diff options
| author | Cherry Zhang <cherryyz@google.com> | 2020-11-16 21:28:26 -0500 |
|---|---|---|
| committer | Cherry Zhang <cherryyz@google.com> | 2020-12-03 15:40:11 +0000 |
| commit | 07cba70d5794747044ce5f2f3b34de139193e2a5 (patch) | |
| tree | c469bb083550371669e3c76388ba0af7e5f10a4f /misc | |
| parent | d0c0dc682c1fb15241d84df11715e706a5bc0da7 (diff) | |
| download | go-07cba70d5794747044ce5f2f3b34de139193e2a5.tar.gz go-07cba70d5794747044ce5f2f3b34de139193e2a5.zip | |
cmd/compile, runtime: use __msan_memmove for moving data, split msanread to fields
Currently, for data moving, we generate an msanread of the source,
followed by an msanwrite of the destination. msanread checks
the source is initialized.
This has a problem: if the source is an aggregate type containing
alignment paddings, the padding bytes may not be thought as
initialized by MSAN. If we copy the aggregate type by value, if
it counts as a read, MSAN reports using uninitialized data. This
CL changes it to use __msan_memmove for data copying, which tells
MSAN to propagate initialized-ness but not check for it.
Caveat: technically __msan_memmove is not a public API of MSAN,
although the C compiler does generate direct calls to it.
Also, when instrumenting a load of a struct, split the
instrumentation to fields, instead of generating an msanread for
the whole struct. This skips padding bytes, which may not be
considered initialized in MSAN.
Fixes #42820.
Change-Id: Id861c8bbfd94cfcccefcc58eaf9e4eb43b4d85c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/270859
Trust: Cherry Zhang <cherryyz@google.com>
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Diffstat (limited to 'misc')
| -rw-r--r-- | misc/cgo/testsanitizers/msan_test.go | 1 | ||||
| -rw-r--r-- | misc/cgo/testsanitizers/testdata/msan7.go | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/misc/cgo/testsanitizers/msan_test.go b/misc/cgo/testsanitizers/msan_test.go index 88b90d3d70..5e2f9759ba 100644 --- a/misc/cgo/testsanitizers/msan_test.go +++ b/misc/cgo/testsanitizers/msan_test.go @@ -28,6 +28,7 @@ func TestMSAN(t *testing.T) { {src: "msan4.go"}, {src: "msan5.go"}, {src: "msan6.go"}, + {src: "msan7.go"}, {src: "msan_fail.go", wantErr: true}, } for _, tc := range cases { diff --git a/misc/cgo/testsanitizers/testdata/msan7.go b/misc/cgo/testsanitizers/testdata/msan7.go new file mode 100644 index 0000000000..2f29fd21b2 --- /dev/null +++ b/misc/cgo/testsanitizers/testdata/msan7.go @@ -0,0 +1,38 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +// Test passing C struct to exported Go function. + +/* +#include <stdint.h> +#include <stdlib.h> + +// T is a C struct with alignment padding after b. +// The padding bytes are not considered initialized by MSAN. +// It is big enough to be passed on stack in C ABI (and least +// on AMD64). +typedef struct { char b; uintptr_t x, y; } T; + +extern void F(T); + +// Use weak as a hack to permit defining a function even though we use export. +void CF(int x) __attribute__ ((weak)); +void CF(int x) { + T *t = malloc(sizeof(T)); + t->b = (char)x; + t->x = x; + t->y = x; + F(*t); +} +*/ +import "C" + +//export F +func F(t C.T) { println(t.b, t.x, t.y) } + +func main() { + C.CF(C.int(0)) +} |