msan_test.cc revision 204060453c823f027815cfe6d449bbd5c4f39f7f
1//===-- msan_test.cc ------------------------------------------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file is a part of MemorySanitizer. 11// 12// MemorySanitizer unit tests. 13//===----------------------------------------------------------------------===// 14 15#ifndef MSAN_EXTERNAL_TEST_CONFIG 16#include "msan_test_config.h" 17#endif // MSAN_EXTERNAL_TEST_CONFIG 18 19#include "sanitizer/msan_interface.h" 20#include "msandr_test_so.h" 21 22#include <inttypes.h> 23#include <stdlib.h> 24#include <stdarg.h> 25#include <stdio.h> 26#include <assert.h> 27#include <wchar.h> 28#include <math.h> 29#include <malloc.h> 30 31#include <arpa/inet.h> 32#include <dlfcn.h> 33#include <grp.h> 34#include <unistd.h> 35#include <link.h> 36#include <limits.h> 37#include <sys/time.h> 38#include <poll.h> 39#include <sys/types.h> 40#include <sys/stat.h> 41#include <fcntl.h> 42#include <sys/resource.h> 43#include <sys/ioctl.h> 44#include <sys/sysinfo.h> 45#include <sys/utsname.h> 46#include <sys/mman.h> 47#include <sys/vfs.h> 48#include <dirent.h> 49#include <pwd.h> 50#include <sys/socket.h> 51#include <netdb.h> 52 53#if defined(__i386__) || defined(__x86_64__) 54# include <emmintrin.h> 55# define MSAN_HAS_M128 1 56#else 57# define MSAN_HAS_M128 0 58#endif 59 60static const int kPageSize = 4096; 61 62typedef unsigned char U1; 63typedef unsigned short U2; // NOLINT 64typedef unsigned int U4; 65typedef unsigned long long U8; // NOLINT 66typedef signed char S1; 67typedef signed short S2; // NOLINT 68typedef signed int S4; 69typedef signed long long S8; // NOLINT 70#define NOINLINE __attribute__((noinline)) 71#define INLINE __attribute__((always_inline)) 72 73static bool TrackingOrigins() { 74 S8 x; 75 __msan_set_origin(&x, sizeof(x), 0x1234); 76 U4 origin = __msan_get_origin(&x); 77 __msan_set_origin(&x, sizeof(x), 0); 78 return origin == 0x1234; 79} 80 81#define EXPECT_UMR(action) \ 82 do { \ 83 __msan_set_expect_umr(1); \ 84 action; \ 85 __msan_set_expect_umr(0); \ 86 } while (0) 87 88#define EXPECT_UMR_O(action, origin) \ 89 do { \ 90 __msan_set_expect_umr(1); \ 91 action; \ 92 __msan_set_expect_umr(0); \ 93 if (TrackingOrigins()) \ 94 EXPECT_EQ(origin, __msan_get_umr_origin()); \ 95 } while (0) 96 97#define EXPECT_UMR_S(action, stack_origin) \ 98 do { \ 99 __msan_set_expect_umr(1); \ 100 action; \ 101 __msan_set_expect_umr(0); \ 102 U4 id = __msan_get_umr_origin(); \ 103 const char *str = __msan_get_origin_descr_if_stack(id); \ 104 if (!str || strcmp(str, stack_origin)) { \ 105 fprintf(stderr, "EXPECT_POISONED_S: id=%u %s, %s", \ 106 id, stack_origin, str); \ 107 EXPECT_EQ(1, 0); \ 108 } \ 109 } while (0) 110 111#define EXPECT_POISONED(x) ExpectPoisoned(x) 112 113template<typename T> 114void ExpectPoisoned(const T& t) { 115 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 116} 117 118#define EXPECT_POISONED_O(x, origin) \ 119 ExpectPoisonedWithOrigin(x, origin) 120 121template<typename T> 122void ExpectPoisonedWithOrigin(const T& t, unsigned origin) { 123 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 124 if (TrackingOrigins()) 125 EXPECT_EQ(origin, __msan_get_origin((void*)&t)); 126} 127 128#define EXPECT_POISONED_S(x, stack_origin) \ 129 ExpectPoisonedWithStackOrigin(x, stack_origin) 130 131template<typename T> 132void ExpectPoisonedWithStackOrigin(const T& t, const char *stack_origin) { 133 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 134 U4 id = __msan_get_origin((void*)&t); 135 const char *str = __msan_get_origin_descr_if_stack(id); 136 if (!str || strcmp(str, stack_origin)) { 137 fprintf(stderr, "EXPECT_POISONED_S: id=%u %s, %s", 138 id, stack_origin, str); 139 EXPECT_EQ(1, 0); 140 } 141} 142 143#define EXPECT_NOT_POISONED(x) ExpectNotPoisoned(x) 144 145template<typename T> 146void ExpectNotPoisoned(const T& t) { 147 EXPECT_EQ(-1, __msan_test_shadow((void*)&t, sizeof(t))); 148} 149 150static U8 poisoned_array[100]; 151template<class T> 152T *GetPoisoned(int i = 0, T val = 0) { 153 T *res = (T*)&poisoned_array[i]; 154 *res = val; 155 __msan_poison(&poisoned_array[i], sizeof(T)); 156 return res; 157} 158 159template<class T> 160T *GetPoisonedO(int i, U4 origin, T val = 0) { 161 T *res = (T*)&poisoned_array[i]; 162 *res = val; 163 __msan_poison(&poisoned_array[i], sizeof(T)); 164 __msan_set_origin(&poisoned_array[i], sizeof(T), origin); 165 return res; 166} 167 168// This function returns its parameter but in such a way that compiler 169// can not prove it. 170template<class T> 171NOINLINE 172static T Ident(T t) { 173 volatile T ret = t; 174 return ret; 175} 176 177template<class T> NOINLINE T ReturnPoisoned() { return *GetPoisoned<T>(); } 178 179static volatile int g_one = 1; 180static volatile int g_zero = 0; 181static volatile int g_0 = 0; 182static volatile int g_1 = 1; 183 184S4 a_s4[100]; 185S8 a_s8[100]; 186 187// Check that malloc poisons memory. 188// A lot of tests below depend on this. 189TEST(MemorySanitizerSanity, PoisonInMalloc) { 190 int *x = (int*)malloc(sizeof(int)); 191 EXPECT_POISONED(*x); 192 free(x); 193} 194 195TEST(MemorySanitizer, NegativeTest1) { 196 S4 *x = GetPoisoned<S4>(); 197 if (g_one) 198 *x = 0; 199 EXPECT_NOT_POISONED(*x); 200} 201 202TEST(MemorySanitizer, PositiveTest1) { 203 // Load to store. 204 EXPECT_POISONED(*GetPoisoned<S1>()); 205 EXPECT_POISONED(*GetPoisoned<S2>()); 206 EXPECT_POISONED(*GetPoisoned<S4>()); 207 EXPECT_POISONED(*GetPoisoned<S8>()); 208 209 // S->S conversions. 210 EXPECT_POISONED(*GetPoisoned<S1>()); 211 EXPECT_POISONED(*GetPoisoned<S1>()); 212 EXPECT_POISONED(*GetPoisoned<S1>()); 213 214 EXPECT_POISONED(*GetPoisoned<S2>()); 215 EXPECT_POISONED(*GetPoisoned<S2>()); 216 EXPECT_POISONED(*GetPoisoned<S2>()); 217 218 EXPECT_POISONED(*GetPoisoned<S4>()); 219 EXPECT_POISONED(*GetPoisoned<S4>()); 220 EXPECT_POISONED(*GetPoisoned<S4>()); 221 222 EXPECT_POISONED(*GetPoisoned<S8>()); 223 EXPECT_POISONED(*GetPoisoned<S8>()); 224 EXPECT_POISONED(*GetPoisoned<S8>()); 225 226 // ZExt 227 EXPECT_POISONED(*GetPoisoned<U1>()); 228 EXPECT_POISONED(*GetPoisoned<U1>()); 229 EXPECT_POISONED(*GetPoisoned<U1>()); 230 EXPECT_POISONED(*GetPoisoned<U2>()); 231 EXPECT_POISONED(*GetPoisoned<U2>()); 232 EXPECT_POISONED(*GetPoisoned<U4>()); 233 234 // Unary ops. 235 EXPECT_POISONED(- *GetPoisoned<S4>()); 236 237 EXPECT_UMR(a_s4[g_zero] = 100 / *GetPoisoned<S4>(0, 1)); 238 239 240 a_s4[g_zero] = 1 - *GetPoisoned<S4>(); 241 a_s4[g_zero] = 1 + *GetPoisoned<S4>(); 242} 243 244TEST(MemorySanitizer, Phi1) { 245 S4 c; 246 if (g_one) { 247 c = *GetPoisoned<S4>(); 248 } else { 249 break_optimization(0); 250 c = 0; 251 } 252 EXPECT_POISONED(c); 253} 254 255TEST(MemorySanitizer, Phi2) { 256 S4 i = *GetPoisoned<S4>(); 257 S4 n = g_one; 258 EXPECT_UMR(for (; i < g_one; i++);); 259 EXPECT_POISONED(i); 260} 261 262NOINLINE void Arg1ExpectUMR(S4 a1) { EXPECT_POISONED(a1); } 263NOINLINE void Arg2ExpectUMR(S4 a1, S4 a2) { EXPECT_POISONED(a2); } 264NOINLINE void Arg3ExpectUMR(S1 a1, S4 a2, S8 a3) { EXPECT_POISONED(a3); } 265 266TEST(MemorySanitizer, ArgTest) { 267 Arg1ExpectUMR(*GetPoisoned<S4>()); 268 Arg2ExpectUMR(0, *GetPoisoned<S4>()); 269 Arg3ExpectUMR(0, 1, *GetPoisoned<S8>()); 270} 271 272 273TEST(MemorySanitizer, CallAndRet) { 274 if (!__msan_has_dynamic_component()) return; 275 ReturnPoisoned<S1>(); 276 ReturnPoisoned<S2>(); 277 ReturnPoisoned<S4>(); 278 ReturnPoisoned<S8>(); 279 280 EXPECT_POISONED(ReturnPoisoned<S1>()); 281 EXPECT_POISONED(ReturnPoisoned<S2>()); 282 EXPECT_POISONED(ReturnPoisoned<S4>()); 283 EXPECT_POISONED(ReturnPoisoned<S8>()); 284} 285 286// malloc() in the following test may be optimized to produce a compile-time 287// undef value. Check that we trap on the volatile assignment anyway. 288TEST(MemorySanitizer, DISABLED_MallocNoIdent) { 289 S4 *x = (int*)malloc(sizeof(S4)); 290 EXPECT_POISONED(*x); 291 free(x); 292} 293 294TEST(MemorySanitizer, Malloc) { 295 S4 *x = (int*)Ident(malloc(sizeof(S4))); 296 EXPECT_POISONED(*x); 297 free(x); 298} 299 300TEST(MemorySanitizer, Realloc) { 301 S4 *x = (int*)Ident(realloc(0, sizeof(S4))); 302 EXPECT_POISONED(x[0]); 303 x[0] = 1; 304 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 305 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 306 EXPECT_POISONED(x[1]); 307 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 308 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 309 EXPECT_POISONED(x[2]); 310 EXPECT_POISONED(x[1]); 311 x[2] = 1; // Init this here. Check that after realloc it is poisoned again. 312 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 313 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 314 EXPECT_POISONED(x[1]); 315 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 316 EXPECT_POISONED(x[1]); 317 EXPECT_POISONED(x[2]); 318 free(x); 319} 320 321TEST(MemorySanitizer, Calloc) { 322 S4 *x = (int*)Ident(calloc(1, sizeof(S4))); 323 EXPECT_NOT_POISONED(*x); // Should not be poisoned. 324 // EXPECT_EQ(0, *x); 325 free(x); 326} 327 328TEST(MemorySanitizer, AndOr) { 329 U4 *p = GetPoisoned<U4>(); 330 // We poison two bytes in the midle of a 4-byte word to make the test 331 // correct regardless of endianness. 332 ((U1*)p)[1] = 0; 333 ((U1*)p)[2] = 0xff; 334 EXPECT_NOT_POISONED(*p & 0x00ffff00); 335 EXPECT_NOT_POISONED(*p & 0x00ff0000); 336 EXPECT_NOT_POISONED(*p & 0x0000ff00); 337 EXPECT_POISONED(*p & 0xff000000); 338 EXPECT_POISONED(*p & 0x000000ff); 339 EXPECT_POISONED(*p & 0x0000ffff); 340 EXPECT_POISONED(*p & 0xffff0000); 341 342 EXPECT_NOT_POISONED(*p | 0xff0000ff); 343 EXPECT_NOT_POISONED(*p | 0xff00ffff); 344 EXPECT_NOT_POISONED(*p | 0xffff00ff); 345 EXPECT_POISONED(*p | 0xff000000); 346 EXPECT_POISONED(*p | 0x000000ff); 347 EXPECT_POISONED(*p | 0x0000ffff); 348 EXPECT_POISONED(*p | 0xffff0000); 349 350 EXPECT_POISONED(*GetPoisoned<bool>() & *GetPoisoned<bool>()); 351} 352 353template<class T> 354static bool applyNot(T value, T shadow) { 355 __msan_partial_poison(&value, &shadow, sizeof(T)); 356 return !value; 357} 358 359TEST(MemorySanitizer, Not) { 360 EXPECT_NOT_POISONED(applyNot<U4>(0x0, 0x0)); 361 EXPECT_NOT_POISONED(applyNot<U4>(0xFFFFFFFF, 0x0)); 362 EXPECT_POISONED(applyNot<U4>(0xFFFFFFFF, 0xFFFFFFFF)); 363 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0FFFFFFF)); 364 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00FFFFFF)); 365 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0000FFFF)); 366 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00000000)); 367 EXPECT_POISONED(applyNot<U4>(0xFF000000, 0xFF000000)); 368 EXPECT_NOT_POISONED(applyNot<U4>(0xFF800000, 0xFF000000)); 369 EXPECT_POISONED(applyNot<U4>(0x00008000, 0x00008000)); 370 371 EXPECT_NOT_POISONED(applyNot<U1>(0x0, 0x0)); 372 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0xFE)); 373 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0x0)); 374 EXPECT_POISONED(applyNot<U1>(0xFF, 0xFF)); 375 376 EXPECT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-1))); 377 EXPECT_NOT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-2))); 378} 379 380TEST(MemorySanitizer, Shift) { 381 U4 *up = GetPoisoned<U4>(); 382 ((U1*)up)[0] = 0; 383 ((U1*)up)[3] = 0xff; 384 EXPECT_NOT_POISONED(*up >> 30); 385 EXPECT_NOT_POISONED(*up >> 24); 386 EXPECT_POISONED(*up >> 23); 387 EXPECT_POISONED(*up >> 10); 388 389 EXPECT_NOT_POISONED(*up << 30); 390 EXPECT_NOT_POISONED(*up << 24); 391 EXPECT_POISONED(*up << 23); 392 EXPECT_POISONED(*up << 10); 393 394 S4 *sp = (S4*)up; 395 EXPECT_NOT_POISONED(*sp >> 30); 396 EXPECT_NOT_POISONED(*sp >> 24); 397 EXPECT_POISONED(*sp >> 23); 398 EXPECT_POISONED(*sp >> 10); 399 400 sp = GetPoisoned<S4>(); 401 ((S1*)sp)[1] = 0; 402 ((S1*)sp)[2] = 0; 403 EXPECT_POISONED(*sp >> 31); 404 405 EXPECT_POISONED(100 >> *GetPoisoned<S4>()); 406 EXPECT_POISONED(100U >> *GetPoisoned<S4>()); 407} 408 409NOINLINE static int GetPoisonedZero() { 410 int *zero = new int; 411 *zero = 0; 412 __msan_poison(zero, sizeof(*zero)); 413 int res = *zero; 414 delete zero; 415 return res; 416} 417 418TEST(MemorySanitizer, LoadFromDirtyAddress) { 419 int *a = new int; 420 *a = 0; 421 EXPECT_UMR(break_optimization((void*)(U8)a[GetPoisonedZero()])); 422 delete a; 423} 424 425TEST(MemorySanitizer, StoreToDirtyAddress) { 426 int *a = new int; 427 EXPECT_UMR(a[GetPoisonedZero()] = 0); 428 break_optimization(a); 429 delete a; 430} 431 432 433NOINLINE void StackTestFunc() { 434 S4 p4; 435 S4 ok4 = 1; 436 S2 p2; 437 S2 ok2 = 1; 438 S1 p1; 439 S1 ok1 = 1; 440 break_optimization(&p4); 441 break_optimization(&ok4); 442 break_optimization(&p2); 443 break_optimization(&ok2); 444 break_optimization(&p1); 445 break_optimization(&ok1); 446 447 EXPECT_POISONED(p4); 448 EXPECT_POISONED(p2); 449 EXPECT_POISONED(p1); 450 EXPECT_NOT_POISONED(ok1); 451 EXPECT_NOT_POISONED(ok2); 452 EXPECT_NOT_POISONED(ok4); 453} 454 455TEST(MemorySanitizer, StackTest) { 456 StackTestFunc(); 457} 458 459NOINLINE void StackStressFunc() { 460 int foo[10000]; 461 break_optimization(foo); 462} 463 464TEST(MemorySanitizer, DISABLED_StackStressTest) { 465 for (int i = 0; i < 1000000; i++) 466 StackStressFunc(); 467} 468 469template<class T> 470void TestFloatingPoint() { 471 static volatile T v; 472 static T g[100]; 473 break_optimization(&g); 474 T *x = GetPoisoned<T>(); 475 T *y = GetPoisoned<T>(1); 476 EXPECT_POISONED(*x); 477 EXPECT_POISONED((long long)*x); 478 EXPECT_POISONED((int)*x); 479 g[0] = *x; 480 g[1] = *x + *y; 481 g[2] = *x - *y; 482 g[3] = *x * *y; 483} 484 485TEST(MemorySanitizer, FloatingPointTest) { 486 TestFloatingPoint<float>(); 487 TestFloatingPoint<double>(); 488} 489 490TEST(MemorySanitizer, DynMem) { 491 S4 x = 0; 492 S4 *y = GetPoisoned<S4>(); 493 memcpy(y, &x, g_one * sizeof(S4)); 494 EXPECT_NOT_POISONED(*y); 495} 496 497static char *DynRetTestStr; 498 499TEST(MemorySanitizer, DynRet) { 500 if (!__msan_has_dynamic_component()) return; 501 ReturnPoisoned<S8>(); 502 EXPECT_NOT_POISONED(clearenv()); 503} 504 505 506TEST(MemorySanitizer, DynRet1) { 507 if (!__msan_has_dynamic_component()) return; 508 ReturnPoisoned<S8>(); 509} 510 511struct LargeStruct { 512 S4 x[10]; 513}; 514 515NOINLINE 516LargeStruct LargeRetTest() { 517 LargeStruct res; 518 res.x[0] = *GetPoisoned<S4>(); 519 res.x[1] = *GetPoisoned<S4>(); 520 res.x[2] = *GetPoisoned<S4>(); 521 res.x[3] = *GetPoisoned<S4>(); 522 res.x[4] = *GetPoisoned<S4>(); 523 res.x[5] = *GetPoisoned<S4>(); 524 res.x[6] = *GetPoisoned<S4>(); 525 res.x[7] = *GetPoisoned<S4>(); 526 res.x[8] = *GetPoisoned<S4>(); 527 res.x[9] = *GetPoisoned<S4>(); 528 return res; 529} 530 531TEST(MemorySanitizer, strcmp) { 532 char s1[10]; 533 char s2[10]; 534 strncpy(s1, "foo", 10); 535 s2[0] = 'f'; 536 s2[1] = 'n'; 537 EXPECT_GT(strcmp(s1, s2), 0); 538 s2[1] = 'o'; 539 int res; 540 EXPECT_UMR(res = strcmp(s1, s2)); 541 EXPECT_NOT_POISONED(res); 542 EXPECT_EQ(strncmp(s1, s2, 1), 0); 543} 544 545TEST(MemorySanitizer, LargeRet) { 546 LargeStruct a = LargeRetTest(); 547 EXPECT_POISONED(a.x[0]); 548 EXPECT_POISONED(a.x[9]); 549} 550 551TEST(MemorySanitizer, strerror) { 552 char *buf = strerror(EINVAL); 553 EXPECT_NOT_POISONED(strlen(buf)); 554 buf = strerror(123456); 555 EXPECT_NOT_POISONED(strlen(buf)); 556} 557 558TEST(MemorySanitizer, strerror_r) { 559 errno = 0; 560 char buf[1000]; 561 char *res = strerror_r(EINVAL, buf, sizeof(buf)); 562 ASSERT_EQ(0, errno); 563 if (!res) res = buf; // POSIX version success. 564 EXPECT_NOT_POISONED(strlen(res)); 565} 566 567TEST(MemorySanitizer, fread) { 568 char *x = new char[32]; 569 FILE *f = fopen("/proc/self/stat", "r"); 570 assert(f); 571 fread(x, 1, 32, f); 572 EXPECT_NOT_POISONED(x[0]); 573 EXPECT_NOT_POISONED(x[16]); 574 EXPECT_NOT_POISONED(x[31]); 575 fclose(f); 576 delete x; 577} 578 579TEST(MemorySanitizer, read) { 580 char *x = new char[32]; 581 int fd = open("/proc/self/stat", O_RDONLY); 582 assert(fd > 0); 583 int sz = read(fd, x, 32); 584 assert(sz == 32); 585 EXPECT_NOT_POISONED(x[0]); 586 EXPECT_NOT_POISONED(x[16]); 587 EXPECT_NOT_POISONED(x[31]); 588 close(fd); 589 delete x; 590} 591 592TEST(MemorySanitizer, pread) { 593 char *x = new char[32]; 594 int fd = open("/proc/self/stat", O_RDONLY); 595 assert(fd > 0); 596 int sz = pread(fd, x, 32, 0); 597 assert(sz == 32); 598 EXPECT_NOT_POISONED(x[0]); 599 EXPECT_NOT_POISONED(x[16]); 600 EXPECT_NOT_POISONED(x[31]); 601 close(fd); 602 delete x; 603} 604 605TEST(MemorySanitizer, readv) { 606 char buf[2011]; 607 struct iovec iov[2]; 608 iov[0].iov_base = buf + 1; 609 iov[0].iov_len = 5; 610 iov[1].iov_base = buf + 10; 611 iov[1].iov_len = 2000; 612 int fd = open("/proc/self/stat", O_RDONLY); 613 assert(fd > 0); 614 int sz = readv(fd, iov, 2); 615 ASSERT_LT(sz, 5 + 2000); 616 ASSERT_GT(sz, iov[0].iov_len); 617 EXPECT_POISONED(buf[0]); 618 EXPECT_NOT_POISONED(buf[1]); 619 EXPECT_NOT_POISONED(buf[5]); 620 EXPECT_POISONED(buf[6]); 621 EXPECT_POISONED(buf[9]); 622 EXPECT_NOT_POISONED(buf[10]); 623 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 624 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 625 close(fd); 626} 627 628TEST(MemorySanitizer, preadv) { 629 char buf[2011]; 630 struct iovec iov[2]; 631 iov[0].iov_base = buf + 1; 632 iov[0].iov_len = 5; 633 iov[1].iov_base = buf + 10; 634 iov[1].iov_len = 2000; 635 int fd = open("/proc/self/stat", O_RDONLY); 636 assert(fd > 0); 637 int sz = preadv(fd, iov, 2, 3); 638 ASSERT_LT(sz, 5 + 2000); 639 ASSERT_GT(sz, iov[0].iov_len); 640 EXPECT_POISONED(buf[0]); 641 EXPECT_NOT_POISONED(buf[1]); 642 EXPECT_NOT_POISONED(buf[5]); 643 EXPECT_POISONED(buf[6]); 644 EXPECT_POISONED(buf[9]); 645 EXPECT_NOT_POISONED(buf[10]); 646 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 647 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 648 close(fd); 649} 650 651// FIXME: fails now. 652TEST(MemorySanitizer, DISABLED_ioctl) { 653 struct winsize ws; 654 EXPECT_EQ(ioctl(2, TIOCGWINSZ, &ws), 0); 655 EXPECT_NOT_POISONED(ws.ws_col); 656} 657 658TEST(MemorySanitizer, readlink) { 659 char *x = new char[1000]; 660 readlink("/proc/self/exe", x, 1000); 661 EXPECT_NOT_POISONED(x[0]); 662 delete [] x; 663} 664 665 666TEST(MemorySanitizer, stat) { 667 struct stat* st = new struct stat; 668 int res = stat("/proc/self/stat", st); 669 assert(!res); 670 EXPECT_NOT_POISONED(st->st_dev); 671 EXPECT_NOT_POISONED(st->st_mode); 672 EXPECT_NOT_POISONED(st->st_size); 673} 674 675TEST(MemorySanitizer, statfs) { 676 struct statfs* st = new struct statfs; 677 int res = statfs("/", st); 678 assert(!res); 679 EXPECT_NOT_POISONED(st->f_type); 680 EXPECT_NOT_POISONED(st->f_bfree); 681 EXPECT_NOT_POISONED(st->f_namelen); 682} 683 684TEST(MemorySanitizer, pipe) { 685 int* pipefd = new int[2]; 686 int res = pipe(pipefd); 687 assert(!res); 688 EXPECT_NOT_POISONED(pipefd[0]); 689 EXPECT_NOT_POISONED(pipefd[1]); 690 close(pipefd[0]); 691 close(pipefd[1]); 692} 693 694TEST(MemorySanitizer, pipe2) { 695 int* pipefd = new int[2]; 696 int res = pipe2(pipefd, O_NONBLOCK); 697 assert(!res); 698 EXPECT_NOT_POISONED(pipefd[0]); 699 EXPECT_NOT_POISONED(pipefd[1]); 700 close(pipefd[0]); 701 close(pipefd[1]); 702} 703 704TEST(MemorySanitizer, socketpair) { 705 int sv[2]; 706 int res = socketpair(AF_UNIX, SOCK_STREAM, 0, sv); 707 assert(!res); 708 EXPECT_NOT_POISONED(sv[0]); 709 EXPECT_NOT_POISONED(sv[1]); 710 close(sv[0]); 711 close(sv[1]); 712} 713 714TEST(MemorySanitizer, poll) { 715 int* pipefd = new int[2]; 716 int res = pipe(pipefd); 717 ASSERT_EQ(0, res); 718 719 char data = 42; 720 res = write(pipefd[1], &data, 1); 721 ASSERT_EQ(1, res); 722 723 pollfd fds[2]; 724 fds[0].fd = pipefd[0]; 725 fds[0].events = POLLIN; 726 fds[1].fd = pipefd[1]; 727 fds[1].events = POLLIN; 728 res = poll(fds, 2, 500); 729 ASSERT_EQ(1, res); 730 EXPECT_NOT_POISONED(fds[0].revents); 731 EXPECT_NOT_POISONED(fds[1].revents); 732 733 close(pipefd[0]); 734 close(pipefd[1]); 735} 736 737TEST(MemorySanitizer, ppoll) { 738 int* pipefd = new int[2]; 739 int res = pipe(pipefd); 740 ASSERT_EQ(0, res); 741 742 char data = 42; 743 res = write(pipefd[1], &data, 1); 744 ASSERT_EQ(1, res); 745 746 pollfd fds[2]; 747 fds[0].fd = pipefd[0]; 748 fds[0].events = POLLIN; 749 fds[1].fd = pipefd[1]; 750 fds[1].events = POLLIN; 751 sigset_t ss; 752 sigemptyset(&ss); 753 res = ppoll(fds, 2, NULL, &ss); 754 ASSERT_EQ(1, res); 755 EXPECT_NOT_POISONED(fds[0].revents); 756 EXPECT_NOT_POISONED(fds[1].revents); 757 758 close(pipefd[0]); 759 close(pipefd[1]); 760} 761 762TEST(MemorySanitizer, poll_positive) { 763 int* pipefd = new int[2]; 764 int res = pipe(pipefd); 765 ASSERT_EQ(0, res); 766 767 pollfd fds[2]; 768 fds[0].fd = pipefd[0]; 769 fds[0].events = POLLIN; 770 // fds[1].fd uninitialized 771 fds[1].events = POLLIN; 772 EXPECT_UMR(poll(fds, 2, 0)); 773 774 close(pipefd[0]); 775 close(pipefd[1]); 776} 777 778TEST(MemorySanitizer, bind_getsockname) { 779 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 780 781 struct sockaddr_in sai; 782 memset(&sai, 0, sizeof(sai)); 783 sai.sin_family = AF_UNIX; 784 int res = bind(sock, (struct sockaddr *)&sai, sizeof(sai)); 785 786 assert(!res); 787 char buf[200]; 788 socklen_t addrlen; 789 EXPECT_UMR(getsockname(sock, (struct sockaddr *)&buf, &addrlen)); 790 791 addrlen = sizeof(buf); 792 res = getsockname(sock, (struct sockaddr *)&buf, &addrlen); 793 EXPECT_NOT_POISONED(addrlen); 794 EXPECT_NOT_POISONED(buf[0]); 795 EXPECT_NOT_POISONED(buf[addrlen - 1]); 796 EXPECT_POISONED(buf[addrlen]); 797 close(sock); 798} 799 800TEST(MemorySanitizer, accept) { 801 int listen_socket = socket(AF_INET, SOCK_STREAM, 0); 802 ASSERT_LT(0, listen_socket); 803 804 struct sockaddr_in sai; 805 sai.sin_family = AF_INET; 806 sai.sin_port = 0; 807 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 808 int res = bind(listen_socket, (struct sockaddr *)&sai, sizeof(sai)); 809 ASSERT_EQ(0, res); 810 811 res = listen(listen_socket, 1); 812 ASSERT_EQ(0, res); 813 814 socklen_t sz = sizeof(sai); 815 res = getsockname(listen_socket, (struct sockaddr *)&sai, &sz); 816 ASSERT_EQ(0, res); 817 ASSERT_EQ(sizeof(sai), sz); 818 819 int connect_socket = socket(AF_INET, SOCK_STREAM, 0); 820 ASSERT_LT(0, connect_socket); 821 res = fcntl(connect_socket, F_SETFL, O_NONBLOCK); 822 ASSERT_EQ(0, res); 823 res = connect(connect_socket, (struct sockaddr *)&sai, sizeof(sai)); 824 ASSERT_EQ(-1, res); 825 ASSERT_EQ(EINPROGRESS, errno); 826 827 __msan_poison(&sai, sizeof(sai)); 828 int new_sock = accept(listen_socket, (struct sockaddr *)&sai, &sz); 829 ASSERT_LT(0, new_sock); 830 ASSERT_EQ(sizeof(sai), sz); 831 EXPECT_NOT_POISONED(sai); 832 833 __msan_poison(&sai, sizeof(sai)); 834 res = getpeername(new_sock, (struct sockaddr *)&sai, &sz); 835 ASSERT_EQ(0, res); 836 ASSERT_EQ(sizeof(sai), sz); 837 EXPECT_NOT_POISONED(sai); 838 839 close(new_sock); 840 close(connect_socket); 841 close(listen_socket); 842} 843 844TEST(MemorySanitizer, getaddrinfo) { 845 struct addrinfo *ai; 846 struct addrinfo hints; 847 memset(&hints, 0, sizeof(hints)); 848 hints.ai_family = AF_INET; 849 int res = getaddrinfo("localhost", NULL, &hints, &ai); 850 ASSERT_EQ(0, res); 851 EXPECT_NOT_POISONED(*ai); 852 ASSERT_EQ(sizeof(sockaddr_in), ai->ai_addrlen); 853 EXPECT_NOT_POISONED(*(sockaddr_in*)ai->ai_addr); 854} 855 856TEST(MemorySanitizer, getnameinfo) { 857 struct sockaddr_in sai; 858 sai.sin_family = AF_INET; 859 sai.sin_port = 80; 860 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 861 char host[500]; 862 char serv[500]; 863 int res = getnameinfo((struct sockaddr *)&sai, sizeof(sai), host, 864 sizeof(host), serv, sizeof(serv), 0); 865 ASSERT_EQ(0, res); 866 EXPECT_NOT_POISONED(host[0]); 867 EXPECT_POISONED(host[sizeof(host) - 1]); 868 869 ASSERT_NE(0, strlen(host)); 870 EXPECT_NOT_POISONED(serv[0]); 871 EXPECT_POISONED(serv[sizeof(serv) - 1]); 872 ASSERT_NE(0, strlen(serv)); 873} 874 875#define EXPECT_HOSTENT_NOT_POISONED(he) \ 876 do { \ 877 EXPECT_NOT_POISONED(*(he)); \ 878 ASSERT_NE((void *) 0, (he)->h_name); \ 879 ASSERT_NE((void *) 0, (he)->h_aliases); \ 880 ASSERT_NE((void *) 0, (he)->h_addr_list); \ 881 EXPECT_NOT_POISONED(strlen((he)->h_name)); \ 882 char **p = (he)->h_aliases; \ 883 while (*p) { \ 884 EXPECT_NOT_POISONED(strlen(*p)); \ 885 ++p; \ 886 } \ 887 char **q = (he)->h_addr_list; \ 888 while (*q) { \ 889 EXPECT_NOT_POISONED(*q[0]); \ 890 ++q; \ 891 } \ 892 EXPECT_NOT_POISONED(*q); \ 893 } while (0) 894 895TEST(MemorySanitizer, gethostent) { 896 struct hostent *he = gethostent(); 897 ASSERT_NE((void *)NULL, he); 898 EXPECT_HOSTENT_NOT_POISONED(he); 899} 900 901#ifndef MSAN_TEST_DISABLE_GETHOSTBYNAME 902 903TEST(MemorySanitizer, gethostbyname) { 904 struct hostent *he = gethostbyname("localhost"); 905 ASSERT_NE((void *)NULL, he); 906 EXPECT_HOSTENT_NOT_POISONED(he); 907} 908 909#endif // MSAN_TEST_DISABLE_GETHOSTBYNAME 910 911TEST(MemorySanitizer, gethostbyname2) { 912 struct hostent *he = gethostbyname2("localhost", AF_INET); 913 ASSERT_NE((void *)NULL, he); 914 EXPECT_HOSTENT_NOT_POISONED(he); 915} 916 917TEST(MemorySanitizer, gethostbyaddr) { 918 in_addr_t addr = inet_addr("127.0.0.1"); 919 EXPECT_NOT_POISONED(addr); 920 struct hostent *he = gethostbyaddr(&addr, sizeof(addr), AF_INET); 921 ASSERT_NE((void *)NULL, he); 922 EXPECT_HOSTENT_NOT_POISONED(he); 923} 924 925TEST(MemorySanitizer, gethostent_r) { 926 char buf[2000]; 927 struct hostent he; 928 struct hostent *result; 929 int err; 930 int res = gethostent_r(&he, buf, sizeof(buf), &result, &err); 931 ASSERT_EQ(0, res); 932 EXPECT_NOT_POISONED(result); 933 ASSERT_NE((void *)NULL, result); 934 EXPECT_HOSTENT_NOT_POISONED(result); 935 EXPECT_NOT_POISONED(err); 936} 937 938TEST(MemorySanitizer, gethostbyname_r) { 939 char buf[2000]; 940 struct hostent he; 941 struct hostent *result; 942 int err; 943 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err); 944 ASSERT_EQ(0, res); 945 EXPECT_NOT_POISONED(result); 946 ASSERT_NE((void *)NULL, result); 947 EXPECT_HOSTENT_NOT_POISONED(result); 948 EXPECT_NOT_POISONED(err); 949} 950 951TEST(MemorySanitizer, gethostbyname2_r) { 952 char buf[2000]; 953 struct hostent he; 954 struct hostent *result; 955 int err; 956 int res = gethostbyname2_r("localhost", AF_INET, &he, buf, sizeof(buf), 957 &result, &err); 958 ASSERT_EQ(0, res); 959 EXPECT_NOT_POISONED(result); 960 ASSERT_NE((void *)NULL, result); 961 EXPECT_HOSTENT_NOT_POISONED(result); 962 EXPECT_NOT_POISONED(err); 963} 964 965TEST(MemorySanitizer, gethostbyaddr_r) { 966 char buf[2000]; 967 struct hostent he; 968 struct hostent *result; 969 int err; 970 in_addr_t addr = inet_addr("127.0.0.1"); 971 EXPECT_NOT_POISONED(addr); 972 int res = gethostbyaddr_r(&addr, sizeof(addr), AF_INET, &he, buf, sizeof(buf), 973 &result, &err); 974 ASSERT_EQ(0, res); 975 EXPECT_NOT_POISONED(result); 976 ASSERT_NE((void *)NULL, result); 977 EXPECT_HOSTENT_NOT_POISONED(result); 978 EXPECT_NOT_POISONED(err); 979} 980 981TEST(MemorySanitizer, getsockopt) { 982 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 983 struct linger l[2]; 984 socklen_t sz = sizeof(l[0]); 985 int res = getsockopt(sock, SOL_SOCKET, SO_LINGER, &l[0], &sz); 986 ASSERT_EQ(0, res); 987 ASSERT_EQ(sizeof(l[0]), sz); 988 EXPECT_NOT_POISONED(l[0]); 989 EXPECT_POISONED(*(char *)(l + 1)); 990} 991 992TEST(MemorySanitizer, getcwd) { 993 char path[PATH_MAX + 1]; 994 char* res = getcwd(path, sizeof(path)); 995 assert(res); 996 EXPECT_NOT_POISONED(path[0]); 997} 998 999TEST(MemorySanitizer, getcwd_gnu) { 1000 char* res = getcwd(NULL, 0); 1001 assert(res); 1002 EXPECT_NOT_POISONED(res[0]); 1003 free(res); 1004} 1005 1006TEST(MemorySanitizer, get_current_dir_name) { 1007 char* res = get_current_dir_name(); 1008 assert(res); 1009 EXPECT_NOT_POISONED(res[0]); 1010 free(res); 1011} 1012 1013TEST(MemorySanitizer, confstr) { 1014 char buf[3]; 1015 size_t res = confstr(_CS_PATH, buf, sizeof(buf)); 1016 ASSERT_GT(res, sizeof(buf)); 1017 EXPECT_NOT_POISONED(buf[0]); 1018 EXPECT_NOT_POISONED(buf[sizeof(buf) - 1]); 1019 1020 char buf2[1000]; 1021 res = confstr(_CS_PATH, buf2, sizeof(buf2)); 1022 ASSERT_LT(res, sizeof(buf2)); 1023 EXPECT_NOT_POISONED(buf2[0]); 1024 EXPECT_NOT_POISONED(buf2[res - 1]); 1025 EXPECT_POISONED(buf2[res]); 1026 ASSERT_EQ(res, strlen(buf2) + 1); 1027} 1028 1029TEST(MemorySanitizer, readdir) { 1030 DIR *dir = opendir("."); 1031 struct dirent *d = readdir(dir); 1032 assert(d); 1033 EXPECT_NOT_POISONED(d->d_name[0]); 1034 closedir(dir); 1035} 1036 1037TEST(MemorySanitizer, readdir_r) { 1038 DIR *dir = opendir("."); 1039 struct dirent d; 1040 struct dirent *pd; 1041 int res = readdir_r(dir, &d, &pd); 1042 assert(!res); 1043 EXPECT_NOT_POISONED(pd); 1044 EXPECT_NOT_POISONED(d.d_name[0]); 1045 closedir(dir); 1046} 1047 1048TEST(MemorySanitizer, realpath) { 1049 const char* relpath = "."; 1050 char path[PATH_MAX + 1]; 1051 char* res = realpath(relpath, path); 1052 assert(res); 1053 EXPECT_NOT_POISONED(path[0]); 1054} 1055 1056TEST(MemorySanitizer, realpath_null) { 1057 const char* relpath = "."; 1058 char* res = realpath(relpath, NULL); 1059 printf("%d, %s\n", errno, strerror(errno)); 1060 assert(res); 1061 EXPECT_NOT_POISONED(res[0]); 1062 free(res); 1063} 1064 1065TEST(MemorySanitizer, canonicalize_file_name) { 1066 const char* relpath = "."; 1067 char* res = canonicalize_file_name(relpath); 1068 assert(res); 1069 EXPECT_NOT_POISONED(res[0]); 1070 free(res); 1071} 1072 1073extern char **environ; 1074 1075TEST(MemorySanitizer, setenv) { 1076 setenv("AAA", "BBB", 1); 1077 for (char **envp = environ; *envp; ++envp) { 1078 EXPECT_NOT_POISONED(*envp); 1079 EXPECT_NOT_POISONED(*envp[0]); 1080 } 1081} 1082 1083TEST(MemorySanitizer, putenv) { 1084 char s[] = "AAA=BBB"; 1085 putenv(s); 1086 for (char **envp = environ; *envp; ++envp) { 1087 EXPECT_NOT_POISONED(*envp); 1088 EXPECT_NOT_POISONED(*envp[0]); 1089 } 1090} 1091 1092TEST(MemorySanitizer, memcpy) { 1093 char* x = new char[2]; 1094 char* y = new char[2]; 1095 x[0] = 1; 1096 x[1] = *GetPoisoned<char>(); 1097 memcpy(y, x, 2); 1098 EXPECT_NOT_POISONED(y[0]); 1099 EXPECT_POISONED(y[1]); 1100} 1101 1102TEST(MemorySanitizer, memmove) { 1103 char* x = new char[2]; 1104 char* y = new char[2]; 1105 x[0] = 1; 1106 x[1] = *GetPoisoned<char>(); 1107 memmove(y, x, 2); 1108 EXPECT_NOT_POISONED(y[0]); 1109 EXPECT_POISONED(y[1]); 1110} 1111 1112TEST(MemorySanitizer, bcopy) { 1113 char* x = new char[2]; 1114 char* y = new char[2]; 1115 x[0] = 1; 1116 x[1] = *GetPoisoned<char>(); 1117 bcopy(x, y, 2); 1118 EXPECT_NOT_POISONED(y[0]); 1119 EXPECT_POISONED(y[1]); 1120} 1121 1122TEST(MemorySanitizer, strdup) { 1123 char buf[4] = "abc"; 1124 __msan_poison(buf + 2, sizeof(*buf)); 1125 char *x = strdup(buf); 1126 EXPECT_NOT_POISONED(x[0]); 1127 EXPECT_NOT_POISONED(x[1]); 1128 EXPECT_POISONED(x[2]); 1129 EXPECT_NOT_POISONED(x[3]); 1130 free(x); 1131} 1132 1133TEST(MemorySanitizer, strndup) { 1134 char buf[4] = "abc"; 1135 __msan_poison(buf + 2, sizeof(*buf)); 1136 char *x = strndup(buf, 3); 1137 EXPECT_NOT_POISONED(x[0]); 1138 EXPECT_NOT_POISONED(x[1]); 1139 EXPECT_POISONED(x[2]); 1140 EXPECT_NOT_POISONED(x[3]); 1141 free(x); 1142} 1143 1144TEST(MemorySanitizer, strndup_short) { 1145 char buf[4] = "abc"; 1146 __msan_poison(buf + 1, sizeof(*buf)); 1147 __msan_poison(buf + 2, sizeof(*buf)); 1148 char *x = strndup(buf, 2); 1149 EXPECT_NOT_POISONED(x[0]); 1150 EXPECT_POISONED(x[1]); 1151 EXPECT_NOT_POISONED(x[2]); 1152 free(x); 1153} 1154 1155 1156template<class T, int size> 1157void TestOverlapMemmove() { 1158 T *x = new T[size]; 1159 assert(size >= 3); 1160 x[2] = 0; 1161 memmove(x, x + 1, (size - 1) * sizeof(T)); 1162 EXPECT_NOT_POISONED(x[1]); 1163 if (!__msan_has_dynamic_component()) { 1164 // FIXME: under DR we will lose this information 1165 // because accesses in memmove will unpoisin the shadow. 1166 // We need to use our own memove implementation instead of libc's. 1167 EXPECT_POISONED(x[0]); 1168 EXPECT_POISONED(x[2]); 1169 } 1170 delete [] x; 1171} 1172 1173TEST(MemorySanitizer, overlap_memmove) { 1174 TestOverlapMemmove<U1, 10>(); 1175 TestOverlapMemmove<U1, 1000>(); 1176 TestOverlapMemmove<U8, 4>(); 1177 TestOverlapMemmove<U8, 1000>(); 1178} 1179 1180TEST(MemorySanitizer, strcpy) { // NOLINT 1181 char* x = new char[3]; 1182 char* y = new char[3]; 1183 x[0] = 'a'; 1184 x[1] = *GetPoisoned<char>(1, 1); 1185 x[2] = 0; 1186 strcpy(y, x); // NOLINT 1187 EXPECT_NOT_POISONED(y[0]); 1188 EXPECT_POISONED(y[1]); 1189 EXPECT_NOT_POISONED(y[2]); 1190} 1191 1192TEST(MemorySanitizer, strncpy) { // NOLINT 1193 char* x = new char[3]; 1194 char* y = new char[3]; 1195 x[0] = 'a'; 1196 x[1] = *GetPoisoned<char>(1, 1); 1197 x[2] = 0; 1198 strncpy(y, x, 2); // NOLINT 1199 EXPECT_NOT_POISONED(y[0]); 1200 EXPECT_POISONED(y[1]); 1201 EXPECT_POISONED(y[2]); 1202} 1203 1204TEST(MemorySanitizer, stpcpy) { // NOLINT 1205 char* x = new char[3]; 1206 char* y = new char[3]; 1207 x[0] = 'a'; 1208 x[1] = *GetPoisoned<char>(1, 1); 1209 x[2] = 0; 1210 char *res = stpcpy(y, x); // NOLINT 1211 ASSERT_EQ(res, y + 2); 1212 EXPECT_NOT_POISONED(y[0]); 1213 EXPECT_POISONED(y[1]); 1214 EXPECT_NOT_POISONED(y[2]); 1215} 1216 1217TEST(MemorySanitizer, strtol) { 1218 char *e; 1219 assert(1 == strtol("1", &e, 10)); 1220 EXPECT_NOT_POISONED((S8) e); 1221} 1222 1223TEST(MemorySanitizer, strtoll) { 1224 char *e; 1225 assert(1 == strtoll("1", &e, 10)); 1226 EXPECT_NOT_POISONED((S8) e); 1227} 1228 1229TEST(MemorySanitizer, strtoul) { 1230 char *e; 1231 assert(1 == strtoul("1", &e, 10)); 1232 EXPECT_NOT_POISONED((S8) e); 1233} 1234 1235TEST(MemorySanitizer, strtoull) { 1236 char *e; 1237 assert(1 == strtoull("1", &e, 10)); 1238 EXPECT_NOT_POISONED((S8) e); 1239} 1240 1241TEST(MemorySanitizer, strtoimax) { 1242 char *e; 1243 assert(1 == strtoimax("1", &e, 10)); 1244 EXPECT_NOT_POISONED((S8) e); 1245} 1246 1247TEST(MemorySanitizer, strtoumax) { 1248 char *e; 1249 assert(1 == strtoumax("1", &e, 10)); 1250 EXPECT_NOT_POISONED((S8) e); 1251} 1252 1253TEST(MemorySanitizer, strtod) { 1254 char *e; 1255 assert(0 != strtod("1.5", &e)); 1256 EXPECT_NOT_POISONED((S8) e); 1257} 1258 1259TEST(MemorySanitizer, strtof) { 1260 char *e; 1261 assert(0 != strtof("1.5", &e)); 1262 EXPECT_NOT_POISONED((S8) e); 1263} 1264 1265TEST(MemorySanitizer, strtold) { 1266 char *e; 1267 assert(0 != strtold("1.5", &e)); 1268 EXPECT_NOT_POISONED((S8) e); 1269} 1270 1271TEST(MemorySanitizer, modf) { 1272 double x, y; 1273 x = modf(2.1, &y); 1274 EXPECT_NOT_POISONED(y); 1275} 1276 1277TEST(MemorySanitizer, modff) { 1278 float x, y; 1279 x = modff(2.1, &y); 1280 EXPECT_NOT_POISONED(y); 1281} 1282 1283TEST(MemorySanitizer, modfl) { 1284 long double x, y; 1285 x = modfl(2.1, &y); 1286 EXPECT_NOT_POISONED(y); 1287} 1288 1289TEST(MemorySanitizer, sprintf) { // NOLINT 1290 char buff[10]; 1291 break_optimization(buff); 1292 EXPECT_POISONED(buff[0]); 1293 int res = sprintf(buff, "%d", 1234567); // NOLINT 1294 assert(res == 7); 1295 assert(buff[0] == '1'); 1296 assert(buff[1] == '2'); 1297 assert(buff[2] == '3'); 1298 assert(buff[6] == '7'); 1299 assert(buff[7] == 0); 1300 EXPECT_POISONED(buff[8]); 1301} 1302 1303TEST(MemorySanitizer, snprintf) { 1304 char buff[10]; 1305 break_optimization(buff); 1306 EXPECT_POISONED(buff[0]); 1307 int res = snprintf(buff, sizeof(buff), "%d", 1234567); 1308 assert(res == 7); 1309 assert(buff[0] == '1'); 1310 assert(buff[1] == '2'); 1311 assert(buff[2] == '3'); 1312 assert(buff[6] == '7'); 1313 assert(buff[7] == 0); 1314 EXPECT_POISONED(buff[8]); 1315} 1316 1317TEST(MemorySanitizer, swprintf) { 1318 wchar_t buff[10]; 1319 assert(sizeof(wchar_t) == 4); 1320 break_optimization(buff); 1321 EXPECT_POISONED(buff[0]); 1322 int res = swprintf(buff, 9, L"%d", 1234567); 1323 assert(res == 7); 1324 assert(buff[0] == '1'); 1325 assert(buff[1] == '2'); 1326 assert(buff[2] == '3'); 1327 assert(buff[6] == '7'); 1328 assert(buff[7] == 0); 1329 EXPECT_POISONED(buff[8]); 1330} 1331 1332TEST(MemorySanitizer, asprintf) { // NOLINT 1333 char *pbuf; 1334 EXPECT_POISONED(pbuf); 1335 int res = asprintf(&pbuf, "%d", 1234567); // NOLINT 1336 assert(res == 7); 1337 EXPECT_NOT_POISONED(pbuf); 1338 assert(pbuf[0] == '1'); 1339 assert(pbuf[1] == '2'); 1340 assert(pbuf[2] == '3'); 1341 assert(pbuf[6] == '7'); 1342 assert(pbuf[7] == 0); 1343 free(pbuf); 1344} 1345 1346TEST(MemorySanitizer, mbstowcs) { 1347 const char *x = "abc"; 1348 wchar_t buff[10]; 1349 int res = mbstowcs(buff, x, 2); 1350 EXPECT_EQ(2, res); 1351 EXPECT_EQ(L'a', buff[0]); 1352 EXPECT_EQ(L'b', buff[1]); 1353 EXPECT_POISONED(buff[2]); 1354 res = mbstowcs(buff, x, 10); 1355 EXPECT_EQ(3, res); 1356 EXPECT_NOT_POISONED(buff[3]); 1357} 1358 1359TEST(MemorySanitizer, wcstombs) { 1360 const wchar_t *x = L"abc"; 1361 char buff[10]; 1362 int res = wcstombs(buff, x, 4); 1363 EXPECT_EQ(res, 3); 1364 EXPECT_EQ(buff[0], 'a'); 1365 EXPECT_EQ(buff[1], 'b'); 1366 EXPECT_EQ(buff[2], 'c'); 1367} 1368 1369TEST(MemorySanitizer, wcsrtombs) { 1370 const wchar_t *x = L"abc"; 1371 const wchar_t *p = x; 1372 char buff[10]; 1373 mbstate_t mbs; 1374 memset(&mbs, 0, sizeof(mbs)); 1375 int res = wcsrtombs(buff, &p, 4, &mbs); 1376 EXPECT_EQ(res, 3); 1377 EXPECT_EQ(buff[0], 'a'); 1378 EXPECT_EQ(buff[1], 'b'); 1379 EXPECT_EQ(buff[2], 'c'); 1380 EXPECT_EQ(buff[3], '\0'); 1381 EXPECT_POISONED(buff[4]); 1382} 1383 1384TEST(MemorySanitizer, wcsnrtombs) { 1385 const wchar_t *x = L"abc"; 1386 const wchar_t *p = x; 1387 char buff[10]; 1388 mbstate_t mbs; 1389 memset(&mbs, 0, sizeof(mbs)); 1390 int res = wcsnrtombs(buff, &p, 2, 4, &mbs); 1391 EXPECT_EQ(res, 2); 1392 EXPECT_EQ(buff[0], 'a'); 1393 EXPECT_EQ(buff[1], 'b'); 1394 EXPECT_POISONED(buff[2]); 1395} 1396 1397TEST(MemorySanitizer, mbtowc) { 1398 const char *x = "abc"; 1399 wchar_t wx; 1400 int res = mbtowc(&wx, x, 3); 1401 EXPECT_GT(res, 0); 1402 EXPECT_NOT_POISONED(wx); 1403} 1404 1405TEST(MemorySanitizer, mbrtowc) { 1406 const char *x = "abc"; 1407 wchar_t wx; 1408 mbstate_t mbs; 1409 memset(&mbs, 0, sizeof(mbs)); 1410 int res = mbrtowc(&wx, x, 3, &mbs); 1411 EXPECT_GT(res, 0); 1412 EXPECT_NOT_POISONED(wx); 1413} 1414 1415TEST(MemorySanitizer, gettimeofday) { 1416 struct timeval tv; 1417 struct timezone tz; 1418 break_optimization(&tv); 1419 break_optimization(&tz); 1420 assert(sizeof(tv) == 16); 1421 assert(sizeof(tz) == 8); 1422 EXPECT_POISONED(tv.tv_sec); 1423 EXPECT_POISONED(tv.tv_usec); 1424 EXPECT_POISONED(tz.tz_minuteswest); 1425 EXPECT_POISONED(tz.tz_dsttime); 1426 assert(0 == gettimeofday(&tv, &tz)); 1427 EXPECT_NOT_POISONED(tv.tv_sec); 1428 EXPECT_NOT_POISONED(tv.tv_usec); 1429 EXPECT_NOT_POISONED(tz.tz_minuteswest); 1430 EXPECT_NOT_POISONED(tz.tz_dsttime); 1431} 1432 1433TEST(MemorySanitizer, clock_gettime) { 1434 struct timespec tp; 1435 EXPECT_POISONED(tp.tv_sec); 1436 EXPECT_POISONED(tp.tv_nsec); 1437 assert(0 == clock_gettime(CLOCK_REALTIME, &tp)); 1438 EXPECT_NOT_POISONED(tp.tv_sec); 1439 EXPECT_NOT_POISONED(tp.tv_nsec); 1440} 1441 1442TEST(MemorySanitizer, clock_getres) { 1443 struct timespec tp; 1444 EXPECT_POISONED(tp.tv_sec); 1445 EXPECT_POISONED(tp.tv_nsec); 1446 assert(0 == clock_getres(CLOCK_REALTIME, 0)); 1447 EXPECT_POISONED(tp.tv_sec); 1448 EXPECT_POISONED(tp.tv_nsec); 1449 assert(0 == clock_getres(CLOCK_REALTIME, &tp)); 1450 EXPECT_NOT_POISONED(tp.tv_sec); 1451 EXPECT_NOT_POISONED(tp.tv_nsec); 1452} 1453 1454TEST(MemorySanitizer, getitimer) { 1455 struct itimerval it1, it2; 1456 int res; 1457 EXPECT_POISONED(it1.it_interval.tv_sec); 1458 EXPECT_POISONED(it1.it_interval.tv_usec); 1459 EXPECT_POISONED(it1.it_value.tv_sec); 1460 EXPECT_POISONED(it1.it_value.tv_usec); 1461 res = getitimer(ITIMER_VIRTUAL, &it1); 1462 assert(!res); 1463 EXPECT_NOT_POISONED(it1.it_interval.tv_sec); 1464 EXPECT_NOT_POISONED(it1.it_interval.tv_usec); 1465 EXPECT_NOT_POISONED(it1.it_value.tv_sec); 1466 EXPECT_NOT_POISONED(it1.it_value.tv_usec); 1467 1468 it1.it_interval.tv_sec = it1.it_value.tv_sec = 10000; 1469 it1.it_interval.tv_usec = it1.it_value.tv_usec = 0; 1470 1471 res = setitimer(ITIMER_VIRTUAL, &it1, &it2); 1472 assert(!res); 1473 EXPECT_NOT_POISONED(it2.it_interval.tv_sec); 1474 EXPECT_NOT_POISONED(it2.it_interval.tv_usec); 1475 EXPECT_NOT_POISONED(it2.it_value.tv_sec); 1476 EXPECT_NOT_POISONED(it2.it_value.tv_usec); 1477 1478 // Check that old_value can be 0, and disable the timer. 1479 memset(&it1, 0, sizeof(it1)); 1480 res = setitimer(ITIMER_VIRTUAL, &it1, 0); 1481 assert(!res); 1482} 1483 1484TEST(MemorySanitizer, setitimer_null) { 1485 setitimer(ITIMER_VIRTUAL, 0, 0); 1486 // Not testing the return value, since it the behaviour seems to differ 1487 // between libc implementations and POSIX. 1488 // Should never crash, though. 1489} 1490 1491TEST(MemorySanitizer, time) { 1492 time_t t; 1493 EXPECT_POISONED(t); 1494 time_t t2 = time(&t); 1495 assert(t2 != (time_t)-1); 1496 EXPECT_NOT_POISONED(t); 1497} 1498 1499TEST(MemorySanitizer, localtime) { 1500 time_t t = 123; 1501 struct tm *time = localtime(&t); 1502 assert(time != 0); 1503 EXPECT_NOT_POISONED(time->tm_sec); 1504 EXPECT_NOT_POISONED(time->tm_hour); 1505 EXPECT_NOT_POISONED(time->tm_year); 1506 EXPECT_NOT_POISONED(time->tm_isdst); 1507} 1508 1509TEST(MemorySanitizer, localtime_r) { 1510 time_t t = 123; 1511 struct tm time; 1512 struct tm *res = localtime_r(&t, &time); 1513 assert(res != 0); 1514 EXPECT_NOT_POISONED(time.tm_sec); 1515 EXPECT_NOT_POISONED(time.tm_hour); 1516 EXPECT_NOT_POISONED(time.tm_year); 1517 EXPECT_NOT_POISONED(time.tm_isdst); 1518} 1519 1520TEST(MemorySanitizer, mmap) { 1521 const int size = 4096; 1522 void *p1, *p2; 1523 p1 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 1524 __msan_poison(p1, size); 1525 munmap(p1, size); 1526 for (int i = 0; i < 1000; i++) { 1527 p2 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 1528 if (p2 == p1) 1529 break; 1530 else 1531 munmap(p2, size); 1532 } 1533 if (p1 == p2) { 1534 EXPECT_NOT_POISONED(*(char*)p2); 1535 munmap(p2, size); 1536 } 1537} 1538 1539// FIXME: enable and add ecvt. 1540// FIXME: check why msandr does nt handle fcvt. 1541TEST(MemorySanitizer, fcvt) { 1542 int a, b; 1543 break_optimization(&a); 1544 break_optimization(&b); 1545 EXPECT_POISONED(a); 1546 EXPECT_POISONED(b); 1547 char *str = fcvt(12345.6789, 10, &a, &b); 1548 EXPECT_NOT_POISONED(a); 1549 EXPECT_NOT_POISONED(b); 1550} 1551 1552TEST(MemorySanitizer, frexp) { 1553 int x; 1554 x = *GetPoisoned<int>(); 1555 double r = frexp(1.1, &x); 1556 EXPECT_NOT_POISONED(r); 1557 EXPECT_NOT_POISONED(x); 1558 1559 x = *GetPoisoned<int>(); 1560 float rf = frexpf(1.1, &x); 1561 EXPECT_NOT_POISONED(rf); 1562 EXPECT_NOT_POISONED(x); 1563 1564 x = *GetPoisoned<int>(); 1565 double rl = frexpl(1.1, &x); 1566 EXPECT_NOT_POISONED(rl); 1567 EXPECT_NOT_POISONED(x); 1568} 1569 1570namespace { 1571 1572static int cnt; 1573 1574void SigactionHandler(int signo, siginfo_t* si, void* uc) { 1575 assert(signo == SIGPROF); 1576 assert(si); 1577 EXPECT_NOT_POISONED(si->si_errno); 1578 EXPECT_NOT_POISONED(si->si_pid); 1579#if __linux__ 1580# if defined(__x86_64__) 1581 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_RIP]); 1582# elif defined(__i386__) 1583 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_EIP]); 1584# endif 1585#endif 1586 ++cnt; 1587} 1588 1589TEST(MemorySanitizer, sigaction) { 1590 struct sigaction act = {}; 1591 struct sigaction oldact = {}; 1592 struct sigaction origact = {}; 1593 1594 sigaction(SIGPROF, 0, &origact); 1595 1596 act.sa_flags |= SA_SIGINFO; 1597 act.sa_sigaction = &SigactionHandler; 1598 sigaction(SIGPROF, &act, 0); 1599 1600 kill(getpid(), SIGPROF); 1601 1602 act.sa_flags &= ~SA_SIGINFO; 1603 act.sa_handler = SIG_DFL; 1604 sigaction(SIGPROF, &act, 0); 1605 1606 act.sa_flags &= ~SA_SIGINFO; 1607 act.sa_handler = SIG_IGN; 1608 sigaction(SIGPROF, &act, &oldact); 1609 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 1610 EXPECT_EQ(SIG_DFL, oldact.sa_handler); 1611 kill(getpid(), SIGPROF); 1612 1613 act.sa_flags |= SA_SIGINFO; 1614 act.sa_sigaction = &SigactionHandler; 1615 sigaction(SIGPROF, &act, &oldact); 1616 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 1617 EXPECT_EQ(SIG_IGN, oldact.sa_handler); 1618 kill(getpid(), SIGPROF); 1619 1620 act.sa_flags &= ~SA_SIGINFO; 1621 act.sa_handler = SIG_DFL; 1622 sigaction(SIGPROF, &act, &oldact); 1623 EXPECT_TRUE(oldact.sa_flags & SA_SIGINFO); 1624 EXPECT_EQ(&SigactionHandler, oldact.sa_sigaction); 1625 EXPECT_EQ(2, cnt); 1626 1627 sigaction(SIGPROF, &origact, 0); 1628} 1629 1630} // namespace 1631 1632struct StructWithDtor { 1633 ~StructWithDtor(); 1634}; 1635 1636NOINLINE StructWithDtor::~StructWithDtor() { 1637 break_optimization(0); 1638} 1639 1640TEST(MemorySanitizer, Invoke) { 1641 StructWithDtor s; // Will cause the calls to become invokes. 1642 EXPECT_NOT_POISONED(0); 1643 EXPECT_POISONED(*GetPoisoned<int>()); 1644 EXPECT_NOT_POISONED(0); 1645 EXPECT_POISONED(*GetPoisoned<int>()); 1646 EXPECT_POISONED(ReturnPoisoned<S4>()); 1647} 1648 1649TEST(MemorySanitizer, ptrtoint) { 1650 // Test that shadow is propagated through pointer-to-integer conversion. 1651 void* p = (void*)0xABCD; 1652 __msan_poison(((char*)&p) + 1, sizeof(p)); 1653 EXPECT_NOT_POISONED((((uintptr_t)p) & 0xFF) == 0); 1654 1655 void* q = (void*)0xABCD; 1656 __msan_poison(&q, sizeof(q) - 1); 1657 EXPECT_POISONED((((uintptr_t)q) & 0xFF) == 0); 1658} 1659 1660static void vaargsfn2(int guard, ...) { 1661 va_list vl; 1662 va_start(vl, guard); 1663 EXPECT_NOT_POISONED(va_arg(vl, int)); 1664 EXPECT_NOT_POISONED(va_arg(vl, int)); 1665 EXPECT_NOT_POISONED(va_arg(vl, int)); 1666 EXPECT_POISONED(va_arg(vl, double)); 1667 va_end(vl); 1668} 1669 1670static void vaargsfn(int guard, ...) { 1671 va_list vl; 1672 va_start(vl, guard); 1673 EXPECT_NOT_POISONED(va_arg(vl, int)); 1674 EXPECT_POISONED(va_arg(vl, int)); 1675 // The following call will overwrite __msan_param_tls. 1676 // Checks after it test that arg shadow was somehow saved across the call. 1677 vaargsfn2(1, 2, 3, 4, *GetPoisoned<double>()); 1678 EXPECT_NOT_POISONED(va_arg(vl, int)); 1679 EXPECT_POISONED(va_arg(vl, int)); 1680 va_end(vl); 1681} 1682 1683TEST(MemorySanitizer, VAArgTest) { 1684 int* x = GetPoisoned<int>(); 1685 int* y = GetPoisoned<int>(4); 1686 vaargsfn(1, 13, *x, 42, *y); 1687} 1688 1689static void vaargsfn_many(int guard, ...) { 1690 va_list vl; 1691 va_start(vl, guard); 1692 EXPECT_NOT_POISONED(va_arg(vl, int)); 1693 EXPECT_POISONED(va_arg(vl, int)); 1694 EXPECT_NOT_POISONED(va_arg(vl, int)); 1695 EXPECT_NOT_POISONED(va_arg(vl, int)); 1696 EXPECT_NOT_POISONED(va_arg(vl, int)); 1697 EXPECT_NOT_POISONED(va_arg(vl, int)); 1698 EXPECT_NOT_POISONED(va_arg(vl, int)); 1699 EXPECT_NOT_POISONED(va_arg(vl, int)); 1700 EXPECT_NOT_POISONED(va_arg(vl, int)); 1701 EXPECT_POISONED(va_arg(vl, int)); 1702 va_end(vl); 1703} 1704 1705TEST(MemorySanitizer, VAArgManyTest) { 1706 int* x = GetPoisoned<int>(); 1707 int* y = GetPoisoned<int>(4); 1708 vaargsfn_many(1, 2, *x, 3, 4, 5, 6, 7, 8, 9, *y); 1709} 1710 1711static void vaargsfn_pass2(va_list vl) { 1712 EXPECT_NOT_POISONED(va_arg(vl, int)); 1713 EXPECT_NOT_POISONED(va_arg(vl, int)); 1714 EXPECT_POISONED(va_arg(vl, int)); 1715} 1716 1717static void vaargsfn_pass(int guard, ...) { 1718 va_list vl; 1719 va_start(vl, guard); 1720 EXPECT_POISONED(va_arg(vl, int)); 1721 vaargsfn_pass2(vl); 1722 va_end(vl); 1723} 1724 1725TEST(MemorySanitizer, VAArgPass) { 1726 int* x = GetPoisoned<int>(); 1727 int* y = GetPoisoned<int>(4); 1728 vaargsfn_pass(1, *x, 2, 3, *y); 1729} 1730 1731static void vaargsfn_copy2(va_list vl) { 1732 EXPECT_NOT_POISONED(va_arg(vl, int)); 1733 EXPECT_POISONED(va_arg(vl, int)); 1734} 1735 1736static void vaargsfn_copy(int guard, ...) { 1737 va_list vl; 1738 va_start(vl, guard); 1739 EXPECT_NOT_POISONED(va_arg(vl, int)); 1740 EXPECT_POISONED(va_arg(vl, int)); 1741 va_list vl2; 1742 va_copy(vl2, vl); 1743 vaargsfn_copy2(vl2); 1744 EXPECT_NOT_POISONED(va_arg(vl, int)); 1745 EXPECT_POISONED(va_arg(vl, int)); 1746 va_end(vl); 1747} 1748 1749TEST(MemorySanitizer, VAArgCopy) { 1750 int* x = GetPoisoned<int>(); 1751 int* y = GetPoisoned<int>(4); 1752 vaargsfn_copy(1, 2, *x, 3, *y); 1753} 1754 1755static void vaargsfn_ptr(int guard, ...) { 1756 va_list vl; 1757 va_start(vl, guard); 1758 EXPECT_NOT_POISONED(va_arg(vl, int*)); 1759 EXPECT_POISONED(va_arg(vl, int*)); 1760 EXPECT_NOT_POISONED(va_arg(vl, int*)); 1761 EXPECT_POISONED(va_arg(vl, double*)); 1762 va_end(vl); 1763} 1764 1765TEST(MemorySanitizer, VAArgPtr) { 1766 int** x = GetPoisoned<int*>(); 1767 double** y = GetPoisoned<double*>(8); 1768 int z; 1769 vaargsfn_ptr(1, &z, *x, &z, *y); 1770} 1771 1772static void vaargsfn_overflow(int guard, ...) { 1773 va_list vl; 1774 va_start(vl, guard); 1775 EXPECT_NOT_POISONED(va_arg(vl, int)); 1776 EXPECT_NOT_POISONED(va_arg(vl, int)); 1777 EXPECT_POISONED(va_arg(vl, int)); 1778 EXPECT_NOT_POISONED(va_arg(vl, int)); 1779 EXPECT_NOT_POISONED(va_arg(vl, int)); 1780 EXPECT_NOT_POISONED(va_arg(vl, int)); 1781 1782 EXPECT_NOT_POISONED(va_arg(vl, double)); 1783 EXPECT_NOT_POISONED(va_arg(vl, double)); 1784 EXPECT_NOT_POISONED(va_arg(vl, double)); 1785 EXPECT_POISONED(va_arg(vl, double)); 1786 EXPECT_NOT_POISONED(va_arg(vl, double)); 1787 EXPECT_POISONED(va_arg(vl, int*)); 1788 EXPECT_NOT_POISONED(va_arg(vl, double)); 1789 EXPECT_NOT_POISONED(va_arg(vl, double)); 1790 1791 EXPECT_POISONED(va_arg(vl, int)); 1792 EXPECT_POISONED(va_arg(vl, double)); 1793 EXPECT_POISONED(va_arg(vl, int*)); 1794 1795 EXPECT_NOT_POISONED(va_arg(vl, int)); 1796 EXPECT_NOT_POISONED(va_arg(vl, double)); 1797 EXPECT_NOT_POISONED(va_arg(vl, int*)); 1798 1799 EXPECT_POISONED(va_arg(vl, int)); 1800 EXPECT_POISONED(va_arg(vl, double)); 1801 EXPECT_POISONED(va_arg(vl, int*)); 1802 1803 va_end(vl); 1804} 1805 1806TEST(MemorySanitizer, VAArgOverflow) { 1807 int* x = GetPoisoned<int>(); 1808 double* y = GetPoisoned<double>(8); 1809 int** p = GetPoisoned<int*>(16); 1810 int z; 1811 vaargsfn_overflow(1, 1812 1, 2, *x, 4, 5, 6, 1813 1.1, 2.2, 3.3, *y, 5.5, *p, 7.7, 8.8, 1814 // the following args will overflow for sure 1815 *x, *y, *p, 1816 7, 9.9, &z, 1817 *x, *y, *p); 1818} 1819 1820static void vaargsfn_tlsoverwrite2(int guard, ...) { 1821 va_list vl; 1822 va_start(vl, guard); 1823 for (int i = 0; i < 20; ++i) 1824 EXPECT_NOT_POISONED(va_arg(vl, int)); 1825 va_end(vl); 1826} 1827 1828static void vaargsfn_tlsoverwrite(int guard, ...) { 1829 // This call will overwrite TLS contents unless it's backed up somewhere. 1830 vaargsfn_tlsoverwrite2(2, 1831 42, 42, 42, 42, 42, 1832 42, 42, 42, 42, 42, 1833 42, 42, 42, 42, 42, 1834 42, 42, 42, 42, 42); // 20x 1835 va_list vl; 1836 va_start(vl, guard); 1837 for (int i = 0; i < 20; ++i) 1838 EXPECT_POISONED(va_arg(vl, int)); 1839 va_end(vl); 1840} 1841 1842TEST(MemorySanitizer, VAArgTLSOverwrite) { 1843 int* x = GetPoisoned<int>(); 1844 vaargsfn_tlsoverwrite(1, 1845 *x, *x, *x, *x, *x, 1846 *x, *x, *x, *x, *x, 1847 *x, *x, *x, *x, *x, 1848 *x, *x, *x, *x, *x); // 20x 1849 1850} 1851 1852struct StructByVal { 1853 int a, b, c, d, e, f; 1854}; 1855 1856NOINLINE void StructByValTestFunc(struct StructByVal s) { 1857 EXPECT_NOT_POISONED(s.a); 1858 EXPECT_POISONED(s.b); 1859 EXPECT_NOT_POISONED(s.c); 1860 EXPECT_POISONED(s.d); 1861 EXPECT_NOT_POISONED(s.e); 1862 EXPECT_POISONED(s.f); 1863} 1864 1865NOINLINE void StructByValTestFunc1(struct StructByVal s) { 1866 StructByValTestFunc(s); 1867} 1868 1869NOINLINE void StructByValTestFunc2(int z, struct StructByVal s) { 1870 StructByValTestFunc(s); 1871} 1872 1873TEST(MemorySanitizer, StructByVal) { 1874 // Large aggregates are passed as "byval" pointer argument in LLVM. 1875 struct StructByVal s; 1876 s.a = 1; 1877 s.b = *GetPoisoned<int>(); 1878 s.c = 2; 1879 s.d = *GetPoisoned<int>(); 1880 s.e = 3; 1881 s.f = *GetPoisoned<int>(); 1882 StructByValTestFunc(s); 1883 StructByValTestFunc1(s); 1884 StructByValTestFunc2(0, s); 1885} 1886 1887 1888#if MSAN_HAS_M128 1889NOINLINE __m128i m128Eq(__m128i *a, __m128i *b) { return _mm_cmpeq_epi16(*a, *b); } 1890NOINLINE __m128i m128Lt(__m128i *a, __m128i *b) { return _mm_cmplt_epi16(*a, *b); } 1891TEST(MemorySanitizer, m128) { 1892 __m128i a = _mm_set1_epi16(0x1234); 1893 __m128i b = _mm_set1_epi16(0x7890); 1894 EXPECT_NOT_POISONED(m128Eq(&a, &b)); 1895 EXPECT_NOT_POISONED(m128Lt(&a, &b)); 1896} 1897// FIXME: add more tests for __m128i. 1898#endif // MSAN_HAS_M128 1899 1900// We should not complain when copying this poisoned hole. 1901struct StructWithHole { 1902 U4 a; 1903 // 4-byte hole. 1904 U8 b; 1905}; 1906 1907NOINLINE StructWithHole ReturnStructWithHole() { 1908 StructWithHole res; 1909 __msan_poison(&res, sizeof(res)); 1910 res.a = 1; 1911 res.b = 2; 1912 return res; 1913} 1914 1915TEST(MemorySanitizer, StructWithHole) { 1916 StructWithHole a = ReturnStructWithHole(); 1917 break_optimization(&a); 1918} 1919 1920template <class T> 1921NOINLINE T ReturnStruct() { 1922 T res; 1923 __msan_poison(&res, sizeof(res)); 1924 res.a = 1; 1925 return res; 1926} 1927 1928template <class T> 1929NOINLINE void TestReturnStruct() { 1930 T s1 = ReturnStruct<T>(); 1931 EXPECT_NOT_POISONED(s1.a); 1932 EXPECT_POISONED(s1.b); 1933} 1934 1935struct SSS1 { 1936 int a, b, c; 1937}; 1938struct SSS2 { 1939 int b, a, c; 1940}; 1941struct SSS3 { 1942 int b, c, a; 1943}; 1944struct SSS4 { 1945 int c, b, a; 1946}; 1947 1948struct SSS5 { 1949 int a; 1950 float b; 1951}; 1952struct SSS6 { 1953 int a; 1954 double b; 1955}; 1956struct SSS7 { 1957 S8 b; 1958 int a; 1959}; 1960struct SSS8 { 1961 S2 b; 1962 S8 a; 1963}; 1964 1965TEST(MemorySanitizer, IntStruct3) { 1966 TestReturnStruct<SSS1>(); 1967 TestReturnStruct<SSS2>(); 1968 TestReturnStruct<SSS3>(); 1969 TestReturnStruct<SSS4>(); 1970 TestReturnStruct<SSS5>(); 1971 TestReturnStruct<SSS6>(); 1972 TestReturnStruct<SSS7>(); 1973 TestReturnStruct<SSS8>(); 1974} 1975 1976struct LongStruct { 1977 U1 a1, b1; 1978 U2 a2, b2; 1979 U4 a4, b4; 1980 U8 a8, b8; 1981}; 1982 1983NOINLINE LongStruct ReturnLongStruct1() { 1984 LongStruct res; 1985 __msan_poison(&res, sizeof(res)); 1986 res.a1 = res.a2 = res.a4 = res.a8 = 111; 1987 // leaves b1, .., b8 poisoned. 1988 return res; 1989} 1990 1991NOINLINE LongStruct ReturnLongStruct2() { 1992 LongStruct res; 1993 __msan_poison(&res, sizeof(res)); 1994 res.b1 = res.b2 = res.b4 = res.b8 = 111; 1995 // leaves a1, .., a8 poisoned. 1996 return res; 1997} 1998 1999TEST(MemorySanitizer, LongStruct) { 2000 LongStruct s1 = ReturnLongStruct1(); 2001 __msan_print_shadow(&s1, sizeof(s1)); 2002 EXPECT_NOT_POISONED(s1.a1); 2003 EXPECT_NOT_POISONED(s1.a2); 2004 EXPECT_NOT_POISONED(s1.a4); 2005 EXPECT_NOT_POISONED(s1.a8); 2006 2007 EXPECT_POISONED(s1.b1); 2008 EXPECT_POISONED(s1.b2); 2009 EXPECT_POISONED(s1.b4); 2010 EXPECT_POISONED(s1.b8); 2011 2012 LongStruct s2 = ReturnLongStruct2(); 2013 __msan_print_shadow(&s2, sizeof(s2)); 2014 EXPECT_NOT_POISONED(s2.b1); 2015 EXPECT_NOT_POISONED(s2.b2); 2016 EXPECT_NOT_POISONED(s2.b4); 2017 EXPECT_NOT_POISONED(s2.b8); 2018 2019 EXPECT_POISONED(s2.a1); 2020 EXPECT_POISONED(s2.a2); 2021 EXPECT_POISONED(s2.a4); 2022 EXPECT_POISONED(s2.a8); 2023} 2024 2025TEST(MemorySanitizer, getrlimit) { 2026 struct rlimit limit; 2027 __msan_poison(&limit, sizeof(limit)); 2028 int result = getrlimit(RLIMIT_DATA, &limit); 2029 assert(result == 0); 2030 EXPECT_NOT_POISONED(limit.rlim_cur); 2031 EXPECT_NOT_POISONED(limit.rlim_max); 2032} 2033 2034TEST(MemorySanitizer, getrusage) { 2035 struct rusage usage; 2036 __msan_poison(&usage, sizeof(usage)); 2037 int result = getrusage(RUSAGE_SELF, &usage); 2038 assert(result == 0); 2039 EXPECT_NOT_POISONED(usage.ru_utime.tv_sec); 2040 EXPECT_NOT_POISONED(usage.ru_utime.tv_usec); 2041 EXPECT_NOT_POISONED(usage.ru_stime.tv_sec); 2042 EXPECT_NOT_POISONED(usage.ru_stime.tv_usec); 2043 EXPECT_NOT_POISONED(usage.ru_maxrss); 2044 EXPECT_NOT_POISONED(usage.ru_minflt); 2045 EXPECT_NOT_POISONED(usage.ru_majflt); 2046 EXPECT_NOT_POISONED(usage.ru_inblock); 2047 EXPECT_NOT_POISONED(usage.ru_oublock); 2048 EXPECT_NOT_POISONED(usage.ru_nvcsw); 2049 EXPECT_NOT_POISONED(usage.ru_nivcsw); 2050} 2051 2052#ifdef __GLIBC__ 2053extern char *program_invocation_name; 2054#else // __GLIBC__ 2055# error "TODO: port this" 2056#endif 2057 2058static void dladdr_testfn() {} 2059 2060TEST(MemorySanitizer, dladdr) { 2061 Dl_info info; 2062 __msan_poison(&info, sizeof(info)); 2063 int result = dladdr((const void*)dladdr_testfn, &info); 2064 assert(result != 0); 2065 EXPECT_NOT_POISONED((unsigned long)info.dli_fname); 2066 if (info.dli_fname) 2067 EXPECT_NOT_POISONED(strlen(info.dli_fname)); 2068 EXPECT_NOT_POISONED((unsigned long)info.dli_fbase); 2069 EXPECT_NOT_POISONED((unsigned long)info.dli_sname); 2070 if (info.dli_sname) 2071 EXPECT_NOT_POISONED(strlen(info.dli_sname)); 2072 EXPECT_NOT_POISONED((unsigned long)info.dli_saddr); 2073} 2074 2075#ifndef MSAN_TEST_DISABLE_DLOPEN 2076 2077static int dl_phdr_callback(struct dl_phdr_info *info, size_t size, void *data) { 2078 (*(int *)data)++; 2079 EXPECT_NOT_POISONED(info->dlpi_addr); 2080 EXPECT_NOT_POISONED(strlen(info->dlpi_name)); 2081 EXPECT_NOT_POISONED(info->dlpi_phnum); 2082 for (int i = 0; i < info->dlpi_phnum; ++i) 2083 EXPECT_NOT_POISONED(info->dlpi_phdr[i]); 2084 return 0; 2085} 2086 2087// Compute the path to our loadable DSO. We assume it's in the same 2088// directory. Only use string routines that we intercept so far to do this. 2089static int PathToLoadable(char *buf, size_t sz) { 2090 const char *basename = "libmsan_loadable.x86_64.so"; 2091 char *argv0 = program_invocation_name; 2092 char *last_slash = strrchr(argv0, '/'); 2093 assert(last_slash); 2094 int res = 2095 snprintf(buf, sz, "%.*s/%s", int(last_slash - argv0), argv0, basename); 2096 return res < sz ? 0 : res; 2097} 2098 2099TEST(MemorySanitizer, dl_iterate_phdr) { 2100 char path[4096]; 2101 int res = PathToLoadable(path, sizeof(path)); 2102 assert(!res); 2103 2104 // Having at least one dlopen'ed library in the process makes this more 2105 // entertaining. 2106 void *lib = dlopen(path, RTLD_LAZY); 2107 ASSERT_NE((void*)0, lib); 2108 2109 int count = 0; 2110 int result = dl_iterate_phdr(dl_phdr_callback, &count); 2111 assert(count > 0); 2112 2113 dlclose(lib); 2114} 2115 2116 2117TEST(MemorySanitizer, dlopen) { 2118 char path[4096]; 2119 int res = PathToLoadable(path, sizeof(path)); 2120 assert(!res); 2121 2122 // We need to clear shadow for globals when doing dlopen. In order to test 2123 // this, we have to poison the shadow for the DSO before we load it. In 2124 // general this is difficult, but the loader tends to reload things in the 2125 // same place, so we open, close, and then reopen. The global should always 2126 // start out clean after dlopen. 2127 for (int i = 0; i < 2; i++) { 2128 void *lib = dlopen(path, RTLD_LAZY); 2129 if (lib == NULL) { 2130 printf("dlerror: %s\n", dlerror()); 2131 assert(lib != NULL); 2132 } 2133 void **(*get_dso_global)() = (void **(*)())dlsym(lib, "get_dso_global"); 2134 assert(get_dso_global); 2135 void **dso_global = get_dso_global(); 2136 EXPECT_NOT_POISONED(*dso_global); 2137 __msan_poison(dso_global, sizeof(*dso_global)); 2138 EXPECT_POISONED(*dso_global); 2139 dlclose(lib); 2140 } 2141} 2142 2143// Regression test for a crash in dlopen() interceptor. 2144TEST(MemorySanitizer, dlopenFailed) { 2145 const char *path = "/libmsan_loadable_does_not_exist.x86_64.so"; 2146 void *lib = dlopen(path, RTLD_LAZY); 2147 ASSERT_EQ(0, lib); 2148} 2149 2150#endif // MSAN_TEST_DISABLE_DLOPEN 2151 2152TEST(MemorySanitizer, sched_getaffinity) { 2153 cpu_set_t mask; 2154 int res = sched_getaffinity(getpid(), sizeof(mask), &mask); 2155 ASSERT_EQ(0, res); 2156 EXPECT_NOT_POISONED(mask); 2157} 2158 2159TEST(MemorySanitizer, scanf) { 2160 const char *input = "42 hello"; 2161 int* d = new int; 2162 char* s = new char[7]; 2163 int res = sscanf(input, "%d %5s", d, s); 2164 printf("res %d\n", res); 2165 assert(res == 2); 2166 EXPECT_NOT_POISONED(*d); 2167 EXPECT_NOT_POISONED(s[0]); 2168 EXPECT_NOT_POISONED(s[1]); 2169 EXPECT_NOT_POISONED(s[2]); 2170 EXPECT_NOT_POISONED(s[3]); 2171 EXPECT_NOT_POISONED(s[4]); 2172 EXPECT_NOT_POISONED(s[5]); 2173 EXPECT_POISONED(s[6]); 2174 delete s; 2175 delete d; 2176} 2177 2178static void *SimpleThread_threadfn(void* data) { 2179 return new int; 2180} 2181 2182TEST(MemorySanitizer, SimpleThread) { 2183 pthread_t t; 2184 void *p; 2185 int res = pthread_create(&t, NULL, SimpleThread_threadfn, NULL); 2186 assert(!res); 2187 EXPECT_NOT_POISONED(t); 2188 res = pthread_join(t, &p); 2189 assert(!res); 2190 EXPECT_NOT_POISONED(p); 2191 delete (int*)p; 2192} 2193 2194static void *SmallStackThread_threadfn(void* data) { 2195 return 0; 2196} 2197 2198TEST(MemorySanitizer, SmallStackThread) { 2199 pthread_attr_t attr; 2200 pthread_t t; 2201 void *p; 2202 int res; 2203 res = pthread_attr_init(&attr); 2204 ASSERT_EQ(0, res); 2205 res = pthread_attr_setstacksize(&attr, 64 * 1024); 2206 ASSERT_EQ(0, res); 2207 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 2208 ASSERT_EQ(0, res); 2209 res = pthread_join(t, &p); 2210 ASSERT_EQ(0, res); 2211 res = pthread_attr_destroy(&attr); 2212 ASSERT_EQ(0, res); 2213} 2214 2215TEST(MemorySanitizer, PreAllocatedStackThread) { 2216 pthread_attr_t attr; 2217 pthread_t t; 2218 int res; 2219 res = pthread_attr_init(&attr); 2220 ASSERT_EQ(0, res); 2221 void *stack; 2222 const size_t kStackSize = 64 * 1024; 2223 res = posix_memalign(&stack, 4096, kStackSize); 2224 ASSERT_EQ(0, res); 2225 res = pthread_attr_setstack(&attr, stack, kStackSize); 2226 ASSERT_EQ(0, res); 2227 // A small self-allocated stack can not be extended by the tool. 2228 // In this case pthread_create is expected to fail. 2229 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 2230 EXPECT_NE(0, res); 2231 res = pthread_attr_destroy(&attr); 2232 ASSERT_EQ(0, res); 2233} 2234 2235TEST(MemorySanitizer, pthread_getschedparam) { 2236 int policy; 2237 struct sched_param param; 2238 int res = pthread_getschedparam(pthread_self(), &policy, ¶m); 2239 ASSERT_EQ(0, res); 2240 EXPECT_NOT_POISONED(policy); 2241 EXPECT_NOT_POISONED(param.sched_priority); 2242} 2243 2244TEST(MemorySanitizer, pthread_key_create) { 2245 pthread_key_t key; 2246 int res = pthread_key_create(&key, NULL); 2247 assert(!res); 2248 EXPECT_NOT_POISONED(key); 2249 res = pthread_key_delete(key); 2250 assert(!res); 2251} 2252 2253TEST(MemorySanitizer, posix_memalign) { 2254 void *p; 2255 EXPECT_POISONED(p); 2256 int res = posix_memalign(&p, 4096, 13); 2257 ASSERT_EQ(0, res); 2258 EXPECT_NOT_POISONED(p); 2259 EXPECT_EQ(0U, (uintptr_t)p % 4096); 2260 free(p); 2261} 2262 2263TEST(MemorySanitizer, memalign) { 2264 void *p = memalign(4096, 13); 2265 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 2266 free(p); 2267} 2268 2269TEST(MemorySanitizer, valloc) { 2270 void *a = valloc(100); 2271 EXPECT_EQ(0U, (uintptr_t)a % kPageSize); 2272 free(a); 2273} 2274 2275TEST(MemorySanitizer, pvalloc) { 2276 void *p = pvalloc(kPageSize + 100); 2277 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 2278 EXPECT_EQ(2 * kPageSize, __msan_get_allocated_size(p)); 2279 free(p); 2280 2281 p = pvalloc(0); // pvalloc(0) should allocate at least one page. 2282 EXPECT_EQ(0U, (uintptr_t)p % kPageSize); 2283 EXPECT_EQ(kPageSize, __msan_get_allocated_size(p)); 2284 free(p); 2285} 2286 2287TEST(MemorySanitizer, inet_pton) { 2288 const char *s = "1:0:0:0:0:0:0:8"; 2289 unsigned char buf[sizeof(struct in6_addr)]; 2290 int res = inet_pton(AF_INET6, s, buf); 2291 ASSERT_EQ(1, res); 2292 EXPECT_NOT_POISONED(buf[0]); 2293 EXPECT_NOT_POISONED(buf[sizeof(struct in6_addr) - 1]); 2294 2295 char s_out[INET6_ADDRSTRLEN]; 2296 EXPECT_POISONED(s_out[3]); 2297 const char *q = inet_ntop(AF_INET6, buf, s_out, INET6_ADDRSTRLEN); 2298 ASSERT_NE((void*)0, q); 2299 EXPECT_NOT_POISONED(s_out[3]); 2300} 2301 2302TEST(MemorySanitizer, inet_aton) { 2303 const char *s = "127.0.0.1"; 2304 struct in_addr in[2]; 2305 int res = inet_aton(s, in); 2306 ASSERT_NE(0, res); 2307 EXPECT_NOT_POISONED(in[0]); 2308 EXPECT_POISONED(*(char *)(in + 1)); 2309} 2310 2311TEST(MemorySanitizer, uname) { 2312 struct utsname u; 2313 int res = uname(&u); 2314 assert(!res); 2315 EXPECT_NOT_POISONED(strlen(u.sysname)); 2316 EXPECT_NOT_POISONED(strlen(u.nodename)); 2317 EXPECT_NOT_POISONED(strlen(u.release)); 2318 EXPECT_NOT_POISONED(strlen(u.version)); 2319 EXPECT_NOT_POISONED(strlen(u.machine)); 2320} 2321 2322TEST(MemorySanitizer, gethostname) { 2323 char buf[100]; 2324 int res = gethostname(buf, 100); 2325 assert(!res); 2326 EXPECT_NOT_POISONED(strlen(buf)); 2327} 2328 2329TEST(MemorySanitizer, sysinfo) { 2330 struct sysinfo info; 2331 int res = sysinfo(&info); 2332 assert(!res); 2333 EXPECT_NOT_POISONED(info); 2334} 2335 2336TEST(MemorySanitizer, getpwuid) { 2337 struct passwd *p = getpwuid(0); // root 2338 assert(p); 2339 EXPECT_NOT_POISONED(p->pw_name); 2340 assert(p->pw_name); 2341 EXPECT_NOT_POISONED(p->pw_name[0]); 2342 EXPECT_NOT_POISONED(p->pw_uid); 2343 assert(p->pw_uid == 0); 2344} 2345 2346TEST(MemorySanitizer, getpwnam_r) { 2347 struct passwd pwd; 2348 struct passwd *pwdres; 2349 char buf[10000]; 2350 int res = getpwnam_r("root", &pwd, buf, sizeof(buf), &pwdres); 2351 assert(!res); 2352 EXPECT_NOT_POISONED(pwd.pw_name); 2353 assert(pwd.pw_name); 2354 EXPECT_NOT_POISONED(pwd.pw_name[0]); 2355 EXPECT_NOT_POISONED(pwd.pw_uid); 2356 assert(pwd.pw_uid == 0); 2357} 2358 2359TEST(MemorySanitizer, getpwnam_r_positive) { 2360 struct passwd pwd; 2361 struct passwd *pwdres; 2362 char s[5]; 2363 strncpy(s, "abcd", 5); 2364 __msan_poison(s, 5); 2365 char buf[10000]; 2366 int res; 2367 EXPECT_UMR(res = getpwnam_r(s, &pwd, buf, sizeof(buf), &pwdres)); 2368} 2369 2370TEST(MemorySanitizer, getgrnam_r) { 2371 struct group grp; 2372 struct group *grpres; 2373 char buf[10000]; 2374 int res = getgrnam_r("root", &grp, buf, sizeof(buf), &grpres); 2375 assert(!res); 2376 EXPECT_NOT_POISONED(grp.gr_name); 2377 assert(grp.gr_name); 2378 EXPECT_NOT_POISONED(grp.gr_name[0]); 2379 EXPECT_NOT_POISONED(grp.gr_gid); 2380} 2381 2382TEST(MemorySanitizer, getgroups) { 2383 int n = getgroups(0, 0); 2384 gid_t *gids = new gid_t[n]; 2385 int res = getgroups(n, gids); 2386 ASSERT_EQ(n, res); 2387 for (int i = 0; i < n; ++i) 2388 EXPECT_NOT_POISONED(gids[i]); 2389} 2390 2391template<class T> 2392static bool applySlt(T value, T shadow) { 2393 __msan_partial_poison(&value, &shadow, sizeof(T)); 2394 volatile bool zzz = true; 2395 // This "|| zzz" trick somehow makes LLVM emit "icmp slt" instead of 2396 // a shift-and-trunc to get at the highest bit. 2397 volatile bool v = value < 0 || zzz; 2398 return v; 2399} 2400 2401TEST(MemorySanitizer, SignedCompareWithZero) { 2402 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xF)); 2403 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFF)); 2404 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFFFFFF)); 2405 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0x7FFFFFF)); 2406 EXPECT_UMR(applySlt<S4>(0xF, 0x80FFFFFF)); 2407 EXPECT_UMR(applySlt<S4>(0xF, 0xFFFFFFFF)); 2408} 2409 2410template <class T, class S> 2411static T poisoned(T Va, S Sa) { 2412 char SIZE_CHECK1[(ssize_t)sizeof(T) - (ssize_t)sizeof(S)]; 2413 char SIZE_CHECK2[(ssize_t)sizeof(S) - (ssize_t)sizeof(T)]; 2414 T a; 2415 a = Va; 2416 __msan_partial_poison(&a, &Sa, sizeof(T)); 2417 return a; 2418} 2419 2420TEST(MemorySanitizer, ICmpRelational) { 2421 EXPECT_NOT_POISONED(poisoned(0, 0) < poisoned(0, 0)); 2422 EXPECT_NOT_POISONED(poisoned(0U, 0) < poisoned(0U, 0)); 2423 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) < poisoned(0LL, 0LLU)); 2424 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) < poisoned(0LLU, 0LLU)); 2425 EXPECT_POISONED(poisoned(0xFF, 0xFF) < poisoned(0xFF, 0xFF)); 2426 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) < 2427 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2428 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) < 2429 poisoned(-1, 0xFFFFFFFFU)); 2430 2431 EXPECT_NOT_POISONED(poisoned(0, 0) <= poisoned(0, 0)); 2432 EXPECT_NOT_POISONED(poisoned(0U, 0) <= poisoned(0U, 0)); 2433 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) <= poisoned(0LL, 0LLU)); 2434 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) <= poisoned(0LLU, 0LLU)); 2435 EXPECT_POISONED(poisoned(0xFF, 0xFF) <= poisoned(0xFF, 0xFF)); 2436 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <= 2437 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2438 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <= 2439 poisoned(-1, 0xFFFFFFFFU)); 2440 2441 EXPECT_NOT_POISONED(poisoned(0, 0) > poisoned(0, 0)); 2442 EXPECT_NOT_POISONED(poisoned(0U, 0) > poisoned(0U, 0)); 2443 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) > poisoned(0LL, 0LLU)); 2444 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) > poisoned(0LLU, 0LLU)); 2445 EXPECT_POISONED(poisoned(0xFF, 0xFF) > poisoned(0xFF, 0xFF)); 2446 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) > 2447 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2448 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) > 2449 poisoned(-1, 0xFFFFFFFFU)); 2450 2451 EXPECT_NOT_POISONED(poisoned(0, 0) >= poisoned(0, 0)); 2452 EXPECT_NOT_POISONED(poisoned(0U, 0) >= poisoned(0U, 0)); 2453 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) >= poisoned(0LL, 0LLU)); 2454 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) >= poisoned(0LLU, 0LLU)); 2455 EXPECT_POISONED(poisoned(0xFF, 0xFF) >= poisoned(0xFF, 0xFF)); 2456 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >= 2457 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 2458 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >= 2459 poisoned(-1, 0xFFFFFFFFU)); 2460 2461 EXPECT_POISONED(poisoned(6, 0xF) > poisoned(7, 0)); 2462 EXPECT_POISONED(poisoned(0xF, 0xF) > poisoned(7, 0)); 2463 2464 EXPECT_NOT_POISONED(poisoned(-1, 0x80000000U) >= poisoned(-1, 0U)); 2465} 2466 2467#if MSAN_HAS_M128 2468TEST(MemorySanitizer, ICmpVectorRelational) { 2469 EXPECT_NOT_POISONED( 2470 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)), 2471 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)))); 2472 EXPECT_NOT_POISONED( 2473 _mm_cmplt_epi16(poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)), 2474 poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)))); 2475 EXPECT_POISONED( 2476 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)), 2477 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)))); 2478 EXPECT_POISONED(_mm_cmpgt_epi16(poisoned(_mm_set1_epi16(6), _mm_set1_epi16(0xF)), 2479 poisoned(_mm_set1_epi16(7), _mm_set1_epi16(0)))); 2480} 2481#endif 2482 2483// Volatile bitfield store is implemented as load-mask-store 2484// Test that we don't warn on the store of (uninitialized) padding. 2485struct VolatileBitfieldStruct { 2486 volatile unsigned x : 1; 2487 unsigned y : 1; 2488}; 2489 2490TEST(MemorySanitizer, VolatileBitfield) { 2491 VolatileBitfieldStruct *S = new VolatileBitfieldStruct; 2492 S->x = 1; 2493 EXPECT_NOT_POISONED((unsigned)S->x); 2494 EXPECT_POISONED((unsigned)S->y); 2495} 2496 2497TEST(MemorySanitizer, UnalignedLoad) { 2498 char x[32]; 2499 memset(x + 8, 0, 16); 2500 EXPECT_POISONED(__sanitizer_unaligned_load16(x+6)); 2501 EXPECT_POISONED(__sanitizer_unaligned_load16(x+7)); 2502 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x+8)); 2503 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x+9)); 2504 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x+22)); 2505 EXPECT_POISONED(__sanitizer_unaligned_load16(x+23)); 2506 EXPECT_POISONED(__sanitizer_unaligned_load16(x+24)); 2507 2508 EXPECT_POISONED(__sanitizer_unaligned_load32(x+4)); 2509 EXPECT_POISONED(__sanitizer_unaligned_load32(x+7)); 2510 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x+8)); 2511 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x+9)); 2512 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x+20)); 2513 EXPECT_POISONED(__sanitizer_unaligned_load32(x+21)); 2514 EXPECT_POISONED(__sanitizer_unaligned_load32(x+24)); 2515 2516 EXPECT_POISONED(__sanitizer_unaligned_load64(x)); 2517 EXPECT_POISONED(__sanitizer_unaligned_load64(x+1)); 2518 EXPECT_POISONED(__sanitizer_unaligned_load64(x+7)); 2519 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x+8)); 2520 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x+9)); 2521 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x+16)); 2522 EXPECT_POISONED(__sanitizer_unaligned_load64(x+17)); 2523 EXPECT_POISONED(__sanitizer_unaligned_load64(x+21)); 2524 EXPECT_POISONED(__sanitizer_unaligned_load64(x+24)); 2525} 2526 2527TEST(MemorySanitizer, UnalignedStore16) { 2528 char x[5]; 2529 U2 y = 0; 2530 __msan_poison(&y, 1); 2531 __sanitizer_unaligned_store16(x + 1, y); 2532 EXPECT_POISONED(x[0]); 2533 EXPECT_POISONED(x[1]); 2534 EXPECT_NOT_POISONED(x[2]); 2535 EXPECT_POISONED(x[3]); 2536 EXPECT_POISONED(x[4]); 2537} 2538 2539TEST(MemorySanitizer, UnalignedStore32) { 2540 char x[8]; 2541 U4 y4 = 0; 2542 __msan_poison(&y4, 2); 2543 __sanitizer_unaligned_store32(x+3, y4); 2544 EXPECT_POISONED(x[0]); 2545 EXPECT_POISONED(x[1]); 2546 EXPECT_POISONED(x[2]); 2547 EXPECT_POISONED(x[3]); 2548 EXPECT_POISONED(x[4]); 2549 EXPECT_NOT_POISONED(x[5]); 2550 EXPECT_NOT_POISONED(x[6]); 2551 EXPECT_POISONED(x[7]); 2552} 2553 2554TEST(MemorySanitizer, UnalignedStore64) { 2555 char x[16]; 2556 U8 y = 0; 2557 __msan_poison(&y, 3); 2558 __msan_poison(((char *)&y) + sizeof(y) - 2, 1); 2559 __sanitizer_unaligned_store64(x+3, y); 2560 EXPECT_POISONED(x[0]); 2561 EXPECT_POISONED(x[1]); 2562 EXPECT_POISONED(x[2]); 2563 EXPECT_POISONED(x[3]); 2564 EXPECT_POISONED(x[4]); 2565 EXPECT_POISONED(x[5]); 2566 EXPECT_NOT_POISONED(x[6]); 2567 EXPECT_NOT_POISONED(x[7]); 2568 EXPECT_NOT_POISONED(x[8]); 2569 EXPECT_POISONED(x[9]); 2570 EXPECT_NOT_POISONED(x[10]); 2571 EXPECT_POISONED(x[11]); 2572} 2573 2574TEST(MemorySanitizerDr, StoreInDSOTest) { 2575 if (!__msan_has_dynamic_component()) return; 2576 char* s = new char[10]; 2577 dso_memfill(s, 9); 2578 EXPECT_NOT_POISONED(s[5]); 2579 EXPECT_POISONED(s[9]); 2580} 2581 2582int return_poisoned_int() { 2583 return ReturnPoisoned<U8>(); 2584} 2585 2586TEST(MemorySanitizerDr, ReturnFromDSOTest) { 2587 if (!__msan_has_dynamic_component()) return; 2588 EXPECT_NOT_POISONED(dso_callfn(return_poisoned_int)); 2589} 2590 2591NOINLINE int TrashParamTLS(long long x, long long y, long long z) { //NOLINT 2592 EXPECT_POISONED(x); 2593 EXPECT_POISONED(y); 2594 EXPECT_POISONED(z); 2595 return 0; 2596} 2597 2598static int CheckParamTLS(long long x, long long y, long long z) { //NOLINT 2599 EXPECT_NOT_POISONED(x); 2600 EXPECT_NOT_POISONED(y); 2601 EXPECT_NOT_POISONED(z); 2602 return 0; 2603} 2604 2605TEST(MemorySanitizerDr, CallFromDSOTest) { 2606 if (!__msan_has_dynamic_component()) return; 2607 S8* x = GetPoisoned<S8>(); 2608 S8* y = GetPoisoned<S8>(); 2609 S8* z = GetPoisoned<S8>(); 2610 EXPECT_NOT_POISONED(TrashParamTLS(*x, *y, *z)); 2611 EXPECT_NOT_POISONED(dso_callfn1(CheckParamTLS)); 2612} 2613 2614static void StackStoreInDSOFn(int* x, int* y) { 2615 EXPECT_NOT_POISONED(*x); 2616 EXPECT_NOT_POISONED(*y); 2617} 2618 2619TEST(MemorySanitizerDr, StackStoreInDSOTest) { 2620 if (!__msan_has_dynamic_component()) return; 2621 dso_stack_store(StackStoreInDSOFn, 1); 2622} 2623 2624TEST(MemorySanitizerOrigins, SetGet) { 2625 EXPECT_EQ(TrackingOrigins(), __msan_get_track_origins()); 2626 if (!TrackingOrigins()) return; 2627 int x; 2628 __msan_set_origin(&x, sizeof(x), 1234); 2629 EXPECT_EQ(1234, __msan_get_origin(&x)); 2630 __msan_set_origin(&x, sizeof(x), 5678); 2631 EXPECT_EQ(5678, __msan_get_origin(&x)); 2632 __msan_set_origin(&x, sizeof(x), 0); 2633 EXPECT_EQ(0, __msan_get_origin(&x)); 2634} 2635 2636namespace { 2637struct S { 2638 U4 dummy; 2639 U2 a; 2640 U2 b; 2641}; 2642 2643// http://code.google.com/p/memory-sanitizer/issues/detail?id=6 2644TEST(MemorySanitizerOrigins, DISABLED_InitializedStoreDoesNotChangeOrigin) { 2645 if (!TrackingOrigins()) return; 2646 2647 S s; 2648 U4 origin = rand(); // NOLINT 2649 s.a = *GetPoisonedO<U2>(0, origin); 2650 EXPECT_EQ(origin, __msan_get_origin(&s.a)); 2651 EXPECT_EQ(origin, __msan_get_origin(&s.b)); 2652 2653 s.b = 42; 2654 EXPECT_EQ(origin, __msan_get_origin(&s.a)); 2655 EXPECT_EQ(origin, __msan_get_origin(&s.b)); 2656} 2657} // namespace 2658 2659template<class T, class BinaryOp> 2660INLINE 2661void BinaryOpOriginTest(BinaryOp op) { 2662 U4 ox = rand(); //NOLINT 2663 U4 oy = rand(); //NOLINT 2664 T *x = GetPoisonedO<T>(0, ox, 0); 2665 T *y = GetPoisonedO<T>(1, oy, 0); 2666 T *z = GetPoisonedO<T>(2, 0, 0); 2667 2668 *z = op(*x, *y); 2669 U4 origin = __msan_get_origin(z); 2670 EXPECT_POISONED_O(*z, origin); 2671 EXPECT_EQ(true, origin == ox || origin == oy); 2672 2673 // y is poisoned, x is not. 2674 *x = 10101; 2675 *y = *GetPoisonedO<T>(1, oy); 2676 break_optimization(x); 2677 __msan_set_origin(z, sizeof(*z), 0); 2678 *z = op(*x, *y); 2679 EXPECT_POISONED_O(*z, oy); 2680 EXPECT_EQ(__msan_get_origin(z), oy); 2681 2682 // x is poisoned, y is not. 2683 *x = *GetPoisonedO<T>(0, ox); 2684 *y = 10101010; 2685 break_optimization(y); 2686 __msan_set_origin(z, sizeof(*z), 0); 2687 *z = op(*x, *y); 2688 EXPECT_POISONED_O(*z, ox); 2689 EXPECT_EQ(__msan_get_origin(z), ox); 2690} 2691 2692template<class T> INLINE T XOR(const T &a, const T&b) { return a ^ b; } 2693template<class T> INLINE T ADD(const T &a, const T&b) { return a + b; } 2694template<class T> INLINE T SUB(const T &a, const T&b) { return a - b; } 2695template<class T> INLINE T MUL(const T &a, const T&b) { return a * b; } 2696template<class T> INLINE T AND(const T &a, const T&b) { return a & b; } 2697template<class T> INLINE T OR (const T &a, const T&b) { return a | b; } 2698 2699TEST(MemorySanitizerOrigins, BinaryOp) { 2700 if (!TrackingOrigins()) return; 2701 BinaryOpOriginTest<S8>(XOR<S8>); 2702 BinaryOpOriginTest<U8>(ADD<U8>); 2703 BinaryOpOriginTest<S4>(SUB<S4>); 2704 BinaryOpOriginTest<S4>(MUL<S4>); 2705 BinaryOpOriginTest<U4>(OR<U4>); 2706 BinaryOpOriginTest<U4>(AND<U4>); 2707 BinaryOpOriginTest<double>(ADD<U4>); 2708 BinaryOpOriginTest<float>(ADD<S4>); 2709 BinaryOpOriginTest<double>(ADD<double>); 2710 BinaryOpOriginTest<float>(ADD<double>); 2711} 2712 2713TEST(MemorySanitizerOrigins, Unary) { 2714 if (!TrackingOrigins()) return; 2715 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2716 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2717 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2718 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2719 2720 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2721 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2722 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2723 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2724 2725 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2726 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2727 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2728 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 2729 2730 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2731 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2732 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2733 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2734 2735 EXPECT_POISONED_O((void*)*GetPoisonedO<S8>(0, __LINE__), __LINE__); 2736 EXPECT_POISONED_O((U8)*GetPoisonedO<void*>(0, __LINE__), __LINE__); 2737} 2738 2739TEST(MemorySanitizerOrigins, EQ) { 2740 if (!TrackingOrigins()) return; 2741 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) <= 11, __LINE__); 2742 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) == 11, __LINE__); 2743 EXPECT_POISONED_O(*GetPoisonedO<float>(0, __LINE__) == 1.1, __LINE__); 2744} 2745 2746TEST(MemorySanitizerOrigins, DIV) { 2747 if (!TrackingOrigins()) return; 2748 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) / 100, __LINE__); 2749 unsigned o = __LINE__; 2750 EXPECT_UMR_O(volatile unsigned y = 100 / *GetPoisonedO<S4>(0, o, 1), o); 2751} 2752 2753TEST(MemorySanitizerOrigins, SHIFT) { 2754 if (!TrackingOrigins()) return; 2755 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) >> 10, __LINE__); 2756 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) >> 10, __LINE__); 2757 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) << 10, __LINE__); 2758 EXPECT_POISONED_O(10U << *GetPoisonedO<U8>(0, __LINE__), __LINE__); 2759 EXPECT_POISONED_O(-10 >> *GetPoisonedO<S8>(0, __LINE__), __LINE__); 2760 EXPECT_POISONED_O(-10 << *GetPoisonedO<S8>(0, __LINE__), __LINE__); 2761} 2762 2763template<class T, int N> 2764void MemCpyTest() { 2765 int ox = __LINE__; 2766 T *x = new T[N]; 2767 T *y = new T[N]; 2768 T *z = new T[N]; 2769 T *q = new T[N]; 2770 __msan_poison(x, N * sizeof(T)); 2771 __msan_set_origin(x, N * sizeof(T), ox); 2772 __msan_set_origin(y, N * sizeof(T), 777777); 2773 __msan_set_origin(z, N * sizeof(T), 888888); 2774 EXPECT_NOT_POISONED(x); 2775 memcpy(y, x, N * sizeof(T)); 2776 EXPECT_POISONED_O(y[0], ox); 2777 EXPECT_POISONED_O(y[N/2], ox); 2778 EXPECT_POISONED_O(y[N-1], ox); 2779 EXPECT_NOT_POISONED(x); 2780 void *res = mempcpy(q, x, N * sizeof(T)); 2781 ASSERT_EQ(q + N, res); 2782 EXPECT_POISONED_O(q[0], ox); 2783 EXPECT_POISONED_O(q[N/2], ox); 2784 EXPECT_POISONED_O(q[N-1], ox); 2785 EXPECT_NOT_POISONED(x); 2786 memmove(z, x, N * sizeof(T)); 2787 EXPECT_POISONED_O(z[0], ox); 2788 EXPECT_POISONED_O(z[N/2], ox); 2789 EXPECT_POISONED_O(z[N-1], ox); 2790} 2791 2792TEST(MemorySanitizerOrigins, LargeMemCpy) { 2793 if (!TrackingOrigins()) return; 2794 MemCpyTest<U1, 10000>(); 2795 MemCpyTest<U8, 10000>(); 2796} 2797 2798TEST(MemorySanitizerOrigins, SmallMemCpy) { 2799 if (!TrackingOrigins()) return; 2800 MemCpyTest<U8, 1>(); 2801 MemCpyTest<U8, 2>(); 2802 MemCpyTest<U8, 3>(); 2803} 2804 2805TEST(MemorySanitizerOrigins, Select) { 2806 if (!TrackingOrigins()) return; 2807 EXPECT_NOT_POISONED(g_one ? 1 : *GetPoisonedO<S4>(0, __LINE__)); 2808 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 2809 S4 x; 2810 break_optimization(&x); 2811 x = g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 0; 2812 2813 EXPECT_POISONED_O(g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 1, __LINE__); 2814 EXPECT_POISONED_O(g_0 ? 1 : *GetPoisonedO<S4>(0, __LINE__), __LINE__); 2815} 2816 2817extern "C" 2818NOINLINE char AllocaTO() { 2819 int ar[100]; 2820 break_optimization(ar); 2821 return ar[10]; 2822 // fprintf(stderr, "Descr: %s\n", 2823 // __msan_get_origin_descr_if_stack(__msan_get_origin_tls())); 2824} 2825 2826TEST(MemorySanitizerOrigins, Alloca) { 2827 if (!TrackingOrigins()) return; 2828 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 2829 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 2830 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 2831 EXPECT_POISONED_S(AllocaTO(), "ar@AllocaTO"); 2832} 2833 2834// FIXME: replace with a lit-like test. 2835TEST(MemorySanitizerOrigins, DISABLED_AllocaDeath) { 2836 if (!TrackingOrigins()) return; 2837 EXPECT_DEATH(AllocaTO(), "ORIGIN: stack allocation: ar@AllocaTO"); 2838} 2839 2840NOINLINE int RetvalOriginTest(U4 origin) { 2841 int *a = new int; 2842 break_optimization(a); 2843 __msan_set_origin(a, sizeof(*a), origin); 2844 int res = *a; 2845 delete a; 2846 return res; 2847} 2848 2849TEST(MemorySanitizerOrigins, Retval) { 2850 if (!TrackingOrigins()) return; 2851 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 2852} 2853 2854NOINLINE void ParamOriginTest(int param, U4 origin) { 2855 EXPECT_POISONED_O(param, origin); 2856} 2857 2858TEST(MemorySanitizerOrigins, Param) { 2859 if (!TrackingOrigins()) return; 2860 int *a = new int; 2861 U4 origin = __LINE__; 2862 break_optimization(a); 2863 __msan_set_origin(a, sizeof(*a), origin); 2864 ParamOriginTest(*a, origin); 2865 delete a; 2866} 2867 2868TEST(MemorySanitizerOrigins, Invoke) { 2869 if (!TrackingOrigins()) return; 2870 StructWithDtor s; // Will cause the calls to become invokes. 2871 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 2872} 2873 2874TEST(MemorySanitizerOrigins, strlen) { 2875 S8 alignment; 2876 break_optimization(&alignment); 2877 char x[4] = {'a', 'b', 0, 0}; 2878 __msan_poison(&x[2], 1); 2879 U4 origin = __LINE__; 2880 __msan_set_origin(x, sizeof(x), origin); 2881 EXPECT_UMR_O(volatile unsigned y = strlen(x), origin); 2882} 2883 2884TEST(MemorySanitizerOrigins, wcslen) { 2885 wchar_t w[3] = {'a', 'b', 0}; 2886 U4 origin = __LINE__; 2887 __msan_set_origin(w, sizeof(w), origin); 2888 __msan_poison(&w[2], sizeof(wchar_t)); 2889 EXPECT_UMR_O(volatile unsigned y = wcslen(w), origin); 2890} 2891 2892#if MSAN_HAS_M128 2893TEST(MemorySanitizerOrigins, StoreIntrinsic) { 2894 __m128 x, y; 2895 U4 origin = __LINE__; 2896 __msan_set_origin(&x, sizeof(x), origin); 2897 __msan_poison(&x, sizeof(x)); 2898 __builtin_ia32_storeups((float*)&y, x); 2899 EXPECT_POISONED_O(y, origin); 2900} 2901#endif 2902 2903NOINLINE void RecursiveMalloc(int depth) { 2904 static int count; 2905 count++; 2906 if ((count % (1024 * 1024)) == 0) 2907 printf("RecursiveMalloc: %d\n", count); 2908 int *x1 = new int; 2909 int *x2 = new int; 2910 break_optimization(x1); 2911 break_optimization(x2); 2912 if (depth > 0) { 2913 RecursiveMalloc(depth-1); 2914 RecursiveMalloc(depth-1); 2915 } 2916 delete x1; 2917 delete x2; 2918} 2919 2920TEST(MemorySanitizer, CallocOverflow) { 2921 size_t kArraySize = 4096; 2922 volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max(); 2923 volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10; 2924 void *p = calloc(kArraySize, kArraySize2); // Should return 0. 2925 EXPECT_EQ(0L, Ident(p)); 2926} 2927 2928TEST(MemorySanitizer, Select) { 2929 int x; 2930 int volatile* p = &x; 2931 int z = *p ? 1 : 0; 2932 EXPECT_POISONED(z); 2933} 2934 2935TEST(MemorySanitizerStress, DISABLED_MallocStackTrace) { 2936 RecursiveMalloc(22); 2937} 2938 2939TEST(MemorySanitizerAllocator, get_estimated_allocated_size) { 2940 size_t sizes[] = {0, 20, 5000, 1<<20}; 2941 for (size_t i = 0; i < sizeof(sizes) / sizeof(*sizes); ++i) { 2942 size_t alloc_size = __msan_get_estimated_allocated_size(sizes[i]); 2943 EXPECT_EQ(alloc_size, sizes[i]); 2944 } 2945} 2946 2947TEST(MemorySanitizerAllocator, get_allocated_size_and_ownership) { 2948 char *array = reinterpret_cast<char*>(malloc(100)); 2949 int *int_ptr = new int; 2950 2951 EXPECT_TRUE(__msan_get_ownership(array)); 2952 EXPECT_EQ(100, __msan_get_allocated_size(array)); 2953 2954 EXPECT_TRUE(__msan_get_ownership(int_ptr)); 2955 EXPECT_EQ(sizeof(*int_ptr), __msan_get_allocated_size(int_ptr)); 2956 2957 void *wild_addr = reinterpret_cast<void*>(0x1); 2958 EXPECT_FALSE(__msan_get_ownership(wild_addr)); 2959 EXPECT_EQ(0, __msan_get_allocated_size(wild_addr)); 2960 2961 EXPECT_FALSE(__msan_get_ownership(array + 50)); 2962 EXPECT_EQ(0, __msan_get_allocated_size(array + 50)); 2963 2964 // NULL is a valid argument for GetAllocatedSize but is not owned. 2965 EXPECT_FALSE(__msan_get_ownership(NULL)); 2966 EXPECT_EQ(0, __msan_get_allocated_size(NULL)); 2967 2968 free(array); 2969 EXPECT_FALSE(__msan_get_ownership(array)); 2970 EXPECT_EQ(0, __msan_get_allocated_size(array)); 2971 2972 delete int_ptr; 2973} 2974