1//===-- msan_report.cpp ---------------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file is a part of MemorySanitizer.
10//
11// Error reporting.
12//===----------------------------------------------------------------------===//
13
14#include "msan_report.h"
15
16#include "msan.h"
17#include "msan_chained_origin_depot.h"
18#include "msan_origin.h"
19#include "sanitizer_common/sanitizer_allocator_internal.h"
20#include "sanitizer_common/sanitizer_common.h"
21#include "sanitizer_common/sanitizer_flags.h"
22#include "sanitizer_common/sanitizer_mutex.h"
23#include "sanitizer_common/sanitizer_report_decorator.h"
24#include "sanitizer_common/sanitizer_stackdepot.h"
25#include "sanitizer_common/sanitizer_stacktrace_printer.h"
26#include "sanitizer_common/sanitizer_symbolizer.h"
27
28using namespace __sanitizer;
29
30namespace __msan {
31
32class Decorator: public __sanitizer::SanitizerCommonDecorator {
33 public:
34 Decorator() : SanitizerCommonDecorator() { }
35 const char *Origin() const { return Magenta(); }
36 const char *Name() const { return Green(); }
37};
38
39static void DescribeStackOrigin(const char *so, uptr pc) {
40 Decorator d;
41 Printf(format: "%s", d.Origin());
42 if (so) {
43 Printf(
44 format: " %sUninitialized value was created by an allocation of '%s%s%s'"
45 " in the stack frame%s\n",
46 d.Origin(), d.Name(), so, d.Origin(), d.Default());
47 } else {
48 Printf(format: " %sUninitialized value was created in the stack frame%s\n",
49 d.Origin(), d.Default());
50 }
51
52 if (pc)
53 StackTrace(&pc, 1).Print();
54}
55
56static void DescribeOrigin(u32 id) {
57 VPrintf(1, " raw origin id: %d\n", id);
58 Decorator d;
59 Origin o = Origin::FromRawId(id);
60 while (o.isChainedOrigin()) {
61 StackTrace stack;
62 o = o.getNextChainedOrigin(stack: &stack);
63 Printf(format: " %sUninitialized value was stored to memory at%s\n", d.Origin(),
64 d.Default());
65 stack.Print();
66 }
67 if (o.isStackOrigin()) {
68 uptr pc;
69 const char *so = GetStackOriginDescr(id: o.getStackId(), pc: &pc);
70 DescribeStackOrigin(so, pc);
71 } else {
72 StackTrace stack = o.getStackTraceForHeapOrigin();
73 switch (stack.tag) {
74 case StackTrace::TAG_ALLOC:
75 Printf(format: " %sUninitialized value was created by a heap allocation%s\n",
76 d.Origin(), d.Default());
77 break;
78 case StackTrace::TAG_DEALLOC:
79 Printf(format: " %sUninitialized value was created by a heap deallocation%s\n",
80 d.Origin(), d.Default());
81 break;
82 case STACK_TRACE_TAG_POISON:
83 Printf(format: " %sMemory was marked as uninitialized%s\n", d.Origin(),
84 d.Default());
85 break;
86 case STACK_TRACE_TAG_FIELDS:
87 Printf(format: " %sMember fields were destroyed%s\n", d.Origin(), d.Default());
88 break;
89 case STACK_TRACE_TAG_VPTR:
90 Printf(format: " %sVirtual table ptr was destroyed%s\n", d.Origin(),
91 d.Default());
92 break;
93 default:
94 Printf(format: " %sUninitialized value was created%s\n", d.Origin(),
95 d.Default());
96 break;
97 }
98 stack.Print();
99 }
100}
101
102void ReportUMR(StackTrace *stack, u32 origin) {
103 if (!__msan::flags()->report_umrs) return;
104
105 ScopedErrorReportLock l;
106
107 Decorator d;
108 Printf(format: "%s", d.Warning());
109 Report(format: "WARNING: MemorySanitizer: use-of-uninitialized-value\n");
110 Printf(format: "%s", d.Default());
111 stack->Print();
112 if (origin) {
113 DescribeOrigin(id: origin);
114 }
115 ReportErrorSummary(error_type: "use-of-uninitialized-value", trace: stack);
116}
117
118void ReportExpectedUMRNotFound(StackTrace *stack) {
119 ScopedErrorReportLock l;
120
121 Printf(format: "WARNING: Expected use of uninitialized value not found\n");
122 stack->Print();
123}
124
125void ReportStats() {
126 ScopedErrorReportLock l;
127
128 if (__msan_get_track_origins() > 0) {
129 StackDepotStats stack_depot_stats = StackDepotGetStats();
130 // FIXME: we want this at normal exit, too!
131 // FIXME: but only with verbosity=1 or something
132 Printf(format: "Unique heap origins: %zu\n", stack_depot_stats.n_uniq_ids);
133 Printf(format: "Stack depot allocated bytes: %zu\n", stack_depot_stats.allocated);
134
135 StackDepotStats chained_origin_depot_stats = ChainedOriginDepotGetStats();
136 Printf(format: "Unique origin histories: %zu\n",
137 chained_origin_depot_stats.n_uniq_ids);
138 Printf(format: "History depot allocated bytes: %zu\n",
139 chained_origin_depot_stats.allocated);
140 }
141}
142
143void ReportAtExitStatistics() {
144 ScopedErrorReportLock l;
145
146 if (msan_report_count > 0) {
147 Decorator d;
148 Printf(format: "%s", d.Warning());
149 Printf(format: "MemorySanitizer: %d warnings reported.\n", msan_report_count);
150 Printf(format: "%s", d.Default());
151 }
152}
153
154class OriginSet {
155 public:
156 OriginSet() : next_id_(0) {}
157 int insert(u32 o) {
158 // Scan from the end for better locality.
159 for (int i = next_id_ - 1; i >= 0; --i)
160 if (origins_[i] == o) return i;
161 if (next_id_ == kMaxSize_) return OVERFLOW;
162 int id = next_id_++;
163 origins_[id] = o;
164 return id;
165 }
166 int size() { return next_id_; }
167 u32 get(int id) { return origins_[id]; }
168 static char asChar(int id) {
169 switch (id) {
170 case MISSING:
171 return '.';
172 case OVERFLOW:
173 return '*';
174 default:
175 return 'A' + id;
176 }
177 }
178 static const int OVERFLOW = -1;
179 static const int MISSING = -2;
180
181 private:
182 static const int kMaxSize_ = 'Z' - 'A' + 1;
183 u32 origins_[kMaxSize_];
184 int next_id_;
185};
186
187void DescribeMemoryRange(const void *x, uptr size) {
188 // Real limits.
189 uptr start = MEM_TO_SHADOW(x);
190 uptr end = start + size;
191 // Scan limits: align start down to 4; align size up to 16.
192 uptr s = start & ~3UL;
193 size = end - s;
194 size = (size + 15) & ~15UL;
195 uptr e = s + size;
196
197 // Single letter names to origin id mapping.
198 OriginSet origin_set;
199
200 uptr pos = 0; // Offset from aligned start.
201 bool with_origins = __msan_get_track_origins();
202 // True if there is at least 1 poisoned bit in the last 4-byte group.
203 bool last_quad_poisoned;
204 int origin_ids[4]; // Single letter origin ids for the current line.
205
206 Decorator d;
207 Printf(format: "%s", d.Warning());
208 uptr start_x = reinterpret_cast<uptr>(x);
209 Printf(format: "Shadow map [%p, %p) of [%p, %p), %zu bytes:\n",
210 reinterpret_cast<void *>(start), reinterpret_cast<void *>(end),
211 reinterpret_cast<void *>(start_x),
212 reinterpret_cast<void *>(start_x + end - start), end - start);
213 Printf(format: "%s", d.Default());
214 while (s < e) {
215 // Line start.
216 if (pos % 16 == 0) {
217 for (int i = 0; i < 4; ++i) origin_ids[i] = -1;
218 Printf(format: "%p[%p]:", reinterpret_cast<void *>(s),
219 reinterpret_cast<void *>(start_x - start + s));
220 }
221 // Group start.
222 if (pos % 4 == 0) {
223 Printf(format: " ");
224 last_quad_poisoned = false;
225 }
226 // Print shadow byte.
227 if (s < start || s >= end) {
228 Printf(format: "..");
229 } else {
230 unsigned char v = *(unsigned char *)s;
231 if (v) last_quad_poisoned = true;
232 Printf(format: "%x%x", v >> 4, v & 0xf);
233 }
234 // Group end.
235 if (pos % 4 == 3 && with_origins) {
236 int id = OriginSet::MISSING;
237 if (last_quad_poisoned) {
238 u32 o = *(u32 *)SHADOW_TO_ORIGIN(s - 3);
239 id = origin_set.insert(o);
240 }
241 origin_ids[(pos % 16) / 4] = id;
242 }
243 // Line end.
244 if (pos % 16 == 15) {
245 if (with_origins) {
246 Printf(format: " |");
247 for (int i = 0; i < 4; ++i) {
248 char c = OriginSet::asChar(id: origin_ids[i]);
249 Printf(format: "%c", c);
250 if (i != 3) Printf(format: " ");
251 }
252 Printf(format: "|");
253 }
254 Printf(format: "\n");
255 }
256 size--;
257 s++;
258 pos++;
259 }
260
261 Printf(format: "\n");
262
263 for (int i = 0; i < origin_set.size(); ++i) {
264 u32 o = origin_set.get(id: i);
265 Printf(format: "Origin %c (origin_id %x):\n", OriginSet::asChar(id: i), o);
266 DescribeOrigin(id: o);
267 }
268}
269
270void ReportUMRInsideAddressRange(const char *function, const void *start,
271 uptr size, uptr offset) {
272 function = StackTracePrinter::GetOrInit()->StripFunctionName(function);
273 Decorator d;
274 Printf(format: "%s", d.Warning());
275 Printf(format: "%sUninitialized bytes in %s%s%s at offset %zu inside [%p, %zu)%s\n",
276 d.Warning(), d.Name(), function, d.Warning(), offset, start, size,
277 d.Default());
278 if (__sanitizer::Verbosity())
279 DescribeMemoryRange(x: start, size);
280}
281
282} // namespace __msan
283