Re: [PATCH RFC 00/11] Add Memory Sanitizer support

[Mark Wielaard <mark@klomp.org>]

Hi Ilya,

On Mon, Feb 06, 2023 at 11:25:02PM +0100, Ilya Leoshkevich via Elfutils-devel wrote:
> This series adds minimalistic support for Memory Sanitizer (MSan) [1].
> MSan is compiler instrumentation for detecting accesses to
> uninitialized memory.
> 
> The motivation behind this is to be able to link elfutils into projects
> instrumented with MSan, since it essentially requires all the code
> running in a process to be instrumented.

Interesting. For regular CI testing we do use ubsan, valgrind and/or
asan. So msan might not find many new issues in the elfutils code
itself. But being able to link the elfutils libraries instrumented with
msan against other projects build with msan might be very useful.

> The goal is to provide a setup where elfutils is linked only with zlib
> and most tests pass. Here is the description of the setup that I'm
> using:
> 
> - LLVM with argp_parse() instrumentation [2].
> 
> - zlib-ng instrumented with MSan:
> 
>   git clone git@github.com:zlib-ng/zlib-ng.git
>   cmake -DWITH_SANITIZER=Memory -DZLIB_COMPAT=ON -DWITH_GTEST=OFF \
>         -DCMAKE_C_COMPILER=clang -DCMAKE_INSTALL_PREFIX=/tmp/zlib-ng
>   make install
>   export CPATH=/tmp/zlib-ng/include
>   export LIBRARY_PATH=/tmp/zlib-ng/lib
> 
> - Hack: zlib is used by a lot of system utilities, so adding
>   MSan-instrumented zlib to LD_LIBRARY_PATH causes a lot of grief.
>   Let elfutils test infrastructure add it there only for running
>   tests:
> 
>   ln -s /tmp/zlib-ng/lib/libz.so.1 libelf/
> 
> - elfutils uses printf("%n"), so tweak MSan to unpoison the respective
>   arguments. Also disable fast unwinding to get better backtraces:
> 
>   export MSAN_OPTIONS=check_printf=1,fast_unwind_on_malloc=0
> 
> - Minimal configuration of elfutils instrumented with MSan:
> 
>   autoreconf -i
>   CC=clang ./configure --enable-maintainer-mode \
>                        --enable-sanitize-memory --without-bzlib \
>                        --without-lzma --without-zstd \
>                        --disable-debuginfod --disable-libdebuginfod \
>                        --disable-demangler

Aren't there instrumented versions of bzip2, lzma/xz and/or zstd?

Can't debuginfod and libdebuginfod be instrumented?

Is the demangler disabled because you don't link against (an
instrumented) libstdc++?

> Results:
> 
>   ============================================================================
>   Testsuite summary for elfutils 0.188
>   ============================================================================
>   # TOTAL: 235
>   # PASS:  221
>   # SKIP:  14
>   # XFAIL: 0
>   # FAIL:  0
>   # XPASS: 0
>   # ERROR: 0
>   ============================================================================

Very good.

> The patches take care of the following:
> 
> - Fixing clang build.

Yeah, it is a pity msan hasn't been integrated with gcc, we often find
issues with clang.

> - Adding small tweaks to get rid of false positives (no real issues
>   were found, most likely because elfutils is already tested with
>   valgrind).
> - Dealing with "-self" tests, which now see MSan runtime compiled
>   into elfutils binaries.
> - MSan enablement itself.
> 
> Ilya Leoshkevich (11):
>   libdwfl: Fix debuginfod_client redefinition
>   libasm: Fix xdefault_pattern initialization
>   printversion: Fix unused variable
>   readelf: Fix set but not used parameter
>   readelf: Fix set but not used variable
>   Initialize reglocs for VMCOREINFO
>   addr2line: Do not test demangling in run-addr2line-i-test.sh
>   x86_64_return_value_location: Support lvalue and rvalue references
>   configure: Use -fno-addrsig if possible
>   configure: Add --disable-demangle
>   configure: Add --enable-sanitize-memory

Thanks for splitting things out so nicely in separate patches.

Cheers,

Mark