Bug Summary

File:projects/compiler-rt/lib/asan/asan_descriptions.cc
Warning:line 452, column 3
Value stored to 'addr' is never read

Annotated Source Code

1//===-- asan_descriptions.cc ------------------------------------*- C++ -*-===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file is a part of AddressSanitizer, an address sanity checker.
11//
12// ASan functions for getting information about an address and/or printing it.
13//===----------------------------------------------------------------------===//
14
15#include "asan_descriptions.h"
16#include "asan_mapping.h"
17#include "asan_report.h"
18#include "asan_stack.h"
19#include "sanitizer_common/sanitizer_stackdepot.h"
20
21namespace __asan {
22
23// Return " (thread_name) " or an empty string if the name is empty.
24const char *ThreadNameWithParenthesis(AsanThreadContext *t, char buff[],
25 uptr buff_len) {
26 const char *name = t->name;
27 if (name[0] == '\0') return "";
28 buff[0] = 0;
29 internal_strncat(buff, " (", 3);
30 internal_strncat(buff, name, buff_len - 4);
31 internal_strncat(buff, ")", 2);
32 return buff;
33}
34
35const char *ThreadNameWithParenthesis(u32 tid, char buff[], uptr buff_len) {
36 if (tid == kInvalidTid) return "";
37 asanThreadRegistry().CheckLocked();
38 AsanThreadContext *t = GetThreadContextByTidLocked(tid);
39 return ThreadNameWithParenthesis(t, buff, buff_len);
40}
41
42void DescribeThread(AsanThreadContext *context) {
43 CHECK(context)do { __sanitizer::u64 v1 = (u64)((context)); __sanitizer::u64
v2 = (u64)(0); if (__builtin_expect(!!(!(v1 != v2)), 0)) __sanitizer
::CheckFailed("/tmp/buildd/llvm-toolchain-snapshot-5.0~svn298304/projects/compiler-rt/lib/asan/asan_descriptions.cc"
, 43, "(" "(context)" ") " "!=" " (" "0" ")", v1, v2); } while
(false)
;
44 asanThreadRegistry().CheckLocked();
45 // No need to announce the main thread.
46 if (context->tid == 0 || context->announced) {
47 return;
48 }
49 context->announced = true;
50 char tname[128];
51 InternalScopedString str(1024);
52 str.append("Thread T%d%s", context->tid,
53 ThreadNameWithParenthesis(context->tid, tname, sizeof(tname)));
54 if (context->parent_tid == kInvalidTid) {
55 str.append(" created by unknown thread\n");
56 Printf("%s", str.data());
57 return;
58 }
59 str.append(
60 " created by T%d%s here:\n", context->parent_tid,
61 ThreadNameWithParenthesis(context->parent_tid, tname, sizeof(tname)));
62 Printf("%s", str.data());
63 StackDepotGet(context->stack_id).Print();
64 // Recursively described parent thread if needed.
65 if (flags()->print_full_thread_history) {
66 AsanThreadContext *parent_context =
67 GetThreadContextByTidLocked(context->parent_tid);
68 DescribeThread(parent_context);
69 }
70}
71
72// Shadow descriptions
73static bool GetShadowKind(uptr addr, ShadowKind *shadow_kind) {
74 CHECK(!AddrIsInMem(addr))do { __sanitizer::u64 v1 = (u64)((!AddrIsInMem(addr))); __sanitizer
::u64 v2 = (u64)(0); if (__builtin_expect(!!(!(v1 != v2)), 0)
) __sanitizer::CheckFailed("/tmp/buildd/llvm-toolchain-snapshot-5.0~svn298304/projects/compiler-rt/lib/asan/asan_descriptions.cc"
, 74, "(" "(!AddrIsInMem(addr))" ") " "!=" " (" "0" ")", v1, v2
); } while (false)
;
75 if (AddrIsInShadowGap(addr)) {
76 *shadow_kind = kShadowKindGap;
77 } else if (AddrIsInHighShadow(addr)) {
78 *shadow_kind = kShadowKindHigh;
79 } else if (AddrIsInLowShadow(addr)) {
80 *shadow_kind = kShadowKindLow;
81 } else {
82 CHECK(0 && "Address is not in memory and not in shadow?")do { __sanitizer::u64 v1 = (u64)((0 && "Address is not in memory and not in shadow?"
)); __sanitizer::u64 v2 = (u64)(0); if (__builtin_expect(!!(!
(v1 != v2)), 0)) __sanitizer::CheckFailed("/tmp/buildd/llvm-toolchain-snapshot-5.0~svn298304/projects/compiler-rt/lib/asan/asan_descriptions.cc"
, 82, "(" "(0 && \"Address is not in memory and not in shadow?\")"
") " "!=" " (" "0" ")", v1, v2); } while (false)
;
83 return false;
84 }
85 return true;
86}
87
88bool DescribeAddressIfShadow(uptr addr) {
89 ShadowAddressDescription descr;
90 if (!GetShadowAddressInformation(addr, &descr)) return false;
91 descr.Print();
92 return true;
93}
94
95bool GetShadowAddressInformation(uptr addr, ShadowAddressDescription *descr) {
96 if (AddrIsInMem(addr)) return false;
97 ShadowKind shadow_kind;
98 if (!GetShadowKind(addr, &shadow_kind)) return false;
99 if (shadow_kind != kShadowKindGap) descr->shadow_byte = *(u8 *)addr;
100 descr->addr = addr;
101 descr->kind = shadow_kind;
102 return true;
103}
104
105// Heap descriptions
106static void GetAccessToHeapChunkInformation(ChunkAccess *descr,
107 AsanChunkView chunk, uptr addr,
108 uptr access_size) {
109 descr->bad_addr = addr;
110 if (chunk.AddrIsAtLeft(addr, access_size, &descr->offset)) {
111 descr->access_type = kAccessTypeLeft;
112 } else if (chunk.AddrIsAtRight(addr, access_size, &descr->offset)) {
113 descr->access_type = kAccessTypeRight;
114 if (descr->offset < 0) {
115 descr->bad_addr -= descr->offset;
116 descr->offset = 0;
117 }
118 } else if (chunk.AddrIsInside(addr, access_size, &descr->offset)) {
119 descr->access_type = kAccessTypeInside;
120 } else {
121 descr->access_type = kAccessTypeUnknown;
122 }
123 descr->chunk_begin = chunk.Beg();
124 descr->chunk_size = chunk.UsedSize();
125 descr->alloc_type = chunk.GetAllocType();
126}
127
128static void PrintHeapChunkAccess(uptr addr, const ChunkAccess &descr) {
129 Decorator d;
130 InternalScopedString str(4096);
131 str.append("%s", d.Location());
132 switch (descr.access_type) {
133 case kAccessTypeLeft:
134 str.append("%p is located %zd bytes to the left of",
135 (void *)descr.bad_addr, descr.offset);
136 break;
137 case kAccessTypeRight:
138 str.append("%p is located %zd bytes to the right of",
139 (void *)descr.bad_addr, descr.offset);
140 break;
141 case kAccessTypeInside:
142 str.append("%p is located %zd bytes inside of", (void *)descr.bad_addr,
143 descr.offset);
144 break;
145 case kAccessTypeUnknown:
146 str.append(
147 "%p is located somewhere around (this is AddressSanitizer bug!)",
148 (void *)descr.bad_addr);
149 }
150 str.append(" %zu-byte region [%p,%p)\n", descr.chunk_size,
151 (void *)descr.chunk_begin,
152 (void *)(descr.chunk_begin + descr.chunk_size));
153 str.append("%s", d.EndLocation());
154 Printf("%s", str.data());
155}
156
157bool GetHeapAddressInformation(uptr addr, uptr access_size,
158 HeapAddressDescription *descr) {
159 AsanChunkView chunk = FindHeapChunkByAddress(addr);
160 if (!chunk.IsValid()) {
161 return false;
162 }
163 descr->addr = addr;
164 GetAccessToHeapChunkInformation(&descr->chunk_access, chunk, addr,
165 access_size);
166 CHECK_NE(chunk.AllocTid(), kInvalidTid)do { __sanitizer::u64 v1 = (u64)((chunk.AllocTid())); __sanitizer
::u64 v2 = (u64)((kInvalidTid)); if (__builtin_expect(!!(!(v1
!= v2)), 0)) __sanitizer::CheckFailed("/tmp/buildd/llvm-toolchain-snapshot-5.0~svn298304/projects/compiler-rt/lib/asan/asan_descriptions.cc"
, 166, "(" "(chunk.AllocTid())" ") " "!=" " (" "(kInvalidTid)"
")", v1, v2); } while (false)
;
167 descr->alloc_tid = chunk.AllocTid();
168 descr->alloc_stack_id = chunk.GetAllocStackId();
169 descr->free_tid = chunk.FreeTid();
170 if (descr->free_tid != kInvalidTid)
171 descr->free_stack_id = chunk.GetFreeStackId();
172 return true;
173}
174
175static StackTrace GetStackTraceFromId(u32 id) {
176 CHECK(id)do { __sanitizer::u64 v1 = (u64)((id)); __sanitizer::u64 v2 =
(u64)(0); if (__builtin_expect(!!(!(v1 != v2)), 0)) __sanitizer
::CheckFailed("/tmp/buildd/llvm-toolchain-snapshot-5.0~svn298304/projects/compiler-rt/lib/asan/asan_descriptions.cc"
, 176, "(" "(id)" ") " "!=" " (" "0" ")", v1, v2); } while (false
)
;
177 StackTrace res = StackDepotGet(id);
178 CHECK(res.trace)do { __sanitizer::u64 v1 = (u64)((res.trace)); __sanitizer::u64
v2 = (u64)(0); if (__builtin_expect(!!(!(v1 != v2)), 0)) __sanitizer
::CheckFailed("/tmp/buildd/llvm-toolchain-snapshot-5.0~svn298304/projects/compiler-rt/lib/asan/asan_descriptions.cc"
, 178, "(" "(res.trace)" ") " "!=" " (" "0" ")", v1, v2); } while
(false)
;
179 return res;
180}
181
182bool DescribeAddressIfHeap(uptr addr, uptr access_size) {
183 HeapAddressDescription descr;
184 if (!GetHeapAddressInformation(addr, access_size, &descr)) {
185 Printf(
186 "AddressSanitizer can not describe address in more detail "
187 "(wild memory access suspected).\n");
188 return false;
189 }
190 descr.Print();
191 return true;
192}
193
194// Stack descriptions
195bool GetStackAddressInformation(uptr addr, uptr access_size,
196 StackAddressDescription *descr) {
197 AsanThread *t = FindThreadByStackAddress(addr);
198 if (!t) return false;
199
200 descr->addr = addr;
201 descr->tid = t->tid();
202 // Try to fetch precise stack frame for this access.
203 AsanThread::StackFrameAccess access;
204 if (!t->GetStackFrameAccessByAddr(addr, &access)) {
205 descr->frame_descr = nullptr;
206 return true;
207 }
208
209 descr->offset = access.offset;
210 descr->access_size = access_size;
211 descr->frame_pc = access.frame_pc;
212 descr->frame_descr = access.frame_descr;
213
214#if SANITIZER_PPC64V10
215 // On PowerPC64 ELFv1, the address of a function actually points to a
216 // three-doubleword data structure with the first field containing
217 // the address of the function's code.
218 descr->frame_pc = *reinterpret_cast<uptr *>(descr->frame_pc);
219#endif
220 descr->frame_pc += 16;
221
222 return true;
223}
224
225static void PrintAccessAndVarIntersection(const StackVarDescr &var, uptr addr,
226 uptr access_size, uptr prev_var_end,
227 uptr next_var_beg) {
228 uptr var_end = var.beg + var.size;
229 uptr addr_end = addr + access_size;
230 const char *pos_descr = nullptr;
231 // If the variable [var.beg, var_end) is the nearest variable to the
232 // current memory access, indicate it in the log.
233 if (addr >= var.beg) {
234 if (addr_end <= var_end)
235 pos_descr = "is inside"; // May happen if this is a use-after-return.
236 else if (addr < var_end)
237 pos_descr = "partially overflows";
238 else if (addr_end <= next_var_beg &&
239 next_var_beg - addr_end >= addr - var_end)
240 pos_descr = "overflows";
241 } else {
242 if (addr_end > var.beg)
243 pos_descr = "partially underflows";
244 else if (addr >= prev_var_end && addr - prev_var_end >= var.beg - addr_end)
245 pos_descr = "underflows";
246 }
247 InternalScopedString str(1024);
248 str.append(" [%zd, %zd)", var.beg, var_end);
249 // Render variable name.
250 str.append(" '");
251 for (uptr i = 0; i < var.name_len; ++i) {
252 str.append("%c", var.name_pos[i]);
253 }
254 str.append("'");
255 if (pos_descr) {
256 Decorator d;
257 // FIXME: we may want to also print the size of the access here,
258 // but in case of accesses generated by memset it may be confusing.
259 str.append("%s <== Memory access at offset %zd %s this variable%s\n",
260 d.Location(), addr, pos_descr, d.EndLocation());
261 } else {
262 str.append("\n");
263 }
264 Printf("%s", str.data());
265}
266
267bool DescribeAddressIfStack(uptr addr, uptr access_size) {
268 StackAddressDescription descr;
269 if (!GetStackAddressInformation(addr, access_size, &descr)) return false;
270 descr.Print();
271 return true;
272}
273
274// Global descriptions
275static void DescribeAddressRelativeToGlobal(uptr addr, uptr access_size,
276 const __asan_global &g) {
277 InternalScopedString str(4096);
278 Decorator d;
279 str.append("%s", d.Location());
280 if (addr < g.beg) {
281 str.append("%p is located %zd bytes to the left", (void *)addr,
282 g.beg - addr);
283 } else if (addr + access_size > g.beg + g.size) {
284 if (addr < g.beg + g.size) addr = g.beg + g.size;
285 str.append("%p is located %zd bytes to the right", (void *)addr,
286 addr - (g.beg + g.size));
287 } else {
288 // Can it happen?
289 str.append("%p is located %zd bytes inside", (void *)addr, addr - g.beg);
290 }
291 str.append(" of global variable '%s' defined in '",
292 MaybeDemangleGlobalName(g.name));
293 PrintGlobalLocation(&str, g);
294 str.append("' (0x%zx) of size %zu\n", g.beg, g.size);
295 str.append("%s", d.EndLocation());
296 PrintGlobalNameIfASCII(&str, g);
297 Printf("%s", str.data());
298}
299
300bool GetGlobalAddressInformation(uptr addr, uptr access_size,
301 GlobalAddressDescription *descr) {
302 descr->addr = addr;
303 int globals_num = GetGlobalsForAddress(addr, descr->globals, descr->reg_sites,
304 ARRAY_SIZE(descr->globals)(sizeof(descr->globals)/sizeof((descr->globals)[0])));
305 descr->size = globals_num;
306 descr->access_size = access_size;
307 return globals_num != 0;
308}
309
310bool DescribeAddressIfGlobal(uptr addr, uptr access_size,
311 const char *bug_type) {
312 GlobalAddressDescription descr;
313 if (!GetGlobalAddressInformation(addr, access_size, &descr)) return false;
314
315 descr.Print(bug_type);
316 return true;
317}
318
319void ShadowAddressDescription::Print() const {
320 Printf("Address %p is located in the %s area.\n", addr, ShadowNames[kind]);
321}
322
323void GlobalAddressDescription::Print(const char *bug_type) const {
324 for (int i = 0; i < size; i++) {
325 DescribeAddressRelativeToGlobal(addr, access_size, globals[i]);
326 if (bug_type &&
327 0 == internal_strcmp(bug_type, "initialization-order-fiasco") &&
328 reg_sites[i]) {
329 Printf(" registered at:\n");
330 StackDepotGet(reg_sites[i]).Print();
331 }
332 }
333}
334
335void StackAddressDescription::Print() const {
336 Decorator d;
337 char tname[128];
338 Printf("%s", d.Location());
339 Printf("Address %p is located in stack of thread T%d%s", addr, tid,
340 ThreadNameWithParenthesis(tid, tname, sizeof(tname)));
341
342 if (!frame_descr) {
343 Printf("%s\n", d.EndLocation());
344 return;
345 }
346 Printf(" at offset %zu in frame%s\n", offset, d.EndLocation());
347
348 // Now we print the frame where the alloca has happened.
349 // We print this frame as a stack trace with one element.
350 // The symbolizer may print more than one frame if inlining was involved.
351 // The frame numbers may be different than those in the stack trace printed
352 // previously. That's unfortunate, but I have no better solution,
353 // especially given that the alloca may be from entirely different place
354 // (e.g. use-after-scope, or different thread's stack).
355 Printf("%s", d.EndLocation());
356 StackTrace alloca_stack(&frame_pc, 1);
357 alloca_stack.Print();
358
359 InternalMmapVector<StackVarDescr> vars(16);
360 if (!ParseFrameDescription(frame_descr, &vars)) {
361 Printf(
362 "AddressSanitizer can't parse the stack frame "
363 "descriptor: |%s|\n",
364 frame_descr);
365 // 'addr' is a stack address, so return true even if we can't parse frame
366 return;
367 }
368 uptr n_objects = vars.size();
369 // Report the number of stack objects.
370 Printf(" This frame has %zu object(s):\n", n_objects);
371
372 // Report all objects in this frame.
373 for (uptr i = 0; i < n_objects; i++) {
374 uptr prev_var_end = i ? vars[i - 1].beg + vars[i - 1].size : 0;
375 uptr next_var_beg = i + 1 < n_objects ? vars[i + 1].beg : ~(0UL);
376 PrintAccessAndVarIntersection(vars[i], offset, access_size, prev_var_end,
377 next_var_beg);
378 }
379 Printf(
380 "HINT: this may be a false positive if your program uses "
381 "some custom stack unwind mechanism or swapcontext\n");
382 if (SANITIZER_WINDOWS0)
383 Printf(" (longjmp, SEH and C++ exceptions *are* supported)\n");
384 else
385 Printf(" (longjmp and C++ exceptions *are* supported)\n");
386
387 DescribeThread(GetThreadContextByTidLocked(tid));
388}
389
390void HeapAddressDescription::Print() const {
391 PrintHeapChunkAccess(addr, chunk_access);
392
393 asanThreadRegistry().CheckLocked();
394 AsanThreadContext *alloc_thread = GetThreadContextByTidLocked(alloc_tid);
395 StackTrace alloc_stack = GetStackTraceFromId(alloc_stack_id);
396
397 char tname[128];
398 Decorator d;
399 AsanThreadContext *free_thread = nullptr;
400 if (free_tid != kInvalidTid) {
401 free_thread = GetThreadContextByTidLocked(free_tid);
402 Printf("%sfreed by thread T%d%s here:%s\n", d.Allocation(),
403 free_thread->tid,
404 ThreadNameWithParenthesis(free_thread, tname, sizeof(tname)),
405 d.EndAllocation());
406 StackTrace free_stack = GetStackTraceFromId(free_stack_id);
407 free_stack.Print();
408 Printf("%spreviously allocated by thread T%d%s here:%s\n", d.Allocation(),
409 alloc_thread->tid,
410 ThreadNameWithParenthesis(alloc_thread, tname, sizeof(tname)),
411 d.EndAllocation());
412 } else {
413 Printf("%sallocated by thread T%d%s here:%s\n", d.Allocation(),
414 alloc_thread->tid,
415 ThreadNameWithParenthesis(alloc_thread, tname, sizeof(tname)),
416 d.EndAllocation());
417 }
418 alloc_stack.Print();
419 DescribeThread(GetCurrentThread());
420 if (free_thread) DescribeThread(free_thread);
421 DescribeThread(alloc_thread);
422}
423
424AddressDescription::AddressDescription(uptr addr, uptr access_size,
425 bool shouldLockThreadRegistry) {
426 if (GetShadowAddressInformation(addr, &data.shadow)) {
427 data.kind = kAddressKindShadow;
428 return;
429 }
430 if (GetHeapAddressInformation(addr, access_size, &data.heap)) {
431 data.kind = kAddressKindHeap;
432 return;
433 }
434
435 bool isStackMemory = false;
436 if (shouldLockThreadRegistry) {
437 ThreadRegistryLock l(&asanThreadRegistry());
438 isStackMemory = GetStackAddressInformation(addr, access_size, &data.stack);
439 } else {
440 isStackMemory = GetStackAddressInformation(addr, access_size, &data.stack);
441 }
442 if (isStackMemory) {
443 data.kind = kAddressKindStack;
444 return;
445 }
446
447 if (GetGlobalAddressInformation(addr, access_size, &data.global)) {
448 data.kind = kAddressKindGlobal;
449 return;
450 }
451 data.kind = kAddressKindWild;
452 addr = 0;
Value stored to 'addr' is never read
453}
454
455void PrintAddressDescription(uptr addr, uptr access_size,
456 const char *bug_type) {
457 ShadowAddressDescription shadow_descr;
458 if (GetShadowAddressInformation(addr, &shadow_descr)) {
459 shadow_descr.Print();
460 return;
461 }
462
463 GlobalAddressDescription global_descr;
464 if (GetGlobalAddressInformation(addr, access_size, &global_descr)) {
465 global_descr.Print(bug_type);
466 return;
467 }
468
469 StackAddressDescription stack_descr;
470 if (GetStackAddressInformation(addr, access_size, &stack_descr)) {
471 stack_descr.Print();
472 return;
473 }
474
475 HeapAddressDescription heap_descr;
476 if (GetHeapAddressInformation(addr, access_size, &heap_descr)) {
477 heap_descr.Print();
478 return;
479 }
480
481 // We exhausted our possibilities. Bail out.
482 Printf(
483 "AddressSanitizer can not describe address in more detail "
484 "(wild memory access suspected).\n");
485}
486} // namespace __asan