This is an archive of the discontinued LLVM Phabricator instance.

Differential D113447

[sancov] add tracing for loads and store
ClosedPublic

Authored by kcc on Nov 8 2021, 5:57 PM.

Details

Reviewers
morehouse
Commits
rGb7f3a4f4fa14: [sancov] add tracing for loads and store
Summary

add tracing for loads and stores.

The primary goal is to have more options for data-flow-guided fuzzing,
i.e. use data flow insights to perform better mutations or more agressive corpus expansion.
But the feature is general puspose, could be used for other things too.

Pipe the flag though clang and clang driver, same as for the other SanitizerCoverage flags.
While at it, change some plain arrays into std::array.

Tests: clang flags test, LLVM IR test, compiler-rt executable test.

Diff Detail

Event Timeline

kcc created this revision.Nov 8 2021, 5:57 PM
Herald added subscribers: ormris, dexonsmith, dang, hiraditya. · View Herald TranscriptNov 8 2021, 5:57 PM
kcc requested review of this revision.Nov 8 2021, 5:57 PM
Herald added projects: Restricted Project, Restricted Project, Restricted Project. · View Herald TranscriptNov 8 2021, 5:57 PM
Herald added subscribers: llvm-commits, Restricted Project, cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B133144: Diff 385667.Nov 8 2021, 6:49 PM
morehouse accepted this revision.Nov 9 2021, 8:04 AM
morehouse added inline comments.
clang/test/Driver/autocomplete.c
73 ↗(On Diff #385667)

This check is failing in the harbormaster build: https://reviews.llvm.org/harbormaster/unit/view/1482705/

compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_trace_loads_stores.cpp
6

According to the documentation update in this patch, these flags don't work without trace-pc or inline-8bit-counters.

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
719–720

nit

This revision is now accepted and ready to land.Nov 9 2021, 8:04 AM
kcc updated this revision to Diff 385883.Nov 9 2021, 10:26 AM

addressed review comments

kcc marked an inline comment as done.Nov 9 2021, 10:29 AM
kcc added inline comments.
clang/test/Driver/autocomplete.c
73 ↗(On Diff #385667)

removed

compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_trace_loads_stores.cpp
6

Right.
"func" is sort of synonym for trace-pc,func, but it's not worth the confusion in the test.
changed to trace-pc

morehouse accepted this revision.Nov 9 2021, 11:11 AM

LGTM

Harbormaster completed remote builds in B133295: Diff 385883.Nov 9 2021, 11:31 AM
This revision was landed with ongoing or failed builds.Nov 9 2021, 2:35 PM
Closed by commit rGb7f3a4f4fa14: [sancov] add tracing for loads and store (authored by kcc). · Explain Why
This revision was automatically updated to reflect the committed changes.
kcc added a commit: rGb7f3a4f4fa14: [sancov] add tracing for loads and store.

Revision Contents

PathSize
clang/
docs/
19 lines
include/
clang/
Basic/
3 lines
2 lines
Driver/
8 lines
lib/
CodeGen/
2 lines
Driver/
12 lines
test/
Driver/
4 lines
compiler-rt/
test/
sanitizer_common/
TestCases/
68 lines
llvm/
include/
llvm/
Transforms/
2 lines
lib/
Transforms/
Instrumentation/
104 lines
test/
Instrumentation/
SanitizerCoverage/
33 lines

Diff 385975

clang/docs/SanitizerCoverage.rst

Show First 20 LinesShow All 269 Lines▼ Show 20 Lines
Support for data-flow-guided fuzzing. Support for data-flow-guided fuzzing.
With ``-fsanitize-coverage=trace-cmp`` the compiler will insert extra instrumentation With ``-fsanitize-coverage=trace-cmp`` the compiler will insert extra instrumentation
around comparison instructions and switch statements. around comparison instructions and switch statements.
Similarly, with ``-fsanitize-coverage=trace-div`` the compiler will instrument Similarly, with ``-fsanitize-coverage=trace-div`` the compiler will instrument
integer division instructions (to capture the right argument of division) integer division instructions (to capture the right argument of division)
and with ``-fsanitize-coverage=trace-gep`` -- and with ``-fsanitize-coverage=trace-gep`` --
the `LLVM GEP instructions <https://llvm.org/docs/GetElementPtr.html>`_ the `LLVM GEP instructions <https://llvm.org/docs/GetElementPtr.html>`_
(to capture array indices). (to capture array indices).
Similarly, with ``-fsanitize-coverage=trace-loads`` and ``-fsanitize-coverage=trace-stores``
the compiler will instrument loads and stores, respectively.
Currently, these flags do not work by themselves - they require one
of ``-fsanitize-coverage={trace-pc,inline-8bit-counters,inline-bool}``
flags to work.
Unless ``no-prune`` option is provided, some of the comparison instructions Unless ``no-prune`` option is provided, some of the comparison instructions
will not be instrumented. will not be instrumented.
.. code-block:: c++ .. code-block:: c++
// Called before a comparison instruction. // Called before a comparison instruction.
// Arg1 and Arg2 are arguments of the comparison. // Arg1 and Arg2 are arguments of the comparison.
Show All 21 Lines.. code-block:: c++
// Val is the second argument of division. // Val is the second argument of division.
void __sanitizer_cov_trace_div4(uint32_t Val); void __sanitizer_cov_trace_div4(uint32_t Val);
void __sanitizer_cov_trace_div8(uint64_t Val); void __sanitizer_cov_trace_div8(uint64_t Val);
// Called before a GetElemementPtr (GEP) instruction // Called before a GetElemementPtr (GEP) instruction
// for every non-constant array index. // for every non-constant array index.
void __sanitizer_cov_trace_gep(uintptr_t Idx); void __sanitizer_cov_trace_gep(uintptr_t Idx);
// Called before a load of appropriate size. Addr is the address of the load.
void __sanitizer_cov_load1(uint8_t *addr);
void __sanitizer_cov_load2(uint16_t *addr);
void __sanitizer_cov_load4(uint32_t *addr);
void __sanitizer_cov_load8(uint64_t *addr);
void __sanitizer_cov_load16(__int128 *addr);
// Called before a store of appropriate size. Addr is the address of the store.
void __sanitizer_cov_store1(uint8_t *addr);
void __sanitizer_cov_store2(uint16_t *addr);
void __sanitizer_cov_store4(uint32_t *addr);
void __sanitizer_cov_store8(uint64_t *addr);
void __sanitizer_cov_store16(__int128 *addr);
Disabling instrumentation with ``__attribute__((no_sanitize("coverage")))`` Disabling instrumentation with ``__attribute__((no_sanitize("coverage")))``
=========================================================================== ===========================================================================
It is possible to disable coverage instrumentation for select functions via the It is possible to disable coverage instrumentation for select functions via the
function attribute ``__attribute__((no_sanitize("coverage")))``. Because this function attribute ``__attribute__((no_sanitize("coverage")))``. Because this
attribute may not be supported by other compilers, it is recommended to use it attribute may not be supported by other compilers, it is recommended to use it
together with ``__has_feature(coverage_sanitizer)``. together with ``__has_feature(coverage_sanitizer)``.
▲ Show 20 LinesShow All 155 LinesShow Last 20 Lines

clang/include/clang/Basic/CodeGenOptions.h

Show First 20 LinesShow All 457 Lines▼ Show 20 Lines#include "clang/Basic/CodeGenOptions.def"
/// Check if maybe unused type info should be emitted. /// Check if maybe unused type info should be emitted.
bool hasMaybeUnusedDebugInfo() const { bool hasMaybeUnusedDebugInfo() const {
return getDebugInfo() >= codegenoptions::UnusedTypeInfo; return getDebugInfo() >= codegenoptions::UnusedTypeInfo;
} }
// Check if any one of SanitizeCoverage* is enabled. // Check if any one of SanitizeCoverage* is enabled.
bool hasSanitizeCoverage() const { bool hasSanitizeCoverage() const {
return SanitizeCoverageType || SanitizeCoverageIndirectCalls || return SanitizeCoverageType || SanitizeCoverageIndirectCalls ||
SanitizeCoverageTraceCmp; SanitizeCoverageTraceCmp || SanitizeCoverageTraceLoads ||
SanitizeCoverageTraceStores;
} }
}; };
} // end namespace clang } // end namespace clang
#endif #endif

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 255 Lines▼ Show 20 LinesCODEGENOPT(SanitizeCoverageTracePC, 1, 0) ///< Enable PC tracing
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverageTracePCGuard, 1, 0) ///< Enable PC tracing with guard CODEGENOPT(SanitizeCoverageTracePCGuard, 1, 0) ///< Enable PC tracing with guard
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverageInline8bitCounters, 1, 0) ///< Use inline 8bit counters. CODEGENOPT(SanitizeCoverageInline8bitCounters, 1, 0) ///< Use inline 8bit counters.
CODEGENOPT(SanitizeCoverageInlineBoolFlag, 1, 0) ///< Use inline bool flag. CODEGENOPT(SanitizeCoverageInlineBoolFlag, 1, 0) ///< Use inline bool flag.
CODEGENOPT(SanitizeCoveragePCTable, 1, 0) ///< Create a PC Table. CODEGENOPT(SanitizeCoveragePCTable, 1, 0) ///< Create a PC Table.
CODEGENOPT(SanitizeCoverageNoPrune, 1, 0) ///< Disable coverage pruning. CODEGENOPT(SanitizeCoverageNoPrune, 1, 0) ///< Disable coverage pruning.
CODEGENOPT(SanitizeCoverageStackDepth, 1, 0) ///< Enable max stack depth tracing CODEGENOPT(SanitizeCoverageStackDepth, 1, 0) ///< Enable max stack depth tracing
CODEGENOPT(SanitizeCoverageTraceLoads, 1, 0) ///< Enable tracing of loads.
CODEGENOPT(SanitizeCoverageTraceStores, 1, 0) ///< Enable tracing of stores.
CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers. CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers.
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled. CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float. CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening. CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening.
CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses. CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses.
CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition. CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition.
CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers
CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled. CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled.
▲ Show 20 LinesShow All 186 LinesShow Last 20 Lines

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 5,121 Lines▼ Show 20 Lines
def fsanitize_coverage_no_prune def fsanitize_coverage_no_prune
: Flag<["-"], "fsanitize-coverage-no-prune">, : Flag<["-"], "fsanitize-coverage-no-prune">,
HelpText<"Disable coverage pruning (i.e. instrument all blocks/edges)">, HelpText<"Disable coverage pruning (i.e. instrument all blocks/edges)">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageNoPrune">>; MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageNoPrune">>;
def fsanitize_coverage_stack_depth def fsanitize_coverage_stack_depth
: Flag<["-"], "fsanitize-coverage-stack-depth">, : Flag<["-"], "fsanitize-coverage-stack-depth">,
HelpText<"Enable max stack depth tracing">, HelpText<"Enable max stack depth tracing">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageStackDepth">>; MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageStackDepth">>;
def fsanitize_coverage_trace_loads
: Flag<["-"], "fsanitize-coverage-trace-loads">,
HelpText<"Enable tracing of loads">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageTraceLoads">>;
def fsanitize_coverage_trace_stores
: Flag<["-"], "fsanitize-coverage-trace-stores">,
HelpText<"Enable tracing of stores">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageTraceStores">>;
def fpatchable_function_entry_offset_EQ def fpatchable_function_entry_offset_EQ
: Joined<["-"], "fpatchable-function-entry-offset=">, MetaVarName<"<M>">, : Joined<["-"], "fpatchable-function-entry-offset=">, MetaVarName<"<M>">,
HelpText<"Generate M NOPs before function entry">, HelpText<"Generate M NOPs before function entry">,
MarshallingInfoInt<CodeGenOpts<"PatchableFunctionEntryOffset">>; MarshallingInfoInt<CodeGenOpts<"PatchableFunctionEntryOffset">>;
def fprofile_instrument_EQ : Joined<["-"], "fprofile-instrument=">, def fprofile_instrument_EQ : Joined<["-"], "fprofile-instrument=">,
HelpText<"Enable PGO instrumentation. The accepted value is clang, llvm, " HelpText<"Enable PGO instrumentation. The accepted value is clang, llvm, "
"or none">, Values<"none,clang,llvm,csllvm">, "or none">, Values<"none,clang,llvm,csllvm">,
NormalizedValuesScope<"CodeGenOptions">, NormalizedValuesScope<"CodeGenOptions">,
▲ Show 20 LinesShow All 1,307 LinesShow Last 20 Lines

clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 241 Lines▼ Show 20 LinesgetSancovOptsFromCGOpts(const CodeGenOptions &CGOpts) {
Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters; Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters;
Opts.TracePC = CGOpts.SanitizeCoverageTracePC; Opts.TracePC = CGOpts.SanitizeCoverageTracePC;
Opts.TracePCGuard = CGOpts.SanitizeCoverageTracePCGuard; Opts.TracePCGuard = CGOpts.SanitizeCoverageTracePCGuard;
Opts.NoPrune = CGOpts.SanitizeCoverageNoPrune; Opts.NoPrune = CGOpts.SanitizeCoverageNoPrune;
Opts.Inline8bitCounters = CGOpts.SanitizeCoverageInline8bitCounters; Opts.Inline8bitCounters = CGOpts.SanitizeCoverageInline8bitCounters;
Opts.InlineBoolFlag = CGOpts.SanitizeCoverageInlineBoolFlag; Opts.InlineBoolFlag = CGOpts.SanitizeCoverageInlineBoolFlag;
Opts.PCTable = CGOpts.SanitizeCoveragePCTable; Opts.PCTable = CGOpts.SanitizeCoveragePCTable;
Opts.StackDepth = CGOpts.SanitizeCoverageStackDepth; Opts.StackDepth = CGOpts.SanitizeCoverageStackDepth;
Opts.TraceLoads = CGOpts.SanitizeCoverageTraceLoads;
Opts.TraceStores = CGOpts.SanitizeCoverageTraceStores;
return Opts; return Opts;
} }
static void addSanitizerCoveragePass(const PassManagerBuilder &Builder, static void addSanitizerCoveragePass(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper = const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper &>(Builder); static_cast<const PassManagerBuilderWrapper &>(Builder);
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts(); const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
▲ Show 20 LinesShow All 1,476 LinesShow Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 85 Lines▼ Show 20 Linesenum CoverageFeature {
Coverage8bitCounters = 1 << 8, // Deprecated. Coverage8bitCounters = 1 << 8, // Deprecated.
CoverageTracePC = 1 << 9, CoverageTracePC = 1 << 9,
CoverageTracePCGuard = 1 << 10, CoverageTracePCGuard = 1 << 10,
CoverageNoPrune = 1 << 11, CoverageNoPrune = 1 << 11,
CoverageInline8bitCounters = 1 << 12, CoverageInline8bitCounters = 1 << 12,
CoveragePCTable = 1 << 13, CoveragePCTable = 1 << 13,
CoverageStackDepth = 1 << 14, CoverageStackDepth = 1 << 14,
CoverageInlineBoolFlag = 1 << 15, CoverageInlineBoolFlag = 1 << 15,
CoverageTraceLoads = 1 << 16,
CoverageTraceStores = 1 << 17,
}; };
/// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
/// invalid components. Returns a SanitizerMask. /// invalid components. Returns a SanitizerMask.
static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors); bool DiagnoseErrors);
/// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
▲ Show 20 LinesShow All 620 Lines▼ Show 20 Lines D.Diag(clang::diag::warn_drv_deprecated_arg)
<< "-fsanitize-coverage=trace-pc-guard"; << "-fsanitize-coverage=trace-pc-guard";
if (CoverageFeatures & Coverage8bitCounters) if (CoverageFeatures & Coverage8bitCounters)
D.Diag(clang::diag::warn_drv_deprecated_arg) D.Diag(clang::diag::warn_drv_deprecated_arg)
<< "-fsanitize-coverage=8bit-counters" << "-fsanitize-coverage=8bit-counters"
<< "-fsanitize-coverage=trace-pc-guard"; << "-fsanitize-coverage=trace-pc-guard";
int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge; int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard | int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
CoverageInline8bitCounters | CoverageInline8bitCounters | CoverageTraceLoads |
CoverageInlineBoolFlag; CoverageTraceStores | CoverageInlineBoolFlag;
if ((CoverageFeatures & InsertionPointTypes) && if ((CoverageFeatures & InsertionPointTypes) &&
!(CoverageFeatures & InstrumentationTypes)) { !(CoverageFeatures & InstrumentationTypes)) {
D.Diag(clang::diag::warn_drv_deprecated_arg) D.Diag(clang::diag::warn_drv_deprecated_arg)
<< "-fsanitize-coverage=[func|bb|edge]" << "-fsanitize-coverage=[func|bb|edge]"
<< "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]"; << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]";
} }
// trace-pc w/o func/bb/edge implies edge. // trace-pc w/o func/bb/edge implies edge.
▲ Show 20 LinesShow All 258 Lines▼ Show 20 Lines std::pair<int, const char *> CoverageFlags[] = {
std::make_pair(CoverageTracePCGuard, std::make_pair(CoverageTracePCGuard,
"-fsanitize-coverage-trace-pc-guard"), "-fsanitize-coverage-trace-pc-guard"),
std::make_pair(CoverageInline8bitCounters, std::make_pair(CoverageInline8bitCounters,
"-fsanitize-coverage-inline-8bit-counters"), "-fsanitize-coverage-inline-8bit-counters"),
std::make_pair(CoverageInlineBoolFlag, std::make_pair(CoverageInlineBoolFlag,
"-fsanitize-coverage-inline-bool-flag"), "-fsanitize-coverage-inline-bool-flag"),
std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"), std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"), std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")}; std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth"),
std::make_pair(CoverageTraceLoads, "-fsanitize-coverage-trace-loads"),
std::make_pair(CoverageTraceStores, "-fsanitize-coverage-trace-stores")};
for (auto F : CoverageFlags) { for (auto F : CoverageFlags) {
if (CoverageFeatures & F.first) if (CoverageFeatures & F.first)
CmdArgs.push_back(F.second); CmdArgs.push_back(F.second);
} }
addSpecialCaseListOpt( addSpecialCaseListOpt(
Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles); Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles);
addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=", addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=",
CoverageIgnorelistFiles); CoverageIgnorelistFiles);
▲ Show 20 LinesShow All 223 Lines▼ Show 20 Lines int F = llvm::StringSwitch<int>(Value)
.Case("8bit-counters", Coverage8bitCounters) .Case("8bit-counters", Coverage8bitCounters)
.Case("trace-pc", CoverageTracePC) .Case("trace-pc", CoverageTracePC)
.Case("trace-pc-guard", CoverageTracePCGuard) .Case("trace-pc-guard", CoverageTracePCGuard)
.Case("no-prune", CoverageNoPrune) .Case("no-prune", CoverageNoPrune)
.Case("inline-8bit-counters", CoverageInline8bitCounters) .Case("inline-8bit-counters", CoverageInline8bitCounters)
.Case("inline-bool-flag", CoverageInlineBoolFlag) .Case("inline-bool-flag", CoverageInlineBoolFlag)
.Case("pc-table", CoveragePCTable) .Case("pc-table", CoveragePCTable)
.Case("stack-depth", CoverageStackDepth) .Case("stack-depth", CoverageStackDepth)
.Case("trace-loads", CoverageTraceLoads)
.Case("trace-stores", CoverageTraceStores)
.Default(0); .Default(0);
if (F == 0) if (F == 0)
D.Diag(clang::diag::err_drv_unsupported_option_argument) D.Diag(clang::diag::err_drv_unsupported_option_argument)
<< A->getOption().getName() << Value; << A->getOption().getName() << Value;
Features |= F; Features |= F;
} }
return Features; return Features;
} }
Show All 39 Lines

clang/test/Driver/fsanitize-coverage.c

Show All 32 Lines
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-1 // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-1
// CHECK-SANITIZE-COVERAGE-1: warning: argument '-fsanitize-coverage=1' is deprecated, use '-fsanitize-coverage=trace-pc-guard' instead // CHECK-SANITIZE-COVERAGE-1: warning: argument '-fsanitize-coverage=1' is deprecated, use '-fsanitize-coverage=trace-pc-guard' instead
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func %s -### 2>&1 | FileCheck %s --check-prefix=CHECK_FUNC_BB_EDGE_DEPRECATED // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func %s -### 2>&1 | FileCheck %s --check-prefix=CHECK_FUNC_BB_EDGE_DEPRECATED
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK_FUNC_BB_EDGE_DEPRECATED // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK_FUNC_BB_EDGE_DEPRECATED
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=edge %s -### 2>&1 | FileCheck %s --check-prefix=CHECK_FUNC_BB_EDGE_DEPRECATED // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=edge %s -### 2>&1 | FileCheck %s --check-prefix=CHECK_FUNC_BB_EDGE_DEPRECATED
// CHECK_FUNC_BB_EDGE_DEPRECATED: warning: argument '-fsanitize-coverage=[func|bb|edge]' is deprecated, use '-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]' instead // CHECK_FUNC_BB_EDGE_DEPRECATED: warning: argument '-fsanitize-coverage=[func|bb|edge]' is deprecated, use '-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]' instead
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc,trace-cmp,trace-div,trace-gep %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FEATURES // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc,trace-cmp,trace-loads,trace-stores,trace-div,trace-gep %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FEATURES
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-type=3 // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-type=3
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-indirect-calls // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-indirect-calls
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-cmp // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-cmp
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-div // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-div
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-gep // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-gep
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-pc // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-pc
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-loads
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-stores
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func,edge,indirect-calls,trace-cmp -fno-sanitize-coverage=edge,indirect-calls %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MASK // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func,edge,indirect-calls,trace-cmp -fno-sanitize-coverage=edge,indirect-calls %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MASK
// CHECK-MASK: -fsanitize-coverage-type=1 // CHECK-MASK: -fsanitize-coverage-type=1
// CHECK-MASK: -fsanitize-coverage-trace-cmp // CHECK-MASK: -fsanitize-coverage-trace-cmp
// CHECK-MASK-NOT: -fsanitize-coverage- // CHECK-MASK-NOT: -fsanitize-coverage-
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=foobar %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INVALID-VALUE // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=foobar %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INVALID-VALUE
// CHECK-INVALID-VALUE: error: unsupported argument 'foobar' to option 'fsanitize-coverage=' // CHECK-INVALID-VALUE: error: unsupported argument 'foobar' to option 'fsanitize-coverage='
▲ Show 20 LinesShow All 98 LinesShow Last 20 Lines

compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_trace_loads_stores.cpp

  • This file was added.
// Tests -fsanitize-coverage=trace-pc,trace-loads,trace-stores
//
// REQUIRES: has_sancovcc,stable-runtime,x86_64
//
// RUN: %clangxx -O0 %s -fsanitize-coverage=trace-pc,trace-loads,trace-stores -o %t
// RUN: %run %t 2>&1 | FileCheck %s
morehouseUnsubmitted
Not Done
ReplyInline Actions

According to the documentation update in this patch, these flags don't work without trace-pc or inline-8bit-counters.

morehouse: According to the documentation update in this patch, these flags don't work without trace-pc or…
kccAuthorUnsubmitted
Done
ReplyInline Actions

Right.
"func" is sort of synonym for trace-pc,func, but it's not worth the confusion in the test.
changed to trace-pc

kcc: Right. "func" is sort of synonym for trace-pc,func, but it's not worth the confusion in the…
#include <stdint.h>
#include <stdio.h>
extern "C" {
void __sanitizer_cov_load1(uint8_t *addr) { printf("load1: %p\n", addr); }
void __sanitizer_cov_load2(uint16_t *addr) { printf("load2: %p\n", addr); }
void __sanitizer_cov_load4(uint32_t *addr) { printf("load4: %p\n", addr); }
void __sanitizer_cov_load8(uint64_t *addr) { printf("load8: %p\n", addr); }
void __sanitizer_cov_load16(__int128 *addr) { printf("load16: %p\n", addr); }
void __sanitizer_cov_store1(uint8_t *addr) { printf("store1: %p\n", addr); }
void __sanitizer_cov_store2(uint16_t *addr) { printf("store2: %p\n", addr); }
void __sanitizer_cov_store4(uint32_t *addr) { printf("store4: %p\n", addr); }
void __sanitizer_cov_store8(uint64_t *addr) { printf("store8: %p\n", addr); }
void __sanitizer_cov_store16(__int128 *addr) { printf("store16: %p\n", addr); }
}
uint8_t var1;
uint16_t var2;
uint32_t var4;
uint64_t var8;
__int128 var16;
static volatile int sink;
int main() {
printf("var1: %p\n", &var1);
sink = var1;
var1 = 42;
// CHECK: var1: [[ADDR:0x.*]]
// CHECK: load1: [[ADDR]]
// CHECK: store1: [[ADDR]]
printf("var2: %p\n", &var2);
sink = var2;
var2 = 42;
// CHECK: var2: [[ADDR:0x.*]]
// CHECK: load2: [[ADDR]]
// CHECK: store2: [[ADDR]]
printf("var4: %p\n", &var4);
sink = var4;
var4 = 42;
// CHECK: var4: [[ADDR:0x.*]]
// CHECK: load4: [[ADDR]]
// CHECK: store4: [[ADDR]]
printf("var8: %p\n", &var8);
sink = var8;
var8 = 42;
// CHECK: var8: [[ADDR:0x.*]]
// CHECK: load8: [[ADDR]]
// CHECK: store8: [[ADDR]]
printf("var16: %p\n", &var16);
sink = var16;
var16 = 42;
// CHECK: var16: [[ADDR:0x.*]]
// CHECK: load16: [[ADDR]]
// CHECK: store16: [[ADDR]]
printf("PASS\n");
}

llvm/include/llvm/Transforms/Instrumentation.h

Show First 20 LinesShow All 163 Lines▼ Show 20 Linesstruct SanitizerCoverageOptions {
bool Use8bitCounters = false; bool Use8bitCounters = false;
bool TracePC = false; bool TracePC = false;
bool TracePCGuard = false; bool TracePCGuard = false;
bool Inline8bitCounters = false; bool Inline8bitCounters = false;
bool InlineBoolFlag = false; bool InlineBoolFlag = false;
bool PCTable = false; bool PCTable = false;
bool NoPrune = false; bool NoPrune = false;
bool StackDepth = false; bool StackDepth = false;
bool TraceLoads = false;
bool TraceStores = false;
SanitizerCoverageOptions() = default; SanitizerCoverageOptions() = default;
}; };
/// Calculate what to divide by to scale counts. /// Calculate what to divide by to scale counts.
/// ///
/// Given the maximum count, calculate a divisor that will scale all the /// Given the maximum count, calculate a divisor that will scale all the
/// weights to strictly less than std::numeric_limits<uint32_t>::max(). /// weights to strictly less than std::numeric_limits<uint32_t>::max().
Show All 18 Lines

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

Show First 20 LinesShow All 49 Lines▼ Show 20 Lines
const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1"; const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1";
const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2"; const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2";
const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4"; const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4";
const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8"; const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8";
const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1"; const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1";
const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2"; const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2";
const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4"; const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4";
const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8"; const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8";
const char SanCovLoad1[] = "__sanitizer_cov_load1";
const char SanCovLoad2[] = "__sanitizer_cov_load2";
const char SanCovLoad4[] = "__sanitizer_cov_load4";
const char SanCovLoad8[] = "__sanitizer_cov_load8";
const char SanCovLoad16[] = "__sanitizer_cov_load16";
const char SanCovStore1[] = "__sanitizer_cov_store1";
const char SanCovStore2[] = "__sanitizer_cov_store2";
const char SanCovStore4[] = "__sanitizer_cov_store4";
const char SanCovStore8[] = "__sanitizer_cov_store8";
const char SanCovStore16[] = "__sanitizer_cov_store16";
const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4"; const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4";
const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8"; const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8";
const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep"; const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep";
const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch"; const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch";
const char SanCovModuleCtorTracePcGuardName[] = const char SanCovModuleCtorTracePcGuardName[] =
"sancov.module_ctor_trace_pc_guard"; "sancov.module_ctor_trace_pc_guard";
const char SanCovModuleCtor8bitCountersName[] = const char SanCovModuleCtor8bitCountersName[] =
"sancov.module_ctor_8bit_counters"; "sancov.module_ctor_8bit_counters";
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Linesstatic cl::opt<bool>
ClCMPTracing("sanitizer-coverage-trace-compares", ClCMPTracing("sanitizer-coverage-trace-compares",
cl::desc("Tracing of CMP and similar instructions"), cl::desc("Tracing of CMP and similar instructions"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
static cl::opt<bool> ClDIVTracing("sanitizer-coverage-trace-divs", static cl::opt<bool> ClDIVTracing("sanitizer-coverage-trace-divs",
cl::desc("Tracing of DIV instructions"), cl::desc("Tracing of DIV instructions"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
static cl::opt<bool> ClLoadTracing("sanitizer-coverage-trace-loads",
cl::desc("Tracing of load instructions"),
cl::Hidden, cl::init(false));
static cl::opt<bool> ClStoreTracing("sanitizer-coverage-trace-stores",
cl::desc("Tracing of store instructions"),
cl::Hidden, cl::init(false));
static cl::opt<bool> ClGEPTracing("sanitizer-coverage-trace-geps", static cl::opt<bool> ClGEPTracing("sanitizer-coverage-trace-geps",
cl::desc("Tracing of GEP instructions"), cl::desc("Tracing of GEP instructions"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
static cl::opt<bool> static cl::opt<bool>
ClPruneBlocks("sanitizer-coverage-prune-blocks", ClPruneBlocks("sanitizer-coverage-prune-blocks",
cl::desc("Reduce the number of instrumented blocks"), cl::desc("Reduce the number of instrumented blocks"),
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
Show All 37 LinesSanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
Options.TraceGep |= ClGEPTracing; Options.TraceGep |= ClGEPTracing;
Options.TracePC |= ClTracePC; Options.TracePC |= ClTracePC;
Options.TracePCGuard |= ClTracePCGuard; Options.TracePCGuard |= ClTracePCGuard;
Options.Inline8bitCounters |= ClInline8bitCounters; Options.Inline8bitCounters |= ClInline8bitCounters;
Options.InlineBoolFlag |= ClInlineBoolFlag; Options.InlineBoolFlag |= ClInlineBoolFlag;
Options.PCTable |= ClCreatePCTable; Options.PCTable |= ClCreatePCTable;
Options.NoPrune |= !ClPruneBlocks; Options.NoPrune |= !ClPruneBlocks;
Options.StackDepth |= ClStackDepth; Options.StackDepth |= ClStackDepth;
Options.TraceLoads |= ClLoadTracing;
Options.TraceStores |= ClStoreTracing;
if (!Options.TracePCGuard && !Options.TracePC && if (!Options.TracePCGuard && !Options.TracePC &&
!Options.Inline8bitCounters && !Options.StackDepth && !Options.Inline8bitCounters && !Options.StackDepth &&
!Options.InlineBoolFlag) !Options.InlineBoolFlag && !Options.TraceLoads && !Options.TraceStores)
Options.TracePCGuard = true; // TracePCGuard is default. Options.TracePCGuard = true; // TracePCGuard is default.
return Options; return Options;
} }
using DomTreeCallback = function_ref<const DominatorTree *(Function &F)>; using DomTreeCallback = function_ref<const DominatorTree *(Function &F)>;
using PostDomTreeCallback = using PostDomTreeCallback =
function_ref<const PostDominatorTree *(Function &F)>; function_ref<const PostDominatorTree *(Function &F)>;
Show All 13 Lines void instrumentFunction(Function &F, DomTreeCallback DTCallback,
PostDomTreeCallback PDTCallback); PostDomTreeCallback PDTCallback);
void InjectCoverageForIndirectCalls(Function &F, void InjectCoverageForIndirectCalls(Function &F,
ArrayRef<Instruction *> IndirCalls); ArrayRef<Instruction *> IndirCalls);
void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets); void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets);
void InjectTraceForDiv(Function &F, void InjectTraceForDiv(Function &F,
ArrayRef<BinaryOperator *> DivTraceTargets); ArrayRef<BinaryOperator *> DivTraceTargets);
void InjectTraceForGep(Function &F, void InjectTraceForGep(Function &F,
ArrayRef<GetElementPtrInst *> GepTraceTargets); ArrayRef<GetElementPtrInst *> GepTraceTargets);
void InjectTraceForLoadsAndStores(Function &F, ArrayRef<LoadInst *> Loads,
ArrayRef<StoreInst *> Stores);
void InjectTraceForSwitch(Function &F, void InjectTraceForSwitch(Function &F,
ArrayRef<Instruction *> SwitchTraceTargets); ArrayRef<Instruction *> SwitchTraceTargets);
bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks, bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
bool IsLeafFunc = true); bool IsLeafFunc = true);
GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements, GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
Function &F, Type *Ty, Function &F, Type *Ty,
const char *Section); const char *Section);
GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks); GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
Show All 11 Lines I->setMetadata(I->getModule()->getMDKindID("nosanitize"),
MDNode::get(*C, None)); MDNode::get(*C, None));
} }
std::string getSectionName(const std::string &Section) const; std::string getSectionName(const std::string &Section) const;
std::string getSectionStart(const std::string &Section) const; std::string getSectionStart(const std::string &Section) const;
std::string getSectionEnd(const std::string &Section) const; std::string getSectionEnd(const std::string &Section) const;
FunctionCallee SanCovTracePCIndir; FunctionCallee SanCovTracePCIndir;
FunctionCallee SanCovTracePC, SanCovTracePCGuard; FunctionCallee SanCovTracePC, SanCovTracePCGuard;
FunctionCallee SanCovTraceCmpFunction[4]; std::array<FunctionCallee, 4> SanCovTraceCmpFunction;
FunctionCallee SanCovTraceConstCmpFunction[4]; std::array<FunctionCallee, 4> SanCovTraceConstCmpFunction;
FunctionCallee SanCovTraceDivFunction[2]; std::array<FunctionCallee, 5> SanCovLoadFunction;
std::array<FunctionCallee, 5> SanCovStoreFunction;
std::array<FunctionCallee, 2> SanCovTraceDivFunction;
FunctionCallee SanCovTraceGepFunction; FunctionCallee SanCovTraceGepFunction;
FunctionCallee SanCovTraceSwitchFunction; FunctionCallee SanCovTraceSwitchFunction;
GlobalVariable *SanCovLowestStack; GlobalVariable *SanCovLowestStack;
Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy, Type *Int128PtrTy, *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty,
*Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy; *Int32PtrTy, *Int16PtrTy, *Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty,
*Int1PtrTy;
Module *CurModule; Module *CurModule;
std::string CurModuleUniqueId; std::string CurModuleUniqueId;
Triple TargetTriple; Triple TargetTriple;
LLVMContext *C; LLVMContext *C;
const DataLayout *DL; const DataLayout *DL;
GlobalVariable *FunctionGuardArray; // for trace-pc-guard. GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters. GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
▲ Show 20 LinesShow All 153 Lines▼ Show 20 Linesbool ModuleSanitizerCoverage::instrumentModule(
FunctionGuardArray = nullptr; FunctionGuardArray = nullptr;
Function8bitCounterArray = nullptr; Function8bitCounterArray = nullptr;
FunctionBoolArray = nullptr; FunctionBoolArray = nullptr;
FunctionPCsArray = nullptr; FunctionPCsArray = nullptr;
IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits()); IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
IntptrPtrTy = PointerType::getUnqual(IntptrTy); IntptrPtrTy = PointerType::getUnqual(IntptrTy);
Type *VoidTy = Type::getVoidTy(*C); Type *VoidTy = Type::getVoidTy(*C);
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
Int128PtrTy = PointerType::getUnqual(IRB.getInt128Ty());
Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty()); Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
Int16PtrTy = PointerType::getUnqual(IRB.getInt16Ty());
Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty()); Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty()); Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
Int1PtrTy = PointerType::getUnqual(IRB.getInt1Ty()); Int1PtrTy = PointerType::getUnqual(IRB.getInt1Ty());
Int64Ty = IRB.getInt64Ty(); Int64Ty = IRB.getInt64Ty();
Int32Ty = IRB.getInt32Ty(); Int32Ty = IRB.getInt32Ty();
Int16Ty = IRB.getInt16Ty(); Int16Ty = IRB.getInt16Ty();
Int8Ty = IRB.getInt8Ty(); Int8Ty = IRB.getInt8Ty();
Int1Ty = IRB.getInt1Ty(); Int1Ty = IRB.getInt1Ty();
Show All 24 Lines SanCovTraceConstCmpFunction[0] = M.getOrInsertFunction(
SanCovTraceConstCmp1, SanCovTraceCmpZeroExtAL, VoidTy, Int8Ty, Int8Ty); SanCovTraceConstCmp1, SanCovTraceCmpZeroExtAL, VoidTy, Int8Ty, Int8Ty);
SanCovTraceConstCmpFunction[1] = M.getOrInsertFunction( SanCovTraceConstCmpFunction[1] = M.getOrInsertFunction(
SanCovTraceConstCmp2, SanCovTraceCmpZeroExtAL, VoidTy, Int16Ty, Int16Ty); SanCovTraceConstCmp2, SanCovTraceCmpZeroExtAL, VoidTy, Int16Ty, Int16Ty);
SanCovTraceConstCmpFunction[2] = M.getOrInsertFunction( SanCovTraceConstCmpFunction[2] = M.getOrInsertFunction(
SanCovTraceConstCmp4, SanCovTraceCmpZeroExtAL, VoidTy, Int32Ty, Int32Ty); SanCovTraceConstCmp4, SanCovTraceCmpZeroExtAL, VoidTy, Int32Ty, Int32Ty);
SanCovTraceConstCmpFunction[3] = SanCovTraceConstCmpFunction[3] =
M.getOrInsertFunction(SanCovTraceConstCmp8, VoidTy, Int64Ty, Int64Ty); M.getOrInsertFunction(SanCovTraceConstCmp8, VoidTy, Int64Ty, Int64Ty);
// Loads.
SanCovLoadFunction[0] = M.getOrInsertFunction(SanCovLoad1, VoidTy, Int8PtrTy);
SanCovLoadFunction[1] =
M.getOrInsertFunction(SanCovLoad2, VoidTy, Int16PtrTy);
SanCovLoadFunction[2] =
M.getOrInsertFunction(SanCovLoad4, VoidTy, Int32PtrTy);
SanCovLoadFunction[3] =
M.getOrInsertFunction(SanCovLoad8, VoidTy, Int64PtrTy);
SanCovLoadFunction[4] =
M.getOrInsertFunction(SanCovLoad16, VoidTy, Int128PtrTy);
// Stores.
SanCovStoreFunction[0] =
M.getOrInsertFunction(SanCovStore1, VoidTy, Int8PtrTy);
SanCovStoreFunction[1] =
M.getOrInsertFunction(SanCovStore2, VoidTy, Int16PtrTy);
SanCovStoreFunction[2] =
M.getOrInsertFunction(SanCovStore4, VoidTy, Int32PtrTy);
SanCovStoreFunction[3] =
M.getOrInsertFunction(SanCovStore8, VoidTy, Int64PtrTy);
SanCovStoreFunction[4] =
M.getOrInsertFunction(SanCovStore16, VoidTy, Int128PtrTy);
{ {
AttributeList AL; AttributeList AL;
AL = AL.addParamAttribute(*C, 0, Attribute::ZExt); AL = AL.addParamAttribute(*C, 0, Attribute::ZExt);
SanCovTraceDivFunction[0] = SanCovTraceDivFunction[0] =
M.getOrInsertFunction(SanCovTraceDiv4, AL, VoidTy, IRB.getInt32Ty()); M.getOrInsertFunction(SanCovTraceDiv4, AL, VoidTy, IRB.getInt32Ty());
} }
SanCovTraceDivFunction[1] = SanCovTraceDivFunction[1] =
M.getOrInsertFunction(SanCovTraceDiv8, VoidTy, Int64Ty); M.getOrInsertFunction(SanCovTraceDiv8, VoidTy, Int64Ty);
▲ Show 20 LinesShow All 164 Lines▼ Show 20 Linesvoid ModuleSanitizerCoverage::instrumentFunction(
if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge) if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge)
SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests()); SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests());
SmallVector<Instruction *, 8> IndirCalls; SmallVector<Instruction *, 8> IndirCalls;
SmallVector<BasicBlock *, 16> BlocksToInstrument; SmallVector<BasicBlock *, 16> BlocksToInstrument;
SmallVector<Instruction *, 8> CmpTraceTargets; SmallVector<Instruction *, 8> CmpTraceTargets;
SmallVector<Instruction *, 8> SwitchTraceTargets; SmallVector<Instruction *, 8> SwitchTraceTargets;
SmallVector<BinaryOperator *, 8> DivTraceTargets; SmallVector<BinaryOperator *, 8> DivTraceTargets;
SmallVector<GetElementPtrInst *, 8> GepTraceTargets; SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
SmallVector<LoadInst *, 8> Loads;
SmallVector<StoreInst *, 8> Stores;
const DominatorTree *DT = DTCallback(F); const DominatorTree *DT = DTCallback(F);
const PostDominatorTree *PDT = PDTCallback(F); const PostDominatorTree *PDT = PDTCallback(F);
bool IsLeafFunc = true; bool IsLeafFunc = true;
for (auto &BB : F) { for (auto &BB : F) {
if (shouldInstrumentBlock(F, &BB, DT, PDT, Options)) if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
BlocksToInstrument.push_back(&BB); BlocksToInstrument.push_back(&BB);
Show All 13 Lines for (auto &Inst : BB) {
if (Options.TraceDiv) if (Options.TraceDiv)
if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&Inst)) if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&Inst))
if (BO->getOpcode() == Instruction::SDiv || if (BO->getOpcode() == Instruction::SDiv ||
BO->getOpcode() == Instruction::UDiv) BO->getOpcode() == Instruction::UDiv)
DivTraceTargets.push_back(BO); DivTraceTargets.push_back(BO);
if (Options.TraceGep) if (Options.TraceGep)
if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst)) if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
GepTraceTargets.push_back(GEP); GepTraceTargets.push_back(GEP);
if (Options.TraceLoads)
if (LoadInst *LI = dyn_cast<LoadInst>(&Inst))
Loads.push_back(LI);
if (Options.TraceStores)
if (StoreInst *SI = dyn_cast<StoreInst>(&Inst))
Stores.push_back(SI);
morehouseUnsubmitted
Done
ReplyInline Actions
if (Options.TraceStores)
- if (StoreInst *LD = dyn_cast<StoreInst>(&Inst))
- Stores.push_back(LD);
+ if (StoreInst *ST = dyn_cast<StoreInst>(&Inst))
+ Stores.push_back(ST);
if (Options.StackDepth)

nit

morehouse: nit
if (Options.StackDepth) if (Options.StackDepth)
if (isa<InvokeInst>(Inst) || if (isa<InvokeInst>(Inst) ||
(isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst))) (isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
IsLeafFunc = false; IsLeafFunc = false;
} }
} }
InjectCoverage(F, BlocksToInstrument, IsLeafFunc); InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
InjectCoverageForIndirectCalls(F, IndirCalls); InjectCoverageForIndirectCalls(F, IndirCalls);
InjectTraceForCmp(F, CmpTraceTargets); InjectTraceForCmp(F, CmpTraceTargets);
InjectTraceForSwitch(F, SwitchTraceTargets); InjectTraceForSwitch(F, SwitchTraceTargets);
InjectTraceForDiv(F, DivTraceTargets); InjectTraceForDiv(F, DivTraceTargets);
InjectTraceForGep(F, GepTraceTargets); InjectTraceForGep(F, GepTraceTargets);
InjectTraceForLoadsAndStores(F, Loads, Stores);
} }
GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection( GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
size_t NumElements, Function &F, Type *Ty, const char *Section) { size_t NumElements, Function &F, Type *Ty, const char *Section) {
ArrayType *ArrayTy = ArrayType::get(Ty, NumElements); ArrayType *ArrayTy = ArrayType::get(Ty, NumElements);
auto Array = new GlobalVariable( auto Array = new GlobalVariable(
*CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage,
Constant::getNullValue(ArrayTy), "__sancov_gen_"); Constant::getNullValue(ArrayTy), "__sancov_gen_");
▲ Show 20 LinesShow All 167 Lines▼ Show 20 Lines for (auto GEP : GepTraceTargets) {
IRBuilder<> IRB(GEP); IRBuilder<> IRB(GEP);
for (Use &Idx : GEP->indices()) for (Use &Idx : GEP->indices())
if (!isa<ConstantInt>(Idx) && Idx->getType()->isIntegerTy()) if (!isa<ConstantInt>(Idx) && Idx->getType()->isIntegerTy())
IRB.CreateCall(SanCovTraceGepFunction, IRB.CreateCall(SanCovTraceGepFunction,
{IRB.CreateIntCast(Idx, IntptrTy, true)}); {IRB.CreateIntCast(Idx, IntptrTy, true)});
} }
} }
void ModuleSanitizerCoverage::InjectTraceForLoadsAndStores(
Function &, ArrayRef<LoadInst *> Loads, ArrayRef<StoreInst *> Stores) {
auto CallbackIdx = [&](const Value *Ptr) -> int {
auto ElementTy = cast<PointerType>(Ptr->getType())->getElementType();
uint64_t TypeSize = DL->getTypeStoreSizeInBits(ElementTy);
return TypeSize == 8 ? 0
: TypeSize == 16 ? 1
: TypeSize == 32 ? 2
: TypeSize == 64 ? 3
: TypeSize == 128 ? 4
: -1;
};
Type *PointerType[5] = {Int8PtrTy, Int16PtrTy, Int32PtrTy, Int64PtrTy,
Int128PtrTy};
for (auto LI : Loads) {
IRBuilder<> IRB(LI);
auto Ptr = LI->getPointerOperand();
int Idx = CallbackIdx(Ptr);
if (Idx < 0)
continue;
IRB.CreateCall(SanCovLoadFunction[Idx],
IRB.CreatePointerCast(Ptr, PointerType[Idx]));
}
for (auto SI : Stores) {
IRBuilder<> IRB(SI);
auto Ptr = SI->getPointerOperand();
int Idx = CallbackIdx(Ptr);
if (Idx < 0)
continue;
IRB.CreateCall(SanCovStoreFunction[Idx],
IRB.CreatePointerCast(Ptr, PointerType[Idx]));
}
}
void ModuleSanitizerCoverage::InjectTraceForCmp( void ModuleSanitizerCoverage::InjectTraceForCmp(
Function &, ArrayRef<Instruction *> CmpTraceTargets) { Function &, ArrayRef<Instruction *> CmpTraceTargets) {
for (auto I : CmpTraceTargets) { for (auto I : CmpTraceTargets) {
if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) { if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
IRBuilder<> IRB(ICMP); IRBuilder<> IRB(ICMP);
Value *A0 = ICMP->getOperand(0); Value *A0 = ICMP->getOperand(0);
Value *A1 = ICMP->getOperand(1); Value *A1 = ICMP->getOperand(1);
if (!A0->getType()->isIntegerTy()) if (!A0->getType()->isIntegerTy())
▲ Show 20 LinesShow All 147 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/trace-loads-stores.ll

  • This file was added.
; Test -sanitizer-coverage-inline-8bit-counters=1
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-loads=1 -S | FileCheck %s --check-prefix=LOADS
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-stores=1 -S | FileCheck %s --check-prefix=STORES
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu"
define void @foo(i8* %p1, i16* %p2, i32* %p4, i64* %p8, i128* %p16) {
; =================== loads
%1 = load i8, i8* %p1
%2 = load i16, i16* %p2
%3 = load i32, i32* %p4
%4 = load i64, i64* %p8
%5 = load i128, i128* %p16
; LOADS: call void @__sanitizer_cov_load1(i8* %p1)
; LOADS: call void @__sanitizer_cov_load2(i16* %p2)
; LOADS: call void @__sanitizer_cov_load4(i32* %p4)
; LOADS: call void @__sanitizer_cov_load8(i64* %p8)
; LOADS: call void @__sanitizer_cov_load16(i128* %p16)
; =================== stores
store i8 %1, i8* %p1
store i16 %2, i16* %p2
store i32 %3, i32* %p4
store i64 %4, i64* %p8
store i128 %5, i128* %p16
; STORES: call void @__sanitizer_cov_store1(i8* %p1)
; STORES: call void @__sanitizer_cov_store2(i16* %p2)
; STORES: call void @__sanitizer_cov_store4(i32* %p4)
; STORES: call void @__sanitizer_cov_store8(i64* %p8)
; STORES: call void @__sanitizer_cov_store16(i128* %p16)
ret void
}