1 //===-- msan_report.cc ----------------------------------------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file is a part of MemorySanitizer.
11 //
12 // Error reporting.
13 //===----------------------------------------------------------------------===//
14
15 #include "msan.h"
16 #include "msan_chained_origin_depot.h"
17 #include "msan_origin.h"
18 #include "sanitizer_common/sanitizer_allocator_internal.h"
19 #include "sanitizer_common/sanitizer_common.h"
20 #include "sanitizer_common/sanitizer_flags.h"
21 #include "sanitizer_common/sanitizer_mutex.h"
22 #include "sanitizer_common/sanitizer_report_decorator.h"
23 #include "sanitizer_common/sanitizer_stackdepot.h"
24 #include "sanitizer_common/sanitizer_symbolizer.h"
25
26 using namespace __sanitizer;
27
28 namespace __msan {
29
30 class Decorator: public __sanitizer::SanitizerCommonDecorator {
31 public:
Decorator()32 Decorator() : SanitizerCommonDecorator() { }
Warning()33 const char *Warning() { return Red(); }
Origin()34 const char *Origin() { return Magenta(); }
Name()35 const char *Name() { return Green(); }
End()36 const char *End() { return Default(); }
37 };
38
DescribeStackOrigin(const char * so,uptr pc)39 static void DescribeStackOrigin(const char *so, uptr pc) {
40 Decorator d;
41 char *s = internal_strdup(so);
42 char *sep = internal_strchr(s, '@');
43 CHECK(sep);
44 *sep = '\0';
45 Printf("%s", d.Origin());
46 Printf(
47 " %sUninitialized value was created by an allocation of '%s%s%s'"
48 " in the stack frame of function '%s%s%s'%s\n",
49 d.Origin(), d.Name(), s, d.Origin(), d.Name(), sep + 1, d.Origin(),
50 d.End());
51 InternalFree(s);
52
53 if (pc) {
54 // For some reason function address in LLVM IR is 1 less then the address
55 // of the first instruction.
56 pc = StackTrace::GetNextInstructionPc(pc);
57 StackTrace(&pc, 1).Print();
58 }
59 }
60
DescribeOrigin(u32 id)61 static void DescribeOrigin(u32 id) {
62 VPrintf(1, " raw origin id: %d\n", id);
63 Decorator d;
64 Origin o = Origin::FromRawId(id);
65 while (o.isChainedOrigin()) {
66 StackTrace stack;
67 o = o.getNextChainedOrigin(&stack);
68 Printf(" %sUninitialized value was stored to memory at%s\n", d.Origin(),
69 d.End());
70 stack.Print();
71 }
72 if (o.isStackOrigin()) {
73 uptr pc;
74 const char *so = GetStackOriginDescr(o.getStackId(), &pc);
75 DescribeStackOrigin(so, pc);
76 } else {
77 StackTrace stack = o.getStackTraceForHeapOrigin();
78 switch (stack.tag) {
79 case StackTrace::TAG_ALLOC:
80 Printf(" %sUninitialized value was created by a heap allocation%s\n",
81 d.Origin(), d.End());
82 break;
83 case StackTrace::TAG_DEALLOC:
84 Printf(" %sUninitialized value was created by a heap deallocation%s\n",
85 d.Origin(), d.End());
86 break;
87 case STACK_TRACE_TAG_POISON:
88 Printf(" %sMemory was marked as uninitialized%s\n", d.Origin(),
89 d.End());
90 break;
91 default:
92 Printf(" %sUninitialized value was created%s\n", d.Origin(), d.End());
93 break;
94 }
95 stack.Print();
96 }
97 }
98
ReportUMR(StackTrace * stack,u32 origin)99 void ReportUMR(StackTrace *stack, u32 origin) {
100 if (!__msan::flags()->report_umrs) return;
101
102 SpinMutexLock l(&CommonSanitizerReportMutex);
103
104 Decorator d;
105 Printf("%s", d.Warning());
106 Report("WARNING: MemorySanitizer: use-of-uninitialized-value\n");
107 Printf("%s", d.End());
108 stack->Print();
109 if (origin) {
110 DescribeOrigin(origin);
111 }
112 ReportErrorSummary("use-of-uninitialized-value", stack);
113 }
114
ReportExpectedUMRNotFound(StackTrace * stack)115 void ReportExpectedUMRNotFound(StackTrace *stack) {
116 SpinMutexLock l(&CommonSanitizerReportMutex);
117
118 Printf("WARNING: Expected use of uninitialized value not found\n");
119 stack->Print();
120 }
121
ReportStats()122 void ReportStats() {
123 SpinMutexLock l(&CommonSanitizerReportMutex);
124
125 if (__msan_get_track_origins() > 0) {
126 StackDepotStats *stack_depot_stats = StackDepotGetStats();
127 // FIXME: we want this at normal exit, too!
128 // FIXME: but only with verbosity=1 or something
129 Printf("Unique heap origins: %zu\n", stack_depot_stats->n_uniq_ids);
130 Printf("Stack depot allocated bytes: %zu\n", stack_depot_stats->allocated);
131
132 StackDepotStats *chained_origin_depot_stats = ChainedOriginDepotGetStats();
133 Printf("Unique origin histories: %zu\n",
134 chained_origin_depot_stats->n_uniq_ids);
135 Printf("History depot allocated bytes: %zu\n",
136 chained_origin_depot_stats->allocated);
137 }
138 }
139
ReportAtExitStatistics()140 void ReportAtExitStatistics() {
141 SpinMutexLock l(&CommonSanitizerReportMutex);
142
143 if (msan_report_count > 0) {
144 Decorator d;
145 Printf("%s", d.Warning());
146 Printf("MemorySanitizer: %d warnings reported.\n", msan_report_count);
147 Printf("%s", d.End());
148 }
149 }
150
151 class OriginSet {
152 public:
OriginSet()153 OriginSet() : next_id_(0) {}
insert(u32 o)154 int insert(u32 o) {
155 // Scan from the end for better locality.
156 for (int i = next_id_ - 1; i >= 0; --i)
157 if (origins_[i] == o) return i;
158 if (next_id_ == kMaxSize_) return OVERFLOW;
159 int id = next_id_++;
160 origins_[id] = o;
161 return id;
162 }
size()163 int size() { return next_id_; }
get(int id)164 u32 get(int id) { return origins_[id]; }
asChar(int id)165 static char asChar(int id) {
166 switch (id) {
167 case MISSING:
168 return '.';
169 case OVERFLOW:
170 return '*';
171 default:
172 return 'A' + id;
173 }
174 }
175 static const int OVERFLOW = -1;
176 static const int MISSING = -2;
177
178 private:
179 static const int kMaxSize_ = 'Z' - 'A' + 1;
180 u32 origins_[kMaxSize_];
181 int next_id_;
182 };
183
DescribeMemoryRange(const void * x,uptr size)184 void DescribeMemoryRange(const void *x, uptr size) {
185 // Real limits.
186 uptr start = MEM_TO_SHADOW(x);
187 uptr end = start + size;
188 // Scan limits: align start down to 4; align size up to 16.
189 uptr s = start & ~3UL;
190 size = end - s;
191 size = (size + 15) & ~15UL;
192 uptr e = s + size;
193
194 // Single letter names to origin id mapping.
195 OriginSet origin_set;
196
197 uptr pos = 0; // Offset from aligned start.
198 bool with_origins = __msan_get_track_origins();
199 // True if there is at least 1 poisoned bit in the last 4-byte group.
200 bool last_quad_poisoned;
201 int origin_ids[4]; // Single letter origin ids for the current line.
202
203 Decorator d;
204 Printf("%s", d.Warning());
205 Printf("Shadow map of [%p, %p), %zu bytes:\n", start, end, end - start);
206 Printf("%s", d.End());
207 while (s < e) {
208 // Line start.
209 if (pos % 16 == 0) {
210 for (int i = 0; i < 4; ++i) origin_ids[i] = -1;
211 Printf("%p:", s);
212 }
213 // Group start.
214 if (pos % 4 == 0) {
215 Printf(" ");
216 last_quad_poisoned = false;
217 }
218 // Print shadow byte.
219 if (s < start || s >= end) {
220 Printf("..");
221 } else {
222 unsigned char v = *(unsigned char *)s;
223 if (v) last_quad_poisoned = true;
224 Printf("%x%x", v >> 4, v & 0xf);
225 }
226 // Group end.
227 if (pos % 4 == 3 && with_origins) {
228 int id = OriginSet::MISSING;
229 if (last_quad_poisoned) {
230 u32 o = *(u32 *)SHADOW_TO_ORIGIN(s - 3);
231 id = origin_set.insert(o);
232 }
233 origin_ids[(pos % 16) / 4] = id;
234 }
235 // Line end.
236 if (pos % 16 == 15) {
237 if (with_origins) {
238 Printf(" |");
239 for (int i = 0; i < 4; ++i) {
240 char c = OriginSet::asChar(origin_ids[i]);
241 Printf("%c", c);
242 if (i != 3) Printf(" ");
243 }
244 Printf("|");
245 }
246 Printf("\n");
247 }
248 size--;
249 s++;
250 pos++;
251 }
252
253 Printf("\n");
254
255 for (int i = 0; i < origin_set.size(); ++i) {
256 u32 o = origin_set.get(i);
257 Printf("Origin %c (origin_id %x):\n", OriginSet::asChar(i), o);
258 DescribeOrigin(o);
259 }
260 }
261
ReportUMRInsideAddressRange(const char * what,const void * start,uptr size,uptr offset)262 void ReportUMRInsideAddressRange(const char *what, const void *start, uptr size,
263 uptr offset) {
264 Decorator d;
265 Printf("%s", d.Warning());
266 Printf("%sUninitialized bytes in %s%s%s at offset %zu inside [%p, %zu)%s\n",
267 d.Warning(), d.Name(), what, d.Warning(), offset, start, size,
268 d.End());
269 if (__sanitizer::Verbosity())
270 DescribeMemoryRange(start, size);
271 }
272
273 } // namespace __msan
274