1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
| //===-- msan_origin.h ----------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// Origin id utils.
//===----------------------------------------------------------------------===//
#ifndef MSAN_ORIGIN_H
#define MSAN_ORIGIN_H
#include "sanitizer_common/sanitizer_stackdepot.h"
#include "msan_chained_origin_depot.h"
namespace __msan {
// Origin handling.
//
// Origin is a 32-bit identifier that is attached to any uninitialized value in
// the program and describes, more or less exactly, how this memory came to be
// uninitialized.
//
// There are 3 kinds of origin ids:
// 1xxx xxxx xxxx xxxx heap origin id
// 0000 xxxx xxxx xxxx stack origin id
// 0zzz xxxx xxxx xxxx chained origin id
//
// Heap origin id describes a heap memory allocation and contains (in the xxx
// part) a value of StackDepot.
//
// Stack origin id describes a stack memory allocation and contains (in the xxx
// part) an index into StackOriginDescr and StackOriginPC. We don't store a
// stack trace for such origins for performance reasons.
//
// Chained origin id describes an event of storing an uninitialized value to
// memory. The xxx part is a value of ChainedOriginDepot, which is a mapping of
// (stack_id, prev_id) -> id, where
// * stack_id describes the event.
// StackDepot keeps a mapping between those and corresponding stack traces.
// * prev_id is another origin id that describes the earlier part of the
// uninitialized value history.
// Following a chain of prev_id provides the full recorded history of an
// uninitialized value.
//
// This, effectively, defines a tree (or 2 trees, see below) where nodes are
// points in value history marked with origin ids, and edges are events that are
// marked with stack_id.
//
// The "zzz" bits of chained origin id are used to store the length (or depth)
// of the origin chain.
class Origin {
public:
static bool isValidId(u32 id) { return id != 0 && id != (u32)-1; }
u32 raw_id() const { return raw_id_; }
bool isHeapOrigin() const {
// 1xxx xxxx xxxx xxxx
return raw_id_ >> kHeapShift == 0;
}
bool isStackOrigin() const {
// 1000 xxxx xxxx xxxx
return (raw_id_ >> kDepthShift) == (1 << kDepthBits);
}
bool isChainedOrigin() const {
// 1zzz xxxx xxxx xxxx, zzz != 000
return (raw_id_ >> kDepthShift) > (1 << kDepthBits);
}
u32 getChainedId() const {
CHECK(isChainedOrigin());
return raw_id_ & kChainedIdMask;
}
u32 getStackId() const {
CHECK(isStackOrigin());
return raw_id_ & kChainedIdMask;
}
u32 getHeapId() const {
CHECK(isHeapOrigin());
return raw_id_ & kHeapIdMask;
}
// Returns the next origin in the chain and the current stack trace.
Origin getNextChainedOrigin(StackTrace *stack) const {
CHECK(isChainedOrigin());
u32 prev_id;
u32 stack_id = ChainedOriginDepotGet(getChainedId(), &prev_id);
if (stack) *stack = StackDepotGet(stack_id);
return Origin(prev_id);
}
StackTrace getStackTraceForHeapOrigin() const {
return StackDepotGet(getHeapId());
}
static Origin CreateStackOrigin(u32 id) {
CHECK((id & kStackIdMask) == id);
return Origin((1 << kHeapShift) | id);
}
static Origin CreateHeapOrigin(StackTrace *stack) {
u32 stack_id = StackDepotPut(*stack);
CHECK(stack_id);
CHECK((stack_id & kHeapIdMask) == stack_id);
return Origin(stack_id);
}
static Origin CreateChainedOrigin(Origin prev, StackTrace *stack) {
int depth = prev.isChainedOrigin() ? prev.depth() : 0;
// depth is the length of the chain minus 1.
// origin_history_size of 0 means unlimited depth.
if (flags()->origin_history_size > 0) {
if (depth + 1 >= flags()->origin_history_size) {
return prev;
} else {
++depth;
CHECK(depth < (1 << kDepthBits));
}
}
StackDepotHandle h = StackDepotPut_WithHandle(*stack);
if (!h.valid()) return prev;
if (flags()->origin_history_per_stack_limit > 0) {
int use_count = h.use_count();
if (use_count > flags()->origin_history_per_stack_limit) return prev;
}
u32 chained_id;
bool inserted = ChainedOriginDepotPut(h.id(), prev.raw_id(), &chained_id);
CHECK((chained_id & kChainedIdMask) == chained_id);
if (inserted && flags()->origin_history_per_stack_limit > 0)
h.inc_use_count_unsafe();
return Origin((1 << kHeapShift) | (depth << kDepthShift) | chained_id);
}
static Origin FromRawId(u32 id) {
return Origin(id);
}
private:
static const int kDepthBits = 3;
static const int kDepthShift = 32 - kDepthBits - 1;
static const int kHeapShift = 31;
static const u32 kChainedIdMask = ((u32)-1) >> (32 - kDepthShift);
static const u32 kStackIdMask = ((u32)-1) >> (32 - kDepthShift);
static const u32 kHeapIdMask = ((u32)-1) >> (32 - kHeapShift);
u32 raw_id_;
explicit Origin(u32 raw_id) : raw_id_(raw_id) {}
int depth() const {
CHECK(isChainedOrigin());
return (raw_id_ >> kDepthShift) & ((1 << kDepthBits) - 1);
}
public:
static const int kMaxDepth = (1 << kDepthBits) - 1;
};
} // namespace __msan
#endif // MSAN_ORIGIN_H
|