Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20377

Make WITH_MSAN more usable

    XMLWordPrintable

Details

    Description

      MemorySanitizer is a compile-time instrumentation layer in clang but not GCC. Together with AddressSanitizer mostly makes the run-time instrumentation of Valgrind redundant. It is a little more tricky to set up, because running with uninstrumented libraries will lead into false positives.

      No patches are necessary since 10.5 94d0bb4dbeb28a94d1f87fdd55f4297ff3df0157 (see the commit message for instructions); cmake -DWITH_MSAN=ON is supposed to work ‘out of the box’.

      This task will be kept open until all tests pass and MemorySanitizer can be enabled on CI systems.

      How to instrumented libraries

      These instructions are for clang-10. The script build-msan2.sh was developed to resolve MDEV-22083 a.k.a. MDEV-26758.

      mkdir /tmp/build
      		 
      cd /tmp/build
      		 
      mkdir "$HOME/msan-libs"
      		 
      CLANG=10 MSAN_LIBDIR="$HOME/msan-libs" build-msan.sh

      Note: to use different clang (tested with clang-8, clang-9, clang-11, clang-13), just replace 10 with the major version of the compiler above.

      For clang-15, the procedure is a little different:

      mkdir /tmp/build
      		 
      cd /tmp/build
      		 
      mkdir "$HOME/msan-libs"
      		 
      CLANG=15 MSAN_LIBDIR="$HOME/msan-libs" build-msan15.sh

      How to build MariaDB Server 10.5 or later with the instrumented libraries

      cd /mariadb/10.5
      		 
      mkdir build
      		 
      cd build
      		 
      cmake -DCMAKE_{C_COMPILER=clang,CXX_COMPILER=clang++}-10 \
      		 
      -DCMAKE_C_FLAGS='-O2 -Wno-unused-command-line-argument -fdebug-macro' \
      		 
      -DCMAKE_CXX_FLAGS='-stdlib=libc++ -O2 -Wno-unused-command-line-argument -fdebug-macro'  \
      		 
      -DWITH_EMBEDDED_SERVER=OFF -DWITH_UNIT_TESTS=OFF -DCMAKE_BUILD_TYPE=Debug \
      		 
      -DWITH_DBUG_TRACE=OFF -DWITH_SAFEMALLOC=OFF \
      		 
      -DWITH_INNODB_{BZIP2,LZ4,LZMA,LZO,SNAPPY}=OFF \
      		 
      -DWITH_SAFEMALLOC=OFF \
      		 
      -DWITH_{ZLIB,SSL,PCRE}=bundled \
      		 
      -DHAVE_LIBAIO_H=0 -DCMAKE_DISABLE_FIND_PACKAGE_{URING,LIBAIO}=1 \
      		 
      -DWITH_MSAN=ON \
      		 
      -G Ninja ..
      		 
      ninja

      Note: -march=native -mtune=native is optional since the second fix of MDEV-20386

      How to build with minimal cmake arguments

      cd /mariadb/10.5
      		 
      mkdir build
      		 
      cd build
      		 
      cmake -DCMAKE_{C_COMPILER=clang,CXX_COMPILER=clang++}-19 -DCMAKE_C_FLAGS='-O2 -march=native' \
      		 
      -DCMAKE_CXX_FLAGS='-stdlib=libc++ -O2 -march=native'  \
      		 
      -DSECURITY_HARDENED=OFF \
      		 
      -DPLUGIN_{CONNECT,SPIDER}=NO \
      		 
      -DWITH_INNODB_{BZIP2,LZ4,LZMA,LZO,SNAPPY}=OFF \
      		 
      -DWITH_{ZLIB,SSL,PCRE}=bundled \
      		 
      -DHAVE_LIBAIO_H=0 -DCMAKE_DISABLE_FIND_PACKAGE_{URING,LIBAIO}=1 \
      		 
      -DWITH_MSAN=ON -G Ninja ..
      		 
      cmake --build .

      cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo is implied. OK, this is almost minimal. I wanted to save the trouble of building numerous compression libraries with -fsanitize=memory. Connect and Spider are disabled due to test failures that were not investigated yet. MDEV-34921 was tested in this way.

      Note the -DSECURITY_HARDENED=OFF; it is enabled by default and seems to break operations like memcpy() with RelWithDebInfo but not Debug.

      How to run tests

      cd mysql-test
      		 
      LD_LIBRARY_PATH="$HOME"/msan-libs ./mtr main.1st
      		 
      LD_LIBRARY_PATH="$HOME"/msan-libs MSAN_OPTIONS=abort_on_error=1:poison_in_dtor=0 ./mtr --big-test --parallel=auto --force --retry=0 --skip-stack-trace --skip-core-file

      Note: It may be wise to omit MSAN_OPTIONS=abort_on_error=1 except when running code in a debugger. On some occasions, it may cause truncation of the diagnostic messages.

      Note: The llvm-symbolizer in clang 14 or later will refuse to load if LD_LIBRARY_PATH includes an MSAN-instrumented libgmp.so. To get nice resolved stack traces, you must point the environment variable MSAN_SYMBOLIZER_PATH to a script like the following. The script name had better start with llvm-symbolizer- in order to avoid a warning:

      #!/bin/sh
      		 
      unset LD_LIBRARY_PATH
      		 
      exec llvm-symbolizer-15 "$@"

      The MSAN_OPTIONS=poison_in_dtor=0 (to work around MDEV-30936, MDEV-30942) is an old option that was enabled by default in clang 15.

      Attachments

        1. 10.5-msan.patch
          3 kB
        2. build-msan.sh
          1 kB
        3. build-msan15.sh
          3 kB
        4. build-msan16.sh
          3 kB
        5. build-msan18.sh
          3 kB
        6. build-msan19.sh
          3 kB
        7. build-msan2.sh
          3 kB

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30936 clang 15.0.7 -fsanitize=memory fails massively

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          includes

          Bug - A problem which impairs or prevents the functions of the product. CONC-762 mysql_stmt_fetch in cursor mode creates bind.length unitialized (MSAN)

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDBF-136 MSAN - create instrumented libcrack

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20386 Replace inline asm with compiler-builtin intrinsic functions

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20388 Allegedly uninitialized values left by MyCTX_nopad

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22059 MSAN report at replicate_ignore_table_grant

          • Major - Major loss of function.
          • Closed
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22688 MSAN use-of-uninitialized-value in READ_INFO::read_xml()

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22689 MSAN use-of-uninitialized-value in decode_bytes()

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22690 MSAN use-of-uninitialized-value in optimizer_trace

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22691 MSAN use-of-uninitialized-value in test maria.maria-recovery2

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22692 MSAN use-of-uninitialized-value in pagecache_fwrite()

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-483 Workaround for MSAN bug needed

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20309 InnoDB encryption accesses memory outside of allocated block

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22070 MSAN use-of-uninitialized-value in encryption.innodb-redo-badkey

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22071 MSAN use-of-uninitialized-value in build_frm_image()

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22072 MSAN use-of-uninitialized-value in wf_incremental_finalize

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22073 MSAN use-of-uninitialized-value in collect_statistics_for_table()

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24514 WITH_MSAN is disabling WOLFSSL_AESNI acceleration

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-26758 Make libmariadb run under MSAN

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-27964 The function ENCRYPT() causes SIGSEGV in WITH_MSAN builds

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30942 MSAN_OPTIONS=poison_in_dtor=1 causes failures in free_root()

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31790 Extremely slow tests rpl.rpl_non_direct_mixed_mixing_engines and rpl.rpl_stm_mixing_engines

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34921 MemorySanitizer reports errors for non-debug builds

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34933 The test plugins.rpl_auth uses not_msan.inc without a good reason

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36482 cmake -DWITH_MSAN=ON does not work with Linux libaio

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-14024 PCRE2

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20310 valgrind bugs found in 10.5

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20383 Use of uninitialized value in Datafile::find_space_id() for ROW_FORMAT=COMPRESSED

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22060 MSAN use-of-uninitialized-value in main.query_cache_innodb

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24841 Build error with MSAN use-of-uninitialized-value comp_err.c:734:10

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34996 Buildbot MSAN options in buildbot rather than server

          • Major - Major loss of function.
          • Closed

          Activity

            People

              marko Marko Mäkelä
              marko Marko Mäkelä
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.