This is an archive of the discontinued LLVM Phabricator instance.

Differential D28434

[Sanitizer Coverage] Fix Instrumentation to work on Windows.
ClosedPublic

Authored by mpividori on Jan 6 2017, 8:18 PM.

Details

Reviewers
kcc
zturner
aizatsky
rnk
Commits
rGdb5a5655141c: [sanitizer coverage] Fix Instrumentation to work on Windows.
rL293987: [sanitizer coverage] Fix Instrumentation to work on Windows.
Summary

Hi,

I modified Sanitizer Coverage Instrumentation's code, to work on Windows.
In Windows, the symbols "___stop___sancov_guards" and "___start___sancov_guards" are not defined automatically.
So, we need to take a different approach.

As suggested in: https://msdn.microsoft.com/en-us/library/7977wcck.aspx
I define 3 sections: ".SCOV$A", ".SCOV$M" and ".SCOV$Z".

  • Section ".SCOV$A" will only hold a variable ___start___sancov_guard.
  • Section ".SCOV$M" will hold the main data.
  • Section ".SCOV$Z" will only hold a variable ___stop___sancov_guards.

When linking, they will be merged sorted by the characters after the $, so we can use the pointers of the variables ___[start|stop]___sancov_guard to know the actual range of addresses of that section.

___[start|stop]___sancov_guard should be defined only once per module, because of that, I include them inside the static asan runtime: "clang_rt.asan_dynamic_runtime_thunk", that will be included in both, dlls and executables (that changes are in a different diff).

In this diff, I updated the instrumentation to include all the guard arrays in section ".SCOV$M".

Diff Detail

Event Timeline

mpividori updated this revision to Diff 83493.Jan 6 2017, 8:18 PM
mpividori retitled this revision from to [Sanitizer Coverage] Fix Instrumentation to work on Windows..
mpividori updated this object.
mpividori added reviewers: kcc, aizatsky, rnk, zturner.
mpividori set the repository for this revision to rL LLVM.
mpividori added a subscriber: llvm-commits.
rnk added inline comments.Jan 9 2017, 1:18 PM
lib/Transforms/Instrumentation/SanitizerCoverage.cpp
370–385

I don't think we need this dynamic initialization in every TU on Windows. If ___start___sancov_guard is linked statically into every DLL, we can add code to that object file to call __sanitizer_cov_trace_pc_guard_init on Windows.

mpividori added inline comments.Jan 9 2017, 2:42 PM
lib/Transforms/Instrumentation/SanitizerCoverage.cpp
370–385

@rnk, do you mean register this function in the section ".CRT$XCU" , like you do with register_dso_globals? Yes, I agree.
Here, I just updated the code to do the same than on linux. I think we can improve this as you suggest, also for linux.

mpividori added inline comments.Jan 23 2017, 3:30 PM
lib/Transforms/Instrumentation/SanitizerCoverage.cpp
370–385

@rnk I think this approach is ok for now, so we do the same than for linux, and we simplify the code.

rnk accepted this revision.Jan 23 2017, 3:37 PM

lgtm

lib/Transforms/Instrumentation/SanitizerCoverage.cpp
370–385

Yeah, definitely OK for now. Eventually we should do the .CRT$XCU thing, though. It's nicer.

This revision is now accepted and ready to land.Jan 23 2017, 3:37 PM
mpividori updated this revision to Diff 86908.Feb 2 2017, 3:37 PM

Updated diff after rebase. It is slightly different because of some new commits.

Closed by commit rL293987: [sanitizer coverage] Fix Instrumentation to work on Windows. (authored by mpividori). · Explain WhyFeb 2 2017, 5:19 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
Transforms/
Instrumentation/
50 lines

Diff 86908

lib/Transforms/Instrumentation/SanitizerCoverage.cpp

Show First 20 LinesShow All 132 Lines▼ Show 20 Lines
// The counters are not thread-friendly: // The counters are not thread-friendly:
// - contention on these counters may cause significant slowdown; // - contention on these counters may cause significant slowdown;
// - the counter updates are racy and the results may be inaccurate. // - the counter updates are racy and the results may be inaccurate.
// They are also inaccurate due to 8-bit integer overflow. // They are also inaccurate due to 8-bit integer overflow.
static cl::opt<bool> ClUse8bitCounters("sanitizer-coverage-8bit-counters", static cl::opt<bool> ClUse8bitCounters("sanitizer-coverage-8bit-counters",
cl::desc("Experimental 8-bit counters"), cl::desc("Experimental 8-bit counters"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
static StringRef getSanCovTracePCGuardSection(const Module &M) {
return Triple(M.getTargetTriple()).isOSBinFormatMachO()
? "__DATA,__sancov_guards"
: "__sancov_guards";
}
static StringRef getSanCovTracePCGuardSectionStart(const Module &M) {
return Triple(M.getTargetTriple()).isOSBinFormatMachO()
? "\1section$start$__DATA$__sancov_guards"
: "__start___sancov_guards";
}
static StringRef getSanCovTracePCGuardSectionEnd(const Module &M) {
return Triple(M.getTargetTriple()).isOSBinFormatMachO()
? "\1section$end$__DATA$__sancov_guards"
: "__stop___sancov_guards";
}
namespace { namespace {
SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) { SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
SanitizerCoverageOptions Res; SanitizerCoverageOptions Res;
switch (LegacyCoverageLevel) { switch (LegacyCoverageLevel) {
case 0: case 0:
Res.CoverageType = SanitizerCoverageOptions::SCK_None; Res.CoverageType = SanitizerCoverageOptions::SCK_None;
break; break;
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Linesprivate:
void SetNoSanitizeMetadata(Instruction *I); void SetNoSanitizeMetadata(Instruction *I);
void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx, void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
bool UseCalls); bool UseCalls);
unsigned NumberOfInstrumentedBlocks() { unsigned NumberOfInstrumentedBlocks() {
return SanCovFunction->getNumUses() + return SanCovFunction->getNumUses() +
SanCovWithCheckFunction->getNumUses() + SanCovTraceBB->getNumUses() + SanCovWithCheckFunction->getNumUses() + SanCovTraceBB->getNumUses() +
SanCovTraceEnter->getNumUses(); SanCovTraceEnter->getNumUses();
} }
StringRef getSanCovTracePCGuardSection() const;
StringRef getSanCovTracePCGuardSectionStart() const;
StringRef getSanCovTracePCGuardSectionEnd() const;
Function *SanCovFunction; Function *SanCovFunction;
Function *SanCovWithCheckFunction; Function *SanCovWithCheckFunction;
Function *SanCovIndirCallFunction, *SanCovTracePCIndir; Function *SanCovIndirCallFunction, *SanCovTracePCIndir;
Function *SanCovTraceEnter, *SanCovTraceBB, *SanCovTracePC, *SanCovTracePCGuard; Function *SanCovTraceEnter, *SanCovTraceBB, *SanCovTracePC, *SanCovTracePCGuard;
Function *SanCovTraceCmpFunction[4]; Function *SanCovTraceCmpFunction[4];
Function *SanCovTraceDivFunction[2]; Function *SanCovTraceDivFunction[2];
Function *SanCovTraceGepFunction; Function *SanCovTraceGepFunction;
Function *SanCovTraceSwitchFunction; Function *SanCovTraceSwitchFunction;
InlineAsm *EmptyAsm; InlineAsm *EmptyAsm;
Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy; Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy;
Module *CurModule; Module *CurModule;
Triple TargetTriple;
LLVMContext *C; LLVMContext *C;
const DataLayout *DL; const DataLayout *DL;
GlobalVariable *GuardArray; GlobalVariable *GuardArray;
GlobalVariable *FunctionGuardArray; // for trace-pc-guard. GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
GlobalVariable *EightBitCounterArray; GlobalVariable *EightBitCounterArray;
bool HasSancovGuardsSection; bool HasSancovGuardsSection;
SanitizerCoverageOptions Options; SanitizerCoverageOptions Options;
}; };
} // namespace } // namespace
bool SanitizerCoverageModule::runOnModule(Module &M) { bool SanitizerCoverageModule::runOnModule(Module &M) {
if (Options.CoverageType == SanitizerCoverageOptions::SCK_None) if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
return false; return false;
C = &(M.getContext()); C = &(M.getContext());
DL = &M.getDataLayout(); DL = &M.getDataLayout();
CurModule = &M; CurModule = &M;
TargetTriple = Triple(M.getTargetTriple());
HasSancovGuardsSection = false; HasSancovGuardsSection = false;
IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits()); IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
IntptrPtrTy = PointerType::getUnqual(IntptrTy); IntptrPtrTy = PointerType::getUnqual(IntptrTy);
Type *VoidTy = Type::getVoidTy(*C); Type *VoidTy = Type::getVoidTy(*C);
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
Type *Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty()); Type *Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty()); Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty()); Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
▲ Show 20 LinesShow All 101 Lines▼ Show 20 Linesbool SanitizerCoverageModule::runOnModule(Module &M) {
Constant *ModNameStrConst = Constant *ModNameStrConst =
ConstantDataArray::getString(M.getContext(), M.getName(), true); ConstantDataArray::getString(M.getContext(), M.getName(), true);
GlobalVariable *ModuleName = new GlobalVariable( GlobalVariable *ModuleName = new GlobalVariable(
M, ModNameStrConst->getType(), true, GlobalValue::PrivateLinkage, M, ModNameStrConst->getType(), true, GlobalValue::PrivateLinkage,
ModNameStrConst, "__sancov_gen_modname"); ModNameStrConst, "__sancov_gen_modname");
if (Options.TracePCGuard) { if (Options.TracePCGuard) {
if (HasSancovGuardsSection) { if (HasSancovGuardsSection) {
Function *CtorFunc; Function *CtorFunc;
GlobalVariable *SecStart = new GlobalVariable( GlobalVariable *SecStart = new GlobalVariable(
M, Int32PtrTy, false, GlobalVariable::ExternalLinkage, nullptr, M, Int32PtrTy, false, GlobalVariable::ExternalLinkage, nullptr,
getSanCovTracePCGuardSectionStart(*CurModule)); getSanCovTracePCGuardSectionStart());
SecStart->setVisibility(GlobalValue::HiddenVisibility); SecStart->setVisibility(GlobalValue::HiddenVisibility);
GlobalVariable *SecEnd = new GlobalVariable( GlobalVariable *SecEnd = new GlobalVariable(
M, Int32PtrTy, false, GlobalVariable::ExternalLinkage, nullptr, M, Int32PtrTy, false, GlobalVariable::ExternalLinkage, nullptr,
getSanCovTracePCGuardSectionEnd(*CurModule)); getSanCovTracePCGuardSectionEnd());
SecEnd->setVisibility(GlobalValue::HiddenVisibility); SecEnd->setVisibility(GlobalValue::HiddenVisibility);
std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions( std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
M, SanCovModuleCtorName, SanCovTracePCGuardInitName, M, SanCovModuleCtorName, SanCovTracePCGuardInitName,
{Int32PtrTy, Int32PtrTy}, {Int32PtrTy, Int32PtrTy},
{IRB.CreatePointerCast(SecStart, Int32PtrTy), {IRB.CreatePointerCast(SecStart, Int32PtrTy),
IRB.CreatePointerCast(SecEnd, Int32PtrTy)}); IRB.CreatePointerCast(SecEnd, Int32PtrTy)});
appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority); appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority);
rnkUnsubmitted
Not Done
ReplyInline Actions

I don't think we need this dynamic initialization in every TU on Windows. If ___start___sancov_guard is linked statically into every DLL, we can add code to that object file to call __sanitizer_cov_trace_pc_guard_init on Windows.

rnk: I don't think we need this dynamic initialization in every TU on Windows. If…
mpividoriAuthorUnsubmitted
Not Done
ReplyInline Actions

@rnk, do you mean register this function in the section ".CRT$XCU" , like you do with register_dso_globals? Yes, I agree.
Here, I just updated the code to do the same than on linux. I think we can improve this as you suggest, also for linux.

mpividori: @rnk, do you mean register this function in the section ".CRT$XCU" , like you do with…
mpividoriAuthorUnsubmitted
Not Done
ReplyInline Actions

@rnk I think this approach is ok for now, so we do the same than for linux, and we simplify the code.

mpividori: @rnk I think this approach is ok for now, so we do the same than for linux, and we simplify the…
rnkUnsubmitted
Not Done
ReplyInline Actions

Yeah, definitely OK for now. Eventually we should do the .CRT$XCU thing, though. It's nicer.

rnk: Yeah, definitely OK for now. Eventually we should do the .CRT$XCU thing, though. It's nicer.
} }
} else if (!Options.TracePC) { } else if (!Options.TracePC) {
Function *CtorFunc; Function *CtorFunc;
std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions( std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
M, SanCovModuleCtorName, SanCovModuleInitName, M, SanCovModuleCtorName, SanCovModuleInitName,
{Int32PtrTy, IntptrTy, Int8PtrTy, Int8PtrTy}, {Int32PtrTy, IntptrTy, Int8PtrTy, Int8PtrTy},
{IRB.CreatePointerCast(RealGuardArray, Int32PtrTy), {IRB.CreatePointerCast(RealGuardArray, Int32PtrTy),
ConstantInt::get(IntptrTy, N), ConstantInt::get(IntptrTy, N),
▲ Show 20 LinesShow All 122 Lines▼ Show 20 Linesvoid SanitizerCoverageModule::CreateFunctionGuardArray(size_t NumGuards,
if (!Options.TracePCGuard) return; if (!Options.TracePCGuard) return;
HasSancovGuardsSection = true; HasSancovGuardsSection = true;
ArrayType *ArrayOfInt32Ty = ArrayType::get(Int32Ty, NumGuards); ArrayType *ArrayOfInt32Ty = ArrayType::get(Int32Ty, NumGuards);
FunctionGuardArray = new GlobalVariable( FunctionGuardArray = new GlobalVariable(
*CurModule, ArrayOfInt32Ty, false, GlobalVariable::PrivateLinkage, *CurModule, ArrayOfInt32Ty, false, GlobalVariable::PrivateLinkage,
Constant::getNullValue(ArrayOfInt32Ty), "__sancov_gen_"); Constant::getNullValue(ArrayOfInt32Ty), "__sancov_gen_");
if (auto Comdat = F.getComdat()) if (auto Comdat = F.getComdat())
FunctionGuardArray->setComdat(Comdat); FunctionGuardArray->setComdat(Comdat);
FunctionGuardArray->setSection(getSanCovTracePCGuardSection(*CurModule)); FunctionGuardArray->setSection(getSanCovTracePCGuardSection());
} }
bool SanitizerCoverageModule::InjectCoverage(Function &F, bool SanitizerCoverageModule::InjectCoverage(Function &F,
ArrayRef<BasicBlock *> AllBlocks) { ArrayRef<BasicBlock *> AllBlocks) {
if (AllBlocks.empty()) return false; if (AllBlocks.empty()) return false;
switch (Options.CoverageType) { switch (Options.CoverageType) {
case SanitizerCoverageOptions::SCK_None: case SanitizerCoverageOptions::SCK_None:
return false; return false;
▲ Show 20 LinesShow All 221 Lines▼ Show 20 Lines if (Options.Use8bitCounters) {
LoadInst *LI = IRB.CreateLoad(P); LoadInst *LI = IRB.CreateLoad(P);
Value *Inc = IRB.CreateAdd(LI, ConstantInt::get(IRB.getInt8Ty(), 1)); Value *Inc = IRB.CreateAdd(LI, ConstantInt::get(IRB.getInt8Ty(), 1));
StoreInst *SI = IRB.CreateStore(Inc, P); StoreInst *SI = IRB.CreateStore(Inc, P);
SetNoSanitizeMetadata(LI); SetNoSanitizeMetadata(LI);
SetNoSanitizeMetadata(SI); SetNoSanitizeMetadata(SI);
} }
} }
StringRef SanitizerCoverageModule::getSanCovTracePCGuardSection() const {
if (TargetTriple.getObjectFormat() == Triple::COFF)
return ".SCOV$M";
if (TargetTriple.isOSBinFormatMachO())
return "__DATA,__sancov_guards";
return "__sancov_guards";
}
StringRef SanitizerCoverageModule::getSanCovTracePCGuardSectionStart() {
if (TargetTriple.isOSBinFormatMachO())
return "\1section$start$__DATA$__sancov_guards";
return "__start___sancov_guards";
}
StringRef SanitizerCoverageModule::getSanCovTracePCGuardSectionEnd() {
if (TargetTriple.isOSBinFormatMachO())
return "\1section$end$__DATA$__sancov_guards";
return "__stop___sancov_guards";
}
char SanitizerCoverageModule::ID = 0; char SanitizerCoverageModule::ID = 0;
INITIALIZE_PASS_BEGIN(SanitizerCoverageModule, "sancov", INITIALIZE_PASS_BEGIN(SanitizerCoverageModule, "sancov",
"SanitizerCoverage: TODO." "SanitizerCoverage: TODO."
"ModulePass", "ModulePass",
false, false) false, false)
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass) INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass) INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass)
INITIALIZE_PASS_END(SanitizerCoverageModule, "sancov", INITIALIZE_PASS_END(SanitizerCoverageModule, "sancov",
"SanitizerCoverage: TODO." "SanitizerCoverage: TODO."
"ModulePass", "ModulePass",
false, false) false, false)
ModulePass *llvm::createSanitizerCoverageModulePass( ModulePass *llvm::createSanitizerCoverageModulePass(
const SanitizerCoverageOptions &Options) { const SanitizerCoverageOptions &Options) {
return new SanitizerCoverageModule(Options); return new SanitizerCoverageModule(Options);
} }