1410 EXPECT_NOT_POISONED(y[0]); 1411 EXPECT_POISONED(y[1]); 1412} 1413 1414TEST(MemorySanitizer, strdup) { 1415 char buf[4] = "abc"; 1416 __msan_poison(buf + 2, sizeof(*buf)); 1417 char *x = strdup(buf); 1418 EXPECT_NOT_POISONED(x[0]); 1419 EXPECT_NOT_POISONED(x[1]); 1420 EXPECT_POISONED(x[2]); 1421 EXPECT_NOT_POISONED(x[3]); 1422 free(x); 1423} 1424 1425TEST(MemorySanitizer, strndup) { 1426 char buf[4] = "abc"; 1427 __msan_poison(buf + 2, sizeof(*buf)); 1428 char *x = strndup(buf, 3); 1429 EXPECT_NOT_POISONED(x[0]); 1430 EXPECT_NOT_POISONED(x[1]); 1431 EXPECT_POISONED(x[2]); 1432 EXPECT_NOT_POISONED(x[3]); 1433 free(x); 1434} 1435 1436TEST(MemorySanitizer, strndup_short) { 1437 char buf[4] = "abc"; 1438 __msan_poison(buf + 1, sizeof(*buf)); 1439 __msan_poison(buf + 2, sizeof(*buf)); 1440 char *x = strndup(buf, 2); 1441 EXPECT_NOT_POISONED(x[0]); 1442 EXPECT_POISONED(x[1]); 1443 EXPECT_NOT_POISONED(x[2]); 1444 free(x); 1445} 1446 1447 1448template<class T, int size> 1449void TestOverlapMemmove() { 1450 T *x = new T[size]; 1451 ASSERT_GE(size, 3); 1452 x[2] = 0; 1453 memmove(x, x + 1, (size - 1) * sizeof(T)); 1454 EXPECT_NOT_POISONED(x[1]); 1455 if (!__msan_has_dynamic_component()) { 1456 // FIXME: under DR we will lose this information 1457 // because accesses in memmove will unpoisin the shadow. 1458 // We need to use our own memove implementation instead of libc's. 1459 EXPECT_POISONED(x[0]); 1460 EXPECT_POISONED(x[2]); 1461 } 1462 delete [] x; 1463} 1464 1465TEST(MemorySanitizer, overlap_memmove) { 1466 TestOverlapMemmove<U1, 10>(); 1467 TestOverlapMemmove<U1, 1000>(); 1468 TestOverlapMemmove<U8, 4>(); 1469 TestOverlapMemmove<U8, 1000>(); 1470} 1471 1472TEST(MemorySanitizer, strcpy) { // NOLINT 1473 char* x = new char[3]; 1474 char* y = new char[3]; 1475 x[0] = 'a'; 1476 x[1] = *GetPoisoned<char>(1, 1); 1477 x[2] = 0; 1478 strcpy(y, x); // NOLINT 1479 EXPECT_NOT_POISONED(y[0]); 1480 EXPECT_POISONED(y[1]); 1481 EXPECT_NOT_POISONED(y[2]); 1482} 1483 1484TEST(MemorySanitizer, strncpy) { // NOLINT 1485 char* x = new char[3]; 1486 char* y = new char[3]; 1487 x[0] = 'a'; 1488 x[1] = *GetPoisoned<char>(1, 1); 1489 x[2] = 0; 1490 strncpy(y, x, 2); // NOLINT 1491 EXPECT_NOT_POISONED(y[0]); 1492 EXPECT_POISONED(y[1]); 1493 EXPECT_POISONED(y[2]); 1494} 1495 1496TEST(MemorySanitizer, stpcpy) { // NOLINT 1497 char* x = new char[3]; 1498 char* y = new char[3]; 1499 x[0] = 'a'; 1500 x[1] = *GetPoisoned<char>(1, 1); 1501 x[2] = 0; 1502 char *res = stpcpy(y, x); // NOLINT 1503 ASSERT_EQ(res, y + 2); 1504 EXPECT_NOT_POISONED(y[0]); 1505 EXPECT_POISONED(y[1]); 1506 EXPECT_NOT_POISONED(y[2]); 1507} 1508 1509TEST(MemorySanitizer, strcat) { // NOLINT 1510 char a[10]; 1511 char b[] = "def"; 1512 strcpy(a, "abc"); 1513 __msan_poison(b + 1, 1); 1514 strcat(a, b); 1515 EXPECT_NOT_POISONED(a[3]); 1516 EXPECT_POISONED(a[4]); 1517 EXPECT_NOT_POISONED(a[5]); 1518 EXPECT_NOT_POISONED(a[6]); 1519 EXPECT_POISONED(a[7]); 1520} 1521 1522TEST(MemorySanitizer, strncat) { // NOLINT 1523 char a[10]; 1524 char b[] = "def"; 1525 strcpy(a, "abc"); 1526 __msan_poison(b + 1, 1); 1527 strncat(a, b, 5); 1528 EXPECT_NOT_POISONED(a[3]); 1529 EXPECT_POISONED(a[4]); 1530 EXPECT_NOT_POISONED(a[5]); 1531 EXPECT_NOT_POISONED(a[6]); 1532 EXPECT_POISONED(a[7]); 1533} 1534 1535TEST(MemorySanitizer, strncat_overflow) { // NOLINT 1536 char a[10]; 1537 char b[] = "def"; 1538 strcpy(a, "abc"); 1539 __msan_poison(b + 1, 1); 1540 strncat(a, b, 2); 1541 EXPECT_NOT_POISONED(a[3]); 1542 EXPECT_POISONED(a[4]); 1543 EXPECT_NOT_POISONED(a[5]); 1544 EXPECT_POISONED(a[6]); 1545 EXPECT_POISONED(a[7]); 1546} 1547 1548#define TEST_STRTO_INT(func_name) \ 1549 TEST(MemorySanitizer, func_name) { \ 1550 char *e; \ 1551 EXPECT_EQ(1U, func_name("1", &e, 10)); \ 1552 EXPECT_NOT_POISONED((S8)e); \ 1553 } 1554 1555#define TEST_STRTO_FLOAT(func_name) \ 1556 TEST(MemorySanitizer, func_name) { \ 1557 char *e; \ 1558 EXPECT_NE(0, func_name("1.5", &e)); \ 1559 EXPECT_NOT_POISONED((S8)e); \ 1560 } 1561 1562#define TEST_STRTO_FLOAT_LOC(func_name) \ 1563 TEST(MemorySanitizer, func_name) { \ 1564 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \ 1565 char *e; \ 1566 EXPECT_NE(0, func_name("1.5", &e, loc)); \ 1567 EXPECT_NOT_POISONED((S8)e); \ 1568 freelocale(loc); \ 1569 } 1570 1571#define TEST_STRTO_INT_LOC(func_name) \ 1572 TEST(MemorySanitizer, func_name) { \ 1573 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \ 1574 char *e; \ 1575 ASSERT_EQ(1U, func_name("1", &e, 10, loc)); \ 1576 EXPECT_NOT_POISONED((S8)e); \ 1577 freelocale(loc); \ 1578 } 1579 1580TEST_STRTO_INT(strtol) 1581TEST_STRTO_INT(strtoll) 1582TEST_STRTO_INT(strtoul) 1583TEST_STRTO_INT(strtoull) 1584 1585TEST_STRTO_FLOAT(strtof) 1586TEST_STRTO_FLOAT(strtod) 1587TEST_STRTO_FLOAT(strtold) 1588 1589TEST_STRTO_FLOAT_LOC(strtof_l) 1590TEST_STRTO_FLOAT_LOC(strtod_l) 1591TEST_STRTO_FLOAT_LOC(strtold_l) 1592 1593TEST_STRTO_INT_LOC(strtol_l) 1594TEST_STRTO_INT_LOC(strtoll_l) 1595TEST_STRTO_INT_LOC(strtoul_l) 1596TEST_STRTO_INT_LOC(strtoull_l) 1597 1598TEST(MemorySanitizer, strtoimax) { 1599 char *e; 1600 ASSERT_EQ(1, strtoimax("1", &e, 10)); 1601 EXPECT_NOT_POISONED((S8) e); 1602} 1603 1604TEST(MemorySanitizer, strtoumax) { 1605 char *e; 1606 ASSERT_EQ(1U, strtoumax("1", &e, 10)); 1607 EXPECT_NOT_POISONED((S8) e); 1608} 1609 1610#ifdef __GLIBC__ 1611extern "C" float __strtof_l(const char *nptr, char **endptr, locale_t loc); 1612TEST_STRTO_FLOAT_LOC(__strtof_l) 1613extern "C" double __strtod_l(const char *nptr, char **endptr, locale_t loc); 1614TEST_STRTO_FLOAT_LOC(__strtod_l) 1615extern "C" long double __strtold_l(const char *nptr, char **endptr, 1616 locale_t loc); 1617TEST_STRTO_FLOAT_LOC(__strtold_l) 1618#endif // __GLIBC__ 1619 1620TEST(MemorySanitizer, modf) { 1621 double x, y; 1622 x = modf(2.1, &y); 1623 EXPECT_NOT_POISONED(y); 1624} 1625 1626TEST(MemorySanitizer, modff) { 1627 float x, y; 1628 x = modff(2.1, &y); 1629 EXPECT_NOT_POISONED(y); 1630} 1631 1632TEST(MemorySanitizer, modfl) { 1633 long double x, y; 1634 x = modfl(2.1, &y); 1635 EXPECT_NOT_POISONED(y); 1636} 1637 1638TEST(MemorySanitizer, sincos) { 1639 double s, c; 1640 sincos(0.2, &s, &c); 1641 EXPECT_NOT_POISONED(s); 1642 EXPECT_NOT_POISONED(c); 1643} 1644 1645TEST(MemorySanitizer, sincosf) { 1646 float s, c; 1647 sincosf(0.2, &s, &c); 1648 EXPECT_NOT_POISONED(s); 1649 EXPECT_NOT_POISONED(c); 1650} 1651 1652TEST(MemorySanitizer, sincosl) { 1653 long double s, c; 1654 sincosl(0.2, &s, &c); 1655 EXPECT_NOT_POISONED(s); 1656 EXPECT_NOT_POISONED(c); 1657} 1658 1659TEST(MemorySanitizer, remquo) { 1660 int quo; 1661 double res = remquo(29.0, 3.0, &quo); 1662 ASSERT_NE(0.0, res); 1663 EXPECT_NOT_POISONED(quo); 1664} 1665 1666TEST(MemorySanitizer, remquof) { 1667 int quo; 1668 float res = remquof(29.0, 3.0, &quo); 1669 ASSERT_NE(0.0, res); 1670 EXPECT_NOT_POISONED(quo); 1671} 1672 1673TEST(MemorySanitizer, remquol) { 1674 int quo; 1675 long double res = remquof(29.0, 3.0, &quo); 1676 ASSERT_NE(0.0, res); 1677 EXPECT_NOT_POISONED(quo); 1678} 1679 1680TEST(MemorySanitizer, lgamma) { 1681 double res = lgamma(1.1); 1682 ASSERT_NE(0.0, res); 1683 EXPECT_NOT_POISONED(signgam); 1684} 1685 1686TEST(MemorySanitizer, lgammaf) { 1687 float res = lgammaf(1.1); 1688 ASSERT_NE(0.0, res); 1689 EXPECT_NOT_POISONED(signgam); 1690} 1691 1692TEST(MemorySanitizer, lgammal) { 1693 long double res = lgammal(1.1); 1694 ASSERT_NE(0.0, res); 1695 EXPECT_NOT_POISONED(signgam); 1696} 1697 1698TEST(MemorySanitizer, lgamma_r) { 1699 int sgn; 1700 double res = lgamma_r(1.1, &sgn); 1701 ASSERT_NE(0.0, res); 1702 EXPECT_NOT_POISONED(sgn); 1703} 1704 1705TEST(MemorySanitizer, lgammaf_r) { 1706 int sgn; 1707 float res = lgammaf_r(1.1, &sgn); 1708 ASSERT_NE(0.0, res); 1709 EXPECT_NOT_POISONED(sgn); 1710} 1711 1712TEST(MemorySanitizer, lgammal_r) { 1713 int sgn; 1714 long double res = lgammal_r(1.1, &sgn); 1715 ASSERT_NE(0.0, res); 1716 EXPECT_NOT_POISONED(sgn); 1717} 1718 1719TEST(MemorySanitizer, drand48_r) { 1720 struct drand48_data buf; 1721 srand48_r(0, &buf); 1722 double d; 1723 drand48_r(&buf, &d); 1724 EXPECT_NOT_POISONED(d); 1725} 1726 1727TEST(MemorySanitizer, lrand48_r) { 1728 struct drand48_data buf; 1729 srand48_r(0, &buf); 1730 long d; 1731 lrand48_r(&buf, &d); 1732 EXPECT_NOT_POISONED(d); 1733} 1734 1735TEST(MemorySanitizer, sprintf) { // NOLINT 1736 char buff[10]; 1737 break_optimization(buff); 1738 EXPECT_POISONED(buff[0]); 1739 int res = sprintf(buff, "%d", 1234567); // NOLINT 1740 ASSERT_EQ(res, 7); 1741 ASSERT_EQ(buff[0], '1'); 1742 ASSERT_EQ(buff[1], '2'); 1743 ASSERT_EQ(buff[2], '3'); 1744 ASSERT_EQ(buff[6], '7'); 1745 ASSERT_EQ(buff[7], 0); 1746 EXPECT_POISONED(buff[8]); 1747} 1748 1749TEST(MemorySanitizer, snprintf) { 1750 char buff[10]; 1751 break_optimization(buff); 1752 EXPECT_POISONED(buff[0]); 1753 int res = snprintf(buff, sizeof(buff), "%d", 1234567); 1754 ASSERT_EQ(res, 7); 1755 ASSERT_EQ(buff[0], '1'); 1756 ASSERT_EQ(buff[1], '2'); 1757 ASSERT_EQ(buff[2], '3'); 1758 ASSERT_EQ(buff[6], '7'); 1759 ASSERT_EQ(buff[7], 0); 1760 EXPECT_POISONED(buff[8]); 1761} 1762 1763TEST(MemorySanitizer, swprintf) { 1764 wchar_t buff[10]; 1765 ASSERT_EQ(4U, sizeof(wchar_t)); 1766 break_optimization(buff); 1767 EXPECT_POISONED(buff[0]); 1768 int res = swprintf(buff, 9, L"%d", 1234567); 1769 ASSERT_EQ(res, 7); 1770 ASSERT_EQ(buff[0], '1'); 1771 ASSERT_EQ(buff[1], '2'); 1772 ASSERT_EQ(buff[2], '3'); 1773 ASSERT_EQ(buff[6], '7'); 1774 ASSERT_EQ(buff[7], 0); 1775 EXPECT_POISONED(buff[8]); 1776} 1777 1778TEST(MemorySanitizer, asprintf) { // NOLINT 1779 char *pbuf; 1780 EXPECT_POISONED(pbuf); 1781 int res = asprintf(&pbuf, "%d", 1234567); // NOLINT 1782 ASSERT_EQ(res, 7); 1783 EXPECT_NOT_POISONED(pbuf); 1784 ASSERT_EQ(pbuf[0], '1'); 1785 ASSERT_EQ(pbuf[1], '2'); 1786 ASSERT_EQ(pbuf[2], '3'); 1787 ASSERT_EQ(pbuf[6], '7'); 1788 ASSERT_EQ(pbuf[7], 0); 1789 free(pbuf); 1790} 1791 1792TEST(MemorySanitizer, mbstowcs) { 1793 const char *x = "abc"; 1794 wchar_t buff[10]; 1795 int res = mbstowcs(buff, x, 2); 1796 EXPECT_EQ(2, res); 1797 EXPECT_EQ(L'a', buff[0]); 1798 EXPECT_EQ(L'b', buff[1]); 1799 EXPECT_POISONED(buff[2]); 1800 res = mbstowcs(buff, x, 10); 1801 EXPECT_EQ(3, res); 1802 EXPECT_NOT_POISONED(buff[3]); 1803} 1804 1805TEST(MemorySanitizer, wcstombs) { 1806 const wchar_t *x = L"abc"; 1807 char buff[10]; 1808 int res = wcstombs(buff, x, 4); 1809 EXPECT_EQ(res, 3); 1810 EXPECT_EQ(buff[0], 'a'); 1811 EXPECT_EQ(buff[1], 'b'); 1812 EXPECT_EQ(buff[2], 'c'); 1813} 1814 1815TEST(MemorySanitizer, wcsrtombs) { 1816 const wchar_t *x = L"abc"; 1817 const wchar_t *p = x; 1818 char buff[10]; 1819 mbstate_t mbs; 1820 memset(&mbs, 0, sizeof(mbs)); 1821 int res = wcsrtombs(buff, &p, 4, &mbs); 1822 EXPECT_EQ(res, 3); 1823 EXPECT_EQ(buff[0], 'a'); 1824 EXPECT_EQ(buff[1], 'b'); 1825 EXPECT_EQ(buff[2], 'c'); 1826 EXPECT_EQ(buff[3], '\0'); 1827 EXPECT_POISONED(buff[4]); 1828} 1829 1830TEST(MemorySanitizer, wcsnrtombs) { 1831 const wchar_t *x = L"abc"; 1832 const wchar_t *p = x; 1833 char buff[10]; 1834 mbstate_t mbs; 1835 memset(&mbs, 0, sizeof(mbs)); 1836 int res = wcsnrtombs(buff, &p, 2, 4, &mbs); 1837 EXPECT_EQ(res, 2); 1838 EXPECT_EQ(buff[0], 'a'); 1839 EXPECT_EQ(buff[1], 'b'); 1840 EXPECT_POISONED(buff[2]); 1841} 1842 1843TEST(MemorySanitizer, mbtowc) { 1844 const char *x = "abc"; 1845 wchar_t wx; 1846 int res = mbtowc(&wx, x, 3); 1847 EXPECT_GT(res, 0); 1848 EXPECT_NOT_POISONED(wx); 1849} 1850 1851TEST(MemorySanitizer, mbrtowc) { 1852 const char *x = "abc"; 1853 wchar_t wx; 1854 mbstate_t mbs; 1855 memset(&mbs, 0, sizeof(mbs)); 1856 int res = mbrtowc(&wx, x, 3, &mbs); 1857 EXPECT_GT(res, 0); 1858 EXPECT_NOT_POISONED(wx); 1859} 1860 1861TEST(MemorySanitizer, wcsftime) { 1862 wchar_t x[100]; 1863 time_t t = time(NULL); 1864 struct tm tms; 1865 struct tm *tmres = localtime_r(&t, &tms); 1866 ASSERT_NE((void *)0, tmres); 1867 size_t res = wcsftime(x, sizeof(x) / sizeof(x[0]), L"%Y-%m-%d", tmres); 1868 EXPECT_GT(res, 0UL); 1869 EXPECT_EQ(res, wcslen(x)); 1870} 1871 1872TEST(MemorySanitizer, gettimeofday) { 1873 struct timeval tv; 1874 struct timezone tz; 1875 break_optimization(&tv); 1876 break_optimization(&tz); 1877 ASSERT_EQ(16U, sizeof(tv)); 1878 ASSERT_EQ(8U, sizeof(tz)); 1879 EXPECT_POISONED(tv.tv_sec); 1880 EXPECT_POISONED(tv.tv_usec); 1881 EXPECT_POISONED(tz.tz_minuteswest); 1882 EXPECT_POISONED(tz.tz_dsttime); 1883 ASSERT_EQ(0, gettimeofday(&tv, &tz)); 1884 EXPECT_NOT_POISONED(tv.tv_sec); 1885 EXPECT_NOT_POISONED(tv.tv_usec); 1886 EXPECT_NOT_POISONED(tz.tz_minuteswest); 1887 EXPECT_NOT_POISONED(tz.tz_dsttime); 1888} 1889 1890TEST(MemorySanitizer, clock_gettime) { 1891 struct timespec tp; 1892 EXPECT_POISONED(tp.tv_sec); 1893 EXPECT_POISONED(tp.tv_nsec); 1894 ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); 1895 EXPECT_NOT_POISONED(tp.tv_sec); 1896 EXPECT_NOT_POISONED(tp.tv_nsec); 1897} 1898 1899TEST(MemorySanitizer, clock_getres) { 1900 struct timespec tp; 1901 EXPECT_POISONED(tp.tv_sec); 1902 EXPECT_POISONED(tp.tv_nsec); 1903 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, 0)); 1904 EXPECT_POISONED(tp.tv_sec); 1905 EXPECT_POISONED(tp.tv_nsec); 1906 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, &tp)); 1907 EXPECT_NOT_POISONED(tp.tv_sec); 1908 EXPECT_NOT_POISONED(tp.tv_nsec); 1909} 1910 1911TEST(MemorySanitizer, getitimer) { 1912 struct itimerval it1, it2; 1913 int res; 1914 EXPECT_POISONED(it1.it_interval.tv_sec); 1915 EXPECT_POISONED(it1.it_interval.tv_usec); 1916 EXPECT_POISONED(it1.it_value.tv_sec); 1917 EXPECT_POISONED(it1.it_value.tv_usec); 1918 res = getitimer(ITIMER_VIRTUAL, &it1); 1919 ASSERT_EQ(0, res); 1920 EXPECT_NOT_POISONED(it1.it_interval.tv_sec); 1921 EXPECT_NOT_POISONED(it1.it_interval.tv_usec); 1922 EXPECT_NOT_POISONED(it1.it_value.tv_sec); 1923 EXPECT_NOT_POISONED(it1.it_value.tv_usec); 1924 1925 it1.it_interval.tv_sec = it1.it_value.tv_sec = 10000; 1926 it1.it_interval.tv_usec = it1.it_value.tv_usec = 0; 1927 1928 res = setitimer(ITIMER_VIRTUAL, &it1, &it2); 1929 ASSERT_EQ(0, res); 1930 EXPECT_NOT_POISONED(it2.it_interval.tv_sec); 1931 EXPECT_NOT_POISONED(it2.it_interval.tv_usec); 1932 EXPECT_NOT_POISONED(it2.it_value.tv_sec); 1933 EXPECT_NOT_POISONED(it2.it_value.tv_usec); 1934 1935 // Check that old_value can be 0, and disable the timer. 1936 memset(&it1, 0, sizeof(it1)); 1937 res = setitimer(ITIMER_VIRTUAL, &it1, 0); 1938 ASSERT_EQ(0, res); 1939} 1940 1941TEST(MemorySanitizer, setitimer_null) { 1942 setitimer(ITIMER_VIRTUAL, 0, 0); 1943 // Not testing the return value, since it the behaviour seems to differ 1944 // between libc implementations and POSIX. 1945 // Should never crash, though. 1946} 1947 1948TEST(MemorySanitizer, time) { 1949 time_t t; 1950 EXPECT_POISONED(t); 1951 time_t t2 = time(&t); 1952 ASSERT_NE(t2, (time_t)-1); 1953 EXPECT_NOT_POISONED(t); 1954} 1955 1956TEST(MemorySanitizer, strptime) { 1957 struct tm time; 1958 char *p = strptime("11/1/2013-05:39", "%m/%d/%Y-%H:%M", &time); 1959 ASSERT_TRUE(p != NULL); 1960 EXPECT_NOT_POISONED(time.tm_sec); 1961 EXPECT_NOT_POISONED(time.tm_hour); 1962 EXPECT_NOT_POISONED(time.tm_year); 1963} 1964 1965TEST(MemorySanitizer, localtime) { 1966 time_t t = 123; 1967 struct tm *time = localtime(&t); 1968 ASSERT_TRUE(time != NULL); 1969 EXPECT_NOT_POISONED(time->tm_sec); 1970 EXPECT_NOT_POISONED(time->tm_hour); 1971 EXPECT_NOT_POISONED(time->tm_year); 1972 EXPECT_NOT_POISONED(time->tm_isdst); 1973 EXPECT_NE(0U, strlen(time->tm_zone)); 1974} 1975 1976TEST(MemorySanitizer, localtime_r) { 1977 time_t t = 123; 1978 struct tm time; 1979 struct tm *res = localtime_r(&t, &time); 1980 ASSERT_TRUE(res != NULL); 1981 EXPECT_NOT_POISONED(time.tm_sec); 1982 EXPECT_NOT_POISONED(time.tm_hour); 1983 EXPECT_NOT_POISONED(time.tm_year); 1984 EXPECT_NOT_POISONED(time.tm_isdst); 1985 EXPECT_NE(0U, strlen(time.tm_zone)); 1986} 1987 1988TEST(MemorySanitizer, getmntent) { 1989 FILE *fp = setmntent("/etc/fstab", "r"); 1990 struct mntent *mnt = getmntent(fp); 1991 ASSERT_TRUE(mnt != NULL); 1992 ASSERT_NE(0U, strlen(mnt->mnt_fsname)); 1993 ASSERT_NE(0U, strlen(mnt->mnt_dir)); 1994 ASSERT_NE(0U, strlen(mnt->mnt_type)); 1995 ASSERT_NE(0U, strlen(mnt->mnt_opts)); 1996 EXPECT_NOT_POISONED(mnt->mnt_freq); 1997 EXPECT_NOT_POISONED(mnt->mnt_passno); 1998 fclose(fp); 1999} 2000 2001TEST(MemorySanitizer, getmntent_r) { 2002 FILE *fp = setmntent("/etc/fstab", "r"); 2003 struct mntent mntbuf; 2004 char buf[1000]; 2005 struct mntent *mnt = getmntent_r(fp, &mntbuf, buf, sizeof(buf)); 2006 ASSERT_TRUE(mnt != NULL); 2007 ASSERT_NE(0U, strlen(mnt->mnt_fsname)); 2008 ASSERT_NE(0U, strlen(mnt->mnt_dir)); 2009 ASSERT_NE(0U, strlen(mnt->mnt_type)); 2010 ASSERT_NE(0U, strlen(mnt->mnt_opts)); 2011 EXPECT_NOT_POISONED(mnt->mnt_freq); 2012 EXPECT_NOT_POISONED(mnt->mnt_passno); 2013 fclose(fp); 2014} 2015 2016TEST(MemorySanitizer, ether) { 2017 const char *asc = "11:22:33:44:55:66"; 2018 struct ether_addr *paddr = ether_aton(asc); 2019 EXPECT_NOT_POISONED(*paddr); 2020 2021 struct ether_addr addr; 2022 paddr = ether_aton_r(asc, &addr); 2023 ASSERT_EQ(paddr, &addr); 2024 EXPECT_NOT_POISONED(addr); 2025 2026 char *s = ether_ntoa(&addr); 2027 ASSERT_NE(0U, strlen(s)); 2028 2029 char buf[100]; 2030 s = ether_ntoa_r(&addr, buf); 2031 ASSERT_EQ(s, buf); 2032 ASSERT_NE(0U, strlen(buf)); 2033} 2034 2035TEST(MemorySanitizer, mmap) { 2036 const int size = 4096; 2037 void *p1, *p2; 2038 p1 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 2039 __msan_poison(p1, size); 2040 munmap(p1, size); 2041 for (int i = 0; i < 1000; i++) { 2042 p2 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 2043 if (p2 == p1) 2044 break; 2045 else 2046 munmap(p2, size); 2047 } 2048 if (p1 == p2) { 2049 EXPECT_NOT_POISONED(*(char*)p2); 2050 munmap(p2, size); 2051 } 2052} 2053 2054// FIXME: enable and add ecvt. 2055// FIXME: check why msandr does nt handle fcvt. 2056TEST(MemorySanitizer, fcvt) { 2057 int a, b; 2058 break_optimization(&a); 2059 break_optimization(&b); 2060 EXPECT_POISONED(a); 2061 EXPECT_POISONED(b); 2062 char *str = fcvt(12345.6789, 10, &a, &b); 2063 EXPECT_NOT_POISONED(a); 2064 EXPECT_NOT_POISONED(b); 2065} 2066 2067TEST(MemorySanitizer, memchr) { 2068 char x[10]; 2069 break_optimization(x); 2070 EXPECT_POISONED(x[0]); 2071 x[2] = '2'; 2072 void *res; 2073 EXPECT_UMR(res = memchr(x, '2', 10)); 2074 EXPECT_NOT_POISONED(res); 2075 x[0] = '0'; 2076 x[1] = '1'; 2077 res = memchr(x, '2', 10); 2078 EXPECT_EQ(&x[2], res); 2079 EXPECT_UMR(res = memchr(x, '3', 10)); 2080 EXPECT_NOT_POISONED(res); 2081} 2082 2083TEST(MemorySanitizer, memrchr) { 2084 char x[10]; 2085 break_optimization(x); 2086 EXPECT_POISONED(x[0]); 2087 x[9] = '9'; 2088 void *res; 2089 EXPECT_UMR(res = memrchr(x, '9', 10)); 2090 EXPECT_NOT_POISONED(res); 2091 x[0] = '0'; 2092 x[1] = '1'; 2093 res = memrchr(x, '0', 2); 2094 EXPECT_EQ(&x[0], res); 2095 EXPECT_UMR(res = memrchr(x, '7', 10)); 2096 EXPECT_NOT_POISONED(res); 2097} 2098 2099TEST(MemorySanitizer, frexp) { 2100 int x; 2101 x = *GetPoisoned<int>(); 2102 double r = frexp(1.1, &x); 2103 EXPECT_NOT_POISONED(r); 2104 EXPECT_NOT_POISONED(x); 2105 2106 x = *GetPoisoned<int>(); 2107 float rf = frexpf(1.1, &x); 2108 EXPECT_NOT_POISONED(rf); 2109 EXPECT_NOT_POISONED(x); 2110 2111 x = *GetPoisoned<int>(); 2112 double rl = frexpl(1.1, &x); 2113 EXPECT_NOT_POISONED(rl); 2114 EXPECT_NOT_POISONED(x); 2115} 2116 2117namespace { 2118 2119static int cnt; 2120 2121void SigactionHandler(int signo, siginfo_t* si, void* uc) { 2122 ASSERT_EQ(signo, SIGPROF); 2123 ASSERT_TRUE(si != NULL); 2124 EXPECT_NOT_POISONED(si->si_errno); 2125 EXPECT_NOT_POISONED(si->si_pid); 2126#if __linux__ 2127# if defined(__x86_64__) 2128 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_RIP]); 2129# elif defined(__i386__) 2130 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_EIP]); 2131# endif 2132#endif 2133 ++cnt; 2134} 2135 2136TEST(MemorySanitizer, sigaction) { 2137 struct sigaction act = {}; 2138 struct sigaction oldact = {}; 2139 struct sigaction origact = {}; 2140 2141 sigaction(SIGPROF, 0, &origact); 2142 2143 act.sa_flags |= SA_SIGINFO; 2144 act.sa_sigaction = &SigactionHandler; 2145 sigaction(SIGPROF, &act, 0); 2146 2147 kill(getpid(), SIGPROF); 2148 2149 act.sa_flags &= ~SA_SIGINFO; 2150 act.sa_handler = SIG_DFL; 2151 sigaction(SIGPROF, &act, 0); 2152 2153 act.sa_flags &= ~SA_SIGINFO; 2154 act.sa_handler = SIG_IGN; 2155 sigaction(SIGPROF, &act, &oldact); 2156 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 2157 EXPECT_EQ(SIG_DFL, oldact.sa_handler); 2158 kill(getpid(), SIGPROF); 2159 2160 act.sa_flags |= SA_SIGINFO; 2161 act.sa_sigaction = &SigactionHandler; 2162 sigaction(SIGPROF, &act, &oldact); 2163 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 2164 EXPECT_EQ(SIG_IGN, oldact.sa_handler); 2165 kill(getpid(), SIGPROF); 2166 2167 act.sa_flags &= ~SA_SIGINFO; 2168 act.sa_handler = SIG_DFL; 2169 sigaction(SIGPROF, &act, &oldact); 2170 EXPECT_TRUE(oldact.sa_flags & SA_SIGINFO); 2171 EXPECT_EQ(&SigactionHandler, oldact.sa_sigaction); 2172 EXPECT_EQ(2, cnt); 2173 2174 sigaction(SIGPROF, &origact, 0); 2175} 2176 2177} // namespace 2178 2179 2180TEST(MemorySanitizer, sigemptyset) { 2181 sigset_t s; 2182 EXPECT_POISONED(s); 2183 int res = sigemptyset(&s); 2184 ASSERT_EQ(0, res); 2185 EXPECT_NOT_POISONED(s); 2186} 2187 2188TEST(MemorySanitizer, sigfillset) { 2189 sigset_t s; 2190 EXPECT_POISONED(s); 2191 int res = sigfillset(&s); 2192 ASSERT_EQ(0, res); 2193 EXPECT_NOT_POISONED(s); 2194} 2195 2196TEST(MemorySanitizer, sigpending) { 2197 sigset_t s; 2198 EXPECT_POISONED(s); 2199 int res = sigpending(&s); 2200 ASSERT_EQ(0, res); 2201 EXPECT_NOT_POISONED(s); 2202} 2203 2204TEST(MemorySanitizer, sigprocmask) { 2205 sigset_t s; 2206 EXPECT_POISONED(s); 2207 int res = sigprocmask(SIG_BLOCK, 0, &s); 2208 ASSERT_EQ(0, res); 2209 EXPECT_NOT_POISONED(s); 2210} 2211 2212struct StructWithDtor { 2213 ~StructWithDtor(); 2214}; 2215 2216NOINLINE StructWithDtor::~StructWithDtor() { 2217 break_optimization(0); 2218} 2219 2220TEST(MemorySanitizer, Invoke) { 2221 StructWithDtor s; // Will cause the calls to become invokes. 2222 EXPECT_NOT_POISONED(0); 2223 EXPECT_POISONED(*GetPoisoned<int>()); 2224 EXPECT_NOT_POISONED(0); 2225 EXPECT_POISONED(*GetPoisoned<int>()); 2226 EXPECT_POISONED(ReturnPoisoned<S4>()); 2227} 2228 2229TEST(MemorySanitizer, ptrtoint) { 2230 // Test that shadow is propagated through pointer-to-integer conversion. 2231 void* p = (void*)0xABCD; 2232 __msan_poison(((char*)&p) + 1, sizeof(p)); 2233 EXPECT_NOT_POISONED((((uintptr_t)p) & 0xFF) == 0); 2234 2235 void* q = (void*)0xABCD; 2236 __msan_poison(&q, sizeof(q) - 1); 2237 EXPECT_POISONED((((uintptr_t)q) & 0xFF) == 0); 2238} 2239 2240static void vaargsfn2(int guard, ...) { 2241 va_list vl; 2242 va_start(vl, guard); 2243 EXPECT_NOT_POISONED(va_arg(vl, int)); 2244 EXPECT_NOT_POISONED(va_arg(vl, int)); 2245 EXPECT_NOT_POISONED(va_arg(vl, int)); 2246 EXPECT_POISONED(va_arg(vl, double)); 2247 va_end(vl); 2248} 2249 2250static void vaargsfn(int guard, ...) { 2251 va_list vl; 2252 va_start(vl, guard); 2253 EXPECT_NOT_POISONED(va_arg(vl, int)); 2254 EXPECT_POISONED(va_arg(vl, int)); 2255 // The following call will overwrite __msan_param_tls. 2256 // Checks after it test that arg shadow was somehow saved across the call. 2257 vaargsfn2(1, 2, 3, 4, *GetPoisoned<double>()); 2258 EXPECT_NOT_POISONED(va_arg(vl, int)); 2259 EXPECT_POISONED(va_arg(vl, int)); 2260 va_end(vl); 2261} 2262 2263TEST(MemorySanitizer, VAArgTest) { 2264 int* x = GetPoisoned<int>(); 2265 int* y = GetPoisoned<int>(4); 2266 vaargsfn(1, 13, *x, 42, *y); 2267} 2268 2269static void vaargsfn_many(int guard, ...) { 2270 va_list vl; 2271 va_start(vl, guard); 2272 EXPECT_NOT_POISONED(va_arg(vl, int)); 2273 EXPECT_POISONED(va_arg(vl, int)); 2274 EXPECT_NOT_POISONED(va_arg(vl, int)); 2275 EXPECT_NOT_POISONED(va_arg(vl, int)); 2276 EXPECT_NOT_POISONED(va_arg(vl, int)); 2277 EXPECT_NOT_POISONED(va_arg(vl, int)); 2278 EXPECT_NOT_POISONED(va_arg(vl, int)); 2279 EXPECT_NOT_POISONED(va_arg(vl, int)); 2280 EXPECT_NOT_POISONED(va_arg(vl, int)); 2281 EXPECT_POISONED(va_arg(vl, int)); 2282 va_end(vl); 2283} 2284 2285TEST(MemorySanitizer, VAArgManyTest) { 2286 int* x = GetPoisoned<int>(); 2287 int* y = GetPoisoned<int>(4); 2288 vaargsfn_many(1, 2, *x, 3, 4, 5, 6, 7, 8, 9, *y); 2289} 2290 2291static void vaargsfn_pass2(va_list vl) { 2292 EXPECT_NOT_POISONED(va_arg(vl, int)); 2293 EXPECT_NOT_POISONED(va_arg(vl, int)); 2294 EXPECT_POISONED(va_arg(vl, int)); 2295} 2296 2297static void vaargsfn_pass(int guard, ...) { 2298 va_list vl; 2299 va_start(vl, guard); 2300 EXPECT_POISONED(va_arg(vl, int)); 2301 vaargsfn_pass2(vl); 2302 va_end(vl); 2303} 2304 2305TEST(MemorySanitizer, VAArgPass) { 2306 int* x = GetPoisoned<int>(); 2307 int* y = GetPoisoned<int>(4); 2308 vaargsfn_pass(1, *x, 2, 3, *y); 2309} 2310 2311static void vaargsfn_copy2(va_list vl) { 2312 EXPECT_NOT_POISONED(va_arg(vl, int)); 2313 EXPECT_POISONED(va_arg(vl, int)); 2314} 2315 2316static void vaargsfn_copy(int guard, ...) { 2317 va_list vl; 2318 va_start(vl, guard); 2319 EXPECT_NOT_POISONED(va_arg(vl, int)); 2320 EXPECT_POISONED(va_arg(vl, int)); 2321 va_list vl2; 2322 va_copy(vl2, vl); 2323 vaargsfn_copy2(vl2); 2324 EXPECT_NOT_POISONED(va_arg(vl, int)); 2325 EXPECT_POISONED(va_arg(vl, int)); 2326 va_end(vl); 2327} 2328 2329TEST(MemorySanitizer, VAArgCopy) { 2330 int* x = GetPoisoned<int>(); 2331 int* y = GetPoisoned<int>(4); 2332 vaargsfn_copy(1, 2, *x, 3, *y); 2333} 2334 2335static void vaargsfn_ptr(int guard, ...) { 2336 va_list vl; 2337 va_start(vl, guard); 2338 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2339 EXPECT_POISONED(va_arg(vl, int*)); 2340 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2341 EXPECT_POISONED(va_arg(vl, double*)); 2342 va_end(vl); 2343} 2344 2345TEST(MemorySanitizer, VAArgPtr) { 2346 int** x = GetPoisoned<int*>(); 2347 double** y = GetPoisoned<double*>(8); 2348 int z; 2349 vaargsfn_ptr(1, &z, *x, &z, *y); 2350} 2351 2352static void vaargsfn_overflow(int guard, ...) { 2353 va_list vl; 2354 va_start(vl, guard); 2355 EXPECT_NOT_POISONED(va_arg(vl, int)); 2356 EXPECT_NOT_POISONED(va_arg(vl, int)); 2357 EXPECT_POISONED(va_arg(vl, int)); 2358 EXPECT_NOT_POISONED(va_arg(vl, int)); 2359 EXPECT_NOT_POISONED(va_arg(vl, int)); 2360 EXPECT_NOT_POISONED(va_arg(vl, int)); 2361 2362 EXPECT_NOT_POISONED(va_arg(vl, double)); 2363 EXPECT_NOT_POISONED(va_arg(vl, double)); 2364 EXPECT_NOT_POISONED(va_arg(vl, double)); 2365 EXPECT_POISONED(va_arg(vl, double)); 2366 EXPECT_NOT_POISONED(va_arg(vl, double)); 2367 EXPECT_POISONED(va_arg(vl, int*)); 2368 EXPECT_NOT_POISONED(va_arg(vl, double)); 2369 EXPECT_NOT_POISONED(va_arg(vl, double)); 2370 2371 EXPECT_POISONED(va_arg(vl, int)); 2372 EXPECT_POISONED(va_arg(vl, double)); 2373 EXPECT_POISONED(va_arg(vl, int*)); 2374 2375 EXPECT_NOT_POISONED(va_arg(vl, int)); 2376 EXPECT_NOT_POISONED(va_arg(vl, double)); 2377 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2378 2379 EXPECT_POISONED(va_arg(vl, int)); 2380 EXPECT_POISONED(va_arg(vl, double)); 2381 EXPECT_POISONED(va_arg(vl, int*)); 2382 2383 va_end(vl); 2384} 2385 2386TEST(MemorySanitizer, VAArgOverflow) { 2387 int* x = GetPoisoned<int>(); 2388 double* y = GetPoisoned<double>(8); 2389 int** p = GetPoisoned<int*>(16); 2390 int z; 2391 vaargsfn_overflow(1, 2392 1, 2, *x, 4, 5, 6, 2393 1.1, 2.2, 3.3, *y, 5.5, *p, 7.7, 8.8, 2394 // the following args will overflow for sure 2395 *x, *y, *p, 2396 7, 9.9, &z, 2397 *x, *y, *p); 2398} 2399 2400static void vaargsfn_tlsoverwrite2(int guard, ...) { 2401 va_list vl; 2402 va_start(vl, guard); 2403 for (int i = 0; i < 20; ++i) 2404 EXPECT_NOT_POISONED(va_arg(vl, int)); 2405 va_end(vl); 2406} 2407 2408static void vaargsfn_tlsoverwrite(int guard, ...) { 2409 // This call will overwrite TLS contents unless it's backed up somewhere. 2410 vaargsfn_tlsoverwrite2(2, 2411 42, 42, 42, 42, 42, 2412 42, 42, 42, 42, 42, 2413 42, 42, 42, 42, 42, 2414 42, 42, 42, 42, 42); // 20x 2415 va_list vl; 2416 va_start(vl, guard); 2417 for (int i = 0; i < 20; ++i) 2418 EXPECT_POISONED(va_arg(vl, int)); 2419 va_end(vl); 2420} 2421 2422TEST(MemorySanitizer, VAArgTLSOverwrite) { 2423 int* x = GetPoisoned<int>(); 2424 vaargsfn_tlsoverwrite(1, 2425 *x, *x, *x, *x, *x, 2426 *x, *x, *x, *x, *x, 2427 *x, *x, *x, *x, *x, 2428 *x, *x, *x, *x, *x); // 20x 2429 2430} 2431 2432struct StructByVal { 2433 int a, b, c, d, e, f; 2434}; 2435 2436static void vaargsfn_structbyval(int guard, ...) { 2437 va_list vl; 2438 va_start(vl, guard); 2439 { 2440 StructByVal s = va_arg(vl, StructByVal); 2441 EXPECT_NOT_POISONED(s.a); 2442 EXPECT_POISONED(s.b); 2443 EXPECT_NOT_POISONED(s.c); 2444 EXPECT_POISONED(s.d); 2445 EXPECT_NOT_POISONED(s.e); 2446 EXPECT_POISONED(s.f); 2447 } 2448 { 2449 StructByVal s = va_arg(vl, StructByVal); 2450 EXPECT_NOT_POISONED(s.a); 2451 EXPECT_POISONED(s.b); 2452 EXPECT_NOT_POISONED(s.c); 2453 EXPECT_POISONED(s.d); 2454 EXPECT_NOT_POISONED(s.e); 2455 EXPECT_POISONED(s.f); 2456 } 2457 va_end(vl); 2458} 2459 2460TEST(MemorySanitizer, VAArgStructByVal) { 2461 StructByVal s; 2462 s.a = 1; 2463 s.b = *GetPoisoned<int>(); 2464 s.c = 2; 2465 s.d = *GetPoisoned<int>(); 2466 s.e = 3; 2467 s.f = *GetPoisoned<int>(); 2468 vaargsfn_structbyval(0, s, s); 2469} 2470 2471NOINLINE void StructByValTestFunc(struct StructByVal s) { 2472 EXPECT_NOT_POISONED(s.a); 2473 EXPECT_POISONED(s.b); 2474 EXPECT_NOT_POISONED(s.c); 2475 EXPECT_POISONED(s.d); 2476 EXPECT_NOT_POISONED(s.e); 2477 EXPECT_POISONED(s.f); 2478} 2479 2480NOINLINE void StructByValTestFunc1(struct StructByVal s) { 2481 StructByValTestFunc(s); 2482} 2483 2484NOINLINE void StructByValTestFunc2(int z, struct StructByVal s) { 2485 StructByValTestFunc(s); 2486} 2487 2488TEST(MemorySanitizer, StructByVal) { 2489 // Large aggregates are passed as "byval" pointer argument in LLVM. 2490 struct StructByVal s; 2491 s.a = 1; 2492 s.b = *GetPoisoned<int>(); 2493 s.c = 2; 2494 s.d = *GetPoisoned<int>(); 2495 s.e = 3; 2496 s.f = *GetPoisoned<int>(); 2497 StructByValTestFunc(s); 2498 StructByValTestFunc1(s); 2499 StructByValTestFunc2(0, s); 2500} 2501 2502 2503#if MSAN_HAS_M128 2504NOINLINE __m128i m128Eq(__m128i *a, __m128i *b) { return _mm_cmpeq_epi16(*a, *b); } 2505NOINLINE __m128i m128Lt(__m128i *a, __m128i *b) { return _mm_cmplt_epi16(*a, *b); } 2506TEST(MemorySanitizer, m128) { 2507 __m128i a = _mm_set1_epi16(0x1234); 2508 __m128i b = _mm_set1_epi16(0x7890); 2509 EXPECT_NOT_POISONED(m128Eq(&a, &b)); 2510 EXPECT_NOT_POISONED(m128Lt(&a, &b)); 2511} 2512// FIXME: add more tests for __m128i. 2513#endif // MSAN_HAS_M128 2514 2515// We should not complain when copying this poisoned hole. 2516struct StructWithHole { 2517 U4 a; 2518 // 4-byte hole. 2519 U8 b; 2520}; 2521 2522NOINLINE StructWithHole ReturnStructWithHole() { 2523 StructWithHole res; 2524 __msan_poison(&res, sizeof(res)); 2525 res.a = 1; 2526 res.b = 2; 2527 return res; 2528} 2529 2530TEST(MemorySanitizer, StructWithHole) { 2531 StructWithHole a = ReturnStructWithHole(); 2532 break_optimization(&a); 2533} 2534 2535template <class T> 2536NOINLINE T ReturnStruct() { 2537 T res; 2538 __msan_poison(&res, sizeof(res)); 2539 res.a = 1; 2540 return res; 2541} 2542 2543template <class T> 2544NOINLINE void TestReturnStruct() { 2545 T s1 = ReturnStruct<T>(); 2546 EXPECT_NOT_POISONED(s1.a); 2547 EXPECT_POISONED(s1.b); 2548} 2549 2550struct SSS1 { 2551 int a, b, c; 2552}; 2553struct SSS2 { 2554 int b, a, c; 2555}; 2556struct SSS3 { 2557 int b, c, a; 2558}; 2559struct SSS4 { 2560 int c, b, a; 2561}; 2562 2563struct SSS5 { 2564 int a; 2565 float b; 2566}; 2567struct SSS6 { 2568 int a; 2569 double b; 2570}; 2571struct SSS7 { 2572 S8 b; 2573 int a; 2574}; 2575struct SSS8 { 2576 S2 b; 2577 S8 a; 2578}; 2579 2580TEST(MemorySanitizer, IntStruct3) { 2581 TestReturnStruct<SSS1>(); 2582 TestReturnStruct<SSS2>(); 2583 TestReturnStruct<SSS3>(); 2584 TestReturnStruct<SSS4>(); 2585 TestReturnStruct<SSS5>(); 2586 TestReturnStruct<SSS6>(); 2587 TestReturnStruct<SSS7>(); 2588 TestReturnStruct<SSS8>(); 2589} 2590 2591struct LongStruct { 2592 U1 a1, b1; 2593 U2 a2, b2; 2594 U4 a4, b4; 2595 U8 a8, b8; 2596}; 2597 2598NOINLINE LongStruct ReturnLongStruct1() { 2599 LongStruct res; 2600 __msan_poison(&res, sizeof(res)); 2601 res.a1 = res.a2 = res.a4 = res.a8 = 111; 2602 // leaves b1, .., b8 poisoned. 2603 return res; 2604} 2605 2606NOINLINE LongStruct ReturnLongStruct2() { 2607 LongStruct res; 2608 __msan_poison(&res, sizeof(res)); 2609 res.b1 = res.b2 = res.b4 = res.b8 = 111; 2610 // leaves a1, .., a8 poisoned. 2611 return res; 2612} 2613 2614TEST(MemorySanitizer, LongStruct) { 2615 LongStruct s1 = ReturnLongStruct1(); 2616 __msan_print_shadow(&s1, sizeof(s1)); 2617 EXPECT_NOT_POISONED(s1.a1); 2618 EXPECT_NOT_POISONED(s1.a2); 2619 EXPECT_NOT_POISONED(s1.a4); 2620 EXPECT_NOT_POISONED(s1.a8); 2621 2622 EXPECT_POISONED(s1.b1); 2623 EXPECT_POISONED(s1.b2); 2624 EXPECT_POISONED(s1.b4); 2625 EXPECT_POISONED(s1.b8); 2626 2627 LongStruct s2 = ReturnLongStruct2(); 2628 __msan_print_shadow(&s2, sizeof(s2)); 2629 EXPECT_NOT_POISONED(s2.b1); 2630 EXPECT_NOT_POISONED(s2.b2); 2631 EXPECT_NOT_POISONED(s2.b4); 2632 EXPECT_NOT_POISONED(s2.b8); 2633 2634 EXPECT_POISONED(s2.a1); 2635 EXPECT_POISONED(s2.a2); 2636 EXPECT_POISONED(s2.a4); 2637 EXPECT_POISONED(s2.a8); 2638} 2639 2640TEST(MemorySanitizer, getrlimit) { 2641 struct rlimit limit; 2642 __msan_poison(&limit, sizeof(limit)); 2643 int result = getrlimit(RLIMIT_DATA, &limit); 2644 ASSERT_EQ(result, 0); 2645 EXPECT_NOT_POISONED(limit.rlim_cur); 2646 EXPECT_NOT_POISONED(limit.rlim_max); 2647} 2648 2649TEST(MemorySanitizer, getrusage) { 2650 struct rusage usage; 2651 __msan_poison(&usage, sizeof(usage)); 2652 int result = getrusage(RUSAGE_SELF, &usage); 2653 ASSERT_EQ(result, 0); 2654 EXPECT_NOT_POISONED(usage.ru_utime.tv_sec); 2655 EXPECT_NOT_POISONED(usage.ru_utime.tv_usec); 2656 EXPECT_NOT_POISONED(usage.ru_stime.tv_sec); 2657 EXPECT_NOT_POISONED(usage.ru_stime.tv_usec); 2658 EXPECT_NOT_POISONED(usage.ru_maxrss); 2659 EXPECT_NOT_POISONED(usage.ru_minflt); 2660 EXPECT_NOT_POISONED(usage.ru_majflt); 2661 EXPECT_NOT_POISONED(usage.ru_inblock); 2662 EXPECT_NOT_POISONED(usage.ru_oublock); 2663 EXPECT_NOT_POISONED(usage.ru_nvcsw); 2664 EXPECT_NOT_POISONED(usage.ru_nivcsw); 2665} 2666 2667#ifdef __GLIBC__ 2668extern char *program_invocation_name; 2669#else // __GLIBC__ 2670# error "TODO: port this" 2671#endif 2672 2673static void dladdr_testfn() {} 2674 2675TEST(MemorySanitizer, dladdr) { 2676 Dl_info info; 2677 __msan_poison(&info, sizeof(info)); 2678 int result = dladdr((const void*)dladdr_testfn, &info); 2679 ASSERT_NE(result, 0); 2680 EXPECT_NOT_POISONED((unsigned long)info.dli_fname); 2681 if (info.dli_fname) 2682 EXPECT_NOT_POISONED(strlen(info.dli_fname)); 2683 EXPECT_NOT_POISONED((unsigned long)info.dli_fbase); 2684 EXPECT_NOT_POISONED((unsigned long)info.dli_sname); 2685 if (info.dli_sname) 2686 EXPECT_NOT_POISONED(strlen(info.dli_sname)); 2687 EXPECT_NOT_POISONED((unsigned long)info.dli_saddr); 2688} 2689 2690#ifndef MSAN_TEST_DISABLE_DLOPEN 2691 2692static int dl_phdr_callback(struct dl_phdr_info *info, size_t size, void *data) { 2693 (*(int *)data)++; 2694 EXPECT_NOT_POISONED(info->dlpi_addr); 2695 EXPECT_NOT_POISONED(strlen(info->dlpi_name)); 2696 EXPECT_NOT_POISONED(info->dlpi_phnum); 2697 for (int i = 0; i < info->dlpi_phnum; ++i) 2698 EXPECT_NOT_POISONED(info->dlpi_phdr[i]); 2699 return 0; 2700} 2701 2702// Compute the path to our loadable DSO. We assume it's in the same 2703// directory. Only use string routines that we intercept so far to do this. 2704static int PathToLoadable(char *buf, size_t sz) { 2705 const char *basename = "libmsan_loadable.x86_64.so"; 2706 char *argv0 = program_invocation_name; 2707 char *last_slash = strrchr(argv0, '/'); 2708 assert(last_slash); 2709 int res = 2710 snprintf(buf, sz, "%.*s/%s", int(last_slash - argv0), argv0, basename); 2711 assert(res >= 0); 2712 return (size_t)res < sz ? 0 : res; 2713} 2714 2715TEST(MemorySanitizer, dl_iterate_phdr) { 2716 char path[4096]; 2717 int res = PathToLoadable(path, sizeof(path)); 2718 ASSERT_EQ(0, res); 2719 2720 // Having at least one dlopen'ed library in the process makes this more 2721 // entertaining. 2722 void *lib = dlopen(path, RTLD_LAZY); 2723 ASSERT_NE((void*)0, lib); 2724 2725 int count = 0; 2726 int result = dl_iterate_phdr(dl_phdr_callback, &count); 2727 ASSERT_GT(count, 0); 2728 2729 dlclose(lib); 2730} 2731 2732 2733TEST(MemorySanitizer, dlopen) { 2734 char path[4096]; 2735 int res = PathToLoadable(path, sizeof(path)); 2736 ASSERT_EQ(0, res); 2737 2738 // We need to clear shadow for globals when doing dlopen. In order to test 2739 // this, we have to poison the shadow for the DSO before we load it. In 2740 // general this is difficult, but the loader tends to reload things in the 2741 // same place, so we open, close, and then reopen. The global should always 2742 // start out clean after dlopen. 2743 for (int i = 0; i < 2; i++) { 2744 void *lib = dlopen(path, RTLD_LAZY); 2745 if (lib == NULL) { 2746 printf("dlerror: %s\n", dlerror()); 2747 ASSERT_TRUE(lib != NULL); 2748 } 2749 void **(*get_dso_global)() = (void **(*)())dlsym(lib, "get_dso_global"); 2750 ASSERT_TRUE(get_dso_global != NULL); 2751 void **dso_global = get_dso_global(); 2752 EXPECT_NOT_POISONED(*dso_global); 2753 __msan_poison(dso_global, sizeof(*dso_global)); 2754 EXPECT_POISONED(*dso_global); 2755 dlclose(lib); 2756 } 2757} 2758 2759// Regression test for a crash in dlopen() interceptor. 2760TEST(MemorySanitizer, dlopenFailed) { 2761 const char *path = "/libmsan_loadable_does_not_exist.x86_64.so"; 2762 void *lib = dlopen(path, RTLD_LAZY); 2763 ASSERT_TRUE(lib == NULL); 2764} 2765 2766#endif // MSAN_TEST_DISABLE_DLOPEN 2767 2768TEST(MemorySanitizer, sched_getaffinity) { 2769 cpu_set_t mask; 2770 int res = sched_getaffinity(getpid(), sizeof(mask), &mask); 2771 ASSERT_EQ(0, res); 2772 EXPECT_NOT_POISONED(mask); 2773} 2774 2775TEST(MemorySanitizer, scanf) { 2776 const char *input = "42 hello"; 2777 int* d = new int; 2778 char* s = new char[7]; 2779 int res = sscanf(input, "%d %5s", d, s); 2780 printf("res %d\n", res); 2781 ASSERT_EQ(res, 2); 2782 EXPECT_NOT_POISONED(*d); 2783 EXPECT_NOT_POISONED(s[0]); 2784 EXPECT_NOT_POISONED(s[1]); 2785 EXPECT_NOT_POISONED(s[2]); 2786 EXPECT_NOT_POISONED(s[3]); 2787 EXPECT_NOT_POISONED(s[4]); 2788 EXPECT_NOT_POISONED(s[5]); 2789 EXPECT_POISONED(s[6]); 2790 delete s; 2791 delete d; 2792} 2793 2794static void *SimpleThread_threadfn(void* data) { 2795 return new int; 2796} 2797 2798TEST(MemorySanitizer, SimpleThread) { 2799 pthread_t t; 2800 void *p; 2801 int res = pthread_create(&t, NULL, SimpleThread_threadfn, NULL); 2802 ASSERT_EQ(0, res); 2803 EXPECT_NOT_POISONED(t); 2804 res = pthread_join(t, &p); 2805 ASSERT_EQ(0, res); 2806 EXPECT_NOT_POISONED(p); 2807 delete (int*)p; 2808} 2809 2810static void *SmallStackThread_threadfn(void* data) { 2811 return 0; 2812} 2813 2814TEST(MemorySanitizer, SmallStackThread) { 2815 pthread_attr_t attr; 2816 pthread_t t; 2817 void *p; 2818 int res; 2819 res = pthread_attr_init(&attr); 2820 ASSERT_EQ(0, res); 2821 res = pthread_attr_setstacksize(&attr, 64 * 1024); 2822 ASSERT_EQ(0, res); 2823 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 2824 ASSERT_EQ(0, res); 2825 res = pthread_join(t, &p); 2826 ASSERT_EQ(0, res); 2827 res = pthread_attr_destroy(&attr); 2828 ASSERT_EQ(0, res); 2829} 2830 2831TEST(MemorySanitizer, SmallPreAllocatedStackThread) { 2832 pthread_attr_t attr; 2833 pthread_t t; 2834 int res; 2835 res = pthread_attr_init(&attr); 2836 ASSERT_EQ(0, res); 2837 void *stack; 2838 const size_t kStackSize = 16 * 1024; 2839 res = posix_memalign(&stack, 4096, kStackSize); 2840 ASSERT_EQ(0, res); 2841 res = pthread_attr_setstack(&attr, stack, kStackSize); 2842 ASSERT_EQ(0, res); 2843 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 2844 EXPECT_EQ(0, res); 2845 res = pthread_join(t, NULL); 2846 ASSERT_EQ(0, res); 2847 res = pthread_attr_destroy(&attr); 2848 ASSERT_EQ(0, res); 2849} 2850 2851TEST(MemorySanitizer, pthread_attr_get) { 2852 pthread_attr_t attr; 2853 int res; 2854 res = pthread_attr_init(&attr); 2855 ASSERT_EQ(0, res); 2856 { 2857 int v; 2858 res = pthread_attr_getdetachstate(&attr, &v); 2859 ASSERT_EQ(0, res); 2860 EXPECT_NOT_POISONED(v); 2861 } 2862 { 2863 size_t v; 2864 res = pthread_attr_getguardsize(&attr, &v); 2865 ASSERT_EQ(0, res); 2866 EXPECT_NOT_POISONED(v); 2867 } 2868 { 2869 struct sched_param v; 2870 res = pthread_attr_getschedparam(&attr, &v); 2871 ASSERT_EQ(0, res); 2872 EXPECT_NOT_POISONED(v); 2873 } 2874 { 2875 int v; 2876 res = pthread_attr_getschedpolicy(&attr, &v); 2877 ASSERT_EQ(0, res); 2878 EXPECT_NOT_POISONED(v); 2879 } 2880 { 2881 int v; 2882 res = pthread_attr_getinheritsched(&attr, &v); 2883 ASSERT_EQ(0, res); 2884 EXPECT_NOT_POISONED(v); 2885 } 2886 { 2887 int v; 2888 res = pthread_attr_getscope(&attr, &v); 2889 ASSERT_EQ(0, res); 2890 EXPECT_NOT_POISONED(v); 2891 } 2892 { 2893 size_t v; 2894 res = pthread_attr_getstacksize(&attr, &v); 2895 ASSERT_EQ(0, res); 2896 EXPECT_NOT_POISONED(v); 2897 } 2898 { 2899 void *v; 2900 size_t w; 2901 res = pthread_attr_getstack(&attr, &v, &w); 2902 ASSERT_EQ(0, res); 2903 EXPECT_NOT_POISONED(v); 2904 EXPECT_NOT_POISONED(w); 2905 } 2906 { 2907 cpu_set_t v; 2908 res = pthread_attr_getaffinity_np(&attr, sizeof(v), &v); 2909 ASSERT_EQ(0, res); 2910 EXPECT_NOT_POISONED(v); 2911 } 2912 res = pthread_attr_destroy(&attr); 2913 ASSERT_EQ(0, res); 2914} 2915 2916TEST(MemorySanitizer, pthread_getschedparam) { 2917 int policy; 2918 struct sched_param param; 2919 int res = pthread_getschedparam(pthread_self(), &policy, ¶m); 2920 ASSERT_EQ(0, res); 2921 EXPECT_NOT_POISONED(policy); 2922 EXPECT_NOT_POISONED(param.sched_priority); 2923} 2924 2925TEST(MemorySanitizer, pthread_key_create) { 2926 pthread_key_t key; 2927 int res = pthread_key_create(&key, NULL); 2928 ASSERT_EQ(0, res); 2929 EXPECT_NOT_POISONED(key); 2930 res = pthread_key_delete(key); 2931 ASSERT_EQ(0, res); 2932} 2933 2934namespace { 2935struct SignalCondArg { 2936 pthread_cond_t* cond; 2937 pthread_mutex_t* mu; 2938 bool broadcast; 2939}; 2940 2941void *SignalCond(void *param) { 2942 SignalCondArg *arg = reinterpret_cast<SignalCondArg *>(param); 2943 pthread_mutex_lock(arg->mu); 2944 if (arg->broadcast) 2945 pthread_cond_broadcast(arg->cond); 2946 else 2947 pthread_cond_signal(arg->cond); 2948 pthread_mutex_unlock(arg->mu); 2949 return 0; 2950} 2951} // namespace 2952 2953TEST(MemorySanitizer, pthread_cond_wait) { 2954 pthread_cond_t cond; 2955 pthread_mutex_t mu; 2956 SignalCondArg args = {&cond, &mu, false}; 2957 pthread_cond_init(&cond, 0); 2958 pthread_mutex_init(&mu, 0); 2959 pthread_mutex_lock(&mu); 2960 2961 // signal 2962 pthread_t thr; 2963 pthread_create(&thr, 0, SignalCond, &args); 2964 int res = pthread_cond_wait(&cond, &mu); 2965 ASSERT_EQ(0, res); 2966 pthread_join(thr, 0); 2967 2968 // broadcast 2969 args.broadcast = true; 2970 pthread_create(&thr, 0, SignalCond, &args); 2971 res = pthread_cond_wait(&cond, &mu); 2972 ASSERT_EQ(0, res); 2973 pthread_join(thr, 0); 2974 2975 pthread_mutex_unlock(&mu); 2976 pthread_mutex_destroy(&mu); 2977 pthread_cond_destroy(&cond); 2978} 2979 2980TEST(MemorySanitizer, tmpnam) { 2981 char s[L_tmpnam]; 2982 char *res = tmpnam(s); 2983 ASSERT_EQ(s, res); 2984 EXPECT_NOT_POISONED(strlen(res)); 2985} 2986 2987TEST(MemorySanitizer, tempnam) { 2988 char *res = tempnam(NULL, "zzz"); 2989 EXPECT_NOT_POISONED(strlen(res)); 2990 free(res); 2991} 2992 2993TEST(MemorySanitizer, posix_memalign) { 2994 void *p; 2995 EXPECT_POISONED(p); 2996 int res = posix_memalign(&p, 4096, 13); 2997 ASSERT_EQ(0, res); 2998 EXPECT_NOT_POISONED(p); 2999 EXPECT_EQ(0U, (uintptr_t)p % 4096); 3000 free(p); 3001} 3002 3003TEST(MemorySanitizer, memalign) { 3004 void *p = memalign(4096, 13); 3005 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 3006 free(p); 3007} 3008 3009TEST(MemorySanitizer, valloc) { 3010 void *a = valloc(100); 3011 EXPECT_EQ(0U, (uintptr_t)a % kPageSize); 3012 free(a); 3013} 3014 3015TEST(MemorySanitizer, pvalloc) { 3016 void *p = pvalloc(kPageSize + 100); 3017 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 3018 EXPECT_EQ(2 * kPageSize, __sanitizer_get_allocated_size(p)); 3019 free(p); 3020 3021 p = pvalloc(0); // pvalloc(0) should allocate at least one page. 3022 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 3023 EXPECT_EQ(kPageSize, __sanitizer_get_allocated_size(p)); 3024 free(p); 3025} 3026 3027TEST(MemorySanitizer, inet_pton) { 3028 const char *s = "1:0:0:0:0:0:0:8"; 3029 unsigned char buf[sizeof(struct in6_addr)]; 3030 int res = inet_pton(AF_INET6, s, buf); 3031 ASSERT_EQ(1, res); 3032 EXPECT_NOT_POISONED(buf[0]); 3033 EXPECT_NOT_POISONED(buf[sizeof(struct in6_addr) - 1]); 3034 3035 char s_out[INET6_ADDRSTRLEN]; 3036 EXPECT_POISONED(s_out[3]); 3037 const char *q = inet_ntop(AF_INET6, buf, s_out, INET6_ADDRSTRLEN); 3038 ASSERT_NE((void*)0, q); 3039 EXPECT_NOT_POISONED(s_out[3]); 3040} 3041 3042TEST(MemorySanitizer, inet_aton) { 3043 const char *s = "127.0.0.1"; 3044 struct in_addr in[2]; 3045 int res = inet_aton(s, in); 3046 ASSERT_NE(0, res); 3047 EXPECT_NOT_POISONED(in[0]); 3048 EXPECT_POISONED(*(char *)(in + 1)); 3049} 3050 3051TEST(MemorySanitizer, uname) { 3052 struct utsname u; 3053 int res = uname(&u); 3054 ASSERT_EQ(0, res); 3055 EXPECT_NOT_POISONED(strlen(u.sysname)); 3056 EXPECT_NOT_POISONED(strlen(u.nodename)); 3057 EXPECT_NOT_POISONED(strlen(u.release)); 3058 EXPECT_NOT_POISONED(strlen(u.version)); 3059 EXPECT_NOT_POISONED(strlen(u.machine)); 3060} 3061 3062TEST(MemorySanitizer, gethostname) { 3063 char buf[100]; 3064 int res = gethostname(buf, 100); 3065 ASSERT_EQ(0, res); 3066 EXPECT_NOT_POISONED(strlen(buf)); 3067} 3068 3069TEST(MemorySanitizer, sysinfo) { 3070 struct sysinfo info; 3071 int res = sysinfo(&info); 3072 ASSERT_EQ(0, res); 3073 EXPECT_NOT_POISONED(info); 3074} 3075 3076TEST(MemorySanitizer, getpwuid) { 3077 struct passwd *p = getpwuid(0); // root 3078 ASSERT_TRUE(p != NULL); 3079 EXPECT_NOT_POISONED(p->pw_name); 3080 ASSERT_TRUE(p->pw_name != NULL); 3081 EXPECT_NOT_POISONED(p->pw_name[0]); 3082 EXPECT_NOT_POISONED(p->pw_uid); 3083 ASSERT_EQ(0U, p->pw_uid); 3084} 3085 3086TEST(MemorySanitizer, getpwuid_r) { 3087 struct passwd pwd; 3088 struct passwd *pwdres; 3089 char buf[10000]; 3090 int res = getpwuid_r(0, &pwd, buf, sizeof(buf), &pwdres); 3091 ASSERT_EQ(0, res); 3092 EXPECT_NOT_POISONED(pwd.pw_name); 3093 ASSERT_TRUE(pwd.pw_name != NULL); 3094 EXPECT_NOT_POISONED(pwd.pw_name[0]); 3095 EXPECT_NOT_POISONED(pwd.pw_uid); 3096 ASSERT_EQ(0U, pwd.pw_uid); 3097 EXPECT_NOT_POISONED(pwdres); 3098} 3099 3100TEST(MemorySanitizer, getpwnam_r) { 3101 struct passwd pwd; 3102 struct passwd *pwdres; 3103 char buf[10000]; 3104 int res = getpwnam_r("root", &pwd, buf, sizeof(buf), &pwdres); 3105 ASSERT_EQ(0, res); 3106 EXPECT_NOT_POISONED(pwd.pw_name); 3107 ASSERT_TRUE(pwd.pw_name != NULL); 3108 EXPECT_NOT_POISONED(pwd.pw_name[0]); 3109 EXPECT_NOT_POISONED(pwd.pw_uid); 3110 ASSERT_EQ(0U, pwd.pw_uid); 3111 EXPECT_NOT_POISONED(pwdres); 3112} 3113 3114TEST(MemorySanitizer, getpwnam_r_positive) { 3115 struct passwd pwd; 3116 struct passwd *pwdres; 3117 char s[5]; 3118 strncpy(s, "abcd", 5); 3119 __msan_poison(s, 5); 3120 char buf[10000]; 3121 int res; 3122 EXPECT_UMR(res = getpwnam_r(s, &pwd, buf, sizeof(buf), &pwdres)); 3123} 3124 3125TEST(MemorySanitizer, getgrnam_r) { 3126 struct group grp; 3127 struct group *grpres; 3128 char buf[10000]; 3129 int res = getgrnam_r("root", &grp, buf, sizeof(buf), &grpres); 3130 ASSERT_EQ(0, res); 3131 EXPECT_NOT_POISONED(grp.gr_name); 3132 ASSERT_TRUE(grp.gr_name != NULL); 3133 EXPECT_NOT_POISONED(grp.gr_name[0]); 3134 EXPECT_NOT_POISONED(grp.gr_gid); 3135 EXPECT_NOT_POISONED(grpres); 3136} 3137 3138TEST(MemorySanitizer, getpwent) { 3139 setpwent(); 3140 struct passwd *p = getpwent(); 3141 ASSERT_TRUE(p != NULL); 3142 EXPECT_NOT_POISONED(p->pw_name); 3143 ASSERT_TRUE(p->pw_name != NULL); 3144 EXPECT_NOT_POISONED(p->pw_name[0]); 3145 EXPECT_NOT_POISONED(p->pw_uid); 3146} 3147 3148TEST(MemorySanitizer, getpwent_r) { 3149 struct passwd pwd; 3150 struct passwd *pwdres; 3151 char buf[10000]; 3152 setpwent(); 3153 int res = getpwent_r(&pwd, buf, sizeof(buf), &pwdres); 3154 ASSERT_EQ(0, res); 3155 EXPECT_NOT_POISONED(pwd.pw_name); 3156 ASSERT_TRUE(pwd.pw_name != NULL); 3157 EXPECT_NOT_POISONED(pwd.pw_name[0]); 3158 EXPECT_NOT_POISONED(pwd.pw_uid); 3159 EXPECT_NOT_POISONED(pwdres); 3160} 3161 3162TEST(MemorySanitizer, fgetpwent) { 3163 FILE *fp = fopen("/etc/passwd", "r"); 3164 struct passwd *p = fgetpwent(fp); 3165 ASSERT_TRUE(p != NULL); 3166 EXPECT_NOT_POISONED(p->pw_name); 3167 ASSERT_TRUE(p->pw_name != NULL); 3168 EXPECT_NOT_POISONED(p->pw_name[0]); 3169 EXPECT_NOT_POISONED(p->pw_uid); 3170 fclose(fp); 3171} 3172 3173TEST(MemorySanitizer, getgrent) { 3174 setgrent(); 3175 struct group *p = getgrent(); 3176 ASSERT_TRUE(p != NULL); 3177 EXPECT_NOT_POISONED(p->gr_name); 3178 ASSERT_TRUE(p->gr_name != NULL); 3179 EXPECT_NOT_POISONED(p->gr_name[0]); 3180 EXPECT_NOT_POISONED(p->gr_gid); 3181} 3182 3183TEST(MemorySanitizer, fgetgrent) { 3184 FILE *fp = fopen("/etc/group", "r"); 3185 struct group *grp = fgetgrent(fp); 3186 ASSERT_TRUE(grp != NULL); 3187 EXPECT_NOT_POISONED(grp->gr_name); 3188 ASSERT_TRUE(grp->gr_name != NULL); 3189 EXPECT_NOT_POISONED(grp->gr_name[0]); 3190 EXPECT_NOT_POISONED(grp->gr_gid); 3191 for (char **p = grp->gr_mem; *p; ++p) { 3192 EXPECT_NOT_POISONED((*p)[0]); 3193 EXPECT_TRUE(strlen(*p) > 0); 3194 } 3195 fclose(fp); 3196} 3197 3198TEST(MemorySanitizer, getgrent_r) { 3199 struct group grp; 3200 struct group *grpres; 3201 char buf[10000]; 3202 setgrent(); 3203 int res = getgrent_r(&grp, buf, sizeof(buf), &grpres); 3204 ASSERT_EQ(0, res); 3205 EXPECT_NOT_POISONED(grp.gr_name); 3206 ASSERT_TRUE(grp.gr_name != NULL); 3207 EXPECT_NOT_POISONED(grp.gr_name[0]); 3208 EXPECT_NOT_POISONED(grp.gr_gid); 3209 EXPECT_NOT_POISONED(grpres); 3210} 3211 3212TEST(MemorySanitizer, fgetgrent_r) { 3213 FILE *fp = fopen("/etc/group", "r"); 3214 struct group grp; 3215 struct group *grpres; 3216 char buf[10000]; 3217 setgrent(); 3218 int res = fgetgrent_r(fp, &grp, buf, sizeof(buf), &grpres); 3219 ASSERT_EQ(0, res); 3220 EXPECT_NOT_POISONED(grp.gr_name); 3221 ASSERT_TRUE(grp.gr_name != NULL); 3222 EXPECT_NOT_POISONED(grp.gr_name[0]); 3223 EXPECT_NOT_POISONED(grp.gr_gid); 3224 EXPECT_NOT_POISONED(grpres); 3225 fclose(fp); 3226} 3227 3228TEST(MemorySanitizer, getgroups) { 3229 int n = getgroups(0, 0); 3230 gid_t *gids = new gid_t[n]; 3231 int res = getgroups(n, gids); 3232 ASSERT_EQ(n, res); 3233 for (int i = 0; i < n; ++i) 3234 EXPECT_NOT_POISONED(gids[i]); 3235} 3236 3237TEST(MemorySanitizer, wordexp) { 3238 wordexp_t w; 3239 int res = wordexp("a b c", &w, 0); 3240 ASSERT_EQ(0, res); 3241 ASSERT_EQ(3U, w.we_wordc); 3242 ASSERT_STREQ("a", w.we_wordv[0]); 3243 ASSERT_STREQ("b", w.we_wordv[1]); 3244 ASSERT_STREQ("c", w.we_wordv[2]); 3245} 3246 3247template<class T> 3248static bool applySlt(T value, T shadow) { 3249 __msan_partial_poison(&value, &shadow, sizeof(T)); 3250 volatile bool zzz = true; 3251 // This "|| zzz" trick somehow makes LLVM emit "icmp slt" instead of 3252 // a shift-and-trunc to get at the highest bit. 3253 volatile bool v = value < 0 || zzz; 3254 return v; 3255} 3256 3257TEST(MemorySanitizer, SignedCompareWithZero) { 3258 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xF)); 3259 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFF)); 3260 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFFFFFF)); 3261 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0x7FFFFFF)); 3262 EXPECT_UMR(applySlt<S4>(0xF, 0x80FFFFFF)); 3263 EXPECT_UMR(applySlt<S4>(0xF, 0xFFFFFFFF)); 3264} 3265 3266template <class T, class S> 3267static T poisoned(T Va, S Sa) { 3268 char SIZE_CHECK1[(ssize_t)sizeof(T) - (ssize_t)sizeof(S)]; 3269 char SIZE_CHECK2[(ssize_t)sizeof(S) - (ssize_t)sizeof(T)]; 3270 T a; 3271 a = Va; 3272 __msan_partial_poison(&a, &Sa, sizeof(T)); 3273 return a; 3274} 3275 3276TEST(MemorySanitizer, ICmpRelational) { 3277 EXPECT_NOT_POISONED(poisoned(0, 0) < poisoned(0, 0)); 3278 EXPECT_NOT_POISONED(poisoned(0U, 0) < poisoned(0U, 0)); 3279 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) < poisoned(0LL, 0LLU)); 3280 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) < poisoned(0LLU, 0LLU)); 3281 EXPECT_POISONED(poisoned(0xFF, 0xFF) < poisoned(0xFF, 0xFF)); 3282 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) < 3283 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3284 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) < 3285 poisoned(-1, 0xFFFFFFFFU)); 3286 3287 EXPECT_NOT_POISONED(poisoned(0, 0) <= poisoned(0, 0)); 3288 EXPECT_NOT_POISONED(poisoned(0U, 0) <= poisoned(0U, 0)); 3289 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) <= poisoned(0LL, 0LLU)); 3290 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) <= poisoned(0LLU, 0LLU)); 3291 EXPECT_POISONED(poisoned(0xFF, 0xFF) <= poisoned(0xFF, 0xFF)); 3292 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <= 3293 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3294 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <= 3295 poisoned(-1, 0xFFFFFFFFU)); 3296 3297 EXPECT_NOT_POISONED(poisoned(0, 0) > poisoned(0, 0)); 3298 EXPECT_NOT_POISONED(poisoned(0U, 0) > poisoned(0U, 0)); 3299 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) > poisoned(0LL, 0LLU)); 3300 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) > poisoned(0LLU, 0LLU)); 3301 EXPECT_POISONED(poisoned(0xFF, 0xFF) > poisoned(0xFF, 0xFF)); 3302 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) > 3303 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3304 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) > 3305 poisoned(-1, 0xFFFFFFFFU)); 3306 3307 EXPECT_NOT_POISONED(poisoned(0, 0) >= poisoned(0, 0)); 3308 EXPECT_NOT_POISONED(poisoned(0U, 0) >= poisoned(0U, 0)); 3309 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) >= poisoned(0LL, 0LLU)); 3310 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) >= poisoned(0LLU, 0LLU)); 3311 EXPECT_POISONED(poisoned(0xFF, 0xFF) >= poisoned(0xFF, 0xFF)); 3312 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >= 3313 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3314 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >= 3315 poisoned(-1, 0xFFFFFFFFU)); 3316 3317 EXPECT_POISONED(poisoned(6, 0xF) > poisoned(7, 0)); 3318 EXPECT_POISONED(poisoned(0xF, 0xF) > poisoned(7, 0)); 3319 3320 EXPECT_NOT_POISONED(poisoned(-1, 0x80000000U) >= poisoned(-1, 0U)); 3321} 3322 3323#if MSAN_HAS_M128 3324TEST(MemorySanitizer, ICmpVectorRelational) { 3325 EXPECT_NOT_POISONED( 3326 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)), 3327 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)))); 3328 EXPECT_NOT_POISONED( 3329 _mm_cmplt_epi16(poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)), 3330 poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)))); 3331 EXPECT_POISONED( 3332 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)), 3333 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)))); 3334 EXPECT_POISONED(_mm_cmpgt_epi16(poisoned(_mm_set1_epi16(6), _mm_set1_epi16(0xF)), 3335 poisoned(_mm_set1_epi16(7), _mm_set1_epi16(0)))); 3336} 3337#endif 3338 3339// Volatile bitfield store is implemented as load-mask-store 3340// Test that we don't warn on the store of (uninitialized) padding. 3341struct VolatileBitfieldStruct { 3342 volatile unsigned x : 1; 3343 unsigned y : 1; 3344}; 3345 3346TEST(MemorySanitizer, VolatileBitfield) { 3347 VolatileBitfieldStruct *S = new VolatileBitfieldStruct; 3348 S->x = 1; 3349 EXPECT_NOT_POISONED((unsigned)S->x); 3350 EXPECT_POISONED((unsigned)S->y); 3351} 3352 3353TEST(MemorySanitizer, UnalignedLoad) { 3354 char x[32]; 3355 U4 origin = __LINE__; 3356 for (unsigned i = 0; i < sizeof(x) / 4; ++i) 3357 __msan_set_origin(x + 4 * i, 4, origin + i); 3358 3359 memset(x + 8, 0, 16); 3360 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 6), origin + 1); 3361 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 7), origin + 1); 3362 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 8)); 3363 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 9)); 3364 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 22)); 3365 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 23), origin + 6); 3366 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 24), origin + 6); 3367 3368 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 4), origin + 1); 3369 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 7), origin + 1); 3370 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 8)); 3371 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 9)); 3372 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 20)); 3373 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 21), origin + 6); 3374 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 24), origin + 6); 3375 3376 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x), origin); 3377 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 1), origin); 3378 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 7), origin + 1); 3379 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 8)); 3380 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 9)); 3381 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 16)); 3382 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 17), origin + 6); 3383 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 21), origin + 6); 3384 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 24), origin + 6); 3385} 3386 3387TEST(MemorySanitizer, UnalignedStore16) { 3388 char x[5]; 3389 U2 y2 = 0; 3390 U4 origin = __LINE__; 3391 __msan_poison(&y2, 1); 3392 __msan_set_origin(&y2, 1, origin); 3393 3394 __sanitizer_unaligned_store16(x + 1, y2); 3395 EXPECT_POISONED_O(x[0], origin); 3396 EXPECT_POISONED_O(x[1], origin); 3397 EXPECT_NOT_POISONED(x[2]); 3398 EXPECT_POISONED_O(x[3], origin); 3399 EXPECT_POISONED_O(x[4], origin); 3400} 3401 3402TEST(MemorySanitizer, UnalignedStore32) { 3403 char x[8]; 3404 U4 y4 = 0; 3405 U4 origin = __LINE__; 3406 __msan_poison(&y4, 2); 3407 __msan_set_origin(&y4, 2, origin); 3408 3409 __sanitizer_unaligned_store32(x + 3, y4); 3410 EXPECT_POISONED_O(x[0], origin); 3411 EXPECT_POISONED_O(x[1], origin); 3412 EXPECT_POISONED_O(x[2], origin); 3413 EXPECT_POISONED_O(x[3], origin); 3414 EXPECT_POISONED_O(x[4], origin); 3415 EXPECT_NOT_POISONED(x[5]); 3416 EXPECT_NOT_POISONED(x[6]); 3417 EXPECT_POISONED_O(x[7], origin); 3418} 3419 3420TEST(MemorySanitizer, UnalignedStore64) { 3421 char x[16]; 3422 U8 y8 = 0; 3423 U4 origin = __LINE__; 3424 __msan_poison(&y8, 3); 3425 __msan_poison(((char *)&y8) + sizeof(y8) - 2, 1); 3426 __msan_set_origin(&y8, 8, origin); 3427 3428 __sanitizer_unaligned_store64(x + 3, y8); 3429 EXPECT_POISONED_O(x[0], origin); 3430 EXPECT_POISONED_O(x[1], origin); 3431 EXPECT_POISONED_O(x[2], origin); 3432 EXPECT_POISONED_O(x[3], origin); 3433 EXPECT_POISONED_O(x[4], origin); 3434 EXPECT_POISONED_O(x[5], origin); 3435 EXPECT_NOT_POISONED(x[6]); 3436 EXPECT_NOT_POISONED(x[7]); 3437 EXPECT_NOT_POISONED(x[8]); 3438 EXPECT_POISONED_O(x[9], origin); 3439 EXPECT_NOT_POISONED(x[10]); 3440 EXPECT_POISONED_O(x[11], origin); 3441} 3442 3443TEST(MemorySanitizer, UnalignedStore16_precise) { 3444 char x[8]; 3445 U2 y = 0; 3446 U4 originx1 = __LINE__; 3447 U4 originx2 = __LINE__; 3448 U4 originy = __LINE__; 3449 __msan_poison(x, sizeof(x)); 3450 __msan_set_origin(x, 4, originx1); 3451 __msan_set_origin(x + 4, 4, originx2); 3452 __msan_poison(((char *)&y) + 1, 1); 3453 __msan_set_origin(&y, sizeof(y), originy); 3454 3455 __sanitizer_unaligned_store16(x + 3, y); 3456 EXPECT_POISONED_O(x[0], originx1); 3457 EXPECT_POISONED_O(x[1], originx1); 3458 EXPECT_POISONED_O(x[2], originx1); 3459 EXPECT_NOT_POISONED(x[3]); 3460 EXPECT_POISONED_O(x[4], originy); 3461 EXPECT_POISONED_O(x[5], originy); 3462 EXPECT_POISONED_O(x[6], originy); 3463 EXPECT_POISONED_O(x[7], originy); 3464} 3465 3466TEST(MemorySanitizer, UnalignedStore16_precise2) { 3467 char x[8]; 3468 U2 y = 0; 3469 U4 originx1 = __LINE__; 3470 U4 originx2 = __LINE__; 3471 U4 originy = __LINE__; 3472 __msan_poison(x, sizeof(x)); 3473 __msan_set_origin(x, 4, originx1); 3474 __msan_set_origin(x + 4, 4, originx2); 3475 __msan_poison(((char *)&y), 1); 3476 __msan_set_origin(&y, sizeof(y), originy); 3477 3478 __sanitizer_unaligned_store16(x + 3, y); 3479 EXPECT_POISONED_O(x[0], originy); 3480 EXPECT_POISONED_O(x[1], originy); 3481 EXPECT_POISONED_O(x[2], originy); 3482 EXPECT_POISONED_O(x[3], originy); 3483 EXPECT_NOT_POISONED(x[4]); 3484 EXPECT_POISONED_O(x[5], originx2); 3485 EXPECT_POISONED_O(x[6], originx2); 3486 EXPECT_POISONED_O(x[7], originx2); 3487} 3488 3489TEST(MemorySanitizer, UnalignedStore64_precise) { 3490 char x[12]; 3491 U8 y = 0; 3492 U4 originx1 = __LINE__; 3493 U4 originx2 = __LINE__; 3494 U4 originx3 = __LINE__; 3495 U4 originy = __LINE__; 3496 __msan_poison(x, sizeof(x)); 3497 __msan_set_origin(x, 4, originx1); 3498 __msan_set_origin(x + 4, 4, originx2); 3499 __msan_set_origin(x + 8, 4, originx3); 3500 __msan_poison(((char *)&y) + 1, 1); 3501 __msan_poison(((char *)&y) + 7, 1); 3502 __msan_set_origin(&y, sizeof(y), originy); 3503 3504 __sanitizer_unaligned_store64(x + 2, y); 3505 EXPECT_POISONED_O(x[0], originy); 3506 EXPECT_POISONED_O(x[1], originy); 3507 EXPECT_NOT_POISONED(x[2]); 3508 EXPECT_POISONED_O(x[3], originy); 3509 3510 EXPECT_NOT_POISONED(x[4]); 3511 EXPECT_NOT_POISONED(x[5]); 3512 EXPECT_NOT_POISONED(x[6]); 3513 EXPECT_NOT_POISONED(x[7]); 3514 3515 EXPECT_NOT_POISONED(x[8]); 3516 EXPECT_POISONED_O(x[9], originy); 3517 EXPECT_POISONED_O(x[10], originy); 3518 EXPECT_POISONED_O(x[11], originy); 3519} 3520 3521TEST(MemorySanitizer, UnalignedStore64_precise2) { 3522 char x[12]; 3523 U8 y = 0; 3524 U4 originx1 = __LINE__; 3525 U4 originx2 = __LINE__; 3526 U4 originx3 = __LINE__; 3527 U4 originy = __LINE__; 3528 __msan_poison(x, sizeof(x)); 3529 __msan_set_origin(x, 4, originx1); 3530 __msan_set_origin(x + 4, 4, originx2); 3531 __msan_set_origin(x + 8, 4, originx3); 3532 __msan_poison(((char *)&y) + 3, 3); 3533 __msan_set_origin(&y, sizeof(y), originy); 3534 3535 __sanitizer_unaligned_store64(x + 2, y); 3536 EXPECT_POISONED_O(x[0], originx1); 3537 EXPECT_POISONED_O(x[1], originx1); 3538 EXPECT_NOT_POISONED(x[2]); 3539 EXPECT_NOT_POISONED(x[3]); 3540 3541 EXPECT_NOT_POISONED(x[4]); 3542 EXPECT_POISONED_O(x[5], originy); 3543 EXPECT_POISONED_O(x[6], originy); 3544 EXPECT_POISONED_O(x[7], originy); 3545 3546 EXPECT_NOT_POISONED(x[8]); 3547 EXPECT_NOT_POISONED(x[9]); 3548 EXPECT_POISONED_O(x[10], originx3); 3549 EXPECT_POISONED_O(x[11], originx3); 3550} 3551 3552#if defined(__clang__) 3553namespace { 3554typedef U1 V16x8 __attribute__((__vector_size__(16))); 3555typedef U2 V8x16 __attribute__((__vector_size__(16))); 3556typedef U4 V4x32 __attribute__((__vector_size__(16))); 3557typedef U8 V2x64 __attribute__((__vector_size__(16))); 3558typedef U4 V8x32 __attribute__((__vector_size__(32))); 3559typedef U8 V4x64 __attribute__((__vector_size__(32))); 3560typedef U4 V2x32 __attribute__((__vector_size__(8))); 3561typedef U2 V4x16 __attribute__((__vector_size__(8))); 3562typedef U1 V8x8 __attribute__((__vector_size__(8))); 3563 3564 3565V8x16 shift_sse2_left_scalar(V8x16 x, U4 y) { 3566 return _mm_slli_epi16(x, y); 3567} 3568 3569V8x16 shift_sse2_left(V8x16 x, V8x16 y) { 3570 return _mm_sll_epi16(x, y); 3571} 3572 3573TEST(VectorShiftTest, sse2_left_scalar) { 3574 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7}; 3575 V8x16 u = shift_sse2_left_scalar(v, 2); 3576 EXPECT_POISONED(u[0]); 3577 EXPECT_POISONED(u[1]); 3578 EXPECT_NOT_POISONED(u[0] | (3U << 2)); 3579 EXPECT_NOT_POISONED(u[1] | (7U << 2)); 3580 u[0] = u[1] = 0; 3581 EXPECT_NOT_POISONED(u); 3582} 3583 3584TEST(VectorShiftTest, sse2_left_scalar_by_uninit) { 3585 V8x16 v = {0, 1, 2, 3, 4, 5, 6, 7}; 3586 V8x16 u = shift_sse2_left_scalar(v, Poisoned<U4>()); 3587 EXPECT_POISONED(u[0]); 3588 EXPECT_POISONED(u[1]); 3589 EXPECT_POISONED(u[2]); 3590 EXPECT_POISONED(u[3]); 3591 EXPECT_POISONED(u[4]); 3592 EXPECT_POISONED(u[5]); 3593 EXPECT_POISONED(u[6]); 3594 EXPECT_POISONED(u[7]); 3595} 3596 3597TEST(VectorShiftTest, sse2_left) { 3598 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7}; 3599 // Top 64 bits of shift count don't affect the result. 3600 V2x64 s = {2, Poisoned<U8>()}; 3601 V8x16 u = shift_sse2_left(v, s); 3602 EXPECT_POISONED(u[0]); 3603 EXPECT_POISONED(u[1]); 3604 EXPECT_NOT_POISONED(u[0] | (3U << 2)); 3605 EXPECT_NOT_POISONED(u[1] | (7U << 2)); 3606 u[0] = u[1] = 0; 3607 EXPECT_NOT_POISONED(u); 3608} 3609 3610TEST(VectorShiftTest, sse2_left_by_uninit) { 3611 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7}; 3612 V2x64 s = {Poisoned<U8>(), Poisoned<U8>()}; 3613 V8x16 u = shift_sse2_left(v, s); 3614 EXPECT_POISONED(u[0]); 3615 EXPECT_POISONED(u[1]); 3616 EXPECT_POISONED(u[2]); 3617 EXPECT_POISONED(u[3]); 3618 EXPECT_POISONED(u[4]); 3619 EXPECT_POISONED(u[5]); 3620 EXPECT_POISONED(u[6]); 3621 EXPECT_POISONED(u[7]); 3622} 3623 3624#ifdef __AVX2__ 3625V4x32 shift_avx2_left(V4x32 x, V4x32 y) { 3626 return _mm_sllv_epi32(x, y); 3627} 3628// This is variable vector shift that's only available starting with AVX2. 3629// V4x32 shift_avx2_left(V4x32 x, V4x32 y) { 3630TEST(VectorShiftTest, avx2_left) { 3631 V4x32 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3}; 3632 V4x32 s = {2, Poisoned<U4>(), 3, Poisoned<U4>()}; 3633 V4x32 u = shift_avx2_left(v, s); 3634 EXPECT_POISONED(u[0]); 3635 EXPECT_NOT_POISONED(u[0] | (~7U)); 3636 EXPECT_POISONED(u[1]); 3637 EXPECT_POISONED(u[1] | (~31U)); 3638 EXPECT_NOT_POISONED(u[2]); 3639 EXPECT_POISONED(u[3]); 3640 EXPECT_POISONED(u[3] | (~31U)); 3641} 3642#endif // __AVX2__ 3643} // namespace 3644 3645TEST(VectorPackTest, sse2_packssdw_128) { 3646 const unsigned S2_max = (1 << 15) - 1; 3647 V4x32 a = {Poisoned<U4>(0, 0xFF0000), Poisoned<U4>(0, 0xFFFF0000), 3648 S2_max + 100, 4}; 3649 V4x32 b = {Poisoned<U4>(0, 0xFF), S2_max + 10000, Poisoned<U4>(0, 0xFF00), 3650 S2_max}; 3651 3652 V8x16 c = _mm_packs_epi32(a, b); 3653 3654 EXPECT_POISONED(c[0]); 3655 EXPECT_POISONED(c[1]); 3656 EXPECT_NOT_POISONED(c[2]); 3657 EXPECT_NOT_POISONED(c[3]); 3658 EXPECT_POISONED(c[4]); 3659 EXPECT_NOT_POISONED(c[5]); 3660 EXPECT_POISONED(c[6]); 3661 EXPECT_NOT_POISONED(c[7]); 3662 3663 EXPECT_EQ(c[2], S2_max); 3664 EXPECT_EQ(c[3], 4); 3665 EXPECT_EQ(c[5], S2_max); 3666 EXPECT_EQ(c[7], S2_max); 3667} 3668 3669TEST(VectorPackTest, mmx_packuswb) { 3670 const unsigned U1_max = (1 << 8) - 1; 3671 V4x16 a = {Poisoned<U2>(0, 0xFF00), Poisoned<U2>(0, 0xF000U), U1_max + 100, 3672 4}; 3673 V4x16 b = {Poisoned<U2>(0, 0xFF), U1_max - 1, Poisoned<U2>(0, 0xF), U1_max}; 3674 V8x8 c = _mm_packs_pu16(a, b); 3675 3676 EXPECT_POISONED(c[0]); 3677 EXPECT_POISONED(c[1]); 3678 EXPECT_NOT_POISONED(c[2]); 3679 EXPECT_NOT_POISONED(c[3]); 3680 EXPECT_POISONED(c[4]); 3681 EXPECT_NOT_POISONED(c[5]); 3682 EXPECT_POISONED(c[6]); 3683 EXPECT_NOT_POISONED(c[7]); 3684 3685 EXPECT_EQ(c[2], U1_max); 3686 EXPECT_EQ(c[3], 4); 3687 EXPECT_EQ(c[5], U1_max - 1); 3688 EXPECT_EQ(c[7], U1_max); 3689} 3690 3691TEST(VectorSadTest, sse2_psad_bw) { 3692 V16x8 a = {Poisoned<U1>(), 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}; 3693 V16x8 b = {100, 101, 102, 103, 104, 105, 106, 107, 3694 108, 109, 110, 111, 112, 113, 114, 115}; 3695 V2x64 c = _mm_sad_epu8(a, b); 3696 3697 EXPECT_POISONED(c[0]); 3698 EXPECT_NOT_POISONED(c[1]); 3699 3700 EXPECT_EQ(800U, c[1]); 3701} 3702 3703TEST(VectorMaddTest, mmx_pmadd_wd) { 3704 V4x16 a = {Poisoned<U2>(), 1, 2, 3}; 3705 V4x16 b = {100, 101, 102, 103}; 3706 V2x32 c = _mm_madd_pi16(a, b); 3707 3708 EXPECT_POISONED(c[0]); 3709 EXPECT_NOT_POISONED(c[1]); 3710 3711 EXPECT_EQ((unsigned)(2 * 102 + 3 * 103), c[1]); 3712} 3713#endif // defined(__clang__) 3714 3715TEST(MemorySanitizerDr, StoreInDSOTest) { 3716 if (!__msan_has_dynamic_component()) return; 3717 char* s = new char[10]; 3718 dso_memfill(s, 9); 3719 EXPECT_NOT_POISONED(s[5]); 3720 EXPECT_POISONED(s[9]); 3721} 3722 3723int return_poisoned_int() { 3724 return ReturnPoisoned<U8>(); 3725} 3726 3727TEST(MemorySanitizerDr, ReturnFromDSOTest) { 3728 if (!__msan_has_dynamic_component()) return; 3729 EXPECT_NOT_POISONED(dso_callfn(return_poisoned_int)); 3730} 3731 3732NOINLINE int TrashParamTLS(long long x, long long y, long long z) { //NOLINT 3733 EXPECT_POISONED(x); 3734 EXPECT_POISONED(y); 3735 EXPECT_POISONED(z); 3736 return 0; 3737} 3738 3739static int CheckParamTLS(long long x, long long y, long long z) { //NOLINT 3740 EXPECT_NOT_POISONED(x); 3741 EXPECT_NOT_POISONED(y); 3742 EXPECT_NOT_POISONED(z); 3743 return 0; 3744} 3745 3746TEST(MemorySanitizerDr, CallFromDSOTest) { 3747 if (!__msan_has_dynamic_component()) return; 3748 S8* x = GetPoisoned<S8>(); 3749 S8* y = GetPoisoned<S8>(); 3750 S8* z = GetPoisoned<S8>(); 3751 EXPECT_NOT_POISONED(TrashParamTLS(*x, *y, *z)); 3752 EXPECT_NOT_POISONED(dso_callfn1(CheckParamTLS)); 3753} 3754 3755static void StackStoreInDSOFn(int* x, int* y) { 3756 EXPECT_NOT_POISONED(*x); 3757 EXPECT_NOT_POISONED(*y); 3758} 3759 3760TEST(MemorySanitizerDr, StackStoreInDSOTest) { 3761 if (!__msan_has_dynamic_component()) return; 3762 dso_stack_store(StackStoreInDSOFn, 1); 3763} 3764 3765TEST(MemorySanitizerOrigins, SetGet) { 3766 EXPECT_EQ(TrackingOrigins(), __msan_get_track_origins()); 3767 if (!TrackingOrigins()) return; 3768 int x; 3769 __msan_set_origin(&x, sizeof(x), 1234); 3770 EXPECT_EQ(1234U, __msan_get_origin(&x)); 3771 __msan_set_origin(&x, sizeof(x), 5678); 3772 EXPECT_EQ(5678U, __msan_get_origin(&x)); 3773 __msan_set_origin(&x, sizeof(x), 0); 3774 EXPECT_EQ(0U, __msan_get_origin(&x)); 3775} 3776 3777namespace { 3778struct S { 3779 U4 dummy; 3780 U2 a; 3781 U2 b; 3782}; 3783 3784// http://code.google.com/p/memory-sanitizer/issues/detail?id=6 3785TEST(MemorySanitizerOrigins, DISABLED_InitializedStoreDoesNotChangeOrigin) { 3786 if (!TrackingOrigins()) return; 3787 3788 S s; 3789 U4 origin = rand(); // NOLINT 3790 s.a = *GetPoisonedO<U2>(0, origin); 3791 EXPECT_EQ(origin, __msan_get_origin(&s.a)); 3792 EXPECT_EQ(origin, __msan_get_origin(&s.b)); 3793 3794 s.b = 42; 3795 EXPECT_EQ(origin, __msan_get_origin(&s.a)); 3796 EXPECT_EQ(origin, __msan_get_origin(&s.b)); 3797} 3798} // namespace 3799 3800template<class T, class BinaryOp> 3801INLINE 3802void BinaryOpOriginTest(BinaryOp op) { 3803 U4 ox = rand(); //NOLINT 3804 U4 oy = rand(); //NOLINT 3805 T *x = GetPoisonedO<T>(0, ox, 0); 3806 T *y = GetPoisonedO<T>(1, oy, 0); 3807 T *z = GetPoisonedO<T>(2, 0, 0); 3808 3809 *z = op(*x, *y); 3810 U4 origin = __msan_get_origin(z); 3811 EXPECT_POISONED_O(*z, origin); 3812 EXPECT_EQ(true, origin == ox || origin == oy); 3813 3814 // y is poisoned, x is not. 3815 *x = 10101; 3816 *y = *GetPoisonedO<T>(1, oy); 3817 break_optimization(x); 3818 __msan_set_origin(z, sizeof(*z), 0); 3819 *z = op(*x, *y); 3820 EXPECT_POISONED_O(*z, oy); 3821 EXPECT_EQ(__msan_get_origin(z), oy); 3822 3823 // x is poisoned, y is not. 3824 *x = *GetPoisonedO<T>(0, ox); 3825 *y = 10101010; 3826 break_optimization(y); 3827 __msan_set_origin(z, sizeof(*z), 0); 3828 *z = op(*x, *y); 3829 EXPECT_POISONED_O(*z, ox); 3830 EXPECT_EQ(__msan_get_origin(z), ox); 3831} 3832 3833template<class T> INLINE T XOR(const T &a, const T&b) { return a ^ b; } 3834template<class T> INLINE T ADD(const T &a, const T&b) { return a + b; } 3835template<class T> INLINE T SUB(const T &a, const T&b) { return a - b; } 3836template<class T> INLINE T MUL(const T &a, const T&b) { return a * b; } 3837template<class T> INLINE T AND(const T &a, const T&b) { return a & b; } 3838template<class T> INLINE T OR (const T &a, const T&b) { return a | b; } 3839 3840TEST(MemorySanitizerOrigins, BinaryOp) { 3841 if (!TrackingOrigins()) return; 3842 BinaryOpOriginTest<S8>(XOR<S8>); 3843 BinaryOpOriginTest<U8>(ADD<U8>); 3844 BinaryOpOriginTest<S4>(SUB<S4>); 3845 BinaryOpOriginTest<S4>(MUL<S4>); 3846 BinaryOpOriginTest<U4>(OR<U4>); 3847 BinaryOpOriginTest<U4>(AND<U4>); 3848 BinaryOpOriginTest<double>(ADD<U4>); 3849 BinaryOpOriginTest<float>(ADD<S4>); 3850 BinaryOpOriginTest<double>(ADD<double>); 3851 BinaryOpOriginTest<float>(ADD<double>); 3852} 3853 3854TEST(MemorySanitizerOrigins, Unary) { 3855 if (!TrackingOrigins()) return; 3856 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 3857 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 3858 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 3859 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 3860 3861 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3862 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3863 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3864 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3865 3866 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 3867 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 3868 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 3869 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 3870 3871 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3872 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3873 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3874 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3875 3876 EXPECT_POISONED_O((void*)*GetPoisonedO<S8>(0, __LINE__), __LINE__); 3877 EXPECT_POISONED_O((U8)*GetPoisonedO<void*>(0, __LINE__), __LINE__); 3878} 3879 3880TEST(MemorySanitizerOrigins, EQ) { 3881 if (!TrackingOrigins()) return; 3882 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) <= 11, __LINE__); 3883 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) == 11, __LINE__); 3884 EXPECT_POISONED_O(*GetPoisonedO<float>(0, __LINE__) == 1.1, __LINE__); 3885} 3886 3887TEST(MemorySanitizerOrigins, DIV) { 3888 if (!TrackingOrigins()) return; 3889 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) / 100, __LINE__); 3890 unsigned o = __LINE__; 3891 EXPECT_UMR_O(volatile unsigned y = 100 / *GetPoisonedO<S4>(0, o, 1), o); 3892} 3893 3894TEST(MemorySanitizerOrigins, SHIFT) { 3895 if (!TrackingOrigins()) return; 3896 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) >> 10, __LINE__); 3897 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) >> 10, __LINE__); 3898 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) << 10, __LINE__); 3899 EXPECT_POISONED_O(10U << *GetPoisonedO<U8>(0, __LINE__), __LINE__); 3900 EXPECT_POISONED_O(-10 >> *GetPoisonedO<S8>(0, __LINE__), __LINE__); 3901 EXPECT_POISONED_O(-10 << *GetPoisonedO<S8>(0, __LINE__), __LINE__); 3902} 3903 3904template<class T, int N> 3905void MemCpyTest() { 3906 int ox = __LINE__; 3907 T *x = new T[N]; 3908 T *y = new T[N]; 3909 T *z = new T[N]; 3910 T *q = new T[N]; 3911 __msan_poison(x, N * sizeof(T)); 3912 __msan_set_origin(x, N * sizeof(T), ox); 3913 __msan_set_origin(y, N * sizeof(T), 777777); 3914 __msan_set_origin(z, N * sizeof(T), 888888); 3915 EXPECT_NOT_POISONED(x); 3916 memcpy(y, x, N * sizeof(T)); 3917 EXPECT_POISONED_O(y[0], ox); 3918 EXPECT_POISONED_O(y[N/2], ox); 3919 EXPECT_POISONED_O(y[N-1], ox); 3920 EXPECT_NOT_POISONED(x); 3921 void *res = mempcpy(q, x, N * sizeof(T)); 3922 ASSERT_EQ(q + N, res); 3923 EXPECT_POISONED_O(q[0], ox); 3924 EXPECT_POISONED_O(q[N/2], ox); 3925 EXPECT_POISONED_O(q[N-1], ox); 3926 EXPECT_NOT_POISONED(x); 3927 memmove(z, x, N * sizeof(T)); 3928 EXPECT_POISONED_O(z[0], ox); 3929 EXPECT_POISONED_O(z[N/2], ox); 3930 EXPECT_POISONED_O(z[N-1], ox); 3931} 3932 3933TEST(MemorySanitizerOrigins, LargeMemCpy) { 3934 if (!TrackingOrigins()) return; 3935 MemCpyTest<U1, 10000>(); 3936 MemCpyTest<U8, 10000>(); 3937} 3938 3939TEST(MemorySanitizerOrigins, SmallMemCpy) { 3940 if (!TrackingOrigins()) return; 3941 MemCpyTest<U8, 1>(); 3942 MemCpyTest<U8, 2>(); 3943 MemCpyTest<U8, 3>(); 3944} 3945 3946TEST(MemorySanitizerOrigins, Select) { 3947 if (!TrackingOrigins()) return; 3948 EXPECT_NOT_POISONED(g_one ? 1 : *GetPoisonedO<S4>(0, __LINE__)); 3949 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 3950 S4 x; 3951 break_optimization(&x); 3952 x = g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 0; 3953 3954 EXPECT_POISONED_O(g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 1, __LINE__); 3955 EXPECT_POISONED_O(g_0 ? 1 : *GetPoisonedO<S4>(0, __LINE__), __LINE__); 3956} 3957 3958NOINLINE int RetvalOriginTest(U4 origin) { 3959 int *a = new int; 3960 break_optimization(a); 3961 __msan_set_origin(a, sizeof(*a), origin); 3962 int res = *a; 3963 delete a; 3964 return res; 3965} 3966 3967TEST(MemorySanitizerOrigins, Retval) { 3968 if (!TrackingOrigins()) return; 3969 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 3970} 3971 3972NOINLINE void ParamOriginTest(int param, U4 origin) { 3973 EXPECT_POISONED_O(param, origin); 3974} 3975 3976TEST(MemorySanitizerOrigins, Param) { 3977 if (!TrackingOrigins()) return; 3978 int *a = new int; 3979 U4 origin = __LINE__; 3980 break_optimization(a); 3981 __msan_set_origin(a, sizeof(*a), origin); 3982 ParamOriginTest(*a, origin); 3983 delete a; 3984} 3985 3986TEST(MemorySanitizerOrigins, Invoke) { 3987 if (!TrackingOrigins()) return; 3988 StructWithDtor s; // Will cause the calls to become invokes. 3989 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 3990} 3991 3992TEST(MemorySanitizerOrigins, strlen) { 3993 S8 alignment; 3994 break_optimization(&alignment); 3995 char x[4] = {'a', 'b', 0, 0}; 3996 __msan_poison(&x[2], 1); 3997 U4 origin = __LINE__; 3998 __msan_set_origin(x, sizeof(x), origin); 3999 EXPECT_UMR_O(volatile unsigned y = strlen(x), origin); 4000} 4001 4002TEST(MemorySanitizerOrigins, wcslen) { 4003 wchar_t w[3] = {'a', 'b', 0}; 4004 U4 origin = __LINE__; 4005 __msan_set_origin(w, sizeof(w), origin); 4006 __msan_poison(&w[2], sizeof(wchar_t)); 4007 EXPECT_UMR_O(volatile unsigned y = wcslen(w), origin); 4008} 4009 4010#if MSAN_HAS_M128 4011TEST(MemorySanitizerOrigins, StoreIntrinsic) { 4012 __m128 x, y; 4013 U4 origin = __LINE__; 4014 __msan_set_origin(&x, sizeof(x), origin); 4015 __msan_poison(&x, sizeof(x)); 4016 __builtin_ia32_storeups((float*)&y, x); 4017 EXPECT_POISONED_O(y, origin); 4018} 4019#endif 4020 4021NOINLINE void RecursiveMalloc(int depth) { 4022 static int count; 4023 count++; 4024 if ((count % (1024 * 1024)) == 0) 4025 printf("RecursiveMalloc: %d\n", count); 4026 int *x1 = new int; 4027 int *x2 = new int; 4028 break_optimization(x1); 4029 break_optimization(x2); 4030 if (depth > 0) { 4031 RecursiveMalloc(depth-1); 4032 RecursiveMalloc(depth-1); 4033 } 4034 delete x1; 4035 delete x2; 4036} 4037 4038TEST(MemorySanitizer, Select) { 4039 int x; 4040 int volatile* p = &x; 4041 int z = *p ? 1 : 0; 4042 EXPECT_POISONED(z); 4043} 4044 4045TEST(MemorySanitizer, SelectPartial) { 4046 // Precise instrumentation of select. 4047 // Some bits of the result do not depend on select condition, and must stay 4048 // initialized even if select condition is not. These are the bits that are 4049 // equal and initialized in both left and right select arguments. 4050 U4 x = 0xFFFFABCDU; 4051 U4 x_s = 0xFFFF0000U; 4052 __msan_partial_poison(&x, &x_s, sizeof(x)); 4053 U4 y = 0xAB00U; 4054 U1 cond = true; 4055 __msan_poison(&cond, sizeof(cond)); 4056 U4 z = cond ? x : y; 4057 __msan_print_shadow(&z, sizeof(z)); 4058 EXPECT_POISONED(z & 0xFFU); 4059 EXPECT_NOT_POISONED(z & 0xFF00U); 4060 EXPECT_POISONED(z & 0xFF0000U); 4061 EXPECT_POISONED(z & 0xFF000000U); 4062 EXPECT_EQ(0xAB00U, z & 0xFF00U); 4063} 4064 4065TEST(MemorySanitizerStress, DISABLED_MallocStackTrace) { 4066 RecursiveMalloc(22); 4067} 4068 4069TEST(MemorySanitizerAllocator, get_estimated_allocated_size) { 4070 size_t sizes[] = {0, 20, 5000, 1<<20}; 4071 for (size_t i = 0; i < sizeof(sizes) / sizeof(*sizes); ++i) { 4072 size_t alloc_size = __sanitizer_get_estimated_allocated_size(sizes[i]); 4073 EXPECT_EQ(alloc_size, sizes[i]); 4074 } 4075} 4076 4077TEST(MemorySanitizerAllocator, get_allocated_size_and_ownership) { 4078 char *array = reinterpret_cast<char*>(malloc(100)); 4079 int *int_ptr = new int; 4080 4081 EXPECT_TRUE(__sanitizer_get_ownership(array)); 4082 EXPECT_EQ(100U, __sanitizer_get_allocated_size(array)); 4083 4084 EXPECT_TRUE(__sanitizer_get_ownership(int_ptr)); 4085 EXPECT_EQ(sizeof(*int_ptr), __sanitizer_get_allocated_size(int_ptr)); 4086 4087 void *wild_addr = reinterpret_cast<void*>(0x1); 4088 EXPECT_FALSE(__sanitizer_get_ownership(wild_addr)); 4089 EXPECT_EQ(0U, __sanitizer_get_allocated_size(wild_addr)); 4090 4091 EXPECT_FALSE(__sanitizer_get_ownership(array + 50)); 4092 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array + 50)); 4093 4094 // NULL is a valid argument for GetAllocatedSize but is not owned. 4095 EXPECT_FALSE(__sanitizer_get_ownership(NULL)); 4096 EXPECT_EQ(0U, __sanitizer_get_allocated_size(NULL)); 4097 4098 free(array); 4099 EXPECT_FALSE(__sanitizer_get_ownership(array)); 4100 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array)); 4101 4102 delete int_ptr; 4103} 4104 4105TEST(MemorySanitizer, MlockTest) { 4106 EXPECT_EQ(0, mlockall(MCL_CURRENT)); 4107 EXPECT_EQ(0, mlock((void*)0x12345, 0x5678)); 4108 EXPECT_EQ(0, munlockall()); 4109 EXPECT_EQ(0, munlock((void*)0x987, 0x654)); 4110} 4111 4112// Test that LargeAllocator unpoisons memory before releasing it to the OS. 4113TEST(MemorySanitizer, LargeAllocatorUnpoisonsOnFree) { 4114 void *p = malloc(1024 * 1024); 4115 free(p); 4116 4117 typedef void *(*mmap_fn)(void *, size_t, int, int, int, off_t); 4118 mmap_fn real_mmap = (mmap_fn)dlsym(RTLD_NEXT, "mmap"); 4119 4120 // Allocate the page that was released to the OS in free() with the real mmap, 4121 // bypassing the interceptor. 4122 char *q = (char *)real_mmap(p, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); 4123 ASSERT_NE((char *)0, q); 4124 4125 ASSERT_TRUE(q <= p); 4126 ASSERT_TRUE(q + 4096 > p); 4127 4128 EXPECT_NOT_POISONED(q[0]); 4129 EXPECT_NOT_POISONED(q[10]); 4130 EXPECT_NOT_POISONED(q[100]); 4131 4132 munmap(q, 4096); 4133} 4134 4135#if SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE 4136TEST(MemorySanitizer, MallocUsableSizeTest) { 4137 const size_t kArraySize = 100; 4138 char *array = Ident((char*)malloc(kArraySize)); 4139 int *int_ptr = Ident(new int); 4140 EXPECT_EQ(0U, malloc_usable_size(NULL)); 4141 EXPECT_EQ(kArraySize, malloc_usable_size(array)); 4142 EXPECT_EQ(sizeof(int), malloc_usable_size(int_ptr)); 4143 free(array); 4144 delete int_ptr; 4145} 4146#endif // SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE 4147