[llvm-bugs] [Bug 50840] New: MSan use-of-uninitialized-value falsepositive after D88834

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Jun 24 05:35:41 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50840

            Bug ID: 50840
           Summary: MSan use-of-uninitialized-value falsepositive after
                    D88834
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: hans at chromium.org
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

Consider the following program:

$ cat /tmp/a.cc
#include <stdint.h>
#include <sanitizer/msan_interface.h>

template <typename T>
class opti {
 public:
  constexpr opti() : engaged_(false) {}
  constexpr opti(T&& v) : engaged_(true), data_(v) {}
  const T* operator->() const { return &this->data_; }

 private:
  bool engaged_;  // Whether there is data or not.
  T data_;  // Data storage.
};

struct Unit {
  uint32_t a;
  uint32_t b;
};

__attribute__((noinline))
opti<Unit> Foo() {
  return Unit{100, 200};
}

__attribute__((noinline))
opti<Unit> Bar() {
  auto unit = Foo();
  opti<Unit> ret({unit->a, unit->b});
  return ret;
}

__attribute__((noinline))
void TriggerBug() {
  auto ref = Bar();
  __msan_dump_shadow(&ref, sizeof(ref));
  __msan_check_mem_is_initialized(&ref->a, sizeof(uint32_t));
}

int main() {
  TriggerBug();
  return 0;
}



When built with MSan on trunk (121ecb05e73427ab3bc6ceeca04fbab161417e6e), it
fails:

$ clang++ -fsanitize=memory -O2 /tmp/a.cc && ./a.out
00 ff ff ff 00 ff ff ff 00 00 00 00 
Uninitialized bytes in __msan_check_mem_is_initialized at offset 1 inside
[0x7ffefc2b454c, 4)
==3119770==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x49eaed  (/work/llvm.monorepo/a.out+0x49eaed)
    #1 0x49eb05  (/work/llvm.monorepo/a.out+0x49eb05)
    #2 0x7f6cfe0b9d09  (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
    #3 0x420239  (/work/llvm.monorepo/a.out+0x420239)

SUMMARY: MemorySanitizer: use-of-uninitialized-value
(/work/llvm.monorepo/a.out+0x49eaed) 
Exiting


That seems incorrect.

When built at c1fd4305b68500c754a7ce6a86fe297c36e21d3b, before D88834 landed,
it works:

$ clang++ -fsanitize=memory -O2 /tmp/a.cc && ./a.out


So it seems that either something is wrong with D88834, or that it uncovered
some underlying problem in the MSan instrumentation.
00 ff ff ff 00 00 00 00 00 00 00 00

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210624/bcf3c0bc/attachment.html>

More information about the llvm-bugs mailing list