This is an archive of the discontinued LLVM Phabricator instance.

Differential D14572

sanitizer: add support for trace coverage
ClosedPublic

Authored by dvyukov on Nov 11 2015, 6:21 AM.

Details

Reviewers
kcc
jdoerfert
Summary

Trace coverage mode collects all covered PCs into a per-thread, in-memory buffer. This mode replaces experimental and unused basic block tracing.
No logic is inlined into instrumented code, compiler only inserts callbacks into runtime.
This mode is meant to be used at least for Linux kernel, but can be useful for user-space as well.

Diff Detail

Event Timeline

dvyukov updated this revision to Diff 39910.Nov 11 2015, 6:21 AM
dvyukov retitled this revision from to sanitizer: add support for trace coverage.
dvyukov updated this object.
dvyukov added a reviewer: kcc.
dvyukov added a subscriber: llvm-commits.
dvyukov added a comment.Nov 11 2015, 6:24 AM

I did not implement actual user-space runtime support, as we don't have agreement on this part yet. Kernel does not require any runtime support, it will have its own. I've sketched what I would do include/sanitizer/coverage_interface.h, but I don't have any concrete plans regarding user-space usage at the moment.

kcc accepted this revision.Nov 11 2015, 9:56 AM
kcc edited edge metadata.

LGTM with two nits.
Thanks!

include/sanitizer/coverage_interface.h
69

here and below use int instead of bool.
This API can theoretically be used in C

lib/Transforms/Instrumentation/SanitizerCoverage.cpp
80

typo: Tacing

This revision is now accepted and ready to land.Nov 11 2015, 9:56 AM
kcc added a comment.Nov 12 2015, 3:33 PM

I see you have not submitted this yet...
And I have an afterthought....

The tracing that we have now (https://github.com/google/sanitizers/wiki/AddressSanitizerBasicBlockTracing)
is more complex but it actually provides more functionality at almost same cost.

  1. It uses consecutive BB ids instead of PCs. This will buy us cheaper analysis because with consecutive ids we can use a bit set.
  1. It will allow us to implement coverage frontier:

at compile time, we create a static table that stores the Control Flow Graph of the function using the pairs of IDs.
at run-time, we load this table and we can find the edges that belong to the frontier (i.e. the edges that were never executed but that have one preceding edge that was executed)
(I have a patch for that lying somewhere).
This will be much harder to achieve with raw PCs.

dvyukov marked 2 inline comments as done.Nov 13 2015, 9:48 AM
In D14572#288470, @kcc wrote:

I see you have not submitted this yet...
And I have an afterthought....

The tracing that we have now (https://github.com/google/sanitizers/wiki/AddressSanitizerBasicBlockTracing)
is more complex but it actually provides more functionality at almost same cost.

  1. It uses consecutive BB ids instead of PCs. This will buy us cheaper analysis because with consecutive ids we can use a bit set.
  1. It will allow us to implement coverage frontier:

at compile time, we create a static table that stores the Control Flow Graph of the function using the pairs of IDs.
at run-time, we load this table and we can find the edges that belong to the frontier (i.e. the edges that were never executed but that have one preceding edge that was executed)
(I have a patch for that lying somewhere).
This will be much harder to achieve with raw PCs.

... and what do you propose?

kcc added a comment.Nov 13 2015, 11:04 AM
In D14572#289032, @dvyukov wrote:
In D14572#288470, @kcc wrote:

I see you have not submitted this yet...
And I have an afterthought....

The tracing that we have now (https://github.com/google/sanitizers/wiki/AddressSanitizerBasicBlockTracing)
is more complex but it actually provides more functionality at almost same cost.

  1. It uses consecutive BB ids instead of PCs. This will buy us cheaper analysis because with consecutive ids we can use a bit set.
  1. It will allow us to implement coverage frontier:

at compile time, we create a static table that stores the Control Flow Graph of the function using the pairs of IDs.
at run-time, we load this table and we can find the edges that belong to the frontier (i.e. the edges that were never executed but that have one preceding edge that was executed)
(I have a patch for that lying somewhere).
This will be much harder to achieve with raw PCs.

... and what do you propose?

More like asking your opinion: can we implement tracing that produces IDs instead of PCs such that

  • it works for your use case in the kernel
  • reasonably simple to implement (probably simpler than my current code)
  • also allows to implement coverage frontier
dvyukov closed this revision.Apr 15 2021, 1:17 AM
Herald added a reviewer: jdoerfert. · View Herald TranscriptApr 15 2021, 1:17 AM
Herald added subscribers: dang, sstefan1. · View Herald Transcript

Revision Contents

PathSize
include/
clang/
Driver/
6 lines
Frontend/
3 lines
llvm/
Transforms/
4 lines
sanitizer/
23 lines
lib/
CodeGen/
2 lines
Driver/
25 lines
Frontend/
2 lines
Transforms/
Instrumentation/
29 lines
sanitizer_common/
99 lines
test/
Driver/
11 lines
Instrumentation/
SanitizerCoverage/
22 lines
asan/
TestCases/
31 lines

Diff 39910

include/clang/Driver/CC1Options.td

Show First 20 LinesShow All 250 Lines▼ Show 20 Linesdef vectorize_slp_aggressive : Flag<["-"], "vectorize-slp-aggressive">,
HelpText<"Run the BB vectorization passes">; HelpText<"Run the BB vectorization passes">;
def dependent_lib : Joined<["--"], "dependent-lib=">, def dependent_lib : Joined<["--"], "dependent-lib=">,
HelpText<"Add dependent library">; HelpText<"Add dependent library">;
def fsanitize_coverage_type : Joined<["-"], "fsanitize-coverage-type=">, def fsanitize_coverage_type : Joined<["-"], "fsanitize-coverage-type=">,
HelpText<"Sanitizer coverage type">; HelpText<"Sanitizer coverage type">;
def fsanitize_coverage_indirect_calls def fsanitize_coverage_indirect_calls
: Flag<["-"], "fsanitize-coverage-indirect-calls">, : Flag<["-"], "fsanitize-coverage-indirect-calls">,
HelpText<"Enable sanitizer coverage for indirect calls">; HelpText<"Enable sanitizer coverage for indirect calls">;
def fsanitize_coverage_trace_bb def fsanitize_coverage_trace
: Flag<["-"], "fsanitize-coverage-trace-bb">, : Flag<["-"], "fsanitize-coverage-trace">,
HelpText<"Enable basic block tracing in sanitizer coverage">; HelpText<"Enable tracing in sanitizer coverage">;
def fsanitize_coverage_trace_cmp def fsanitize_coverage_trace_cmp
: Flag<["-"], "fsanitize-coverage-trace-cmp">, : Flag<["-"], "fsanitize-coverage-trace-cmp">,
HelpText<"Enable cmp instruction tracing in sanitizer coverage">; HelpText<"Enable cmp instruction tracing in sanitizer coverage">;
def fsanitize_coverage_8bit_counters def fsanitize_coverage_8bit_counters
: Flag<["-"], "fsanitize-coverage-8bit-counters">, : Flag<["-"], "fsanitize-coverage-8bit-counters">,
HelpText<"Enable frequency counters in sanitizer coverage">; HelpText<"Enable frequency counters in sanitizer coverage">;
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
▲ Show 20 LinesShow All 440 LinesShow Last 20 Lines

include/clang/Frontend/CodeGenOptions.def

Show First 20 LinesShow All 118 Lines▼ Show 20 Lines
CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in
///< MemorySanitizer ///< MemorySanitizer
CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection
///< in MemorySanitizer ///< in MemorySanitizer
CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage
///< instrumentation. ///< instrumentation.
CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage
///< for indirect calls. ///< for indirect calls.
CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in CODEGENOPT(SanitizeCoverageTrace, 1, 0) ///< Enable tracing in sanitizer coverage.
///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverageTraceCmp, 1, 0) ///< Enable cmp instruction tracing CODEGENOPT(SanitizeCoverageTraceCmp, 1, 0) ///< Enable cmp instruction tracing
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverage8bitCounters, 1, 0) ///< Use 8-bit frequency counters CODEGENOPT(SanitizeCoverage8bitCounters, 1, 0) ///< Use 8-bit frequency counters
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled. CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float. CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition. CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition.
CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers
▲ Show 20 LinesShow All 65 LinesShow Last 20 Lines

include/llvm/Transforms/Instrumentation.h

Show First 20 LinesShow All 108 Lines▼ Show 20 Lines
// Insert DataFlowSanitizer (dynamic data flow analysis) instrumentation // Insert DataFlowSanitizer (dynamic data flow analysis) instrumentation
ModulePass *createDataFlowSanitizerPass( ModulePass *createDataFlowSanitizerPass(
const std::vector<std::string> &ABIListFiles = std::vector<std::string>(), const std::vector<std::string> &ABIListFiles = std::vector<std::string>(),
void *(*getArgTLS)() = nullptr, void *(*getRetValTLS)() = nullptr); void *(*getArgTLS)() = nullptr, void *(*getRetValTLS)() = nullptr);
// Options for sanitizer coverage instrumentation. // Options for sanitizer coverage instrumentation.
struct SanitizerCoverageOptions { struct SanitizerCoverageOptions {
SanitizerCoverageOptions() SanitizerCoverageOptions()
: CoverageType(SCK_None), IndirectCalls(false), TraceBB(false), : CoverageType(SCK_None), IndirectCalls(false), Trace(false),
TraceCmp(false), Use8bitCounters(false) {} TraceCmp(false), Use8bitCounters(false) {}
enum Type { enum Type {
SCK_None = 0, SCK_None = 0,
SCK_Function, SCK_Function,
SCK_BB, SCK_BB,
SCK_Edge SCK_Edge
} CoverageType; } CoverageType;
bool IndirectCalls; bool IndirectCalls;
bool TraceBB; bool Trace;
bool TraceCmp; bool TraceCmp;
bool Use8bitCounters; bool Use8bitCounters;
}; };
// Insert SanitizerCoverage instrumentation. // Insert SanitizerCoverage instrumentation.
ModulePass *createSanitizerCoverageModulePass( ModulePass *createSanitizerCoverageModulePass(
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions()); const SanitizerCoverageOptions &Options = SanitizerCoverageOptions());
Show All 19 Lines

include/sanitizer/coverage_interface.h

Show First 20 LinesShow All 52 Lines▼ Show 20 Lines#endif
uintptr_t __sanitizer_get_number_of_counters(); uintptr_t __sanitizer_get_number_of_counters();
// Updates the counter 'bitset', clears the counters and returns the number of // Updates the counter 'bitset', clears the counters and returns the number of
// new bits in 'bitset'. // new bits in 'bitset'.
// If 'bitset' is nullptr, only clears the counters. // If 'bitset' is nullptr, only clears the counters.
// Otherwise 'bitset' should be at least // Otherwise 'bitset' should be at least
// __sanitizer_get_number_of_counters bytes long and 8-aligned. // __sanitizer_get_number_of_counters bytes long and 8-aligned.
uintptr_t uintptr_t
__sanitizer_update_counter_bitset_and_clear_counters(uint8_t *bitset); __sanitizer_update_counter_bitset_and_clear_counters(uint8_t *bitset);
// Per-thread, in-memory trace coverage.
// Code must be compiled with -fsanitize-coverage=trace.
// Enable tracing for the current thread with buffer for size PCs.
// Size must be a power-of-two.
// Fails if tracing is already enabled, size is not a power of two or
// out of memory.
bool __sanitizer_trace_enable(uintptr_t size);
kccUnsubmitted
Done
ReplyInline Actions

here and below use int instead of bool.
This API can theoretically be used in C

kcc: here and below use int instead of bool. This API can theoretically be used in C
// Disable tracing for the current thread and free all associated resources.
// Fails if tracing is not enabled for the current thread.
bool __sanitizer_trace_disable();
// Reset trace for the current thread.
// Fails if tracing is not enabled for the current thread.
bool __sanitizer_trace_reset();
// Read trace of the current thread.
// Trace is set to point to an array of traced PCs, size is set to number
// of PCs in the trace. Trace memory is owned by sanitizer library, and
// is valid until call to __sanitizer_trace_disable() in this thread.
// However, the trace buffer can be overwritten if the thread executes
// instrumented code.
// Fails if tracing is not enabled for the current thread.
bool __sanitizer_trace_read(uintptr_t **trace, uintptr_t *size);
#ifdef __cplusplus #ifdef __cplusplus
} // extern "C" } // extern "C"
#endif #endif
#endif // SANITIZER_COVERAG_INTERFACE_H #endif // SANITIZER_COVERAG_INTERFACE_H

lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 180 Lines▼ Show 20 Linesstatic void addSanitizerCoveragePass(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper = const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder); static_cast<const PassManagerBuilderWrapper&>(Builder);
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts(); const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
SanitizerCoverageOptions Opts; SanitizerCoverageOptions Opts;
Opts.CoverageType = Opts.CoverageType =
static_cast<SanitizerCoverageOptions::Type>(CGOpts.SanitizeCoverageType); static_cast<SanitizerCoverageOptions::Type>(CGOpts.SanitizeCoverageType);
Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls; Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls;
Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB; Opts.Trace = CGOpts.SanitizeCoverageTrace;
Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp; Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp;
Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters; Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters;
PM.add(createSanitizerCoverageModulePass(Opts)); PM.add(createSanitizerCoverageModulePass(Opts));
} }
static void addAddressSanitizerPasses(const PassManagerBuilder &Builder, static void addAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper = const PassManagerBuilderWrapper &BuilderWrapper =
▲ Show 20 LinesShow All 482 LinesShow Last 20 Lines

lib/Driver/SanitizerArgs.cpp

Show All 40 Linesenum : SanitizerMask {
TrappingDefault = CFI, TrappingDefault = CFI,
}; };
enum CoverageFeature { enum CoverageFeature {
CoverageFunc = 1 << 0, CoverageFunc = 1 << 0,
CoverageBB = 1 << 1, CoverageBB = 1 << 1,
CoverageEdge = 1 << 2, CoverageEdge = 1 << 2,
CoverageIndirCall = 1 << 3, CoverageIndirCall = 1 << 3,
CoverageTraceBB = 1 << 4, CoverageTrace = 1 << 4,
CoverageTraceCmp = 1 << 5, CoverageTraceCmp = 1 << 5,
Coverage8bitCounters = 1 << 6, Coverage8bitCounters = 1 << 6,
}; };
/// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
/// invalid components. Returns a SanitizerMask. /// invalid components. Returns a SanitizerMask.
static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors); bool DiagnoseErrors);
▲ Show 20 LinesShow All 418 Lines▼ Show 20 LinesSanitizerArgs::SanitizerArgs(const ToolChain &TC,
if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge)) if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
D.Diag(clang::diag::err_drv_argument_not_allowed_with) D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< "-fsanitize-coverage=func" << "-fsanitize-coverage=func"
<< "-fsanitize-coverage=edge"; << "-fsanitize-coverage=edge";
if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge)) if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
D.Diag(clang::diag::err_drv_argument_not_allowed_with) D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< "-fsanitize-coverage=bb" << "-fsanitize-coverage=bb"
<< "-fsanitize-coverage=edge"; << "-fsanitize-coverage=edge";
// Basic block tracing and 8-bit counters require some type of coverage // Tracing and 8-bit counters require some type of coverage enabled.
// enabled. // Enable edge by default.
int CoverageTypes = CoverageFunc | CoverageBB | CoverageEdge; if (((CoverageFeatures & CoverageTrace) ||
if ((CoverageFeatures & CoverageTraceBB) && (CoverageFeatures & Coverage8bitCounters)) &&
!(CoverageFeatures & CoverageTypes)) !(CoverageFeatures & (CoverageFunc | CoverageBB | CoverageEdge)))
D.Diag(clang::diag::err_drv_argument_only_allowed_with) CoverageFeatures |= CoverageEdge;
<< "-fsanitize-coverage=trace-bb"
<< "-fsanitize-coverage=(func|bb|edge)";
if ((CoverageFeatures & Coverage8bitCounters) &&
!(CoverageFeatures & CoverageTypes))
D.Diag(clang::diag::err_drv_argument_only_allowed_with)
<< "-fsanitize-coverage=8bit-counters"
<< "-fsanitize-coverage=(func|bb|edge)";
if (AllAddedKinds & Address) { if (AllAddedKinds & Address) {
AsanSharedRuntime = AsanSharedRuntime =
Args.hasArg(options::OPT_shared_libasan) || TC.getTriple().isAndroid(); Args.hasArg(options::OPT_shared_libasan) || TC.getTriple().isAndroid();
NeedPIE |= TC.getTriple().isAndroid(); NeedPIE |= TC.getTriple().isAndroid();
if (Arg *A = if (Arg *A =
Args.getLastArg(options::OPT_fsanitize_address_field_padding)) { Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
StringRef S = A->getValue(); StringRef S = A->getValue();
▲ Show 20 LinesShow All 79 Lines▼ Show 20 Lines if (AsanFieldPadding)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
llvm::utostr(AsanFieldPadding))); llvm::utostr(AsanFieldPadding)));
// Translate available CoverageFeatures to corresponding clang-cc1 flags. // Translate available CoverageFeatures to corresponding clang-cc1 flags.
std::pair<int, const char *> CoverageFlags[] = { std::pair<int, const char *> CoverageFlags[] = {
std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"), std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"), std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"), std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"), std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"), std::make_pair(CoverageTrace, "-fsanitize-coverage-trace"),
std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"), std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters")}; std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters")};
for (auto F : CoverageFlags) { for (auto F : CoverageFlags) {
if (CoverageFeatures & F.first) if (CoverageFeatures & F.first)
CmdArgs.push_back(Args.MakeArgString(F.second)); CmdArgs.push_back(Args.MakeArgString(F.second));
} }
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Linesint parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) {
int Features = 0; int Features = 0;
for (int i = 0, n = A->getNumValues(); i != n; ++i) { for (int i = 0, n = A->getNumValues(); i != n; ++i) {
const char *Value = A->getValue(i); const char *Value = A->getValue(i);
int F = llvm::StringSwitch<int>(Value) int F = llvm::StringSwitch<int>(Value)
.Case("func", CoverageFunc) .Case("func", CoverageFunc)
.Case("bb", CoverageBB) .Case("bb", CoverageBB)
.Case("edge", CoverageEdge) .Case("edge", CoverageEdge)
.Case("indirect-calls", CoverageIndirCall) .Case("indirect-calls", CoverageIndirCall)
.Case("trace-bb", CoverageTraceBB) .Case("trace", CoverageTrace)
.Case("trace-cmp", CoverageTraceCmp) .Case("trace-cmp", CoverageTraceCmp)
.Case("8bit-counters", Coverage8bitCounters) .Case("8bit-counters", Coverage8bitCounters)
.Default(0); .Default(0);
if (F == 0) if (F == 0)
D.Diag(clang::diag::err_drv_unsupported_option_argument) D.Diag(clang::diag::err_drv_unsupported_option_argument)
<< A->getOption().getName() << Value; << A->getOption().getName() << Value;
Features |= F; Features |= F;
} }
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 562 Lines▼ Show 20 Lines if (A->getOption().matches(OPT_mlink_cuda_bitcode))
LinkFlags = llvm::Linker::Flags::LinkOnlyNeeded | LinkFlags = llvm::Linker::Flags::LinkOnlyNeeded |
llvm::Linker::Flags::InternalizeLinkedSymbols; llvm::Linker::Flags::InternalizeLinkedSymbols;
Opts.LinkBitcodeFiles.push_back(std::make_pair(LinkFlags, A->getValue())); Opts.LinkBitcodeFiles.push_back(std::make_pair(LinkFlags, A->getValue()));
} }
Opts.SanitizeCoverageType = Opts.SanitizeCoverageType =
getLastArgIntValue(Args, OPT_fsanitize_coverage_type, 0, Diags); getLastArgIntValue(Args, OPT_fsanitize_coverage_type, 0, Diags);
Opts.SanitizeCoverageIndirectCalls = Opts.SanitizeCoverageIndirectCalls =
Args.hasArg(OPT_fsanitize_coverage_indirect_calls); Args.hasArg(OPT_fsanitize_coverage_indirect_calls);
Opts.SanitizeCoverageTraceBB = Args.hasArg(OPT_fsanitize_coverage_trace_bb); Opts.SanitizeCoverageTrace = Args.hasArg(OPT_fsanitize_coverage_trace);
Opts.SanitizeCoverageTraceCmp = Args.hasArg(OPT_fsanitize_coverage_trace_cmp); Opts.SanitizeCoverageTraceCmp = Args.hasArg(OPT_fsanitize_coverage_trace_cmp);
Opts.SanitizeCoverage8bitCounters = Opts.SanitizeCoverage8bitCounters =
Args.hasArg(OPT_fsanitize_coverage_8bit_counters); Args.hasArg(OPT_fsanitize_coverage_8bit_counters);
Opts.SanitizeMemoryTrackOrigins = Opts.SanitizeMemoryTrackOrigins =
getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags); getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags);
Opts.SanitizeMemoryUseAfterDtor = Opts.SanitizeMemoryUseAfterDtor =
Args.hasArg(OPT_fsanitize_memory_use_after_dtor); Args.hasArg(OPT_fsanitize_memory_use_after_dtor);
Opts.SSPBufferSize = Opts.SSPBufferSize =
▲ Show 20 LinesShow All 1,668 LinesShow Last 20 Lines

lib/Transforms/Instrumentation/SanitizerCoverage.cpp

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "sancov" #define DEBUG_TYPE "sancov"
static const char *const kSanCovModuleInitName = "__sanitizer_cov_module_init"; static const char *const kSanCovModuleInitName = "__sanitizer_cov_module_init";
static const char *const kSanCovName = "__sanitizer_cov"; static const char *const kSanCovName = "__sanitizer_cov";
static const char *const kSanCovWithCheckName = "__sanitizer_cov_with_check"; static const char *const kSanCovWithCheckName = "__sanitizer_cov_with_check";
static const char *const kSanCovIndirCallName = "__sanitizer_cov_indir_call16"; static const char *const kSanCovIndirCallName = "__sanitizer_cov_indir_call16";
static const char *const kSanCovTraceEnter = "__sanitizer_cov_trace_func_enter"; static const char *const kSanCovTrace = "__sanitizer_cov_trace";
static const char *const kSanCovTraceBB = "__sanitizer_cov_trace_basic_block";
static const char *const kSanCovTraceCmp = "__sanitizer_cov_trace_cmp"; static const char *const kSanCovTraceCmp = "__sanitizer_cov_trace_cmp";
static const char *const kSanCovTraceSwitch = "__sanitizer_cov_trace_switch"; static const char *const kSanCovTraceSwitch = "__sanitizer_cov_trace_switch";
static const char *const kSanCovModuleCtorName = "sancov.module_ctor"; static const char *const kSanCovModuleCtorName = "sancov.module_ctor";
static const uint64_t kSanCtorAndDtorPriority = 2; static const uint64_t kSanCtorAndDtorPriority = 2;
static cl::opt<int> ClCoverageLevel("sanitizer-coverage-level", static cl::opt<int> ClCoverageLevel("sanitizer-coverage-level",
cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, " cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
"3: all blocks and critical edges, " "3: all blocks and critical edges, "
"4: above plus indirect calls"), "4: above plus indirect calls"),
cl::Hidden, cl::init(0)); cl::Hidden, cl::init(0));
static cl::opt<unsigned> ClCoverageBlockThreshold( static cl::opt<unsigned> ClCoverageBlockThreshold(
"sanitizer-coverage-block-threshold", "sanitizer-coverage-block-threshold",
cl::desc("Use a callback with a guard check inside it if there are" cl::desc("Use a callback with a guard check inside it if there are"
" more than this number of blocks."), " more than this number of blocks."),
cl::Hidden, cl::init(500)); cl::Hidden, cl::init(500));
static cl::opt<bool> static cl::opt<bool>
ClExperimentalTracing("sanitizer-coverage-experimental-tracing", ClTracing("sanitizer-coverage-trace",
cl::desc("Experimental basic-block tracing: insert " cl::desc("Tacing: insert callbacks at every basic"
kccUnsubmitted
Done
ReplyInline Actions

typo: Tacing

kcc: typo: Tacing
"callbacks at every basic block"), " function/block/edge"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
static cl::opt<bool> static cl::opt<bool>
ClExperimentalCMPTracing("sanitizer-coverage-experimental-trace-compares", ClExperimentalCMPTracing("sanitizer-coverage-experimental-trace-compares",
cl::desc("Experimental tracing of CMP and similar " cl::desc("Experimental tracing of CMP and similar "
"instructions"), "instructions"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
Show All 32 LinesSanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
return Res; return Res;
} }
SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) { SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
// Sets CoverageType and IndirectCalls. // Sets CoverageType and IndirectCalls.
SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel); SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel);
Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType); Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType);
Options.IndirectCalls |= CLOpts.IndirectCalls; Options.IndirectCalls |= CLOpts.IndirectCalls;
Options.TraceBB |= ClExperimentalTracing; Options.Trace |= ClTracing;
Options.TraceCmp |= ClExperimentalCMPTracing; Options.TraceCmp |= ClExperimentalCMPTracing;
Options.Use8bitCounters |= ClUse8bitCounters; Options.Use8bitCounters |= ClUse8bitCounters;
return Options; return Options;
} }
class SanitizerCoverageModule : public ModulePass { class SanitizerCoverageModule : public ModulePass {
public: public:
SanitizerCoverageModule( SanitizerCoverageModule(
Show All 16 Lines private:
void SetNoSanitizeMetadata(Instruction *I); void SetNoSanitizeMetadata(Instruction *I);
void InjectCoverageAtBlock(Function &F, BasicBlock &BB, bool UseCalls); void InjectCoverageAtBlock(Function &F, BasicBlock &BB, bool UseCalls);
unsigned NumberOfInstrumentedBlocks() { unsigned NumberOfInstrumentedBlocks() {
return SanCovFunction->getNumUses() + SanCovWithCheckFunction->getNumUses(); return SanCovFunction->getNumUses() + SanCovWithCheckFunction->getNumUses();
} }
Function *SanCovFunction; Function *SanCovFunction;
Function *SanCovWithCheckFunction; Function *SanCovWithCheckFunction;
Function *SanCovIndirCallFunction; Function *SanCovIndirCallFunction;
Function *SanCovTraceEnter, *SanCovTraceBB; Function *SanCovTrace;
Function *SanCovTraceCmpFunction; Function *SanCovTraceCmpFunction;
Function *SanCovTraceSwitchFunction; Function *SanCovTraceSwitchFunction;
InlineAsm *EmptyAsm; InlineAsm *EmptyAsm;
Type *IntptrTy, *Int64Ty, *Int64PtrTy; Type *IntptrTy, *Int64Ty, *Int64PtrTy;
Module *CurModule; Module *CurModule;
LLVMContext *C; LLVMContext *C;
const DataLayout *DL; const DataLayout *DL;
Show All 33 Lines SanCovTraceSwitchFunction =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kSanCovTraceSwitch, VoidTy, Int64Ty, Int64PtrTy, nullptr)); kSanCovTraceSwitch, VoidTy, Int64Ty, Int64PtrTy, nullptr));
// We insert an empty inline asm after cov callbacks to avoid callback merge. // We insert an empty inline asm after cov callbacks to avoid callback merge.
EmptyAsm = InlineAsm::get(FunctionType::get(IRB.getVoidTy(), false), EmptyAsm = InlineAsm::get(FunctionType::get(IRB.getVoidTy(), false),
StringRef(""), StringRef(""), StringRef(""), StringRef(""),
/*hasSideEffects=*/true); /*hasSideEffects=*/true);
if (Options.TraceBB) { if (Options.Trace)
SanCovTraceEnter = checkSanitizerInterfaceFunction( SanCovTrace = checkSanitizerInterfaceFunction(
M.getOrInsertFunction(kSanCovTraceEnter, VoidTy, Int32PtrTy, nullptr)); M.getOrInsertFunction(kSanCovTrace, VoidTy, nullptr));
SanCovTraceBB = checkSanitizerInterfaceFunction(
M.getOrInsertFunction(kSanCovTraceBB, VoidTy, Int32PtrTy, nullptr));
}
// At this point we create a dummy array of guards because we don't // At this point we create a dummy array of guards because we don't
// know how many elements we will need. // know how many elements we will need.
Type *Int32Ty = IRB.getInt32Ty(); Type *Int32Ty = IRB.getInt32Ty();
Type *Int8Ty = IRB.getInt8Ty(); Type *Int8Ty = IRB.getInt8Ty();
GuardArray = GuardArray =
new GlobalVariable(M, Int32Ty, false, GlobalValue::ExternalLinkage, new GlobalVariable(M, Int32Ty, false, GlobalValue::ExternalLinkage,
▲ Show 20 LinesShow All 263 Lines▼ Show 20 Lines if (Options.Use8bitCounters) {
P = IRB.CreateIntToPtr(P, IRB.getInt8PtrTy()); P = IRB.CreateIntToPtr(P, IRB.getInt8PtrTy());
LoadInst *LI = IRB.CreateLoad(P); LoadInst *LI = IRB.CreateLoad(P);
Value *Inc = IRB.CreateAdd(LI, ConstantInt::get(IRB.getInt8Ty(), 1)); Value *Inc = IRB.CreateAdd(LI, ConstantInt::get(IRB.getInt8Ty(), 1));
StoreInst *SI = IRB.CreateStore(Inc, P); StoreInst *SI = IRB.CreateStore(Inc, P);
SetNoSanitizeMetadata(LI); SetNoSanitizeMetadata(LI);
SetNoSanitizeMetadata(SI); SetNoSanitizeMetadata(SI);
} }
if (Options.TraceBB) { if (Options.Trace) {
// Experimental support for tracing. // Trace coverage.
// Insert a callback with the same guard variable as used for coverage.
IRB.SetInsertPoint(&*IP); IRB.SetInsertPoint(&*IP);
IRB.CreateCall(IsEntryBB ? SanCovTraceEnter : SanCovTraceBB, GuardP); IRB.CreateCall(SanCovTrace);
} }
} }
char SanitizerCoverageModule::ID = 0; char SanitizerCoverageModule::ID = 0;
INITIALIZE_PASS(SanitizerCoverageModule, "sancov", INITIALIZE_PASS(SanitizerCoverageModule, "sancov",
"SanitizerCoverage: TODO." "SanitizerCoverage: TODO."
"ModulePass", false, false) "ModulePass", false, false)
ModulePass *llvm::createSanitizerCoverageModulePass( ModulePass *llvm::createSanitizerCoverageModulePass(
const SanitizerCoverageOptions &Options) { const SanitizerCoverageOptions &Options) {
return new SanitizerCoverageModule(Options); return new SanitizerCoverageModule(Options);
} }

lib/sanitizer_common/sanitizer_coverage_libcdep.cc

Show First 20 LinesShow All 85 Lines▼ Show 20 Lines public:
void DumpCallerCalleePairs(); void DumpCallerCalleePairs();
void DumpTrace(); void DumpTrace();
void DumpAsBitSet(); void DumpAsBitSet();
void DumpCounters(); void DumpCounters();
void DumpOffsets(); void DumpOffsets();
void DumpAll(); void DumpAll();
ALWAYS_INLINE ALWAYS_INLINE
void TraceBasicBlock(s32 *id); void TraceBasicBlock(uptr pc);
void InitializeGuardArray(s32 *guards); void InitializeGuardArray(s32 *guards);
void InitializeGuards(s32 *guards, uptr n, const char *module_name, void InitializeGuards(s32 *guards, uptr n, const char *module_name,
uptr caller_pc); uptr caller_pc);
void InitializeCounters(u8 *counters, uptr n); void InitializeCounters(u8 *counters, uptr n);
void ReinitializeGuards(); void ReinitializeGuards();
uptr GetNumberOf8bitCounters(); uptr GetNumberOf8bitCounters();
uptr Update8bitCounterBitsetAndClearCounters(u8 *bitset); uptr Update8bitCounterBitsetAndClearCounters(u8 *bitset);
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines private:
uptr num_8bit_counters; uptr num_8bit_counters;
// Caller-Callee (cc) array, size and current index. // Caller-Callee (cc) array, size and current index.
static const uptr kCcArrayMaxSize = FIRST_32_SECOND_64(1 << 18, 1 << 24); static const uptr kCcArrayMaxSize = FIRST_32_SECOND_64(1 << 18, 1 << 24);
uptr **cc_array; uptr **cc_array;
atomic_uintptr_t cc_array_index; atomic_uintptr_t cc_array_index;
atomic_uintptr_t cc_array_size; atomic_uintptr_t cc_array_size;
// Tracing event array, size and current pointer. uptr tr_size;
// We record all events (basic block entries) in a global buffer of u32
// values. Each such value is the index in pc_array.
// So far the tracing is highly experimental:
// - not thread-safe;
// - does not support long traces;
// - not tuned for performance.
static const uptr kTrEventArrayMaxSize = FIRST_32_SECOND_64(1 << 22, 1 << 30);
u32 *tr_event_array;
uptr tr_event_array_size;
u32 *tr_event_pointer;
static const uptr kTrPcArrayMaxSize = FIRST_32_SECOND_64(1 << 22, 1 << 27);
StaticSpinMutex mu; StaticSpinMutex mu;
}; };
static CoverageData coverage_data; static CoverageData coverage_data;
void CovUpdateMapping(const char *path, uptr caller_pc = 0); void CovUpdateMapping(const char *path, uptr caller_pc = 0);
Show All 27 Lines if (common_flags()->coverage_direct) {
atomic_store(&pc_array_size, kPcArrayMaxSize, memory_order_relaxed); atomic_store(&pc_array_size, kPcArrayMaxSize, memory_order_relaxed);
} }
cc_array = reinterpret_cast<uptr **>(MmapNoReserveOrDie( cc_array = reinterpret_cast<uptr **>(MmapNoReserveOrDie(
sizeof(uptr *) * kCcArrayMaxSize, "CovInit::cc_array")); sizeof(uptr *) * kCcArrayMaxSize, "CovInit::cc_array"));
atomic_store(&cc_array_size, kCcArrayMaxSize, memory_order_relaxed); atomic_store(&cc_array_size, kCcArrayMaxSize, memory_order_relaxed);
atomic_store(&cc_array_index, 0, memory_order_relaxed); atomic_store(&cc_array_index, 0, memory_order_relaxed);
// Allocate tr_event_array with a guard page at the end.
tr_event_array = reinterpret_cast<u32 *>(MmapNoReserveOrDie(
sizeof(tr_event_array[0]) * kTrEventArrayMaxSize + GetMmapGranularity(),
"CovInit::tr_event_array"));
MprotectNoAccess(
reinterpret_cast<uptr>(&tr_event_array[kTrEventArrayMaxSize]),
GetMmapGranularity());
tr_event_array_size = kTrEventArrayMaxSize;
tr_event_pointer = tr_event_array;
num_8bit_counters = 0; num_8bit_counters = 0;
} }
void CoverageData::InitializeGuardArray(s32 *guards) { void CoverageData::InitializeGuardArray(s32 *guards) {
Enable(); // Make sure coverage is enabled at this point. Enable(); // Make sure coverage is enabled at this point.
s32 n = guards[0]; s32 n = guards[0];
for (s32 j = 1; j <= n; j++) { for (s32 j = 1; j <= n; j++) {
uptr idx = atomic_load_relaxed(&pc_array_index); uptr idx = atomic_load_relaxed(&pc_array_index);
atomic_store_relaxed(&pc_array_index, idx + 1); atomic_store_relaxed(&pc_array_index, idx + 1);
guards[j] = -static_cast<s32>(idx + 1); guards[j] = -static_cast<s32>(idx + 1);
} }
} }
void CoverageData::Disable() { void CoverageData::Disable() {
if (pc_array) { if (pc_array) {
UnmapOrDie(pc_array, sizeof(uptr) * kPcArrayMaxSize); UnmapOrDie(pc_array, sizeof(uptr) * kPcArrayMaxSize);
pc_array = nullptr; pc_array = nullptr;
} }
if (cc_array) { if (cc_array) {
UnmapOrDie(cc_array, sizeof(uptr *) * kCcArrayMaxSize); UnmapOrDie(cc_array, sizeof(uptr *) * kCcArrayMaxSize);
cc_array = nullptr; cc_array = nullptr;
} }
if (tr_event_array) {
UnmapOrDie(tr_event_array,
sizeof(tr_event_array[0]) * kTrEventArrayMaxSize +
GetMmapGranularity());
tr_event_array = nullptr;
tr_event_pointer = nullptr;
}
if (pc_fd != kInvalidFd) { if (pc_fd != kInvalidFd) {
CloseFile(pc_fd); CloseFile(pc_fd);
pc_fd = kInvalidFd; pc_fd = kInvalidFd;
} }
} }
void CoverageData::ReinitializeGuards() { void CoverageData::ReinitializeGuards() {
// Assuming single thread. // Assuming single thread.
▲ Show 20 LinesShow All 319 Lines▼ Show 20 Linesstatic fd_t CovOpenFile(InternalScopedString *path, bool packed,
error_t err; error_t err;
fd_t fd = OpenFile(path->data(), WrOnly, &err); fd_t fd = OpenFile(path->data(), WrOnly, &err);
if (fd == kInvalidFd) if (fd == kInvalidFd)
Report("SanitizerCoverage: failed to open %s for writing (reason: %d)\n", Report("SanitizerCoverage: failed to open %s for writing (reason: %d)\n",
path->data(), err); path->data(), err);
return fd; return fd;
} }
// Dump trace PCs and trace events into two separate files.
void CoverageData::DumpTrace() { void CoverageData::DumpTrace() {
uptr max_idx = tr_event_pointer - tr_event_array; if (tr_size == 0)
if (!max_idx) return;
auto sym = Symbolizer::GetOrInit();
if (!sym)
return; return;
InternalScopedString out(32 << 20);
for (uptr i = 0, n = size(); i < n; i++) {
const char *module_name = "<unknown>";
uptr module_address = 0;
sym->GetModuleNameAndOffsetForPC(UnbundlePc(pc_array[i]), &module_name,
&module_address);
out.append("%s 0x%zx\n", module_name, module_address);
}
InternalScopedString path(kMaxPathLength);
fd_t fd = CovOpenFile(&path, false, "trace-points");
if (fd == kInvalidFd) return;
WriteToFile(fd, out.data(), out.length());
CloseFile(fd);
fd = CovOpenFile(&path, false, "trace-compunits");
if (fd == kInvalidFd) return;
out.clear();
for (uptr i = 0; i < comp_unit_name_vec.size(); i++)
out.append("%s\n", comp_unit_name_vec[i].copied_module_name);
WriteToFile(fd, out.data(), out.length());
CloseFile(fd);
fd = CovOpenFile(&path, false, "trace-events");
if (fd == kInvalidFd) return;
uptr bytes_to_write = max_idx * sizeof(tr_event_array[0]);
u8 *event_bytes = reinterpret_cast<u8*>(tr_event_array);
// The trace file could be huge, and may not be written with a single syscall.
while (bytes_to_write) {
uptr actually_written;
if (WriteToFile(fd, event_bytes, bytes_to_write, &actually_written) &&
actually_written <= bytes_to_write) {
bytes_to_write -= actually_written;
event_bytes += actually_written;
} else {
break;
}
}
CloseFile(fd);
VReport(1, " CovDump: Trace: %zd PCs written\n", size()); VReport(1, " CovDump: Trace: %zd PCs written\n", size());
VReport(1, " CovDump: Trace: %zd Events written\n", max_idx); VReport(1, " CovDump: Trace: %zd Events written\n", tr_size);
} }
// This function dumps the caller=>callee pairs into a file as a sequence of // This function dumps the caller=>callee pairs into a file as a sequence of
// lines like "module_name offset". // lines like "module_name offset".
void CoverageData::DumpCallerCalleePairs() { void CoverageData::DumpCallerCalleePairs() {
uptr max_idx = atomic_load(&cc_array_index, memory_order_relaxed); uptr max_idx = atomic_load(&cc_array_index, memory_order_relaxed);
if (!max_idx) return; if (!max_idx) return;
auto sym = Symbolizer::GetOrInit(); auto sym = Symbolizer::GetOrInit();
Show All 27 Linesvoid CoverageData::DumpCallerCalleePairs() {
fd_t fd = CovOpenFile(&path, false, "caller-callee"); fd_t fd = CovOpenFile(&path, false, "caller-callee");
if (fd == kInvalidFd) return; if (fd == kInvalidFd) return;
WriteToFile(fd, out.data(), out.length()); WriteToFile(fd, out.data(), out.length());
CloseFile(fd); CloseFile(fd);
VReport(1, " CovDump: %zd caller-callee pairs written\n", total); VReport(1, " CovDump: %zd caller-callee pairs written\n", total);
} }
// Record the current PC into the event buffer. // Record the current PC into the event buffer.
// Every event is a u32 value (index in tr_pc_array_index) so we compute void CoverageData::TraceBasicBlock(uptr pc) {
// it once and then cache in the provided 'cache' storage. tr_size++;
//
// This function will eventually be inlined by the compiler.
void CoverageData::TraceBasicBlock(s32 *id) {
// Will trap here if
// 1. coverage is not enabled at run-time.
// 2. The array tr_event_array is full.
*tr_event_pointer = static_cast<u32>(*id - 1);
tr_event_pointer++;
} }
void CoverageData::DumpCounters() { void CoverageData::DumpCounters() {
if (!common_flags()->coverage_counters) return; if (!common_flags()->coverage_counters) return;
uptr n = coverage_data.GetNumberOf8bitCounters(); uptr n = coverage_data.GetNumberOf8bitCounters();
if (!n) return; if (!n) return;
InternalScopedBuffer<u8> bitset(n); InternalScopedBuffer<u8> bitset(n);
coverage_data.Update8bitCounterBitsetAndClearCounters(bitset.data()); coverage_data.Update8bitCounterBitsetAndClearCounters(bitset.data());
▲ Show 20 LinesShow All 216 Lines▼ Show 20 Lines
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
uptr __sanitizer_get_total_unique_caller_callee_pairs() { uptr __sanitizer_get_total_unique_caller_callee_pairs() {
return atomic_load(&caller_callee_counter, memory_order_relaxed); return atomic_load(&caller_callee_counter, memory_order_relaxed);
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_cov_trace_func_enter(s32 *id) { void __sanitizer_cov_trace() {
coverage_data.TraceBasicBlock(id); // TBD
} coverage_data.TraceBasicBlock(GET_CALLER_PC());
SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_cov_trace_basic_block(s32 *id) {
coverage_data.TraceBasicBlock(id);
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_reset_coverage() { void __sanitizer_reset_coverage() {
coverage_data.ReinitializeGuards(); coverage_data.ReinitializeGuards();
internal_bzero_aligned16( internal_bzero_aligned16(
coverage_data.data(), coverage_data.data(),
RoundUpTo(coverage_data.size() * sizeof(coverage_data.data()[0]), 16)); RoundUpTo(coverage_data.size() * sizeof(coverage_data.data()[0]), 16));
} }
Show All 21 Lines

test/Driver/fsanitize-coverage.c

Show All 25 Lines
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread -fsanitize-coverage=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-UNUSED // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread -fsanitize-coverage=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-UNUSED
// RUN: %clang -target x86_64-linux-gnu -fsanitize-coverage=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-UNUSED // RUN: %clang -target x86_64-linux-gnu -fsanitize-coverage=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-UNUSED
// CHECK-SANITIZE-COVERAGE-UNUSED: argument unused during compilation: '-fsanitize-coverage=1' // CHECK-SANITIZE-COVERAGE-UNUSED: argument unused during compilation: '-fsanitize-coverage=1'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=1 -fno-sanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-SAN-DISABLED // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=1 -fno-sanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-SAN-DISABLED
// CHECK-SANITIZE-COVERAGE-SAN-DISABLED-NOT: argument unused // CHECK-SANITIZE-COVERAGE-SAN-DISABLED-NOT: argument unused
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-bb,trace-cmp,8bit-counters %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FEATURES // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace,trace-cmp,8bit-counters %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FEATURES
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-type=3 // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-type=3
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-indirect-calls // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-indirect-calls
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-bb // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-cmp // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-trace-cmp
// CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-8bit-counters // CHECK-SANITIZE-COVERAGE-FEATURES: -fsanitize-coverage-8bit-counters
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func,edge,indirect-calls,trace-bb,trace-cmp -fno-sanitize-coverage=edge,indirect-calls,trace-bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MASK // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func,edge,indirect-calls,trace,trace-cmp -fno-sanitize-coverage=edge,indirect-calls,trace %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MASK
// CHECK-MASK: -fsanitize-coverage-type=1 // CHECK-MASK: -fsanitize-coverage-type=1
// CHECK-MASK: -fsanitize-coverage-trace-cmp // CHECK-MASK: -fsanitize-coverage-trace-cmp
// CHECK-MASK-NOT: -fsanitize-coverage- // CHECK-MASK-NOT: -fsanitize-coverage-
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=foobar %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INVALID-VALUE // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=foobar %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INVALID-VALUE
// CHECK-INVALID-VALUE: error: unsupported argument 'foobar' to option 'fsanitize-coverage=' // CHECK-INVALID-VALUE: error: unsupported argument 'foobar' to option 'fsanitize-coverage='
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func -fsanitize-coverage=edge %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INCOMPATIBLE // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=func -fsanitize-coverage=edge %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INCOMPATIBLE
// CHECK-INCOMPATIBLE: error: invalid argument '-fsanitize-coverage=func' not allowed with '-fsanitize-coverage=edge' // CHECK-INCOMPATIBLE: error: invalid argument '-fsanitize-coverage=func' not allowed with '-fsanitize-coverage=edge'
// Driver must enable edge coverage by default.
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=8bit-counters %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MISSING-TYPE // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=8bit-counters %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MISSING-TYPE
// CHECK-MISSING-TYPE: error: invalid argument '-fsanitize-coverage=8bit-counters' only allowed with '-fsanitize-coverage=(func|bb|edge)' // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=trace %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MISSING-TYPE
// CHECK-MISSING-TYPE-NOT: error
// CHECK-MISSING-TYPE-NOT: fsanitize
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=trace-cmp,indirect-calls %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-TYPE-NECESSARY // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=trace-cmp,indirect-calls %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-TYPE-NECESSARY
// CHECK-NO-TYPE-NECESSARY-NOT: error: // CHECK-NO-TYPE-NECESSARY-NOT: error:
// CHECK-NO-TYPE-NECESSARY: -fsanitize-coverage-indirect-calls // CHECK-NO-TYPE-NECESSARY: -fsanitize-coverage-indirect-calls
// CHECK-NO-TYPE-NECESSARY: -fsanitize-coverage-trace-cmp // CHECK-NO-TYPE-NECESSARY: -fsanitize-coverage-trace-cmp
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=1 -fsanitize-coverage=trace-cmp %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-EXTEND-LEGACY // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-coverage=1 -fsanitize-coverage=trace-cmp %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-EXTEND-LEGACY
// CHECK-EXTEND-LEGACY: -fsanitize-coverage-type=1 // CHECK-EXTEND-LEGACY: -fsanitize-coverage-type=1
Show All 9 Lines

test/Instrumentation/SanitizerCoverage/tracing.ll

; Test -sanitizer-coverage-experimental-tracing ; Test -sanitizer-coverage-experimental-tracing
; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -sanitizer-coverage-experimental-tracing -S | FileCheck %s --check-prefix=CHECK1 ; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -sanitizer-coverage-trace -S | FileCheck %s --check-prefix=CHECK1
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-experimental-tracing -S | FileCheck %s --check-prefix=CHECK3 ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace -S | FileCheck %s --check-prefix=CHECK3
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo(i32* %a) sanitize_address { define void @foo(i32* %a) sanitize_address {
entry: entry:
%tobool = icmp eq i32* %a, null %tobool = icmp eq i32* %a, null
br i1 %tobool, label %if.end, label %if.then br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry if.then: ; preds = %entry
store i32 0, i32* %a, align 4 store i32 0, i32* %a, align 4
br label %if.end br label %if.end
if.end: ; preds = %entry, %if.then if.end: ; preds = %entry, %if.then
ret void ret void
} }
; CHECK1-LABEL: define void @foo ; CHECK1-LABEL: define void @foo
; CHECK1: call void @__sanitizer_cov_trace_func_enter ; CHECK1: call void @__sanitizer_cov_trace
; CHECK1: call void @__sanitizer_cov_trace_basic_block ; CHECK1: call void @__sanitizer_cov_trace
; CHECK1: call void @__sanitizer_cov_trace_basic_block ; CHECK1: call void @__sanitizer_cov_trace
; CHECK1-NOT: call void @__sanitizer_cov_trace_basic_block ; CHECK1-NOT: call void @__sanitizer_cov_trace
; CHECK1: ret void ; CHECK1: ret void
; CHECK3-LABEL: define void @foo ; CHECK3-LABEL: define void @foo
; CHECK3: call void @__sanitizer_cov_trace_func_enter ; CHECK3: call void @__sanitizer_cov_trace
; CHECK3: call void @__sanitizer_cov_trace_basic_block ; CHECK3: call void @__sanitizer_cov_trace
; CHECK3: call void @__sanitizer_cov_trace_basic_block ; CHECK3: call void @__sanitizer_cov_trace
; CHECK3: call void @__sanitizer_cov_trace_basic_block ; CHECK3: call void @__sanitizer_cov_trace
; CHECK3-NOT: call void @__sanitizer_cov_trace_basic_block ; CHECK3-NOT: call void @__sanitizer_cov_trace
; CHECK3: ret void ; CHECK3: ret void

test/asan/TestCases/coverage-tracing.cc

// Test -fsanitize-coverage=trace-bb // Test -fsanitize-coverage=trace
// //
// RUN: %clangxx_asan -O1 -fsanitize-coverage=func,trace-bb %s -o %t // RUN: %clangxx_asan -O1 -fsanitize-coverage=func,trace %s -o %t
// RUN: rm -rf %T/coverage-tracing // RUN: A=x; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK1
// RUN: mkdir %T/coverage-tracing // RUN: A=f; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK2
// RUN: cd %T/coverage-tracing // RUN: A=fb; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK3
// RUN: A=x; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK1; mv trace-points.*.sancov $A.points // RUN: A=fff; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK4
// RUN: A=f; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK2; mv trace-points.*.sancov $A.points // RUN: A=bbf; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 100 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK301
// RUN: A=b; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK2; mv trace-points.*.sancov $A.points
// RUN: A=bf; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK3; mv trace-points.*.sancov $A.points
// RUN: A=fb; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK3; mv trace-points.*.sancov $A.points
// RUN: A=ffb; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK4; mv trace-points.*.sancov $A.points
// RUN: A=fff; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 1 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK4; mv trace-points.*.sancov $A.points
// RUN: A=bbf; %env_asan_opts=coverage=1:verbosity=1 %run %t $A 100 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK301; mv trace-points.*.sancov $A.points
// RUN: diff f.points fff.points
// RUN: diff bf.points fb.points
// RUN: diff bf.points ffb.points
// RUN: diff bf.points bbf.points
// RUN: not diff x.points f.points
// RUN: not diff x.points b.points
// RUN: not diff x.points bf.points
// RUN: not diff f.points b.points
// RUN: not diff f.points bf.points
// RUN: not diff b.points bf.points
// RUN: rm -rf %T/coverage-tracing
// //
// REQUIRES: asan-64-bits // REQUIRES: asan-64-bits
// UNSUPPORTED: android // UNSUPPORTED: android
#include <stdlib.h> #include <stdlib.h>
volatile int sink; volatile int sink;
__attribute__((noinline)) void foo() { sink++; } __attribute__((noinline)) void foo() { sink++; }
__attribute__((noinline)) void bar() { sink++; } __attribute__((noinline)) void bar() { sink++; }
Show All 18 Lines