[PATCH] D11283: runtime flag for use-after dtor and v simple runtime test
Naomi Musgrave
nmusgrave at google.com
Thu Jul 16 16:24:53 PDT 2015
nmusgrave created this revision.
nmusgrave added reviewers: kcc, eugenis.
nmusgrave added a subscriber: cfe-commits.
http://reviews.llvm.org/D11283
Files:
include/sanitizer/msan_interface.h
lib/msan/msan_flags.inc
lib/msan/msan_interceptors.cc
lib/msan/msan_interface_internal.h
test/msan/dtor-member.cc
Index: test/msan/dtor-member.cc
===================================================================
--- /dev/null
+++ test/msan/dtor-member.cc
@@ -0,0 +1,20 @@
+// RUN: %clangxx_msan %s -fsanitize=memory -fsanitize-memory-use-after-dtor -o %t && MSAN_OPTIONS=poison_in_dtor=1 not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+#include <sanitizer/msan_interface.h>
+#include <stdlib.h>
+struct A {
+ int x_;
+ A(int x) {
+ x_ = x;
+ }
+ ~A() {}
+};
+
+int main() {
+ A a(5);
+ a.~A();
+ __msan_check_mem_is_initialized(&a, sizeof(a));
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ return 0;
+}
Index: lib/msan/msan_interface_internal.h
===================================================================
--- lib/msan/msan_interface_internal.h
+++ lib/msan/msan_interface_internal.h
@@ -116,6 +116,9 @@
SANITIZER_INTERFACE_ATTRIBUTE
int __msan_set_poison_in_malloc(int do_poison);
+SANITIZER_INTERFACE_ATTRIBUTE
+int __sanitizer_set_poison_in_dtor(int do_poison);
+
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
/* OPTIONAL */ const char* __msan_default_options();
@@ -140,6 +143,11 @@
SANITIZER_INTERFACE_ATTRIBUTE
void __msan_allocated_memory(const void* data, uptr size);
+// Tell MSan about newly destroyed memory. Memory will be marked
+// uninitialized.
+SANITIZER_INTERFACE_ATTRIBUTE
+void __sanitizer_dtor_callback(void* data, uptr size);
+
SANITIZER_INTERFACE_ATTRIBUTE
u16 __sanitizer_unaligned_load16(const uu16 *p);
Index: lib/msan/msan_interceptors.cc
===================================================================
--- lib/msan/msan_interceptors.cc
+++ lib/msan/msan_interceptors.cc
@@ -1005,6 +1005,14 @@
}
}
+void __sanitizer_dtor_callback(void *data, uptr size) {
+ GET_MALLOC_STACK_TRACE;
+ if (flags()->poison_in_dtor) {
+ stack.tag = STACK_TRACE_TAG_POISON;
+ PoisonMemory(data, size, &stack);
+ }
+}
+
INTERCEPTOR(void *, mmap, void *addr, SIZE_T length, int prot, int flags,
int fd, OFF_T offset) {
if (msan_init_is_running)
Index: lib/msan/msan_flags.inc
===================================================================
--- lib/msan/msan_flags.inc
+++ lib/msan/msan_flags.inc
@@ -24,6 +24,7 @@
MSAN_FLAG(bool, poison_stack_with_zeroes, false, "")
MSAN_FLAG(bool, poison_in_malloc, true, "")
MSAN_FLAG(bool, poison_in_free, true, "")
+MSAN_FLAG(bool, poison_in_dtor, false, "")
MSAN_FLAG(bool, report_umrs, true, "")
MSAN_FLAG(bool, wrap_signals, true, "")
MSAN_FLAG(bool, print_stats, false, "")
Index: include/sanitizer/msan_interface.h
===================================================================
--- include/sanitizer/msan_interface.h
+++ include/sanitizer/msan_interface.h
@@ -92,6 +92,9 @@
Memory will be marked uninitialized, with origin at the call site. */
void __msan_allocated_memory(const volatile void* data, size_t size);
+ /* Tell MSan about newly destroyed memory. Mark memory as uninitialized. */
+ void __sanitizer_dtor_callback(volatile void* data, size_t size);
+
/* This function may be optionally provided by user and should return
a string containing Msan runtime options. See msan_flags.h for details. */
const char* __msan_default_options();
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D11283.29961.patch
Type: text/x-patch
Size: 3231 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150716/aea2fa35/attachment.bin>
More information about the cfe-commits
mailing list