]> git.proxmox.com Git - rustc.git/blob - src/compiler-rt/lib/msan/tests/msan_test.cc
projects / rustc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
New upstream version 1.19.0+dfsg3
[rustc.git] / src / compiler-rt / lib / msan / tests / msan_test.cc
1 //===-- msan_test.cc ------------------------------------------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file is a part of MemorySanitizer.
11 //
12 // MemorySanitizer unit tests.
13 //===----------------------------------------------------------------------===//
14
15 #ifndef MSAN_EXTERNAL_TEST_CONFIG
16 #include "msan_test_config.h"
17 #endif // MSAN_EXTERNAL_TEST_CONFIG
18
19 #include "sanitizer_common/tests/sanitizer_test_utils.h"
20
21 #include "sanitizer/allocator_interface.h"
22 #include "sanitizer/msan_interface.h"
23
24 #if defined(__FreeBSD__)
25 # define _KERNEL // To declare 'shminfo' structure.
26 # include <sys/shm.h>
27 # undef _KERNEL
28 extern "C" {
29 // <sys/shm.h> doesn't declare these functions in _KERNEL mode.
30 void *shmat(int, const void *, int);
31 int shmget(key_t, size_t, int);
32 int shmctl(int, int, struct shmid_ds *);
33 int shmdt(const void *);
34 }
35 #endif
36
37 #include <inttypes.h>
38 #include <stdlib.h>
39 #include <stdarg.h>
40 #include <stdio.h>
41 #include <wchar.h>
42 #include <math.h>
43
44 #include <arpa/inet.h>
45 #include <dlfcn.h>
46 #include <grp.h>
47 #include <unistd.h>
48 #include <link.h>
49 #include <limits.h>
50 #include <sys/time.h>
51 #include <poll.h>
52 #include <sys/types.h>
53 #include <sys/stat.h>
54 #include <fcntl.h>
55 #include <sys/resource.h>
56 #include <sys/ioctl.h>
57 #include <sys/statvfs.h>
58 #include <sys/utsname.h>
59 #include <sys/mman.h>
60 #include <dirent.h>
61 #include <pwd.h>
62 #include <sys/socket.h>
63 #include <netdb.h>
64 #include <wordexp.h>
65 #include <sys/ipc.h>
66 #include <sys/shm.h>
67
68 #if !defined(__FreeBSD__)
69 # include <malloc.h>
70 # include <sys/sysinfo.h>
71 # include <sys/vfs.h>
72 # include <mntent.h>
73 # include <netinet/ether.h>
74 #else
75 # include <signal.h>
76 # include <netinet/in.h>
77 # include <pthread_np.h>
78 # include <sys/uio.h>
79 # include <sys/mount.h>
80 # include <sys/sysctl.h>
81 # include <net/ethernet.h>
82 # define f_namelen f_namemax // FreeBSD names this statfs field so.
83 # define cpu_set_t cpuset_t
84 extern "C" {
85 // FreeBSD's <ssp/string.h> defines mempcpy() to be a macro expanding into
86 // a __builtin___mempcpy_chk() call, but since Msan RTL defines it as an
87 // ordinary function, we can declare it here to complete the tests.
88 void *mempcpy(void *dest, const void *src, size_t n);
89 }
90 #endif
91
92 #if defined(__i386__) || defined(__x86_64__)
93 # include <emmintrin.h>
94 # define MSAN_HAS_M128 1
95 #else
96 # define MSAN_HAS_M128 0
97 #endif
98
99 #ifdef __AVX2__
100 # include <immintrin.h>
101 #endif
102
103 // On FreeBSD procfs is not enabled by default.
104 #if defined(__FreeBSD__)
105 # define FILE_TO_READ "/bin/cat"
106 # define DIR_TO_READ "/bin"
107 # define SUBFILE_TO_READ "cat"
108 # define SYMLINK_TO_READ "/usr/bin/tar"
109 # define SUPERUSER_GROUP "wheel"
110 #else
111 # define FILE_TO_READ "/proc/self/stat"
112 # define DIR_TO_READ "/proc/self"
113 # define SUBFILE_TO_READ "stat"
114 # define SYMLINK_TO_READ "/proc/self/exe"
115 # define SUPERUSER_GROUP "root"
116 #endif
117
118 static uintptr_t GetPageSize() {
119 return sysconf(_SC_PAGESIZE);
120 }
121
122 const size_t kMaxPathLength = 4096;
123
124 typedef unsigned char U1;
125 typedef unsigned short U2; // NOLINT
126 typedef unsigned int U4;
127 typedef unsigned long long U8; // NOLINT
128 typedef signed char S1;
129 typedef signed short S2; // NOLINT
130 typedef signed int S4;
131 typedef signed long long S8; // NOLINT
132 #define NOINLINE __attribute__((noinline))
133 #define INLINE __attribute__((always_inline))
134
135 static bool TrackingOrigins() {
136 S8 x;
137 __msan_set_origin(&x, sizeof(x), 0x1234);
138 U4 origin = __msan_get_origin(&x);
139 __msan_set_origin(&x, sizeof(x), 0);
140 return __msan_origin_is_descendant_or_same(origin, 0x1234);
141 }
142
143 #define EXPECT_ORIGIN(expected, origin) \
144 EXPECT_TRUE(__msan_origin_is_descendant_or_same((origin), (expected)))
145
146 #define EXPECT_UMR(action) \
147 do { \
148 __msan_set_expect_umr(1); \
149 action; \
150 __msan_set_expect_umr(0); \
151 } while (0)
152
153 #define EXPECT_UMR_O(action, origin) \
154 do { \
155 __msan_set_expect_umr(1); \
156 action; \
157 __msan_set_expect_umr(0); \
158 if (TrackingOrigins()) EXPECT_ORIGIN(origin, __msan_get_umr_origin()); \
159 } while (0)
160
161 #define EXPECT_POISONED(x) ExpectPoisoned(x)
162
163 template<typename T>
164 void ExpectPoisoned(const T& t) {
165 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t)));
166 }
167
168 #define EXPECT_POISONED_O(x, origin) \
169 ExpectPoisonedWithOrigin(x, origin)
170
171 template<typename T>
172 void ExpectPoisonedWithOrigin(const T& t, unsigned origin) {
173 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t)));
174 if (TrackingOrigins()) EXPECT_ORIGIN(origin, __msan_get_origin((void *)&t));
175 }
176
177 #define EXPECT_NOT_POISONED(x) EXPECT_EQ(true, TestForNotPoisoned((x)))
178
179 template<typename T>
180 bool TestForNotPoisoned(const T& t) {
181 return __msan_test_shadow((void*)&t, sizeof(t)) == -1;
182 }
183
184 static U8 poisoned_array[100];
185 template<class T>
186 T *GetPoisoned(int i = 0, T val = 0) {
187 T *res = (T*)&poisoned_array[i];
188 *res = val;
189 __msan_poison(&poisoned_array[i], sizeof(T));
190 return res;
191 }
192
193 template<class T>
194 T *GetPoisonedO(int i, U4 origin, T val = 0) {
195 T *res = (T*)&poisoned_array[i];
196 *res = val;
197 __msan_poison(&poisoned_array[i], sizeof(T));
198 __msan_set_origin(&poisoned_array[i], sizeof(T), origin);
199 return res;
200 }
201
202 template<typename T>
203 T Poisoned(T v = 0, T s = (T)(-1)) {
204 __msan_partial_poison(&v, &s, sizeof(T));
205 return v;
206 }
207
208 template<class T> NOINLINE T ReturnPoisoned() { return *GetPoisoned<T>(); }
209
210 static volatile int g_one = 1;
211 static volatile int g_zero = 0;
212 static volatile int g_0 = 0;
213 static volatile int g_1 = 1;
214
215 S4 a_s4[100];
216 S8 a_s8[100];
217
218 // Check that malloc poisons memory.
219 // A lot of tests below depend on this.
220 TEST(MemorySanitizerSanity, PoisonInMalloc) {
221 int *x = (int*)malloc(sizeof(int));
222 EXPECT_POISONED(*x);
223 free(x);
224 }
225
226 TEST(MemorySanitizer, NegativeTest1) {
227 S4 *x = GetPoisoned<S4>();
228 if (g_one)
229 *x = 0;
230 EXPECT_NOT_POISONED(*x);
231 }
232
233 TEST(MemorySanitizer, PositiveTest1) {
234 // Load to store.
235 EXPECT_POISONED(*GetPoisoned<S1>());
236 EXPECT_POISONED(*GetPoisoned<S2>());
237 EXPECT_POISONED(*GetPoisoned<S4>());
238 EXPECT_POISONED(*GetPoisoned<S8>());
239
240 // S->S conversions.
241 EXPECT_POISONED(*GetPoisoned<S1>());
242 EXPECT_POISONED(*GetPoisoned<S1>());
243 EXPECT_POISONED(*GetPoisoned<S1>());
244
245 EXPECT_POISONED(*GetPoisoned<S2>());
246 EXPECT_POISONED(*GetPoisoned<S2>());
247 EXPECT_POISONED(*GetPoisoned<S2>());
248
249 EXPECT_POISONED(*GetPoisoned<S4>());
250 EXPECT_POISONED(*GetPoisoned<S4>());
251 EXPECT_POISONED(*GetPoisoned<S4>());
252
253 EXPECT_POISONED(*GetPoisoned<S8>());
254 EXPECT_POISONED(*GetPoisoned<S8>());
255 EXPECT_POISONED(*GetPoisoned<S8>());
256
257 // ZExt
258 EXPECT_POISONED(*GetPoisoned<U1>());
259 EXPECT_POISONED(*GetPoisoned<U1>());
260 EXPECT_POISONED(*GetPoisoned<U1>());
261 EXPECT_POISONED(*GetPoisoned<U2>());
262 EXPECT_POISONED(*GetPoisoned<U2>());
263 EXPECT_POISONED(*GetPoisoned<U4>());
264
265 // Unary ops.
266 EXPECT_POISONED(- *GetPoisoned<S4>());
267
268 EXPECT_UMR(a_s4[g_zero] = 100 / *GetPoisoned<S4>(0, 1));
269
270
271 a_s4[g_zero] = 1 - *GetPoisoned<S4>();
272 a_s4[g_zero] = 1 + *GetPoisoned<S4>();
273 }
274
275 TEST(MemorySanitizer, Phi1) {
276 S4 c;
277 if (g_one) {
278 c = *GetPoisoned<S4>();
279 } else {
280 break_optimization(0);
281 c = 0;
282 }
283 EXPECT_POISONED(c);
284 }
285
286 TEST(MemorySanitizer, Phi2) {
287 S4 i = *GetPoisoned<S4>();
288 S4 n = g_one;
289 EXPECT_UMR(for (; i < g_one; i++););
290 EXPECT_POISONED(i);
291 }
292
293 NOINLINE void Arg1ExpectUMR(S4 a1) { EXPECT_POISONED(a1); }
294 NOINLINE void Arg2ExpectUMR(S4 a1, S4 a2) { EXPECT_POISONED(a2); }
295 NOINLINE void Arg3ExpectUMR(S1 a1, S4 a2, S8 a3) { EXPECT_POISONED(a3); }
296
297 TEST(MemorySanitizer, ArgTest) {
298 Arg1ExpectUMR(*GetPoisoned<S4>());
299 Arg2ExpectUMR(0, *GetPoisoned<S4>());
300 Arg3ExpectUMR(0, 1, *GetPoisoned<S8>());
301 }
302
303
304 TEST(MemorySanitizer, CallAndRet) {
305 ReturnPoisoned<S1>();
306 ReturnPoisoned<S2>();
307 ReturnPoisoned<S4>();
308 ReturnPoisoned<S8>();
309
310 EXPECT_POISONED(ReturnPoisoned<S1>());
311 EXPECT_POISONED(ReturnPoisoned<S2>());
312 EXPECT_POISONED(ReturnPoisoned<S4>());
313 EXPECT_POISONED(ReturnPoisoned<S8>());
314 }
315
316 // malloc() in the following test may be optimized to produce a compile-time
317 // undef value. Check that we trap on the volatile assignment anyway.
318 TEST(MemorySanitizer, DISABLED_MallocNoIdent) {
319 S4 *x = (int*)malloc(sizeof(S4));
320 EXPECT_POISONED(*x);
321 free(x);
322 }
323
324 TEST(MemorySanitizer, Malloc) {
325 S4 *x = (int*)Ident(malloc(sizeof(S4)));
326 EXPECT_POISONED(*x);
327 free(x);
328 }
329
330 TEST(MemorySanitizer, Realloc) {
331 S4 *x = (int*)Ident(realloc(0, sizeof(S4)));
332 EXPECT_POISONED(x[0]);
333 x[0] = 1;
334 x = (int*)Ident(realloc(x, 2 * sizeof(S4)));
335 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before.
336 EXPECT_POISONED(x[1]);
337 x = (int*)Ident(realloc(x, 3 * sizeof(S4)));
338 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before.
339 EXPECT_POISONED(x[2]);
340 EXPECT_POISONED(x[1]);
341 x[2] = 1; // Init this here. Check that after realloc it is poisoned again.
342 x = (int*)Ident(realloc(x, 2 * sizeof(S4)));
343 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before.
344 EXPECT_POISONED(x[1]);
345 x = (int*)Ident(realloc(x, 3 * sizeof(S4)));
346 EXPECT_POISONED(x[1]);
347 EXPECT_POISONED(x[2]);
348 free(x);
349 }
350
351 TEST(MemorySanitizer, Calloc) {
352 S4 *x = (int*)Ident(calloc(1, sizeof(S4)));
353 EXPECT_NOT_POISONED(*x); // Should not be poisoned.
354 EXPECT_EQ(0, *x);
355 free(x);
356 }
357
358 TEST(MemorySanitizer, CallocReturnsZeroMem) {
359 size_t sizes[] = {16, 1000, 10000, 100000, 2100000};
360 for (size_t s = 0; s < sizeof(sizes)/sizeof(sizes[0]); s++) {
361 size_t size = sizes[s];
362 for (size_t iter = 0; iter < 5; iter++) {
363 char *x = Ident((char*)calloc(1, size));
364 EXPECT_EQ(x[0], 0);
365 EXPECT_EQ(x[size - 1], 0);
366 EXPECT_EQ(x[size / 2], 0);
367 EXPECT_EQ(x[size / 3], 0);
368 EXPECT_EQ(x[size / 4], 0);
369 memset(x, 0x42, size);
370 free(Ident(x));
371 }
372 }
373 }
374
375 TEST(MemorySanitizer, AndOr) {
376 U4 *p = GetPoisoned<U4>();
377 // We poison two bytes in the midle of a 4-byte word to make the test
378 // correct regardless of endianness.
379 ((U1*)p)[1] = 0;
380 ((U1*)p)[2] = 0xff;
381 EXPECT_NOT_POISONED(*p & 0x00ffff00);
382 EXPECT_NOT_POISONED(*p & 0x00ff0000);
383 EXPECT_NOT_POISONED(*p & 0x0000ff00);
384 EXPECT_POISONED(*p & 0xff000000);
385 EXPECT_POISONED(*p & 0x000000ff);
386 EXPECT_POISONED(*p & 0x0000ffff);
387 EXPECT_POISONED(*p & 0xffff0000);
388
389 EXPECT_NOT_POISONED(*p | 0xff0000ff);
390 EXPECT_NOT_POISONED(*p | 0xff00ffff);
391 EXPECT_NOT_POISONED(*p | 0xffff00ff);
392 EXPECT_POISONED(*p | 0xff000000);
393 EXPECT_POISONED(*p | 0x000000ff);
394 EXPECT_POISONED(*p | 0x0000ffff);
395 EXPECT_POISONED(*p | 0xffff0000);
396
397 EXPECT_POISONED(*GetPoisoned<bool>() & *GetPoisoned<bool>());
398 }
399
400 template<class T>
401 static bool applyNot(T value, T shadow) {
402 __msan_partial_poison(&value, &shadow, sizeof(T));
403 return !value;
404 }
405
406 TEST(MemorySanitizer, Not) {
407 EXPECT_NOT_POISONED(applyNot<U4>(0x0, 0x0));
408 EXPECT_NOT_POISONED(applyNot<U4>(0xFFFFFFFF, 0x0));
409 EXPECT_POISONED(applyNot<U4>(0xFFFFFFFF, 0xFFFFFFFF));
410 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0FFFFFFF));
411 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00FFFFFF));
412 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0000FFFF));
413 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00000000));
414 EXPECT_POISONED(applyNot<U4>(0xFF000000, 0xFF000000));
415 EXPECT_NOT_POISONED(applyNot<U4>(0xFF800000, 0xFF000000));
416 EXPECT_POISONED(applyNot<U4>(0x00008000, 0x00008000));
417
418 EXPECT_NOT_POISONED(applyNot<U1>(0x0, 0x0));
419 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0xFE));
420 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0x0));
421 EXPECT_POISONED(applyNot<U1>(0xFF, 0xFF));
422
423 EXPECT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-1)));
424 EXPECT_NOT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-2)));
425 }
426
427 TEST(MemorySanitizer, Shift) {
428 U4 *up = GetPoisoned<U4>();
429 ((U1*)up)[0] = 0;
430 ((U1*)up)[3] = 0xff;
431 EXPECT_NOT_POISONED(*up >> 30);
432 EXPECT_NOT_POISONED(*up >> 24);
433 EXPECT_POISONED(*up >> 23);
434 EXPECT_POISONED(*up >> 10);
435
436 EXPECT_NOT_POISONED(*up << 30);
437 EXPECT_NOT_POISONED(*up << 24);
438 EXPECT_POISONED(*up << 23);
439 EXPECT_POISONED(*up << 10);
440
441 S4 *sp = (S4*)up;
442 EXPECT_NOT_POISONED(*sp >> 30);
443 EXPECT_NOT_POISONED(*sp >> 24);
444 EXPECT_POISONED(*sp >> 23);
445 EXPECT_POISONED(*sp >> 10);
446
447 sp = GetPoisoned<S4>();
448 ((S1*)sp)[1] = 0;
449 ((S1*)sp)[2] = 0;
450 EXPECT_POISONED(*sp >> 31);
451
452 EXPECT_POISONED(100 >> *GetPoisoned<S4>());
453 EXPECT_POISONED(100U >> *GetPoisoned<S4>());
454 }
455
456 NOINLINE static int GetPoisonedZero() {
457 int *zero = new int;
458 *zero = 0;
459 __msan_poison(zero, sizeof(*zero));
460 int res = *zero;
461 delete zero;
462 return res;
463 }
464
465 TEST(MemorySanitizer, LoadFromDirtyAddress) {
466 int *a = new int;
467 *a = 0;
468 EXPECT_UMR(break_optimization((void*)(U8)a[GetPoisonedZero()]));
469 delete a;
470 }
471
472 TEST(MemorySanitizer, StoreToDirtyAddress) {
473 int *a = new int;
474 EXPECT_UMR(a[GetPoisonedZero()] = 0);
475 break_optimization(a);
476 delete a;
477 }
478
479
480 NOINLINE void StackTestFunc() {
481 S4 p4;
482 S4 ok4 = 1;
483 S2 p2;
484 S2 ok2 = 1;
485 S1 p1;
486 S1 ok1 = 1;
487 break_optimization(&p4);
488 break_optimization(&ok4);
489 break_optimization(&p2);
490 break_optimization(&ok2);
491 break_optimization(&p1);
492 break_optimization(&ok1);
493
494 EXPECT_POISONED(p4);
495 EXPECT_POISONED(p2);
496 EXPECT_POISONED(p1);
497 EXPECT_NOT_POISONED(ok1);
498 EXPECT_NOT_POISONED(ok2);
499 EXPECT_NOT_POISONED(ok4);
500 }
501
502 TEST(MemorySanitizer, StackTest) {
503 StackTestFunc();
504 }
505
506 NOINLINE void StackStressFunc() {
507 int foo[10000];
508 break_optimization(foo);
509 }
510
511 TEST(MemorySanitizer, DISABLED_StackStressTest) {
512 for (int i = 0; i < 1000000; i++)
513 StackStressFunc();
514 }
515
516 template<class T>
517 void TestFloatingPoint() {
518 static volatile T v;
519 static T g[100];
520 break_optimization(&g);
521 T *x = GetPoisoned<T>();
522 T *y = GetPoisoned<T>(1);
523 EXPECT_POISONED(*x);
524 EXPECT_POISONED((long long)*x);
525 EXPECT_POISONED((int)*x);
526 g[0] = *x;
527 g[1] = *x + *y;
528 g[2] = *x - *y;
529 g[3] = *x * *y;
530 }
531
532 TEST(MemorySanitizer, FloatingPointTest) {
533 TestFloatingPoint<float>();
534 TestFloatingPoint<double>();
535 }
536
537 TEST(MemorySanitizer, DynMem) {
538 S4 x = 0;
539 S4 *y = GetPoisoned<S4>();
540 memcpy(y, &x, g_one * sizeof(S4));
541 EXPECT_NOT_POISONED(*y);
542 }
543
544 static char *DynRetTestStr;
545
546 TEST(MemorySanitizer, DynRet) {
547 ReturnPoisoned<S8>();
548 EXPECT_NOT_POISONED(atoi("0"));
549 }
550
551 TEST(MemorySanitizer, DynRet1) {
552 ReturnPoisoned<S8>();
553 }
554
555 struct LargeStruct {
556 S4 x[10];
557 };
558
559 NOINLINE
560 LargeStruct LargeRetTest() {
561 LargeStruct res;
562 res.x[0] = *GetPoisoned<S4>();
563 res.x[1] = *GetPoisoned<S4>();
564 res.x[2] = *GetPoisoned<S4>();
565 res.x[3] = *GetPoisoned<S4>();
566 res.x[4] = *GetPoisoned<S4>();
567 res.x[5] = *GetPoisoned<S4>();
568 res.x[6] = *GetPoisoned<S4>();
569 res.x[7] = *GetPoisoned<S4>();
570 res.x[8] = *GetPoisoned<S4>();
571 res.x[9] = *GetPoisoned<S4>();
572 return res;
573 }
574
575 TEST(MemorySanitizer, strcmp) {
576 char s1[10];
577 char s2[10];
578 strncpy(s1, "foo", 10);
579 s2[0] = 'f';
580 s2[1] = 'n';
581 EXPECT_GT(strcmp(s1, s2), 0);
582 s2[1] = 'o';
583 int res;
584 EXPECT_UMR(res = strcmp(s1, s2));
585 EXPECT_NOT_POISONED(res);
586 EXPECT_EQ(strncmp(s1, s2, 1), 0);
587 }
588
589 TEST(MemorySanitizer, LargeRet) {
590 LargeStruct a = LargeRetTest();
591 EXPECT_POISONED(a.x[0]);
592 EXPECT_POISONED(a.x[9]);
593 }
594
595 TEST(MemorySanitizer, strerror) {
596 char *buf = strerror(EINVAL);
597 EXPECT_NOT_POISONED(strlen(buf));
598 buf = strerror(123456);
599 EXPECT_NOT_POISONED(strlen(buf));
600 }
601
602 TEST(MemorySanitizer, strerror_r) {
603 errno = 0;
604 char buf[1000];
605 char *res = (char*) (size_t) strerror_r(EINVAL, buf, sizeof(buf));
606 ASSERT_EQ(0, errno);
607 if (!res) res = buf; // POSIX version success.
608 EXPECT_NOT_POISONED(strlen(res));
609 }
610
611 TEST(MemorySanitizer, fread) {
612 char *x = new char[32];
613 FILE *f = fopen(FILE_TO_READ, "r");
614 ASSERT_TRUE(f != NULL);
615 fread(x, 1, 32, f);
616 EXPECT_NOT_POISONED(x[0]);
617 EXPECT_NOT_POISONED(x[16]);
618 EXPECT_NOT_POISONED(x[31]);
619 fclose(f);
620 delete[] x;
621 }
622
623 TEST(MemorySanitizer, read) {
624 char *x = new char[32];
625 int fd = open(FILE_TO_READ, O_RDONLY);
626 ASSERT_GT(fd, 0);
627 int sz = read(fd, x, 32);
628 ASSERT_EQ(sz, 32);
629 EXPECT_NOT_POISONED(x[0]);
630 EXPECT_NOT_POISONED(x[16]);
631 EXPECT_NOT_POISONED(x[31]);
632 close(fd);
633 delete[] x;
634 }
635
636 TEST(MemorySanitizer, pread) {
637 char *x = new char[32];
638 int fd = open(FILE_TO_READ, O_RDONLY);
639 ASSERT_GT(fd, 0);
640 int sz = pread(fd, x, 32, 0);
641 ASSERT_EQ(sz, 32);
642 EXPECT_NOT_POISONED(x[0]);
643 EXPECT_NOT_POISONED(x[16]);
644 EXPECT_NOT_POISONED(x[31]);
645 close(fd);
646 delete[] x;
647 }
648
649 TEST(MemorySanitizer, readv) {
650 char buf[2011];
651 struct iovec iov[2];
652 iov[0].iov_base = buf + 1;
653 iov[0].iov_len = 5;
654 iov[1].iov_base = buf + 10;
655 iov[1].iov_len = 2000;
656 int fd = open(FILE_TO_READ, O_RDONLY);
657 ASSERT_GT(fd, 0);
658 int sz = readv(fd, iov, 2);
659 ASSERT_GE(sz, 0);
660 ASSERT_LE(sz, 5 + 2000);
661 ASSERT_GT((size_t)sz, iov[0].iov_len);
662 EXPECT_POISONED(buf[0]);
663 EXPECT_NOT_POISONED(buf[1]);
664 EXPECT_NOT_POISONED(buf[5]);
665 EXPECT_POISONED(buf[6]);
666 EXPECT_POISONED(buf[9]);
667 EXPECT_NOT_POISONED(buf[10]);
668 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]);
669 EXPECT_POISONED(buf[11 + (sz - 1) - 5]);
670 close(fd);
671 }
672
673 TEST(MemorySanitizer, preadv) {
674 char buf[2011];
675 struct iovec iov[2];
676 iov[0].iov_base = buf + 1;
677 iov[0].iov_len = 5;
678 iov[1].iov_base = buf + 10;
679 iov[1].iov_len = 2000;
680 int fd = open(FILE_TO_READ, O_RDONLY);
681 ASSERT_GT(fd, 0);
682 int sz = preadv(fd, iov, 2, 3);
683 ASSERT_GE(sz, 0);
684 ASSERT_LE(sz, 5 + 2000);
685 ASSERT_GT((size_t)sz, iov[0].iov_len);
686 EXPECT_POISONED(buf[0]);
687 EXPECT_NOT_POISONED(buf[1]);
688 EXPECT_NOT_POISONED(buf[5]);
689 EXPECT_POISONED(buf[6]);
690 EXPECT_POISONED(buf[9]);
691 EXPECT_NOT_POISONED(buf[10]);
692 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]);
693 EXPECT_POISONED(buf[11 + (sz - 1) - 5]);
694 close(fd);
695 }
696
697 // FIXME: fails now.
698 TEST(MemorySanitizer, DISABLED_ioctl) {
699 struct winsize ws;
700 EXPECT_EQ(ioctl(2, TIOCGWINSZ, &ws), 0);
701 EXPECT_NOT_POISONED(ws.ws_col);
702 }
703
704 TEST(MemorySanitizer, readlink) {
705 char *x = new char[1000];
706 readlink(SYMLINK_TO_READ, x, 1000);
707 EXPECT_NOT_POISONED(x[0]);
708 delete [] x;
709 }
710
711 TEST(MemorySanitizer, stat) {
712 struct stat* st = new struct stat;
713 int res = stat(FILE_TO_READ, st);
714 ASSERT_EQ(0, res);
715 EXPECT_NOT_POISONED(st->st_dev);
716 EXPECT_NOT_POISONED(st->st_mode);
717 EXPECT_NOT_POISONED(st->st_size);
718 }
719
720 TEST(MemorySanitizer, fstatat) {
721 struct stat* st = new struct stat;
722 int dirfd = open(DIR_TO_READ, O_RDONLY);
723 ASSERT_GT(dirfd, 0);
724 int res = fstatat(dirfd, SUBFILE_TO_READ, st, 0);
725 ASSERT_EQ(0, res);
726 EXPECT_NOT_POISONED(st->st_dev);
727 EXPECT_NOT_POISONED(st->st_mode);
728 EXPECT_NOT_POISONED(st->st_size);
729 close(dirfd);
730 }
731
732 TEST(MemorySanitizer, statfs) {
733 struct statfs st;
734 int res = statfs("/", &st);
735 ASSERT_EQ(0, res);
736 EXPECT_NOT_POISONED(st.f_type);
737 EXPECT_NOT_POISONED(st.f_bfree);
738 EXPECT_NOT_POISONED(st.f_namelen);
739 }
740
741 TEST(MemorySanitizer, statvfs) {
742 struct statvfs st;
743 int res = statvfs("/", &st);
744 ASSERT_EQ(0, res);
745 EXPECT_NOT_POISONED(st.f_bsize);
746 EXPECT_NOT_POISONED(st.f_blocks);
747 EXPECT_NOT_POISONED(st.f_bfree);
748 EXPECT_NOT_POISONED(st.f_namemax);
749 }
750
751 TEST(MemorySanitizer, fstatvfs) {
752 struct statvfs st;
753 int fd = open("/", O_RDONLY | O_DIRECTORY);
754 int res = fstatvfs(fd, &st);
755 ASSERT_EQ(0, res);
756 EXPECT_NOT_POISONED(st.f_bsize);
757 EXPECT_NOT_POISONED(st.f_blocks);
758 EXPECT_NOT_POISONED(st.f_bfree);
759 EXPECT_NOT_POISONED(st.f_namemax);
760 close(fd);
761 }
762
763 TEST(MemorySanitizer, pipe) {
764 int* pipefd = new int[2];
765 int res = pipe(pipefd);
766 ASSERT_EQ(0, res);
767 EXPECT_NOT_POISONED(pipefd[0]);
768 EXPECT_NOT_POISONED(pipefd[1]);
769 close(pipefd[0]);
770 close(pipefd[1]);
771 }
772
773 TEST(MemorySanitizer, pipe2) {
774 int* pipefd = new int[2];
775 int res = pipe2(pipefd, O_NONBLOCK);
776 ASSERT_EQ(0, res);
777 EXPECT_NOT_POISONED(pipefd[0]);
778 EXPECT_NOT_POISONED(pipefd[1]);
779 close(pipefd[0]);
780 close(pipefd[1]);
781 }
782
783 TEST(MemorySanitizer, socketpair) {
784 int sv[2];
785 int res = socketpair(AF_UNIX, SOCK_STREAM, 0, sv);
786 ASSERT_EQ(0, res);
787 EXPECT_NOT_POISONED(sv[0]);
788 EXPECT_NOT_POISONED(sv[1]);
789 close(sv[0]);
790 close(sv[1]);
791 }
792
793 TEST(MemorySanitizer, poll) {
794 int* pipefd = new int[2];
795 int res = pipe(pipefd);
796 ASSERT_EQ(0, res);
797
798 char data = 42;
799 res = write(pipefd[1], &data, 1);
800 ASSERT_EQ(1, res);
801
802 pollfd fds[2];
803 fds[0].fd = pipefd[0];
804 fds[0].events = POLLIN;
805 fds[1].fd = pipefd[1];
806 fds[1].events = POLLIN;
807 res = poll(fds, 2, 500);
808 ASSERT_EQ(1, res);
809 EXPECT_NOT_POISONED(fds[0].revents);
810 EXPECT_NOT_POISONED(fds[1].revents);
811
812 close(pipefd[0]);
813 close(pipefd[1]);
814 }
815
816 // There is no ppoll() on FreeBSD.
817 #if !defined (__FreeBSD__)
818 TEST(MemorySanitizer, ppoll) {
819 int* pipefd = new int[2];
820 int res = pipe(pipefd);
821 ASSERT_EQ(0, res);
822
823 char data = 42;
824 res = write(pipefd[1], &data, 1);
825 ASSERT_EQ(1, res);
826
827 pollfd fds[2];
828 fds[0].fd = pipefd[0];
829 fds[0].events = POLLIN;
830 fds[1].fd = pipefd[1];
831 fds[1].events = POLLIN;
832 sigset_t ss;
833 sigemptyset(&ss);
834 res = ppoll(fds, 2, NULL, &ss);
835 ASSERT_EQ(1, res);
836 EXPECT_NOT_POISONED(fds[0].revents);
837 EXPECT_NOT_POISONED(fds[1].revents);
838
839 close(pipefd[0]);
840 close(pipefd[1]);
841 }
842 #endif
843
844 TEST(MemorySanitizer, poll_positive) {
845 int* pipefd = new int[2];
846 int res = pipe(pipefd);
847 ASSERT_EQ(0, res);
848
849 pollfd fds[2];
850 fds[0].fd = pipefd[0];
851 fds[0].events = POLLIN;
852 // fds[1].fd uninitialized
853 fds[1].events = POLLIN;
854 EXPECT_UMR(poll(fds, 2, 0));
855
856 close(pipefd[0]);
857 close(pipefd[1]);
858 }
859
860 TEST(MemorySanitizer, bind_getsockname) {
861 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
862
863 struct sockaddr_in sai;
864 memset(&sai, 0, sizeof(sai));
865 sai.sin_family = AF_UNIX;
866 int res = bind(sock, (struct sockaddr *)&sai, sizeof(sai));
867
868 ASSERT_EQ(0, res);
869 char buf[200];
870 socklen_t addrlen;
871 EXPECT_UMR(getsockname(sock, (struct sockaddr *)&buf, &addrlen));
872
873 addrlen = sizeof(buf);
874 res = getsockname(sock, (struct sockaddr *)&buf, &addrlen);
875 EXPECT_NOT_POISONED(addrlen);
876 EXPECT_NOT_POISONED(buf[0]);
877 EXPECT_NOT_POISONED(buf[addrlen - 1]);
878 EXPECT_POISONED(buf[addrlen]);
879 close(sock);
880 }
881
882 TEST(MemorySanitizer, accept) {
883 int listen_socket = socket(AF_INET, SOCK_STREAM, 0);
884 ASSERT_LT(0, listen_socket);
885
886 struct sockaddr_in sai;
887 memset(&sai, 0, sizeof(sai));
888 sai.sin_family = AF_INET;
889 sai.sin_port = 0;
890 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
891 int res = bind(listen_socket, (struct sockaddr *)&sai, sizeof(sai));
892 ASSERT_EQ(0, res);
893
894 res = listen(listen_socket, 1);
895 ASSERT_EQ(0, res);
896
897 socklen_t sz = sizeof(sai);
898 res = getsockname(listen_socket, (struct sockaddr *)&sai, &sz);
899 ASSERT_EQ(0, res);
900 ASSERT_EQ(sizeof(sai), sz);
901
902 int connect_socket = socket(AF_INET, SOCK_STREAM, 0);
903 ASSERT_LT(0, connect_socket);
904 res = fcntl(connect_socket, F_SETFL, O_NONBLOCK);
905 ASSERT_EQ(0, res);
906 res = connect(connect_socket, (struct sockaddr *)&sai, sizeof(sai));
907 // On FreeBSD this connection completes immediately.
908 if (res != 0) {
909 ASSERT_EQ(-1, res);
910 ASSERT_EQ(EINPROGRESS, errno);
911 }
912
913 __msan_poison(&sai, sizeof(sai));
914 int new_sock = accept(listen_socket, (struct sockaddr *)&sai, &sz);
915 ASSERT_LT(0, new_sock);
916 ASSERT_EQ(sizeof(sai), sz);
917 EXPECT_NOT_POISONED(sai);
918
919 __msan_poison(&sai, sizeof(sai));
920 res = getpeername(new_sock, (struct sockaddr *)&sai, &sz);
921 ASSERT_EQ(0, res);
922 ASSERT_EQ(sizeof(sai), sz);
923 EXPECT_NOT_POISONED(sai);
924
925 close(new_sock);
926 close(connect_socket);
927 close(listen_socket);
928 }
929
930 TEST(MemorySanitizer, getaddrinfo) {
931 struct addrinfo *ai;
932 struct addrinfo hints;
933 memset(&hints, 0, sizeof(hints));
934 hints.ai_family = AF_INET;
935 int res = getaddrinfo("localhost", NULL, &hints, &ai);
936 ASSERT_EQ(0, res);
937 EXPECT_NOT_POISONED(*ai);
938 ASSERT_EQ(sizeof(sockaddr_in), ai->ai_addrlen);
939 EXPECT_NOT_POISONED(*(sockaddr_in*)ai->ai_addr);
940 }
941
942 TEST(MemorySanitizer, getnameinfo) {
943 struct sockaddr_in sai;
944 memset(&sai, 0, sizeof(sai));
945 sai.sin_family = AF_INET;
946 sai.sin_port = 80;
947 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
948 char host[500];
949 char serv[500];
950 int res = getnameinfo((struct sockaddr *)&sai, sizeof(sai), host,
951 sizeof(host), serv, sizeof(serv), 0);
952 ASSERT_EQ(0, res);
953 EXPECT_NOT_POISONED(host[0]);
954 EXPECT_POISONED(host[sizeof(host) - 1]);
955
956 ASSERT_NE(0U, strlen(host));
957 EXPECT_NOT_POISONED(serv[0]);
958 EXPECT_POISONED(serv[sizeof(serv) - 1]);
959 ASSERT_NE(0U, strlen(serv));
960 }
961
962 #define EXPECT_HOSTENT_NOT_POISONED(he) \
963 do { \
964 EXPECT_NOT_POISONED(*(he)); \
965 ASSERT_NE((void *) 0, (he)->h_name); \
966 ASSERT_NE((void *) 0, (he)->h_aliases); \
967 ASSERT_NE((void *) 0, (he)->h_addr_list); \
968 EXPECT_NOT_POISONED(strlen((he)->h_name)); \
969 char **p = (he)->h_aliases; \
970 while (*p) { \
971 EXPECT_NOT_POISONED(strlen(*p)); \
972 ++p; \
973 } \
974 char **q = (he)->h_addr_list; \
975 while (*q) { \
976 EXPECT_NOT_POISONED(*q[0]); \
977 ++q; \
978 } \
979 EXPECT_NOT_POISONED(*q); \
980 } while (0)
981
982 TEST(MemorySanitizer, gethostent) {
983 struct hostent *he = gethostent();
984 ASSERT_NE((void *)NULL, he);
985 EXPECT_HOSTENT_NOT_POISONED(he);
986 }
987
988 #ifndef MSAN_TEST_DISABLE_GETHOSTBYNAME
989
990 TEST(MemorySanitizer, gethostbyname) {
991 struct hostent *he = gethostbyname("localhost");
992 ASSERT_NE((void *)NULL, he);
993 EXPECT_HOSTENT_NOT_POISONED(he);
994 }
995
996 #endif // MSAN_TEST_DISABLE_GETHOSTBYNAME
997
998 TEST(MemorySanitizer, recvmsg) {
999 int server_socket = socket(AF_INET, SOCK_DGRAM, 0);
1000 ASSERT_LT(0, server_socket);
1001
1002 struct sockaddr_in sai;
1003 memset(&sai, 0, sizeof(sai));
1004 sai.sin_family = AF_INET;
1005 sai.sin_port = 0;
1006 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
1007 int res = bind(server_socket, (struct sockaddr *)&sai, sizeof(sai));
1008 ASSERT_EQ(0, res);
1009
1010 socklen_t sz = sizeof(sai);
1011 res = getsockname(server_socket, (struct sockaddr *)&sai, &sz);
1012 ASSERT_EQ(0, res);
1013 ASSERT_EQ(sizeof(sai), sz);
1014
1015
1016 int client_socket = socket(AF_INET, SOCK_DGRAM, 0);
1017 ASSERT_LT(0, client_socket);
1018
1019 struct sockaddr_in client_sai;
1020 memset(&client_sai, 0, sizeof(client_sai));
1021 client_sai.sin_family = AF_INET;
1022 client_sai.sin_port = 0;
1023 client_sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
1024 res = bind(client_socket, (struct sockaddr *)&client_sai, sizeof(client_sai));
1025 ASSERT_EQ(0, res);
1026
1027 sz = sizeof(client_sai);
1028 res = getsockname(client_socket, (struct sockaddr *)&client_sai, &sz);
1029 ASSERT_EQ(0, res);
1030 ASSERT_EQ(sizeof(client_sai), sz);
1031
1032 const char *s = "message text";
1033 struct iovec iov;
1034 iov.iov_base = (void *)s;
1035 iov.iov_len = strlen(s) + 1;
1036 struct msghdr msg;
1037 memset(&msg, 0, sizeof(msg));
1038 msg.msg_name = &sai;
1039 msg.msg_namelen = sizeof(sai);
1040 msg.msg_iov = &iov;
1041 msg.msg_iovlen = 1;
1042 res = sendmsg(client_socket, &msg, 0);
1043 ASSERT_LT(0, res);
1044
1045
1046 char buf[1000];
1047 struct iovec recv_iov;
1048 recv_iov.iov_base = (void *)&buf;
1049 recv_iov.iov_len = sizeof(buf);
1050 struct sockaddr_in recv_sai;
1051 struct msghdr recv_msg;
1052 memset(&recv_msg, 0, sizeof(recv_msg));
1053 recv_msg.msg_name = &recv_sai;
1054 recv_msg.msg_namelen = sizeof(recv_sai);
1055 recv_msg.msg_iov = &recv_iov;
1056 recv_msg.msg_iovlen = 1;
1057 res = recvmsg(server_socket, &recv_msg, 0);
1058 ASSERT_LT(0, res);
1059
1060 ASSERT_EQ(sizeof(recv_sai), recv_msg.msg_namelen);
1061 EXPECT_NOT_POISONED(*(struct sockaddr_in *)recv_msg.msg_name);
1062 EXPECT_STREQ(s, buf);
1063
1064 close(server_socket);
1065 close(client_socket);
1066 }
1067
1068 TEST(MemorySanitizer, gethostbyname2) {
1069 struct hostent *he = gethostbyname2("localhost", AF_INET);
1070 ASSERT_NE((void *)NULL, he);
1071 EXPECT_HOSTENT_NOT_POISONED(he);
1072 }
1073
1074 TEST(MemorySanitizer, gethostbyaddr) {
1075 in_addr_t addr = inet_addr("127.0.0.1");
1076 EXPECT_NOT_POISONED(addr);
1077 struct hostent *he = gethostbyaddr(&addr, sizeof(addr), AF_INET);
1078 ASSERT_NE((void *)NULL, he);
1079 EXPECT_HOSTENT_NOT_POISONED(he);
1080 }
1081
1082 TEST(MemorySanitizer, gethostent_r) {
1083 char buf[2000];
1084 struct hostent he;
1085 struct hostent *result;
1086 int err;
1087 int res = gethostent_r(&he, buf, sizeof(buf), &result, &err);
1088 ASSERT_EQ(0, res);
1089 EXPECT_NOT_POISONED(result);
1090 ASSERT_NE((void *)NULL, result);
1091 EXPECT_HOSTENT_NOT_POISONED(result);
1092 EXPECT_NOT_POISONED(err);
1093 }
1094
1095 TEST(MemorySanitizer, gethostbyname_r) {
1096 char buf[2000];
1097 struct hostent he;
1098 struct hostent *result;
1099 int err;
1100 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err);
1101 ASSERT_EQ(0, res);
1102 EXPECT_NOT_POISONED(result);
1103 ASSERT_NE((void *)NULL, result);
1104 EXPECT_HOSTENT_NOT_POISONED(result);
1105 EXPECT_NOT_POISONED(err);
1106 }
1107
1108 TEST(MemorySanitizer, gethostbyname_r_bad_host_name) {
1109 char buf[2000];
1110 struct hostent he;
1111 struct hostent *result;
1112 int err;
1113 int res = gethostbyname_r("bad-host-name", &he, buf, sizeof(buf), &result, &err);
1114 ASSERT_EQ((struct hostent *)0, result);
1115 EXPECT_NOT_POISONED(err);
1116 }
1117
1118 TEST(MemorySanitizer, gethostbyname_r_erange) {
1119 char buf[5];
1120 struct hostent he;
1121 struct hostent *result;
1122 int err;
1123 gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err);
1124 ASSERT_EQ(ERANGE, errno);
1125 EXPECT_NOT_POISONED(err);
1126 }
1127
1128 TEST(MemorySanitizer, gethostbyname2_r) {
1129 char buf[2000];
1130 struct hostent he;
1131 struct hostent *result;
1132 int err;
1133 int res = gethostbyname2_r("localhost", AF_INET, &he, buf, sizeof(buf),
1134 &result, &err);
1135 ASSERT_EQ(0, res);
1136 EXPECT_NOT_POISONED(result);
1137 ASSERT_NE((void *)NULL, result);
1138 EXPECT_HOSTENT_NOT_POISONED(result);
1139 EXPECT_NOT_POISONED(err);
1140 }
1141
1142 TEST(MemorySanitizer, gethostbyaddr_r) {
1143 char buf[2000];
1144 struct hostent he;
1145 struct hostent *result;
1146 int err;
1147 in_addr_t addr = inet_addr("127.0.0.1");
1148 EXPECT_NOT_POISONED(addr);
1149 int res = gethostbyaddr_r(&addr, sizeof(addr), AF_INET, &he, buf, sizeof(buf),
1150 &result, &err);
1151 ASSERT_EQ(0, res);
1152 EXPECT_NOT_POISONED(result);
1153 ASSERT_NE((void *)NULL, result);
1154 EXPECT_HOSTENT_NOT_POISONED(result);
1155 EXPECT_NOT_POISONED(err);
1156 }
1157
1158 TEST(MemorySanitizer, getsockopt) {
1159 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
1160 struct linger l[2];
1161 socklen_t sz = sizeof(l[0]);
1162 int res = getsockopt(sock, SOL_SOCKET, SO_LINGER, &l[0], &sz);
1163 ASSERT_EQ(0, res);
1164 ASSERT_EQ(sizeof(l[0]), sz);
1165 EXPECT_NOT_POISONED(l[0]);
1166 EXPECT_POISONED(*(char *)(l + 1));
1167 }
1168
1169 TEST(MemorySanitizer, getcwd) {
1170 char path[PATH_MAX + 1];
1171 char* res = getcwd(path, sizeof(path));
1172 ASSERT_TRUE(res != NULL);
1173 EXPECT_NOT_POISONED(path[0]);
1174 }
1175
1176 TEST(MemorySanitizer, getcwd_gnu) {
1177 char* res = getcwd(NULL, 0);
1178 ASSERT_TRUE(res != NULL);
1179 EXPECT_NOT_POISONED(res[0]);
1180 free(res);
1181 }
1182
1183 // There's no get_current_dir_name() on FreeBSD.
1184 #if !defined(__FreeBSD__)
1185 TEST(MemorySanitizer, get_current_dir_name) {
1186 char* res = get_current_dir_name();
1187 ASSERT_TRUE(res != NULL);
1188 EXPECT_NOT_POISONED(res[0]);
1189 free(res);
1190 }
1191 #endif
1192
1193 TEST(MemorySanitizer, shmctl) {
1194 int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT);
1195 ASSERT_GT(id, -1);
1196
1197 struct shmid_ds ds;
1198 int res = shmctl(id, IPC_STAT, &ds);
1199 ASSERT_GT(res, -1);
1200 EXPECT_NOT_POISONED(ds);
1201
1202 // FreeBSD does not support shmctl(IPC_INFO) and shmctl(SHM_INFO).
1203 #if !defined(__FreeBSD__)
1204 struct shminfo si;
1205 res = shmctl(id, IPC_INFO, (struct shmid_ds *)&si);
1206 ASSERT_GT(res, -1);
1207 EXPECT_NOT_POISONED(si);
1208
1209 struct shm_info s_i;
1210 res = shmctl(id, SHM_INFO, (struct shmid_ds *)&s_i);
1211 ASSERT_GT(res, -1);
1212 EXPECT_NOT_POISONED(s_i);
1213 #endif
1214
1215 res = shmctl(id, IPC_RMID, 0);
1216 ASSERT_GT(res, -1);
1217 }
1218
1219 TEST(MemorySanitizer, shmat) {
1220 const int kShmSize = 4096;
1221 void *mapping_start = mmap(NULL, kShmSize + SHMLBA, PROT_READ | PROT_WRITE,
1222 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1223 ASSERT_NE(MAP_FAILED, mapping_start);
1224
1225 void *p = (void *)(((unsigned long)mapping_start + SHMLBA - 1) / SHMLBA * SHMLBA);
1226 // p is now SHMLBA-aligned;
1227
1228 ((char *)p)[10] = *GetPoisoned<U1>();
1229 ((char *)p)[kShmSize - 1] = *GetPoisoned<U1>();
1230
1231 int res = munmap(mapping_start, kShmSize + SHMLBA);
1232 ASSERT_EQ(0, res);
1233
1234 int id = shmget(IPC_PRIVATE, kShmSize, 0644 | IPC_CREAT);
1235 ASSERT_GT(id, -1);
1236
1237 void *q = shmat(id, p, 0);
1238 ASSERT_EQ(p, q);
1239
1240 EXPECT_NOT_POISONED(((char *)q)[0]);
1241 EXPECT_NOT_POISONED(((char *)q)[10]);
1242 EXPECT_NOT_POISONED(((char *)q)[kShmSize - 1]);
1243
1244 res = shmdt(q);
1245 ASSERT_EQ(0, res);
1246
1247 res = shmctl(id, IPC_RMID, 0);
1248 ASSERT_GT(res, -1);
1249 }
1250
1251 // There's no random_r() on FreeBSD.
1252 #if !defined(__FreeBSD__)
1253 TEST(MemorySanitizer, random_r) {
1254 int32_t x;
1255 char z[64];
1256 memset(z, 0, sizeof(z));
1257
1258 struct random_data buf;
1259 memset(&buf, 0, sizeof(buf));
1260
1261 int res = initstate_r(0, z, sizeof(z), &buf);
1262 ASSERT_EQ(0, res);
1263
1264 res = random_r(&buf, &x);
1265 ASSERT_EQ(0, res);
1266 EXPECT_NOT_POISONED(x);
1267 }
1268 #endif
1269
1270 TEST(MemorySanitizer, confstr) {
1271 char buf[3];
1272 size_t res = confstr(_CS_PATH, buf, sizeof(buf));
1273 ASSERT_GT(res, sizeof(buf));
1274 EXPECT_NOT_POISONED(buf[0]);
1275 EXPECT_NOT_POISONED(buf[sizeof(buf) - 1]);
1276
1277 char buf2[1000];
1278 res = confstr(_CS_PATH, buf2, sizeof(buf2));
1279 ASSERT_LT(res, sizeof(buf2));
1280 EXPECT_NOT_POISONED(buf2[0]);
1281 EXPECT_NOT_POISONED(buf2[res - 1]);
1282 EXPECT_POISONED(buf2[res]);
1283 ASSERT_EQ(res, strlen(buf2) + 1);
1284 }
1285
1286 TEST(MemorySanitizer, opendir) {
1287 DIR *dir = opendir(".");
1288 closedir(dir);
1289
1290 char name[10] = ".";
1291 __msan_poison(name, sizeof(name));
1292 EXPECT_UMR(dir = opendir(name));
1293 closedir(dir);
1294 }
1295
1296 TEST(MemorySanitizer, readdir) {
1297 DIR *dir = opendir(".");
1298 struct dirent *d = readdir(dir);
1299 ASSERT_TRUE(d != NULL);
1300 EXPECT_NOT_POISONED(d->d_name[0]);
1301 closedir(dir);
1302 }
1303
1304 TEST(MemorySanitizer, readdir_r) {
1305 DIR *dir = opendir(".");
1306 struct dirent d;
1307 struct dirent *pd;
1308 int res = readdir_r(dir, &d, &pd);
1309 ASSERT_EQ(0, res);
1310 EXPECT_NOT_POISONED(pd);
1311 EXPECT_NOT_POISONED(d.d_name[0]);
1312 closedir(dir);
1313 }
1314
1315 TEST(MemorySanitizer, realpath) {
1316 const char* relpath = ".";
1317 char path[PATH_MAX + 1];
1318 char* res = realpath(relpath, path);
1319 ASSERT_TRUE(res != NULL);
1320 EXPECT_NOT_POISONED(path[0]);
1321 }
1322
1323 TEST(MemorySanitizer, realpath_null) {
1324 const char* relpath = ".";
1325 char* res = realpath(relpath, NULL);
1326 printf("%d, %s\n", errno, strerror(errno));
1327 ASSERT_TRUE(res != NULL);
1328 EXPECT_NOT_POISONED(res[0]);
1329 free(res);
1330 }
1331
1332 // There's no canonicalize_file_name() on FreeBSD.
1333 #if !defined(__FreeBSD__)
1334 TEST(MemorySanitizer, canonicalize_file_name) {
1335 const char* relpath = ".";
1336 char* res = canonicalize_file_name(relpath);
1337 ASSERT_TRUE(res != NULL);
1338 EXPECT_NOT_POISONED(res[0]);
1339 free(res);
1340 }
1341 #endif
1342
1343 extern char **environ;
1344
1345 TEST(MemorySanitizer, setenv) {
1346 setenv("AAA", "BBB", 1);
1347 for (char **envp = environ; *envp; ++envp) {
1348 EXPECT_NOT_POISONED(*envp);
1349 EXPECT_NOT_POISONED(*envp[0]);
1350 }
1351 }
1352
1353 TEST(MemorySanitizer, putenv) {
1354 char s[] = "AAA=BBB";
1355 putenv(s);
1356 for (char **envp = environ; *envp; ++envp) {
1357 EXPECT_NOT_POISONED(*envp);
1358 EXPECT_NOT_POISONED(*envp[0]);
1359 }
1360 }
1361
1362 TEST(MemorySanitizer, memcpy) {
1363 char* x = new char[2];
1364 char* y = new char[2];
1365 x[0] = 1;
1366 x[1] = *GetPoisoned<char>();
1367 memcpy(y, x, 2);
1368 EXPECT_NOT_POISONED(y[0]);
1369 EXPECT_POISONED(y[1]);
1370 }
1371
1372 void TestUnalignedMemcpy(unsigned left, unsigned right, bool src_is_aligned,
1373 bool src_is_poisoned, bool dst_is_poisoned) {
1374 fprintf(stderr, "%s(%d, %d, %d, %d, %d)\n", __func__, left, right,
1375 src_is_aligned, src_is_poisoned, dst_is_poisoned);
1376
1377 const unsigned sz = 20;
1378 U4 dst_origin, src_origin;
1379 char *dst = (char *)malloc(sz);
1380 if (dst_is_poisoned)
1381 dst_origin = __msan_get_origin(dst);
1382 else
1383 memset(dst, 0, sz);
1384
1385 char *src = (char *)malloc(sz);
1386 if (src_is_poisoned)
1387 src_origin = __msan_get_origin(src);
1388 else
1389 memset(src, 0, sz);
1390
1391 memcpy(dst + left, src_is_aligned ? src + left : src, sz - left - right);
1392
1393 for (unsigned i = 0; i < (left & (~3U)); ++i)
1394 if (dst_is_poisoned)
1395 EXPECT_POISONED_O(dst[i], dst_origin);
1396 else
1397 EXPECT_NOT_POISONED(dst[i]);
1398
1399 for (unsigned i = 0; i < (right & (~3U)); ++i)
1400 if (dst_is_poisoned)
1401 EXPECT_POISONED_O(dst[sz - i - 1], dst_origin);
1402 else
1403 EXPECT_NOT_POISONED(dst[sz - i - 1]);
1404
1405 for (unsigned i = left; i < sz - right; ++i)
1406 if (src_is_poisoned)
1407 EXPECT_POISONED_O(dst[i], src_origin);
1408 else
1409 EXPECT_NOT_POISONED(dst[i]);
1410
1411 free(dst);
1412 free(src);
1413 }
1414
1415 TEST(MemorySanitizer, memcpy_unaligned) {
1416 for (int i = 0; i < 10; ++i)
1417 for (int j = 0; j < 10; ++j)
1418 for (int aligned = 0; aligned < 2; ++aligned)
1419 for (int srcp = 0; srcp < 2; ++srcp)
1420 for (int dstp = 0; dstp < 2; ++dstp)
1421 TestUnalignedMemcpy(i, j, aligned, srcp, dstp);
1422 }
1423
1424 TEST(MemorySanitizer, memmove) {
1425 char* x = new char[2];
1426 char* y = new char[2];
1427 x[0] = 1;
1428 x[1] = *GetPoisoned<char>();
1429 memmove(y, x, 2);
1430 EXPECT_NOT_POISONED(y[0]);
1431 EXPECT_POISONED(y[1]);
1432 }
1433
1434 TEST(MemorySanitizer, memccpy_nomatch) {
1435 char* x = new char[5];
1436 char* y = new char[5];
1437 strcpy(x, "abc");
1438 memccpy(y, x, 'd', 4);
1439 EXPECT_NOT_POISONED(y[0]);
1440 EXPECT_NOT_POISONED(y[1]);
1441 EXPECT_NOT_POISONED(y[2]);
1442 EXPECT_NOT_POISONED(y[3]);
1443 EXPECT_POISONED(y[4]);
1444 delete[] x;
1445 delete[] y;
1446 }
1447
1448 TEST(MemorySanitizer, memccpy_match) {
1449 char* x = new char[5];
1450 char* y = new char[5];
1451 strcpy(x, "abc");
1452 memccpy(y, x, 'b', 4);
1453 EXPECT_NOT_POISONED(y[0]);
1454 EXPECT_NOT_POISONED(y[1]);
1455 EXPECT_POISONED(y[2]);
1456 EXPECT_POISONED(y[3]);
1457 EXPECT_POISONED(y[4]);
1458 delete[] x;
1459 delete[] y;
1460 }
1461
1462 TEST(MemorySanitizer, memccpy_nomatch_positive) {
1463 char* x = new char[5];
1464 char* y = new char[5];
1465 strcpy(x, "abc");
1466 EXPECT_UMR(memccpy(y, x, 'd', 5));
1467 delete[] x;
1468 delete[] y;
1469 }
1470
1471 TEST(MemorySanitizer, memccpy_match_positive) {
1472 char* x = new char[5];
1473 char* y = new char[5];
1474 x[0] = 'a';
1475 x[2] = 'b';
1476 EXPECT_UMR(memccpy(y, x, 'b', 5));
1477 delete[] x;
1478 delete[] y;
1479 }
1480
1481 TEST(MemorySanitizer, bcopy) {
1482 char* x = new char[2];
1483 char* y = new char[2];
1484 x[0] = 1;
1485 x[1] = *GetPoisoned<char>();
1486 bcopy(x, y, 2);
1487 EXPECT_NOT_POISONED(y[0]);
1488 EXPECT_POISONED(y[1]);
1489 }
1490
1491 TEST(MemorySanitizer, strdup) {
1492 char buf[4] = "abc";
1493 __msan_poison(buf + 2, sizeof(*buf));
1494 char *x = strdup(buf);
1495 EXPECT_NOT_POISONED(x[0]);
1496 EXPECT_NOT_POISONED(x[1]);
1497 EXPECT_POISONED(x[2]);
1498 EXPECT_NOT_POISONED(x[3]);
1499 free(x);
1500 }
1501
1502 TEST(MemorySanitizer, strndup) {
1503 char buf[4] = "abc";
1504 __msan_poison(buf + 2, sizeof(*buf));
1505 char *x = strndup(buf, 3);
1506 EXPECT_NOT_POISONED(x[0]);
1507 EXPECT_NOT_POISONED(x[1]);
1508 EXPECT_POISONED(x[2]);
1509 EXPECT_NOT_POISONED(x[3]);
1510 free(x);
1511 }
1512
1513 TEST(MemorySanitizer, strndup_short) {
1514 char buf[4] = "abc";
1515 __msan_poison(buf + 1, sizeof(*buf));
1516 __msan_poison(buf + 2, sizeof(*buf));
1517 char *x = strndup(buf, 2);
1518 EXPECT_NOT_POISONED(x[0]);
1519 EXPECT_POISONED(x[1]);
1520 EXPECT_NOT_POISONED(x[2]);
1521 free(x);
1522 }
1523
1524
1525 template<class T, int size>
1526 void TestOverlapMemmove() {
1527 T *x = new T[size];
1528 ASSERT_GE(size, 3);
1529 x[2] = 0;
1530 memmove(x, x + 1, (size - 1) * sizeof(T));
1531 EXPECT_NOT_POISONED(x[1]);
1532 EXPECT_POISONED(x[0]);
1533 EXPECT_POISONED(x[2]);
1534 delete [] x;
1535 }
1536
1537 TEST(MemorySanitizer, overlap_memmove) {
1538 TestOverlapMemmove<U1, 10>();
1539 TestOverlapMemmove<U1, 1000>();
1540 TestOverlapMemmove<U8, 4>();
1541 TestOverlapMemmove<U8, 1000>();
1542 }
1543
1544 TEST(MemorySanitizer, strcpy) { // NOLINT
1545 char* x = new char[3];
1546 char* y = new char[3];
1547 x[0] = 'a';
1548 x[1] = *GetPoisoned<char>(1, 1);
1549 x[2] = 0;
1550 strcpy(y, x); // NOLINT
1551 EXPECT_NOT_POISONED(y[0]);
1552 EXPECT_POISONED(y[1]);
1553 EXPECT_NOT_POISONED(y[2]);
1554 }
1555
1556 TEST(MemorySanitizer, strncpy) { // NOLINT
1557 char* x = new char[3];
1558 char* y = new char[5];
1559 x[0] = 'a';
1560 x[1] = *GetPoisoned<char>(1, 1);
1561 x[2] = '\0';
1562 strncpy(y, x, 4); // NOLINT
1563 EXPECT_NOT_POISONED(y[0]);
1564 EXPECT_POISONED(y[1]);
1565 EXPECT_NOT_POISONED(y[2]);
1566 EXPECT_NOT_POISONED(y[3]);
1567 EXPECT_POISONED(y[4]);
1568 }
1569
1570 TEST(MemorySanitizer, stpcpy) { // NOLINT
1571 char* x = new char[3];
1572 char* y = new char[3];
1573 x[0] = 'a';
1574 x[1] = *GetPoisoned<char>(1, 1);
1575 x[2] = 0;
1576 char *res = stpcpy(y, x); // NOLINT
1577 ASSERT_EQ(res, y + 2);
1578 EXPECT_NOT_POISONED(y[0]);
1579 EXPECT_POISONED(y[1]);
1580 EXPECT_NOT_POISONED(y[2]);
1581 }
1582
1583 TEST(MemorySanitizer, strcat) { // NOLINT
1584 char a[10];
1585 char b[] = "def";
1586 strcpy(a, "abc");
1587 __msan_poison(b + 1, 1);
1588 strcat(a, b);
1589 EXPECT_NOT_POISONED(a[3]);
1590 EXPECT_POISONED(a[4]);
1591 EXPECT_NOT_POISONED(a[5]);
1592 EXPECT_NOT_POISONED(a[6]);
1593 EXPECT_POISONED(a[7]);
1594 }
1595
1596 TEST(MemorySanitizer, strncat) { // NOLINT
1597 char a[10];
1598 char b[] = "def";
1599 strcpy(a, "abc");
1600 __msan_poison(b + 1, 1);
1601 strncat(a, b, 5);
1602 EXPECT_NOT_POISONED(a[3]);
1603 EXPECT_POISONED(a[4]);
1604 EXPECT_NOT_POISONED(a[5]);
1605 EXPECT_NOT_POISONED(a[6]);
1606 EXPECT_POISONED(a[7]);
1607 }
1608
1609 TEST(MemorySanitizer, strncat_overflow) { // NOLINT
1610 char a[10];
1611 char b[] = "def";
1612 strcpy(a, "abc");
1613 __msan_poison(b + 1, 1);
1614 strncat(a, b, 2);
1615 EXPECT_NOT_POISONED(a[3]);
1616 EXPECT_POISONED(a[4]);
1617 EXPECT_NOT_POISONED(a[5]);
1618 EXPECT_POISONED(a[6]);
1619 EXPECT_POISONED(a[7]);
1620 }
1621
1622 #define TEST_STRTO_INT(func_name, char_type, str_prefix) \
1623 TEST(MemorySanitizer, func_name) { \
1624 char_type *e; \
1625 EXPECT_EQ(1U, func_name(str_prefix##"1", &e, 10)); \
1626 EXPECT_NOT_POISONED((S8)e); \
1627 }
1628
1629 #define TEST_STRTO_FLOAT(func_name, char_type, str_prefix) \
1630 TEST(MemorySanitizer, func_name) { \
1631 char_type *e; \
1632 EXPECT_NE(0, func_name(str_prefix##"1.5", &e)); \
1633 EXPECT_NOT_POISONED((S8)e); \
1634 }
1635
1636 #define TEST_STRTO_FLOAT_LOC(func_name, char_type, str_prefix) \
1637 TEST(MemorySanitizer, func_name) { \
1638 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \
1639 char_type *e; \
1640 EXPECT_NE(0, func_name(str_prefix##"1.5", &e, loc)); \
1641 EXPECT_NOT_POISONED((S8)e); \
1642 freelocale(loc); \
1643 }
1644
1645 #define TEST_STRTO_INT_LOC(func_name, char_type, str_prefix) \
1646 TEST(MemorySanitizer, func_name) { \
1647 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \
1648 char_type *e; \
1649 ASSERT_EQ(1U, func_name(str_prefix##"1", &e, 10, loc)); \
1650 EXPECT_NOT_POISONED((S8)e); \
1651 freelocale(loc); \
1652 }
1653
1654 TEST_STRTO_INT(strtol, char, )
1655 TEST_STRTO_INT(strtoll, char, )
1656 TEST_STRTO_INT(strtoul, char, )
1657 TEST_STRTO_INT(strtoull, char, )
1658
1659 TEST_STRTO_FLOAT(strtof, char, )
1660 TEST_STRTO_FLOAT(strtod, char, )
1661 TEST_STRTO_FLOAT(strtold, char, )
1662
1663 TEST_STRTO_FLOAT_LOC(strtof_l, char, )
1664 TEST_STRTO_FLOAT_LOC(strtod_l, char, )
1665 TEST_STRTO_FLOAT_LOC(strtold_l, char, )
1666
1667 TEST_STRTO_INT_LOC(strtol_l, char, )
1668 TEST_STRTO_INT_LOC(strtoll_l, char, )
1669 TEST_STRTO_INT_LOC(strtoul_l, char, )
1670 TEST_STRTO_INT_LOC(strtoull_l, char, )
1671
1672 TEST_STRTO_INT(wcstol, wchar_t, L)
1673 TEST_STRTO_INT(wcstoll, wchar_t, L)
1674 TEST_STRTO_INT(wcstoul, wchar_t, L)
1675 TEST_STRTO_INT(wcstoull, wchar_t, L)
1676
1677 TEST_STRTO_FLOAT(wcstof, wchar_t, L)
1678 TEST_STRTO_FLOAT(wcstod, wchar_t, L)
1679 TEST_STRTO_FLOAT(wcstold, wchar_t, L)
1680
1681 TEST_STRTO_FLOAT_LOC(wcstof_l, wchar_t, L)
1682 TEST_STRTO_FLOAT_LOC(wcstod_l, wchar_t, L)
1683 TEST_STRTO_FLOAT_LOC(wcstold_l, wchar_t, L)
1684
1685 TEST_STRTO_INT_LOC(wcstol_l, wchar_t, L)
1686 TEST_STRTO_INT_LOC(wcstoll_l, wchar_t, L)
1687 TEST_STRTO_INT_LOC(wcstoul_l, wchar_t, L)
1688 TEST_STRTO_INT_LOC(wcstoull_l, wchar_t, L)
1689
1690
1691 TEST(MemorySanitizer, strtoimax) {
1692 char *e;
1693 ASSERT_EQ(1, strtoimax("1", &e, 10));
1694 EXPECT_NOT_POISONED((S8) e);
1695 }
1696
1697 TEST(MemorySanitizer, strtoumax) {
1698 char *e;
1699 ASSERT_EQ(1U, strtoumax("1", &e, 10));
1700 EXPECT_NOT_POISONED((S8) e);
1701 }
1702
1703 #ifdef __GLIBC__
1704 extern "C" float __strtof_l(const char *nptr, char **endptr, locale_t loc);
1705 TEST_STRTO_FLOAT_LOC(__strtof_l, char, )
1706 extern "C" double __strtod_l(const char *nptr, char **endptr, locale_t loc);
1707 TEST_STRTO_FLOAT_LOC(__strtod_l, char, )
1708 extern "C" long double __strtold_l(const char *nptr, char **endptr,
1709 locale_t loc);
1710 TEST_STRTO_FLOAT_LOC(__strtold_l, char, )
1711
1712 extern "C" float __wcstof_l(const wchar_t *nptr, wchar_t **endptr, locale_t loc);
1713 TEST_STRTO_FLOAT_LOC(__wcstof_l, wchar_t, L)
1714 extern "C" double __wcstod_l(const wchar_t *nptr, wchar_t **endptr, locale_t loc);
1715 TEST_STRTO_FLOAT_LOC(__wcstod_l, wchar_t, L)
1716 extern "C" long double __wcstold_l(const wchar_t *nptr, wchar_t **endptr,
1717 locale_t loc);
1718 TEST_STRTO_FLOAT_LOC(__wcstold_l, wchar_t, L)
1719 #endif // __GLIBC__
1720
1721 TEST(MemorySanitizer, modf) {
1722 double x, y;
1723 x = modf(2.1, &y);
1724 EXPECT_NOT_POISONED(y);
1725 }
1726
1727 TEST(MemorySanitizer, modff) {
1728 float x, y;
1729 x = modff(2.1, &y);
1730 EXPECT_NOT_POISONED(y);
1731 }
1732
1733 TEST(MemorySanitizer, modfl) {
1734 long double x, y;
1735 x = modfl(2.1, &y);
1736 EXPECT_NOT_POISONED(y);
1737 }
1738
1739 // There's no sincos() on FreeBSD.
1740 #if !defined(__FreeBSD__)
1741 TEST(MemorySanitizer, sincos) {
1742 double s, c;
1743 sincos(0.2, &s, &c);
1744 EXPECT_NOT_POISONED(s);
1745 EXPECT_NOT_POISONED(c);
1746 }
1747 #endif
1748
1749 // There's no sincosf() on FreeBSD.
1750 #if !defined(__FreeBSD__)
1751 TEST(MemorySanitizer, sincosf) {
1752 float s, c;
1753 sincosf(0.2, &s, &c);
1754 EXPECT_NOT_POISONED(s);
1755 EXPECT_NOT_POISONED(c);
1756 }
1757 #endif
1758
1759 // There's no sincosl() on FreeBSD.
1760 #if !defined(__FreeBSD__)
1761 TEST(MemorySanitizer, sincosl) {
1762 long double s, c;
1763 sincosl(0.2, &s, &c);
1764 EXPECT_NOT_POISONED(s);
1765 EXPECT_NOT_POISONED(c);
1766 }
1767 #endif
1768
1769 TEST(MemorySanitizer, remquo) {
1770 int quo;
1771 double res = remquo(29.0, 3.0, &quo);
1772 ASSERT_NE(0.0, res);
1773 EXPECT_NOT_POISONED(quo);
1774 }
1775
1776 TEST(MemorySanitizer, remquof) {
1777 int quo;
1778 float res = remquof(29.0, 3.0, &quo);
1779 ASSERT_NE(0.0, res);
1780 EXPECT_NOT_POISONED(quo);
1781 }
1782
1783 TEST(MemorySanitizer, remquol) {
1784 int quo;
1785 long double res = remquof(29.0, 3.0, &quo);
1786 ASSERT_NE(0.0, res);
1787 EXPECT_NOT_POISONED(quo);
1788 }
1789
1790 TEST(MemorySanitizer, lgamma) {
1791 double res = lgamma(1.1);
1792 ASSERT_NE(0.0, res);
1793 EXPECT_NOT_POISONED(signgam);
1794 }
1795
1796 TEST(MemorySanitizer, lgammaf) {
1797 float res = lgammaf(1.1);
1798 ASSERT_NE(0.0, res);
1799 EXPECT_NOT_POISONED(signgam);
1800 }
1801
1802 TEST(MemorySanitizer, lgammal) {
1803 long double res = lgammal(1.1);
1804 ASSERT_NE(0.0, res);
1805 EXPECT_NOT_POISONED(signgam);
1806 }
1807
1808 TEST(MemorySanitizer, lgamma_r) {
1809 int sgn;
1810 double res = lgamma_r(1.1, &sgn);
1811 ASSERT_NE(0.0, res);
1812 EXPECT_NOT_POISONED(sgn);
1813 }
1814
1815 TEST(MemorySanitizer, lgammaf_r) {
1816 int sgn;
1817 float res = lgammaf_r(1.1, &sgn);
1818 ASSERT_NE(0.0, res);
1819 EXPECT_NOT_POISONED(sgn);
1820 }
1821
1822 // There's no lgammal_r() on FreeBSD.
1823 #if !defined(__FreeBSD__)
1824 TEST(MemorySanitizer, lgammal_r) {
1825 int sgn;
1826 long double res = lgammal_r(1.1, &sgn);
1827 ASSERT_NE(0.0, res);
1828 EXPECT_NOT_POISONED(sgn);
1829 }
1830 #endif
1831
1832 // There's no drand48_r() on FreeBSD.
1833 #if !defined(__FreeBSD__)
1834 TEST(MemorySanitizer, drand48_r) {
1835 struct drand48_data buf;
1836 srand48_r(0, &buf);
1837 double d;
1838 drand48_r(&buf, &d);
1839 EXPECT_NOT_POISONED(d);
1840 }
1841 #endif
1842
1843 // There's no lrand48_r() on FreeBSD.
1844 #if !defined(__FreeBSD__)
1845 TEST(MemorySanitizer, lrand48_r) {
1846 struct drand48_data buf;
1847 srand48_r(0, &buf);
1848 long d;
1849 lrand48_r(&buf, &d);
1850 EXPECT_NOT_POISONED(d);
1851 }
1852 #endif
1853
1854 TEST(MemorySanitizer, sprintf) { // NOLINT
1855 char buff[10];
1856 break_optimization(buff);
1857 EXPECT_POISONED(buff[0]);
1858 int res = sprintf(buff, "%d", 1234567); // NOLINT
1859 ASSERT_EQ(res, 7);
1860 ASSERT_EQ(buff[0], '1');
1861 ASSERT_EQ(buff[1], '2');
1862 ASSERT_EQ(buff[2], '3');
1863 ASSERT_EQ(buff[6], '7');
1864 ASSERT_EQ(buff[7], 0);
1865 EXPECT_POISONED(buff[8]);
1866 }
1867
1868 TEST(MemorySanitizer, snprintf) {
1869 char buff[10];
1870 break_optimization(buff);
1871 EXPECT_POISONED(buff[0]);
1872 int res = snprintf(buff, sizeof(buff), "%d", 1234567);
1873 ASSERT_EQ(res, 7);
1874 ASSERT_EQ(buff[0], '1');
1875 ASSERT_EQ(buff[1], '2');
1876 ASSERT_EQ(buff[2], '3');
1877 ASSERT_EQ(buff[6], '7');
1878 ASSERT_EQ(buff[7], 0);
1879 EXPECT_POISONED(buff[8]);
1880 }
1881
1882 TEST(MemorySanitizer, swprintf) {
1883 wchar_t buff[10];
1884 ASSERT_EQ(4U, sizeof(wchar_t));
1885 break_optimization(buff);
1886 EXPECT_POISONED(buff[0]);
1887 int res = swprintf(buff, 9, L"%d", 1234567);
1888 ASSERT_EQ(res, 7);
1889 ASSERT_EQ(buff[0], '1');
1890 ASSERT_EQ(buff[1], '2');
1891 ASSERT_EQ(buff[2], '3');
1892 ASSERT_EQ(buff[6], '7');
1893 ASSERT_EQ(buff[7], L'\0');
1894 EXPECT_POISONED(buff[8]);
1895 }
1896
1897 TEST(MemorySanitizer, asprintf) { // NOLINT
1898 char *pbuf;
1899 EXPECT_POISONED(pbuf);
1900 int res = asprintf(&pbuf, "%d", 1234567); // NOLINT
1901 ASSERT_EQ(res, 7);
1902 EXPECT_NOT_POISONED(pbuf);
1903 ASSERT_EQ(pbuf[0], '1');
1904 ASSERT_EQ(pbuf[1], '2');
1905 ASSERT_EQ(pbuf[2], '3');
1906 ASSERT_EQ(pbuf[6], '7');
1907 ASSERT_EQ(pbuf[7], 0);
1908 free(pbuf);
1909 }
1910
1911 TEST(MemorySanitizer, mbstowcs) {
1912 const char *x = "abc";
1913 wchar_t buff[10];
1914 int res = mbstowcs(buff, x, 2);
1915 EXPECT_EQ(2, res);
1916 EXPECT_EQ(L'a', buff[0]);
1917 EXPECT_EQ(L'b', buff[1]);
1918 EXPECT_POISONED(buff[2]);
1919 res = mbstowcs(buff, x, 10);
1920 EXPECT_EQ(3, res);
1921 EXPECT_NOT_POISONED(buff[3]);
1922 }
1923
1924 TEST(MemorySanitizer, wcstombs) {
1925 const wchar_t *x = L"abc";
1926 char buff[10];
1927 int res = wcstombs(buff, x, 4);
1928 EXPECT_EQ(res, 3);
1929 EXPECT_EQ(buff[0], 'a');
1930 EXPECT_EQ(buff[1], 'b');
1931 EXPECT_EQ(buff[2], 'c');
1932 }
1933
1934 TEST(MemorySanitizer, wcsrtombs) {
1935 const wchar_t *x = L"abc";
1936 const wchar_t *p = x;
1937 char buff[10];
1938 mbstate_t mbs;
1939 memset(&mbs, 0, sizeof(mbs));
1940 int res = wcsrtombs(buff, &p, 4, &mbs);
1941 EXPECT_EQ(res, 3);
1942 EXPECT_EQ(buff[0], 'a');
1943 EXPECT_EQ(buff[1], 'b');
1944 EXPECT_EQ(buff[2], 'c');
1945 EXPECT_EQ(buff[3], '\0');
1946 EXPECT_POISONED(buff[4]);
1947 }
1948
1949 TEST(MemorySanitizer, wcsnrtombs) {
1950 const wchar_t *x = L"abc";
1951 const wchar_t *p = x;
1952 char buff[10];
1953 mbstate_t mbs;
1954 memset(&mbs, 0, sizeof(mbs));
1955 int res = wcsnrtombs(buff, &p, 2, 4, &mbs);
1956 EXPECT_EQ(res, 2);
1957 EXPECT_EQ(buff[0], 'a');
1958 EXPECT_EQ(buff[1], 'b');
1959 EXPECT_POISONED(buff[2]);
1960 }
1961
1962 TEST(MemorySanitizer, wcrtomb) {
1963 wchar_t x = L'a';
1964 char buff[10];
1965 mbstate_t mbs;
1966 memset(&mbs, 0, sizeof(mbs));
1967 size_t res = wcrtomb(buff, x, &mbs);
1968 EXPECT_EQ(res, (size_t)1);
1969 EXPECT_EQ(buff[0], 'a');
1970 }
1971
1972 TEST(MemorySanitizer, wmemset) {
1973 wchar_t x[25];
1974 break_optimization(x);
1975 EXPECT_POISONED(x[0]);
1976 wmemset(x, L'A', 10);
1977 EXPECT_EQ(x[0], L'A');
1978 EXPECT_EQ(x[9], L'A');
1979 EXPECT_POISONED(x[10]);
1980 }
1981
1982 TEST(MemorySanitizer, mbtowc) {
1983 const char *x = "abc";
1984 wchar_t wx;
1985 int res = mbtowc(&wx, x, 3);
1986 EXPECT_GT(res, 0);
1987 EXPECT_NOT_POISONED(wx);
1988 }
1989
1990 TEST(MemorySanitizer, mbrtowc) {
1991 const char *x = "abc";
1992 wchar_t wx;
1993 mbstate_t mbs;
1994 memset(&mbs, 0, sizeof(mbs));
1995 int res = mbrtowc(&wx, x, 3, &mbs);
1996 EXPECT_GT(res, 0);
1997 EXPECT_NOT_POISONED(wx);
1998 }
1999
2000 TEST(MemorySanitizer, wcsftime) {
2001 wchar_t x[100];
2002 time_t t = time(NULL);
2003 struct tm tms;
2004 struct tm *tmres = localtime_r(&t, &tms);
2005 ASSERT_NE((void *)0, tmres);
2006 size_t res = wcsftime(x, sizeof(x) / sizeof(x[0]), L"%Y-%m-%d", tmres);
2007 EXPECT_GT(res, 0UL);
2008 EXPECT_EQ(res, wcslen(x));
2009 }
2010
2011 TEST(MemorySanitizer, gettimeofday) {
2012 struct timeval tv;
2013 struct timezone tz;
2014 break_optimization(&tv);
2015 break_optimization(&tz);
2016 ASSERT_EQ(16U, sizeof(tv));
2017 ASSERT_EQ(8U, sizeof(tz));
2018 EXPECT_POISONED(tv.tv_sec);
2019 EXPECT_POISONED(tv.tv_usec);
2020 EXPECT_POISONED(tz.tz_minuteswest);
2021 EXPECT_POISONED(tz.tz_dsttime);
2022 ASSERT_EQ(0, gettimeofday(&tv, &tz));
2023 EXPECT_NOT_POISONED(tv.tv_sec);
2024 EXPECT_NOT_POISONED(tv.tv_usec);
2025 EXPECT_NOT_POISONED(tz.tz_minuteswest);
2026 EXPECT_NOT_POISONED(tz.tz_dsttime);
2027 }
2028
2029 TEST(MemorySanitizer, clock_gettime) {
2030 struct timespec tp;
2031 EXPECT_POISONED(tp.tv_sec);
2032 EXPECT_POISONED(tp.tv_nsec);
2033 ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
2034 EXPECT_NOT_POISONED(tp.tv_sec);
2035 EXPECT_NOT_POISONED(tp.tv_nsec);
2036 }
2037
2038 TEST(MemorySanitizer, clock_getres) {
2039 struct timespec tp;
2040 EXPECT_POISONED(tp.tv_sec);
2041 EXPECT_POISONED(tp.tv_nsec);
2042 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, 0));
2043 EXPECT_POISONED(tp.tv_sec);
2044 EXPECT_POISONED(tp.tv_nsec);
2045 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, &tp));
2046 EXPECT_NOT_POISONED(tp.tv_sec);
2047 EXPECT_NOT_POISONED(tp.tv_nsec);
2048 }
2049
2050 TEST(MemorySanitizer, getitimer) {
2051 struct itimerval it1, it2;
2052 int res;
2053 EXPECT_POISONED(it1.it_interval.tv_sec);
2054 EXPECT_POISONED(it1.it_interval.tv_usec);
2055 EXPECT_POISONED(it1.it_value.tv_sec);
2056 EXPECT_POISONED(it1.it_value.tv_usec);
2057 res = getitimer(ITIMER_VIRTUAL, &it1);
2058 ASSERT_EQ(0, res);
2059 EXPECT_NOT_POISONED(it1.it_interval.tv_sec);
2060 EXPECT_NOT_POISONED(it1.it_interval.tv_usec);
2061 EXPECT_NOT_POISONED(it1.it_value.tv_sec);
2062 EXPECT_NOT_POISONED(it1.it_value.tv_usec);
2063
2064 it1.it_interval.tv_sec = it1.it_value.tv_sec = 10000;
2065 it1.it_interval.tv_usec = it1.it_value.tv_usec = 0;
2066
2067 res = setitimer(ITIMER_VIRTUAL, &it1, &it2);
2068 ASSERT_EQ(0, res);
2069 EXPECT_NOT_POISONED(it2.it_interval.tv_sec);
2070 EXPECT_NOT_POISONED(it2.it_interval.tv_usec);
2071 EXPECT_NOT_POISONED(it2.it_value.tv_sec);
2072 EXPECT_NOT_POISONED(it2.it_value.tv_usec);
2073
2074 // Check that old_value can be 0, and disable the timer.
2075 memset(&it1, 0, sizeof(it1));
2076 res = setitimer(ITIMER_VIRTUAL, &it1, 0);
2077 ASSERT_EQ(0, res);
2078 }
2079
2080 TEST(MemorySanitizer, setitimer_null) {
2081 setitimer(ITIMER_VIRTUAL, 0, 0);
2082 // Not testing the return value, since it the behaviour seems to differ
2083 // between libc implementations and POSIX.
2084 // Should never crash, though.
2085 }
2086
2087 TEST(MemorySanitizer, time) {
2088 time_t t;
2089 EXPECT_POISONED(t);
2090 time_t t2 = time(&t);
2091 ASSERT_NE(t2, (time_t)-1);
2092 EXPECT_NOT_POISONED(t);
2093 }
2094
2095 TEST(MemorySanitizer, strptime) {
2096 struct tm time;
2097 char *p = strptime("11/1/2013-05:39", "%m/%d/%Y-%H:%M", &time);
2098 ASSERT_TRUE(p != NULL);
2099 EXPECT_NOT_POISONED(time.tm_sec);
2100 EXPECT_NOT_POISONED(time.tm_hour);
2101 EXPECT_NOT_POISONED(time.tm_year);
2102 }
2103
2104 TEST(MemorySanitizer, localtime) {
2105 time_t t = 123;
2106 struct tm *time = localtime(&t);
2107 ASSERT_TRUE(time != NULL);
2108 EXPECT_NOT_POISONED(time->tm_sec);
2109 EXPECT_NOT_POISONED(time->tm_hour);
2110 EXPECT_NOT_POISONED(time->tm_year);
2111 EXPECT_NOT_POISONED(time->tm_isdst);
2112 EXPECT_NE(0U, strlen(time->tm_zone));
2113 }
2114
2115 TEST(MemorySanitizer, localtime_r) {
2116 time_t t = 123;
2117 struct tm time;
2118 struct tm *res = localtime_r(&t, &time);
2119 ASSERT_TRUE(res != NULL);
2120 EXPECT_NOT_POISONED(time.tm_sec);
2121 EXPECT_NOT_POISONED(time.tm_hour);
2122 EXPECT_NOT_POISONED(time.tm_year);
2123 EXPECT_NOT_POISONED(time.tm_isdst);
2124 EXPECT_NE(0U, strlen(time.tm_zone));
2125 }
2126
2127 // There's no getmntent() on FreeBSD.
2128 #if !defined(__FreeBSD__)
2129 TEST(MemorySanitizer, getmntent) {
2130 FILE *fp = setmntent("/etc/fstab", "r");
2131 struct mntent *mnt = getmntent(fp);
2132 ASSERT_TRUE(mnt != NULL);
2133 ASSERT_NE(0U, strlen(mnt->mnt_fsname));
2134 ASSERT_NE(0U, strlen(mnt->mnt_dir));
2135 ASSERT_NE(0U, strlen(mnt->mnt_type));
2136 ASSERT_NE(0U, strlen(mnt->mnt_opts));
2137 EXPECT_NOT_POISONED(mnt->mnt_freq);
2138 EXPECT_NOT_POISONED(mnt->mnt_passno);
2139 fclose(fp);
2140 }
2141 #endif
2142
2143 // There's no getmntent_r() on FreeBSD.
2144 #if !defined(__FreeBSD__)
2145 TEST(MemorySanitizer, getmntent_r) {
2146 FILE *fp = setmntent("/etc/fstab", "r");
2147 struct mntent mntbuf;
2148 char buf[1000];
2149 struct mntent *mnt = getmntent_r(fp, &mntbuf, buf, sizeof(buf));
2150 ASSERT_TRUE(mnt != NULL);
2151 ASSERT_NE(0U, strlen(mnt->mnt_fsname));
2152 ASSERT_NE(0U, strlen(mnt->mnt_dir));
2153 ASSERT_NE(0U, strlen(mnt->mnt_type));
2154 ASSERT_NE(0U, strlen(mnt->mnt_opts));
2155 EXPECT_NOT_POISONED(mnt->mnt_freq);
2156 EXPECT_NOT_POISONED(mnt->mnt_passno);
2157 fclose(fp);
2158 }
2159 #endif
2160
2161 TEST(MemorySanitizer, ether) {
2162 const char *asc = "11:22:33:44:55:66";
2163 struct ether_addr *paddr = ether_aton(asc);
2164 EXPECT_NOT_POISONED(*paddr);
2165
2166 struct ether_addr addr;
2167 paddr = ether_aton_r(asc, &addr);
2168 ASSERT_EQ(paddr, &addr);
2169 EXPECT_NOT_POISONED(addr);
2170
2171 char *s = ether_ntoa(&addr);
2172 ASSERT_NE(0U, strlen(s));
2173
2174 char buf[100];
2175 s = ether_ntoa_r(&addr, buf);
2176 ASSERT_EQ(s, buf);
2177 ASSERT_NE(0U, strlen(buf));
2178 }
2179
2180 TEST(MemorySanitizer, mmap) {
2181 const int size = 4096;
2182 void *p1, *p2;
2183 p1 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
2184 __msan_poison(p1, size);
2185 munmap(p1, size);
2186 for (int i = 0; i < 1000; i++) {
2187 p2 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
2188 if (p2 == p1)
2189 break;
2190 else
2191 munmap(p2, size);
2192 }
2193 if (p1 == p2) {
2194 EXPECT_NOT_POISONED(*(char*)p2);
2195 munmap(p2, size);
2196 }
2197 }
2198
2199 // There's no fcvt() on FreeBSD.
2200 #if !defined(__FreeBSD__)
2201 // FIXME: enable and add ecvt.
2202 // FIXME: check why msandr does nt handle fcvt.
2203 TEST(MemorySanitizer, fcvt) {
2204 int a, b;
2205 break_optimization(&a);
2206 break_optimization(&b);
2207 EXPECT_POISONED(a);
2208 EXPECT_POISONED(b);
2209 char *str = fcvt(12345.6789, 10, &a, &b);
2210 EXPECT_NOT_POISONED(a);
2211 EXPECT_NOT_POISONED(b);
2212 ASSERT_NE(nullptr, str);
2213 EXPECT_NOT_POISONED(str[0]);
2214 ASSERT_NE(0U, strlen(str));
2215 }
2216 #endif
2217
2218 // There's no fcvt_long() on FreeBSD.
2219 #if !defined(__FreeBSD__)
2220 TEST(MemorySanitizer, fcvt_long) {
2221 int a, b;
2222 break_optimization(&a);
2223 break_optimization(&b);
2224 EXPECT_POISONED(a);
2225 EXPECT_POISONED(b);
2226 char *str = fcvt(111111112345.6789, 10, &a, &b);
2227 EXPECT_NOT_POISONED(a);
2228 EXPECT_NOT_POISONED(b);
2229 ASSERT_NE(nullptr, str);
2230 EXPECT_NOT_POISONED(str[0]);
2231 ASSERT_NE(0U, strlen(str));
2232 }
2233 #endif
2234
2235 TEST(MemorySanitizer, memchr) {
2236 char x[10];
2237 break_optimization(x);
2238 EXPECT_POISONED(x[0]);
2239 x[2] = '2';
2240 void *res;
2241 EXPECT_UMR(res = memchr(x, '2', 10));
2242 EXPECT_NOT_POISONED(res);
2243 x[0] = '0';
2244 x[1] = '1';
2245 res = memchr(x, '2', 10);
2246 EXPECT_EQ(&x[2], res);
2247 EXPECT_UMR(res = memchr(x, '3', 10));
2248 EXPECT_NOT_POISONED(res);
2249 }
2250
2251 TEST(MemorySanitizer, memrchr) {
2252 char x[10];
2253 break_optimization(x);
2254 EXPECT_POISONED(x[0]);
2255 x[9] = '9';
2256 void *res;
2257 EXPECT_UMR(res = memrchr(x, '9', 10));
2258 EXPECT_NOT_POISONED(res);
2259 x[0] = '0';
2260 x[1] = '1';
2261 res = memrchr(x, '0', 2);
2262 EXPECT_EQ(&x[0], res);
2263 EXPECT_UMR(res = memrchr(x, '7', 10));
2264 EXPECT_NOT_POISONED(res);
2265 }
2266
2267 TEST(MemorySanitizer, frexp) {
2268 int x;
2269 x = *GetPoisoned<int>();
2270 double r = frexp(1.1, &x);
2271 EXPECT_NOT_POISONED(r);
2272 EXPECT_NOT_POISONED(x);
2273
2274 x = *GetPoisoned<int>();
2275 float rf = frexpf(1.1, &x);
2276 EXPECT_NOT_POISONED(rf);
2277 EXPECT_NOT_POISONED(x);
2278
2279 x = *GetPoisoned<int>();
2280 double rl = frexpl(1.1, &x);
2281 EXPECT_NOT_POISONED(rl);
2282 EXPECT_NOT_POISONED(x);
2283 }
2284
2285 namespace {
2286
2287 static int cnt;
2288
2289 void SigactionHandler(int signo, siginfo_t* si, void* uc) {
2290 ASSERT_EQ(signo, SIGPROF);
2291 ASSERT_TRUE(si != NULL);
2292 EXPECT_NOT_POISONED(si->si_errno);
2293 EXPECT_NOT_POISONED(si->si_pid);
2294 #if __linux__
2295 # if defined(__x86_64__)
2296 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_RIP]);
2297 # elif defined(__i386__)
2298 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_EIP]);
2299 # endif
2300 #endif
2301 ++cnt;
2302 }
2303
2304 TEST(MemorySanitizer, sigaction) {
2305 struct sigaction act = {};
2306 struct sigaction oldact = {};
2307 struct sigaction origact = {};
2308
2309 sigaction(SIGPROF, 0, &origact);
2310
2311 act.sa_flags |= SA_SIGINFO;
2312 act.sa_sigaction = &SigactionHandler;
2313 sigaction(SIGPROF, &act, 0);
2314
2315 kill(getpid(), SIGPROF);
2316
2317 act.sa_flags &= ~SA_SIGINFO;
2318 act.sa_handler = SIG_DFL;
2319 sigaction(SIGPROF, &act, 0);
2320
2321 act.sa_flags &= ~SA_SIGINFO;
2322 act.sa_handler = SIG_IGN;
2323 sigaction(SIGPROF, &act, &oldact);
2324 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO);
2325 EXPECT_EQ(SIG_DFL, oldact.sa_handler);
2326 kill(getpid(), SIGPROF);
2327
2328 act.sa_flags |= SA_SIGINFO;
2329 act.sa_sigaction = &SigactionHandler;
2330 sigaction(SIGPROF, &act, &oldact);
2331 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO);
2332 EXPECT_EQ(SIG_IGN, oldact.sa_handler);
2333 kill(getpid(), SIGPROF);
2334
2335 act.sa_flags &= ~SA_SIGINFO;
2336 act.sa_handler = SIG_DFL;
2337 sigaction(SIGPROF, &act, &oldact);
2338 EXPECT_TRUE(oldact.sa_flags & SA_SIGINFO);
2339 EXPECT_EQ(&SigactionHandler, oldact.sa_sigaction);
2340 EXPECT_EQ(2, cnt);
2341
2342 sigaction(SIGPROF, &origact, 0);
2343 }
2344
2345 } // namespace
2346
2347
2348 TEST(MemorySanitizer, sigemptyset) {
2349 sigset_t s;
2350 EXPECT_POISONED(s);
2351 int res = sigemptyset(&s);
2352 ASSERT_EQ(0, res);
2353 EXPECT_NOT_POISONED(s);
2354 }
2355
2356 TEST(MemorySanitizer, sigfillset) {
2357 sigset_t s;
2358 EXPECT_POISONED(s);
2359 int res = sigfillset(&s);
2360 ASSERT_EQ(0, res);
2361 EXPECT_NOT_POISONED(s);
2362 }
2363
2364 TEST(MemorySanitizer, sigpending) {
2365 sigset_t s;
2366 EXPECT_POISONED(s);
2367 int res = sigpending(&s);
2368 ASSERT_EQ(0, res);
2369 EXPECT_NOT_POISONED(s);
2370 }
2371
2372 TEST(MemorySanitizer, sigprocmask) {
2373 sigset_t s;
2374 EXPECT_POISONED(s);
2375 int res = sigprocmask(SIG_BLOCK, 0, &s);
2376 ASSERT_EQ(0, res);
2377 EXPECT_NOT_POISONED(s);
2378 }
2379
2380 struct StructWithDtor {
2381 ~StructWithDtor();
2382 };
2383
2384 NOINLINE StructWithDtor::~StructWithDtor() {
2385 break_optimization(0);
2386 }
2387
2388 TEST(MemorySanitizer, Invoke) {
2389 StructWithDtor s; // Will cause the calls to become invokes.
2390 EXPECT_NOT_POISONED(0);
2391 EXPECT_POISONED(*GetPoisoned<int>());
2392 EXPECT_NOT_POISONED(0);
2393 EXPECT_POISONED(*GetPoisoned<int>());
2394 EXPECT_POISONED(ReturnPoisoned<S4>());
2395 }
2396
2397 TEST(MemorySanitizer, ptrtoint) {
2398 // Test that shadow is propagated through pointer-to-integer conversion.
2399 unsigned char c = 0;
2400 __msan_poison(&c, 1);
2401 uintptr_t u = (uintptr_t)c << 8;
2402 EXPECT_NOT_POISONED(u & 0xFF00FF);
2403 EXPECT_POISONED(u & 0xFF00);
2404
2405 break_optimization(&u);
2406 void* p = (void*)u;
2407
2408 break_optimization(&p);
2409 EXPECT_POISONED(p);
2410 EXPECT_NOT_POISONED(((uintptr_t)p) & 0xFF00FF);
2411 EXPECT_POISONED(((uintptr_t)p) & 0xFF00);
2412 }
2413
2414 static void vaargsfn2(int guard, ...) {
2415 va_list vl;
2416 va_start(vl, guard);
2417 EXPECT_NOT_POISONED(va_arg(vl, int));
2418 EXPECT_NOT_POISONED(va_arg(vl, int));
2419 EXPECT_NOT_POISONED(va_arg(vl, int));
2420 EXPECT_POISONED(va_arg(vl, double));
2421 va_end(vl);
2422 }
2423
2424 static void vaargsfn(int guard, ...) {
2425 va_list vl;
2426 va_start(vl, guard);
2427 EXPECT_NOT_POISONED(va_arg(vl, int));
2428 EXPECT_POISONED(va_arg(vl, int));
2429 // The following call will overwrite __msan_param_tls.
2430 // Checks after it test that arg shadow was somehow saved across the call.
2431 vaargsfn2(1, 2, 3, 4, *GetPoisoned<double>());
2432 EXPECT_NOT_POISONED(va_arg(vl, int));
2433 EXPECT_POISONED(va_arg(vl, int));
2434 va_end(vl);
2435 }
2436
2437 TEST(MemorySanitizer, VAArgTest) {
2438 int* x = GetPoisoned<int>();
2439 int* y = GetPoisoned<int>(4);
2440 vaargsfn(1, 13, *x, 42, *y);
2441 }
2442
2443 static void vaargsfn_many(int guard, ...) {
2444 va_list vl;
2445 va_start(vl, guard);
2446 EXPECT_NOT_POISONED(va_arg(vl, int));
2447 EXPECT_POISONED(va_arg(vl, int));
2448 EXPECT_NOT_POISONED(va_arg(vl, int));
2449 EXPECT_NOT_POISONED(va_arg(vl, int));
2450 EXPECT_NOT_POISONED(va_arg(vl, int));
2451 EXPECT_NOT_POISONED(va_arg(vl, int));
2452 EXPECT_NOT_POISONED(va_arg(vl, int));
2453 EXPECT_NOT_POISONED(va_arg(vl, int));
2454 EXPECT_NOT_POISONED(va_arg(vl, int));
2455 EXPECT_POISONED(va_arg(vl, int));
2456 va_end(vl);
2457 }
2458
2459 TEST(MemorySanitizer, VAArgManyTest) {
2460 int* x = GetPoisoned<int>();
2461 int* y = GetPoisoned<int>(4);
2462 vaargsfn_many(1, 2, *x, 3, 4, 5, 6, 7, 8, 9, *y);
2463 }
2464
2465 static void vaargsfn_manyfix(int g1, int g2, int g3, int g4, int g5, int g6, int g7, int g8, int g9, ...) {
2466 va_list vl;
2467 va_start(vl, g9);
2468 EXPECT_NOT_POISONED(va_arg(vl, int));
2469 EXPECT_POISONED(va_arg(vl, int));
2470 va_end(vl);
2471 }
2472
2473 TEST(MemorySanitizer, VAArgManyFixTest) {
2474 int* x = GetPoisoned<int>();
2475 int* y = GetPoisoned<int>();
2476 vaargsfn_manyfix(1, *x, 3, 4, 5, 6, 7, 8, 9, 10, *y);
2477 }
2478
2479 static void vaargsfn_pass2(va_list vl) {
2480 EXPECT_NOT_POISONED(va_arg(vl, int));
2481 EXPECT_NOT_POISONED(va_arg(vl, int));
2482 EXPECT_POISONED(va_arg(vl, int));
2483 }
2484
2485 static void vaargsfn_pass(int guard, ...) {
2486 va_list vl;
2487 va_start(vl, guard);
2488 EXPECT_POISONED(va_arg(vl, int));
2489 vaargsfn_pass2(vl);
2490 va_end(vl);
2491 }
2492
2493 TEST(MemorySanitizer, VAArgPass) {
2494 int* x = GetPoisoned<int>();
2495 int* y = GetPoisoned<int>(4);
2496 vaargsfn_pass(1, *x, 2, 3, *y);
2497 }
2498
2499 static void vaargsfn_copy2(va_list vl) {
2500 EXPECT_NOT_POISONED(va_arg(vl, int));
2501 EXPECT_POISONED(va_arg(vl, int));
2502 }
2503
2504 static void vaargsfn_copy(int guard, ...) {
2505 va_list vl;
2506 va_start(vl, guard);
2507 EXPECT_NOT_POISONED(va_arg(vl, int));
2508 EXPECT_POISONED(va_arg(vl, int));
2509 va_list vl2;
2510 va_copy(vl2, vl);
2511 vaargsfn_copy2(vl2);
2512 EXPECT_NOT_POISONED(va_arg(vl, int));
2513 EXPECT_POISONED(va_arg(vl, int));
2514 va_end(vl);
2515 }
2516
2517 TEST(MemorySanitizer, VAArgCopy) {
2518 int* x = GetPoisoned<int>();
2519 int* y = GetPoisoned<int>(4);
2520 vaargsfn_copy(1, 2, *x, 3, *y);
2521 }
2522
2523 static void vaargsfn_ptr(int guard, ...) {
2524 va_list vl;
2525 va_start(vl, guard);
2526 EXPECT_NOT_POISONED(va_arg(vl, int*));
2527 EXPECT_POISONED(va_arg(vl, int*));
2528 EXPECT_NOT_POISONED(va_arg(vl, int*));
2529 EXPECT_POISONED(va_arg(vl, double*));
2530 va_end(vl);
2531 }
2532
2533 TEST(MemorySanitizer, VAArgPtr) {
2534 int** x = GetPoisoned<int*>();
2535 double** y = GetPoisoned<double*>(8);
2536 int z;
2537 vaargsfn_ptr(1, &z, *x, &z, *y);
2538 }
2539
2540 static void vaargsfn_overflow(int guard, ...) {
2541 va_list vl;
2542 va_start(vl, guard);
2543 EXPECT_NOT_POISONED(va_arg(vl, int));
2544 EXPECT_NOT_POISONED(va_arg(vl, int));
2545 EXPECT_POISONED(va_arg(vl, int));
2546 EXPECT_NOT_POISONED(va_arg(vl, int));
2547 EXPECT_NOT_POISONED(va_arg(vl, int));
2548 EXPECT_NOT_POISONED(va_arg(vl, int));
2549
2550 EXPECT_NOT_POISONED(va_arg(vl, double));
2551 EXPECT_NOT_POISONED(va_arg(vl, double));
2552 EXPECT_NOT_POISONED(va_arg(vl, double));
2553 EXPECT_POISONED(va_arg(vl, double));
2554 EXPECT_NOT_POISONED(va_arg(vl, double));
2555 EXPECT_POISONED(va_arg(vl, int*));
2556 EXPECT_NOT_POISONED(va_arg(vl, double));
2557 EXPECT_NOT_POISONED(va_arg(vl, double));
2558
2559 EXPECT_POISONED(va_arg(vl, int));
2560 EXPECT_POISONED(va_arg(vl, double));
2561 EXPECT_POISONED(va_arg(vl, int*));
2562
2563 EXPECT_NOT_POISONED(va_arg(vl, int));
2564 EXPECT_NOT_POISONED(va_arg(vl, double));
2565 EXPECT_NOT_POISONED(va_arg(vl, int*));
2566
2567 EXPECT_POISONED(va_arg(vl, int));
2568 EXPECT_POISONED(va_arg(vl, double));
2569 EXPECT_POISONED(va_arg(vl, int*));
2570
2571 va_end(vl);
2572 }
2573
2574 TEST(MemorySanitizer, VAArgOverflow) {
2575 int* x = GetPoisoned<int>();
2576 double* y = GetPoisoned<double>(8);
2577 int** p = GetPoisoned<int*>(16);
2578 int z;
2579 vaargsfn_overflow(1,
2580 1, 2, *x, 4, 5, 6,
2581 1.1, 2.2, 3.3, *y, 5.5, *p, 7.7, 8.8,
2582 // the following args will overflow for sure
2583 *x, *y, *p,
2584 7, 9.9, &z,
2585 *x, *y, *p);
2586 }
2587
2588 static void vaargsfn_tlsoverwrite2(int guard, ...) {
2589 va_list vl;
2590 va_start(vl, guard);
2591 for (int i = 0; i < 20; ++i)
2592 EXPECT_NOT_POISONED(va_arg(vl, int));
2593 va_end(vl);
2594 }
2595
2596 static void vaargsfn_tlsoverwrite(int guard, ...) {
2597 // This call will overwrite TLS contents unless it's backed up somewhere.
2598 vaargsfn_tlsoverwrite2(2,
2599 42, 42, 42, 42, 42,
2600 42, 42, 42, 42, 42,
2601 42, 42, 42, 42, 42,
2602 42, 42, 42, 42, 42); // 20x
2603 va_list vl;
2604 va_start(vl, guard);
2605 for (int i = 0; i < 20; ++i)
2606 EXPECT_POISONED(va_arg(vl, int));
2607 va_end(vl);
2608 }
2609
2610 TEST(MemorySanitizer, VAArgTLSOverwrite) {
2611 int* x = GetPoisoned<int>();
2612 vaargsfn_tlsoverwrite(1,
2613 *x, *x, *x, *x, *x,
2614 *x, *x, *x, *x, *x,
2615 *x, *x, *x, *x, *x,
2616 *x, *x, *x, *x, *x); // 20x
2617
2618 }
2619
2620 struct StructByVal {
2621 int a, b, c, d, e, f;
2622 };
2623
2624 static void vaargsfn_structbyval(int guard, ...) {
2625 va_list vl;
2626 va_start(vl, guard);
2627 {
2628 StructByVal s = va_arg(vl, StructByVal);
2629 EXPECT_NOT_POISONED(s.a);
2630 EXPECT_POISONED(s.b);
2631 EXPECT_NOT_POISONED(s.c);
2632 EXPECT_POISONED(s.d);
2633 EXPECT_NOT_POISONED(s.e);
2634 EXPECT_POISONED(s.f);
2635 }
2636 {
2637 StructByVal s = va_arg(vl, StructByVal);
2638 EXPECT_NOT_POISONED(s.a);
2639 EXPECT_POISONED(s.b);
2640 EXPECT_NOT_POISONED(s.c);
2641 EXPECT_POISONED(s.d);
2642 EXPECT_NOT_POISONED(s.e);
2643 EXPECT_POISONED(s.f);
2644 }
2645 va_end(vl);
2646 }
2647
2648 TEST(MemorySanitizer, VAArgStructByVal) {
2649 StructByVal s;
2650 s.a = 1;
2651 s.b = *GetPoisoned<int>();
2652 s.c = 2;
2653 s.d = *GetPoisoned<int>();
2654 s.e = 3;
2655 s.f = *GetPoisoned<int>();
2656 vaargsfn_structbyval(0, s, s);
2657 }
2658
2659 NOINLINE void StructByValTestFunc(struct StructByVal s) {
2660 EXPECT_NOT_POISONED(s.a);
2661 EXPECT_POISONED(s.b);
2662 EXPECT_NOT_POISONED(s.c);
2663 EXPECT_POISONED(s.d);
2664 EXPECT_NOT_POISONED(s.e);
2665 EXPECT_POISONED(s.f);
2666 }
2667
2668 NOINLINE void StructByValTestFunc1(struct StructByVal s) {
2669 StructByValTestFunc(s);
2670 }
2671
2672 NOINLINE void StructByValTestFunc2(int z, struct StructByVal s) {
2673 StructByValTestFunc(s);
2674 }
2675
2676 TEST(MemorySanitizer, StructByVal) {
2677 // Large aggregates are passed as "byval" pointer argument in LLVM.
2678 struct StructByVal s;
2679 s.a = 1;
2680 s.b = *GetPoisoned<int>();
2681 s.c = 2;
2682 s.d = *GetPoisoned<int>();
2683 s.e = 3;
2684 s.f = *GetPoisoned<int>();
2685 StructByValTestFunc(s);
2686 StructByValTestFunc1(s);
2687 StructByValTestFunc2(0, s);
2688 }
2689
2690
2691 #if MSAN_HAS_M128
2692 NOINLINE __m128i m128Eq(__m128i *a, __m128i *b) { return _mm_cmpeq_epi16(*a, *b); }
2693 NOINLINE __m128i m128Lt(__m128i *a, __m128i *b) { return _mm_cmplt_epi16(*a, *b); }
2694 TEST(MemorySanitizer, m128) {
2695 __m128i a = _mm_set1_epi16(0x1234);
2696 __m128i b = _mm_set1_epi16(0x7890);
2697 EXPECT_NOT_POISONED(m128Eq(&a, &b));
2698 EXPECT_NOT_POISONED(m128Lt(&a, &b));
2699 }
2700 // FIXME: add more tests for __m128i.
2701 #endif // MSAN_HAS_M128
2702
2703 // We should not complain when copying this poisoned hole.
2704 struct StructWithHole {
2705 U4 a;
2706 // 4-byte hole.
2707 U8 b;
2708 };
2709
2710 NOINLINE StructWithHole ReturnStructWithHole() {
2711 StructWithHole res;
2712 __msan_poison(&res, sizeof(res));
2713 res.a = 1;
2714 res.b = 2;
2715 return res;
2716 }
2717
2718 TEST(MemorySanitizer, StructWithHole) {
2719 StructWithHole a = ReturnStructWithHole();
2720 break_optimization(&a);
2721 }
2722
2723 template <class T>
2724 NOINLINE T ReturnStruct() {
2725 T res;
2726 __msan_poison(&res, sizeof(res));
2727 res.a = 1;
2728 return res;
2729 }
2730
2731 template <class T>
2732 NOINLINE void TestReturnStruct() {
2733 T s1 = ReturnStruct<T>();
2734 EXPECT_NOT_POISONED(s1.a);
2735 EXPECT_POISONED(s1.b);
2736 }
2737
2738 struct SSS1 {
2739 int a, b, c;
2740 };
2741 struct SSS2 {
2742 int b, a, c;
2743 };
2744 struct SSS3 {
2745 int b, c, a;
2746 };
2747 struct SSS4 {
2748 int c, b, a;
2749 };
2750
2751 struct SSS5 {
2752 int a;
2753 float b;
2754 };
2755 struct SSS6 {
2756 int a;
2757 double b;
2758 };
2759 struct SSS7 {
2760 S8 b;
2761 int a;
2762 };
2763 struct SSS8 {
2764 S2 b;
2765 S8 a;
2766 };
2767
2768 TEST(MemorySanitizer, IntStruct3) {
2769 TestReturnStruct<SSS1>();
2770 TestReturnStruct<SSS2>();
2771 TestReturnStruct<SSS3>();
2772 TestReturnStruct<SSS4>();
2773 TestReturnStruct<SSS5>();
2774 TestReturnStruct<SSS6>();
2775 TestReturnStruct<SSS7>();
2776 TestReturnStruct<SSS8>();
2777 }
2778
2779 struct LongStruct {
2780 U1 a1, b1;
2781 U2 a2, b2;
2782 U4 a4, b4;
2783 U8 a8, b8;
2784 };
2785
2786 NOINLINE LongStruct ReturnLongStruct1() {
2787 LongStruct res;
2788 __msan_poison(&res, sizeof(res));
2789 res.a1 = res.a2 = res.a4 = res.a8 = 111;
2790 // leaves b1, .., b8 poisoned.
2791 return res;
2792 }
2793
2794 NOINLINE LongStruct ReturnLongStruct2() {
2795 LongStruct res;
2796 __msan_poison(&res, sizeof(res));
2797 res.b1 = res.b2 = res.b4 = res.b8 = 111;
2798 // leaves a1, .., a8 poisoned.
2799 return res;
2800 }
2801
2802 TEST(MemorySanitizer, LongStruct) {
2803 LongStruct s1 = ReturnLongStruct1();
2804 __msan_print_shadow(&s1, sizeof(s1));
2805 EXPECT_NOT_POISONED(s1.a1);
2806 EXPECT_NOT_POISONED(s1.a2);
2807 EXPECT_NOT_POISONED(s1.a4);
2808 EXPECT_NOT_POISONED(s1.a8);
2809
2810 EXPECT_POISONED(s1.b1);
2811 EXPECT_POISONED(s1.b2);
2812 EXPECT_POISONED(s1.b4);
2813 EXPECT_POISONED(s1.b8);
2814
2815 LongStruct s2 = ReturnLongStruct2();
2816 __msan_print_shadow(&s2, sizeof(s2));
2817 EXPECT_NOT_POISONED(s2.b1);
2818 EXPECT_NOT_POISONED(s2.b2);
2819 EXPECT_NOT_POISONED(s2.b4);
2820 EXPECT_NOT_POISONED(s2.b8);
2821
2822 EXPECT_POISONED(s2.a1);
2823 EXPECT_POISONED(s2.a2);
2824 EXPECT_POISONED(s2.a4);
2825 EXPECT_POISONED(s2.a8);
2826 }
2827
2828 #ifdef __GLIBC__
2829 #define MSAN_TEST_PRLIMIT __GLIBC_PREREQ(2, 13)
2830 #else
2831 #define MSAN_TEST_PRLIMIT 1
2832 #endif
2833
2834 TEST(MemorySanitizer, getrlimit) {
2835 struct rlimit limit;
2836 __msan_poison(&limit, sizeof(limit));
2837 int result = getrlimit(RLIMIT_DATA, &limit);
2838 ASSERT_EQ(result, 0);
2839 EXPECT_NOT_POISONED(limit.rlim_cur);
2840 EXPECT_NOT_POISONED(limit.rlim_max);
2841
2842 #if MSAN_TEST_PRLIMIT
2843 struct rlimit limit2;
2844 __msan_poison(&limit2, sizeof(limit2));
2845 result = prlimit(getpid(), RLIMIT_DATA, &limit, &limit2);
2846 ASSERT_EQ(result, 0);
2847 EXPECT_NOT_POISONED(limit2.rlim_cur);
2848 EXPECT_NOT_POISONED(limit2.rlim_max);
2849
2850 __msan_poison(&limit, sizeof(limit));
2851 result = prlimit(getpid(), RLIMIT_DATA, nullptr, &limit);
2852 ASSERT_EQ(result, 0);
2853 EXPECT_NOT_POISONED(limit.rlim_cur);
2854 EXPECT_NOT_POISONED(limit.rlim_max);
2855
2856 result = prlimit(getpid(), RLIMIT_DATA, &limit, nullptr);
2857 ASSERT_EQ(result, 0);
2858 #endif
2859 }
2860
2861 TEST(MemorySanitizer, getrusage) {
2862 struct rusage usage;
2863 __msan_poison(&usage, sizeof(usage));
2864 int result = getrusage(RUSAGE_SELF, &usage);
2865 ASSERT_EQ(result, 0);
2866 EXPECT_NOT_POISONED(usage.ru_utime.tv_sec);
2867 EXPECT_NOT_POISONED(usage.ru_utime.tv_usec);
2868 EXPECT_NOT_POISONED(usage.ru_stime.tv_sec);
2869 EXPECT_NOT_POISONED(usage.ru_stime.tv_usec);
2870 EXPECT_NOT_POISONED(usage.ru_maxrss);
2871 EXPECT_NOT_POISONED(usage.ru_minflt);
2872 EXPECT_NOT_POISONED(usage.ru_majflt);
2873 EXPECT_NOT_POISONED(usage.ru_inblock);
2874 EXPECT_NOT_POISONED(usage.ru_oublock);
2875 EXPECT_NOT_POISONED(usage.ru_nvcsw);
2876 EXPECT_NOT_POISONED(usage.ru_nivcsw);
2877 }
2878
2879 #if defined(__FreeBSD__)
2880 static void GetProgramPath(char *buf, size_t sz) {
2881 int mib[4] = { CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, -1 };
2882 int res = sysctl(mib, 4, buf, &sz, NULL, 0);
2883 ASSERT_EQ(0, res);
2884 }
2885 #elif defined(__GLIBC__)
2886 static void GetProgramPath(char *buf, size_t sz) {
2887 extern char *program_invocation_name;
2888 int res = snprintf(buf, sz, "%s", program_invocation_name);
2889 ASSERT_GE(res, 0);
2890 ASSERT_LT((size_t)res, sz);
2891 }
2892 #else
2893 # error "TODO: port this"
2894 #endif
2895
2896 static void dladdr_testfn() {}
2897
2898 TEST(MemorySanitizer, dladdr) {
2899 Dl_info info;
2900 __msan_poison(&info, sizeof(info));
2901 int result = dladdr((const void*)dladdr_testfn, &info);
2902 ASSERT_NE(result, 0);
2903 EXPECT_NOT_POISONED((unsigned long)info.dli_fname);
2904 if (info.dli_fname)
2905 EXPECT_NOT_POISONED(strlen(info.dli_fname));
2906 EXPECT_NOT_POISONED((unsigned long)info.dli_fbase);
2907 EXPECT_NOT_POISONED((unsigned long)info.dli_sname);
2908 if (info.dli_sname)
2909 EXPECT_NOT_POISONED(strlen(info.dli_sname));
2910 EXPECT_NOT_POISONED((unsigned long)info.dli_saddr);
2911 }
2912
2913 #ifndef MSAN_TEST_DISABLE_DLOPEN
2914
2915 static int dl_phdr_callback(struct dl_phdr_info *info, size_t size, void *data) {
2916 (*(int *)data)++;
2917 EXPECT_NOT_POISONED(info->dlpi_addr);
2918 EXPECT_NOT_POISONED(strlen(info->dlpi_name));
2919 EXPECT_NOT_POISONED(info->dlpi_phnum);
2920 for (int i = 0; i < info->dlpi_phnum; ++i)
2921 EXPECT_NOT_POISONED(info->dlpi_phdr[i]);
2922 return 0;
2923 }
2924
2925 // Compute the path to our loadable DSO. We assume it's in the same
2926 // directory. Only use string routines that we intercept so far to do this.
2927 static void GetPathToLoadable(char *buf, size_t sz) {
2928 char program_path[kMaxPathLength];
2929 GetProgramPath(program_path, sizeof(program_path));
2930
2931 const char *last_slash = strrchr(program_path, '/');
2932 ASSERT_NE(nullptr, last_slash);
2933 size_t dir_len = (size_t)(last_slash - program_path);
2934 #if defined(__x86_64__)
2935 static const char basename[] = "libmsan_loadable.x86_64.so";
2936 #elif defined(__MIPSEB__) || defined(MIPSEB)
2937 static const char basename[] = "libmsan_loadable.mips64.so";
2938 #elif defined(__mips64)
2939 static const char basename[] = "libmsan_loadable.mips64el.so";
2940 #elif defined(__aarch64__)
2941 static const char basename[] = "libmsan_loadable.aarch64.so";
2942 #elif defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
2943 static const char basename[] = "libmsan_loadable.powerpc64.so";
2944 #elif defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
2945 static const char basename[] = "libmsan_loadable.powerpc64le.so";
2946 #endif
2947 int res = snprintf(buf, sz, "%.*s/%s",
2948 (int)dir_len, program_path, basename);
2949 ASSERT_GE(res, 0);
2950 ASSERT_LT((size_t)res, sz);
2951 }
2952
2953 TEST(MemorySanitizer, dl_iterate_phdr) {
2954 char path[kMaxPathLength];
2955 GetPathToLoadable(path, sizeof(path));
2956
2957 // Having at least one dlopen'ed library in the process makes this more
2958 // entertaining.
2959 void *lib = dlopen(path, RTLD_LAZY);
2960 ASSERT_NE((void*)0, lib);
2961
2962 int count = 0;
2963 int result = dl_iterate_phdr(dl_phdr_callback, &count);
2964 ASSERT_GT(count, 0);
2965
2966 dlclose(lib);
2967 }
2968
2969 TEST(MemorySanitizer, dlopen) {
2970 char path[kMaxPathLength];
2971 GetPathToLoadable(path, sizeof(path));
2972
2973 // We need to clear shadow for globals when doing dlopen. In order to test
2974 // this, we have to poison the shadow for the DSO before we load it. In
2975 // general this is difficult, but the loader tends to reload things in the
2976 // same place, so we open, close, and then reopen. The global should always
2977 // start out clean after dlopen.
2978 for (int i = 0; i < 2; i++) {
2979 void *lib = dlopen(path, RTLD_LAZY);
2980 if (lib == NULL) {
2981 printf("dlerror: %s\n", dlerror());
2982 ASSERT_TRUE(lib != NULL);
2983 }
2984 void **(*get_dso_global)() = (void **(*)())dlsym(lib, "get_dso_global");
2985 ASSERT_TRUE(get_dso_global != NULL);
2986 void **dso_global = get_dso_global();
2987 EXPECT_NOT_POISONED(*dso_global);
2988 __msan_poison(dso_global, sizeof(*dso_global));
2989 EXPECT_POISONED(*dso_global);
2990 dlclose(lib);
2991 }
2992 }
2993
2994 // Regression test for a crash in dlopen() interceptor.
2995 TEST(MemorySanitizer, dlopenFailed) {
2996 const char *path = "/libmsan_loadable_does_not_exist.so";
2997 void *lib = dlopen(path, RTLD_LAZY);
2998 ASSERT_TRUE(lib == NULL);
2999 }
3000
3001 #endif // MSAN_TEST_DISABLE_DLOPEN
3002
3003 // There's no sched_getaffinity() on FreeBSD.
3004 #if !defined(__FreeBSD__)
3005 TEST(MemorySanitizer, sched_getaffinity) {
3006 cpu_set_t mask;
3007 int res = sched_getaffinity(getpid(), sizeof(mask), &mask);
3008 ASSERT_EQ(0, res);
3009 EXPECT_NOT_POISONED(mask);
3010 }
3011 #endif
3012
3013 TEST(MemorySanitizer, scanf) {
3014 const char *input = "42 hello";
3015 int* d = new int;
3016 char* s = new char[7];
3017 int res = sscanf(input, "%d %5s", d, s);
3018 printf("res %d\n", res);
3019 ASSERT_EQ(res, 2);
3020 EXPECT_NOT_POISONED(*d);
3021 EXPECT_NOT_POISONED(s[0]);
3022 EXPECT_NOT_POISONED(s[1]);
3023 EXPECT_NOT_POISONED(s[2]);
3024 EXPECT_NOT_POISONED(s[3]);
3025 EXPECT_NOT_POISONED(s[4]);
3026 EXPECT_NOT_POISONED(s[5]);
3027 EXPECT_POISONED(s[6]);
3028 delete[] s;
3029 delete d;
3030 }
3031
3032 static void *SimpleThread_threadfn(void* data) {
3033 return new int;
3034 }
3035
3036 TEST(MemorySanitizer, SimpleThread) {
3037 pthread_t t;
3038 void *p;
3039 int res = pthread_create(&t, NULL, SimpleThread_threadfn, NULL);
3040 ASSERT_EQ(0, res);
3041 EXPECT_NOT_POISONED(t);
3042 res = pthread_join(t, &p);
3043 ASSERT_EQ(0, res);
3044 EXPECT_NOT_POISONED(p);
3045 delete (int*)p;
3046 }
3047
3048 static void *SmallStackThread_threadfn(void* data) {
3049 return 0;
3050 }
3051
3052 #ifdef PTHREAD_STACK_MIN
3053 # define SMALLSTACKSIZE PTHREAD_STACK_MIN
3054 # define SMALLPRESTACKSIZE PTHREAD_STACK_MIN
3055 #else
3056 # define SMALLSTACKSIZE 64 * 1024
3057 # define SMALLPRESTACKSIZE 16 * 1024
3058 #endif
3059
3060 TEST(MemorySanitizer, SmallStackThread) {
3061 pthread_attr_t attr;
3062 pthread_t t;
3063 void *p;
3064 int res;
3065 res = pthread_attr_init(&attr);
3066 ASSERT_EQ(0, res);
3067 res = pthread_attr_setstacksize(&attr, SMALLSTACKSIZE);
3068 ASSERT_EQ(0, res);
3069 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL);
3070 ASSERT_EQ(0, res);
3071 res = pthread_join(t, &p);
3072 ASSERT_EQ(0, res);
3073 res = pthread_attr_destroy(&attr);
3074 ASSERT_EQ(0, res);
3075 }
3076
3077 TEST(MemorySanitizer, SmallPreAllocatedStackThread) {
3078 pthread_attr_t attr;
3079 pthread_t t;
3080 int res;
3081 res = pthread_attr_init(&attr);
3082 ASSERT_EQ(0, res);
3083 void *stack;
3084 const size_t kStackSize = SMALLPRESTACKSIZE;
3085 res = posix_memalign(&stack, 4096, kStackSize);
3086 ASSERT_EQ(0, res);
3087 res = pthread_attr_setstack(&attr, stack, kStackSize);
3088 ASSERT_EQ(0, res);
3089 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL);
3090 EXPECT_EQ(0, res);
3091 res = pthread_join(t, NULL);
3092 ASSERT_EQ(0, res);
3093 res = pthread_attr_destroy(&attr);
3094 ASSERT_EQ(0, res);
3095 }
3096
3097 TEST(MemorySanitizer, pthread_attr_get) {
3098 pthread_attr_t attr;
3099 int res;
3100 res = pthread_attr_init(&attr);
3101 ASSERT_EQ(0, res);
3102 {
3103 int v;
3104 res = pthread_attr_getdetachstate(&attr, &v);
3105 ASSERT_EQ(0, res);
3106 EXPECT_NOT_POISONED(v);
3107 }
3108 {
3109 size_t v;
3110 res = pthread_attr_getguardsize(&attr, &v);
3111 ASSERT_EQ(0, res);
3112 EXPECT_NOT_POISONED(v);
3113 }
3114 {
3115 struct sched_param v;
3116 res = pthread_attr_getschedparam(&attr, &v);
3117 ASSERT_EQ(0, res);
3118 EXPECT_NOT_POISONED(v);
3119 }
3120 {
3121 int v;
3122 res = pthread_attr_getschedpolicy(&attr, &v);
3123 ASSERT_EQ(0, res);
3124 EXPECT_NOT_POISONED(v);
3125 }
3126 {
3127 int v;
3128 res = pthread_attr_getinheritsched(&attr, &v);
3129 ASSERT_EQ(0, res);
3130 EXPECT_NOT_POISONED(v);
3131 }
3132 {
3133 int v;
3134 res = pthread_attr_getscope(&attr, &v);
3135 ASSERT_EQ(0, res);
3136 EXPECT_NOT_POISONED(v);
3137 }
3138 {
3139 size_t v;
3140 res = pthread_attr_getstacksize(&attr, &v);
3141 ASSERT_EQ(0, res);
3142 EXPECT_NOT_POISONED(v);
3143 }
3144 {
3145 void *v;
3146 size_t w;
3147 res = pthread_attr_getstack(&attr, &v, &w);
3148 ASSERT_EQ(0, res);
3149 EXPECT_NOT_POISONED(v);
3150 EXPECT_NOT_POISONED(w);
3151 }
3152 {
3153 cpu_set_t v;
3154 res = pthread_attr_getaffinity_np(&attr, sizeof(v), &v);
3155 ASSERT_EQ(0, res);
3156 EXPECT_NOT_POISONED(v);
3157 }
3158 res = pthread_attr_destroy(&attr);
3159 ASSERT_EQ(0, res);
3160 }
3161
3162 TEST(MemorySanitizer, pthread_getschedparam) {
3163 int policy;
3164 struct sched_param param;
3165 int res = pthread_getschedparam(pthread_self(), &policy, &param);
3166 ASSERT_EQ(0, res);
3167 EXPECT_NOT_POISONED(policy);
3168 EXPECT_NOT_POISONED(param.sched_priority);
3169 }
3170
3171 TEST(MemorySanitizer, pthread_key_create) {
3172 pthread_key_t key;
3173 int res = pthread_key_create(&key, NULL);
3174 ASSERT_EQ(0, res);
3175 EXPECT_NOT_POISONED(key);
3176 res = pthread_key_delete(key);
3177 ASSERT_EQ(0, res);
3178 }
3179
3180 namespace {
3181 struct SignalCondArg {
3182 pthread_cond_t* cond;
3183 pthread_mutex_t* mu;
3184 bool broadcast;
3185 };
3186
3187 void *SignalCond(void *param) {
3188 SignalCondArg *arg = reinterpret_cast<SignalCondArg *>(param);
3189 pthread_mutex_lock(arg->mu);
3190 if (arg->broadcast)
3191 pthread_cond_broadcast(arg->cond);
3192 else
3193 pthread_cond_signal(arg->cond);
3194 pthread_mutex_unlock(arg->mu);
3195 return 0;
3196 }
3197 } // namespace
3198
3199 TEST(MemorySanitizer, pthread_cond_wait) {
3200 pthread_cond_t cond;
3201 pthread_mutex_t mu;
3202 SignalCondArg args = {&cond, &mu, false};
3203 pthread_cond_init(&cond, 0);
3204 pthread_mutex_init(&mu, 0);
3205 pthread_mutex_lock(&mu);
3206
3207 // signal
3208 pthread_t thr;
3209 pthread_create(&thr, 0, SignalCond, &args);
3210 int res = pthread_cond_wait(&cond, &mu);
3211 ASSERT_EQ(0, res);
3212 pthread_join(thr, 0);
3213
3214 // broadcast
3215 args.broadcast = true;
3216 pthread_create(&thr, 0, SignalCond, &args);
3217 res = pthread_cond_wait(&cond, &mu);
3218 ASSERT_EQ(0, res);
3219 pthread_join(thr, 0);
3220
3221 pthread_mutex_unlock(&mu);
3222 pthread_mutex_destroy(&mu);
3223 pthread_cond_destroy(&cond);
3224 }
3225
3226 TEST(MemorySanitizer, tmpnam) {
3227 char s[L_tmpnam];
3228 char *res = tmpnam(s);
3229 ASSERT_EQ(s, res);
3230 EXPECT_NOT_POISONED(strlen(res));
3231 }
3232
3233 TEST(MemorySanitizer, tempnam) {
3234 char *res = tempnam(NULL, "zzz");
3235 EXPECT_NOT_POISONED(strlen(res));
3236 free(res);
3237 }
3238
3239 TEST(MemorySanitizer, posix_memalign) {
3240 void *p;
3241 EXPECT_POISONED(p);
3242 int res = posix_memalign(&p, 4096, 13);
3243 ASSERT_EQ(0, res);
3244 EXPECT_NOT_POISONED(p);
3245 EXPECT_EQ(0U, (uintptr_t)p % 4096);
3246 free(p);
3247 }
3248
3249 // There's no memalign() on FreeBSD.
3250 #if !defined(__FreeBSD__)
3251 TEST(MemorySanitizer, memalign) {
3252 void *p = memalign(4096, 13);
3253 EXPECT_EQ(0U, (uintptr_t)p % 4096);
3254 free(p);
3255 }
3256 #endif
3257
3258 TEST(MemorySanitizer, valloc) {
3259 void *a = valloc(100);
3260 uintptr_t PageSize = GetPageSize();
3261 EXPECT_EQ(0U, (uintptr_t)a % PageSize);
3262 free(a);
3263 }
3264
3265 // There's no pvalloc() on FreeBSD.
3266 #if !defined(__FreeBSD__)
3267 TEST(MemorySanitizer, pvalloc) {
3268 uintptr_t PageSize = GetPageSize();
3269 void *p = pvalloc(PageSize + 100);
3270 EXPECT_EQ(0U, (uintptr_t)p % PageSize);
3271 EXPECT_EQ(2 * PageSize, __sanitizer_get_allocated_size(p));
3272 free(p);
3273
3274 p = pvalloc(0); // pvalloc(0) should allocate at least one page.
3275 EXPECT_EQ(0U, (uintptr_t)p % PageSize);
3276 EXPECT_EQ(PageSize, __sanitizer_get_allocated_size(p));
3277 free(p);
3278 }
3279 #endif
3280
3281 TEST(MemorySanitizer, inet_pton) {
3282 const char *s = "1:0:0:0:0:0:0:8";
3283 unsigned char buf[sizeof(struct in6_addr)];
3284 int res = inet_pton(AF_INET6, s, buf);
3285 ASSERT_EQ(1, res);
3286 EXPECT_NOT_POISONED(buf[0]);
3287 EXPECT_NOT_POISONED(buf[sizeof(struct in6_addr) - 1]);
3288
3289 char s_out[INET6_ADDRSTRLEN];
3290 EXPECT_POISONED(s_out[3]);
3291 const char *q = inet_ntop(AF_INET6, buf, s_out, INET6_ADDRSTRLEN);
3292 ASSERT_NE((void*)0, q);
3293 EXPECT_NOT_POISONED(s_out[3]);
3294 }
3295
3296 TEST(MemorySanitizer, inet_aton) {
3297 const char *s = "127.0.0.1";
3298 struct in_addr in[2];
3299 int res = inet_aton(s, in);
3300 ASSERT_NE(0, res);
3301 EXPECT_NOT_POISONED(in[0]);
3302 EXPECT_POISONED(*(char *)(in + 1));
3303 }
3304
3305 TEST(MemorySanitizer, uname) {
3306 struct utsname u;
3307 int res = uname(&u);
3308 ASSERT_EQ(0, res);
3309 EXPECT_NOT_POISONED(strlen(u.sysname));
3310 EXPECT_NOT_POISONED(strlen(u.nodename));
3311 EXPECT_NOT_POISONED(strlen(u.release));
3312 EXPECT_NOT_POISONED(strlen(u.version));
3313 EXPECT_NOT_POISONED(strlen(u.machine));
3314 }
3315
3316 TEST(MemorySanitizer, gethostname) {
3317 char buf[100];
3318 int res = gethostname(buf, 100);
3319 ASSERT_EQ(0, res);
3320 EXPECT_NOT_POISONED(strlen(buf));
3321 }
3322
3323 // There's no sysinfo() on FreeBSD.
3324 #if !defined(__FreeBSD__)
3325 TEST(MemorySanitizer, sysinfo) {
3326 struct sysinfo info;
3327 int res = sysinfo(&info);
3328 ASSERT_EQ(0, res);
3329 EXPECT_NOT_POISONED(info);
3330 }
3331 #endif
3332
3333 TEST(MemorySanitizer, getpwuid) {
3334 struct passwd *p = getpwuid(0); // root
3335 ASSERT_TRUE(p != NULL);
3336 EXPECT_NOT_POISONED(p->pw_name);
3337 ASSERT_TRUE(p->pw_name != NULL);
3338 EXPECT_NOT_POISONED(p->pw_name[0]);
3339 EXPECT_NOT_POISONED(p->pw_uid);
3340 ASSERT_EQ(0U, p->pw_uid);
3341 }
3342
3343 TEST(MemorySanitizer, getpwuid_r) {
3344 struct passwd pwd;
3345 struct passwd *pwdres;
3346 char buf[10000];
3347 int res = getpwuid_r(0, &pwd, buf, sizeof(buf), &pwdres);
3348 ASSERT_EQ(0, res);
3349 EXPECT_NOT_POISONED(pwd.pw_name);
3350 ASSERT_TRUE(pwd.pw_name != NULL);
3351 EXPECT_NOT_POISONED(pwd.pw_name[0]);
3352 EXPECT_NOT_POISONED(pwd.pw_uid);
3353 ASSERT_EQ(0U, pwd.pw_uid);
3354 EXPECT_NOT_POISONED(pwdres);
3355 }
3356
3357 TEST(MemorySanitizer, getpwnam_r) {
3358 struct passwd pwd;
3359 struct passwd *pwdres;
3360 char buf[10000];
3361 int res = getpwnam_r("root", &pwd, buf, sizeof(buf), &pwdres);
3362 ASSERT_EQ(0, res);
3363 EXPECT_NOT_POISONED(pwd.pw_name);
3364 ASSERT_TRUE(pwd.pw_name != NULL);
3365 EXPECT_NOT_POISONED(pwd.pw_name[0]);
3366 EXPECT_NOT_POISONED(pwd.pw_uid);
3367 ASSERT_EQ(0U, pwd.pw_uid);
3368 EXPECT_NOT_POISONED(pwdres);
3369 }
3370
3371 TEST(MemorySanitizer, getpwnam_r_positive) {
3372 struct passwd pwd;
3373 struct passwd *pwdres;
3374 char s[5];
3375 strncpy(s, "abcd", 5);
3376 __msan_poison(s, 5);
3377 char buf[10000];
3378 int res;
3379 EXPECT_UMR(res = getpwnam_r(s, &pwd, buf, sizeof(buf), &pwdres));
3380 }
3381
3382 TEST(MemorySanitizer, getgrnam_r) {
3383 struct group grp;
3384 struct group *grpres;
3385 char buf[10000];
3386 int res = getgrnam_r(SUPERUSER_GROUP, &grp, buf, sizeof(buf), &grpres);
3387 ASSERT_EQ(0, res);
3388 // Note that getgrnam_r() returns 0 if the matching group is not found.
3389 ASSERT_NE(nullptr, grpres);
3390 EXPECT_NOT_POISONED(grp.gr_name);
3391 ASSERT_TRUE(grp.gr_name != NULL);
3392 EXPECT_NOT_POISONED(grp.gr_name[0]);
3393 EXPECT_NOT_POISONED(grp.gr_gid);
3394 EXPECT_NOT_POISONED(grpres);
3395 }
3396
3397 TEST(MemorySanitizer, getpwent) {
3398 setpwent();
3399 struct passwd *p = getpwent();
3400 ASSERT_TRUE(p != NULL);
3401 EXPECT_NOT_POISONED(p->pw_name);
3402 ASSERT_TRUE(p->pw_name != NULL);
3403 EXPECT_NOT_POISONED(p->pw_name[0]);
3404 EXPECT_NOT_POISONED(p->pw_uid);
3405 }
3406
3407 TEST(MemorySanitizer, getpwent_r) {
3408 struct passwd pwd;
3409 struct passwd *pwdres;
3410 char buf[10000];
3411 setpwent();
3412 int res = getpwent_r(&pwd, buf, sizeof(buf), &pwdres);
3413 ASSERT_EQ(0, res);
3414 EXPECT_NOT_POISONED(pwd.pw_name);
3415 ASSERT_TRUE(pwd.pw_name != NULL);
3416 EXPECT_NOT_POISONED(pwd.pw_name[0]);
3417 EXPECT_NOT_POISONED(pwd.pw_uid);
3418 EXPECT_NOT_POISONED(pwdres);
3419 }
3420
3421 // There's no fgetpwent() on FreeBSD.
3422 #if !defined(__FreeBSD__)
3423 TEST(MemorySanitizer, fgetpwent) {
3424 FILE *fp = fopen("/etc/passwd", "r");
3425 struct passwd *p = fgetpwent(fp);
3426 ASSERT_TRUE(p != NULL);
3427 EXPECT_NOT_POISONED(p->pw_name);
3428 ASSERT_TRUE(p->pw_name != NULL);
3429 EXPECT_NOT_POISONED(p->pw_name[0]);
3430 EXPECT_NOT_POISONED(p->pw_uid);
3431 fclose(fp);
3432 }
3433 #endif
3434
3435 TEST(MemorySanitizer, getgrent) {
3436 setgrent();
3437 struct group *p = getgrent();
3438 ASSERT_TRUE(p != NULL);
3439 EXPECT_NOT_POISONED(p->gr_name);
3440 ASSERT_TRUE(p->gr_name != NULL);
3441 EXPECT_NOT_POISONED(p->gr_name[0]);
3442 EXPECT_NOT_POISONED(p->gr_gid);
3443 }
3444
3445 // There's no fgetgrent() on FreeBSD.
3446 #if !defined(__FreeBSD__)
3447 TEST(MemorySanitizer, fgetgrent) {
3448 FILE *fp = fopen("/etc/group", "r");
3449 struct group *grp = fgetgrent(fp);
3450 ASSERT_TRUE(grp != NULL);
3451 EXPECT_NOT_POISONED(grp->gr_name);
3452 ASSERT_TRUE(grp->gr_name != NULL);
3453 EXPECT_NOT_POISONED(grp->gr_name[0]);
3454 EXPECT_NOT_POISONED(grp->gr_gid);
3455 for (char **p = grp->gr_mem; *p; ++p) {
3456 EXPECT_NOT_POISONED((*p)[0]);
3457 EXPECT_TRUE(strlen(*p) > 0);
3458 }
3459 fclose(fp);
3460 }
3461 #endif
3462
3463 TEST(MemorySanitizer, getgrent_r) {
3464 struct group grp;
3465 struct group *grpres;
3466 char buf[10000];
3467 setgrent();
3468 int res = getgrent_r(&grp, buf, sizeof(buf), &grpres);
3469 ASSERT_EQ(0, res);
3470 EXPECT_NOT_POISONED(grp.gr_name);
3471 ASSERT_TRUE(grp.gr_name != NULL);
3472 EXPECT_NOT_POISONED(grp.gr_name[0]);
3473 EXPECT_NOT_POISONED(grp.gr_gid);
3474 EXPECT_NOT_POISONED(grpres);
3475 }
3476
3477 // There's no fgetgrent_r() on FreeBSD.
3478 #if !defined(__FreeBSD__)
3479 TEST(MemorySanitizer, fgetgrent_r) {
3480 FILE *fp = fopen("/etc/group", "r");
3481 struct group grp;
3482 struct group *grpres;
3483 char buf[10000];
3484 setgrent();
3485 int res = fgetgrent_r(fp, &grp, buf, sizeof(buf), &grpres);
3486 ASSERT_EQ(0, res);
3487 EXPECT_NOT_POISONED(grp.gr_name);
3488 ASSERT_TRUE(grp.gr_name != NULL);
3489 EXPECT_NOT_POISONED(grp.gr_name[0]);
3490 EXPECT_NOT_POISONED(grp.gr_gid);
3491 EXPECT_NOT_POISONED(grpres);
3492 fclose(fp);
3493 }
3494 #endif
3495
3496 TEST(MemorySanitizer, getgroups) {
3497 int n = getgroups(0, 0);
3498 gid_t *gids = new gid_t[n];
3499 int res = getgroups(n, gids);
3500 ASSERT_EQ(n, res);
3501 for (int i = 0; i < n; ++i)
3502 EXPECT_NOT_POISONED(gids[i]);
3503 }
3504
3505 TEST(MemorySanitizer, wordexp) {
3506 wordexp_t w;
3507 int res = wordexp("a b c", &w, 0);
3508 ASSERT_EQ(0, res);
3509 ASSERT_EQ(3U, w.we_wordc);
3510 ASSERT_STREQ("a", w.we_wordv[0]);
3511 ASSERT_STREQ("b", w.we_wordv[1]);
3512 ASSERT_STREQ("c", w.we_wordv[2]);
3513 }
3514
3515 template<class T>
3516 static bool applySlt(T value, T shadow) {
3517 __msan_partial_poison(&value, &shadow, sizeof(T));
3518 volatile bool zzz = true;
3519 // This "|| zzz" trick somehow makes LLVM emit "icmp slt" instead of
3520 // a shift-and-trunc to get at the highest bit.
3521 volatile bool v = value < 0 || zzz;
3522 return v;
3523 }
3524
3525 TEST(MemorySanitizer, SignedCompareWithZero) {
3526 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xF));
3527 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFF));
3528 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFFFFFF));
3529 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0x7FFFFFF));
3530 EXPECT_UMR(applySlt<S4>(0xF, 0x80FFFFFF));
3531 EXPECT_UMR(applySlt<S4>(0xF, 0xFFFFFFFF));
3532 }
3533
3534 template <class T, class S>
3535 static T poisoned(T Va, S Sa) {
3536 char SIZE_CHECK1[(ssize_t)sizeof(T) - (ssize_t)sizeof(S)];
3537 char SIZE_CHECK2[(ssize_t)sizeof(S) - (ssize_t)sizeof(T)];
3538 T a;
3539 a = Va;
3540 __msan_partial_poison(&a, &Sa, sizeof(T));
3541 return a;
3542 }
3543
3544 TEST(MemorySanitizer, ICmpRelational) {
3545 EXPECT_NOT_POISONED(poisoned(0, 0) < poisoned(0, 0));
3546 EXPECT_NOT_POISONED(poisoned(0U, 0) < poisoned(0U, 0));
3547 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) < poisoned(0LL, 0LLU));
3548 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) < poisoned(0LLU, 0LLU));
3549 EXPECT_POISONED(poisoned(0xFF, 0xFF) < poisoned(0xFF, 0xFF));
3550 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <
3551 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3552 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <
3553 poisoned(-1, 0xFFFFFFFFU));
3554
3555 EXPECT_NOT_POISONED(poisoned(0, 0) <= poisoned(0, 0));
3556 EXPECT_NOT_POISONED(poisoned(0U, 0) <= poisoned(0U, 0));
3557 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) <= poisoned(0LL, 0LLU));
3558 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) <= poisoned(0LLU, 0LLU));
3559 EXPECT_POISONED(poisoned(0xFF, 0xFF) <= poisoned(0xFF, 0xFF));
3560 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <=
3561 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3562 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <=
3563 poisoned(-1, 0xFFFFFFFFU));
3564
3565 EXPECT_NOT_POISONED(poisoned(0, 0) > poisoned(0, 0));
3566 EXPECT_NOT_POISONED(poisoned(0U, 0) > poisoned(0U, 0));
3567 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) > poisoned(0LL, 0LLU));
3568 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) > poisoned(0LLU, 0LLU));
3569 EXPECT_POISONED(poisoned(0xFF, 0xFF) > poisoned(0xFF, 0xFF));
3570 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >
3571 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3572 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >
3573 poisoned(-1, 0xFFFFFFFFU));
3574
3575 EXPECT_NOT_POISONED(poisoned(0, 0) >= poisoned(0, 0));
3576 EXPECT_NOT_POISONED(poisoned(0U, 0) >= poisoned(0U, 0));
3577 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) >= poisoned(0LL, 0LLU));
3578 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) >= poisoned(0LLU, 0LLU));
3579 EXPECT_POISONED(poisoned(0xFF, 0xFF) >= poisoned(0xFF, 0xFF));
3580 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >=
3581 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU));
3582 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >=
3583 poisoned(-1, 0xFFFFFFFFU));
3584
3585 EXPECT_POISONED(poisoned(6, 0xF) > poisoned(7, 0));
3586 EXPECT_POISONED(poisoned(0xF, 0xF) > poisoned(7, 0));
3587
3588 EXPECT_NOT_POISONED(poisoned(-1, 0x80000000U) >= poisoned(-1, 0U));
3589 }
3590
3591 #if MSAN_HAS_M128
3592 TEST(MemorySanitizer, ICmpVectorRelational) {
3593 EXPECT_NOT_POISONED(
3594 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)),
3595 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0))));
3596 EXPECT_NOT_POISONED(
3597 _mm_cmplt_epi16(poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)),
3598 poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0))));
3599 EXPECT_POISONED(
3600 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)),
3601 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF))));
3602 EXPECT_POISONED(_mm_cmpgt_epi16(poisoned(_mm_set1_epi16(6), _mm_set1_epi16(0xF)),
3603 poisoned(_mm_set1_epi16(7), _mm_set1_epi16(0))));
3604 }
3605 #endif
3606
3607 // Volatile bitfield store is implemented as load-mask-store
3608 // Test that we don't warn on the store of (uninitialized) padding.
3609 struct VolatileBitfieldStruct {
3610 volatile unsigned x : 1;
3611 unsigned y : 1;
3612 };
3613
3614 TEST(MemorySanitizer, VolatileBitfield) {
3615 VolatileBitfieldStruct *S = new VolatileBitfieldStruct;
3616 S->x = 1;
3617 EXPECT_NOT_POISONED((unsigned)S->x);
3618 EXPECT_POISONED((unsigned)S->y);
3619 }
3620
3621 TEST(MemorySanitizer, UnalignedLoad) {
3622 char x[32] __attribute__((aligned(8)));
3623 U4 origin = __LINE__;
3624 for (unsigned i = 0; i < sizeof(x) / 4; ++i)
3625 __msan_set_origin(x + 4 * i, 4, origin + i);
3626
3627 memset(x + 8, 0, 16);
3628 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 6), origin + 1);
3629 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 7), origin + 1);
3630 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 8));
3631 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 9));
3632 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 22));
3633 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 23), origin + 6);
3634 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 24), origin + 6);
3635
3636 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 4), origin + 1);
3637 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 7), origin + 1);
3638 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 8));
3639 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 9));
3640 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 20));
3641 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 21), origin + 6);
3642 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 24), origin + 6);
3643
3644 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x), origin);
3645 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 1), origin);
3646 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 7), origin + 1);
3647 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 8));
3648 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 9));
3649 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 16));
3650 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 17), origin + 6);
3651 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 21), origin + 6);
3652 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 24), origin + 6);
3653 }
3654
3655 TEST(MemorySanitizer, UnalignedStore16) {
3656 char x[5] __attribute__((aligned(4)));
3657 U2 y2 = 0;
3658 U4 origin = __LINE__;
3659 __msan_poison(&y2, 1);
3660 __msan_set_origin(&y2, 1, origin);
3661
3662 __sanitizer_unaligned_store16(x + 1, y2);
3663 EXPECT_POISONED_O(x[0], origin);
3664 EXPECT_POISONED_O(x[1], origin);
3665 EXPECT_NOT_POISONED(x[2]);
3666 EXPECT_POISONED_O(x[3], origin);
3667 }
3668
3669 TEST(MemorySanitizer, UnalignedStore32) {
3670 char x[8] __attribute__((aligned(4)));
3671 U4 y4 = 0;
3672 U4 origin = __LINE__;
3673 __msan_poison(&y4, 2);
3674 __msan_set_origin(&y4, 2, origin);
3675
3676 __sanitizer_unaligned_store32(x + 3, y4);
3677 EXPECT_POISONED_O(x[0], origin);
3678 EXPECT_POISONED_O(x[1], origin);
3679 EXPECT_POISONED_O(x[2], origin);
3680 EXPECT_POISONED_O(x[3], origin);
3681 EXPECT_POISONED_O(x[4], origin);
3682 EXPECT_NOT_POISONED(x[5]);
3683 EXPECT_NOT_POISONED(x[6]);
3684 EXPECT_POISONED_O(x[7], origin);
3685 }
3686
3687 TEST(MemorySanitizer, UnalignedStore64) {
3688 char x[16] __attribute__((aligned(8)));
3689 U8 y8 = 0;
3690 U4 origin = __LINE__;
3691 __msan_poison(&y8, 3);
3692 __msan_poison(((char *)&y8) + sizeof(y8) - 2, 1);
3693 __msan_set_origin(&y8, 8, origin);
3694
3695 __sanitizer_unaligned_store64(x + 3, y8);
3696 EXPECT_POISONED_O(x[0], origin);
3697 EXPECT_POISONED_O(x[1], origin);
3698 EXPECT_POISONED_O(x[2], origin);
3699 EXPECT_POISONED_O(x[3], origin);
3700 EXPECT_POISONED_O(x[4], origin);
3701 EXPECT_POISONED_O(x[5], origin);
3702 EXPECT_NOT_POISONED(x[6]);
3703 EXPECT_NOT_POISONED(x[7]);
3704 EXPECT_NOT_POISONED(x[8]);
3705 EXPECT_POISONED_O(x[9], origin);
3706 EXPECT_NOT_POISONED(x[10]);
3707 EXPECT_POISONED_O(x[11], origin);
3708 }
3709
3710 TEST(MemorySanitizer, UnalignedStore16_precise) {
3711 char x[8] __attribute__((aligned(4)));
3712 U2 y = 0;
3713 U4 originx1 = __LINE__;
3714 U4 originx2 = __LINE__;
3715 U4 originy = __LINE__;
3716 __msan_poison(x, sizeof(x));
3717 __msan_set_origin(x, 4, originx1);
3718 __msan_set_origin(x + 4, 4, originx2);
3719 __msan_poison(((char *)&y) + 1, 1);
3720 __msan_set_origin(&y, sizeof(y), originy);
3721
3722 __sanitizer_unaligned_store16(x + 3, y);
3723 EXPECT_POISONED_O(x[0], originx1);
3724 EXPECT_POISONED_O(x[1], originx1);
3725 EXPECT_POISONED_O(x[2], originx1);
3726 EXPECT_NOT_POISONED(x[3]);
3727 EXPECT_POISONED_O(x[4], originy);
3728 EXPECT_POISONED_O(x[5], originy);
3729 EXPECT_POISONED_O(x[6], originy);
3730 EXPECT_POISONED_O(x[7], originy);
3731 }
3732
3733 TEST(MemorySanitizer, UnalignedStore16_precise2) {
3734 char x[8] __attribute__((aligned(4)));
3735 U2 y = 0;
3736 U4 originx1 = __LINE__;
3737 U4 originx2 = __LINE__;
3738 U4 originy = __LINE__;
3739 __msan_poison(x, sizeof(x));
3740 __msan_set_origin(x, 4, originx1);
3741 __msan_set_origin(x + 4, 4, originx2);
3742 __msan_poison(((char *)&y), 1);
3743 __msan_set_origin(&y, sizeof(y), originy);
3744
3745 __sanitizer_unaligned_store16(x + 3, y);
3746 EXPECT_POISONED_O(x[0], originy);
3747 EXPECT_POISONED_O(x[1], originy);
3748 EXPECT_POISONED_O(x[2], originy);
3749 EXPECT_POISONED_O(x[3], originy);
3750 EXPECT_NOT_POISONED(x[4]);
3751 EXPECT_POISONED_O(x[5], originx2);
3752 EXPECT_POISONED_O(x[6], originx2);
3753 EXPECT_POISONED_O(x[7], originx2);
3754 }
3755
3756 TEST(MemorySanitizer, UnalignedStore64_precise) {
3757 char x[12] __attribute__((aligned(8)));
3758 U8 y = 0;
3759 U4 originx1 = __LINE__;
3760 U4 originx2 = __LINE__;
3761 U4 originx3 = __LINE__;
3762 U4 originy = __LINE__;
3763 __msan_poison(x, sizeof(x));
3764 __msan_set_origin(x, 4, originx1);
3765 __msan_set_origin(x + 4, 4, originx2);
3766 __msan_set_origin(x + 8, 4, originx3);
3767 __msan_poison(((char *)&y) + 1, 1);
3768 __msan_poison(((char *)&y) + 7, 1);
3769 __msan_set_origin(&y, sizeof(y), originy);
3770
3771 __sanitizer_unaligned_store64(x + 2, y);
3772 EXPECT_POISONED_O(x[0], originy);
3773 EXPECT_POISONED_O(x[1], originy);
3774 EXPECT_NOT_POISONED(x[2]);
3775 EXPECT_POISONED_O(x[3], originy);
3776
3777 EXPECT_NOT_POISONED(x[4]);
3778 EXPECT_NOT_POISONED(x[5]);
3779 EXPECT_NOT_POISONED(x[6]);
3780 EXPECT_NOT_POISONED(x[7]);
3781
3782 EXPECT_NOT_POISONED(x[8]);
3783 EXPECT_POISONED_O(x[9], originy);
3784 EXPECT_POISONED_O(x[10], originy);
3785 EXPECT_POISONED_O(x[11], originy);
3786 }
3787
3788 TEST(MemorySanitizer, UnalignedStore64_precise2) {
3789 char x[12] __attribute__((aligned(8)));
3790 U8 y = 0;
3791 U4 originx1 = __LINE__;
3792 U4 originx2 = __LINE__;
3793 U4 originx3 = __LINE__;
3794 U4 originy = __LINE__;
3795 __msan_poison(x, sizeof(x));
3796 __msan_set_origin(x, 4, originx1);
3797 __msan_set_origin(x + 4, 4, originx2);
3798 __msan_set_origin(x + 8, 4, originx3);
3799 __msan_poison(((char *)&y) + 3, 3);
3800 __msan_set_origin(&y, sizeof(y), originy);
3801
3802 __sanitizer_unaligned_store64(x + 2, y);
3803 EXPECT_POISONED_O(x[0], originx1);
3804 EXPECT_POISONED_O(x[1], originx1);
3805 EXPECT_NOT_POISONED(x[2]);
3806 EXPECT_NOT_POISONED(x[3]);
3807
3808 EXPECT_NOT_POISONED(x[4]);
3809 EXPECT_POISONED_O(x[5], originy);
3810 EXPECT_POISONED_O(x[6], originy);
3811 EXPECT_POISONED_O(x[7], originy);
3812
3813 EXPECT_NOT_POISONED(x[8]);
3814 EXPECT_NOT_POISONED(x[9]);
3815 EXPECT_POISONED_O(x[10], originx3);
3816 EXPECT_POISONED_O(x[11], originx3);
3817 }
3818
3819 #if (defined(__x86_64__) && defined(__clang__))
3820 namespace {
3821 typedef U1 V16x8 __attribute__((__vector_size__(16)));
3822 typedef U2 V8x16 __attribute__((__vector_size__(16)));
3823 typedef U4 V4x32 __attribute__((__vector_size__(16)));
3824 typedef U8 V2x64 __attribute__((__vector_size__(16)));
3825 typedef U4 V8x32 __attribute__((__vector_size__(32)));
3826 typedef U8 V4x64 __attribute__((__vector_size__(32)));
3827 typedef U4 V2x32 __attribute__((__vector_size__(8)));
3828 typedef U2 V4x16 __attribute__((__vector_size__(8)));
3829 typedef U1 V8x8 __attribute__((__vector_size__(8)));
3830
3831
3832 V8x16 shift_sse2_left_scalar(V8x16 x, U4 y) {
3833 return _mm_slli_epi16(x, y);
3834 }
3835
3836 V8x16 shift_sse2_left(V8x16 x, V8x16 y) {
3837 return _mm_sll_epi16(x, y);
3838 }
3839
3840 TEST(VectorShiftTest, sse2_left_scalar) {
3841 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7};
3842 V8x16 u = shift_sse2_left_scalar(v, 2);
3843 EXPECT_POISONED(u[0]);
3844 EXPECT_POISONED(u[1]);
3845 EXPECT_NOT_POISONED(u[0] | (3U << 2));
3846 EXPECT_NOT_POISONED(u[1] | (7U << 2));
3847 u[0] = u[1] = 0;
3848 EXPECT_NOT_POISONED(u);
3849 }
3850
3851 TEST(VectorShiftTest, sse2_left_scalar_by_uninit) {
3852 V8x16 v = {0, 1, 2, 3, 4, 5, 6, 7};
3853 V8x16 u = shift_sse2_left_scalar(v, Poisoned<U4>());
3854 EXPECT_POISONED(u[0]);
3855 EXPECT_POISONED(u[1]);
3856 EXPECT_POISONED(u[2]);
3857 EXPECT_POISONED(u[3]);
3858 EXPECT_POISONED(u[4]);
3859 EXPECT_POISONED(u[5]);
3860 EXPECT_POISONED(u[6]);
3861 EXPECT_POISONED(u[7]);
3862 }
3863
3864 TEST(VectorShiftTest, sse2_left) {
3865 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7};
3866 // Top 64 bits of shift count don't affect the result.
3867 V2x64 s = {2, Poisoned<U8>()};
3868 V8x16 u = shift_sse2_left(v, s);
3869 EXPECT_POISONED(u[0]);
3870 EXPECT_POISONED(u[1]);
3871 EXPECT_NOT_POISONED(u[0] | (3U << 2));
3872 EXPECT_NOT_POISONED(u[1] | (7U << 2));
3873 u[0] = u[1] = 0;
3874 EXPECT_NOT_POISONED(u);
3875 }
3876
3877 TEST(VectorShiftTest, sse2_left_by_uninit) {
3878 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7};
3879 V2x64 s = {Poisoned<U8>(), Poisoned<U8>()};
3880 V8x16 u = shift_sse2_left(v, s);
3881 EXPECT_POISONED(u[0]);
3882 EXPECT_POISONED(u[1]);
3883 EXPECT_POISONED(u[2]);
3884 EXPECT_POISONED(u[3]);
3885 EXPECT_POISONED(u[4]);
3886 EXPECT_POISONED(u[5]);
3887 EXPECT_POISONED(u[6]);
3888 EXPECT_POISONED(u[7]);
3889 }
3890
3891 #ifdef __AVX2__
3892 V4x32 shift_avx2_left(V4x32 x, V4x32 y) {
3893 return _mm_sllv_epi32(x, y);
3894 }
3895 // This is variable vector shift that's only available starting with AVX2.
3896 // V4x32 shift_avx2_left(V4x32 x, V4x32 y) {
3897 TEST(VectorShiftTest, avx2_left) {
3898 V4x32 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3};
3899 V4x32 s = {2, Poisoned<U4>(), 3, Poisoned<U4>()};
3900 V4x32 u = shift_avx2_left(v, s);
3901 EXPECT_POISONED(u[0]);
3902 EXPECT_NOT_POISONED(u[0] | (~7U));
3903 EXPECT_POISONED(u[1]);
3904 EXPECT_POISONED(u[1] | (~31U));
3905 EXPECT_NOT_POISONED(u[2]);
3906 EXPECT_POISONED(u[3]);
3907 EXPECT_POISONED(u[3] | (~31U));
3908 }
3909 #endif // __AVX2__
3910 } // namespace
3911
3912 TEST(VectorPackTest, sse2_packssdw_128) {
3913 const unsigned S2_max = (1 << 15) - 1;
3914 V4x32 a = {Poisoned<U4>(0, 0xFF0000), Poisoned<U4>(0, 0xFFFF0000),
3915 S2_max + 100, 4};
3916 V4x32 b = {Poisoned<U4>(0, 0xFF), S2_max + 10000, Poisoned<U4>(0, 0xFF00),
3917 S2_max};
3918
3919 V8x16 c = _mm_packs_epi32(a, b);
3920
3921 EXPECT_POISONED(c[0]);
3922 EXPECT_POISONED(c[1]);
3923 EXPECT_NOT_POISONED(c[2]);
3924 EXPECT_NOT_POISONED(c[3]);
3925 EXPECT_POISONED(c[4]);
3926 EXPECT_NOT_POISONED(c[5]);
3927 EXPECT_POISONED(c[6]);
3928 EXPECT_NOT_POISONED(c[7]);
3929
3930 EXPECT_EQ(c[2], S2_max);
3931 EXPECT_EQ(c[3], 4);
3932 EXPECT_EQ(c[5], S2_max);
3933 EXPECT_EQ(c[7], S2_max);
3934 }
3935
3936 TEST(VectorPackTest, mmx_packuswb) {
3937 const unsigned U1_max = (1 << 8) - 1;
3938 V4x16 a = {Poisoned<U2>(0, 0xFF00), Poisoned<U2>(0, 0xF000U), U1_max + 100,
3939 4};
3940 V4x16 b = {Poisoned<U2>(0, 0xFF), U1_max - 1, Poisoned<U2>(0, 0xF), U1_max};
3941 V8x8 c = _mm_packs_pu16(a, b);
3942
3943 EXPECT_POISONED(c[0]);
3944 EXPECT_POISONED(c[1]);
3945 EXPECT_NOT_POISONED(c[2]);
3946 EXPECT_NOT_POISONED(c[3]);
3947 EXPECT_POISONED(c[4]);
3948 EXPECT_NOT_POISONED(c[5]);
3949 EXPECT_POISONED(c[6]);
3950 EXPECT_NOT_POISONED(c[7]);
3951
3952 EXPECT_EQ(c[2], U1_max);
3953 EXPECT_EQ(c[3], 4);
3954 EXPECT_EQ(c[5], U1_max - 1);
3955 EXPECT_EQ(c[7], U1_max);
3956 }
3957
3958 TEST(VectorSadTest, sse2_psad_bw) {
3959 V16x8 a = {Poisoned<U1>(), 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
3960 V16x8 b = {100, 101, 102, 103, 104, 105, 106, 107,
3961 108, 109, 110, 111, 112, 113, 114, 115};
3962 V2x64 c = _mm_sad_epu8(a, b);
3963
3964 EXPECT_POISONED(c[0]);
3965 EXPECT_NOT_POISONED(c[1]);
3966
3967 EXPECT_EQ(800U, c[1]);
3968 }
3969
3970 TEST(VectorMaddTest, mmx_pmadd_wd) {
3971 V4x16 a = {Poisoned<U2>(), 1, 2, 3};
3972 V4x16 b = {100, 101, 102, 103};
3973 V2x32 c = _mm_madd_pi16(a, b);
3974
3975 EXPECT_POISONED(c[0]);
3976 EXPECT_NOT_POISONED(c[1]);
3977
3978 EXPECT_EQ((unsigned)(2 * 102 + 3 * 103), c[1]);
3979 }
3980
3981 TEST(VectorCmpTest, mm_cmpneq_ps) {
3982 V4x32 c;
3983 c = _mm_cmpneq_ps(V4x32{Poisoned<U4>(), 1, 2, 3}, V4x32{4, 5, Poisoned<U4>(), 6});
3984 EXPECT_POISONED(c[0]);
3985 EXPECT_NOT_POISONED(c[1]);
3986 EXPECT_POISONED(c[2]);
3987 EXPECT_NOT_POISONED(c[3]);
3988
3989 c = _mm_cmpneq_ps(V4x32{0, 1, 2, 3}, V4x32{4, 5, 6, 7});
3990 EXPECT_NOT_POISONED(c);
3991 }
3992
3993 TEST(VectorCmpTest, mm_cmpneq_sd) {
3994 V2x64 c;
3995 c = _mm_cmpneq_sd(V2x64{Poisoned<U8>(), 1}, V2x64{2, 3});
3996 EXPECT_POISONED(c[0]);
3997 c = _mm_cmpneq_sd(V2x64{1, 2}, V2x64{Poisoned<U8>(), 3});
3998 EXPECT_POISONED(c[0]);
3999 c = _mm_cmpneq_sd(V2x64{1, 2}, V2x64{3, 4});
4000 EXPECT_NOT_POISONED(c[0]);
4001 c = _mm_cmpneq_sd(V2x64{1, Poisoned<U8>()}, V2x64{2, Poisoned<U8>()});
4002 EXPECT_NOT_POISONED(c[0]);
4003 c = _mm_cmpneq_sd(V2x64{1, Poisoned<U8>()}, V2x64{1, Poisoned<U8>()});
4004 EXPECT_NOT_POISONED(c[0]);
4005 }
4006
4007 TEST(VectorCmpTest, builtin_ia32_ucomisdlt) {
4008 U4 c;
4009 c = __builtin_ia32_ucomisdlt(V2x64{Poisoned<U8>(), 1}, V2x64{2, 3});
4010 EXPECT_POISONED(c);
4011 c = __builtin_ia32_ucomisdlt(V2x64{1, 2}, V2x64{Poisoned<U8>(), 3});
4012 EXPECT_POISONED(c);
4013 c = __builtin_ia32_ucomisdlt(V2x64{1, 2}, V2x64{3, 4});
4014 EXPECT_NOT_POISONED(c);
4015 c = __builtin_ia32_ucomisdlt(V2x64{1, Poisoned<U8>()}, V2x64{2, Poisoned<U8>()});
4016 EXPECT_NOT_POISONED(c);
4017 c = __builtin_ia32_ucomisdlt(V2x64{1, Poisoned<U8>()}, V2x64{1, Poisoned<U8>()});
4018 EXPECT_NOT_POISONED(c);
4019 }
4020
4021 #endif // defined(__x86_64__) && defined(__clang__)
4022
4023 TEST(MemorySanitizerOrigins, SetGet) {
4024 EXPECT_EQ(TrackingOrigins(), !!__msan_get_track_origins());
4025 if (!TrackingOrigins()) return;
4026 int x;
4027 __msan_set_origin(&x, sizeof(x), 1234);
4028 EXPECT_ORIGIN(1234U, __msan_get_origin(&x));
4029 __msan_set_origin(&x, sizeof(x), 5678);
4030 EXPECT_ORIGIN(5678U, __msan_get_origin(&x));
4031 __msan_set_origin(&x, sizeof(x), 0);
4032 EXPECT_ORIGIN(0U, __msan_get_origin(&x));
4033 }
4034
4035 namespace {
4036 struct S {
4037 U4 dummy;
4038 U2 a;
4039 U2 b;
4040 };
4041
4042 TEST(MemorySanitizerOrigins, InitializedStoreDoesNotChangeOrigin) {
4043 if (!TrackingOrigins()) return;
4044
4045 S s;
4046 U4 origin = rand(); // NOLINT
4047 s.a = *GetPoisonedO<U2>(0, origin);
4048 EXPECT_ORIGIN(origin, __msan_get_origin(&s.a));
4049 EXPECT_ORIGIN(origin, __msan_get_origin(&s.b));
4050
4051 s.b = 42;
4052 EXPECT_ORIGIN(origin, __msan_get_origin(&s.a));
4053 EXPECT_ORIGIN(origin, __msan_get_origin(&s.b));
4054 }
4055 } // namespace
4056
4057 template<class T, class BinaryOp>
4058 INLINE
4059 void BinaryOpOriginTest(BinaryOp op) {
4060 U4 ox = rand(); //NOLINT
4061 U4 oy = rand(); //NOLINT
4062 T *x = GetPoisonedO<T>(0, ox, 0);
4063 T *y = GetPoisonedO<T>(1, oy, 0);
4064 T *z = GetPoisonedO<T>(2, 0, 0);
4065
4066 *z = op(*x, *y);
4067 U4 origin = __msan_get_origin(z);
4068 EXPECT_POISONED_O(*z, origin);
4069 EXPECT_EQ(true, __msan_origin_is_descendant_or_same(origin, ox) ||
4070 __msan_origin_is_descendant_or_same(origin, oy));
4071
4072 // y is poisoned, x is not.
4073 *x = 10101;
4074 *y = *GetPoisonedO<T>(1, oy);
4075 break_optimization(x);
4076 __msan_set_origin(z, sizeof(*z), 0);
4077 *z = op(*x, *y);
4078 EXPECT_POISONED_O(*z, oy);
4079 EXPECT_ORIGIN(oy, __msan_get_origin(z));
4080
4081 // x is poisoned, y is not.
4082 *x = *GetPoisonedO<T>(0, ox);
4083 *y = 10101010;
4084 break_optimization(y);
4085 __msan_set_origin(z, sizeof(*z), 0);
4086 *z = op(*x, *y);
4087 EXPECT_POISONED_O(*z, ox);
4088 EXPECT_ORIGIN(ox, __msan_get_origin(z));
4089 }
4090
4091 template<class T> INLINE T XOR(const T &a, const T&b) { return a ^ b; }
4092 template<class T> INLINE T ADD(const T &a, const T&b) { return a + b; }
4093 template<class T> INLINE T SUB(const T &a, const T&b) { return a - b; }
4094 template<class T> INLINE T MUL(const T &a, const T&b) { return a * b; }
4095 template<class T> INLINE T AND(const T &a, const T&b) { return a & b; }
4096 template<class T> INLINE T OR (const T &a, const T&b) { return a | b; }
4097
4098 TEST(MemorySanitizerOrigins, BinaryOp) {
4099 if (!TrackingOrigins()) return;
4100 BinaryOpOriginTest<S8>(XOR<S8>);
4101 BinaryOpOriginTest<U8>(ADD<U8>);
4102 BinaryOpOriginTest<S4>(SUB<S4>);
4103 BinaryOpOriginTest<S4>(MUL<S4>);
4104 BinaryOpOriginTest<U4>(OR<U4>);
4105 BinaryOpOriginTest<U4>(AND<U4>);
4106 BinaryOpOriginTest<double>(ADD<U4>);
4107 BinaryOpOriginTest<float>(ADD<S4>);
4108 BinaryOpOriginTest<double>(ADD<double>);
4109 BinaryOpOriginTest<float>(ADD<double>);
4110 }
4111
4112 TEST(MemorySanitizerOrigins, Unary) {
4113 if (!TrackingOrigins()) return;
4114 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
4115 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
4116 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
4117 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__);
4118
4119 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4120 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4121 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4122 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4123
4124 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
4125 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
4126 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
4127 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__);
4128
4129 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4130 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4131 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4132 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4133
4134 EXPECT_POISONED_O((void*)*GetPoisonedO<S8>(0, __LINE__), __LINE__);
4135 EXPECT_POISONED_O((U8)*GetPoisonedO<void*>(0, __LINE__), __LINE__);
4136 }
4137
4138 TEST(MemorySanitizerOrigins, EQ) {
4139 if (!TrackingOrigins()) return;
4140 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) <= 11, __LINE__);
4141 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) == 11, __LINE__);
4142 EXPECT_POISONED_O(*GetPoisonedO<float>(0, __LINE__) == 1.1, __LINE__);
4143 }
4144
4145 TEST(MemorySanitizerOrigins, DIV) {
4146 if (!TrackingOrigins()) return;
4147 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) / 100, __LINE__);
4148 unsigned o = __LINE__;
4149 EXPECT_UMR_O(volatile unsigned y = 100 / *GetPoisonedO<S4>(0, o, 1), o);
4150 }
4151
4152 TEST(MemorySanitizerOrigins, SHIFT) {
4153 if (!TrackingOrigins()) return;
4154 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) >> 10, __LINE__);
4155 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) >> 10, __LINE__);
4156 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) << 10, __LINE__);
4157 EXPECT_POISONED_O(10U << *GetPoisonedO<U8>(0, __LINE__), __LINE__);
4158 EXPECT_POISONED_O(-10 >> *GetPoisonedO<S8>(0, __LINE__), __LINE__);
4159 EXPECT_POISONED_O(-10 << *GetPoisonedO<S8>(0, __LINE__), __LINE__);
4160 }
4161
4162 template<class T, int N>
4163 void MemCpyTest() {
4164 int ox = __LINE__;
4165 T *x = new T[N];
4166 T *y = new T[N];
4167 T *z = new T[N];
4168 T *q = new T[N];
4169 __msan_poison(x, N * sizeof(T));
4170 __msan_set_origin(x, N * sizeof(T), ox);
4171 __msan_set_origin(y, N * sizeof(T), 777777);
4172 __msan_set_origin(z, N * sizeof(T), 888888);
4173 EXPECT_NOT_POISONED(x);
4174 memcpy(y, x, N * sizeof(T));
4175 EXPECT_POISONED_O(y[0], ox);
4176 EXPECT_POISONED_O(y[N/2], ox);
4177 EXPECT_POISONED_O(y[N-1], ox);
4178 EXPECT_NOT_POISONED(x);
4179 void *res = mempcpy(q, x, N * sizeof(T));
4180 ASSERT_EQ(q + N, res);
4181 EXPECT_POISONED_O(q[0], ox);
4182 EXPECT_POISONED_O(q[N/2], ox);
4183 EXPECT_POISONED_O(q[N-1], ox);
4184 EXPECT_NOT_POISONED(x);
4185 memmove(z, x, N * sizeof(T));
4186 EXPECT_POISONED_O(z[0], ox);
4187 EXPECT_POISONED_O(z[N/2], ox);
4188 EXPECT_POISONED_O(z[N-1], ox);
4189 }
4190
4191 TEST(MemorySanitizerOrigins, LargeMemCpy) {
4192 if (!TrackingOrigins()) return;
4193 MemCpyTest<U1, 10000>();
4194 MemCpyTest<U8, 10000>();
4195 }
4196
4197 TEST(MemorySanitizerOrigins, SmallMemCpy) {
4198 if (!TrackingOrigins()) return;
4199 MemCpyTest<U8, 1>();
4200 MemCpyTest<U8, 2>();
4201 MemCpyTest<U8, 3>();
4202 }
4203
4204 TEST(MemorySanitizerOrigins, Select) {
4205 if (!TrackingOrigins()) return;
4206 EXPECT_NOT_POISONED(g_one ? 1 : *GetPoisonedO<S4>(0, __LINE__));
4207 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__);
4208 S4 x;
4209 break_optimization(&x);
4210 x = g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 0;
4211
4212 EXPECT_POISONED_O(g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 1, __LINE__);
4213 EXPECT_POISONED_O(g_0 ? 1 : *GetPoisonedO<S4>(0, __LINE__), __LINE__);
4214 }
4215
4216 NOINLINE int RetvalOriginTest(U4 origin) {
4217 int *a = new int;
4218 break_optimization(a);
4219 __msan_set_origin(a, sizeof(*a), origin);
4220 int res = *a;
4221 delete a;
4222 return res;
4223 }
4224
4225 TEST(MemorySanitizerOrigins, Retval) {
4226 if (!TrackingOrigins()) return;
4227 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__);
4228 }
4229
4230 NOINLINE void ParamOriginTest(int param, U4 origin) {
4231 EXPECT_POISONED_O(param, origin);
4232 }
4233
4234 TEST(MemorySanitizerOrigins, Param) {
4235 if (!TrackingOrigins()) return;
4236 int *a = new int;
4237 U4 origin = __LINE__;
4238 break_optimization(a);
4239 __msan_set_origin(a, sizeof(*a), origin);
4240 ParamOriginTest(*a, origin);
4241 delete a;
4242 }
4243
4244 TEST(MemorySanitizerOrigins, Invoke) {
4245 if (!TrackingOrigins()) return;
4246 StructWithDtor s; // Will cause the calls to become invokes.
4247 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__);
4248 }
4249
4250 TEST(MemorySanitizerOrigins, strlen) {
4251 S8 alignment;
4252 break_optimization(&alignment);
4253 char x[4] = {'a', 'b', 0, 0};
4254 __msan_poison(&x[2], 1);
4255 U4 origin = __LINE__;
4256 __msan_set_origin(x, sizeof(x), origin);
4257 EXPECT_UMR_O(volatile unsigned y = strlen(x), origin);
4258 }
4259
4260 TEST(MemorySanitizerOrigins, wcslen) {
4261 wchar_t w[3] = {'a', 'b', 0};
4262 U4 origin = __LINE__;
4263 __msan_set_origin(w, sizeof(w), origin);
4264 __msan_poison(&w[2], sizeof(wchar_t));
4265 EXPECT_UMR_O(volatile unsigned y = wcslen(w), origin);
4266 }
4267
4268 #if MSAN_HAS_M128
4269 TEST(MemorySanitizerOrigins, StoreIntrinsic) {
4270 __m128 x, y;
4271 U4 origin = __LINE__;
4272 __msan_set_origin(&x, sizeof(x), origin);
4273 __msan_poison(&x, sizeof(x));
4274 _mm_storeu_ps((float*)&y, x);
4275 EXPECT_POISONED_O(y, origin);
4276 }
4277 #endif
4278
4279 NOINLINE void RecursiveMalloc(int depth) {
4280 static int count;
4281 count++;
4282 if ((count % (1024 * 1024)) == 0)
4283 printf("RecursiveMalloc: %d\n", count);
4284 int *x1 = new int;
4285 int *x2 = new int;
4286 break_optimization(x1);
4287 break_optimization(x2);
4288 if (depth > 0) {
4289 RecursiveMalloc(depth-1);
4290 RecursiveMalloc(depth-1);
4291 }
4292 delete x1;
4293 delete x2;
4294 }
4295
4296 TEST(MemorySanitizer, Select) {
4297 int x;
4298 int volatile* p = &x;
4299 int z = *p ? 1 : 0;
4300 EXPECT_POISONED(z);
4301 }
4302
4303 TEST(MemorySanitizer, SelectPartial) {
4304 // Precise instrumentation of select.
4305 // Some bits of the result do not depend on select condition, and must stay
4306 // initialized even if select condition is not. These are the bits that are
4307 // equal and initialized in both left and right select arguments.
4308 U4 x = 0xFFFFABCDU;
4309 U4 x_s = 0xFFFF0000U;
4310 __msan_partial_poison(&x, &x_s, sizeof(x));
4311 U4 y = 0xAB00U;
4312 U1 cond = true;
4313 __msan_poison(&cond, sizeof(cond));
4314 U4 z = cond ? x : y;
4315 __msan_print_shadow(&z, sizeof(z));
4316 EXPECT_POISONED(z & 0xFFU);
4317 EXPECT_NOT_POISONED(z & 0xFF00U);
4318 EXPECT_POISONED(z & 0xFF0000U);
4319 EXPECT_POISONED(z & 0xFF000000U);
4320 EXPECT_EQ(0xAB00U, z & 0xFF00U);
4321 }
4322
4323 TEST(MemorySanitizerStress, DISABLED_MallocStackTrace) {
4324 RecursiveMalloc(22);
4325 }
4326
4327 TEST(MemorySanitizerAllocator, get_estimated_allocated_size) {
4328 size_t sizes[] = {0, 20, 5000, 1<<20};
4329 for (size_t i = 0; i < sizeof(sizes) / sizeof(*sizes); ++i) {
4330 size_t alloc_size = __sanitizer_get_estimated_allocated_size(sizes[i]);
4331 EXPECT_EQ(alloc_size, sizes[i]);
4332 }
4333 }
4334
4335 TEST(MemorySanitizerAllocator, get_allocated_size_and_ownership) {
4336 char *array = reinterpret_cast<char*>(malloc(100));
4337 int *int_ptr = new int;
4338
4339 EXPECT_TRUE(__sanitizer_get_ownership(array));
4340 EXPECT_EQ(100U, __sanitizer_get_allocated_size(array));
4341
4342 EXPECT_TRUE(__sanitizer_get_ownership(int_ptr));
4343 EXPECT_EQ(sizeof(*int_ptr), __sanitizer_get_allocated_size(int_ptr));
4344
4345 void *wild_addr = reinterpret_cast<void*>(0x1);
4346 EXPECT_FALSE(__sanitizer_get_ownership(wild_addr));
4347 EXPECT_EQ(0U, __sanitizer_get_allocated_size(wild_addr));
4348
4349 EXPECT_FALSE(__sanitizer_get_ownership(array + 50));
4350 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array + 50));
4351
4352 // NULL is a valid argument for GetAllocatedSize but is not owned.
4353 EXPECT_FALSE(__sanitizer_get_ownership(NULL));
4354 EXPECT_EQ(0U, __sanitizer_get_allocated_size(NULL));
4355
4356 free(array);
4357 EXPECT_FALSE(__sanitizer_get_ownership(array));
4358 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array));
4359
4360 delete int_ptr;
4361 }
4362
4363 TEST(MemorySanitizer, MlockTest) {
4364 EXPECT_EQ(0, mlockall(MCL_CURRENT));
4365 EXPECT_EQ(0, mlock((void*)0x12345, 0x5678));
4366 EXPECT_EQ(0, munlockall());
4367 EXPECT_EQ(0, munlock((void*)0x987, 0x654));
4368 }
4369
4370 // Test that LargeAllocator unpoisons memory before releasing it to the OS.
4371 TEST(MemorySanitizer, LargeAllocatorUnpoisonsOnFree) {
4372 void *p = malloc(1024 * 1024);
4373 free(p);
4374
4375 typedef void *(*mmap_fn)(void *, size_t, int, int, int, off_t);
4376 mmap_fn real_mmap = (mmap_fn)dlsym(RTLD_NEXT, "mmap");
4377
4378 // Allocate the page that was released to the OS in free() with the real mmap,
4379 // bypassing the interceptor.
4380 char *q = (char *)real_mmap(p, 4096, PROT_READ | PROT_WRITE,
4381 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
4382 ASSERT_NE((char *)0, q);
4383
4384 ASSERT_TRUE(q <= p);
4385 ASSERT_TRUE(q + 4096 > p);
4386
4387 EXPECT_NOT_POISONED(q[0]);
4388 EXPECT_NOT_POISONED(q[10]);
4389 EXPECT_NOT_POISONED(q[100]);
4390
4391 munmap(q, 4096);
4392 }
4393
4394 #if SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE
4395 TEST(MemorySanitizer, MallocUsableSizeTest) {
4396 const size_t kArraySize = 100;
4397 char *array = Ident((char*)malloc(kArraySize));
4398 int *int_ptr = Ident(new int);
4399 EXPECT_EQ(0U, malloc_usable_size(NULL));
4400 EXPECT_EQ(kArraySize, malloc_usable_size(array));
4401 EXPECT_EQ(sizeof(int), malloc_usable_size(int_ptr));
4402 free(array);
4403 delete int_ptr;
4404 }
4405 #endif // SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE
backport for Debian buster