Skip to content

Commit 69bf311

Browse files
thurstondthurstond
committed
Use ALLOC tag instead of ALLOC_PADDING when track_origins() == 1
1 parent 7b98f59 commit 69bf311

File tree

2 files changed

+58
-14
lines changed

2 files changed

+58
-14
lines changed

compiler-rt/lib/msan/msan_allocator.cpp

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -222,16 +222,22 @@ static void *MsanAllocate(BufferedStackTrace *stack, uptr size, uptr alignment,
222222
reinterpret_cast<void*>(reinterpret_cast<uptr>(allocated) + size);
223223
uptr padding_size = actually_allocated_size - size;
224224

225-
// Origins have 4-byte granularity. Set the TAG_ALLOC_PADDING origin first,
226-
// so the TAG_ALLOC origin will take precedence if necessary e.g.,
227-
// - if we have malloc(7) that actually takes up 16 bytes:
228-
// bytes 0-7: uninitialized, origin TAG_ALLOC
229-
// bytes 8-15: uninitialized, origin TAG_ALLOC_PADDING
230-
// - with calloc(7,1):
225+
// - With calloc(7,1), we can set the ideal tagging:
231226
// bytes 0-6: initialized, origin not set (and irrelevant)
232-
// byte 7: uninitialized, origin TAG_ALLOC_PADDING (unlike malloc)
227+
// byte 7: uninitialized, origin TAG_ALLOC_PADDING
228+
// bytes 8-15: uninitialized, origin TAG_ALLOC_PADDING
229+
// - If we have malloc(7) and __msan_get_track_origins() > 1, the 4-byte
230+
// origin granularity only allows the slightly suboptimal tagging:
231+
// bytes 0-6: uninitialized, origin TAG_ALLOC
232+
// byte 7: uninitialized, origin TAG_ALLOC (suboptimal)
233233
// bytes 8-15: uninitialized, origin TAG_ALLOC_PADDING
234-
if (__msan_get_track_origins() && flags()->poison_in_malloc) {
234+
// - If we have malloc(7) and __msan_get_track_origins() == 1, we use a
235+
// single origin bean to reduce overhead:
236+
// bytes 0-6: uninitialized, origin TAG_ALLOC
237+
// byte 7: uninitialized, origin TAG_ALLOC (suboptimal)
238+
// bytes 8-15: uninitialized, origin TAG_ALLOC (suboptimal)
239+
if (__msan_get_track_origins() && flags()->poison_in_malloc &&
240+
(zero || (__msan_get_track_origins() > 1))) {
235241
stack->tag = STACK_TRACE_TAG_ALLOC_PADDING;
236242
Origin o2 = Origin::CreateHeapOrigin(stack);
237243
__msan_set_origin(padding_start, padding_size, o2.raw_id());
@@ -251,7 +257,10 @@ static void *MsanAllocate(BufferedStackTrace *stack, uptr size, uptr alignment,
251257
if (__msan_get_track_origins()) {
252258
stack->tag = StackTrace::TAG_ALLOC;
253259
Origin o = Origin::CreateHeapOrigin(stack);
254-
__msan_set_origin(allocated, size, o.raw_id());
260+
__msan_set_origin(
261+
allocated,
262+
__msan_get_track_origins() == 1 ? actually_allocated_size : size,
263+
o.raw_id());
255264
}
256265
}
257266

compiler-rt/test/msan/allocator_padding.cpp

Lines changed: 40 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,70 @@
1-
// malloc: all bytes are uninitialized
1+
// *** malloc: all bytes are uninitialized
2+
// * malloc byte 0
3+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 %s -o %t && not %run %t 0 2>&1 \
4+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
25
// RUN: %clang_msan -fsanitize-memory-track-origins=2 %s -o %t && not %run %t 0 2>&1 \
36
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
7+
//
8+
// * malloc byte 6
49
// RUN: %clang_msan -fsanitize-memory-track-origins=2 %s -o %t && not %run %t 6 2>&1 \
510
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
11+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 %s -o %t && not %run %t 6 2>&1 \
12+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
613
//
714
// This test assumes the allocator allocates 16 bytes for malloc(7). Bytes
815
// 7-15 are padding.
16+
//
17+
// * malloc byte 7
918
// Edge case: when the origin granularity spans both ALLOC and ALLOC_PADDING,
10-
// ALLOC takes precedence
19+
// ALLOC always takes precedence.
20+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 %s -o %t && not %run %t 7 2>&1 \
21+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
1122
// RUN: %clang_msan -fsanitize-memory-track-origins=2 %s -o %t && not %run %t 7 2>&1 \
1223
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
1324
//
14-
// Bytes 8-15 are tagged as ALLOC_PADDING.
25+
// Bytes 8-15 are padding
26+
// For track-origins=1, ALLOC is used instead of ALLOC_PADDING.
27+
//
28+
// * malloc byte 8
29+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 %s -o %t && not %run %t 8 2>&1 \
30+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
1531
// RUN: %clang_msan -fsanitize-memory-track-origins=2 %s -o %t && not %run %t 8 2>&1 \
1632
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
33+
//
34+
// * malloc byte 15
35+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 %s -o %t && not %run %t 15 2>&1 \
36+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC
1737
// RUN: %clang_msan -fsanitize-memory-track-origins=2 %s -o %t && not %run %t 15 2>&1 \
1838
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
1939

20-
// calloc
40+
// *** calloc
2141
// Bytes 0-6 are fully initialized, so no MSan report should happen.
42+
//
43+
// * calloc byte 0
44+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 -DUSE_CALLOC %s -o %t && %run %t 0 2>&1
2245
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -DUSE_CALLOC %s -o %t && %run %t 0 2>&1
46+
//
47+
// * calloc byte 6
48+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 -DUSE_CALLOC %s -o %t && %run %t 6 2>&1
2349
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -DUSE_CALLOC %s -o %t && %run %t 6 2>&1
2450
//
51+
// * calloc byte 7
2552
// Byte 7 is uninitialized. Unlike malloc, this is tagged as ALLOC_PADDING
2653
// (since the origin does not need to track bytes 4-6).
54+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 -DUSE_CALLOC %s -o %t && not %run %t 7 2>&1 \
55+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
2756
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -DUSE_CALLOC %s -o %t && not %run %t 7 2>&1 \
2857
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
2958
//
30-
// As with malloc, Bytes 8-15 are tagged as ALLOC_PADDING.
59+
// * calloc byte 8
60+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 -DUSE_CALLOC %s -o %t && not %run %t 8 2>&1 \
61+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
3162
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -DUSE_CALLOC %s -o %t && not %run %t 8 2>&1 \
3263
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
64+
//
65+
// * calloc byte 15
66+
// RUN: %clang_msan -fsanitize-memory-track-origins=1 -DUSE_CALLOC %s -o %t && not %run %t 15 2>&1 \
67+
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
3368
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -DUSE_CALLOC %s -o %t && not %run %t 15 2>&1 \
3469
// RUN: | FileCheck %s --check-prefixes=CHECK,ORIGIN-ALLOC-PADDING
3570

0 commit comments

Comments
 (0)