1 //===-- msan_test.cc ------------------------------------------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file is a part of MemorySanitizer.
11 //
12 // MemorySanitizer unit tests.
13 //===----------------------------------------------------------------------===//
14
15 #ifndef MSAN_EXTERNAL_TEST_CONFIG
16 #include "msan_test_config.h"
17 #endif // MSAN_EXTERNAL_TEST_CONFIG
18
19 #include "sanitizer_common/tests/sanitizer_test_utils.h"
20
21 #include "sanitizer/allocator_interface.h"
22 #include "sanitizer/msan_interface.h"
23 #include "msandr_test_so.h"
24
25 #include <inttypes.h>
26 #include <stdlib.h>
27 #include <stdarg.h>
28 #include <stdio.h>
29 #include <wchar.h>
30 #include <math.h>
31 #include <malloc.h>
32
33 #include <arpa/inet.h>
34 #include <dlfcn.h>
35 #include <grp.h>
36 #include <unistd.h>
37 #include <link.h>
38 #include <limits.h>
39 #include <sys/time.h>
40 #include <poll.h>
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <fcntl.h>
44 #include <sys/resource.h>
45 #include <sys/ioctl.h>
46 #include <sys/statvfs.h>
47 #include <sys/sysinfo.h>
48 #include <sys/utsname.h>
49 #include <sys/mman.h>
50 #include <sys/vfs.h>
51 #include <dirent.h>
52 #include <pwd.h>
53 #include <sys/socket.h>
54 #include <netdb.h>
55 #include <wordexp.h>
56 #include <mntent.h>
57 #include <netinet/ether.h>
58 #include <sys/ipc.h>
59 #include <sys/shm.h>
60
61 #if defined(__i386__) || defined(__x86_64__)
62 # include <emmintrin.h>
63 # define MSAN_HAS_M128 1
64 #else
65 # define MSAN_HAS_M128 0
66 #endif
67
68 #ifdef __AVX2__
69 # include <immintrin.h>
70 #endif
71
72 static const size_t kPageSize = 4096;
73
74 typedef unsigned char U1;
75 typedef unsigned short U2; // NOLINT
76 typedef unsigned int U4;
77 typedef unsigned long long U8; // NOLINT
78 typedef signed char S1;
79 typedef signed short S2; // NOLINT
80 typedef signed int S4;
81 typedef signed long long S8; // NOLINT
82 #define NOINLINE __attribute__((noinline))
83 #define INLINE __attribute__((always_inline))
84
TrackingOrigins()85 static bool TrackingOrigins() {
86 S8 x;
87 __msan_set_origin(&x, sizeof(x), 0x1234);
88 U4 origin = __msan_get_origin(&x);
89 __msan_set_origin(&x, sizeof(x), 0);
90 return origin == 0x1234;
91 }
92
93 #define EXPECT_UMR(action) \
94 do { \
95 __msan_set_expect_umr(1); \
96 action; \
97 __msan_set_expect_umr(0); \
98 } while (0)
99
100 #define EXPECT_UMR_O(action, origin) \
101 do { \
102 __msan_set_expect_umr(1); \
103 action; \
104 __msan_set_expect_umr(0); \
105 if (TrackingOrigins()) \
106 EXPECT_EQ(origin, __msan_get_umr_origin()); \
107 } while (0)
108
109 #define EXPECT_POISONED(x) ExpectPoisoned(x)
110
111 template<typename T>
ExpectPoisoned(const T & t)112 void ExpectPoisoned(const T& t) {
113 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t)));
114 }
115
116 #define EXPECT_POISONED_O(x, origin) \
117 ExpectPoisonedWithOrigin(x, origin)
118
119 template<typename T>
ExpectPoisonedWithOrigin(const T & t,unsigned origin)120 void ExpectPoisonedWithOrigin(const T& t, unsigned origin) {
121 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t)));
122 if (TrackingOrigins())
123 EXPECT_EQ(origin, __msan_get_origin((void*)&t));
124 }
125
126 #define EXPECT_NOT_POISONED(x) ExpectNotPoisoned(x)
127
128 template<typename T>
ExpectNotPoisoned(const T & t)129 void ExpectNotPoisoned(const T& t) {
130 EXPECT_EQ(-1, __msan_test_shadow((void*)&t, sizeof(t)));
131 }
132
133 static U8 poisoned_array[100];
134 template<class T>
GetPoisoned(int i=0,T val=0)135 T *GetPoisoned(int i = 0, T val = 0) {
136 T *res = (T*)&poisoned_array[i];
137 *res = val;
138 __msan_poison(&poisoned_array[i], sizeof(T));
139 return res;
140 }
141
142 template<class T>
GetPoisonedO(int i,U4 origin,T val=0)143 T *GetPoisonedO(int i, U4 origin, T val = 0) {
144 T *res = (T*)&poisoned_array[i];
145 *res = val;
146 __msan_poison(&poisoned_array[i], sizeof(T));
147 __msan_set_origin(&poisoned_array[i], sizeof(T), origin);
148 return res;
149 }
150
151 template<typename T>
Poisoned(T v=0,T s=(T)(-1))152 T Poisoned(T v = 0, T s = (T)(-1)) {
153 __msan_partial_poison(&v, &s, sizeof(T));
154 return v;
155 }
156
ReturnPoisoned()157 template<class T> NOINLINE T ReturnPoisoned() { return *GetPoisoned<T>(); }
158
159 static volatile int g_one = 1;
160 static volatile int g_zero = 0;
161 static volatile int g_0 = 0;
162 static volatile int g_1 = 1;
163
164 S4 a_s4[100];
165 S8 a_s8[100];
166
167 // Check that malloc poisons memory.
168 // A lot of tests below depend on this.
TEST(MemorySanitizerSanity,PoisonInMalloc)169 TEST(MemorySanitizerSanity, PoisonInMalloc) {
170 int *x = (int*)malloc(sizeof(int));
171 EXPECT_POISONED(*x);
172 free(x);
173 }
174
TEST(MemorySanitizer,NegativeTest1)175 TEST(MemorySanitizer, NegativeTest1) {
176 S4 *x = GetPoisoned<S4>();
177 if (g_one)
178 *x = 0;
179 EXPECT_NOT_POISONED(*x);
180 }
181
TEST(MemorySanitizer,PositiveTest1)182 TEST(MemorySanitizer, PositiveTest1) {
183 // Load to store.
184 EXPECT_POISONED(*GetPoisoned<S1>());
185 EXPECT_POISONED(*GetPoisoned<S2>());
186 EXPECT_POISONED(*GetPoisoned<S4>());
187 EXPECT_POISONED(*GetPoisoned<S8>());
188
189 // S->S conversions.
190 EXPECT_POISONED(*GetPoisoned<S1>());
191 EXPECT_POISONED(*GetPoisoned<S1>());
192 EXPECT_POISONED(*GetPoisoned<S1>());
193
194 EXPECT_POISONED(*GetPoisoned<S2>());
195 EXPECT_POISONED(*GetPoisoned<S2>());
196 EXPECT_POISONED(*GetPoisoned<S2>());
197
198 EXPECT_POISONED(*GetPoisoned<S4>());
199 EXPECT_POISONED(*GetPoisoned<S4>());
200 EXPECT_POISONED(*GetPoisoned<S4>());
201
202 EXPECT_POISONED(*GetPoisoned<S8>());
203 EXPECT_POISONED(*GetPoisoned<S8>());
204 EXPECT_POISONED(*GetPoisoned<S8>());
205
206 // ZExt
207 EXPECT_POISONED(*GetPoisoned<U1>());
208 EXPECT_POISONED(*GetPoisoned<U1>());
209 EXPECT_POISONED(*GetPoisoned<U1>());
210 EXPECT_POISONED(*GetPoisoned<U2>());
211 EXPECT_POISONED(*GetPoisoned<U2>());
212 EXPECT_POISONED(*GetPoisoned<U4>());
213
214 // Unary ops.
215 EXPECT_POISONED(- *GetPoisoned<S4>());
216
217 EXPECT_UMR(a_s4[g_zero] = 100 / *GetPoisoned<S4>(0, 1));
218
219
220 a_s4[g_zero] = 1 - *GetPoisoned<S4>();
221 a_s4[g_zero] = 1 + *GetPoisoned<S4>();
222 }
223
TEST(MemorySanitizer,Phi1)224 TEST(MemorySanitizer, Phi1) {
225 S4 c;
226 if (g_one) {
227 c = *GetPoisoned<S4>();
228 } else {
229 break_optimization(0);
230 c = 0;
231 }
232 EXPECT_POISONED(c);
233 }
234
TEST(MemorySanitizer,Phi2)235 TEST(MemorySanitizer, Phi2) {
236 S4 i = *GetPoisoned<S4>();
237 S4 n = g_one;
238 EXPECT_UMR(for (; i < g_one; i++););
239 EXPECT_POISONED(i);
240 }
241
Arg1ExpectUMR(S4 a1)242 NOINLINE void Arg1ExpectUMR(S4 a1) { EXPECT_POISONED(a1); }
Arg2ExpectUMR(S4 a1,S4 a2)243 NOINLINE void Arg2ExpectUMR(S4 a1, S4 a2) { EXPECT_POISONED(a2); }
Arg3ExpectUMR(S1 a1,S4 a2,S8 a3)244 NOINLINE void Arg3ExpectUMR(S1 a1, S4 a2, S8 a3) { EXPECT_POISONED(a3); }
245
TEST(MemorySanitizer,ArgTest)246 TEST(MemorySanitizer, ArgTest) {
247 Arg1ExpectUMR(*GetPoisoned<S4>());
248 Arg2ExpectUMR(0, *GetPoisoned<S4>());
249 Arg3ExpectUMR(0, 1, *GetPoisoned<S8>());
250 }
251
252
TEST(MemorySanitizer,CallAndRet)253 TEST(MemorySanitizer, CallAndRet) {
254 if (!__msan_has_dynamic_component()) return;
255 ReturnPoisoned<S1>();
256 ReturnPoisoned<S2>();
257 ReturnPoisoned<S4>();
258 ReturnPoisoned<S8>();
259
260 EXPECT_POISONED(ReturnPoisoned<S1>());
261 EXPECT_POISONED(ReturnPoisoned<S2>());
262 EXPECT_POISONED(ReturnPoisoned<S4>());
263 EXPECT_POISONED(ReturnPoisoned<S8>());
264 }
265
266 // malloc() in the following test may be optimized to produce a compile-time
267 // undef value. Check that we trap on the volatile assignment anyway.
TEST(MemorySanitizer,DISABLED_MallocNoIdent)268 TEST(MemorySanitizer, DISABLED_MallocNoIdent) {
269 S4 *x = (int*)malloc(sizeof(S4));
270 EXPECT_POISONED(*x);
271 free(x);
272 }
273
TEST(MemorySanitizer,Malloc)274 TEST(MemorySanitizer, Malloc) {
275 S4 *x = (int*)Ident(malloc(sizeof(S4)));
276 EXPECT_POISONED(*x);
277 free(x);
278 }
279
TEST(MemorySanitizer,Realloc)280 TEST(MemorySanitizer, Realloc) {
281 S4 *x = (int*)Ident(realloc(0, sizeof(S4)));
282 EXPECT_POISONED(x[0]);
283 x[0] = 1;
284 x = (int*)Ident(realloc(x, 2 * sizeof(S4)));
285 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before.
286 EXPECT_POISONED(x[1]);
287 x = (int*)Ident(realloc(x, 3 * sizeof(S4)));
288 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before.
289 EXPECT_POISONED(x[2]);
290 EXPECT_POISONED(x[1]);
291 x[2] = 1; // Init this here. Check that after realloc it is poisoned again.
292 x = (int*)Ident(realloc(x, 2 * sizeof(S4)));
293 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before.
294 EXPECT_POISONED(x[1]);
295 x = (int*)Ident(realloc(x, 3 * sizeof(S4)));
296 EXPECT_POISONED(x[1]);
297 EXPECT_POISONED(x[2]);
298 free(x);
299 }
300
TEST(MemorySanitizer,Calloc)301 TEST(MemorySanitizer, Calloc) {
302 S4 *x = (int*)Ident(calloc(1, sizeof(S4)));
303 EXPECT_NOT_POISONED(*x); // Should not be poisoned.
304 EXPECT_EQ(0, *x);
305 free(x);
306 }
307
TEST(MemorySanitizer,CallocReturnsZeroMem)308 TEST(MemorySanitizer, CallocReturnsZeroMem) {
309 size_t sizes[] = {16, 1000, 10000, 100000, 2100000};
310 for (size_t s = 0; s < sizeof(sizes)/sizeof(sizes[0]); s++) {
311 size_t size = sizes[s];
312 for (size_t iter = 0; iter < 5; iter++) {
313 char *x = Ident((char*)calloc(1, size));
314 EXPECT_EQ(x[0], 0);
315 EXPECT_EQ(x[size - 1], 0);
316 EXPECT_EQ(x[size / 2], 0);
317 EXPECT_EQ(x[size / 3], 0);
318 EXPECT_EQ(x[size / 4], 0);
319 memset(x, 0x42, size);
320 free(Ident(x));
321 }
322 }
323 }
324
TEST(MemorySanitizer,AndOr)325 TEST(MemorySanitizer, AndOr) {
326 U4 *p = GetPoisoned<U4>();
327 // We poison two bytes in the midle of a 4-byte word to make the test
328 // correct regardless of endianness.
329 ((U1*)p)[1] = 0;
330 ((U1*)p)[2] = 0xff;
331 EXPECT_NOT_POISONED(*p & 0x00ffff00);
332 EXPECT_NOT_POISONED(*p & 0x00ff0000);
333 EXPECT_NOT_POISONED(*p & 0x0000ff00);
334 EXPECT_POISONED(*p & 0xff000000);
335 EXPECT_POISONED(*p & 0x000000ff);
336 EXPECT_POISONED(*p & 0x0000ffff);
337 EXPECT_POISONED(*p & 0xffff0000);
338
339 EXPECT_NOT_POISONED(*p | 0xff0000ff);
340 EXPECT_NOT_POISONED(*p | 0xff00ffff);
341 EXPECT_NOT_POISONED(*p | 0xffff00ff);
342 EXPECT_POISONED(*p | 0xff000000);
343 EXPECT_POISONED(*p | 0x000000ff);
344 EXPECT_POISONED(*p | 0x0000ffff);
345 EXPECT_POISONED(*p | 0xffff0000);
346
347 EXPECT_POISONED(*GetPoisoned<bool>() & *GetPoisoned<bool>());
348 }
349
350 template<class T>
applyNot(T value,T shadow)351 static bool applyNot(T value, T shadow) {
352 __msan_partial_poison(&value, &shadow, sizeof(T));
353 return !value;
354 }
355
TEST(MemorySanitizer,Not)356 TEST(MemorySanitizer, Not) {
357 EXPECT_NOT_POISONED(applyNot<U4>(0x0, 0x0));
358 EXPECT_NOT_POISONED(applyNot<U4>(0xFFFFFFFF, 0x0));
359 EXPECT_POISONED(applyNot<U4>(0xFFFFFFFF, 0xFFFFFFFF));
360 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0FFFFFFF));
361 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00FFFFFF));
362 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0000FFFF));
363 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00000000));
364 EXPECT_POISONED(applyNot<U4>(0xFF000000, 0xFF000000));
365 EXPECT_NOT_POISONED(applyNot<U4>(0xFF800000, 0xFF000000));
366 EXPECT_POISONED(applyNot<U4>(0x00008000, 0x00008000));
367
368 EXPECT_NOT_POISONED(applyNot<U1>(0x0, 0x0));
369 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0xFE));
370 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0x0));
371 EXPECT_POISONED(applyNot<U1>(0xFF, 0xFF));
372
373 EXPECT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-1)));
374 EXPECT_NOT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-2)));
375 }
376
TEST(MemorySanitizer,Shift)377 TEST(MemorySanitizer, Shift) {
378 U4 *up = GetPoisoned<U4>();
379 ((U1*)up)[0] = 0;
380 ((U1*)up)[3] = 0xff;
381 EXPECT_NOT_POISONED(*up >> 30);
382 EXPECT_NOT_POISONED(*up >> 24);
383 EXPECT_POISONED(*up >> 23);
384 EXPECT_POISONED(*up >> 10);
385
386 EXPECT_NOT_POISONED(*up << 30);
387 EXPECT_NOT_POISONED(*up << 24);
388 EXPECT_POISONED(*up << 23);
389 EXPECT_POISONED(*up << 10);
390
391 S4 *sp = (S4*)up;
392 EXPECT_NOT_POISONED(*sp >> 30);
393 EXPECT_NOT_POISONED(*sp >> 24);
394 EXPECT_POISONED(*sp >> 23);
395 EXPECT_POISONED(*sp >> 10);
396
397 sp = GetPoisoned<S4>();
398 ((S1*)sp)[1] = 0;
399 ((S1*)sp)[2] = 0;
400 EXPECT_POISONED(*sp >> 31);
401
402 EXPECT_POISONED(100 >> *GetPoisoned<S4>());
403 EXPECT_POISONED(100U >> *GetPoisoned<S4>());
404 }
405
GetPoisonedZero()406 NOINLINE static int GetPoisonedZero() {
407 int *zero = new int;
408 *zero = 0;
409 __msan_poison(zero, sizeof(*zero));
410 int res = *zero;
411 delete zero;
412 return res;
413 }
414
TEST(MemorySanitizer,LoadFromDirtyAddress)415 TEST(MemorySanitizer, LoadFromDirtyAddress) {
416 int *a = new int;
417 *a = 0;
418 EXPECT_UMR(break_optimization((void*)(U8)a[GetPoisonedZero()]));
419 delete a;
420 }
421
TEST(MemorySanitizer,StoreToDirtyAddress)422 TEST(MemorySanitizer, StoreToDirtyAddress) {
423 int *a = new int;
424 EXPECT_UMR(a[GetPoisonedZero()] = 0);
425 break_optimization(a);
426 delete a;
427 }
428
429
StackTestFunc()430 NOINLINE void StackTestFunc() {
431 S4 p4;
432 S4 ok4 = 1;
433 S2 p2;
434 S2 ok2 = 1;
435 S1 p1;
436 S1 ok1 = 1;
437 break_optimization(&p4);
438 break_optimization(&ok4);
439 break_optimization(&p2);
440 break_optimization(&ok2);
441 break_optimization(&p1);
442 break_optimization(&ok1);
443
444 EXPECT_POISONED(p4);
445 EXPECT_POISONED(p2);
446 EXPECT_POISONED(p1);
447 EXPECT_NOT_POISONED(ok1);
448 EXPECT_NOT_POISONED(ok2);
449 EXPECT_NOT_POISONED(ok4);
450 }
451
TEST(MemorySanitizer,StackTest)452 TEST(MemorySanitizer, StackTest) {
453 StackTestFunc();
454 }
455
StackStressFunc()456 NOINLINE void StackStressFunc() {
457 int foo[10000];
458 break_optimization(foo);
459 }
460
TEST(MemorySanitizer,DISABLED_StackStressTest)461 TEST(MemorySanitizer, DISABLED_StackStressTest) {
462 for (int i = 0; i < 1000000; i++)
463 StackStressFunc();
464 }
465
466 template<class T>
TestFloatingPoint()467 void TestFloatingPoint() {
468 static volatile T v;
469 static T g[100];
470 break_optimization(&g);
471 T *x = GetPoisoned<T>();
472 T *y = GetPoisoned<T>(1);
473 EXPECT_POISONED(*x);
474 EXPECT_POISONED((long long)*x);
475 EXPECT_POISONED((int)*x);
476 g[0] = *x;
477 g[1] = *x + *y;
478 g[2] = *x - *y;
479 g[3] = *x * *y;
480 }
481
TEST(MemorySanitizer,FloatingPointTest)482 TEST(MemorySanitizer, FloatingPointTest) {
483 TestFloatingPoint<float>();
484 TestFloatingPoint<double>();
485 }
486
TEST(MemorySanitizer,DynMem)487 TEST(MemorySanitizer, DynMem) {
488 S4 x = 0;
489 S4 *y = GetPoisoned<S4>();
490 memcpy(y, &x, g_one * sizeof(S4));
491 EXPECT_NOT_POISONED(*y);
492 }
493
494 static char *DynRetTestStr;
495
TEST(MemorySanitizer,DynRet)496 TEST(MemorySanitizer, DynRet) {
497 if (!__msan_has_dynamic_component()) return;
498 ReturnPoisoned<S8>();
499 EXPECT_NOT_POISONED(clearenv());
500 }
501
502
TEST(MemorySanitizer,DynRet1)503 TEST(MemorySanitizer, DynRet1) {
504 if (!__msan_has_dynamic_component()) return;
505 ReturnPoisoned<S8>();
506 }
507
508 struct LargeStruct {
509 S4 x[10];
510 };
511
512 NOINLINE
LargeRetTest()513 LargeStruct LargeRetTest() {
514 LargeStruct res;
515 res.x[0] = *GetPoisoned<S4>();
516 res.x[1] = *GetPoisoned<S4>();
517 res.x[2] = *GetPoisoned<S4>();
518 res.x[3] = *GetPoisoned<S4>();
519 res.x[4] = *GetPoisoned<S4>();
520 res.x[5] = *GetPoisoned<S4>();
521 res.x[6] = *GetPoisoned<S4>();
522 res.x[7] = *GetPoisoned<S4>();
523 res.x[8] = *GetPoisoned<S4>();
524 res.x[9] = *GetPoisoned<S4>();
525 return res;
526 }
527
TEST(MemorySanitizer,strcmp)528 TEST(MemorySanitizer, strcmp) {
529 char s1[10];
530 char s2[10];
531 strncpy(s1, "foo", 10);
532 s2[0] = 'f';
533 s2[1] = 'n';
534 EXPECT_GT(strcmp(s1, s2), 0);
535 s2[1] = 'o';
536 int res;
537 EXPECT_UMR(res = strcmp(s1, s2));
538 EXPECT_NOT_POISONED(res);
539 EXPECT_EQ(strncmp(s1, s2, 1), 0);
540 }
541
TEST(MemorySanitizer,LargeRet)542 TEST(MemorySanitizer, LargeRet) {
543 LargeStruct a = LargeRetTest();
544 EXPECT_POISONED(a.x[0]);
545 EXPECT_POISONED(a.x[9]);
546 }
547
TEST(MemorySanitizer,strerror)548 TEST(MemorySanitizer, strerror) {
549 char *buf = strerror(EINVAL);
550 EXPECT_NOT_POISONED(strlen(buf));
551 buf = strerror(123456);
552 EXPECT_NOT_POISONED(strlen(buf));
553 }
554
TEST(MemorySanitizer,strerror_r)555 TEST(MemorySanitizer, strerror_r) {
556 errno = 0;
557 char buf[1000];
558 char *res = strerror_r(EINVAL, buf, sizeof(buf));
559 ASSERT_EQ(0, errno);
560 if (!res) res = buf; // POSIX version success.
561 EXPECT_NOT_POISONED(strlen(res));
562 }
563
TEST(MemorySanitizer,fread)564 TEST(MemorySanitizer, fread) {
565 char *x = new char[32];
566 FILE *f = fopen("/proc/self/stat", "r");
567 ASSERT_TRUE(f != NULL);
568 fread(x, 1, 32, f);
569 EXPECT_NOT_POISONED(x[0]);
570 EXPECT_NOT_POISONED(x[16]);
571 EXPECT_NOT_POISONED(x[31]);
572 fclose(f);
573 delete x;
574 }
575
TEST(MemorySanitizer,read)576 TEST(MemorySanitizer, read) {
577 char *x = new char[32];
578 int fd = open("/proc/self/stat", O_RDONLY);
579 ASSERT_GT(fd, 0);
580 int sz = read(fd, x, 32);
581 ASSERT_EQ(sz, 32);
582 EXPECT_NOT_POISONED(x[0]);
583 EXPECT_NOT_POISONED(x[16]);
584 EXPECT_NOT_POISONED(x[31]);
585 close(fd);
586 delete x;
587 }
588
TEST(MemorySanitizer,pread)589 TEST(MemorySanitizer, pread) {
590 char *x = new char[32];
591 int fd = open("/proc/self/stat", O_RDONLY);
592 ASSERT_GT(fd, 0);
593 int sz = pread(fd, x, 32, 0);
594 ASSERT_EQ(sz, 32);
595 EXPECT_NOT_POISONED(x[0]);
596 EXPECT_NOT_POISONED(x[16]);
597 EXPECT_NOT_POISONED(x[31]);
598 close(fd);
599 delete x;
600 }
601
TEST(MemorySanitizer,readv)602 TEST(MemorySanitizer, readv) {
603 char buf[2011];
604 struct iovec iov[2];
605 iov[0].iov_base = buf + 1;
606 iov[0].iov_len = 5;
607 iov[1].iov_base = buf + 10;
608 iov[1].iov_len = 2000;
609 int fd = open("/proc/self/stat", O_RDONLY);
610 ASSERT_GT(fd, 0);
611 int sz = readv(fd, iov, 2);
612 ASSERT_GE(sz, 0);
613 ASSERT_LT(sz, 5 + 2000);
614 ASSERT_GT((size_t)sz, iov[0].iov_len);
615 EXPECT_POISONED(buf[0]);
616 EXPECT_NOT_POISONED(buf[1]);
617 EXPECT_NOT_POISONED(buf[5]);
618 EXPECT_POISONED(buf[6]);
619 EXPECT_POISONED(buf[9]);
620 EXPECT_NOT_POISONED(buf[10]);
621 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]);
622 EXPECT_POISONED(buf[11 + (sz - 1) - 5]);
623 close(fd);
624 }
625
TEST(MemorySanitizer,preadv)626 TEST(MemorySanitizer, preadv) {
627 char buf[2011];
628 struct iovec iov[2];
629 iov[0].iov_base = buf + 1;
630 iov[0].iov_len = 5;
631 iov[1].iov_base = buf + 10;
632 iov[1].iov_len = 2000;
633 int fd = open("/proc/self/stat", O_RDONLY);
634 ASSERT_GT(fd, 0);
635 int sz = preadv(fd, iov, 2, 3);
636 ASSERT_GE(sz, 0);
637 ASSERT_LT(sz, 5 + 2000);
638 ASSERT_GT((size_t)sz, iov[0].iov_len);
639 EXPECT_POISONED(buf[0]);
640 EXPECT_NOT_POISONED(buf[1]);
641 EXPECT_NOT_POISONED(buf[5]);
642 EXPECT_POISONED(buf[6]);
643 EXPECT_POISONED(buf[9]);
644 EXPECT_NOT_POISONED(buf[10]);
645 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]);
646 EXPECT_POISONED(buf[11 + (sz - 1) - 5]);
647 close(fd);
648 }
649
650 // FIXME: fails now.
TEST(MemorySanitizer,DISABLED_ioctl)651 TEST(MemorySanitizer, DISABLED_ioctl) {
652 struct winsize ws;
653 EXPECT_EQ(ioctl(2, TIOCGWINSZ, &ws), 0);
654 EXPECT_NOT_POISONED(ws.ws_col);
655 }
656
TEST(MemorySanitizer,readlink)657 TEST(MemorySanitizer, readlink) {
658 char *x = new char[1000];
659 readlink("/proc/self/exe", x, 1000);
660 EXPECT_NOT_POISONED(x[0]);
661 delete [] x;
662 }
663
664
TEST(MemorySanitizer,stat)665 TEST(MemorySanitizer, stat) {
666 struct stat* st = new struct stat;
667 int res = stat("/proc/self/stat", st);
668 ASSERT_EQ(0, res);
669 EXPECT_NOT_POISONED(st->st_dev);
670 EXPECT_NOT_POISONED(st->st_mode);
671 EXPECT_NOT_POISONED(st->st_size);
672 }
673
TEST(MemorySanitizer,fstatat)674 TEST(MemorySanitizer, fstatat) {
675 struct stat* st = new struct stat;
676 int dirfd = open("/proc/self", O_RDONLY);
677 ASSERT_GT(dirfd, 0);
678 int res = fstatat(dirfd, "stat", st, 0);
679 ASSERT_EQ(0, res);
680 EXPECT_NOT_POISONED(st->st_dev);
681 EXPECT_NOT_POISONED(st->st_mode);
682 EXPECT_NOT_POISONED(st->st_size);
683 close(dirfd);
684 }
685
TEST(MemorySanitizer,statfs)686 TEST(MemorySanitizer, statfs) {
687 struct statfs st;
688 int res = statfs("/", &st);
689 ASSERT_EQ(0, res);
690 EXPECT_NOT_POISONED(st.f_type);
691 EXPECT_NOT_POISONED(st.f_bfree);
692 EXPECT_NOT_POISONED(st.f_namelen);
693 }
694
TEST(MemorySanitizer,statvfs)695 TEST(MemorySanitizer, statvfs) {
696 struct statvfs st;
697 int res = statvfs("/", &st);
698 ASSERT_EQ(0, res);
699 EXPECT_NOT_POISONED(st.f_bsize);
700 EXPECT_NOT_POISONED(st.f_blocks);
701 EXPECT_NOT_POISONED(st.f_bfree);
702 EXPECT_NOT_POISONED(st.f_namemax);
703 }
704
TEST(MemorySanitizer,fstatvfs)705 TEST(MemorySanitizer, fstatvfs) {
706 struct statvfs st;
707 int fd = open("/", O_RDONLY | O_DIRECTORY);
708 int res = fstatvfs(fd, &st);
709 ASSERT_EQ(0, res);
710 EXPECT_NOT_POISONED(st.f_bsize);
711 EXPECT_NOT_POISONED(st.f_blocks);
712 EXPECT_NOT_POISONED(st.f_bfree);
713 EXPECT_NOT_POISONED(st.f_namemax);
714 close(fd);
715 }
716
TEST(MemorySanitizer,pipe)717 TEST(MemorySanitizer, pipe) {
718 int* pipefd = new int[2];
719 int res = pipe(pipefd);
720 ASSERT_EQ(0, res);
721 EXPECT_NOT_POISONED(pipefd[0]);
722 EXPECT_NOT_POISONED(pipefd[1]);
723 close(pipefd[0]);
724 close(pipefd[1]);
725 }
726
TEST(MemorySanitizer,pipe2)727 TEST(MemorySanitizer, pipe2) {
728 int* pipefd = new int[2];
729 int res = pipe2(pipefd, O_NONBLOCK);
730 ASSERT_EQ(0, res);
731 EXPECT_NOT_POISONED(pipefd[0]);
732 EXPECT_NOT_POISONED(pipefd[1]);
733 close(pipefd[0]);
734 close(pipefd[1]);
735 }
736
TEST(MemorySanitizer,socketpair)737 TEST(MemorySanitizer, socketpair) {
738 int sv[2];
739 int res = socketpair(AF_UNIX, SOCK_STREAM, 0, sv);
740 ASSERT_EQ(0, res);
741 EXPECT_NOT_POISONED(sv[0]);
742 EXPECT_NOT_POISONED(sv[1]);
743 close(sv[0]);
744 close(sv[1]);
745 }
746
TEST(MemorySanitizer,poll)747 TEST(MemorySanitizer, poll) {
748 int* pipefd = new int[2];
749 int res = pipe(pipefd);
750 ASSERT_EQ(0, res);
751
752 char data = 42;
753 res = write(pipefd[1], &data, 1);
754 ASSERT_EQ(1, res);
755
756 pollfd fds[2];
757 fds[0].fd = pipefd[0];
758 fds[0].events = POLLIN;
759 fds[1].fd = pipefd[1];
760 fds[1].events = POLLIN;
761 res = poll(fds, 2, 500);
762 ASSERT_EQ(1, res);
763 EXPECT_NOT_POISONED(fds[0].revents);
764 EXPECT_NOT_POISONED(fds[1].revents);
765
766 close(pipefd[0]);
767 close(pipefd[1]);
768 }
769
TEST(MemorySanitizer,ppoll)770 TEST(MemorySanitizer, ppoll) {
771 int* pipefd = new int[2];
772 int res = pipe(pipefd);
773 ASSERT_EQ(0, res);
774
775 char data = 42;
776 res = write(pipefd[1], &data, 1);
777 ASSERT_EQ(1, res);
778
779 pollfd fds[2];
780 fds[0].fd = pipefd[0];
781 fds[0].events = POLLIN;
782 fds[1].fd = pipefd[1];
783 fds[1].events = POLLIN;
784 sigset_t ss;
785 sigemptyset(&ss);
786 res = ppoll(fds, 2, NULL, &ss);
787 ASSERT_EQ(1, res);
788 EXPECT_NOT_POISONED(fds[0].revents);
789 EXPECT_NOT_POISONED(fds[1].revents);
790
791 close(pipefd[0]);
792 close(pipefd[1]);
793 }
794
TEST(MemorySanitizer,poll_positive)795 TEST(MemorySanitizer, poll_positive) {
796 int* pipefd = new int[2];
797 int res = pipe(pipefd);
798 ASSERT_EQ(0, res);
799
800 pollfd fds[2];
801 fds[0].fd = pipefd[0];
802 fds[0].events = POLLIN;
803 // fds[1].fd uninitialized
804 fds[1].events = POLLIN;
805 EXPECT_UMR(poll(fds, 2, 0));
806
807 close(pipefd[0]);
808 close(pipefd[1]);
809 }
810
TEST(MemorySanitizer,bind_getsockname)811 TEST(MemorySanitizer, bind_getsockname) {
812 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
813
814 struct sockaddr_in sai;
815 memset(&sai, 0, sizeof(sai));
816 sai.sin_family = AF_UNIX;
817 int res = bind(sock, (struct sockaddr *)&sai, sizeof(sai));
818
819 ASSERT_EQ(0, res);
820 char buf[200];
821 socklen_t addrlen;
822 EXPECT_UMR(getsockname(sock, (struct sockaddr *)&buf, &addrlen));
823
824 addrlen = sizeof(buf);
825 res = getsockname(sock, (struct sockaddr *)&buf, &addrlen);
826 EXPECT_NOT_POISONED(addrlen);
827 EXPECT_NOT_POISONED(buf[0]);
828 EXPECT_NOT_POISONED(buf[addrlen - 1]);
829 EXPECT_POISONED(buf[addrlen]);
830 close(sock);
831 }
832
TEST(MemorySanitizer,accept)833 TEST(MemorySanitizer, accept) {
834 int listen_socket = socket(AF_INET, SOCK_STREAM, 0);
835 ASSERT_LT(0, listen_socket);
836
837 struct sockaddr_in sai;
838 memset(&sai, 0, sizeof(sai));
839 sai.sin_family = AF_INET;
840 sai.sin_port = 0;
841 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
842 int res = bind(listen_socket, (struct sockaddr *)&sai, sizeof(sai));
843 ASSERT_EQ(0, res);
844
845 res = listen(listen_socket, 1);
846 ASSERT_EQ(0, res);
847
848 socklen_t sz = sizeof(sai);
849 res = getsockname(listen_socket, (struct sockaddr *)&sai, &sz);
850 ASSERT_EQ(0, res);
851 ASSERT_EQ(sizeof(sai), sz);
852
853 int connect_socket = socket(AF_INET, SOCK_STREAM, 0);
854 ASSERT_LT(0, connect_socket);
855 res = fcntl(connect_socket, F_SETFL, O_NONBLOCK);
856 ASSERT_EQ(0, res);
857 res = connect(connect_socket, (struct sockaddr *)&sai, sizeof(sai));
858 ASSERT_EQ(-1, res);
859 ASSERT_EQ(EINPROGRESS, errno);
860
861 __msan_poison(&sai, sizeof(sai));
862 int new_sock = accept(listen_socket, (struct sockaddr *)&sai, &sz);
863 ASSERT_LT(0, new_sock);
864 ASSERT_EQ(sizeof(sai), sz);
865 EXPECT_NOT_POISONED(sai);
866
867 __msan_poison(&sai, sizeof(sai));
868 res = getpeername(new_sock, (struct sockaddr *)&sai, &sz);
869 ASSERT_EQ(0, res);
870 ASSERT_EQ(sizeof(sai), sz);
871 EXPECT_NOT_POISONED(sai);
872
873 close(new_sock);
874 close(connect_socket);
875 close(listen_socket);
876 }
877
TEST(MemorySanitizer,getaddrinfo)878 TEST(MemorySanitizer, getaddrinfo) {
879 struct addrinfo *ai;
880 struct addrinfo hints;
881 memset(&hints, 0, sizeof(hints));
882 hints.ai_family = AF_INET;
883 int res = getaddrinfo("localhost", NULL, &hints, &ai);
884 ASSERT_EQ(0, res);
885 EXPECT_NOT_POISONED(*ai);
886 ASSERT_EQ(sizeof(sockaddr_in), ai->ai_addrlen);
887 EXPECT_NOT_POISONED(*(sockaddr_in*)ai->ai_addr);
888 }
889
TEST(MemorySanitizer,getnameinfo)890 TEST(MemorySanitizer, getnameinfo) {
891 struct sockaddr_in sai;
892 memset(&sai, 0, sizeof(sai));
893 sai.sin_family = AF_INET;
894 sai.sin_port = 80;
895 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
896 char host[500];
897 char serv[500];
898 int res = getnameinfo((struct sockaddr *)&sai, sizeof(sai), host,
899 sizeof(host), serv, sizeof(serv), 0);
900 ASSERT_EQ(0, res);
901 EXPECT_NOT_POISONED(host[0]);
902 EXPECT_POISONED(host[sizeof(host) - 1]);
903
904 ASSERT_NE(0U, strlen(host));
905 EXPECT_NOT_POISONED(serv[0]);
906 EXPECT_POISONED(serv[sizeof(serv) - 1]);
907 ASSERT_NE(0U, strlen(serv));
908 }
909
910 #define EXPECT_HOSTENT_NOT_POISONED(he) \
911 do { \
912 EXPECT_NOT_POISONED(*(he)); \
913 ASSERT_NE((void *) 0, (he)->h_name); \
914 ASSERT_NE((void *) 0, (he)->h_aliases); \
915 ASSERT_NE((void *) 0, (he)->h_addr_list); \
916 EXPECT_NOT_POISONED(strlen((he)->h_name)); \
917 char **p = (he)->h_aliases; \
918 while (*p) { \
919 EXPECT_NOT_POISONED(strlen(*p)); \
920 ++p; \
921 } \
922 char **q = (he)->h_addr_list; \
923 while (*q) { \
924 EXPECT_NOT_POISONED(*q[0]); \
925 ++q; \
926 } \
927 EXPECT_NOT_POISONED(*q); \
928 } while (0)
929
TEST(MemorySanitizer,gethostent)930 TEST(MemorySanitizer, gethostent) {
931 struct hostent *he = gethostent();
932 ASSERT_NE((void *)NULL, he);
933 EXPECT_HOSTENT_NOT_POISONED(he);
934 }
935
936 #ifndef MSAN_TEST_DISABLE_GETHOSTBYNAME
937
TEST(MemorySanitizer,gethostbyname)938 TEST(MemorySanitizer, gethostbyname) {
939 struct hostent *he = gethostbyname("localhost");
940 ASSERT_NE((void *)NULL, he);
941 EXPECT_HOSTENT_NOT_POISONED(he);
942 }
943
944 #endif // MSAN_TEST_DISABLE_GETHOSTBYNAME
945
TEST(MemorySanitizer,recvmsg)946 TEST(MemorySanitizer, recvmsg) {
947 int server_socket = socket(AF_INET, SOCK_DGRAM, 0);
948 ASSERT_LT(0, server_socket);
949
950 struct sockaddr_in sai;
951 memset(&sai, 0, sizeof(sai));
952 sai.sin_family = AF_INET;
953 sai.sin_port = 0;
954 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
955 int res = bind(server_socket, (struct sockaddr *)&sai, sizeof(sai));
956 ASSERT_EQ(0, res);
957
958 socklen_t sz = sizeof(sai);
959 res = getsockname(server_socket, (struct sockaddr *)&sai, &sz);
960 ASSERT_EQ(0, res);
961 ASSERT_EQ(sizeof(sai), sz);
962
963
964 int client_socket = socket(AF_INET, SOCK_DGRAM, 0);
965 ASSERT_LT(0, client_socket);
966
967 struct sockaddr_in client_sai;
968 memset(&client_sai, 0, sizeof(client_sai));
969 client_sai.sin_family = AF_INET;
970 client_sai.sin_port = 0;
971 client_sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
972 res = bind(client_socket, (struct sockaddr *)&client_sai, sizeof(client_sai));
973 ASSERT_EQ(0, res);
974
975 sz = sizeof(client_sai);
976 res = getsockname(client_socket, (struct sockaddr *)&client_sai, &sz);
977 ASSERT_EQ(0, res);
978 ASSERT_EQ(sizeof(client_sai), sz);
979
980
981 const char *s = "message text";
982 struct iovec iov;
983 iov.iov_base = (void *)s;
984 iov.iov_len = strlen(s) + 1;
985 struct msghdr msg;
986 memset(&msg, 0, sizeof(msg));
987 msg.msg_name = &sai;
988 msg.msg_namelen = sizeof(sai);
989 msg.msg_iov = &iov;
990 msg.msg_iovlen = 1;
991 res = sendmsg(client_socket, &msg, 0);
992 ASSERT_LT(0, res);
993
994
995 char buf[1000];
996 struct iovec recv_iov;
997 recv_iov.iov_base = (void *)&buf;
998 recv_iov.iov_len = sizeof(buf);
999 struct sockaddr_in recv_sai;
1000 struct msghdr recv_msg;
1001 memset(&recv_msg, 0, sizeof(recv_msg));
1002 recv_msg.msg_name = &recv_sai;
1003 recv_msg.msg_namelen = sizeof(recv_sai);
1004 recv_msg.msg_iov = &recv_iov;
1005 recv_msg.msg_iovlen = 1;
1006 res = recvmsg(server_socket, &recv_msg, 0);
1007 ASSERT_LT(0, res);
1008
1009 ASSERT_EQ(sizeof(recv_sai), recv_msg.msg_namelen);
1010 EXPECT_NOT_POISONED(*(struct sockaddr_in *)recv_msg.msg_name);
1011 EXPECT_STREQ(s, buf);
1012
1013 close(server_socket);
1014 close(client_socket);
1015 }
1016
TEST(MemorySanitizer,gethostbyname2)1017 TEST(MemorySanitizer, gethostbyname2) {
1018 struct hostent *he = gethostbyname2("localhost", AF_INET);
1019 ASSERT_NE((void *)NULL, he);
1020 EXPECT_HOSTENT_NOT_POISONED(he);
1021 }
1022
TEST(MemorySanitizer,gethostbyaddr)1023 TEST(MemorySanitizer, gethostbyaddr) {
1024 in_addr_t addr = inet_addr("127.0.0.1");
1025 EXPECT_NOT_POISONED(addr);
1026 struct hostent *he = gethostbyaddr(&addr, sizeof(addr), AF_INET);
1027 ASSERT_NE((void *)NULL, he);
1028 EXPECT_HOSTENT_NOT_POISONED(he);
1029 }
1030
TEST(MemorySanitizer,gethostent_r)1031 TEST(MemorySanitizer, gethostent_r) {
1032 char buf[2000];
1033 struct hostent he;
1034 struct hostent *result;
1035 int err;
1036 int res = gethostent_r(&he, buf, sizeof(buf), &result, &err);
1037 ASSERT_EQ(0, res);
1038 EXPECT_NOT_POISONED(result);
1039 ASSERT_NE((void *)NULL, result);
1040 EXPECT_HOSTENT_NOT_POISONED(result);
1041 EXPECT_NOT_POISONED(err);
1042 }
1043
TEST(MemorySanitizer,gethostbyname_r)1044 TEST(MemorySanitizer, gethostbyname_r) {
1045 char buf[2000];
1046 struct hostent he;
1047 struct hostent *result;
1048 int err;
1049 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err);
1050 ASSERT_EQ(0, res);
1051 EXPECT_NOT_POISONED(result);
1052 ASSERT_NE((void *)NULL, result);
1053 EXPECT_HOSTENT_NOT_POISONED(result);
1054 EXPECT_NOT_POISONED(err);
1055 }
1056
TEST(MemorySanitizer,gethostbyname_r_bad_host_name)1057 TEST(MemorySanitizer, gethostbyname_r_bad_host_name) {
1058 char buf[2000];
1059 struct hostent he;
1060 struct hostent *result;
1061 int err;
1062 int res = gethostbyname_r("bad-host-name", &he, buf, sizeof(buf), &result, &err);
1063 ASSERT_EQ((struct hostent *)0, result);
1064 EXPECT_NOT_POISONED(err);
1065 }
1066
TEST(MemorySanitizer,gethostbyname_r_erange)1067 TEST(MemorySanitizer, gethostbyname_r_erange) {
1068 char buf[5];
1069 struct hostent he;
1070 struct hostent *result;
1071 int err;
1072 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err);
1073 ASSERT_EQ(ERANGE, res);
1074 EXPECT_NOT_POISONED(err);
1075 }
1076
TEST(MemorySanitizer,gethostbyname2_r)1077 TEST(MemorySanitizer, gethostbyname2_r) {
1078 char buf[2000];
1079 struct hostent he;
1080 struct hostent *result;
1081 int err;
1082 int res = gethostbyname2_r("localhost", AF_INET, &he, buf, sizeof(buf),
1083 &result, &err);
1084 ASSERT_EQ(0, res);
1085 EXPECT_NOT_POISONED(result);
1086 ASSERT_NE((void *)NULL, result);
1087 EXPECT_HOSTENT_NOT_POISONED(result);
1088 EXPECT_NOT_POISONED(err);
1089 }
1090
TEST(MemorySanitizer,gethostbyaddr_r)1091 TEST(MemorySanitizer, gethostbyaddr_r) {
1092 char buf[2000];
1093 struct hostent he;
1094 struct hostent *result;
1095 int err;
1096 in_addr_t addr = inet_addr("127.0.0.1");
1097 EXPECT_NOT_POISONED(addr);
1098 int res = gethostbyaddr_r(&addr, sizeof(addr), AF_INET, &he, buf, sizeof(buf),
1099 &result, &err);
1100 ASSERT_EQ(0, res);
1101 EXPECT_NOT_POISONED(result);
1102 ASSERT_NE((void *)NULL, result);
1103 EXPECT_HOSTENT_NOT_POISONED(result);
1104 EXPECT_NOT_POISONED(err);
1105 }
1106
TEST(MemorySanitizer,getsockopt)1107 TEST(MemorySanitizer, getsockopt) {
1108 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
1109 struct linger l[2];
1110 socklen_t sz = sizeof(l[0]);
1111 int res = getsockopt(sock, SOL_SOCKET, SO_LINGER, &l[0], &sz);
1112 ASSERT_EQ(0, res);
1113 ASSERT_EQ(sizeof(l[0]), sz);
1114 EXPECT_NOT_POISONED(l[0]);
1115 EXPECT_POISONED(*(char *)(l + 1));
1116 }
1117
TEST(MemorySanitizer,getcwd)1118 TEST(MemorySanitizer, getcwd) {
1119 char path[PATH_MAX + 1];
1120 char* res = getcwd(path, sizeof(path));
1121 ASSERT_TRUE(res != NULL);
1122 EXPECT_NOT_POISONED(path[0]);
1123 }
1124
TEST(MemorySanitizer,getcwd_gnu)1125 TEST(MemorySanitizer, getcwd_gnu) {
1126 char* res = getcwd(NULL, 0);
1127 ASSERT_TRUE(res != NULL);
1128 EXPECT_NOT_POISONED(res[0]);
1129 free(res);
1130 }
1131
TEST(MemorySanitizer,get_current_dir_name)1132 TEST(MemorySanitizer, get_current_dir_name) {
1133 char* res = get_current_dir_name();
1134 ASSERT_TRUE(res != NULL);
1135 EXPECT_NOT_POISONED(res[0]);
1136 free(res);
1137 }
1138
TEST(MemorySanitizer,shmctl)1139 TEST(MemorySanitizer, shmctl) {
1140 int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT);
1141 ASSERT_GT(id, -1);
1142
1143 struct shmid_ds ds;
1144 int res = shmctl(id, IPC_STAT, &ds);
1145 ASSERT_GT(res, -1);
1146 EXPECT_NOT_POISONED(ds);
1147
1148 struct shminfo si;
1149 res = shmctl(id, IPC_INFO, (struct shmid_ds *)&si);
1150 ASSERT_GT(res, -1);
1151 EXPECT_NOT_POISONED(si);
1152
1153 struct shm_info s_i;
1154 res = shmctl(id, SHM_INFO, (struct shmid_ds *)&s_i);
1155 ASSERT_GT(res, -1);
1156 EXPECT_NOT_POISONED(s_i);
1157
1158 res = shmctl(id, IPC_RMID, 0);
1159 ASSERT_GT(res, -1);
1160 }
1161
TEST(MemorySanitizer,shmat)1162 TEST(MemorySanitizer, shmat) {
1163 void *p = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
1164 MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
1165 ASSERT_NE(MAP_FAILED, p);
1166
1167 ((char *)p)[10] = *GetPoisoned<U1>();
1168 ((char *)p)[4095] = *GetPoisoned<U1>();
1169
1170 int res = munmap(p, 4096);
1171 ASSERT_EQ(0, res);
1172
1173 int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT);
1174 ASSERT_GT(id, -1);
1175
1176 void *q = shmat(id, p, 0);
1177 ASSERT_EQ(p, q);
1178
1179 EXPECT_NOT_POISONED(((char *)q)[0]);
1180 EXPECT_NOT_POISONED(((char *)q)[10]);
1181 EXPECT_NOT_POISONED(((char *)q)[4095]);
1182
1183 res = shmdt(q);
1184 ASSERT_EQ(0, res);
1185
1186 res = shmctl(id, IPC_RMID, 0);
1187 ASSERT_GT(res, -1);
1188 }
1189
TEST(MemorySanitizer,random_r)1190 TEST(MemorySanitizer, random_r) {
1191 int32_t x;
1192 char z[64];
1193 memset(z, 0, sizeof(z));
1194
1195 struct random_data buf;
1196 memset(&buf, 0, sizeof(buf));
1197
1198 int res = initstate_r(0, z, sizeof(z), &buf);
1199 ASSERT_EQ(0, res);
1200
1201 res = random_r(&buf, &x);
1202 ASSERT_EQ(0, res);
1203 EXPECT_NOT_POISONED(x);
1204 }
1205
TEST(MemorySanitizer,confstr)1206 TEST(MemorySanitizer, confstr) {
1207 char buf[3];
1208 size_t res = confstr(_CS_PATH, buf, sizeof(buf));
1209 ASSERT_GT(res, sizeof(buf));
1210 EXPECT_NOT_POISONED(buf[0]);
1211 EXPECT_NOT_POISONED(buf[sizeof(buf) - 1]);
1212
1213 char buf2[1000];
1214 res = confstr(_CS_PATH, buf2, sizeof(buf2));
1215 ASSERT_LT(res, sizeof(buf2));
1216 EXPECT_NOT_POISONED(buf2[0]);
1217 EXPECT_NOT_POISONED(buf2[res - 1]);
1218 EXPECT_POISONED(buf2[res]);
1219 ASSERT_EQ(res, strlen(buf2) + 1);
1220 }
1221
TEST(MemorySanitizer,readdir)1222 TEST(MemorySanitizer, readdir) {
1223 DIR *dir = opendir(".");
1224 struct dirent *d = readdir(dir);
1225 ASSERT_TRUE(d != NULL);
1226 EXPECT_NOT_POISONED(d->d_name[0]);
1227 closedir(dir);
1228 }
1229
TEST(MemorySanitizer,readdir_r)1230 TEST(MemorySanitizer, readdir_r) {
1231 DIR *dir = opendir(".");
1232 struct dirent d;
1233 struct dirent *pd;
1234 int res = readdir_r(dir, &d, &pd);
1235 ASSERT_EQ(0, res);
1236 EXPECT_NOT_POISONED(pd);
1237 EXPECT_NOT_POISONED(d.d_name[0]);
1238 closedir(dir);
1239 }
1240
TEST(MemorySanitizer,realpath)1241 TEST(MemorySanitizer, realpath) {
1242 const char* relpath = ".";
1243 char path[PATH_MAX + 1];
1244 char* res = realpath(relpath, path);
1245 ASSERT_TRUE(res != NULL);
1246 EXPECT_NOT_POISONED(path[0]);
1247 }
1248
TEST(MemorySanitizer,realpath_null)1249 TEST(MemorySanitizer, realpath_null) {
1250 const char* relpath = ".";
1251 char* res = realpath(relpath, NULL);
1252 printf("%d, %s\n", errno, strerror(errno));
1253 ASSERT_TRUE(res != NULL);
1254 EXPECT_NOT_POISONED(res[0]);
1255 free(res);
1256 }
1257
TEST(MemorySanitizer,canonicalize_file_name)1258 TEST(MemorySanitizer, canonicalize_file_name) {
1259 const char* relpath = ".";
1260 char* res = canonicalize_file_name(relpath);
1261 ASSERT_TRUE(res != NULL);
1262 EXPECT_NOT_POISONED(res[0]);
1263 free(res);
1264 }
1265
1266 extern char **environ;
1267
TEST(MemorySanitizer,setenv)1268 TEST(MemorySanitizer, setenv) {
1269 setenv("AAA", "BBB", 1);
1270 for (char **envp = environ; *envp; ++envp) {
1271 EXPECT_NOT_POISONED(*envp);
1272 EXPECT_NOT_POISONED(*envp[0]);
1273 }
1274 }
1275
TEST(MemorySanitizer,putenv)1276 TEST(MemorySanitizer, putenv) {
1277 char s[] = "AAA=BBB";
1278 putenv(s);
1279 for (char **envp = environ; *envp; ++envp) {
1280 EXPECT_NOT_POISONED(*envp);
1281 EXPECT_NOT_POISONED(*envp[0]);
1282 }
1283 }
1284
TEST(MemorySanitizer,memcpy)1285 TEST(MemorySanitizer, memcpy) {
1286 char* x = new char[2];
1287 char* y = new char[2];
1288 x[0] = 1;
1289 x[1] = *GetPoisoned<char>();
1290 memcpy(y, x, 2);
1291 EXPECT_NOT_POISONED(y[0]);
1292 EXPECT_POISONED(y[1]);
1293 }
1294
TestUnalignedMemcpy(unsigned left,unsigned right,bool src_is_aligned,bool src_is_poisoned,bool dst_is_poisoned)1295 void TestUnalignedMemcpy(unsigned left, unsigned right, bool src_is_aligned,
1296 bool src_is_poisoned, bool dst_is_poisoned) {
1297 fprintf(stderr, "%s(%d, %d, %d, %d, %d)\n", __func__, left, right,
1298 src_is_aligned, src_is_poisoned, dst_is_poisoned);
1299
1300 const unsigned sz = 20;
1301 U4 dst_origin, src_origin;
1302 char *dst = (char *)malloc(sz);
1303 if (dst_is_poisoned)
1304 dst_origin = __msan_get_origin(dst);
1305 else
1306 memset(dst, 0, sz);
1307
1308 char *src = (char *)malloc(sz);
1309 if (src_is_poisoned)
1310 src_origin = __msan_get_origin(src);
1311 else
1312 memset(src, 0, sz);
1313
1314 memcpy(dst + left, src_is_aligned ? src + left : src, sz - left - right);
1315
1316 for (unsigned i = 0; i < (left & (~3U)); ++i)
1317 if (dst_is_poisoned)
1318 EXPECT_POISONED_O(dst[i], dst_origin);
1319 else
1320 EXPECT_NOT_POISONED(dst[i]);
1321
1322 for (unsigned i = 0; i < (right & (~3U)); ++i)
1323 if (dst_is_poisoned)
1324 EXPECT_POISONED_O(dst[sz - i - 1], dst_origin);
1325 else
1326 EXPECT_NOT_POISONED(dst[sz - i - 1]);
1327
1328 for (unsigned i = left; i < sz - right; ++i)
1329 if (src_is_poisoned)
1330 EXPECT_POISONED_O(dst[i], src_origin);
1331 else
1332 EXPECT_NOT_POISONED(dst[i]);
1333
1334 free(dst);
1335 free(src);
1336 }
1337
TEST(MemorySanitizer,memcpy_unaligned)1338 TEST(MemorySanitizer, memcpy_unaligned) {
1339 for (int i = 0; i < 10; ++i)
1340 for (int j = 0; j < 10; ++j)
1341 for (int aligned = 0; aligned < 2; ++aligned)
1342 for (int srcp = 0; srcp < 2; ++srcp)
1343 for (int dstp = 0; dstp < 2; ++dstp)
1344 TestUnalignedMemcpy(i, j, aligned, srcp, dstp);
1345 }
1346
TEST(MemorySanitizer,memmove)1347 TEST(MemorySanitizer, memmove) {
1348 char* x = new char[2];
1349 char* y = new char[2];
1350 x[0] = 1;
1351 x[1] = *GetPoisoned<char>();
1352 memmove(y, x, 2);
1353 EXPECT_NOT_POISONED(y[0]);
1354 EXPECT_POISONED(y[1]);
1355 }
1356
TEST(MemorySanitizer,memccpy_nomatch)1357 TEST(MemorySanitizer, memccpy_nomatch) {
1358 char* x = new char[5];
1359 char* y = new char[5];
1360 strcpy(x, "abc");
1361 memccpy(y, x, 'd', 4);
1362 EXPECT_NOT_POISONED(y[0]);
1363 EXPECT_NOT_POISONED(y[1]);
1364 EXPECT_NOT_POISONED(y[2]);
1365 EXPECT_NOT_POISONED(y[3]);
1366 EXPECT_POISONED(y[4]);
1367 delete[] x;
1368 delete[] y;
1369 }
1370
TEST(MemorySanitizer,memccpy_match)1371 TEST(MemorySanitizer, memccpy_match) {
1372 char* x = new char[5];
1373 char* y = new char[5];
1374 strcpy(x, "abc");
1375 memccpy(y, x, 'b', 4);
1376 EXPECT_NOT_POISONED(y[0]);
1377 EXPECT_NOT_POISONED(y[1]);
1378 EXPECT_POISONED(y[2]);
1379 EXPECT_POISONED(y[3]);
1380 EXPECT_POISONED(y[4]);
1381 delete[] x;
1382 delete[] y;
1383 }
1384
TEST(MemorySanitizer,memccpy_nomatch_positive)1385 TEST(MemorySanitizer, memccpy_nomatch_positive) {
1386 char* x = new char[5];
1387 char* y = new char[5];
1388 strcpy(x, "abc");
1389 EXPECT_UMR(memccpy(y, x, 'd', 5));
1390 delete[] x;
1391 delete[] y;
1392 }
1393
TEST(MemorySanitizer,memccpy_match_positive)1394 TEST(MemorySanitizer, memccpy_match_positive) {
1395 char* x = new char[5];
1396 char* y = new char[5];
1397 x[0] = 'a';
1398 x[2] = 'b';
1399 EXPECT_UMR(memccpy(y, x, 'b', 5));
1400 delete[] x;
1401 delete[] y;
1402 }
1403
TEST(MemorySanitizer,bcopy)1404 TEST(MemorySanitizer, bcopy) {
1405 char* x = new char[2];
1406 char* y = new char[2];
1407 x[0] = 1;
1408 x[1] = *GetPoisoned<char>();
1409 bcopy(x, y, 2);
1410 EXPECT_NOT_POISONED(y[0]);
1411 EXPECT_POISONED(y[1]);
1412 }
1413
TEST(MemorySanitizer,strdup)1414 TEST(MemorySanitizer, strdup) {
1415 char buf[4] = "abc";
1416 __msan_poison(buf + 2, sizeof(*buf));
1417 char *x = strdup(buf);
1418 EXPECT_NOT_POISONED(x[0]);
1419 EXPECT_NOT_POISONED(x[1]);
1420 EXPECT_POISONED(x[2]);
1421 EXPECT_NOT_POISONED(x[3]);
1422 free(x);
1423 }
1424
TEST(MemorySanitizer,strndup)1425 TEST(MemorySanitizer, strndup) {
1426 char buf[4] = "abc";
1427 __msan_poison(buf + 2, sizeof(*buf));
1428 char *x = strndup(buf, 3);
1429 EXPECT_NOT_POISONED(x[0]);
1430 EXPECT_NOT_POISONED(x[1]);
1431 EXPECT_POISONED(x[2]);
1432 EXPECT_NOT_POISONED(x[3]);
1433 free(x);
1434 }
1435
TEST(MemorySanitizer,strndup_short)1436 TEST(MemorySanitizer, strndup_short) {
1437 char buf[4] = "abc";
1438 __msan_poison(buf + 1, sizeof(*buf));
1439 __msan_poison(buf + 2, sizeof(*buf));
1440 char *x = strndup(buf, 2);
1441 EXPECT_NOT_POISONED(x[0]);
1442 EXPECT_POISONED(x[1]);
1443 EXPECT_NOT_POISONED(x[2]);
1444 free(x);
1445 }
1446
1447
1448 template<class T, int size>
TestOverlapMemmove()1449 void TestOverlapMemmove() {
1450 T *x = new T[size];
1451 ASSERT_GE(size, 3);
1452 x[2] = 0;
1453 memmove(x, x + 1, (size - 1) * sizeof(T));
1454 EXPECT_NOT_POISONED(x[1]);
1455 if (!__msan_has_dynamic_component()) {
1456 // FIXME: under DR we will lose this information
1457 // because accesses in memmove will unpoisin the shadow.
1458 // We need to use our own memove implementation instead of libc's.
1459 EXPECT_POISONED(x[0]);
1460 EXPECT_POISONED(x[2]);
1461 }
1462 delete [] x;
1463 }
1464
TEST(MemorySanitizer,overlap_memmove)1465 TEST(MemorySanitizer, overlap_memmove) {
1466 TestOverlapMemmove<U1, 10>();
1467 TestOverlapMemmove<U1, 1000>();
1468 TestOverlapMemmove<U8, 4>();
1469 TestOverlapMemmove<U8, 1000>();
1470 }
1471
TEST(MemorySanitizer,strcpy)1472 TEST(MemorySanitizer, strcpy) { // NOLINT
1473 char* x = new char[3];
1474 char* y = new char[3];
1475 x[0] = 'a';
1476 x[1] = *GetPoisoned<char>(1, 1);
1477 x[2] = 0;
1478 strcpy(y, x); // NOLINT
1479 EXPECT_NOT_POISONED(y[0]);
1480 EXPECT_POISONED(y[1]);
1481 EXPECT_NOT_POISONED(y[2]);
1482 }
1483
TEST(MemorySanitizer,strncpy)1484 TEST(MemorySanitizer, strncpy) { // NOLINT
1485 char* x = new char[3];
1486 char* y = new char[3];
1487 x[0] = 'a';
1488 x[1] = *GetPoisoned<char>(1, 1);
1489 x[2] = 0;
1490 strncpy(y, x, 2); // NOLINT
1491 EXPECT_NOT_POISONED(y[0]);
1492 EXPECT_POISONED(y[1]);
1493 EXPECT_POISONED(y[2]);
1494 }
1495
TEST(MemorySanitizer,stpcpy)1496 TEST(MemorySanitizer, stpcpy) { // NOLINT
1497 char* x = new char[3];
1498 char* y = new char[3];
1499 x[0] = 'a';
1500 x[1] = *GetPoisoned<char>(1, 1);
1501 x[2] = 0;
1502 char *res = stpcpy(y, x); // NOLINT
1503 ASSERT_EQ(res, y + 2);
1504 EXPECT_NOT_POISONED(y[0]);
1505 EXPECT_POISONED(y[1]);
1506 EXPECT_NOT_POISONED(y[2]);
1507 }
1508
TEST(MemorySanitizer,strcat)1509 TEST(MemorySanitizer, strcat) { // NOLINT
1510 char a[10];
1511 char b[] = "def";
1512 strcpy(a, "abc");
1513 __msan_poison(b + 1, 1);
1514 strcat(a, b);
1515 EXPECT_NOT_POISONED(a[3]);
1516 EXPECT_POISONED(a[4]);
1517 EXPECT_NOT_POISONED(a[5]);
1518 EXPECT_NOT_POISONED(a[6]);
1519 EXPECT_POISONED(a[7]);
1520 }
1521
TEST(MemorySanitizer,strncat)1522 TEST(MemorySanitizer, strncat) { // NOLINT
1523 char a[10];
1524 char b[] = "def";
1525 strcpy(a, "abc");
1526 __msan_poison(b + 1, 1);
1527 strncat(a, b, 5);
1528 EXPECT_NOT_POISONED(a[3]);
1529 EXPECT_POISONED(a[4]);
1530 EXPECT_NOT_POISONED(a[5]);
1531 EXPECT_NOT_POISONED(a[6]);
1532 EXPECT_POISONED(a[7]);
1533 }
1534
TEST(MemorySanitizer,strncat_overflow)1535 TEST(MemorySanitizer, strncat_overflow) { // NOLINT
1536 char a[10];
1537 char b[] = "def";
1538 strcpy(a, "abc");
1539 __msan_poison(b + 1, 1);
1540 strncat(a, b, 2);
1541 EXPECT_NOT_POISONED(a[3]);
1542 EXPECT_POISONED(a[4]);
1543 EXPECT_NOT_POISONED(a[5]);
1544 EXPECT_POISONED(a[6]);
1545 EXPECT_POISONED(a[7]);
1546 }
1547
1548 #define TEST_STRTO_INT(func_name) \
1549 TEST(MemorySanitizer, func_name) { \
1550 char *e; \
1551 EXPECT_EQ(1U, func_name("1", &e, 10)); \
1552 EXPECT_NOT_POISONED((S8)e); \
1553 }
1554
1555 #define TEST_STRTO_FLOAT(func_name) \
1556 TEST(MemorySanitizer, func_name) { \
1557 char *e; \
1558 EXPECT_NE(0, func_name("1.5", &e)); \
1559 EXPECT_NOT_POISONED((S8)e); \
1560 }
1561
1562 #define TEST_STRTO_FLOAT_LOC(func_name) \
1563 TEST(MemorySanitizer, func_name) { \
1564 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \
1565 char *e; \
1566 EXPECT_NE(0, func_name("1.5", &e, loc)); \
1567 EXPECT_NOT_POISONED((S8)e); \
1568 freelocale(loc); \
1569 }
1570
1571 #define TEST_STRTO_INT_LOC(func_name) \
1572 TEST(MemorySanitizer, func_name) { \
1573 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \
1574 char *e; \
1575 ASSERT_EQ(1U, func_name("1", &e, 10, loc)); \
1576 EXPECT_NOT_POISONED((S8)e); \
1577 freelocale(loc); \
1578 }
1579
1580 TEST_STRTO_INT(strtol)
TEST_STRTO_INT(strtoll)1581 TEST_STRTO_INT(strtoll)
1582 TEST_STRTO_INT(strtoul)
1583 TEST_STRTO_INT(strtoull)
1584
1585 TEST_STRTO_FLOAT(strtof)
1586 TEST_STRTO_FLOAT(strtod)
1587 TEST_STRTO_FLOAT(strtold)
1588
1589 TEST_STRTO_FLOAT_LOC(strtof_l)
1590 TEST_STRTO_FLOAT_LOC(strtod_l)
1591 TEST_STRTO_FLOAT_LOC(strtold_l)
1592
1593 TEST_STRTO_INT_LOC(strtol_l)
1594 TEST_STRTO_INT_LOC(strtoll_l)
1595 TEST_STRTO_INT_LOC(strtoul_l)
1596 TEST_STRTO_INT_LOC(strtoull_l)
1597
1598 TEST(MemorySanitizer, strtoimax) {
1599 char *e;
1600 ASSERT_EQ(1, strtoimax("1", &e, 10));
1601 EXPECT_NOT_POISONED((S8) e);
1602 }
1603
TEST(MemorySanitizer,strtoumax)1604 TEST(MemorySanitizer, strtoumax) {
1605 char *e;
1606 ASSERT_EQ(1U, strtoumax("1", &e, 10));
1607 EXPECT_NOT_POISONED((S8) e);
1608 }
1609
1610 #ifdef __GLIBC__
1611 extern "C" float __strtof_l(const char *nptr, char **endptr, locale_t loc);
1612 TEST_STRTO_FLOAT_LOC(__strtof_l)
1613 extern "C" double __strtod_l(const char *nptr, char **endptr, locale_t loc);
1614 TEST_STRTO_FLOAT_LOC(__strtod_l)
1615 extern "C" long double __strtold_l(const char *nptr, char **endptr,
1616 locale_t loc);
1617 TEST_STRTO_FLOAT_LOC(__strtold_l)
1618 #endif // __GLIBC__
1619
TEST(MemorySanitizer,modf)1620 TEST(MemorySanitizer, modf) {
1621 double x, y;
1622 x = modf(2.1, &y);
1623 EXPECT_NOT_POISONED(y);
1624 }
1625
TEST(MemorySanitizer,modff)1626 TEST(MemorySanitizer, modff) {
1627 float x, y;
1628 x = modff(2.1, &y);
1629 EXPECT_NOT_POISONED(y);
1630 }
1631
TEST(MemorySanitizer,modfl)1632 TEST(MemorySanitizer, modfl) {
1633 long double x, y;
1634 x = modfl(2.1, &y);
1635 EXPECT_NOT_POISONED(y);
1636 }
1637
TEST(MemorySanitizer,sincos)1638 TEST(MemorySanitizer, sincos) {
1639 double s, c;
1640 sincos(0.2, &s, &c);
1641 EXPECT_NOT_POISONED(s);
1642 EXPECT_NOT_POISONED(c);
1643 }
1644
TEST(MemorySanitizer,sincosf)1645 TEST(MemorySanitizer, sincosf) {
1646 float s, c;
1647 sincosf(0.2, &s, &c);
1648 EXPECT_NOT_POISONED(s);
1649 EXPECT_NOT_POISONED(c);
1650 }
1651
TEST(MemorySanitizer,sincosl)1652 TEST(MemorySanitizer, sincosl) {
1653 long double s, c;
1654 sincosl(0.2, &s, &c);
1655 EXPECT_NOT_POISONED(s);
1656 EXPECT_NOT_POISONED(c);
1657 }
1658
TEST(MemorySanitizer,remquo)1659 TEST(MemorySanitizer, remquo) {
1660 int quo;
1661 double res = remquo(29.0, 3.0, &quo);
1662 ASSERT_NE(0.0, res);
1663 EXPECT_NOT_POISONED(quo);
1664 }
1665
TEST(MemorySanitizer,remquof)1666 TEST(MemorySanitizer, remquof) {
1667 int quo;
1668 float res = remquof(29.0, 3.0, &quo);
1669 ASSERT_NE(0.0, res);
1670 EXPECT_NOT_POISONED(quo);
1671 }
1672
TEST(MemorySanitizer,remquol)1673 TEST(MemorySanitizer, remquol) {
1674 int quo;
1675 long double res = remquof(29.0, 3.0, &quo);
1676 ASSERT_NE(0.0, res);
1677 EXPECT_NOT_POISONED(quo);
1678 }
1679
TEST(MemorySanitizer,lgamma)1680 TEST(MemorySanitizer, lgamma) {
1681 double res = lgamma(1.1);
1682 ASSERT_NE(0.0, res);
1683 EXPECT_NOT_POISONED(signgam);
1684 }
1685
TEST(MemorySanitizer,lgammaf)1686 TEST(MemorySanitizer, lgammaf) {
1687 float res = lgammaf(1.1);
1688 ASSERT_NE(0.0, res);
1689 EXPECT_NOT_POISONED(signgam);
1690 }
1691
TEST(MemorySanitizer,lgammal)1692 TEST(MemorySanitizer, lgammal) {
1693 long double res = lgammal(1.1);
1694 ASSERT_NE(0.0, res);
1695 EXPECT_NOT_POISONED(signgam);
1696 }
1697
TEST(MemorySanitizer,lgamma_r)1698 TEST(MemorySanitizer, lgamma_r) {
1699 int sgn;
1700 double res = lgamma_r(1.1, &sgn);
1701 ASSERT_NE(0.0, res);
1702 EXPECT_NOT_POISONED(sgn);
1703 }
1704
TEST(MemorySanitizer,lgammaf_r)1705 TEST(MemorySanitizer, lgammaf_r) {
1706 int sgn;
1707 float res = lgammaf_r(1.1, &sgn);
1708 ASSERT_NE(0.0, res);
1709 EXPECT_NOT_POISONED(sgn);
1710 }
1711
TEST(MemorySanitizer,lgammal_r)1712 TEST(MemorySanitizer, lgammal_r) {
1713 int sgn;
1714 long double res = lgammal_r(1.1, &sgn);
1715 ASSERT_NE(0.0, res);
1716 EXPECT_NOT_POISONED(sgn);
1717 }
1718
TEST(MemorySanitizer,drand48_r)1719 TEST(MemorySanitizer, drand48_r) {
1720 struct drand48_data buf;
1721 srand48_r(0, &buf);
1722 double d;
1723 drand48_r(&buf, &d);
1724 EXPECT_NOT_POISONED(d);
1725 }
1726
TEST(MemorySanitizer,lrand48_r)1727 TEST(MemorySanitizer, lrand48_r) {
1728 struct drand48_data buf;
1729 srand48_r(0, &buf);
1730 long d;
1731 lrand48_r(&buf, &d);
1732 EXPECT_NOT_POISONED(d);
1733 }
1734
TEST(MemorySanitizer,sprintf)1735 TEST(MemorySanitizer, sprintf) { // NOLINT
1736 char buff[10];
1737 break_optimization(buff);
1738 EXPECT_POISONED(buff[0]);
1739 int res = sprintf(buff, "%d", 1234567); // NOLINT
1740 ASSERT_EQ(res, 7);
1741 ASSERT_EQ(buff[0], '1');
1742 ASSERT_EQ(buff[1], '2');
1743 ASSERT_EQ(buff[2], '3');
1744 ASSERT_EQ(buff[6], '7');
1745 ASSERT_EQ(buff[7], 0);
1746 EXPECT_POISONED(buff[8]);
1747 }
1748
TEST(MemorySanitizer,snprintf)1749 TEST(MemorySanitizer, snprintf) {
1750 char buff[10];
1751 break_optimization(buff);
1752 EXPECT_POISONED(buff[0]);
1753 int res = snprintf(buff, sizeof(buff), "%d", 1234567);
1754 ASSERT_EQ(res, 7);
1755 ASSERT_EQ(buff[0], '1');
1756 ASSERT_EQ(buff[1], '2');
1757 ASSERT_EQ(buff[2], '3');
1758 ASSERT_EQ(buff[6], '7');
1759 ASSERT_EQ(buff[7], 0);
1760 EXPECT_POISONED(buff[8]);
1761 }
1762
TEST(MemorySanitizer,swprintf)1763 TEST(MemorySanitizer, swprintf) {
1764 wchar_t buff[10];
1765 ASSERT_EQ(4U, sizeof(wchar_t));
1766 break_optimization(buff);
1767 EXPECT_POISONED(buff[0]);
1768 int res = swprintf(buff, 9, L"%d", 1234567);
1769 ASSERT_EQ(res, 7);
1770 ASSERT_EQ(buff[0], '1');
1771 ASSERT_EQ(buff[1], '2');
1772 ASSERT_EQ(buff[2], '3');
1773 ASSERT_EQ(buff[6], '7');
1774 ASSERT_EQ(buff[7], 0);
1775 EXPECT_POISONED(buff[8]);
1776 }
1777
TEST(MemorySanitizer,asprintf)1778 TEST(MemorySanitizer, asprintf) { // NOLINT
1779 char *pbuf;
1780 EXPECT_POISONED(pbuf);
1781 int res = asprintf(&pbuf, "%d", 1234567); // NOLINT
1782 ASSERT_EQ(res, 7);
1783 EXPECT_NOT_POISONED(pbuf);
1784 ASSERT_EQ(pbuf[0], '1');
1785 ASSERT_EQ(pbuf[1], '2');
1786 ASSERT_EQ(pbuf[2], '3');
1787 ASSERT_EQ(pbuf[6], '7');
1788 ASSERT_EQ(pbuf[7], 0);
1789 free(pbuf);
1790 }
1791
TEST(MemorySanitizer,mbstowcs)1792 TEST(MemorySanitizer, mbstowcs) {
1793 const char *x = "abc";
1794 wchar_t buff[10];
1795 int res = mbstowcs(buff, x, 2);
1796 EXPECT_EQ(2, res);
1797 EXPECT_EQ(L'a', buff[0]);
1798 EXPECT_EQ(L'b', buff[1]);
1799 EXPECT_POISONED(buff[2]);
1800 res = mbstowcs(buff, x, 10);
1801 EXPECT_EQ(3, res);
1802 EXPECT_NOT_POISONED(buff[3]);
1803 }
1804
TEST(MemorySanitizer,wcstombs)1805 TEST(MemorySanitizer, wcstombs) {
1806 const wchar_t *x = L"abc";
1807 char buff[10];
1808 int res = wcstombs(buff, x, 4);
1809 EXPECT_EQ(res, 3);
1810 EXPECT_EQ(buff[0], 'a');
1811 EXPECT_EQ(buff[1], 'b');
1812 EXPECT_EQ(buff[2], 'c');
1813 }
1814
TEST(MemorySanitizer,wcsrtombs)1815 TEST(MemorySanitizer, wcsrtombs) {
1816 const wchar_t *x = L"abc";
1817 const wchar_t *p = x;
1818 char buff[10];
1819 mbstate_t mbs;
1820 memset(&mbs, 0, sizeof(mbs));
1821 int res = wcsrtombs(buff, &p, 4, &mbs);
1822 EXPECT_EQ(res, 3);
1823 EXPECT_EQ(buff[0], 'a');
1824 EXPECT_EQ(buff[1], 'b');
1825 EXPECT_EQ(buff[2], 'c');
1826 EXPECT_EQ(buff[3], '\0');
1827 EXPECT_POISONED(buff[4]);
1828 }
1829
TEST(MemorySanitizer,wcsnrtombs)1830 TEST(MemorySanitizer, wcsnrtombs) {
1831 const wchar_t *x = L"abc";
1832 const wchar_t *p = x;
1833 char buff[10];
1834 mbstate_t mbs;
1835 memset(&mbs, 0, sizeof(mbs));
1836 int res = wcsnrtombs(buff, &p, 2, 4, &mbs);
1837 EXPECT_EQ(res, 2);
1838 EXPECT_EQ(buff[0], 'a');
1839 EXPECT_EQ(buff[1], 'b');
1840 EXPECT_POISONED(buff[2]);
1841 }
1842
TEST(MemorySanitizer,mbtowc)1843 TEST(MemorySanitizer, mbtowc) {
1844 const char *x = "abc";
1845 wchar_t wx;
1846 int res = mbtowc(&wx, x, 3);
1847 EXPECT_GT(res, 0);
1848 EXPECT_NOT_POISONED(wx);
1849 }
1850
TEST(MemorySanitizer,mbrtowc)1851 TEST(MemorySanitizer, mbrtowc) {
1852 const char *x = "abc";
1853 wchar_t wx;
1854 mbstate_t mbs;
1855 memset(&mbs, 0, sizeof(mbs));
1856 int res = mbrtowc(&wx, x, 3, &mbs);
1857 EXPECT_GT(res, 0);
1858 EXPECT_NOT_POISONED(wx);
1859 }
1860
TEST(MemorySanitizer,wcsftime)1861 TEST(MemorySanitizer, wcsftime) {
1862 wchar_t x[100];
1863 time_t t = time(NULL);
1864 struct tm tms;
1865 struct tm *tmres = localtime_r(&t, &tms);
1866 ASSERT_NE((void *)0, tmres);
1867 size_t res = wcsftime(x, sizeof(x) / sizeof(x[0]), L"%Y-%m-%d", tmres);
1868 EXPECT_GT(res, 0UL);
1869 EXPECT_EQ(res, wcslen(x));
1870 }
1871
TEST(MemorySanitizer,gettimeofday)1872 TEST(MemorySanitizer, gettimeofday) {
1873 struct timeval tv;
1874 struct timezone tz;
1875 break_optimization(&tv);
1876 break_optimization(&tz);
1877 ASSERT_EQ(16U, sizeof(tv));
1878 ASSERT_EQ(8U, sizeof(tz));
1879 EXPECT_POISONED(tv.tv_sec);
1880 EXPECT_POISONED(tv.tv_usec);
1881 EXPECT_POISONED(tz.tz_minuteswest);
1882 EXPECT_POISONED(tz.tz_dsttime);
1883 ASSERT_EQ(0, gettimeofday(&tv, &tz));
1884 EXPECT_NOT_POISONED(tv.tv_sec);
1885 EXPECT_NOT_POISONED(tv.tv_usec);
1886 EXPECT_NOT_POISONED(tz.tz_minuteswest);
1887 EXPECT_NOT_POISONED(tz.tz_dsttime);
1888 }
1889
TEST(MemorySanitizer,clock_gettime)1890 TEST(MemorySanitizer, clock_gettime) {
1891 struct timespec tp;
1892 EXPECT_POISONED(tp.tv_sec);
1893 EXPECT_POISONED(tp.tv_nsec);
1894 ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
1895 EXPECT_NOT_POISONED(tp.tv_sec);
1896 EXPECT_NOT_POISONED(tp.tv_nsec);
1897 }
1898
TEST(MemorySanitizer,clock_getres)1899 TEST(MemorySanitizer, clock_getres) {
1900 struct timespec tp;
1901 EXPECT_POISONED(tp.tv_sec);
1902 EXPECT_POISONED(tp.tv_nsec);
1903 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, 0));
1904 EXPECT_POISONED(tp.tv_sec);
1905 EXPECT_POISONED(tp.tv_nsec);
1906 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, &tp));
1907 EXPECT_NOT_POISONED(tp.tv_sec);
1908 EXPECT_NOT_POISONED(tp.tv_nsec);
1909 }
1910
TEST(MemorySanitizer,getitimer)1911 TEST(MemorySanitizer, getitimer) {
1912 struct itimerval it1, it2;
1913 int res;
1914 EXPECT_POISONED(it1.it_interval.tv_sec);
1915 EXPECT_POISONED(it1.it_interval.tv_usec);
1916 EXPECT_POISONED(it1.it_value.tv_sec);
1917 EXPECT_POISONED(it1.it_value.tv_usec);
1918 res = getitimer(ITIMER_VIRTUAL, &it1);
1919 ASSERT_EQ(0, res);
1920 EXPECT_NOT_POISONED(it1.it_interval.tv_sec);
1921 EXPECT_NOT_POISONED(it1.it_interval.tv_usec);
1922 EXPECT_NOT_POISONED(it1.it_value.tv_sec);
1923 EXPECT_NOT_POISONED(it1.it_value.tv_usec);
1924
1925 it1.it_interval.tv_sec = it1.it_value.tv_sec = 10000;
1926 it1.it_interval.tv_usec = it1.it_value.tv_usec = 0;
1927
1928 res = setitimer(ITIMER_VIRTUAL, &it1, &it2);
1929 ASSERT_EQ(0, res);
1930 EXPECT_NOT_POISONED(it2.it_interval.tv_sec);
1931 EXPECT_NOT_POISONED(it2.it_interval.tv_usec);
1932 EXPECT_NOT_POISONED(it2.it_value.tv_sec);
1933 EXPECT_NOT_POISONED(it2.it_value.tv_usec);
1934
1935 // Check that old_value can be 0, and disable the timer.
1936 memset(&it1, 0, sizeof(it1));
1937 res = setitimer(ITIMER_VIRTUAL, &it1, 0);
1938 ASSERT_EQ(0, res);
1939 }
1940
TEST(MemorySanitizer,setitimer_null)1941 TEST(MemorySanitizer, setitimer_null) {
1942 setitimer(ITIMER_VIRTUAL, 0, 0);
1943 // Not testing the return value, since it the behaviour seems to differ
1944 // between libc implementations and POSIX.
1945 // Should never crash, though.
1946 }
1947
TEST(MemorySanitizer,time)1948 TEST(MemorySanitizer, time) {
1949 time_t t;
1950 EXPECT_POISONED(t);
1951 time_t t2 = time(&t);
1952 ASSERT_NE(t2, (time_t)-1);
1953 EXPECT_NOT_POISONED(t);
1954 }
1955
TEST(MemorySanitizer,strptime)1956 TEST(MemorySanitizer, strptime) {
1957 struct tm time;
1958 char *p = strptime("11/1/2013-05:39", "%m/%d/%Y-%H:%M", &time);
1959 ASSERT_TRUE(p != NULL);
1960 EXPECT_NOT_POISONED(time.tm_sec);
1961 EXPECT_NOT_POISONED(time.tm_hour);
1962 EXPECT_NOT_POISONED(time.tm_year);
1963 }
1964
TEST(MemorySanitizer,localtime)1965 TEST(MemorySanitizer, localtime) {
1966 time_t t = 123;
1967 struct tm *time = localtime(&t);
1968 ASSERT_TRUE(time != NULL);
1969 EXPECT_NOT_POISONED(time->tm_sec);
1970 EXPECT_NOT_POISONED(time->tm_hour);
1971 EXPECT_NOT_POISONED(time->tm_year);
1972 EXPECT_NOT_POISONED(time->tm_isdst);
1973 EXPECT_NE(0U, strlen(time->tm_zone));
1974 }
1975
TEST(MemorySanitizer,localtime_r)1976 TEST(MemorySanitizer, localtime_r) {
1977 time_t t = 123;
1978 struct tm time;
1979 struct tm *res = localtime_r(&t, &time);
1980 ASSERT_TRUE(res != NULL);
1981 EXPECT_NOT_POISONED(time.tm_sec);
1982 EXPECT_NOT_POISONED(time.tm_hour);
1983 EXPECT_NOT_POISONED(time.tm_year);
1984 EXPECT_NOT_POISONED(time.tm_isdst);
1985 EXPECT_NE(0U, strlen(time.tm_zone));
1986 }
1987
TEST(MemorySanitizer,getmntent)1988 TEST(MemorySanitizer, getmntent) {
1989 FILE *fp = setmntent("/etc/fstab", "r");
1990 struct mntent *mnt = getmntent(fp);
1991 ASSERT_TRUE(mnt != NULL);
1992 ASSERT_NE(0U, strlen(mnt->mnt_fsname));
1993 ASSERT_NE(0U, strlen(mnt->mnt_dir));
1994 ASSERT_NE(0U, strlen(mnt->mnt_type));
1995 ASSERT_NE(0U, strlen(mnt->mnt_opts));
1996 EXPECT_NOT_POISONED(mnt->mnt_freq);
1997 EXPECT_NOT_POISONED(mnt->mnt_passno);
1998 fclose(fp);
1999 }
2000
TEST(MemorySanitizer,getmntent_r)2001 TEST(MemorySanitizer, getmntent_r) {
2002 FILE *fp = setmntent("/etc/fstab", "r");
2003 struct mntent mntbuf;
2004 char buf[1000];
2005 struct mntent *mnt = getmntent_r(fp, &mntbuf, buf, sizeof(buf));
2006 ASSERT_TRUE(mnt != NULL);
2007 ASSERT_NE(0U, strlen(mnt->mnt_fsname));
2008 ASSERT_NE(0U, strlen(mnt->mnt_dir));
2009 ASSERT_NE(0U, strlen(mnt->mnt_type));
2010 ASSERT_NE(0U, strlen(mnt->mnt_opts));
2011 EXPECT_NOT_POISONED(mnt->mnt_freq);
2012 EXPECT_NOT_POISONED(mnt->mnt_passno);
2013 fclose(fp);
2014 }
2015
TEST(MemorySanitizer,ether)2016 TEST(MemorySanitizer, ether) {
2017 const char *asc = "11:22:33:44:55:66";
2018 struct ether_addr *paddr = ether_aton(asc);
2019 EXPECT_NOT_POISONED(*paddr);
2020
2021 struct ether_addr addr;
2022 paddr = ether_aton_r(asc, &addr);
2023 ASSERT_EQ(paddr, &addr);
2024 EXPECT_NOT_POISONED(addr);
2025
2026 char *s = ether_ntoa(&addr);
2027 ASSERT_NE(0U, strlen(s));
2028
2029 char buf[100];
2030 s = ether_ntoa_r(&addr, buf);
2031 ASSERT_EQ(s, buf);
2032 ASSERT_NE(0U, strlen(buf));
2033 }
2034
TEST(MemorySanitizer,mmap)2035 TEST(MemorySanitizer, mmap) {
2036 const int size = 4096;
2037 void *p1, *p2;
2038 p1 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
2039 __msan_poison(p1, size);
2040 munmap(p1, size);
2041 for (int i = 0; i < 1000; i++) {
2042 p2 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
2043 if (p2 == p1)
2044 break;
2045 else
2046 munmap(p2, size);
2047 }
2048 if (p1 == p2) {
2049 EXPECT_NOT_POISONED(*(char*)p2);
2050 munmap(p2, size);
2051 }
2052 }
2053
2054 // FIXME: enable and add ecvt.
2055 // FIXME: check why msandr does nt handle fcvt.
TEST(MemorySanitizer,fcvt)2056 TEST(MemorySanitizer, fcvt) {
2057 int a, b;
2058 break_optimization(&a);
2059 break_optimization(&b);
2060 EXPECT_POISONED(a);
2061 EXPECT_POISONED(b);
2062 char *str = fcvt(12345.6789, 10, &a, &b);
2063 EXPECT_NOT_POISONED(a);
2064 EXPECT_NOT_POISONED(b);
2065 }
2066
TEST(MemorySanitizer,memchr)2067 TEST(MemorySanitizer, memchr) {
2068 char x[10];
2069 break_optimization(x);
2070 EXPECT_POISONED(x[0]);
2071 x[2] = '2';
2072 void *res;
2073 EXPECT_UMR(res = memchr(x, '2', 10));
2074 EXPECT_NOT_POISONED(res);
2075 x[0] = '0';
2076 x[1] = '1';
2077 res = memchr(x, '2', 10);
2078 EXPECT_EQ(&x[2], res);
2079 EXPECT_UMR(res = memchr(x, '3', 10));
2080 EXPECT_NOT_POISONED(res);
2081 }
2082
TEST(MemorySanitizer,memrchr)2083 TEST(MemorySanitizer, memrchr) {
2084 char x[10];
2085 break_optimization(x);
2086 EXPECT_POISONED(x[0]);
2087 x[9] = '9';
2088 void *res;
2089 EXPECT_UMR(res = memrchr(x, '9', 10));
2090 EXPECT_NOT_POISONED(res);
2091 x[0] = '0';
2092 x[1] = '1';
2093 res = memrchr(x, '0', 2);
2094 EXPECT_EQ(&x[0], res);
2095 EXPECT_UMR(res = memrchr(x, '7', 10));
2096 EXPECT_NOT_POISONED(res);
2097 }
2098
TEST(MemorySanitizer,frexp)2099 TEST(MemorySanitizer, frexp) {
2100 int x;
2101 x = *GetPoisoned<int>();
2102 double r = frexp(1.1, &x);
2103 EXPECT_NOT_POISONED(r);
2104 EXPECT_NOT_POISONED(x);
2105
2106 x = *GetPoisoned<int>();
2107 float rf = frexpf(1.1, &x);
2108 EXPECT_NOT_POISONED(rf);
2109 EXPECT_NOT_POISONED(x);
2110
2111 x = *GetPoisoned<int>();
2112 double rl = frexpl(1.1, &x);
2113 EXPECT_NOT_POISONED(rl);
2114 EXPECT_NOT_POISONED(x);
2115 }
2116
2117 namespace {
2118
2119 static int cnt;
2120
SigactionHandler(int signo,siginfo_t * si,void * uc)2121 void SigactionHandler(int signo, siginfo_t* si, void* uc) {
2122 ASSERT_EQ(signo, SIGPROF);
2123 ASSERT_TRUE(si != NULL);
2124 EXPECT_NOT_POISONED(si->si_errno);
2125 EXPECT_NOT_POISONED(si->si_pid);
2126 #if __linux__
2127 # if defined(__x86_64__)
2128 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_RIP]);
2129 # elif defined(__i386__)
2130 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_EIP]);
2131 # endif
2132 #endif
2133 ++cnt;
2134 }
2135
TEST(MemorySanitizer,sigaction)2136 TEST(MemorySanitizer, sigaction) {
2137 struct sigaction act = {};
2138 struct sigaction oldact = {};
2139 struct sigaction origact = {};
2140
2141 sigaction(SIGPROF, 0, &origact);
2142
2143 act.sa_flags |= SA_SIGINFO;
2144 act.sa_sigaction = &SigactionHandler;
2145 sigaction(SIGPROF, &act, 0);
2146
2147 kill(getpid(), SIGPROF);
2148
2149 act.sa_flags &= ~SA_SIGINFO;
2150 act.sa_handler = SIG_DFL;
2151 sigaction(SIGPROF, &act, 0);
2152
2153 act.sa_flags &= ~SA_SIGINFO;
2154 act.sa_handler = SIG_IGN;
2155 sigaction(SIGPROF, &act, &oldact);
2156 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO);
2157 EXPECT_EQ(SIG_DFL, oldact.sa_handler);
2158 kill(getpid(), SIGPROF);
2159
2160 act.sa_flags |= SA_SIGINFO;
2161 act.sa_sigaction = &SigactionHandler;
2162 sigaction(SIGPROF, &act, &oldact);
2163 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO);
2164 EXPECT_EQ(SIG_IGN, oldact.sa_handler);
2165 kill(getpid(), SIGPROF);
2166
2167 act.sa_flags &= ~SA_SIGINFO;
2168 act.sa_handler = SIG_DFL;
2169 sigaction(SIGPROF, &act, &oldact);
2170 EXPECT_TRUE(oldact.sa_flags & SA_SIGINFO);
2171 EXPECT_EQ(&SigactionHandler, oldact.sa_sigaction);
2172 EXPECT_EQ(2, cnt);
2173
2174 sigaction(SIGPROF, &origact, 0);
2175 }
2176
2177 } // namespace
2178
2179
TEST(MemorySanitizer,sigemptyset)2180 TEST(MemorySanitizer, sigemptyset) {
2181 sigset_t s;
2182 EXPECT_POISONED(s);
2183 int res = sigemptyset(&s);
2184 ASSERT_EQ(0, res);
2185 EXPECT_NOT_POISONED(s);
2186 }
2187
TEST(MemorySanitizer,sigfillset)2188 TEST(MemorySanitizer, sigfillset) {
2189 sigset_t s;
2190 EXPECT_POISONED(s);
2191 int res = sigfillset(&s);
2192 ASSERT_EQ(0, res);
2193 EXPECT_NOT_POISONED(s);
2194 }
2195
TEST(MemorySanitizer,sigpending)2196 TEST(MemorySanitizer, sigpending) {
2197 sigset_t s;
2198 EXPECT_POISONED(s);
2199 int res = sigpending(&s);
2200 ASSERT_EQ(0, res);
2201 EXPECT_NOT_POISONED(s);
2202 }
2203
TEST(MemorySanitizer,sigprocmask)2204 TEST(MemorySanitizer, sigprocmask) {
2205 sigset_t s;
2206 EXPECT_POISONED(s);
2207 int res = sigprocmask(SIG_BLOCK, 0, &s);
2208 ASSERT_EQ(0, res);
2209 EXPECT_NOT_POISONED(s);
2210 }
2211
2212 struct StructWithDtor {
2213 ~StructWithDtor();
2214 };
2215
~StructWithDtor()2216 NOINLINE StructWithDtor::~StructWithDtor() {
2217 break_optimization(0);
2218 }
2219
TEST(MemorySanitizer,Invoke)2220 TEST(MemorySanitizer, Invoke) {
2221 StructWithDtor s; // Will cause the calls to become invokes.
2222 EXPECT_NOT_POISONED(0);
2223 EXPECT_POISONED(*GetPoisoned<int>());
2224 EXPECT_NOT_POISONED(0);
2225 EXPECT_POISONED(*GetPoisoned<int>());
2226 EXPECT_POISONED(ReturnPoisoned<S4>());
2227 }
2228
TEST(MemorySanitizer,ptrtoint)2229 TEST(MemorySanitizer, ptrtoint) {
2230 // Test that shadow is propagated through pointer-to-integer conversion.
2231 void* p = (void*)0xABCD;
2232 __msan_poison(((char*)&p) + 1, sizeof(p));
2233 EXPECT_NOT_POISONED((((uintptr_t)p) & 0xFF) == 0);
2234
2235 void* q = (void*)0xABCD;
2236 __msan_poison(&q, sizeof(q) - 1);
2237 EXPECT_POISONED((((uintptr_t)q) & 0xFF) == 0);
2238 }
2239
vaargsfn2(int guard,...)2240 static void vaargsfn2(int guard, ...) {
2241 va_list vl;
2242 va_start(vl, guard);
2243 EXPECT_NOT_POISONED(va_arg(vl, int));
2244 EXPECT_NOT_POISONED(va_arg(vl, int));
2245 EXPECT_NOT_POISONED(va_arg(vl, int));
2246 EXPECT_POISONED(va_arg(vl, double));
2247 va_end(vl);
2248 }
2249
vaargsfn(int guard,...)2250 static void vaargsfn(int guard, ...) {
2251 va_list vl;
2252 va_start(vl, guard);
2253 EXPECT_NOT_POISONED(va_arg(vl, int));
2254 EXPECT_POISONED(va_arg(vl, int));
2255 // The following call will overwrite __msan_param_tls.
2256 // Checks after it test that arg shadow was somehow saved across the call.
2257 vaargsfn2(1, 2, 3, 4, *GetPoisoned<double>());
2258 EXPECT_NOT_POISONED(va_arg(vl, int));
2259 EXPECT_POISONED(va_arg(vl, int));
2260 va_end(vl);
2261 }
2262
TEST(MemorySanitizer,VAArgTest)2263 TEST(MemorySanitizer, VAArgTest) {
2264 int* x = GetPoisoned<int>();
2265 int* y = GetPoisoned<int>(4);
2266 vaargsfn(1, 13, *x, 42, *y);
2267 }
2268
vaargsfn_many(int guard,...)2269 static void vaargsfn_many(int guard, ...) {
2270 va_list vl;
2271 va_start(vl, guard);
2272 EXPECT_NOT_POISONED(va_arg(vl, int));
2273 EXPECT_POISONED(va_arg(vl, int));
2274 EXPECT_NOT_POISONED(va_arg(vl, int));
2275 EXPECT_NOT_POISONED(va_arg(vl, int));
2276 EXPECT_NOT_POISONED(va_arg(vl, int));
2277 EXPECT_NOT_POISONED(va_arg(vl, int));
2278 EXPECT_NOT_POISONED(va_arg(vl, int));
2279 EXPECT_NOT_POISONED(va_arg(vl, int));
2280 EXPECT_NOT_POISONED(va_arg(vl, int));
2281 EXPECT_POISONED(va_arg(vl, int));
2282 va_end(vl);
2283 }
2284
TEST(MemorySanitizer,VAArgManyTest)2285 TEST(MemorySanitizer, VAArgManyTest) {
2286 int* x = GetPoisoned<int>();
2287 int* y = GetPoisoned<int>(4);
2288 vaargsfn_many(1, 2, *x, 3, 4, 5, 6, 7, 8, 9, *y);
2289 }
2290
vaargsfn_pass2(va_list vl)2291 static void vaargsfn_pass2(va_list vl) {
2292 EXPECT_NOT_POISONED(va_arg(vl, int));
2293 EXPECT_NOT_POISONED(va_arg(vl, int));
2294 EXPECT_POISONED(va_arg(vl, int));
2295 }
2296
vaargsfn_pass(int guard,...)2297 static void vaargsfn_pass(int guard, ...) {
2298 va_list vl;
2299 va_start(vl, guard);
2300 EXPECT_POISONED(va_arg(vl, int));
2301 vaargsfn_pass2(vl);
2302 va_end(vl);
2303 }
2304
TEST(MemorySanitizer,VAArgPass)2305 TEST(MemorySanitizer, VAArgPass) {
2306 int* x = GetPoisoned<int>();
2307 int* y = GetPoisoned<int>(4);
2308 vaargsfn_pass(1, *x, 2, 3, *y);
2309 }
2310
vaargsfn_copy2(va_list vl)2311 static void vaargsfn_copy2(va_list vl) {
2312 EXPECT_NOT_POISONED(va_arg(vl, int));
2313 EXPECT_POISONED(va_arg(vl, int));
2314 }
2315
vaargsfn_copy(int guard,...)2316 static void vaargsfn_copy(int guard, ...) {
2317 va_list vl;
2318 va_start(vl, guard);
2319 EXPECT_NOT_POISONED(va_arg(vl, int));
2320 EXPECT_POISONED(va_arg(vl, int));
2321 va_list vl2;
2322 va_copy(vl2, vl);
2323 vaargsfn_copy2(vl2);
2324 EXPECT_NOT_POISONED(va_arg(vl, int));
2325 EXPECT_POISONED(va_arg(vl, int));
2326 va_end(vl);
2327 }
2328
TEST(MemorySanitizer,VAArgCopy)2329 TEST(MemorySanitizer, VAArgCopy) {
2330 int* x = GetPoisoned<int>();
2331 int* y = GetPoisoned<int>(4);
2332 vaargsfn_copy(1, 2, *x, 3, *y);
2333 }
2334
vaargsfn_ptr(int guard,...)2335 static void vaargsfn_ptr(int guard, ...) {
2336 va_list vl;
2337 va_start(vl, guard);
2338 EXPECT_NOT_POISONED(va_arg(vl, int*));
2339 EXPECT_POISONED(va_arg(vl, int*));
2340 EXPECT_NOT_POISONED(va_arg(vl, int*));
2341 EXPECT_POISONED(va_arg(vl, double*));
2342 va_end(vl);
2343 }
2344
TEST(MemorySanitizer,VAArgPtr)2345 TEST(MemorySanitizer, VAArgPtr) {
2346 int** x = GetPoisoned<int*>();
2347 double** y = GetPoisoned<double*>(8);
2348 int z;
2349 vaargsfn_ptr(1, &z, *x, &z, *y);
2350 }
2351
vaargsfn_overflow(int guard,...)2352 static void vaargsfn_overflow(int guard, ...) {
2353 va_list vl;
2354 va_start(vl, guard);
2355 EXPECT_NOT_POISONED(va_arg(vl, int));
2356 EXPECT_NOT_POISONED(va_arg(vl, int));
2357 EXPECT_POISONED(va_arg(vl, int));
2358 EXPECT_NOT_POISONED(va_arg(vl, int));
2359 EXPECT_NOT_POISONED(va_arg(vl, int));
2360 EXPECT_NOT_POISONED(va_arg(vl, int));
2361
2362 EXPECT_NOT_POISONED(va_arg(vl, double));
2363 EXPECT_NOT_POISONED(va_arg(vl, double));
2364 EXPECT_NOT_POISONED(va_arg(vl, double));
2365 EXPECT_POISONED(va_arg(vl, double));
2366 EXPECT_NOT_POISONED(va_arg(vl, double));
2367 EXPECT_POISONED(va_arg(vl, int*));
2368 EXPECT_NOT_POISONED(va_arg(vl, double));
2369 EXPECT_NOT_POISONED(va_arg(vl, double));
2370
2371 EXPECT_POISONED(va_arg(vl, int));
2372 EXPECT_POISONED(va_arg(vl, double));
2373 EXPECT_POISONED(va_arg(vl, int*));
2374
2375 EXPECT_NOT_POISONED(va_arg(vl, int));
2376 EXPECT_NOT_POISONED(va_arg(vl, double));
2377 EXPECT_NOT_POISONED(va_arg(vl, int*));
2378
2379 EXPECT_POISONED(va_arg(vl, int));
2380 EXPECT_POISONED(va_arg(vl, double));
2381 EXPECT_POISONED(va_arg(vl, int*));
2382
2383 va_end(vl);
2384 }
2385
TEST(MemorySanitizer,VAArgOverflow)2386 TEST(MemorySanitizer, VAArgOverflow) {
2387 int* x = GetPoisoned<int>();
2388 double* y = GetPoisoned<double>(8);
2389 int** p = GetPoisoned<int*>(16);
2390 int z;
2391 vaargsfn_overflow(1,
2392 1, 2, *x, 4, 5, 6,
2393 1.1, 2.2, 3.3, *y, 5.5, *p, 7.7, 8.8,
2394 // the following args will overflow for sure
2395 *x, *y, *p,
2396 7, 9.9, &z,
2397 *x, *y, *p);
2398 }
2399
vaargsfn_tlsoverwrite2(int guard,...)2400 static void vaargsfn_tlsoverwrite2(int guard, ...) {
2401 va_list vl;
2402 va_start(vl, guard);
2403 for (int i = 0; i < 20; ++i)
2404 EXPECT_NOT_POISONED(va_arg(vl, int));
2405 va_end(vl);
2406 }
2407
vaargsfn_tlsoverwrite(int guard,...)2408 static void vaargsfn_tlsoverwrite(int guard, ...) {
2409 // This call will overwrite TLS contents unless it's backed up somewhere.
2410 vaargsfn_tlsoverwrite2(2,
2411 42, 42, 42, 42, 42,
2412 42, 42, 42, 42, 42,
2413 42, 42, 42, 42, 42,
2414 42, 42, 42, 42, 42); // 20x
2415 va_list vl;
2416 va_start(vl, guard);
2417 for (int i = 0; i < 20; ++i)
2418 EXPECT_POISONED(va_arg(vl, int));
2419 va_end(vl);
2420 }
2421
TEST(MemorySanitizer,VAArgTLSOverwrite)2422 TEST(MemorySanitizer, VAArgTLSOverwrite) {
2423 int* x = GetPoisoned<int>();
2424 vaargsfn_tlsoverwrite(1,
2425 *x, *x, *x, *x, *x,
2426 *x, *x, *x, *x, *x,
2427 *x, *x, *x, *x, *x,
2428 *x, *x, *x, *x, *x); // 20x
2429
2430 }
2431
2432 struct StructByVal {
2433 int a, b, c, d, e, f;
2434 };
2435
vaargsfn_structbyval(int guard,...)2436 static void vaargsfn_structbyval(int guard, ...) {
2437 va_list vl;
2438 va_start(vl, guard);
2439 {
2440 StructByVal s = va_arg(vl, StructByVal);
2441 EXPECT_NOT_POISONED(s.a);
2442 EXPECT_POISONED(s.b);
2443 EXPECT_NOT_POISONED(s.c);
2444 EXPECT_POISONED(s.d);
2445 EXPECT_NOT_POISONED(s.e);
2446 EXPECT_POISONED(s.f);
2447 }
2448 {
2449 StructByVal s = va_arg(vl, StructByVal);
2450 EXPECT_NOT_POISONED(s.a);
2451 EXPECT_POISONED(s.b);
2452 EXPECT_NOT_POISONED(s.c);
2453 EXPECT_POISONED(s.d);
2454 EXPECT_NOT_POISONED(s.e);
2455 EXPECT_POISONED(s.f);
2456 }
2457 va_end(vl);
2458 }
2459
TEST(MemorySanitizer,VAArgStructByVal)2460 TEST(MemorySanitizer, VAArgStructByVal) {
2461 StructByVal s;
2462 s.a = 1;
2463 s.b = *GetPoisoned<int>();
2464 s.c = 2;
2465 s.d = *GetPoisoned<int>();
2466 s.e = 3;
2467 s.f = *GetPoisoned<int>();
2468 vaargsfn_structbyval(0, s, s);
2469 }
2470
StructByValTestFunc(struct StructByVal s)2471 NOINLINE void StructByValTestFunc(struct StructByVal s) {
2472 EXPECT_NOT_POISONED(s.a);
2473 EXPECT_POISONED(s.b);
2474 EXPECT_NOT_POISONED(s.c);
2475 EXPECT_POISONED(s.d);
2476 EXPECT_NOT_POISONED(s.e);
2477 EXPECT_POISONED(s.f);
2478 }
2479
StructByValTestFunc1(struct StructByVal s)2480 NOINLINE void StructByValTestFunc1(struct StructByVal s) {
2481 StructByValTestFunc(s);
2482 }
2483
StructByValTestFunc2(int z,struct StructByVal s)2484 NOINLINE void StructByValTestFunc2(int z, struct StructByVal s) {
2485 StructByValTestFunc(s);
2486 }
2487
TEST(MemorySanitizer,StructByVal)2488 TEST(MemorySanitizer, StructByVal) {
2489 // Large aggregates are passed as "byval" pointer argument in LLVM.
2490 struct StructByVal s;
2491 s.a = 1;
2492 s.b = *GetPoisoned<int>();
2493 s.c = 2;
2494 s.d = *GetPoisoned<int>();
2495 s.e = 3;
2496 s.f = *GetPoisoned<int>();
2497 StructByValTestFunc(s);
2498 StructByValTestFunc1(s);
2499 StructByValTestFunc2(0, s);
2500 }
2501
2502
2503 #if MSAN_HAS_M128
m128Eq(__m128i * a,__m128i * b)2504 NOINLINE __m128i m128Eq(__m128i *a, __m128i *b) { return _mm_cmpeq_epi16(*a, *b); }
m128Lt(__m128i * a,__m128i * b)2505 NOINLINE __m128i m128Lt(__m128i *a, __m128i *b) { return _mm_cmplt_epi16(*a, *b); }
TEST(MemorySanitizer,m128)2506 TEST(MemorySanitizer, m128) {
2507 __m128i a = _mm_set1_epi16(0x1234);
2508 __m128i b = _mm_set1_epi16(0x7890);
2509 EXPECT_NOT_POISONED(m128Eq(&a, &b));
2510 EXPECT_NOT_POISONED(m128Lt(&a, &b));
2511 }
2512 // FIXME: add more tests for __m128i.
2513 #endif // MSAN_HAS_M128
2514
2515 // We should not complain when copying this poisoned hole.
2516 struct StructWithHole {
2517 U4 a;
2518 // 4-byte hole.
2519 U8 b;
2520 };
2521
ReturnStructWithHole()2522 NOINLINE StructWithHole ReturnStructWithHole() {
2523 StructWithHole res;
2524 __msan_poison(&res, sizeof(res));
2525 res.a = 1;
2526 res.b = 2;
2527 return res;
2528 }
2529
TEST(MemorySanitizer,StructWithHole)2530 TEST(MemorySanitizer, StructWithHole) {
2531 StructWithHole a = ReturnStructWithHole();
2532 break_optimization(&a);
2533 }
2534
2535 template <class T>
ReturnStruct()2536 NOINLINE T ReturnStruct() {
2537 T res;
2538 __msan_poison(&res, sizeof(res));
2539 res.a = 1;
2540 return res;
2541 }
2542
2543 template <class T>
TestReturnStruct()2544 NOINLINE void TestReturnStruct() {
2545 T s1 = ReturnStruct<T>();
2546 EXPECT_NOT_POISONED(s1.a);
2547 EXPECT_POISONED(s1.b);
2548 }
2549
2550 struct SSS1 {
2551 int a, b, c;
2552 };
2553 struct SSS2 {
2554 int b, a, c;
2555 };
2556 struct SSS3 {
2557 int b, c, a;
2558 };
2559 struct SSS4 {
2560 int c, b, a;
2561 };
2562
2563 struct SSS5 {
2564 int a;
2565 float b;
2566 };
2567 struct SSS6 {
2568 int a;
2569 double b;
2570 };
2571 struct SSS7 {
2572 S8 b;
2573 int a;
2574 };
2575 struct SSS8 {
2576 S2 b;
2577 S8 a;
2578 };
2579
TEST(MemorySanitizer,IntStruct3)2580 TEST(MemorySanitizer, IntStruct3) {
2581 TestReturnStruct<SSS1>();
2582 TestReturnStruct<SSS2>();
2583 TestReturnStruct<SSS3>();
2584 TestReturnStruct<SSS4>();
2585 TestReturnStruct<SSS5>();
2586 TestReturnStruct<SSS6>();
2587 TestReturnStruct<SSS7>();
2588 TestReturnStruct<SSS8>();
2589 }
2590
2591 struct LongStruct {
2592 U1 a1, b1;
2593 U2 a2, b2;
2594 U4 a4, b4;
2595 U8 a8, b8;
2596 };
2597
ReturnLongStruct1()2598 NOINLINE LongStruct ReturnLongStruct1() {
2599 LongStruct res;
2600 __msan_poison(&res, sizeof(res));
2601 res.a1 = res.a2 = res.a4 = res.a8 = 111;
2602 // leaves b1, .., b8 poisoned.
2603 return res;
2604 }
2605
ReturnLongStruct2()2606 NOINLINE LongStruct ReturnLongStruct2() {
2607 LongStruct res;
2608 __msan_poison(&res, sizeof(res));
2609 res.b1 = res.b2 = res.b4 = res.b8 = 111;
2610 // leaves a1, .., a8 poisoned.
2611 return res;
2612 }
2613
TEST(MemorySanitizer,LongStruct)2614 TEST(MemorySanitizer, LongStruct) {
2615 LongStruct s1 = ReturnLongStruct1();
2616 __msan_print_shadow(&s1, sizeof(s1));
2617 EXPECT_NOT_POISONED(s1.a1);
2618 EXPECT_NOT_POISONED(s1.a2);
2619 EXPECT_NOT_POISONED(s1.a4);
2620 EXPECT_NOT_POISONED(s1.a8);
2621
2622 EXPECT_POISONED(s1.b1);
2623 EXPECT_POISONED(s1.b2);
2624 EXPECT_POISONED(s1.b4);
2625 EXPECT_POISONED(s1.b8);
2626
2627 LongStruct s2 = ReturnLongStruct2();
2628 __msan_print_shadow(&s2, sizeof(s2));
2629 EXPECT_NOT_POISONED(s2.b1);
2630 EXPECT_NOT_POISONED(s2.b2);
2631 EXPECT_NOT_POISONED(s2.b4);
2632 EXPECT_NOT_POISONED(s2.b8);
2633
2634 EXPECT_POISONED(s2.a1);
2635 EXPECT_POISONED(s2.a2);
2636 EXPECT_POISONED(s2.a4);
2637 EXPECT_POISONED(s2.a8);
2638 }
2639
TEST(MemorySanitizer,getrlimit)2640 TEST(MemorySanitizer, getrlimit) {
2641 struct rlimit limit;
2642 __msan_poison(&limit, sizeof(limit));
2643 int result = getrlimit(RLIMIT_DATA, &limit);
2644 ASSERT_EQ(result, 0);
2645 EXPECT_NOT_POISONED(limit.rlim_cur);
2646 EXPECT_NOT_POISONED(limit.rlim_max);
2647 }
2648
TEST(MemorySanitizer,getrusage)2649 TEST(MemorySanitizer, getrusage) {
2650 struct rusage usage;
2651 __msan_poison(&usage, sizeof(usage));
2652 int result = getrusage(RUSAGE_SELF, &usage);
2653 ASSERT_EQ(result, 0);
2654 EXPECT_NOT_POISONED(usage.ru_utime.tv_sec);
2655 EXPECT_NOT_POISONED(usage.ru_utime.tv_usec);
2656 EXPECT_NOT_POISONED(usage.ru_stime.tv_sec);
2657 EXPECT_NOT_POISONED(usage.ru_stime.tv_usec);
2658 EXPECT_NOT_POISONED(usage.ru_maxrss);
2659 EXPECT_NOT_POISONED(usage.ru_minflt);
2660 EXPECT_NOT_POISONED(usage.ru_majflt);
2661 EXPECT_NOT_POISONED(usage.ru_inblock);
2662 EXPECT_NOT_POISONED(usage.ru_oublock);
2663 EXPECT_NOT_POISONED(usage.ru_nvcsw);
2664 EXPECT_NOT_POISONED(usage.ru_nivcsw);
2665 }
2666
2667 #ifdef __GLIBC__
2668 extern char *program_invocation_name;
2669 #else // __GLIBC__
2670 # error "TODO: port this"
2671 #endif
2672
dladdr_testfn()2673 static void dladdr_testfn() {}
2674
TEST(MemorySanitizer,dladdr)2675 TEST(MemorySanitizer, dladdr) {
2676 Dl_info info;
2677 __msan_poison(&info, sizeof(info));
2678 int result = dladdr((const void*)dladdr_testfn, &info);
2679 ASSERT_NE(result, 0);
2680 EXPECT_NOT_POISONED((unsigned long)info.dli_fname);
2681 if (info.dli_fname)
2682 EXPECT_NOT_POISONED(strlen(info.dli_fname));
2683 EXPECT_NOT_POISONED((unsigned long)info.dli_fbase);
2684 EXPECT_NOT_POISONED((unsigned long)info.dli_sname);
2685 if (info.dli_sname)
2686 EXPECT_NOT_POISONED(strlen(info.dli_sname));
2687 EXPECT_NOT_POISONED((unsigned long)info.dli_saddr);
2688 }
2689
2690 #ifndef MSAN_TEST_DISABLE_DLOPEN
2691
dl_phdr_callback(struct dl_phdr_info * info,size_t size,void * data)2692 static int dl_phdr_callback(struct dl_phdr_info *info, size_t size, void *data) {
2693 (*(int *)data)++;
2694 EXPECT_NOT_POISONED(info->dlpi_addr);
2695 EXPECT_NOT_POISONED(strlen(info->dlpi_name));
2696 EXPECT_NOT_POISONED(info->dlpi_phnum);
2697 for (int i = 0; i < info->dlpi_phnum; ++i)
2698 EXPECT_NOT_POISONED(info->dlpi_phdr[i]);
2699 return 0;
2700 }
2701
2702 // Compute the path to our loadable DSO. We assume it's in the same
2703 // directory. Only use string routines that we intercept so far to do this.
PathToLoadable(char * buf,size_t sz)2704 static int PathToLoadable(char *buf, size_t sz) {
2705 const char *basename = "libmsan_loadable.x86_64.so";
2706 char *argv0 = program_invocation_name;
2707 char *last_slash = strrchr(argv0, '/');
2708 assert(last_slash);
2709 int res =
2710 snprintf(buf, sz, "%.*s/%s", int(last_slash - argv0), argv0, basename);
2711 assert(res >= 0);
2712 return (size_t)res < sz ? 0 : res;
2713 }
2714
TEST(MemorySanitizer,dl_iterate_phdr)2715 TEST(MemorySanitizer, dl_iterate_phdr) {
2716 char path[4096];
2717 int res = PathToLoadable(path, sizeof(path));
2718 ASSERT_EQ(0, res);
2719
2720 // Having at least one dlopen'ed library in the process makes this more
2721 // entertaining.
2722 void *lib = dlopen(path, RTLD_LAZY);
2723 ASSERT_NE((void*)0, lib);
2724
2725 int count = 0;
2726 int result = dl_iterate_phdr(dl_phdr_callback, &count);
2727 ASSERT_GT(count, 0);
2728
2729 dlclose(lib);
2730 }
2731
2732
TEST(MemorySanitizer,dlopen)2733 TEST(MemorySanitizer, dlopen) {
2734 char path[4096];
2735 int res = PathToLoadable(path, sizeof(path));
2736 ASSERT_EQ(0, res);
2737
2738 // We need to clear shadow for globals when doing dlopen. In order to test
2739 // this, we have to poison the shadow for the DSO before we load it. In
2740 // general this is difficult, but the loader tends to reload things in the
2741 // same place, so we open, close, and then reopen. The global should always
2742 // start out clean after dlopen.
2743 for (int i = 0; i < 2; i++) {
2744 void *lib = dlopen(path, RTLD_LAZY);
2745 if (lib == NULL) {
2746 printf("dlerror: %s\n", dlerror());
2747 ASSERT_TRUE(lib != NULL);
2748 }
2749 void **(*get_dso_global)() = (void **(*)())dlsym(lib, "get_dso_global");
2750 ASSERT_TRUE(get_dso_global != NULL);
2751 void **dso_global = get_dso_global();
2752 EXPECT_NOT_POISONED(*dso_global);
2753 __msan_poison(dso_global, sizeof(*dso_global));
2754 EXPECT_POISONED(*dso_global);
2755 dlclose(lib);
2756 }
2757 }
2758
2759 // Regression test for a crash in dlopen() interceptor.
TEST(MemorySanitizer,dlopenFailed)2760 TEST(MemorySanitizer, dlopenFailed) {
2761 const char *path = "/libmsan_loadable_does_not_exist.x86_64.so";
2762 void *lib = dlopen(path, RTLD_LAZY);
2763 ASSERT_TRUE(lib == NULL);
2764 }
2765
2766 #endif // MSAN_TEST_DISABLE_DLOPEN
2767
TEST(MemorySanitizer,sched_getaffinity)2768 TEST(MemorySanitizer, sched_getaffinity) {
2769 cpu_set_t mask;
2770 int res = sched_getaffinity(getpid(), sizeof(mask), &mask);
2771 ASSERT_EQ(0, res);
2772 EXPECT_NOT_POISONED(mask);
2773 }
2774
TEST(MemorySanitizer,scanf)2775 TEST(MemorySanitizer, scanf) {
2776 const char *input = "42 hello";
2777 int* d = new int;
2778 char* s = new char[7];
2779 int res = sscanf(input, "%d %5s", d, s);
2780 printf("res %d\n", res);
2781 ASSERT_EQ(res, 2);
2782 EXPECT_NOT_POISONED(*d);
2783 EXPECT_NOT_POISONED(s[0]);
2784 EXPECT_NOT_POISONED(s[1]);
2785 EXPECT_NOT_POISONED(s[2]);
2786 EXPECT_NOT_POISONED(s[3]);
2787 EXPECT_NOT_POISONED(s[4]);
2788 EXPECT_NOT_POISONED(s[5]);
2789 EXPECT_POISONED(s[6]);
2790 delete s;
2791 delete d;
2792 }
2793
SimpleThread_threadfn(void * data)2794 static void *SimpleThread_threadfn(void* data) {
2795 return new int;
2796 }
2797
TEST(MemorySanitizer,SimpleThread)2798 TEST(MemorySanitizer, SimpleThread) {
2799 pthread_t t;
2800 void *p;
2801 int res = pthread_create(&t, NULL, SimpleThread_threadfn, NULL);
2802 ASSERT_EQ(0, res);
2803 EXPECT_NOT_POISONED(t);
2804 res = pthread_join(t, &p);
2805 ASSERT_EQ(0, res);
2806 EXPECT_NOT_POISONED(p);
2807 delete (int*)p;
2808 }
2809
SmallStackThread_threadfn(void * data)2810 static void *SmallStackThread_threadfn(void* data) {
2811 return 0;
2812 }
2813
TEST(MemorySanitizer,SmallStackThread)2814 TEST(MemorySanitizer, SmallStackThread) {
2815 pthread_attr_t attr;
2816 pthread_t t;
2817 void *p;
2818 int res;
2819 res = pthread_attr_init(&attr);
2820 ASSERT_EQ(0, res);
2821 res = pthread_attr_setstacksize(&attr, 64 * 1024);
2822 ASSERT_EQ(0, res);
2823 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL);
2824 ASSERT_EQ(0, res);
2825 res = pthread_join(t, &p);
2826 ASSERT_EQ(0, res);
2827 res = pthread_attr_destroy(&attr);
2828 ASSERT_EQ(0, res);
2829 }
2830
TEST(MemorySanitizer,SmallPreAllocatedStackThread)2831 TEST(MemorySanitizer, SmallPreAllocatedStackThread) {
2832 pthread_attr_t attr;
2833 pthread_t t;
2834 int res;
2835 res = pthread_attr_init(&attr);
2836 ASSERT_EQ(0, res);
2837 void *stack;
2838 const size_t kStackSize = 16 * 1024;
2839 res = posix_memalign(&stack, 4096, kStackSize);
2840 ASSERT_EQ(0, res);
2841 res = pthread_attr_setstack(&attr, stack, kStackSize);
2842 ASSERT_EQ(0, res);
2843 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL);
2844 EXPECT_EQ(0, res);
2845 res = pthread_join(t, NULL);
2846 ASSERT_EQ(0, res);
2847 res = pthread_attr_destroy(&attr);
2848 ASSERT_EQ(0, res);
2849 }
2850
TEST(MemorySanitizer,pthread_attr_get)2851 TEST(MemorySanitizer, pthread_attr_get) {
2852 pthread_attr_t attr;
2853 int res;
2854 res = pthread_attr_init(&attr);
2855 ASSERT_EQ(0, res);
2856 {
2857 int v;
2858 res = pthread_attr_getdetachstate(&attr, &v);
2859 ASSERT_EQ(0, res);
2860 EXPECT_NOT_POISONED(v);
2861 }
2862 {
2863 size_t v;
2864 res = pthread_attr_getguardsize(&attr, &v);
2865 ASSERT_EQ(0, res);
2866 EXPECT_NOT_POISONED(v);
2867 }
2868 {
2869 struct sched_param v;
2870 res = pthread_attr_getschedparam(&attr, &v);
2871 ASSERT_EQ(0, res);
2872 EXPECT_NOT_POISONED(v);
2873 }
2874 {
2875 int v;
2876 res = pthread_attr_getschedpolicy(&attr, &v);
2877 ASSERT_EQ(0, res);
2878 EXPECT_NOT_POISONED(v);
2879 }
2880 {
2881 int v;
2882 res = pthread_attr_getinheritsched(&attr, &v);
2883 ASSERT_EQ(0, res);
2884 EXPECT_NOT_POISONED(v);
2885 }
2886 {
2887 int v;
2888 res = pthread_attr_getscope(&attr, &v);
2889 ASSERT_EQ(0, res);
2890 EXPECT_NOT_POISONED(v);
2891 }
2892 {
2893 size_t v;
2894 res = pthread_attr_getstacksize(&attr, &v);
2895 ASSERT_EQ(0, res);
2896 EXPECT_NOT_POISONED(v);
2897 }
2898 {
2899 void *v;
2900 size_t w;
2901 res = pthread_attr_getstack(&attr, &v, &w);
2902 ASSERT_EQ(0, res);
2903 EXPECT_NOT_POISONED(v);
2904 EXPECT_NOT_POISONED(w);
2905 }
2906 {
2907 cpu_set_t v;
2908 res = pthread_attr_getaffinity_np(&attr, sizeof(v), &v);
2909 ASSERT_EQ(0, res);
2910 EXPECT_NOT_POISONED(v);
2911 }
2912 res = pthread_attr_destroy(&attr);
2913 ASSERT_EQ(0, res);
2914 }
2915
TEST(MemorySanitizer,pthread_getschedparam)2916 TEST(MemorySanitizer, pthread_getschedparam) {
2917 int policy;
2918 struct sched_param param;
2919 int res = pthread_getschedparam(pthread_self(), &policy, ¶m);
2920 ASSERT_EQ(0, res);
2921 EXPECT_NOT_POISONED(policy);
2922 EXPECT_NOT_POISONED(param.sched_priority);
2923 }
2924
TEST(MemorySanitizer,pthread_key_create)2925 TEST(MemorySanitizer, pthread_key_create) {
2926 pthread_key_t key;
2927 int res = pthread_key_create(&key, NULL);
2928 ASSERT_EQ(0, res);
2929 EXPECT_NOT_POISONED(key);
2930 res = pthread_key_delete(key);
2931 ASSERT_EQ(0, res);
2932 }
2933
2934 namespace {
2935 struct SignalCondArg {
2936 pthread_cond_t* cond;
2937 pthread_mutex_t* mu;
2938 bool broadcast;
2939 };
2940
SignalCond(void * param)2941 void *SignalCond(void *param) {
2942 SignalCondArg *arg = reinterpret_cast<SignalCondArg *>(param);
2943 pthread_mutex_lock(arg->mu);
2944 if (arg->broadcast)
2945 pthread_cond_broadcast(arg->cond);
2946 else
2947 pthread_cond_signal(arg->cond);
2948 pthread_mutex_unlock(arg->mu);
2949 return 0;
2950 }
2951 } // namespace
2952
TEST(MemorySanitizer,pthread_cond_wait)2953 TEST(MemorySanitizer, pthread_cond_wait) {
2954 pthread_cond_t cond;
2955 pthread_mutex_t mu;
2956 SignalCondArg args = {&cond, &mu, false};
2957 pthread_cond_init(&cond, 0);
2958 pthread_mutex_init(&mu, 0);
2959 pthread_mutex_lock(&mu);
2960
2961 // signal
2962 pthread_t thr;
2963 pthread_create(&thr, 0, SignalCond, &args);
2964 int res = pthread_cond_wait(&cond, &mu);
2965 ASSERT_EQ(0, res);
2966 pthread_join(thr, 0);
2967
2968 // broadcast
2969 args.broadcast = true;
2970 pthread_create(&thr, 0, SignalCond, &args);
2971 res = pthread_cond_wait(&cond, &mu);
2972 ASSERT_EQ(0, res);
2973 pthread_join(thr, 0);
2974
2975 pthread_mutex_unlock(&mu);
2976 pthread_mutex_destroy(&mu);
2977 pthread_cond_destroy(&cond);
2978 }
2979
TEST(MemorySanitizer,tmpnam)2980 TEST(MemorySanitizer, tmpnam) {
2981 char s[L_tmpnam];
2982 char *res = tmpnam(s);
2983 ASSERT_EQ(s, res);
2984 EXPECT_NOT_POISONED(strlen(res));
2985 }
2986
TEST(MemorySanitizer,tempnam)2987 TEST(MemorySanitizer, tempnam) {
2988 char *res = tempnam(NULL, "zzz");
2989 EXPECT_NOT_POISONED(strlen(res));
2990 free(res);
2991 }
2992
TEST(MemorySanitizer,posix_memalign)2993 TEST(MemorySanitizer, posix_memalign) {
2994 void *p;
2995 EXPECT_POISONED(p);
2996 int res = posix_memalign(&p, 4096, 13);
2997 ASSERT_EQ(0, res);
2998 EXPECT_NOT_POISONED(p);
2999 EXPECT_EQ(0U, (uintptr_t)p % 4096);
3000 free(p);
3001 }
3002
TEST(MemorySanitizer,memalign)3003 TEST(MemorySanitizer, memalign) {
3004 void *p = memalign(4096, 13);
3005 EXPECT_EQ(0U, (uintptr_t)p % kPageSize);
3006 free(p);
3007 }
3008
TEST(MemorySanitizer,valloc)3009 TEST(MemorySanitizer, valloc) {
3010 void *a = valloc(100);
3011 EXPECT_EQ(0U, (uintptr_t)a % kPageSize);
3012 free(a);
3013 }
3014
TEST(MemorySanitizer,pvalloc)3015 TEST(MemorySanitizer, pvalloc) {
3016 void *p = pvalloc(kPageSize + 100);
3017 EXPECT_EQ(0U, (uintptr_t)p % kPageSize);
3018 EXPECT_EQ(2 * kPageSize, __sanitizer_get_allocated_size(p));
3019 free(p);
3020
3021 p = pvalloc(0); // pvalloc(0) should allocate at least one page.
3022 EXPECT_EQ(0U, (uintptr_t)p % kPageSize);
3023 EXPECT_EQ(kPageSize, __sanitizer_get_allocated_size(p));
3024 free(p);
3025 }
3026
TEST(MemorySanitizer,inet_pton)3027 TEST(MemorySanitizer, inet_pton) {
3028 const char *s = "1:0:0:0:0:0:0:8";
3029 unsigned char buf[sizeof(struct in6_addr)];
3030 int res = inet_pton(AF_INET6, s, buf);
3031 ASSERT_EQ(1, res);
3032 EXPECT_NOT_POISONED(buf[0]);
3033 EXPECT_NOT_POISONED(buf[sizeof(struct in6_addr) - 1]);
3034
3035 char s_out[INET6_ADDRSTRLEN];
3036 EXPECT_POISONED(s_out[3]);
3037 const char *q = inet_ntop(AF_INET6, buf, s_out, INET6_ADDRSTRLEN);
3038 ASSERT_NE((void*)0, q);
3039 EXPECT_NOT_POISONED(s_out[3]);
3040 }
3041
TEST(MemorySanitizer,inet_aton)3042 TEST(MemorySanitizer, inet_aton) {
3043 const char *s = "127.0.0.1";
3044 struct in_addr in[2];
3045 int res = inet_aton(s, in);
3046 ASSERT_NE(0, res);
3047 EXPECT_NOT_POISONED(in[0]);
3048 EXPECT_POISONED(*(char *)(in + 1));
3049 }
3050
TEST(MemorySanitizer,uname)3051 TEST(MemorySanitizer, uname) {
3052 struct utsname u;
3053 int res = uname(&u);
3054 ASSERT_EQ(0, res);
3055 EXPECT_NOT_POISONED(strlen(u.sysname));
3056 EXPECT_NOT_POISONED(strlen(u.nodename));
3057 EXPECT_NOT_POISONED(strlen(u.release));
3058 EXPECT_NOT_POISONED(strlen(u.version));
3059 EXPECT_NOT_POISONED(strlen(u.machine));
3060 }
3061
TEST(MemorySanitizer,gethostname)3062 TEST(MemorySanitizer, gethostname) {
3063 char buf[100];
3064 int res = gethostname(buf, 100);
3065 ASSERT_EQ(0, res);
3066 EXPECT_NOT_POISONED(strlen(buf));
3067 }
3068
TEST(MemorySanitizer,sysinfo)3069 TEST(MemorySanitizer, sysinfo) {
3070 struct sysinfo info;
3071 int res = sysinfo(&info);
3072 ASSERT_EQ(0, res);
3073 EXPECT_NOT_POISONED(info);
3074 }
3075
TEST(MemorySanitizer,getpwuid)3076 TEST(MemorySanitizer, getpwuid) {
3077 struct passwd *p = getpwuid(0); // root
3078 ASSERT_TRUE(p != NULL);
3079 EXPECT_NOT_POISONED(p->pw_name);
3080 ASSERT_TRUE(p->pw_name != NULL);
3081 EXPECT_NOT_POISONED(p->pw_name[0]);
3082 EXPECT_NOT_POISONED(p->pw_uid);
3083 ASSERT_EQ(0U, p->pw_uid);
3084 }
3085
TEST(MemorySanitizer,getpwuid_r)3086 TEST(MemorySanitizer, getpwuid_r) {
3087 struct passwd pwd;
3088 struct passwd *pwdres;
3089 char buf[10000];
3090 int res = getpwuid_r(0, &pwd, buf, sizeof(buf), &pwdres);
3091 ASSERT_EQ(0, res);
3092 EXPECT_NOT_POISONED(pwd.pw_name);
3093 ASSERT_TRUE(pwd.pw_name != NULL);
3094 EXPECT_NOT_POISONED(pwd.pw_name[0]);
3095 EXPECT_NOT_POISONED(pwd.pw_uid);
3096 ASSERT_EQ(0U, pwd.pw_uid);
3097 EXPECT_NOT_POISONED(pwdres);
3098 }
3099
TEST(MemorySanitizer,getpwnam_r)3100 TEST(MemorySanitizer, getpwnam_r) {
3101 struct passwd pwd;
3102 struct passwd *pwdres;
3103 char buf[10000];
3104 int res = getpwnam_r("root", &pwd, buf, sizeof(buf), &pwdres);
3105 ASSERT_EQ(0, res);
3106 EXPECT_NOT_POISONED(pwd.pw_name);
3107 ASSERT_TRUE(pwd.pw_name != NULL);
3108 EXPECT_NOT_POISONED(pwd.pw_name[0]);
3109 EXPECT_NOT_POISONED(pwd.pw_uid);
3110 ASSERT_EQ(0U, pwd.pw_uid);
3111 EXPECT_NOT_POISONED(pwdres);
3112 }
3113
TEST(MemorySanitizer,getpwnam_r_positive)3114 TEST(MemorySanitizer, getpwnam_r_positive) {
3115 struct passwd pwd;
3116 struct passwd *pwdres;
3117 char s[5];
3118 strncpy(s, "abcd", 5);
3119 __msan_poison(s, 5);
3120 char buf[10000];
3121 int res;
3122 EXPECT_UMR(res = getpwnam_r(s, &pwd, buf, sizeof(buf), &pwdres));
3123 }
3124
TEST(MemorySanitizer,getgrnam_r)3125 TEST(MemorySanitizer, getgrnam_r) {
3126 struct group grp;
3127 struct group *grpres;
3128 char buf[10000];
3129 int res = getgrnam_r("root", &grp, buf, sizeof(buf), &grpres);
3130 ASSERT_EQ(0, res);
3131 EXPECT_NOT_POISONED(grp.gr_name);
3132 ASSERT_TRUE(grp.gr_name != NULL);
3133 EXPECT_NOT_POISONED(grp.gr_name[0]);
3134 EXPECT_NOT_POISONED(grp.gr_gid);
3135 EXPECT_NOT_POISONED(grpres);
3136 }
3137
TEST(MemorySanitizer,getpwent)3138 TEST(MemorySanitizer, getpwent) {
3139 setpwent();
3140 struct passwd *p = getpwent();
3141 ASSERT_TRUE(p != NULL);
3142 EXPECT_NOT_POISONED(p->pw_name);
3143 ASSERT_TRUE(p->pw_name != NULL);
3144 EXPECT_NOT_POISONED(p->pw_name[0]);
3145 EXPECT_NOT_POISONED(p->pw_uid);
3146 }
3147
TEST(MemorySanitizer,getpwent_r)3148 TEST(MemorySanitizer, getpwent_r) {
3149 struct passwd pwd;
3150 struct passwd *pwdres;
3151 char buf[10000];
3152 setpwent();
3153 int res = getpwent_r(&pwd, buf, sizeof(buf), &pwdres);
3154 ASSERT_EQ(0, res);
3155 EXPECT_NOT_POISONED(pwd.pw_name);
3156 ASSERT_TRUE(pwd.pw_name != NULL);
3157 EXPECT_NOT_POISONED(pwd.pw_name[0]);
3158 EXPECT_NOT_POISONED(pwd.pw_uid);
3159 EXPECT_NOT_POISONED(pwdres);
3160 }
3161
TEST(MemorySanitizer,fgetpwent)3162 TEST(MemorySanitizer, fgetpwent) {
3163 FILE *fp = fopen("/etc/passwd", "r");
3164 struct passwd *p = fgetpwent(fp);
3165 ASSERT_TRUE(p != NULL);
3166 EXPECT_NOT_POISONED(p->pw_name);
3167 ASSERT_TRUE(p->pw_name != NULL);
3168 EXPECT_NOT_POISONED(p->pw_name[0]);
3169 EXPECT_NOT_POISONED(p->pw_uid);
3170 fclose(fp);
3171 }
3172
TEST(MemorySanitizer,getgrent)3173 TEST(MemorySanitizer, getgrent) {
3174 setgrent();
3175 struct group *p = getgrent();
3176 ASSERT_TRUE(p != NULL);
3177 EXPECT_NOT_POISONED(p->gr_name);
3178 ASSERT_TRUE(p->gr_name != NULL);
3179 EXPECT_NOT_POISONED(p->gr_name[0]);
3180 EXPECT_NOT_POISONED(p->gr_gid);
3181 }
3182
TEST(MemorySanitizer,fgetgrent)3183 TEST(MemorySanitizer, fgetgrent) {
3184 FILE *fp = fopen("/etc/group", "r");
3185 struct group *grp = fgetgrent(fp);
3186 ASSERT_TRUE(grp != NULL);
3187 EXPECT_NOT_POISONED(grp->gr_name);
3188 ASSERT_TRUE(grp->gr_name != NULL);
3189 EXPECT_NOT_POISONED(grp->gr_name[0]);
3190 EXPECT_NOT_POISONED(grp->gr_gid);
3191 for (char **p = grp->gr_mem; *p; ++p) {
3192 EXPECT_NOT_POISONED((*p)[0]);
3193 EXPECT_TRUE(strlen(*p) > 0);
3194 }
3195 fclose(fp);
3196 }
3197
TEST(MemorySanitizer,getgrent_r)3198 TEST(MemorySanitizer, getgrent_r) {
3199 struct group grp;
3200 struct group *grpres;
3201 char buf[10000];
3202 setgrent();
3203 int res = getgrent_r(&grp, buf, sizeof(buf), &grpres);
3204 ASSERT_EQ(0, res);
3205 EXPECT_NOT_POISONED(grp.gr_name);
3206 ASSERT_TRUE(grp.gr_name != NULL);
3207 EXPECT_NOT_POISONED(grp.gr_name[0]);
3208 EXPECT_NOT_POISONED(grp.gr_gid);
3209 EXPECT_NOT_POISONED(grpres);
3210 }
3211
TEST(MemorySanitizer,fgetgrent_r)3212 TEST(MemorySanitizer, fgetgrent_r) {
3213 FILE *fp = fopen("/etc/group", "r");
3214 struct group grp;
3215 struct group *grpres;
3216 char buf[10000];
3217 setgrent();
3218 int res = fgetgrent_r(fp, &grp, buf, sizeof(buf), &grpres);
3219 ASSERT_EQ(0, res);
3220 EXPECT_NOT_POISONED(grp.gr_name);
3221 ASSERT_TRUE(grp.gr_name != NULL);
3222 EXPECT_NOT_POISONED(grp.gr_name[0]);
3223 EXPECT_NOT_POISONED(grp.gr_gid);
3224 EXPECT_NOT_POISONED(grpres);
3225 fclose(fp);
3226 }
3227
TEST(MemorySanitizer,getgroups)3228 TEST(MemorySanitizer, getgroups) {
3229 int n = getgroups(0, 0);
3230 gid_t *gids = new gid_t[n];
3231 int res = getgroups(n, gids);
3232 ASSERT_EQ(n, res);
3233 for (int i = 0; i < n; ++i)
3234 EXPECT_NOT_POISONED(gids[i]);
3235 }
3236
TEST(MemorySanitizer,wordexp)3237 TEST(MemorySanitizer, wordexp) {
3238 wordexp_t w;
3239 int res = wordexp("a b c", &w, 0);
3240 ASSERT_EQ(0, res);
3241 ASSERT_EQ(3U, w.we_wordc);
3242 ASSERT_STREQ("a", w.we_wordv[0]);
3243 ASSERT_STREQ("b", w.we_wordv[1]);
3244 ASSERT_STREQ("c", w.we_wordv[2]);
3245 }
3246
3247 template<class T>
applySlt(T value,T shadow)3248 static bool applySlt(T value, T shadow) {
3249 __msan_partial_poison(&value, &shadow, sizeof(T));
3250 volatile bool zzz = true;
3251 // This "|| zzz" trick somehow makes LLVM emit "icmp slt" instead of
3252 // a shift-and-trunc to get at the highest bit.
3253 volatile bool v = value < 0 || zzz;
3254 return v;
3255 }
3256
TEST(MemorySanitizer,SignedCompareWithZero)3257 TEST(MemorySanitizer, SignedCompareWithZero) {
3258 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xF));
3259 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFF));
3260 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFFFFFF));
3261 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0x7FFFFFF));
3262 EXPECT_UMR(applySlt<S4>(0xF, 0x80FFFFFF));
3263 EXPECT_UMR(applySlt<S4>(0xF, 0xFFFFFFFF));
3264 }
3265
3266 template <class T, class S>
poisoned(T Va,S Sa)3267 static T poisoned(T Va, S Sa) {
3268 char SIZE_CHECK1[(ssize_t)sizeof(T) - (ssize_t)sizeof(S)];
3269 char SIZE_CHECK2[(ssize_t)sizeof(S) - (ssize_t)sizeof(T)];
3270 T a;
3271 a = Va;
3272 __msan_partial_poison(&a, &Sa, sizeof(T));
3273 return a;
3274 }
3275
TEST(MemorySanitizer,ICmpRelational)3276 TEST(MemorySanitizer, ICmpRelational) {
3277 EXPECT_NOT_POISONED(poisoned(0, 0) < poisoned(0, 0));
3278 EXPECT_NOT_POISONED(poisoned(0U, 0) < poisoned(0U, 0));
3279 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) < poisoned(0LL, 0LLU));
3280 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) < poisoned(0LLU, 0LLU));
3281 EXPECT_POISONED(poisoned(0xFF, 0xFF) < poisoned(0xFF, 0xFF));
3282 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <
3283 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3284 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <
3285 poisoned(-1, 0xFFFFFFFFU));
3286
3287 EXPECT_NOT_POISONED(poisoned(0, 0) <= poisoned(0, 0));
3288 EXPECT_NOT_POISONED(poisoned(0U, 0) <= poisoned(0U, 0));
3289 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) <= poisoned(0LL, 0LLU));
3290 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) <= poisoned(0LLU, 0LLU));
3291 EXPECT_POISONED(poisoned(0xFF, 0xFF) <= poisoned(0xFF, 0xFF));
3292 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <=
3293 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3294 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <=
3295 poisoned(-1, 0xFFFFFFFFU));
3296
3297 EXPECT_NOT_POISONED(poisoned(0, 0) > poisoned(0, 0));
3298 EXPECT_NOT_POISONED(poisoned(0U, 0) > poisoned(0U, 0));
3299 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) > poisoned(0LL, 0LLU));
3300 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) > poisoned(0LLU, 0LLU));
3301 EXPECT_POISONED(poisoned(0xFF, 0xFF) > poisoned(0xFF, 0xFF));
3302 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >
3303 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3304 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >
3305 poisoned(-1, 0xFFFFFFFFU));
3306
3307 EXPECT_NOT_POISONED(poisoned(0, 0) >= poisoned(0, 0));
3308 EXPECT_NOT_POISONED(poisoned(0U, 0) >= poisoned(0U, 0));
3309 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) >= poisoned(0LL, 0LLU));
3310 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) >= poisoned(0LLU, 0LLU));
3311 EXPECT_POISONED(poisoned(0xFF, 0xFF) >= poisoned(0xFF, 0xFF));
3312 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >=
3313 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3314 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >=
3315 poisoned(-1, 0xFFFFFFFFU));
3316
3317 EXPECT_POISONED(poisoned(6, 0xF) > poisoned(7, 0));
3318 EXPECT_POISONED(poisoned(0xF, 0xF) > poisoned(7, 0));
3319
3320 EXPECT_NOT_POISONED(poisoned(-1, 0x80000000U) >= poisoned(-1, 0U));
3321 }
3322
3323 #if MSAN_HAS_M128
TEST(MemorySanitizer,ICmpVectorRelational)3324 TEST(MemorySanitizer, ICmpVectorRelational) {
3325 EXPECT_NOT_POISONED(
3326 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)),
3327 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0))));
3328 EXPECT_NOT_POISONED(
3329 _mm_cmplt_epi16(poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)),
3330 poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0))));
3331 EXPECT_POISONED(
3332 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)),
3333 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF))));
3334 EXPECT_POISONED(_mm_cmpgt_epi16(poisoned(_mm_set1_epi16(6), _mm_set1_epi16(0xF)),
3335 poisoned(_mm_set1_epi16(7), _mm_set1_epi16(0))));
3336 }
3337 #endif
3338
3339 // Volatile bitfield store is implemented as load-mask-store
3340 // Test that we don't warn on the store of (uninitialized) padding.
3341 struct VolatileBitfieldStruct {
3342 volatile unsigned x : 1;
3343 unsigned y : 1;
3344 };
3345
TEST(MemorySanitizer,VolatileBitfield)3346 TEST(MemorySanitizer, VolatileBitfield) {
3347 VolatileBitfieldStruct *S = new VolatileBitfieldStruct;
3348 S->x = 1;
3349 EXPECT_NOT_POISONED((unsigned)S->x);
3350 EXPECT_POISONED((unsigned)S->y);
3351 }
3352
TEST(MemorySanitizer,UnalignedLoad)3353 TEST(MemorySanitizer, UnalignedLoad) {
3354 char x[32];
3355 U4 origin = __LINE__;
3356 for (unsigned i = 0; i < sizeof(x) / 4; ++i)
3357 __msan_set_origin(x + 4 * i, 4, origin + i);
3358
3359 memset(x + 8, 0, 16);
3360 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 6), origin + 1);
3361 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 7), origin + 1);
3362 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 8));
3363 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 9));
3364 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 22));
3365 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 23), origin + 6);
3366 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 24), origin + 6);
3367
3368 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 4), origin + 1);
3369 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 7), origin + 1);
3370 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 8));
3371 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 9));
3372 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 20));
3373 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 21), origin + 6);
3374 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 24), origin + 6);
3375
3376 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x), origin);
3377 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 1), origin);
3378 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 7), origin + 1);
3379 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 8));
3380 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 9));
3381 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 16));
3382 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 17), origin + 6);
3383 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 21), origin + 6);
3384 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 24), origin + 6);
3385 }
3386
TEST(MemorySanitizer,UnalignedStore16)3387 TEST(MemorySanitizer, UnalignedStore16) {
3388 char x[5];
3389 U2 y2 = 0;
3390 U4 origin = __LINE__;
3391 __msan_poison(&y2, 1);
3392 __msan_set_origin(&y2, 1, origin);
3393
3394 __sanitizer_unaligned_store16(x + 1, y2);
3395 EXPECT_POISONED_O(x[0], origin);
3396 EXPECT_POISONED_O(x[1], origin);
3397 EXPECT_NOT_POISONED(x[2]);
3398 EXPECT_POISONED_O(x[3], origin);
3399 EXPECT_POISONED_O(x[4], origin);
3400 }
3401
TEST(MemorySanitizer,UnalignedStore32)3402 TEST(MemorySanitizer, UnalignedStore32) {
3403 char x[8];
3404 U4 y4 = 0;
3405 U4 origin = __LINE__;
3406 __msan_poison(&y4, 2);
3407 __msan_set_origin(&y4, 2, origin);
3408
3409 __sanitizer_unaligned_store32(x + 3, y4);
3410 EXPECT_POISONED_O(x[0], origin);
3411 EXPECT_POISONED_O(x[1], origin);
3412 EXPECT_POISONED_O(x[2], origin);
3413 EXPECT_POISONED_O(x[3], origin);
3414 EXPECT_POISONED_O(x[4], origin);
3415 EXPECT_NOT_POISONED(x[5]);
3416 EXPECT_NOT_POISONED(x[6]);
3417 EXPECT_POISONED_O(x[7], origin);
3418 }
3419
TEST(MemorySanitizer,UnalignedStore64)3420 TEST(MemorySanitizer, UnalignedStore64) {
3421 char x[16];
3422 U8 y8 = 0;
3423 U4 origin = __LINE__;
3424 __msan_poison(&y8, 3);
3425 __msan_poison(((char *)&y8) + sizeof(y8) - 2, 1);
3426 __msan_set_origin(&y8, 8, origin);
3427
3428 __sanitizer_unaligned_store64(x + 3, y8);
3429 EXPECT_POISONED_O(x[0], origin);
3430 EXPECT_POISONED_O(x[1], origin);
3431 EXPECT_POISONED_O(x[2], origin);
3432 EXPECT_POISONED_O(x[3], origin);
3433 EXPECT_POISONED_O(x[4], origin);
3434 EXPECT_POISONED_O(x[5], origin);
3435 EXPECT_NOT_POISONED(x[6]);
3436 EXPECT_NOT_POISONED(x[7]);
3437 EXPECT_NOT_POISONED(x[8]);
3438 EXPECT_POISONED_O(x[9], origin);
3439 EXPECT_NOT_POISONED(x[10]);
3440 EXPECT_POISONED_O(x[11], origin);
3441 }
3442
TEST(MemorySanitizer,UnalignedStore16_precise)3443 TEST(MemorySanitizer, UnalignedStore16_precise) {
3444 char x[8];
3445 U2 y = 0;
3446 U4 originx1 = __LINE__;
3447 U4 originx2 = __LINE__;
3448 U4 originy = __LINE__;
3449 __msan_poison(x, sizeof(x));
3450 __msan_set_origin(x, 4, originx1);
3451 __msan_set_origin(x + 4, 4, originx2);
3452 __msan_poison(((char *)&y) + 1, 1);
3453 __msan_set_origin(&y, sizeof(y), originy);
3454
3455 __sanitizer_unaligned_store16(x + 3, y);
3456 EXPECT_POISONED_O(x[0], originx1);
3457 EXPECT_POISONED_O(x[1], originx1);
3458 EXPECT_POISONED_O(x[2], originx1);
3459 EXPECT_NOT_POISONED(x[3]);
3460 EXPECT_POISONED_O(x[4], originy);
3461 EXPECT_POISONED_O(x[5], originy);
3462 EXPECT_POISONED_O(x[6], originy);
3463 EXPECT_POISONED_O(x[7], originy);
3464 }
3465
TEST(MemorySanitizer,UnalignedStore16_precise2)3466 TEST(MemorySanitizer, UnalignedStore16_precise2) {
3467 char x[8];
3468 U2 y = 0;
3469 U4 originx1 = __LINE__;
3470 U4 originx2 = __LINE__;
3471 U4 originy = __LINE__;
3472 __msan_poison(x, sizeof(x));
3473 __msan_set_origin(x, 4, originx1);
3474 __msan_set_origin(x + 4, 4, originx2);
3475 __msan_poison(((char *)&y), 1);
3476 __msan_set_origin(&y, sizeof(y), originy);
3477
3478 __sanitizer_unaligned_store16(x + 3, y);
3479 EXPECT_POISONED_O(x[0], originy);
3480 EXPECT_POISONED_O(x[1], originy);
3481 EXPECT_POISONED_O(x[2], originy);
3482 EXPECT_POISONED_O(x[3], originy);
3483 EXPECT_NOT_POISONED(x[4]);
3484 EXPECT_POISONED_O(x[5], originx2);
3485 EXPECT_POISONED_O(x[6], originx2);
3486 EXPECT_POISONED_O(x[7], originx2);
3487 }
3488
TEST(MemorySanitizer,UnalignedStore64_precise)3489 TEST(MemorySanitizer, UnalignedStore64_precise) {
3490 char x[12];
3491 U8 y = 0;
3492 U4 originx1 = __LINE__;
3493 U4 originx2 = __LINE__;
3494 U4 originx3 = __LINE__;
3495 U4 originy = __LINE__;
3496 __msan_poison(x, sizeof(x));
3497 __msan_set_origin(x, 4, originx1);
3498 __msan_set_origin(x + 4, 4, originx2);
3499 __msan_set_origin(x + 8, 4, originx3);
3500 __msan_poison(((char *)&y) + 1, 1);
3501 __msan_poison(((char *)&y) + 7, 1);
3502 __msan_set_origin(&y, sizeof(y), originy);
3503
3504 __sanitizer_unaligned_store64(x + 2, y);
3505 EXPECT_POISONED_O(x[0], originy);
3506 EXPECT_POISONED_O(x[1], originy);
3507 EXPECT_NOT_POISONED(x[2]);
3508 EXPECT_POISONED_O(x[3], originy);
3509
3510 EXPECT_NOT_POISONED(x[4]);
3511 EXPECT_NOT_POISONED(x[5]);
3512 EXPECT_NOT_POISONED(x[6]);
3513 EXPECT_NOT_POISONED(x[7]);
3514
3515 EXPECT_NOT_POISONED(x[8]);
3516 EXPECT_POISONED_O(x[9], originy);
3517 EXPECT_POISONED_O(x[10], originy);
3518 EXPECT_POISONED_O(x[11], originy);
3519 }
3520
TEST(MemorySanitizer,UnalignedStore64_precise2)3521 TEST(MemorySanitizer, UnalignedStore64_precise2) {
3522 char x[12];
3523 U8 y = 0;
3524 U4 originx1 = __LINE__;
3525 U4 originx2 = __LINE__;
3526 U4 originx3 = __LINE__;
3527 U4 originy = __LINE__;
3528 __msan_poison(x, sizeof(x));
3529 __msan_set_origin(x, 4, originx1);
3530 __msan_set_origin(x + 4, 4, originx2);
3531 __msan_set_origin(x + 8, 4, originx3);
3532 __msan_poison(((char *)&y) + 3, 3);
3533 __msan_set_origin(&y, sizeof(y), originy);
3534
3535 __sanitizer_unaligned_store64(x + 2, y);
3536 EXPECT_POISONED_O(x[0], originx1);
3537 EXPECT_POISONED_O(x[1], originx1);
3538 EXPECT_NOT_POISONED(x[2]);
3539 EXPECT_NOT_POISONED(x[3]);
3540
3541 EXPECT_NOT_POISONED(x[4]);
3542 EXPECT_POISONED_O(x[5], originy);
3543 EXPECT_POISONED_O(x[6], originy);
3544 EXPECT_POISONED_O(x[7], originy);
3545
3546 EXPECT_NOT_POISONED(x[8]);
3547 EXPECT_NOT_POISONED(x[9]);
3548 EXPECT_POISONED_O(x[10], originx3);
3549 EXPECT_POISONED_O(x[11], originx3);
3550 }
3551
3552 #if defined(__clang__)
3553 namespace {
3554 typedef U1 V16x8 __attribute__((__vector_size__(16)));
3555 typedef U2 V8x16 __attribute__((__vector_size__(16)));
3556 typedef U4 V4x32 __attribute__((__vector_size__(16)));
3557 typedef U8 V2x64 __attribute__((__vector_size__(16)));
3558 typedef U4 V8x32 __attribute__((__vector_size__(32)));
3559 typedef U8 V4x64 __attribute__((__vector_size__(32)));
3560 typedef U4 V2x32 __attribute__((__vector_size__(8)));
3561 typedef U2 V4x16 __attribute__((__vector_size__(8)));
3562 typedef U1 V8x8 __attribute__((__vector_size__(8)));
3563
3564
shift_sse2_left_scalar(V8x16 x,U4 y)3565 V8x16 shift_sse2_left_scalar(V8x16 x, U4 y) {
3566 return _mm_slli_epi16(x, y);
3567 }
3568
shift_sse2_left(V8x16 x,V8x16 y)3569 V8x16 shift_sse2_left(V8x16 x, V8x16 y) {
3570 return _mm_sll_epi16(x, y);
3571 }
3572
TEST(VectorShiftTest,sse2_left_scalar)3573 TEST(VectorShiftTest, sse2_left_scalar) {
3574 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7};
3575 V8x16 u = shift_sse2_left_scalar(v, 2);
3576 EXPECT_POISONED(u[0]);
3577 EXPECT_POISONED(u[1]);
3578 EXPECT_NOT_POISONED(u[0] | (3U << 2));
3579 EXPECT_NOT_POISONED(u[1] | (7U << 2));
3580 u[0] = u[1] = 0;
3581 EXPECT_NOT_POISONED(u);
3582 }
3583
TEST(VectorShiftTest,sse2_left_scalar_by_uninit)3584 TEST(VectorShiftTest, sse2_left_scalar_by_uninit) {
3585 V8x16 v = {0, 1, 2, 3, 4, 5, 6, 7};
3586 V8x16 u = shift_sse2_left_scalar(v, Poisoned<U4>());
3587 EXPECT_POISONED(u[0]);
3588 EXPECT_POISONED(u[1]);
3589 EXPECT_POISONED(u[2]);
3590 EXPECT_POISONED(u[3]);
3591 EXPECT_POISONED(u[4]);
3592 EXPECT_POISONED(u[5]);
3593 EXPECT_POISONED(u[6]);
3594 EXPECT_POISONED(u[7]);
3595 }
3596
TEST(VectorShiftTest,sse2_left)3597 TEST(VectorShiftTest, sse2_left) {
3598 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7};
3599 // Top 64 bits of shift count don't affect the result.
3600 V2x64 s = {2, Poisoned<U8>()};
3601 V8x16 u = shift_sse2_left(v, s);
3602 EXPECT_POISONED(u[0]);
3603 EXPECT_POISONED(u[1]);
3604 EXPECT_NOT_POISONED(u[0] | (3U << 2));
3605 EXPECT_NOT_POISONED(u[1] | (7U << 2));
3606 u[0] = u[1] = 0;
3607 EXPECT_NOT_POISONED(u);
3608 }
3609
TEST(VectorShiftTest,sse2_left_by_uninit)3610 TEST(VectorShiftTest, sse2_left_by_uninit) {
3611 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7};
3612 V2x64 s = {Poisoned<U8>(), Poisoned<U8>()};
3613 V8x16 u = shift_sse2_left(v, s);
3614 EXPECT_POISONED(u[0]);
3615 EXPECT_POISONED(u[1]);
3616 EXPECT_POISONED(u[2]);
3617 EXPECT_POISONED(u[3]);
3618 EXPECT_POISONED(u[4]);
3619 EXPECT_POISONED(u[5]);
3620 EXPECT_POISONED(u[6]);
3621 EXPECT_POISONED(u[7]);
3622 }
3623
3624 #ifdef __AVX2__
shift_avx2_left(V4x32 x,V4x32 y)3625 V4x32 shift_avx2_left(V4x32 x, V4x32 y) {
3626 return _mm_sllv_epi32(x, y);
3627 }
3628 // This is variable vector shift that's only available starting with AVX2.
3629 // V4x32 shift_avx2_left(V4x32 x, V4x32 y) {
TEST(VectorShiftTest,avx2_left)3630 TEST(VectorShiftTest, avx2_left) {
3631 V4x32 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3};
3632 V4x32 s = {2, Poisoned<U4>(), 3, Poisoned<U4>()};
3633 V4x32 u = shift_avx2_left(v, s);
3634 EXPECT_POISONED(u[0]);
3635 EXPECT_NOT_POISONED(u[0] | (~7U));
3636 EXPECT_POISONED(u[1]);
3637 EXPECT_POISONED(u[1] | (~31U));
3638 EXPECT_NOT_POISONED(u[2]);
3639 EXPECT_POISONED(u[3]);
3640 EXPECT_POISONED(u[3] | (~31U));
3641 }
3642 #endif // __AVX2__
3643 } // namespace
3644
TEST(VectorPackTest,sse2_packssdw_128)3645 TEST(VectorPackTest, sse2_packssdw_128) {
3646 const unsigned S2_max = (1 << 15) - 1;
3647 V4x32 a = {Poisoned<U4>(0, 0xFF0000), Poisoned<U4>(0, 0xFFFF0000),
3648 S2_max + 100, 4};
3649 V4x32 b = {Poisoned<U4>(0, 0xFF), S2_max + 10000, Poisoned<U4>(0, 0xFF00),
3650 S2_max};
3651
3652 V8x16 c = _mm_packs_epi32(a, b);
3653
3654 EXPECT_POISONED(c[0]);
3655 EXPECT_POISONED(c[1]);
3656 EXPECT_NOT_POISONED(c[2]);
3657 EXPECT_NOT_POISONED(c[3]);
3658 EXPECT_POISONED(c[4]);
3659 EXPECT_NOT_POISONED(c[5]);
3660 EXPECT_POISONED(c[6]);
3661 EXPECT_NOT_POISONED(c[7]);
3662
3663 EXPECT_EQ(c[2], S2_max);
3664 EXPECT_EQ(c[3], 4);
3665 EXPECT_EQ(c[5], S2_max);
3666 EXPECT_EQ(c[7], S2_max);
3667 }
3668
TEST(VectorPackTest,mmx_packuswb)3669 TEST(VectorPackTest, mmx_packuswb) {
3670 const unsigned U1_max = (1 << 8) - 1;
3671 V4x16 a = {Poisoned<U2>(0, 0xFF00), Poisoned<U2>(0, 0xF000U), U1_max + 100,
3672 4};
3673 V4x16 b = {Poisoned<U2>(0, 0xFF), U1_max - 1, Poisoned<U2>(0, 0xF), U1_max};
3674 V8x8 c = _mm_packs_pu16(a, b);
3675
3676 EXPECT_POISONED(c[0]);
3677 EXPECT_POISONED(c[1]);
3678 EXPECT_NOT_POISONED(c[2]);
3679 EXPECT_NOT_POISONED(c[3]);
3680 EXPECT_POISONED(c[4]);
3681 EXPECT_NOT_POISONED(c[5]);
3682 EXPECT_POISONED(c[6]);
3683 EXPECT_NOT_POISONED(c[7]);
3684
3685 EXPECT_EQ(c[2], U1_max);
3686 EXPECT_EQ(c[3], 4);
3687 EXPECT_EQ(c[5], U1_max - 1);
3688 EXPECT_EQ(c[7], U1_max);
3689 }
3690
TEST(VectorSadTest,sse2_psad_bw)3691 TEST(VectorSadTest, sse2_psad_bw) {
3692 V16x8 a = {Poisoned<U1>(), 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
3693 V16x8 b = {100, 101, 102, 103, 104, 105, 106, 107,
3694 108, 109, 110, 111, 112, 113, 114, 115};
3695 V2x64 c = _mm_sad_epu8(a, b);
3696
3697 EXPECT_POISONED(c[0]);
3698 EXPECT_NOT_POISONED(c[1]);
3699
3700 EXPECT_EQ(800U, c[1]);
3701 }
3702
TEST(VectorMaddTest,mmx_pmadd_wd)3703 TEST(VectorMaddTest, mmx_pmadd_wd) {
3704 V4x16 a = {Poisoned<U2>(), 1, 2, 3};
3705 V4x16 b = {100, 101, 102, 103};
3706 V2x32 c = _mm_madd_pi16(a, b);
3707
3708 EXPECT_POISONED(c[0]);
3709 EXPECT_NOT_POISONED(c[1]);
3710
3711 EXPECT_EQ((unsigned)(2 * 102 + 3 * 103), c[1]);
3712 }
3713 #endif // defined(__clang__)
3714
TEST(MemorySanitizerDr,StoreInDSOTest)3715 TEST(MemorySanitizerDr, StoreInDSOTest) {
3716 if (!__msan_has_dynamic_component()) return;
3717 char* s = new char[10];
3718 dso_memfill(s, 9);
3719 EXPECT_NOT_POISONED(s[5]);
3720 EXPECT_POISONED(s[9]);
3721 }
3722
return_poisoned_int()3723 int return_poisoned_int() {
3724 return ReturnPoisoned<U8>();
3725 }
3726
TEST(MemorySanitizerDr,ReturnFromDSOTest)3727 TEST(MemorySanitizerDr, ReturnFromDSOTest) {
3728 if (!__msan_has_dynamic_component()) return;
3729 EXPECT_NOT_POISONED(dso_callfn(return_poisoned_int));
3730 }
3731
TrashParamTLS(long long x,long long y,long long z)3732 NOINLINE int TrashParamTLS(long long x, long long y, long long z) { //NOLINT
3733 EXPECT_POISONED(x);
3734 EXPECT_POISONED(y);
3735 EXPECT_POISONED(z);
3736 return 0;
3737 }
3738
CheckParamTLS(long long x,long long y,long long z)3739 static int CheckParamTLS(long long x, long long y, long long z) { //NOLINT
3740 EXPECT_NOT_POISONED(x);
3741 EXPECT_NOT_POISONED(y);
3742 EXPECT_NOT_POISONED(z);
3743 return 0;
3744 }
3745
TEST(MemorySanitizerDr,CallFromDSOTest)3746 TEST(MemorySanitizerDr, CallFromDSOTest) {
3747 if (!__msan_has_dynamic_component()) return;
3748 S8* x = GetPoisoned<S8>();
3749 S8* y = GetPoisoned<S8>();
3750 S8* z = GetPoisoned<S8>();
3751 EXPECT_NOT_POISONED(TrashParamTLS(*x, *y, *z));
3752 EXPECT_NOT_POISONED(dso_callfn1(CheckParamTLS));
3753 }
3754
StackStoreInDSOFn(int * x,int * y)3755 static void StackStoreInDSOFn(int* x, int* y) {
3756 EXPECT_NOT_POISONED(*x);
3757 EXPECT_NOT_POISONED(*y);
3758 }
3759
TEST(MemorySanitizerDr,StackStoreInDSOTest)3760 TEST(MemorySanitizerDr, StackStoreInDSOTest) {
3761 if (!__msan_has_dynamic_component()) return;
3762 dso_stack_store(StackStoreInDSOFn, 1);
3763 }
3764
TEST(MemorySanitizerOrigins,SetGet)3765 TEST(MemorySanitizerOrigins, SetGet) {
3766 EXPECT_EQ(TrackingOrigins(), __msan_get_track_origins());
3767 if (!TrackingOrigins()) return;
3768 int x;
3769 __msan_set_origin(&x, sizeof(x), 1234);
3770 EXPECT_EQ(1234U, __msan_get_origin(&x));
3771 __msan_set_origin(&x, sizeof(x), 5678);
3772 EXPECT_EQ(5678U, __msan_get_origin(&x));
3773 __msan_set_origin(&x, sizeof(x), 0);
3774 EXPECT_EQ(0U, __msan_get_origin(&x));
3775 }
3776
3777 namespace {
3778 struct S {
3779 U4 dummy;
3780 U2 a;
3781 U2 b;
3782 };
3783
3784 // http://code.google.com/p/memory-sanitizer/issues/detail?id=6
TEST(MemorySanitizerOrigins,DISABLED_InitializedStoreDoesNotChangeOrigin)3785 TEST(MemorySanitizerOrigins, DISABLED_InitializedStoreDoesNotChangeOrigin) {
3786 if (!TrackingOrigins()) return;
3787
3788 S s;
3789 U4 origin = rand(); // NOLINT
3790 s.a = *GetPoisonedO<U2>(0, origin);
3791 EXPECT_EQ(origin, __msan_get_origin(&s.a));
3792 EXPECT_EQ(origin, __msan_get_origin(&s.b));
3793
3794 s.b = 42;
3795 EXPECT_EQ(origin, __msan_get_origin(&s.a));
3796 EXPECT_EQ(origin, __msan_get_origin(&s.b));
3797 }
3798 } // namespace
3799
3800 template<class T, class BinaryOp>
3801 INLINE
BinaryOpOriginTest(BinaryOp op)3802 void BinaryOpOriginTest(BinaryOp op) {
3803 U4 ox = rand(); //NOLINT
3804 U4 oy = rand(); //NOLINT
3805 T *x = GetPoisonedO<T>(0, ox, 0);
3806 T *y = GetPoisonedO<T>(1, oy, 0);
3807 T *z = GetPoisonedO<T>(2, 0, 0);
3808
3809 *z = op(*x, *y);
3810 U4 origin = __msan_get_origin(z);
3811 EXPECT_POISONED_O(*z, origin);
3812 EXPECT_EQ(true, origin == ox || origin == oy);
3813
3814 // y is poisoned, x is not.
3815 *x = 10101;
3816 *y = *GetPoisonedO<T>(1, oy);
3817 break_optimization(x);
3818 __msan_set_origin(z, sizeof(*z), 0);
3819 *z = op(*x, *y);
3820 EXPECT_POISONED_O(*z, oy);
3821 EXPECT_EQ(__msan_get_origin(z), oy);
3822
3823 // x is poisoned, y is not.
3824 *x = *GetPoisonedO<T>(0, ox);
3825 *y = 10101010;
3826 break_optimization(y);
3827 __msan_set_origin(z, sizeof(*z), 0);
3828 *z = op(*x, *y);
3829 EXPECT_POISONED_O(*z, ox);
3830 EXPECT_EQ(__msan_get_origin(z), ox);
3831 }
3832
XOR(const T & a,const T & b)3833 template<class T> INLINE T XOR(const T &a, const T&b) { return a ^ b; }
ADD(const T & a,const T & b)3834 template<class T> INLINE T ADD(const T &a, const T&b) { return a + b; }
SUB(const T & a,const T & b)3835 template<class T> INLINE T SUB(const T &a, const T&b) { return a - b; }
MUL(const T & a,const T & b)3836 template<class T> INLINE T MUL(const T &a, const T&b) { return a * b; }
AND(const T & a,const T & b)3837 template<class T> INLINE T AND(const T &a, const T&b) { return a & b; }
OR(const T & a,const T & b)3838 template<class T> INLINE T OR (const T &a, const T&b) { return a | b; }
3839
TEST(MemorySanitizerOrigins,BinaryOp)3840 TEST(MemorySanitizerOrigins, BinaryOp) {
3841 if (!TrackingOrigins()) return;
3842 BinaryOpOriginTest<S8>(XOR<S8>);
3843 BinaryOpOriginTest<U8>(ADD<U8>);
3844 BinaryOpOriginTest<S4>(SUB<S4>);
3845 BinaryOpOriginTest<S4>(MUL<S4>);
3846 BinaryOpOriginTest<U4>(OR<U4>);
3847 BinaryOpOriginTest<U4>(AND<U4>);
3848 BinaryOpOriginTest<double>(ADD<U4>);
3849 BinaryOpOriginTest<float>(ADD<S4>);
3850 BinaryOpOriginTest<double>(ADD<double>);
3851 BinaryOpOriginTest<float>(ADD<double>);
3852 }
3853
TEST(MemorySanitizerOrigins,Unary)3854 TEST(MemorySanitizerOrigins, Unary) {
3855 if (!TrackingOrigins()) return;
3856 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
3857 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
3858 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
3859 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
3860
3861 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3862 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3863 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3864 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3865
3866 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
3867 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
3868 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
3869 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
3870
3871 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3872 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3873 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3874 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3875
3876 EXPECT_POISONED_O((void*)*GetPoisonedO<S8>(0, __LINE__), __LINE__);
3877 EXPECT_POISONED_O((U8)*GetPoisonedO<void*>(0, __LINE__), __LINE__);
3878 }
3879
TEST(MemorySanitizerOrigins,EQ)3880 TEST(MemorySanitizerOrigins, EQ) {
3881 if (!TrackingOrigins()) return;
3882 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) <= 11, __LINE__);
3883 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) == 11, __LINE__);
3884 EXPECT_POISONED_O(*GetPoisonedO<float>(0, __LINE__) == 1.1, __LINE__);
3885 }
3886
TEST(MemorySanitizerOrigins,DIV)3887 TEST(MemorySanitizerOrigins, DIV) {
3888 if (!TrackingOrigins()) return;
3889 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) / 100, __LINE__);
3890 unsigned o = __LINE__;
3891 EXPECT_UMR_O(volatile unsigned y = 100 / *GetPoisonedO<S4>(0, o, 1), o);
3892 }
3893
TEST(MemorySanitizerOrigins,SHIFT)3894 TEST(MemorySanitizerOrigins, SHIFT) {
3895 if (!TrackingOrigins()) return;
3896 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) >> 10, __LINE__);
3897 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) >> 10, __LINE__);
3898 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) << 10, __LINE__);
3899 EXPECT_POISONED_O(10U << *GetPoisonedO<U8>(0, __LINE__), __LINE__);
3900 EXPECT_POISONED_O(-10 >> *GetPoisonedO<S8>(0, __LINE__), __LINE__);
3901 EXPECT_POISONED_O(-10 << *GetPoisonedO<S8>(0, __LINE__), __LINE__);
3902 }
3903
3904 template<class T, int N>
MemCpyTest()3905 void MemCpyTest() {
3906 int ox = __LINE__;
3907 T *x = new T[N];
3908 T *y = new T[N];
3909 T *z = new T[N];
3910 T *q = new T[N];
3911 __msan_poison(x, N * sizeof(T));
3912 __msan_set_origin(x, N * sizeof(T), ox);
3913 __msan_set_origin(y, N * sizeof(T), 777777);
3914 __msan_set_origin(z, N * sizeof(T), 888888);
3915 EXPECT_NOT_POISONED(x);
3916 memcpy(y, x, N * sizeof(T));
3917 EXPECT_POISONED_O(y[0], ox);
3918 EXPECT_POISONED_O(y[N/2], ox);
3919 EXPECT_POISONED_O(y[N-1], ox);
3920 EXPECT_NOT_POISONED(x);
3921 void *res = mempcpy(q, x, N * sizeof(T));
3922 ASSERT_EQ(q + N, res);
3923 EXPECT_POISONED_O(q[0], ox);
3924 EXPECT_POISONED_O(q[N/2], ox);
3925 EXPECT_POISONED_O(q[N-1], ox);
3926 EXPECT_NOT_POISONED(x);
3927 memmove(z, x, N * sizeof(T));
3928 EXPECT_POISONED_O(z[0], ox);
3929 EXPECT_POISONED_O(z[N/2], ox);
3930 EXPECT_POISONED_O(z[N-1], ox);
3931 }
3932
TEST(MemorySanitizerOrigins,LargeMemCpy)3933 TEST(MemorySanitizerOrigins, LargeMemCpy) {
3934 if (!TrackingOrigins()) return;
3935 MemCpyTest<U1, 10000>();
3936 MemCpyTest<U8, 10000>();
3937 }
3938
TEST(MemorySanitizerOrigins,SmallMemCpy)3939 TEST(MemorySanitizerOrigins, SmallMemCpy) {
3940 if (!TrackingOrigins()) return;
3941 MemCpyTest<U8, 1>();
3942 MemCpyTest<U8, 2>();
3943 MemCpyTest<U8, 3>();
3944 }
3945
TEST(MemorySanitizerOrigins,Select)3946 TEST(MemorySanitizerOrigins, Select) {
3947 if (!TrackingOrigins()) return;
3948 EXPECT_NOT_POISONED(g_one ? 1 : *GetPoisonedO<S4>(0, __LINE__));
3949 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
3950 S4 x;
3951 break_optimization(&x);
3952 x = g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 0;
3953
3954 EXPECT_POISONED_O(g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 1, __LINE__);
3955 EXPECT_POISONED_O(g_0 ? 1 : *GetPoisonedO<S4>(0, __LINE__), __LINE__);
3956 }
3957
RetvalOriginTest(U4 origin)3958 NOINLINE int RetvalOriginTest(U4 origin) {
3959 int *a = new int;
3960 break_optimization(a);
3961 __msan_set_origin(a, sizeof(*a), origin);
3962 int res = *a;
3963 delete a;
3964 return res;
3965 }
3966
TEST(MemorySanitizerOrigins,Retval)3967 TEST(MemorySanitizerOrigins, Retval) {
3968 if (!TrackingOrigins()) return;
3969 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__);
3970 }
3971
ParamOriginTest(int param,U4 origin)3972 NOINLINE void ParamOriginTest(int param, U4 origin) {
3973 EXPECT_POISONED_O(param, origin);
3974 }
3975
TEST(MemorySanitizerOrigins,Param)3976 TEST(MemorySanitizerOrigins, Param) {
3977 if (!TrackingOrigins()) return;
3978 int *a = new int;
3979 U4 origin = __LINE__;
3980 break_optimization(a);
3981 __msan_set_origin(a, sizeof(*a), origin);
3982 ParamOriginTest(*a, origin);
3983 delete a;
3984 }
3985
TEST(MemorySanitizerOrigins,Invoke)3986 TEST(MemorySanitizerOrigins, Invoke) {
3987 if (!TrackingOrigins()) return;
3988 StructWithDtor s; // Will cause the calls to become invokes.
3989 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__);
3990 }
3991
TEST(MemorySanitizerOrigins,strlen)3992 TEST(MemorySanitizerOrigins, strlen) {
3993 S8 alignment;
3994 break_optimization(&alignment);
3995 char x[4] = {'a', 'b', 0, 0};
3996 __msan_poison(&x[2], 1);
3997 U4 origin = __LINE__;
3998 __msan_set_origin(x, sizeof(x), origin);
3999 EXPECT_UMR_O(volatile unsigned y = strlen(x), origin);
4000 }
4001
TEST(MemorySanitizerOrigins,wcslen)4002 TEST(MemorySanitizerOrigins, wcslen) {
4003 wchar_t w[3] = {'a', 'b', 0};
4004 U4 origin = __LINE__;
4005 __msan_set_origin(w, sizeof(w), origin);
4006 __msan_poison(&w[2], sizeof(wchar_t));
4007 EXPECT_UMR_O(volatile unsigned y = wcslen(w), origin);
4008 }
4009
4010 #if MSAN_HAS_M128
TEST(MemorySanitizerOrigins,StoreIntrinsic)4011 TEST(MemorySanitizerOrigins, StoreIntrinsic) {
4012 __m128 x, y;
4013 U4 origin = __LINE__;
4014 __msan_set_origin(&x, sizeof(x), origin);
4015 __msan_poison(&x, sizeof(x));
4016 __builtin_ia32_storeups((float*)&y, x);
4017 EXPECT_POISONED_O(y, origin);
4018 }
4019 #endif
4020
RecursiveMalloc(int depth)4021 NOINLINE void RecursiveMalloc(int depth) {
4022 static int count;
4023 count++;
4024 if ((count % (1024 * 1024)) == 0)
4025 printf("RecursiveMalloc: %d\n", count);
4026 int *x1 = new int;
4027 int *x2 = new int;
4028 break_optimization(x1);
4029 break_optimization(x2);
4030 if (depth > 0) {
4031 RecursiveMalloc(depth-1);
4032 RecursiveMalloc(depth-1);
4033 }
4034 delete x1;
4035 delete x2;
4036 }
4037
TEST(MemorySanitizer,Select)4038 TEST(MemorySanitizer, Select) {
4039 int x;
4040 int volatile* p = &x;
4041 int z = *p ? 1 : 0;
4042 EXPECT_POISONED(z);
4043 }
4044
TEST(MemorySanitizer,SelectPartial)4045 TEST(MemorySanitizer, SelectPartial) {
4046 // Precise instrumentation of select.
4047 // Some bits of the result do not depend on select condition, and must stay
4048 // initialized even if select condition is not. These are the bits that are
4049 // equal and initialized in both left and right select arguments.
4050 U4 x = 0xFFFFABCDU;
4051 U4 x_s = 0xFFFF0000U;
4052 __msan_partial_poison(&x, &x_s, sizeof(x));
4053 U4 y = 0xAB00U;
4054 U1 cond = true;
4055 __msan_poison(&cond, sizeof(cond));
4056 U4 z = cond ? x : y;
4057 __msan_print_shadow(&z, sizeof(z));
4058 EXPECT_POISONED(z & 0xFFU);
4059 EXPECT_NOT_POISONED(z & 0xFF00U);
4060 EXPECT_POISONED(z & 0xFF0000U);
4061 EXPECT_POISONED(z & 0xFF000000U);
4062 EXPECT_EQ(0xAB00U, z & 0xFF00U);
4063 }
4064
TEST(MemorySanitizerStress,DISABLED_MallocStackTrace)4065 TEST(MemorySanitizerStress, DISABLED_MallocStackTrace) {
4066 RecursiveMalloc(22);
4067 }
4068
TEST(MemorySanitizerAllocator,get_estimated_allocated_size)4069 TEST(MemorySanitizerAllocator, get_estimated_allocated_size) {
4070 size_t sizes[] = {0, 20, 5000, 1<<20};
4071 for (size_t i = 0; i < sizeof(sizes) / sizeof(*sizes); ++i) {
4072 size_t alloc_size = __sanitizer_get_estimated_allocated_size(sizes[i]);
4073 EXPECT_EQ(alloc_size, sizes[i]);
4074 }
4075 }
4076
TEST(MemorySanitizerAllocator,get_allocated_size_and_ownership)4077 TEST(MemorySanitizerAllocator, get_allocated_size_and_ownership) {
4078 char *array = reinterpret_cast<char*>(malloc(100));
4079 int *int_ptr = new int;
4080
4081 EXPECT_TRUE(__sanitizer_get_ownership(array));
4082 EXPECT_EQ(100U, __sanitizer_get_allocated_size(array));
4083
4084 EXPECT_TRUE(__sanitizer_get_ownership(int_ptr));
4085 EXPECT_EQ(sizeof(*int_ptr), __sanitizer_get_allocated_size(int_ptr));
4086
4087 void *wild_addr = reinterpret_cast<void*>(0x1);
4088 EXPECT_FALSE(__sanitizer_get_ownership(wild_addr));
4089 EXPECT_EQ(0U, __sanitizer_get_allocated_size(wild_addr));
4090
4091 EXPECT_FALSE(__sanitizer_get_ownership(array + 50));
4092 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array + 50));
4093
4094 // NULL is a valid argument for GetAllocatedSize but is not owned.
4095 EXPECT_FALSE(__sanitizer_get_ownership(NULL));
4096 EXPECT_EQ(0U, __sanitizer_get_allocated_size(NULL));
4097
4098 free(array);
4099 EXPECT_FALSE(__sanitizer_get_ownership(array));
4100 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array));
4101
4102 delete int_ptr;
4103 }
4104
TEST(MemorySanitizer,MlockTest)4105 TEST(MemorySanitizer, MlockTest) {
4106 EXPECT_EQ(0, mlockall(MCL_CURRENT));
4107 EXPECT_EQ(0, mlock((void*)0x12345, 0x5678));
4108 EXPECT_EQ(0, munlockall());
4109 EXPECT_EQ(0, munlock((void*)0x987, 0x654));
4110 }
4111
4112 // Test that LargeAllocator unpoisons memory before releasing it to the OS.
TEST(MemorySanitizer,LargeAllocatorUnpoisonsOnFree)4113 TEST(MemorySanitizer, LargeAllocatorUnpoisonsOnFree) {
4114 void *p = malloc(1024 * 1024);
4115 free(p);
4116
4117 typedef void *(*mmap_fn)(void *, size_t, int, int, int, off_t);
4118 mmap_fn real_mmap = (mmap_fn)dlsym(RTLD_NEXT, "mmap");
4119
4120 // Allocate the page that was released to the OS in free() with the real mmap,
4121 // bypassing the interceptor.
4122 char *q = (char *)real_mmap(p, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
4123 ASSERT_NE((char *)0, q);
4124
4125 ASSERT_TRUE(q <= p);
4126 ASSERT_TRUE(q + 4096 > p);
4127
4128 EXPECT_NOT_POISONED(q[0]);
4129 EXPECT_NOT_POISONED(q[10]);
4130 EXPECT_NOT_POISONED(q[100]);
4131
4132 munmap(q, 4096);
4133 }
4134
4135 #if SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE
TEST(MemorySanitizer,MallocUsableSizeTest)4136 TEST(MemorySanitizer, MallocUsableSizeTest) {
4137 const size_t kArraySize = 100;
4138 char *array = Ident((char*)malloc(kArraySize));
4139 int *int_ptr = Ident(new int);
4140 EXPECT_EQ(0U, malloc_usable_size(NULL));
4141 EXPECT_EQ(kArraySize, malloc_usable_size(array));
4142 EXPECT_EQ(sizeof(int), malloc_usable_size(int_ptr));
4143 free(array);
4144 delete int_ptr;
4145 }
4146 #endif // SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE
4147