Page MenuHomePhabricator

[SanitizerCoverage] Add stack depth tracing instrumentation.
ClosedPublic

Authored by morehouse on Aug 17 2017, 10:37 AM.

Details

Summary

Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer. The new instrumentation is enabled by the flag
-fsanitize-coverage=stack-depth and is compatible with the existing
trace-pc-guard coverage. The user must also declare the following
global variable in their code:

thread_local uintptr_t __sancov_lowest_stack

https://bugs.llvm.org/show_bug.cgi?id=33857

Diff Detail

Repository
rL LLVM

Event Timeline

morehouse created this revision.Aug 17 2017, 10:37 AM
vitalybuka added inline comments.Aug 17 2017, 11:18 AM
clang/lib/Driver/SanitizerArgs.cpp
559 ↗(On Diff #111534)

Extract
if (!(CoverageFeatures & InsertionPointTypes)) {
....

}

673 ↗(On Diff #111534)

Could you please add new flag into tools/clang/test/Driver/fsanitize-coverage.c

llvm/lib/Fuzzer/FuzzerTracePC.cpp
31 ↗(On Diff #111534)

Why this does not need ATTRIBUTE_INTERFACE?

35 ↗(On Diff #111534)

Should this be sancov_lowest_stack or even sancov_stack_depth?

morehouse added inline comments.Aug 17 2017, 1:53 PM
llvm/lib/Fuzzer/FuzzerTracePC.cpp
31 ↗(On Diff #111534)

Not sure why it works without it. Maybe the default build doesn't use
-fvisibility=hidden? But seems like a good idea to add.

35 ↗(On Diff #111534)

It looks like the current convention is to use __sancov_* for variables and __sanitizer_cov_* for functions. I'll modify the name here to reflect that. I think __sancov_lowest_stack would be the more descriptive choice since the "lowest stack" gets smaller as the "max stack depth" gets larger.

morehouse updated this revision to Diff 111570.Aug 17 2017, 2:44 PM
  • Extract shared condition.
  • Add ATTRIBUTE_INTERFACE.
  • Rename variable to __sancov_lowest_stack.
  • Add driver test for -fsanitize-coverage=stack-depth.
morehouse marked 6 inline comments as done.Aug 17 2017, 2:44 PM
morehouse edited the summary of this revision. (Show Details)
This revision is now accepted and ready to land.Aug 17 2017, 2:52 PM
This revision was automatically updated to reflect the committed changes.
kcc edited edge metadata.Aug 19 2017, 7:21 PM

Please also write a lit test for test/DeepRecursionTest.cpp (e.g. test/deep-recursion.test)