|
|
This lets us tag up pieces of code as requiring initialized inputs.
Almost all code requires initialized inputs, of course. This is for
code that works correctly with uninitialized data but triggers false
positive warnings in MSAN. E.g., imagine MSAN's found use of uninitialized
data in this max function:
static uint8_t max(uint8_t x, uint8_t y) { return x > y ? x : y; }
There's no bug in here... if there's uninitialized data being branched upon
here for the first time, it's sure not max's fault, it's its caller's fault.
So we might do this:
static uint8_t max(uint8_t x, uint8_t y) {
// This function uses branching, so if MSAN finds a problem here,
// we can assert x and y are initialized. This will remind us the
// problem somewhere in the caller or above, not here.
sk_msan_assert_initialized(&x, &x+1);
sk_masn_assert_initialized(&y, &y+1);
return x > y ? x : y;
}
By allowing code to assert its inputs must be initialized,
we can make the blame for use of uninitialized data more clear.
(Sometimes we have another option, to rewrite the code to avoid branching:
static uint8_t max(uint8_t x, uint8_t y) {
// This function is branchfree, so MSAN won't complain here.
// No real need to assert anything as requiring initialization.
int diff = x - y;
int negative = diff >> (sizeof(int)*8 - 1);
return (y & negative) | (x & ~negative);
}
These approaches to fixing MSAN false positives are orthogonal.)
BUG=chromium:574114
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1658913005
CQ_EXTRA_TRYBOTS=client.skia:Test-Ubuntu-GCC-GCE-CPU-AVX2-x86_64-Release-SKNX_NO_SIMD-Trybot
Review URL: https://codereview.chromium.org/1658913005
|
mtklein