lib/msan/msan_report.cc

   1 //===-- msan_report.cc ----------------------------------------------------===//
   2 //
   3 //                     The LLVM Compiler Infrastructure
   4 //
   5 // This file is distributed under the University of Illinois Open Source
   6 // License. See LICENSE.TXT for details.
   7 //
   8 //===----------------------------------------------------------------------===//
   9 //
  10 // This file is a part of MemorySanitizer.
  11 //
  12 // Error reporting.
  13 //===----------------------------------------------------------------------===//
  14
  15 #include "msan.h"
  16 #include "msan_chained_origin_depot.h"
  17 #include "msan_origin.h"
  18 #include "sanitizer_common/sanitizer_allocator_internal.h"
  19 #include "sanitizer_common/sanitizer_common.h"
  20 #include "sanitizer_common/sanitizer_flags.h"
  21 #include "sanitizer_common/sanitizer_mutex.h"
  22 #include "sanitizer_common/sanitizer_report_decorator.h"
  23 #include "sanitizer_common/sanitizer_stackdepot.h"
  24 #include "sanitizer_common/sanitizer_symbolizer.h"
  25
  26 using namespace __sanitizer;
  27
  28 namespace __msan {
  29
  30 class Decorator: private __sanitizer::AnsiColorDecorator {
  31  public:
  32   Decorator() : __sanitizer::AnsiColorDecorator(PrintsToTtyCached()) { }
  33   const char *Warning()    { return Red(); }
  34   const char *Origin()     { return Magenta(); }
  35   const char *Name()   { return Green(); }
  36   const char *End()    { return Default(); }
  37 };
  38
  39 static void DescribeStackOrigin(const char *so, uptr pc) {
  40   Decorator d;
  41   char *s = internal_strdup(so);
  42   char *sep = internal_strchr(s, '@');
  43   CHECK(sep);
  44   *sep = '\0';
  45   Printf("%s", d.Origin());
  46   Printf(
  47       "  %sUninitialized value was created by an allocation of '%s%s%s'"
  48       " in the stack frame of function '%s%s%s'%s\n",
  49       d.Origin(), d.Name(), s, d.Origin(), d.Name(),
  50       Symbolizer::Get()->Demangle(sep + 1), d.Origin(), d.End());
  51   InternalFree(s);
  52
  53   if (pc) {
  54     // For some reason function address in LLVM IR is 1 less then the address
  55     // of the first instruction.
  56     pc += 1;
  57     StackTrace::PrintStack(&pc, 1);
  58   }
  59 }
  60
  61 static void DescribeOrigin(u32 id) {
  62   VPrintf(1, "  raw origin id: %d\n", id);
  63   Decorator d;
  64   while (true) {
  65     Origin o(id);
  66     u32 prev_id;
  67     u32 stack_id = ChainedOriginDepotGet(o.id(), &prev_id);
  68     Origin prev_o(prev_id);
  69
  70     if (prev_o.isStackRoot()) {
  71       uptr pc;
  72       const char *so = GetStackOriginDescr(stack_id, &pc);
  73       DescribeStackOrigin(so, pc);
  74       break;
  75     } else if (prev_o.isHeapRoot()) {
  76       uptr size = 0;
  77       const uptr *trace = StackDepotGet(stack_id, &size);
  78       Printf("  %sUninitialized value was created by a heap allocation%s\n",
  79              d.Origin(), d.End());
  80       StackTrace::PrintStack(trace, size);
  81       break;
  82     } else {
  83       // chained origin
  84       uptr size = 0;
  85       const uptr *trace = StackDepotGet(stack_id, &size);
  86       // FIXME: copied? modified? passed through? observed?
  87       Printf("  %sUninitialized value was stored to memory at%s\n", d.Origin(),
  88              d.End());
  89       StackTrace::PrintStack(trace, size - 1);
  90       id = prev_id;
  91     }
  92   }
  93 }
  94
  95 void ReportUMR(StackTrace *stack, u32 origin) {
  96   if (!__msan::flags()->report_umrs) return;
  97
  98   SpinMutexLock l(&CommonSanitizerReportMutex);
  99
 100   Decorator d;
 101   Printf("%s", d.Warning());
 102   Report(" WARNING: MemorySanitizer: use-of-uninitialized-value\n");
 103   Printf("%s", d.End());
 104   stack->Print();
 105   if (origin) {
 106     DescribeOrigin(origin);
 107   }
 108   ReportErrorSummary("use-of-uninitialized-value", stack);
 109 }
 110
 111 void ReportExpectedUMRNotFound(StackTrace *stack) {
 112   SpinMutexLock l(&CommonSanitizerReportMutex);
 113
 114   Printf(" WARNING: Expected use of uninitialized value not found\n");
 115   stack->Print();
 116 }
 117
 118 void ReportStats() {
 119   SpinMutexLock l(&CommonSanitizerReportMutex);
 120
 121   if (__msan_get_track_origins() > 0) {
 122     StackDepotStats *stack_depot_stats = StackDepotGetStats();
 123     // FIXME: we want this at normal exit, too!
 124     // FIXME: but only with verbosity=1 or something
 125     Printf("Unique heap origins: %zu\n", stack_depot_stats->n_uniq_ids);
 126     Printf("Stack depot allocated bytes: %zu\n", stack_depot_stats->allocated);
 127
 128     StackDepotStats *chained_origin_depot_stats = ChainedOriginDepotGetStats();
 129     Printf("Unique origin histories: %zu\n",
 130            chained_origin_depot_stats->n_uniq_ids);
 131     Printf("History depot allocated bytes: %zu\n",
 132            chained_origin_depot_stats->allocated);
 133   }
 134 }
 135
 136 void ReportAtExitStatistics() {
 137   SpinMutexLock l(&CommonSanitizerReportMutex);
 138
 139   if (msan_report_count > 0) {
 140     Decorator d;
 141     Printf("%s", d.Warning());
 142     Printf("MemorySanitizer: %d warnings reported.\n", msan_report_count);
 143     Printf("%s", d.End());
 144   }
 145 }
 146
 147 class OriginSet {
 148  public:
 149   OriginSet() : next_id_(0) {}
 150   int insert(u32 o) {
 151     // Scan from the end for better locality.
 152     for (int i = next_id_ - 1; i >= 0; --i)
 153       if (origins_[i] == o) return i;
 154     if (next_id_ == kMaxSize_) return OVERFLOW;
 155     int id = next_id_++;
 156     origins_[id] = o;
 157     return id;
 158   }
 159   int size() { return next_id_; }
 160   u32 get(int id) { return origins_[id]; }
 161   static char asChar(int id) {
 162     switch (id) {
 163       case MISSING:
 164         return '.';
 165       case OVERFLOW:
 166         return '*';
 167       default:
 168         return 'A' + id;
 169     }
 170   }
 171   static const int OVERFLOW = -1;
 172   static const int MISSING = -2;
 173
 174  private:
 175   static const int kMaxSize_ = 'Z' - 'A' + 1;
 176   u32 origins_[kMaxSize_];
 177   int next_id_;
 178 };
 179
 180 void DescribeMemoryRange(const void *x, uptr size) {
 181   // Real limits.
 182   uptr start = MEM_TO_SHADOW(x);
 183   uptr end = start + size;
 184   // Scan limits: align start down to 4; align size up to 16.
 185   uptr s = start & ~3UL;
 186   size = end - s;
 187   size = (size + 15) & ~15UL;
 188   uptr e = s + size;
 189
 190   // Single letter names to origin id mapping.
 191   OriginSet origin_set;
 192
 193   uptr pos = 0;  // Offset from aligned start.
 194   bool with_origins = __msan_get_track_origins();
 195   // True if there is at least 1 poisoned bit in the last 4-byte group.
 196   bool last_quad_poisoned;
 197   int origin_ids[4];  // Single letter origin ids for the current line.
 198
 199   Decorator d;
 200   Printf("%s", d.Warning());
 201   Printf("Shadow map of [%p, %p), %zu bytes:\n", start, end, end - start);
 202   Printf("%s", d.End());
 203   while (s < e) {
 204     // Line start.
 205     if (pos % 16 == 0) {
 206       for (int i = 0; i < 4; ++i) origin_ids[i] = -1;
 207       Printf("%p:", s);
 208     }
 209     // Group start.
 210     if (pos % 4 == 0) {
 211       Printf(" ");
 212       last_quad_poisoned = false;
 213     }
 214     // Print shadow byte.
 215     if (s < start || s >= end) {
 216       Printf("..");
 217     } else {
 218       unsigned char v = *(unsigned char *)s;
 219       if (v) last_quad_poisoned = true;
 220       Printf("%02x", v);
 221     }
 222     // Group end.
 223     if (pos % 4 == 3 && with_origins) {
 224       int id = OriginSet::MISSING;
 225       if (last_quad_poisoned) {
 226         u32 o = *(u32 *)SHADOW_TO_ORIGIN(s - 3);
 227         id = origin_set.insert(o);
 228       }
 229       origin_ids[(pos % 16) / 4] = id;
 230     }
 231     // Line end.
 232     if (pos % 16 == 15) {
 233       if (with_origins) {
 234         Printf("  |");
 235         for (int i = 0; i < 4; ++i) {
 236           char c = OriginSet::asChar(origin_ids[i]);
 237           Printf("%c", c);
 238           if (i != 3) Printf(" ");
 239         }
 240         Printf("|");
 241       }
 242       Printf("\n");
 243     }
 244     size--;
 245     s++;
 246     pos++;
 247   }
 248
 249   Printf("\n");
 250
 251   for (int i = 0; i < origin_set.size(); ++i) {
 252     u32 o = origin_set.get(i);
 253     Printf("Origin %c (origin_id %x):\n", OriginSet::asChar(i), o);
 254     DescribeOrigin(o);
 255   }
 256 }
 257
 258 void ReportUMRInsideAddressRange(const char *what, const void *start, uptr size,
 259                                  uptr offset) {
 260   Decorator d;
 261   Printf("%s", d.Warning());
 262   Printf("%sUninitialized bytes in %s%s%s at offset %zu inside [%p, %zu)%s\n",
 263          d.Warning(), d.Name(), what, d.Warning(), offset, start, size,
 264          d.End());
 265   if (__sanitizer::common_flags()->verbosity > 0)
 266     DescribeMemoryRange(start, size);
 267 }
 268
 269 }  // namespace __msan