This is an archive of the discontinued LLVM Phabricator instance.

Differential D62888

[NewPM] Port Sancov
ClosedPublic

Authored by leonardchan on Jun 4 2019, 7:35 PM.

Details

Reviewers
fedor.sergeev
philip.pfaffe
chandlerc
Commits
rG5652f35817f0: [NewPM] Port Sancov
rC365838: [NewPM] Port Sancov
rL365838: [NewPM] Port Sancov
Summary

This patch contains a port of SanitizerCoverage to the new pass manager. This one's a bit hefty.

Changes:

  • Split SanitizerCoverageModule into 2 SanitizerCoverage for passing over functions and ModuleSanitizerCoverage for passing over modules.
  • ModuleSanitizerCoverage exists for adding 2 module level calls to initialization functions but only if there's a function that was instrumented by sancov.
  • Added legacy and new PM wrapper classes that own instances of the 2 new classes.
  • Update llvm tests and add clang tests,

Diff Detail

Event Timeline

leonardchan created this revision.Jun 4 2019, 7:35 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 4 2019, 7:35 PM
Herald added subscribers: hiraditya, eraman. · View Herald Transcript
leonardchan added a comment.Jun 10 2019, 1:57 PM

*ping*

chandlerc requested changes to this revision.Jun 10 2019, 5:36 PM

I would just change this to have the module pass loop over the functions -- that seems like it'll be much cleaner.

As it is, I'm not seeing where the loop actually happens. But rather than trying to figure that out, just seems better to turn it into an explicit loop. That way you can get rid of all the check analysis overhead I think.

This revision now requires changes to proceed.Jun 10 2019, 5:36 PM
leonardchan updated this revision to Diff 204333.Jun 12 2019, 11:08 AM
leonardchan edited the summary of this revision. (Show Details)
In D62888#1537233, @chandlerc wrote:

I would just change this to have the module pass loop over the functions -- that seems like it'll be much cleaner.

As it is, I'm not seeing where the loop actually happens. But rather than trying to figure that out, just seems better to turn it into an explicit loop. That way you can get rid of all the check analysis overhead I think.

Done. This simplifies the patch a lot more.

chandlerc requested changes to this revision.Jun 12 2019, 8:19 PM

This was a lot easier for me to understand too, thanks. Somewhat minor code changes below.

clang/lib/CodeGen/BackendUtil.cpp
1231–1232

Is there an existing function pass pipeline we can put this in, maybe by using an extension point? That would make it much faster to run I suspect.

llvm/include/llvm/Transforms/Instrumentation/SanitizerCoverage.h
6–7

Need to use the new file header.

15

I feel like we usually have whitespace here too?

25

Not really a wrapper, just the pass itself...

SanitizerCoverage is an implementation detail that the reader here doesn't really know about.

38

Same comment as above.

llvm/lib/Passes/PassRegistry.def
248

Consistency would suggest just sancov here? I don't feel strongly though.

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
228–229

This should be in the legacy pass below? (actually, I tihnk it already is, so this can likely be removed)

262–269
if (!llvm::any_of(M, [](const Function &F) { return can InstrumentWithSancov(F); }))
  return false;
442

I completely misread this the first time through thinking you used a common object for state....

Maybe change the constructor to accept a function to make it more obvious that this is intended to be built per-function?

This revision now requires changes to proceed.Jun 12 2019, 8:19 PM
leonardchan updated this revision to Diff 204892.Jun 14 2019, 8:34 PM
leonardchan marked 9 inline comments as done.
leonardchan added inline comments.
clang/lib/CodeGen/BackendUtil.cpp
1231–1232

I tried this earlier, but when I use registerOptimizerLastEPCallback() before the default module pipeline is made, I end up getting this linker error for -O2 runs:

fuzzer.c:(.text.sancov.module_ctor_8bit_counters[sancov.module_ctor_8bit_counters]+0x11): undefined reference to `__start___sancov_pcs'
fuzzer.c:(.text.sancov.module_ctor_8bit_counters[sancov.module_ctor_8bit_counters]+0x16): undefined reference to `__stop___sancov_pcs'

I don't understand how I get this because the symbols are declared in the IR dump as:

@__start___sancov_pcs = external hidden global i64*
@__stop___sancov_pcs = external hidden global i64*

for both the optimized cases if I use the adaptor or EP. I'm still linking with the same compiler-rt in each case.

The only difference I think of using the adaptor after buildPerModuleDefaultPipeline() vs using the extension point callback before is that the order in which the pass will be called changes, although I still don't see how it could lead to this undefined reference if I still link against compiler-rt.

Additionally, the only difference between the IR between using the adaptor vs the EP is a few extra globals/declarations seem to be missing when using the EP, which makes me think another pass that ran after this one removed them, although these don't seem to be related to the error.

llvm/lib/Passes/PassRegistry.def
248

Ah, so the reason why I don't use sancov here is because in the tests when using `-passes='function(sancov)', I get the following error:

/usr/local/google/home/leonardchan/llvm-monorepo/llvm-build-3-b133876586/bin/opt: unknown function pass '/usr/local/google/home/leonardchan/llvm-monorepo/llvm-build-3-b133876586/bin/sancov'

I think this is because lit tries to substitute sancov with the one under bin/sancov in my build dir. I'd be up for changing it if there's a way around this.

chandlerc added inline comments.Jun 18 2019, 7:47 PM
clang/lib/CodeGen/BackendUtil.cpp
1231–1232

Hmm...

Maybe those missing globals / declarations are relevant. Maybe they are necessary to get the linking against the sancov runtime to work correctly?

You could try adding these globals / declarations to the 'used' set so they don't get removed by later passes:
https://llvm.org/docs/LangRef.html#the-llvm-compiler-used-global-variable

Otherwise, I have no idea, maybe makes sense to loop in the sanitizer folks explicitly for help debugging this...

llvm/lib/Passes/PassRegistry.def
248

That's... really entertaining.

I suspect the tool should really be llvm-sancov to avoid this kind of thing.

But anyways, i'm OK with this or calling it something else. There is probably a way to hide a thing from lit's substitution as well, I just don't know what it is....

leonardchan updated this revision to Diff 205922.Jun 20 2019, 4:48 PM
leonardchan marked 3 inline comments as done.
leonardchan added inline comments.
clang/lib/CodeGen/BackendUtil.cpp
1231–1232

Ah ok. I did not know about this global before. So it seems that the problem was related to the __sancov_pcs section being optimized out. Adding __sancov_gen_ to llvm.compiler.used fixes this.

I did a little extra digging and I think it's ConstantMergePass or some other pass that works with this that seems to cause this.

zhizhouy added a subscriber: zhizhouy.Jun 27 2019, 1:54 PM
leonardchan added a comment.Jul 1 2019, 7:42 PM

ping @chandlerc

chandlerc added a comment.Jul 1 2019, 8:02 PM

The used thing still seems like there is an underlynig bug here. See below.

(Also a tiny nit, but that isn't the interesting part.)

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
206

Maybe call these getFooBarImpl so that you don't have to rely on name lookup trickery below to refer to them unambiguously?

754

There is a GlobalsToAppendToCompilerUsed vector that we append Array to below (line 759). Why isn't that sufficient instead of this?

leonardchan updated this revision to Diff 207698.Jul 2 2019, 7:04 PM
leonardchan marked 5 inline comments as done.
leonardchan added inline comments.
llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
754

Ah, I didn't actually see this for some reason. The reason why it wasn't working before was bc I left the code that called

if (TargetTriple.isOSBinFormatMachO())
  appendToUsed(M, GlobalsToAppendToUsed);
appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);

in initializeModule, so this never got appended. Fixed by moving this to a finalizeModule which runs after the function runs end.

leonardchan added a comment.Jul 8 2019, 12:51 PM

*ping* @chandlerc

leonardchan added a comment.Jul 11 2019, 1:39 PM

*ping*

chandlerc accepted this revision.Jul 11 2019, 2:39 PM

LGTM, thanks so much for sticking through this, I know it was ... nontrivial!

This revision is now accepted and ready to land.Jul 11 2019, 2:39 PM
Closed by commit rL365838: [NewPM] Port Sancov (authored by leonardchan). · Explain WhyJul 11 2019, 3:36 PM
This revision was automatically updated to reflect the committed changes.
abrachet marked an inline comment as done.Jul 12 2019, 3:37 AM
abrachet added a subscriber: abrachet.
abrachet added inline comments.
llvm/trunk/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
1022–1026 ↗(On Diff #209358)

buildbots are complaining about warnings from these being unused.

leonardchan marked an inline comment as done.Jul 12 2019, 11:09 AM
leonardchan added inline comments.
llvm/trunk/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
1022–1026 ↗(On Diff #209358)

Thanks for notifying. Removed them in r365931.

Revision Contents

Diff 207698

clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 54 Lines▼ Show 20 Lines
#include "llvm/Transforms/InstCombine/InstCombine.h" #include "llvm/Transforms/InstCombine/InstCombine.h"
#include "llvm/Transforms/Instrumentation.h" #include "llvm/Transforms/Instrumentation.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizer.h" #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/BoundsChecking.h" #include "llvm/Transforms/Instrumentation/BoundsChecking.h"
#include "llvm/Transforms/Instrumentation/GCOVProfiler.h" #include "llvm/Transforms/Instrumentation/GCOVProfiler.h"
#include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h" #include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/InstrProfiling.h" #include "llvm/Transforms/Instrumentation/InstrProfiling.h"
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/Transforms/Instrumentation/ThreadSanitizer.h" #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
#include "llvm/Transforms/ObjCARC.h" #include "llvm/Transforms/ObjCARC.h"
#include "llvm/Transforms/Scalar.h" #include "llvm/Transforms/Scalar.h"
#include "llvm/Transforms/Scalar/GVN.h" #include "llvm/Transforms/Scalar/GVN.h"
#include "llvm/Transforms/Utils.h" #include "llvm/Transforms/Utils.h"
#include "llvm/Transforms/Utils/CanonicalizeAliases.h" #include "llvm/Transforms/Utils/CanonicalizeAliases.h"
#include "llvm/Transforms/Utils/EntryExitInstrumenter.h" #include "llvm/Transforms/Utils/EntryExitInstrumenter.h"
#include "llvm/Transforms/Utils/NameAnonGlobals.h" #include "llvm/Transforms/Utils/NameAnonGlobals.h"
▲ Show 20 LinesShow All 119 Lines▼ Show 20 Linesstatic void addAddDiscriminatorsPass(const PassManagerBuilder &Builder,
PM.add(createAddDiscriminatorsPass()); PM.add(createAddDiscriminatorsPass());
} }
static void addBoundsCheckingPass(const PassManagerBuilder &Builder, static void addBoundsCheckingPass(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
PM.add(createBoundsCheckingLegacyPass()); PM.add(createBoundsCheckingLegacyPass());
} }
static void addSanitizerCoveragePass(const PassManagerBuilder &Builder, static SanitizerCoverageOptions
legacy::PassManagerBase &PM) { getSancovOptsFromCGOpts(const CodeGenOptions &CGOpts) {
const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder);
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
SanitizerCoverageOptions Opts; SanitizerCoverageOptions Opts;
Opts.CoverageType = Opts.CoverageType =
static_cast<SanitizerCoverageOptions::Type>(CGOpts.SanitizeCoverageType); static_cast<SanitizerCoverageOptions::Type>(CGOpts.SanitizeCoverageType);
Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls; Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls;
Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB; Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB;
Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp; Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp;
Opts.TraceDiv = CGOpts.SanitizeCoverageTraceDiv; Opts.TraceDiv = CGOpts.SanitizeCoverageTraceDiv;
Opts.TraceGep = CGOpts.SanitizeCoverageTraceGep; Opts.TraceGep = CGOpts.SanitizeCoverageTraceGep;
Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters; Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters;
Opts.TracePC = CGOpts.SanitizeCoverageTracePC; Opts.TracePC = CGOpts.SanitizeCoverageTracePC;
Opts.TracePCGuard = CGOpts.SanitizeCoverageTracePCGuard; Opts.TracePCGuard = CGOpts.SanitizeCoverageTracePCGuard;
Opts.NoPrune = CGOpts.SanitizeCoverageNoPrune; Opts.NoPrune = CGOpts.SanitizeCoverageNoPrune;
Opts.Inline8bitCounters = CGOpts.SanitizeCoverageInline8bitCounters; Opts.Inline8bitCounters = CGOpts.SanitizeCoverageInline8bitCounters;
Opts.PCTable = CGOpts.SanitizeCoveragePCTable; Opts.PCTable = CGOpts.SanitizeCoveragePCTable;
Opts.StackDepth = CGOpts.SanitizeCoverageStackDepth; Opts.StackDepth = CGOpts.SanitizeCoverageStackDepth;
PM.add(createSanitizerCoverageModulePass(Opts)); return Opts;
}
static void addSanitizerCoveragePass(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper &>(Builder);
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
auto Opts = getSancovOptsFromCGOpts(CGOpts);
PM.add(createModuleSanitizerCoverageLegacyPassPass(Opts));
PM.add(createSanitizerCoverageLegacyPassPass(Opts));
} }
// Check if ASan should use GC-friendly instrumentation for globals. // Check if ASan should use GC-friendly instrumentation for globals.
// First of all, there is no point if -fdata-sections is off (expect for MachO, // First of all, there is no point if -fdata-sections is off (expect for MachO,
// where this is not a factor). Also, on ELF this feature requires an assembler // where this is not a factor). Also, on ELF this feature requires an assembler
// extension that only works with -integrated-as at the moment. // extension that only works with -integrated-as at the moment.
static bool asanUseGlobalsGC(const Triple &T, const CodeGenOptions &CGOpts) { static bool asanUseGlobalsGC(const Triple &T, const CodeGenOptions &CGOpts) {
if (!CGOpts.SanitizeAddressGlobalsDeadStripping) if (!CGOpts.SanitizeAddressGlobalsDeadStripping)
▲ Show 20 LinesShow All 903 Lines▼ Show 20 Lines if (CodeGenOpts.OptimizationLevel == 0) {
// configure the pipeline. // configure the pipeline.
PassBuilder::OptimizationLevel Level = mapToLevel(CodeGenOpts); PassBuilder::OptimizationLevel Level = mapToLevel(CodeGenOpts);
PB.registerPipelineStartEPCallback([](ModulePassManager &MPM) { PB.registerPipelineStartEPCallback([](ModulePassManager &MPM) {
MPM.addPass(createModuleToFunctionPassAdaptor( MPM.addPass(createModuleToFunctionPassAdaptor(
EntryExitInstrumenterPass(/*PostInlining=*/false))); EntryExitInstrumenterPass(/*PostInlining=*/false)));
}); });
if (CodeGenOpts.SanitizeCoverageType ||
CodeGenOpts.SanitizeCoverageIndirectCalls ||
CodeGenOpts.SanitizeCoverageTraceCmp) {
auto SancovOpts = getSancovOptsFromCGOpts(CodeGenOpts);
PB.registerPipelineStartEPCallback(
[SancovOpts](ModulePassManager &MPM) {
MPM.addPass(ModuleSanitizerCoveragePass(SancovOpts));
});
PB.registerOptimizerLastEPCallback(
[SancovOpts](FunctionPassManager &FPM,
PassBuilder::OptimizationLevel Level) {
FPM.addPass(SanitizerCoveragePass(SancovOpts));
});
}
// Register callbacks to schedule sanitizer passes at the appropriate part of // Register callbacks to schedule sanitizer passes at the appropriate part of
// the pipeline. // the pipeline.
// FIXME: either handle asan/the remaining sanitizers or error out // FIXME: either handle asan/the remaining sanitizers or error out
if (LangOpts.Sanitize.has(SanitizerKind::LocalBounds)) if (LangOpts.Sanitize.has(SanitizerKind::LocalBounds))
PB.registerScalarOptimizerLateEPCallback( PB.registerScalarOptimizerLateEPCallback(
[](FunctionPassManager &FPM, PassBuilder::OptimizationLevel Level) { [](FunctionPassManager &FPM, PassBuilder::OptimizationLevel Level) {
FPM.addPass(BoundsCheckingPass()); FPM.addPass(BoundsCheckingPass());
}); });
▲ Show 20 LinesShow All 54 Lines▼ Show 20 Lines if (CodeGenOpts.OptimizationLevel == 0) {
if (Optional<InstrProfOptions> Options = if (Optional<InstrProfOptions> Options =
getInstrProfOptions(CodeGenOpts, LangOpts)) getInstrProfOptions(CodeGenOpts, LangOpts))
PB.registerPipelineStartEPCallback([Options](ModulePassManager &MPM) { PB.registerPipelineStartEPCallback([Options](ModulePassManager &MPM) {
MPM.addPass(InstrProfiling(*Options, false)); MPM.addPass(InstrProfiling(*Options, false));
}); });
if (IsThinLTO) { if (IsThinLTO) {
MPM = PB.buildThinLTOPreLinkDefaultPipeline( MPM = PB.buildThinLTOPreLinkDefaultPipeline(
Level, CodeGenOpts.DebugPassManager); Level, CodeGenOpts.DebugPassManager);
MPM.addPass(CanonicalizeAliasesPass()); MPM.addPass(CanonicalizeAliasesPass());
chandlercUnsubmitted
Done
ReplyInline Actions

Is there an existing function pass pipeline we can put this in, maybe by using an extension point? That would make it much faster to run I suspect.

chandlerc: Is there an existing function pass pipeline we can put this in, maybe by using an extension…
leonardchanAuthorUnsubmitted
Done
ReplyInline Actions

I tried this earlier, but when I use registerOptimizerLastEPCallback() before the default module pipeline is made, I end up getting this linker error for -O2 runs:

fuzzer.c:(.text.sancov.module_ctor_8bit_counters[sancov.module_ctor_8bit_counters]+0x11): undefined reference to `__start___sancov_pcs'
fuzzer.c:(.text.sancov.module_ctor_8bit_counters[sancov.module_ctor_8bit_counters]+0x16): undefined reference to `__stop___sancov_pcs'

I don't understand how I get this because the symbols are declared in the IR dump as:

@__start___sancov_pcs = external hidden global i64*
@__stop___sancov_pcs = external hidden global i64*

for both the optimized cases if I use the adaptor or EP. I'm still linking with the same compiler-rt in each case.

The only difference I think of using the adaptor after buildPerModuleDefaultPipeline() vs using the extension point callback before is that the order in which the pass will be called changes, although I still don't see how it could lead to this undefined reference if I still link against compiler-rt.

Additionally, the only difference between the IR between using the adaptor vs the EP is a few extra globals/declarations seem to be missing when using the EP, which makes me think another pass that ran after this one removed them, although these don't seem to be related to the error.

leonardchan: I tried this earlier, but when I use `registerOptimizerLastEPCallback()` before the default…
chandlercUnsubmitted
Done
ReplyInline Actions

Hmm...

Maybe those missing globals / declarations are relevant. Maybe they are necessary to get the linking against the sancov runtime to work correctly?

You could try adding these globals / declarations to the 'used' set so they don't get removed by later passes:
https://llvm.org/docs/LangRef.html#the-llvm-compiler-used-global-variable

Otherwise, I have no idea, maybe makes sense to loop in the sanitizer folks explicitly for help debugging this...

chandlerc: Hmm... Maybe those missing globals / declarations are relevant. Maybe they are necessary to…
leonardchanAuthorUnsubmitted
Done
ReplyInline Actions

Ah ok. I did not know about this global before. So it seems that the problem was related to the __sancov_pcs section being optimized out. Adding __sancov_gen_ to llvm.compiler.used fixes this.

I did a little extra digging and I think it's ConstantMergePass or some other pass that works with this that seems to cause this.

leonardchan: Ah ok. I did not know about this global before. So it seems that the problem was related to the…
MPM.addPass(NameAnonGlobalPass()); MPM.addPass(NameAnonGlobalPass());
} else if (IsLTO) { } else if (IsLTO) {
MPM = PB.buildLTOPreLinkDefaultPipeline(Level, MPM = PB.buildLTOPreLinkDefaultPipeline(Level,
CodeGenOpts.DebugPassManager); CodeGenOpts.DebugPassManager);
MPM.addPass(CanonicalizeAliasesPass()); MPM.addPass(CanonicalizeAliasesPass());
MPM.addPass(NameAnonGlobalPass()); MPM.addPass(NameAnonGlobalPass());
} else { } else {
MPM = PB.buildPerModuleDefaultPipeline(Level, MPM = PB.buildPerModuleDefaultPipeline(Level,
CodeGenOpts.DebugPassManager); CodeGenOpts.DebugPassManager);
} }
} }
if (CodeGenOpts.OptimizationLevel == 0) if (CodeGenOpts.OptimizationLevel == 0) {
if (CodeGenOpts.SanitizeCoverageType ||
CodeGenOpts.SanitizeCoverageIndirectCalls ||
CodeGenOpts.SanitizeCoverageTraceCmp) {
auto SancovOpts = getSancovOptsFromCGOpts(CodeGenOpts);
MPM.addPass(ModuleSanitizerCoveragePass(SancovOpts));
MPM.addPass(createModuleToFunctionPassAdaptor(
SanitizerCoveragePass(SancovOpts)));
}
addSanitizersAtO0(MPM, TargetTriple, LangOpts, CodeGenOpts); addSanitizersAtO0(MPM, TargetTriple, LangOpts, CodeGenOpts);
} }
}
// FIXME: We still use the legacy pass manager to do code generation. We // FIXME: We still use the legacy pass manager to do code generation. We
// create that pass manager here and use it as needed below. // create that pass manager here and use it as needed below.
legacy::PassManager CodeGenPasses; legacy::PassManager CodeGenPasses;
bool NeedCodeGen = false; bool NeedCodeGen = false;
std::unique_ptr<llvm::ToolOutputFile> ThinLinkOS, DwoOS; std::unique_ptr<llvm::ToolOutputFile> ThinLinkOS, DwoOS;
// Append any output we need to the pass manager. // Append any output we need to the pass manager.
▲ Show 20 LinesShow All 424 LinesShow Last 20 Lines

clang/test/CodeGen/sancov-new-pm.c

  • This file was added.
// Test that SanitizerCoverage works under the new pass manager.
// RUN: %clang -target x86_64-linux-gnu -fsanitize=fuzzer %s -fexperimental-new-pass-manager -S -emit-llvm -o - | FileCheck %s --check-prefixes=CHECK,CHECK-O0
// RUN: %clang -target x86_64-linux-gnu -fsanitize=fuzzer %s -fexperimental-new-pass-manager -O2 -S -emit-llvm -o - | FileCheck %s --check-prefixes=CHECK,CHECK-O2
// RUN: %clang -target x86_64-linux-gnu -fsanitize=fuzzer %s -fexperimental-new-pass-manager -flto -S -emit-llvm -o - | FileCheck %s --check-prefixes=CHECK,CHECK-O0
// RUN: %clang -target x86_64-linux-gnu -fsanitize=fuzzer %s -fexperimental-new-pass-manager -flto -O2 -S -emit-llvm -o - | FileCheck %s --check-prefixes=CHECK,CHECK-O2
// RUN: %clang -target x86_64-linux-gnu -fsanitize=fuzzer %s -fexperimental-new-pass-manager -flto=thin -S -emit-llvm -o - | FileCheck %s --check-prefixes=CHECK,CHECK-O0
// RUN: %clang -target x86_64-linux-gnu -fsanitize=fuzzer %s -fexperimental-new-pass-manager -flto=thin -O2 -S -emit-llvm -o - | FileCheck %s --check-prefixes=CHECK,CHECK-O2,CHECK-O2-THINLTO
extern void *memcpy(void *, const void *, unsigned long);
extern int printf(const char *restrict, ...);
int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size) {
unsigned char buf[4];
if (size < 8)
return 0;
if (data[0] == 'h' && data[1] == 'i' && data[2] == '!') {
memcpy(buf, data, size);
printf("test: %.2X\n", buf[0]);
}
return 0;
}
// CHECK-DAG: declare void @__sanitizer_cov_pcs_init(i64*, i64*)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_pc_indir(i64)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_cmp1(i8 zeroext, i8 zeroext)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_cmp2(i16 zeroext, i16 zeroext)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_cmp4(i32 zeroext, i32 zeroext)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_cmp8(i64, i64)
// CHECK-O2-THINLTO-NOT: declare void @__sanitizer_cov_trace_const_cmp1(i8 zeroext, i8 zeroext)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_const_cmp2(i16 zeroext, i16 zeroext)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_const_cmp4(i32 zeroext, i32 zeroext)
// CHECK-O2-THINLTO-NOT: declare void @__sanitizer_cov_trace_const_cmp8(i64, i64)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_div4(i32 zeroext)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_div8(i64)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_gep(i64)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_switch(i64, i64*)
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_pc()
// CHECK-O0-DAG: declare void @__sanitizer_cov_trace_pc_guard(i32*)

llvm/include/llvm/InitializePasses.h

Show First 20 LinesShow All 354 Lines▼ Show 20 Lines
void initializeRewriteSymbolsLegacyPassPass(PassRegistry&); void initializeRewriteSymbolsLegacyPassPass(PassRegistry&);
void initializeSCCPLegacyPassPass(PassRegistry&); void initializeSCCPLegacyPassPass(PassRegistry&);
void initializeSCEVAAWrapperPassPass(PassRegistry&); void initializeSCEVAAWrapperPassPass(PassRegistry&);
void initializeSLPVectorizerPass(PassRegistry&); void initializeSLPVectorizerPass(PassRegistry&);
void initializeSROALegacyPassPass(PassRegistry&); void initializeSROALegacyPassPass(PassRegistry&);
void initializeSafeStackLegacyPassPass(PassRegistry&); void initializeSafeStackLegacyPassPass(PassRegistry&);
void initializeSafepointIRVerifierPass(PassRegistry&); void initializeSafepointIRVerifierPass(PassRegistry&);
void initializeSampleProfileLoaderLegacyPassPass(PassRegistry&); void initializeSampleProfileLoaderLegacyPassPass(PassRegistry&);
void initializeSanitizerCoverageModulePass(PassRegistry&); void initializeSanitizerCoverageFunctionCheckLegacyPassPass(PassRegistry &);
void initializeSanitizerCoverageLegacyPassPass(PassRegistry &);
void initializeModuleSanitizerCoverageLegacyPassPass(PassRegistry &);
void initializeScalarEvolutionWrapperPassPass(PassRegistry&); void initializeScalarEvolutionWrapperPassPass(PassRegistry&);
void initializeScalarizeMaskedMemIntrinPass(PassRegistry&); void initializeScalarizeMaskedMemIntrinPass(PassRegistry&);
void initializeScalarizerLegacyPassPass(PassRegistry&); void initializeScalarizerLegacyPassPass(PassRegistry&);
void initializeScavengerTestPass(PassRegistry&); void initializeScavengerTestPass(PassRegistry&);
void initializeScopedNoAliasAAWrapperPassPass(PassRegistry&); void initializeScopedNoAliasAAWrapperPassPass(PassRegistry&);
void initializeSeparateConstOffsetFromGEPPass(PassRegistry&); void initializeSeparateConstOffsetFromGEPPass(PassRegistry&);
void initializeShadowStackGCLoweringPass(PassRegistry&); void initializeShadowStackGCLoweringPass(PassRegistry&);
void initializeShrinkWrapPass(PassRegistry&); void initializeShrinkWrapPass(PassRegistry&);
▲ Show 20 LinesShow All 49 LinesShow Last 20 Lines

llvm/include/llvm/Transforms/Instrumentation.h

Show First 20 LinesShow All 175 Lines▼ Show 20 Linesstruct SanitizerCoverageOptions {
bool Inline8bitCounters = false; bool Inline8bitCounters = false;
bool PCTable = false; bool PCTable = false;
bool NoPrune = false; bool NoPrune = false;
bool StackDepth = false; bool StackDepth = false;
SanitizerCoverageOptions() = default; SanitizerCoverageOptions() = default;
}; };
// Insert SanitizerCoverage instrumentation.
ModulePass *createSanitizerCoverageModulePass(
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions());
/// Calculate what to divide by to scale counts. /// Calculate what to divide by to scale counts.
/// ///
/// Given the maximum count, calculate a divisor that will scale all the /// Given the maximum count, calculate a divisor that will scale all the
/// weights to strictly less than std::numeric_limits<uint32_t>::max(). /// weights to strictly less than std::numeric_limits<uint32_t>::max().
static inline uint64_t calculateCountScale(uint64_t MaxCount) { static inline uint64_t calculateCountScale(uint64_t MaxCount) {
return MaxCount < std::numeric_limits<uint32_t>::max() return MaxCount < std::numeric_limits<uint32_t>::max()
? 1 ? 1
: MaxCount / std::numeric_limits<uint32_t>::max() + 1; : MaxCount / std::numeric_limits<uint32_t>::max() + 1;
Show All 14 Lines

llvm/include/llvm/Transforms/Instrumentation/SanitizerCoverage.h

  • This file was added.
//===--------- Definition of the SanitizerCoverage class --------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
chandlercUnsubmitted
Done
ReplyInline Actions

Need to use the new file header.

chandlerc: Need to use the new file header.
//
//===----------------------------------------------------------------------===//
//
// This file declares the SanitizerCoverage class which is a port of the legacy
// SanitizerCoverage pass to use the new PassManager infrastructure.
//
//===----------------------------------------------------------------------===//
chandlercUnsubmitted
Done
ReplyInline Actions

I feel like we usually have whitespace here too?

chandlerc: I feel like we usually have whitespace here too?
#ifndef LLVM_TRANSFORMS_INSTRUMENTATION_SANITIZERCOVERAGE_H
#define LLVM_TRANSFORMS_INSTRUMENTATION_SANITIZERCOVERAGE_H
#include "llvm/IR/Function.h"
#include "llvm/IR/Module.h"
#include "llvm/IR/PassManager.h"
#include "llvm/Transforms/Instrumentation.h"
namespace llvm {
chandlercUnsubmitted
Done
ReplyInline Actions

Not really a wrapper, just the pass itself...

SanitizerCoverage is an implementation detail that the reader here doesn't really know about.

chandlerc: Not really a wrapper, just the pass itself... `SanitizerCoverage` is an implementation detail…
/// This is the SanitizerCoverage pass used in the new pass manager. The
/// pass instruments functions for coverage.
class SanitizerCoveragePass : public PassInfoMixin<SanitizerCoveragePass> {
public:
explicit SanitizerCoveragePass(
SanitizerCoverageOptions Options = SanitizerCoverageOptions())
: Options(Options) {}
PreservedAnalyses run(Function &F, FunctionAnalysisManager &AM);
private:
SanitizerCoverageOptions Options;
};
chandlercUnsubmitted
Done
ReplyInline Actions

Same comment as above.

chandlerc: Same comment as above.
/// This is the ModuleSanitizerCoverage pass used in the new pass manager. This
/// adds initialization calls to the module for trace PC guards and 8bit
/// counters if they are requested.
class ModuleSanitizerCoveragePass
: public PassInfoMixin<ModuleSanitizerCoveragePass> {
public:
explicit ModuleSanitizerCoveragePass(
SanitizerCoverageOptions Options = SanitizerCoverageOptions())
: Options(Options) {}
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM);
private:
SanitizerCoverageOptions Options;
};
// Insert SanitizerCoverage instrumentation.
FunctionPass *createSanitizerCoverageLegacyPassPass(
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions());
ModulePass *createModuleSanitizerCoverageLegacyPassPass(
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions());
} // namespace llvm
#endif

llvm/lib/Passes/PassBuilder.cpp

Show First 20 LinesShow All 94 Lines▼ Show 20 Lines
#include "llvm/Transforms/Instrumentation/CGProfile.h" #include "llvm/Transforms/Instrumentation/CGProfile.h"
#include "llvm/Transforms/Instrumentation/ControlHeightReduction.h" #include "llvm/Transforms/Instrumentation/ControlHeightReduction.h"
#include "llvm/Transforms/Instrumentation/GCOVProfiler.h" #include "llvm/Transforms/Instrumentation/GCOVProfiler.h"
#include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h" #include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/InstrOrderFile.h" #include "llvm/Transforms/Instrumentation/InstrOrderFile.h"
#include "llvm/Transforms/Instrumentation/InstrProfiling.h" #include "llvm/Transforms/Instrumentation/InstrProfiling.h"
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/Transforms/Instrumentation/PGOInstrumentation.h" #include "llvm/Transforms/Instrumentation/PGOInstrumentation.h"
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/Transforms/Instrumentation/ThreadSanitizer.h" #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
#include "llvm/Transforms/Scalar/ADCE.h" #include "llvm/Transforms/Scalar/ADCE.h"
#include "llvm/Transforms/Scalar/AlignmentFromAssumptions.h" #include "llvm/Transforms/Scalar/AlignmentFromAssumptions.h"
#include "llvm/Transforms/Scalar/BDCE.h" #include "llvm/Transforms/Scalar/BDCE.h"
#include "llvm/Transforms/Scalar/CallSiteSplitting.h" #include "llvm/Transforms/Scalar/CallSiteSplitting.h"
#include "llvm/Transforms/Scalar/ConstantHoisting.h" #include "llvm/Transforms/Scalar/ConstantHoisting.h"
#include "llvm/Transforms/Scalar/CorrelatedValuePropagation.h" #include "llvm/Transforms/Scalar/CorrelatedValuePropagation.h"
#include "llvm/Transforms/Scalar/DCE.h" #include "llvm/Transforms/Scalar/DCE.h"
Show All 26 Lines
#include "llvm/Transforms/Scalar/LoopUnrollAndJamPass.h" #include "llvm/Transforms/Scalar/LoopUnrollAndJamPass.h"
#include "llvm/Transforms/Scalar/LoopUnrollPass.h" #include "llvm/Transforms/Scalar/LoopUnrollPass.h"
#include "llvm/Transforms/Scalar/LowerAtomic.h" #include "llvm/Transforms/Scalar/LowerAtomic.h"
#include "llvm/Transforms/Scalar/LowerExpectIntrinsic.h" #include "llvm/Transforms/Scalar/LowerExpectIntrinsic.h"
#include "llvm/Transforms/Scalar/LowerGuardIntrinsic.h" #include "llvm/Transforms/Scalar/LowerGuardIntrinsic.h"
#include "llvm/Transforms/Scalar/LowerWidenableCondition.h" #include "llvm/Transforms/Scalar/LowerWidenableCondition.h"
#include "llvm/Transforms/Scalar/MakeGuardsExplicit.h" #include "llvm/Transforms/Scalar/MakeGuardsExplicit.h"
#include "llvm/Transforms/Scalar/MemCpyOptimizer.h" #include "llvm/Transforms/Scalar/MemCpyOptimizer.h"
#include "llvm/Transforms/Scalar/MergedLoadStoreMotion.h"
#include "llvm/Transforms/Scalar/MergeICmps.h" #include "llvm/Transforms/Scalar/MergeICmps.h"
#include "llvm/Transforms/Scalar/MergedLoadStoreMotion.h"
#include "llvm/Transforms/Scalar/NaryReassociate.h" #include "llvm/Transforms/Scalar/NaryReassociate.h"
#include "llvm/Transforms/Scalar/NewGVN.h" #include "llvm/Transforms/Scalar/NewGVN.h"
#include "llvm/Transforms/Scalar/PartiallyInlineLibCalls.h" #include "llvm/Transforms/Scalar/PartiallyInlineLibCalls.h"
#include "llvm/Transforms/Scalar/Reassociate.h" #include "llvm/Transforms/Scalar/Reassociate.h"
#include "llvm/Transforms/Scalar/RewriteStatepointsForGC.h" #include "llvm/Transforms/Scalar/RewriteStatepointsForGC.h"
#include "llvm/Transforms/Scalar/SCCP.h" #include "llvm/Transforms/Scalar/SCCP.h"
#include "llvm/Transforms/Scalar/SROA.h" #include "llvm/Transforms/Scalar/SROA.h"
#include "llvm/Transforms/Scalar/Scalarizer.h" #include "llvm/Transforms/Scalar/Scalarizer.h"
▲ Show 20 LinesShow All 2,145 LinesShow Last 20 Lines

llvm/lib/Passes/PassRegistry.def

Show First 20 LinesShow All 80 Lines▼ Show 20 Lines
MODULE_PASS("rpo-functionattrs", ReversePostOrderFunctionAttrsPass()) MODULE_PASS("rpo-functionattrs", ReversePostOrderFunctionAttrsPass())
MODULE_PASS("sample-profile", SampleProfileLoaderPass()) MODULE_PASS("sample-profile", SampleProfileLoaderPass())
MODULE_PASS("strip-dead-prototypes", StripDeadPrototypesPass()) MODULE_PASS("strip-dead-prototypes", StripDeadPrototypesPass())
MODULE_PASS("synthetic-counts-propagation", SyntheticCountsPropagation()) MODULE_PASS("synthetic-counts-propagation", SyntheticCountsPropagation())
MODULE_PASS("wholeprogramdevirt", WholeProgramDevirtPass(nullptr, nullptr)) MODULE_PASS("wholeprogramdevirt", WholeProgramDevirtPass(nullptr, nullptr))
MODULE_PASS("verify", VerifierPass()) MODULE_PASS("verify", VerifierPass())
MODULE_PASS("asan-module", ModuleAddressSanitizerPass(/*CompileKernel=*/false, false, true, false)) MODULE_PASS("asan-module", ModuleAddressSanitizerPass(/*CompileKernel=*/false, false, true, false))
MODULE_PASS("kasan-module", ModuleAddressSanitizerPass(/*CompileKernel=*/true, false, true, false)) MODULE_PASS("kasan-module", ModuleAddressSanitizerPass(/*CompileKernel=*/true, false, true, false))
MODULE_PASS("sancov-module", ModuleSanitizerCoveragePass())
#undef MODULE_PASS #undef MODULE_PASS
#ifndef CGSCC_ANALYSIS #ifndef CGSCC_ANALYSIS
#define CGSCC_ANALYSIS(NAME, CREATE_PASS) #define CGSCC_ANALYSIS(NAME, CREATE_PASS)
#endif #endif
CGSCC_ANALYSIS("no-op-cgscc", NoOpCGSCCAnalysis()) CGSCC_ANALYSIS("no-op-cgscc", NoOpCGSCCAnalysis())
CGSCC_ANALYSIS("fam-proxy", FunctionAnalysisManagerCGSCCProxy()) CGSCC_ANALYSIS("fam-proxy", FunctionAnalysisManagerCGSCCProxy())
CGSCC_ANALYSIS("pass-instrumentation", PassInstrumentationAnalysis(PIC)) CGSCC_ANALYSIS("pass-instrumentation", PassInstrumentationAnalysis(PIC))
▲ Show 20 LinesShow All 142 Lines▼ Show 20 Lines
FUNCTION_PASS("transform-warning", WarnMissedTransformationsPass()) FUNCTION_PASS("transform-warning", WarnMissedTransformationsPass())
FUNCTION_PASS("asan", AddressSanitizerPass(false, false, false)) FUNCTION_PASS("asan", AddressSanitizerPass(false, false, false))
FUNCTION_PASS("kasan", AddressSanitizerPass(true, false, false)) FUNCTION_PASS("kasan", AddressSanitizerPass(true, false, false))
FUNCTION_PASS("hwasan", HWAddressSanitizerPass(false, false)) FUNCTION_PASS("hwasan", HWAddressSanitizerPass(false, false))
FUNCTION_PASS("khwasan", HWAddressSanitizerPass(true, true)) FUNCTION_PASS("khwasan", HWAddressSanitizerPass(true, true))
FUNCTION_PASS("msan", MemorySanitizerPass({})) FUNCTION_PASS("msan", MemorySanitizerPass({}))
FUNCTION_PASS("kmsan", MemorySanitizerPass({0, false, /*Kernel=*/true})) FUNCTION_PASS("kmsan", MemorySanitizerPass({0, false, /*Kernel=*/true}))
FUNCTION_PASS("tsan", ThreadSanitizerPass()) FUNCTION_PASS("tsan", ThreadSanitizerPass())
FUNCTION_PASS("sancov-func", SanitizerCoveragePass())
chandlercUnsubmitted
Done
ReplyInline Actions

Consistency would suggest just sancov here? I don't feel strongly though.

chandlerc: Consistency would suggest just `sancov` here? I don't feel strongly though.
leonardchanAuthorUnsubmitted
Done
ReplyInline Actions

Ah, so the reason why I don't use sancov here is because in the tests when using `-passes='function(sancov)', I get the following error:

/usr/local/google/home/leonardchan/llvm-monorepo/llvm-build-3-b133876586/bin/opt: unknown function pass '/usr/local/google/home/leonardchan/llvm-monorepo/llvm-build-3-b133876586/bin/sancov'

I think this is because lit tries to substitute sancov with the one under bin/sancov in my build dir. I'd be up for changing it if there's a way around this.

leonardchan: Ah, so the reason why I don't use `sancov` here is because in the tests when using `…
chandlercUnsubmitted
Done
ReplyInline Actions

That's... really entertaining.

I suspect the tool should really be llvm-sancov to avoid this kind of thing.

But anyways, i'm OK with this or calling it something else. There is probably a way to hide a thing from lit's substitution as well, I just don't know what it is....

chandlerc: That's... really entertaining. I suspect the tool should really be `llvm-sancov` to avoid this…
#undef FUNCTION_PASS #undef FUNCTION_PASS
#ifndef FUNCTION_PASS_WITH_PARAMS #ifndef FUNCTION_PASS_WITH_PARAMS
#define FUNCTION_PASS_WITH_PARAMS(NAME, CREATE_PASS, PARSER) #define FUNCTION_PASS_WITH_PARAMS(NAME, CREATE_PASS, PARSER)
#endif #endif
FUNCTION_PASS_WITH_PARAMS("unroll", FUNCTION_PASS_WITH_PARAMS("unroll",
[](LoopUnrollOptions Opts) { [](LoopUnrollOptions Opts) {
return LoopUnrollPass(Opts); return LoopUnrollPass(Opts);
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

llvm/lib/Transforms/Instrumentation/Instrumentation.cpp

Show First 20 LinesShow All 110 Lines▼ Show 20 Linesvoid llvm::initializeInstrumentation(PassRegistry &Registry) {
initializePGOInstrumentationUseLegacyPassPass(Registry); initializePGOInstrumentationUseLegacyPassPass(Registry);
initializePGOIndirectCallPromotionLegacyPassPass(Registry); initializePGOIndirectCallPromotionLegacyPassPass(Registry);
initializePGOMemOPSizeOptLegacyPassPass(Registry); initializePGOMemOPSizeOptLegacyPassPass(Registry);
initializeInstrOrderFileLegacyPassPass(Registry); initializeInstrOrderFileLegacyPassPass(Registry);
initializeInstrProfilingLegacyPassPass(Registry); initializeInstrProfilingLegacyPassPass(Registry);
initializeMemorySanitizerLegacyPassPass(Registry); initializeMemorySanitizerLegacyPassPass(Registry);
initializeHWAddressSanitizerLegacyPassPass(Registry); initializeHWAddressSanitizerLegacyPassPass(Registry);
initializeThreadSanitizerLegacyPassPass(Registry); initializeThreadSanitizerLegacyPassPass(Registry);
initializeSanitizerCoverageModulePass(Registry); initializeSanitizerCoverageLegacyPassPass(Registry);
initializeDataFlowSanitizerPass(Registry); initializeDataFlowSanitizerPass(Registry);
} }
/// LLVMInitializeInstrumentation - C binding for /// LLVMInitializeInstrumentation - C binding for
/// initializeInstrumentation. /// initializeInstrumentation.
void LLVMInitializeInstrumentation(LLVMPassRegistryRef R) { void LLVMInitializeInstrumentation(LLVMPassRegistryRef R) {
initializeInstrumentation(*unwrap(R)); initializeInstrumentation(*unwrap(R));
} }

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

//===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===// //===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// Coverage instrumentation done on LLVM IR level, works with Sanitizers. // Coverage instrumentation done on LLVM IR level, works with Sanitizers.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/Analysis/EHPersonalities.h" #include "llvm/Analysis/EHPersonalities.h"
#include "llvm/Analysis/PostDominators.h" #include "llvm/Analysis/PostDominators.h"
#include "llvm/IR/CFG.h" #include "llvm/IR/CFG.h"
#include "llvm/IR/CallSite.h" #include "llvm/IR/CallSite.h"
#include "llvm/IR/Constant.h" #include "llvm/IR/Constant.h"
#include "llvm/IR/DataLayout.h" #include "llvm/IR/DataLayout.h"
▲ Show 20 LinesShow All 150 Lines▼ Show 20 LinesSanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
Options.NoPrune |= !ClPruneBlocks; Options.NoPrune |= !ClPruneBlocks;
Options.StackDepth |= ClStackDepth; Options.StackDepth |= ClStackDepth;
if (!Options.TracePCGuard && !Options.TracePC && if (!Options.TracePCGuard && !Options.TracePC &&
!Options.Inline8bitCounters && !Options.StackDepth) !Options.Inline8bitCounters && !Options.StackDepth)
Options.TracePCGuard = true; // TracePCGuard is default. Options.TracePCGuard = true; // TracePCGuard is default.
return Options; return Options;
} }
class SanitizerCoverageModule : public ModulePass { bool canInstrumentWithSancov(const Function &F) {
if (F.empty())
return false;
if (F.getName().find(".module_ctor") != std::string::npos)
return false; // Should not instrument sanitizer init functions.
if (F.getName().startswith("__sanitizer_"))
return false; // Don't instrument __sanitizer_* callbacks.
// Don't touch available_externally functions, their actual body is elewhere.
if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
return false;
// Don't instrument MSVC CRT configuration helpers. They may run before normal
// initialization.
if (F.getName() == "__local_stdio_printf_options" ||
F.getName() == "__local_stdio_scanf_options")
return false;
if (isa<UnreachableInst>(F.getEntryBlock().getTerminator()))
return false;
// Don't instrument functions using SEH for now. Splitting basic blocks like
// we do for coverage breaks WinEHPrepare.
// FIXME: Remove this when SEH no longer uses landingpad pattern matching.
if (F.hasPersonalityFn() &&
isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
return false;
return true;
}
std::string getSectionStartImpl(const Triple &TargetTriple,
chandlercUnsubmitted
Done
ReplyInline Actions

Maybe call these getFooBarImpl so that you don't have to rely on name lookup trickery below to refer to them unambiguously?

chandlerc: Maybe call these `getFooBarImpl` so that you don't have to rely on name lookup trickery below…
const std::string &Section) {
if (TargetTriple.isOSBinFormatMachO())
return "\1section$start$__DATA$__" + Section;
return "__start___" + Section;
}
std::string getSectionEndImpl(const Triple &TargetTriple,
const std::string &Section) {
if (TargetTriple.isOSBinFormatMachO())
return "\1section$end$__DATA$__" + Section;
return "__stop___" + Section;
}
/// This is a class for instrumenting the module to add calls to initializing
/// the trace PC guards and 8bit counter globals. This should only be done
/// though if there is at least one function that can be instrumented with
/// Sancov.
class ModuleSanitizerCoverage {
public: public:
SanitizerCoverageModule( ModuleSanitizerCoverage(const SanitizerCoverageOptions &Options)
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions()) : Options(OverrideFromCL(Options)) {
: ModulePass(ID), Options(OverrideFromCL(Options)) {
initializeSanitizerCoverageModulePass(*PassRegistry::getPassRegistry());
} }
bool runOnModule(Module &M) override;
bool runOnFunction(Function &F);
static char ID; // Pass identification, replacement for typeid
StringRef getPassName() const override { return "SanitizerCoverageModule"; }
chandlercUnsubmitted
Done
ReplyInline Actions

This should be in the legacy pass below? (actually, I tihnk it already is, so this can likely be removed)

chandlerc: This should be in the legacy pass below? (actually, I tihnk it already is, so this can likely…
void getAnalysisUsage(AnalysisUsage &AU) const override { bool instrumentModule(Module &M) {
AU.addRequired<DominatorTreeWrapperPass>(); if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
AU.addRequired<PostDominatorTreeWrapperPass>(); return false;
Function *Ctor = nullptr;
LLVMContext *C = &(M.getContext());
const DataLayout *DL = &M.getDataLayout();
TargetTriple = Triple(M.getTargetTriple());
IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
Type *IntptrPtrTy = PointerType::getUnqual(IntptrTy);
IRBuilder<> IRB(*C);
Type *Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
Int8Ty = IRB.getInt8Ty();
// Check that the __sancov_lowest_stack marker does not already exist.
Constant *SanCovLowestStackConstant =
M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy);
GlobalVariable *SanCovLowestStack =
dyn_cast<GlobalVariable>(SanCovLowestStackConstant);
if (!SanCovLowestStack) {
C->emitError(StringRef("'") + SanCovLowestStackName +
"' should not be declared by the user");
return true;
}
// We want to emit guard init calls if the module contains a function that
// we can instrument with SanitizerCoverage. We ignore any functions that
// were inserted by SanitizerCoverage and get the result from the analysis
// that checks for a valid function that the analysis may have run over.
if (!llvm::any_of(
M, [](const Function &F) { return canInstrumentWithSancov(F); }))
return false;
// Emit the init calls.
if (Options.TracePCGuard)
Ctor = CreateInitCallsForSections(M, SanCovModuleCtorTracePcGuardName,
SanCovTracePCGuardInitName, Int32PtrTy,
SanCovGuardsSectionName);
if (Options.Inline8bitCounters)
chandlercUnsubmitted
Done
ReplyInline Actions
if (!llvm::any_of(M, [](const Function &F) { return can InstrumentWithSancov(F); }))
  return false;
chandlerc: ``` if (!llvm::any_of(M, [](const Function &F) { return can InstrumentWithSancov(F); }))…
Ctor = CreateInitCallsForSections(M, SanCovModuleCtor8bitCountersName,
SanCov8bitCountersInitName, Int8PtrTy,
SanCovCountersSectionName);
if (Ctor && Options.PCTable) {
auto SecStartEnd =
CreateSecStartEnd(M, SanCovPCsSectionName, IntptrPtrTy);
FunctionCallee InitFunction = declareSanitizerInitFunction(
M, SanCovPCsInitName, {IntptrPtrTy, IntptrPtrTy});
IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
}
return Ctor;
}
private:
Function *CreateInitCallsForSections(Module &M, const char *CtorName,
const char *InitFunctionName, Type *Ty,
const char *Section);
std::pair<Value *, Value *> CreateSecStartEnd(Module &M, const char *Section,
Type *Ty);
std::string getSectionStart(const std::string &Section) const {
return getSectionStartImpl(TargetTriple, Section);
}
std::string getSectionEnd(const std::string &Section) const {
return getSectionEndImpl(TargetTriple, Section);
}
SanitizerCoverageOptions Options;
Triple TargetTriple;
Type *IntptrTy, *Int8PtrTy, *Int8Ty;
};
class ModuleSanitizerCoverageLegacyPass : public ModulePass {
public:
static char ID;
ModuleSanitizerCoverageLegacyPass(
SanitizerCoverageOptions Options = SanitizerCoverageOptions())
: ModulePass(ID), Options(Options) {
initializeModuleSanitizerCoverageLegacyPassPass(
*PassRegistry::getPassRegistry());
}
bool runOnModule(Module &M) override {
ModuleSanitizerCoverage ModuleSancov(Options);
return ModuleSancov.instrumentModule(M);
};
StringRef getPassName() const override {
return "ModuleSanitizerCoverageLegacyPass";
}
private:
SanitizerCoverageOptions Options;
};
char ModuleSanitizerCoverageLegacyPass::ID = 0;
class SanitizerCoverage {
public:
SanitizerCoverage(Function &F, const SanitizerCoverageOptions &Options)
: CurModule(F.getParent()), Options(OverrideFromCL(Options)) {
initializeModule(*F.getParent());
} }
~SanitizerCoverage() { finalizeModule(*CurModule); }
bool instrumentFunction(Function &F, const DominatorTree *DT,
const PostDominatorTree *PDT);
private: private:
void initializeModule(Module &M);
void finalizeModule(Module &M);
void InjectCoverageForIndirectCalls(Function &F, void InjectCoverageForIndirectCalls(Function &F,
ArrayRef<Instruction *> IndirCalls); ArrayRef<Instruction *> IndirCalls);
void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets); void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets);
void InjectTraceForDiv(Function &F, void InjectTraceForDiv(Function &F,
ArrayRef<BinaryOperator *> DivTraceTargets); ArrayRef<BinaryOperator *> DivTraceTargets);
void InjectTraceForGep(Function &F, void InjectTraceForGep(Function &F,
ArrayRef<GetElementPtrInst *> GepTraceTargets); ArrayRef<GetElementPtrInst *> GepTraceTargets);
void InjectTraceForSwitch(Function &F, void InjectTraceForSwitch(Function &F,
ArrayRef<Instruction *> SwitchTraceTargets); ArrayRef<Instruction *> SwitchTraceTargets);
bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks, bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
bool IsLeafFunc = true); bool IsLeafFunc = true);
GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements, GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
Function &F, Type *Ty, Function &F, Type *Ty,
const char *Section); const char *Section);
GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks); GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks); void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx, void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
bool IsLeafFunc = true); bool IsLeafFunc = true);
Function *CreateInitCallsForSections(Module &M, const char *CtorName,
const char *InitFunctionName, Type *Ty,
const char *Section);
std::pair<Value *, Value *> CreateSecStartEnd(Module &M, const char *Section,
Type *Ty);
void SetNoSanitizeMetadata(Instruction *I) { void SetNoSanitizeMetadata(Instruction *I) {
I->setMetadata(I->getModule()->getMDKindID("nosanitize"), I->setMetadata(I->getModule()->getMDKindID("nosanitize"),
MDNode::get(*C, None)); MDNode::get(*C, None));
} }
std::string getSectionName(const std::string &Section) const; std::string getSectionName(const std::string &Section) const;
std::string getSectionStart(const std::string &Section) const; std::string getSectionStart(const std::string &Section) const;
Show All 19 Linesprivate:
GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters. GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
GlobalVariable *FunctionPCsArray; // for pc-table. GlobalVariable *FunctionPCsArray; // for pc-table.
SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed; SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed; SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;
SanitizerCoverageOptions Options; SanitizerCoverageOptions Options;
}; };
class SanitizerCoverageLegacyPass : public FunctionPass {
public:
static char ID; // Pass identification, replacement for typeid
SanitizerCoverageLegacyPass(
SanitizerCoverageOptions Options = SanitizerCoverageOptions())
: FunctionPass(ID), Options(Options) {
initializeSanitizerCoverageLegacyPassPass(*PassRegistry::getPassRegistry());
}
bool runOnFunction(Function &F) override {
const DominatorTree *DT =
&getAnalysis<DominatorTreeWrapperPass>().getDomTree();
const PostDominatorTree *PDT =
&getAnalysis<PostDominatorTreeWrapperPass>().getPostDomTree();
SanitizerCoverage Sancov(F, Options);
return Sancov.instrumentFunction(F, DT, PDT);
}
StringRef getPassName() const override {
return "SanitizerCoverageLegacyPass";
}
void getAnalysisUsage(AnalysisUsage &AU) const override {
// Make the module sancov pass required by this pass so that it runs when
// -sancov is passed.
AU.addRequired<ModuleSanitizerCoverageLegacyPass>();
AU.addRequired<DominatorTreeWrapperPass>();
AU.addRequired<PostDominatorTreeWrapperPass>();
}
private:
SanitizerCoverageOptions Options;
};
} // namespace } // namespace
PreservedAnalyses SanitizerCoveragePass::run(Function &F,
FunctionAnalysisManager &AM) {
const DominatorTree *DT = &AM.getResult<DominatorTreeAnalysis>(F);
const PostDominatorTree *PDT = &AM.getResult<PostDominatorTreeAnalysis>(F);
SanitizerCoverage Sancov(F, Options);
if (Sancov.instrumentFunction(F, DT, PDT))
return PreservedAnalyses::none();
return PreservedAnalyses::all();
}
chandlercUnsubmitted
Done
ReplyInline Actions

I completely misread this the first time through thinking you used a common object for state....

Maybe change the constructor to accept a function to make it more obvious that this is intended to be built per-function?

chandlerc: I completely misread this the first time through thinking you used a common object for state....
PreservedAnalyses ModuleSanitizerCoveragePass::run(Module &M,
ModuleAnalysisManager &AM) {
ModuleSanitizerCoverage ModuleSancov(Options);
if (ModuleSancov.instrumentModule(M))
return PreservedAnalyses::none();
return PreservedAnalyses::all();
}
std::pair<Value *, Value *> std::pair<Value *, Value *>
SanitizerCoverageModule::CreateSecStartEnd(Module &M, const char *Section, ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
Type *Ty) { Type *Ty) {
GlobalVariable *SecStart = GlobalVariable *SecStart =
new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage, nullptr, new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage, nullptr,
getSectionStart(Section)); getSectionStart(Section));
SecStart->setVisibility(GlobalValue::HiddenVisibility); SecStart->setVisibility(GlobalValue::HiddenVisibility);
GlobalVariable *SecEnd = GlobalVariable *SecEnd =
new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage, new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage,
nullptr, getSectionEnd(Section)); nullptr, getSectionEnd(Section));
SecEnd->setVisibility(GlobalValue::HiddenVisibility); SecEnd->setVisibility(GlobalValue::HiddenVisibility);
IRBuilder<> IRB(M.getContext()); IRBuilder<> IRB(M.getContext());
Value *SecEndPtr = IRB.CreatePointerCast(SecEnd, Ty); Value *SecEndPtr = IRB.CreatePointerCast(SecEnd, Ty);
if (!TargetTriple.isOSBinFormatCOFF()) if (!TargetTriple.isOSBinFormatCOFF())
return std::make_pair(IRB.CreatePointerCast(SecStart, Ty), SecEndPtr); return std::make_pair(IRB.CreatePointerCast(SecStart, Ty), SecEndPtr);
// Account for the fact that on windows-msvc __start_* symbols actually // Account for the fact that on windows-msvc __start_* symbols actually
// point to a uint64_t before the start of the array. // point to a uint64_t before the start of the array.
auto SecStartI8Ptr = IRB.CreatePointerCast(SecStart, Int8PtrTy); auto SecStartI8Ptr = IRB.CreatePointerCast(SecStart, Int8PtrTy);
auto GEP = IRB.CreateGEP(Int8Ty, SecStartI8Ptr, auto GEP = IRB.CreateGEP(Int8Ty, SecStartI8Ptr,
ConstantInt::get(IntptrTy, sizeof(uint64_t))); ConstantInt::get(IntptrTy, sizeof(uint64_t)));
return std::make_pair(IRB.CreatePointerCast(GEP, Ty), SecEndPtr); return std::make_pair(IRB.CreatePointerCast(GEP, Ty), SecEndPtr);
} }
Function *SanitizerCoverageModule::CreateInitCallsForSections( Function *ModuleSanitizerCoverage::CreateInitCallsForSections(
Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty, Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty,
const char *Section) { const char *Section) {
auto SecStartEnd = CreateSecStartEnd(M, Section, Ty); auto SecStartEnd = CreateSecStartEnd(M, Section, Ty);
auto SecStart = SecStartEnd.first; auto SecStart = SecStartEnd.first;
auto SecEnd = SecStartEnd.second; auto SecEnd = SecStartEnd.second;
Function *CtorFunc; Function *CtorFunc;
std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions( std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
M, CtorName, InitFunctionName, {Ty, Ty}, {SecStart, SecEnd}); M, CtorName, InitFunctionName, {Ty, Ty}, {SecStart, SecEnd});
Show All 15 Lines if (TargetTriple.isOSBinFormatCOFF()) {
// to include the sancov constructor. This way the linker can deduplicate // to include the sancov constructor. This way the linker can deduplicate
// the constructors but always leave one copy. // the constructors but always leave one copy.
CtorFunc->setLinkage(GlobalValue::WeakODRLinkage); CtorFunc->setLinkage(GlobalValue::WeakODRLinkage);
appendToUsed(M, CtorFunc); appendToUsed(M, CtorFunc);
} }
return CtorFunc; return CtorFunc;
} }
bool SanitizerCoverageModule::runOnModule(Module &M) { void SanitizerCoverage::initializeModule(Module &M) {
if (Options.CoverageType == SanitizerCoverageOptions::SCK_None) if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
return false; return;
C = &(M.getContext()); C = &(M.getContext());
DL = &M.getDataLayout(); DL = &M.getDataLayout();
CurModule = &M;
CurModuleUniqueId = getUniqueModuleId(CurModule); CurModuleUniqueId = getUniqueModuleId(CurModule);
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
FunctionGuardArray = nullptr; FunctionGuardArray = nullptr;
Function8bitCounterArray = nullptr; Function8bitCounterArray = nullptr;
FunctionPCsArray = nullptr; FunctionPCsArray = nullptr;
IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits()); IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
IntptrPtrTy = PointerType::getUnqual(IntptrTy); IntptrPtrTy = PointerType::getUnqual(IntptrTy);
Type *VoidTy = Type::getVoidTy(*C); Type *VoidTy = Type::getVoidTy(*C);
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Linesvoid SanitizerCoverage::initializeModule(Module &M) {
SanCovTraceGepFunction = SanCovTraceGepFunction =
M.getOrInsertFunction(SanCovTraceGep, VoidTy, IntptrTy); M.getOrInsertFunction(SanCovTraceGep, VoidTy, IntptrTy);
SanCovTraceSwitchFunction = SanCovTraceSwitchFunction =
M.getOrInsertFunction(SanCovTraceSwitchName, VoidTy, Int64Ty, Int64PtrTy); M.getOrInsertFunction(SanCovTraceSwitchName, VoidTy, Int64Ty, Int64PtrTy);
Constant *SanCovLowestStackConstant = Constant *SanCovLowestStackConstant =
M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy); M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy);
SanCovLowestStack = dyn_cast<GlobalVariable>(SanCovLowestStackConstant); SanCovLowestStack = dyn_cast<GlobalVariable>(SanCovLowestStackConstant);
if (!SanCovLowestStack) {
C->emitError(StringRef("'") + SanCovLowestStackName +
"' should not be declared by the user");
return true;
}
SanCovLowestStack->setThreadLocalMode( SanCovLowestStack->setThreadLocalMode(
GlobalValue::ThreadLocalMode::InitialExecTLSModel); GlobalValue::ThreadLocalMode::InitialExecTLSModel);
if (Options.StackDepth && !SanCovLowestStack->isDeclaration()) if (Options.StackDepth && !SanCovLowestStack->isDeclaration())
SanCovLowestStack->setInitializer(Constant::getAllOnesValue(IntptrTy)); SanCovLowestStack->setInitializer(Constant::getAllOnesValue(IntptrTy));
// We insert an empty inline asm after cov callbacks to avoid callback merge. // We insert an empty inline asm after cov callbacks to avoid callback merge.
EmptyAsm = InlineAsm::get(FunctionType::get(IRB.getVoidTy(), false), EmptyAsm = InlineAsm::get(FunctionType::get(IRB.getVoidTy(), false),
StringRef(""), StringRef(""), StringRef(""), StringRef(""),
/*hasSideEffects=*/true); /*hasSideEffects=*/true);
SanCovTracePC = M.getOrInsertFunction(SanCovTracePCName, VoidTy); SanCovTracePC = M.getOrInsertFunction(SanCovTracePCName, VoidTy);
SanCovTracePCGuard = SanCovTracePCGuard =
M.getOrInsertFunction(SanCovTracePCGuardName, VoidTy, Int32PtrTy); M.getOrInsertFunction(SanCovTracePCGuardName, VoidTy, Int32PtrTy);
for (auto &F : M)
runOnFunction(F);
Function *Ctor = nullptr;
if (FunctionGuardArray)
Ctor = CreateInitCallsForSections(M, SanCovModuleCtorTracePcGuardName,
SanCovTracePCGuardInitName, Int32PtrTy,
SanCovGuardsSectionName);
if (Function8bitCounterArray)
Ctor = CreateInitCallsForSections(M, SanCovModuleCtor8bitCountersName,
SanCov8bitCountersInitName, Int8PtrTy,
SanCovCountersSectionName);
if (Ctor && Options.PCTable) {
auto SecStartEnd = CreateSecStartEnd(M, SanCovPCsSectionName, IntptrPtrTy);
FunctionCallee InitFunction = declareSanitizerInitFunction(
M, SanCovPCsInitName, {IntptrPtrTy, IntptrPtrTy});
IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
} }
void SanitizerCoverage::finalizeModule(Module &M) {
// We don't reference these arrays directly in any of our runtime functions, // We don't reference these arrays directly in any of our runtime functions,
// so we need to prevent them from being dead stripped. // so we need to prevent them from being dead stripped.
if (TargetTriple.isOSBinFormatMachO()) if (TargetTriple.isOSBinFormatMachO())
appendToUsed(M, GlobalsToAppendToUsed); appendToUsed(M, GlobalsToAppendToUsed);
appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed); appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);
return true;
} }
// True if block has successors and it dominates all of them. // True if block has successors and it dominates all of them.
static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) {
if (succ_begin(BB) == succ_end(BB)) if (succ_begin(BB) == succ_end(BB))
return false; return false;
for (const BasicBlock *SUCC : make_range(succ_begin(BB), succ_end(BB))) { for (const BasicBlock *SUCC : make_range(succ_begin(BB), succ_end(BB))) {
▲ Show 20 LinesShow All 74 Lines▼ Show 20 Lines if (!Options.NoPrune)
if (CMP->hasOneUse()) if (CMP->hasOneUse())
if (auto BR = dyn_cast<BranchInst>(CMP->user_back())) if (auto BR = dyn_cast<BranchInst>(CMP->user_back()))
for (BasicBlock *B : BR->successors()) for (BasicBlock *B : BR->successors())
if (IsBackEdge(BR->getParent(), B, DT)) if (IsBackEdge(BR->getParent(), B, DT))
return false; return false;
return true; return true;
} }
bool SanitizerCoverageModule::runOnFunction(Function &F) { bool SanitizerCoverage::instrumentFunction(Function &F, const DominatorTree *DT,
if (F.empty()) const PostDominatorTree *PDT) {
return false; if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
if (F.getName().find(".module_ctor") != std::string::npos)
return false; // Should not instrument sanitizer init functions.
if (F.getName().startswith("__sanitizer_"))
return false; // Don't instrument __sanitizer_* callbacks.
// Don't touch available_externally functions, their actual body is elewhere.
if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
return false;
// Don't instrument MSVC CRT configuration helpers. They may run before normal
// initialization.
if (F.getName() == "__local_stdio_printf_options" ||
F.getName() == "__local_stdio_scanf_options")
return false;
if (isa<UnreachableInst>(F.getEntryBlock().getTerminator()))
return false; return false;
// Don't instrument functions using SEH for now. Splitting basic blocks like if (!canInstrumentWithSancov(F))
// we do for coverage breaks WinEHPrepare.
// FIXME: Remove this when SEH no longer uses landingpad pattern matching.
if (F.hasPersonalityFn() &&
isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
return false; return false;
if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge) if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge)
SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests()); SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests());
SmallVector<Instruction *, 8> IndirCalls; SmallVector<Instruction *, 8> IndirCalls;
SmallVector<BasicBlock *, 16> BlocksToInstrument; SmallVector<BasicBlock *, 16> BlocksToInstrument;
SmallVector<Instruction *, 8> CmpTraceTargets; SmallVector<Instruction *, 8> CmpTraceTargets;
SmallVector<Instruction *, 8> SwitchTraceTargets; SmallVector<Instruction *, 8> SwitchTraceTargets;
SmallVector<BinaryOperator *, 8> DivTraceTargets; SmallVector<BinaryOperator *, 8> DivTraceTargets;
SmallVector<GetElementPtrInst *, 8> GepTraceTargets; SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
const DominatorTree *DT =
&getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
const PostDominatorTree *PDT =
&getAnalysis<PostDominatorTreeWrapperPass>(F).getPostDomTree();
bool IsLeafFunc = true; bool IsLeafFunc = true;
for (auto &BB : F) { for (auto &BB : F) {
if (shouldInstrumentBlock(F, &BB, DT, PDT, Options)) if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
BlocksToInstrument.push_back(&BB); BlocksToInstrument.push_back(&BB);
for (auto &Inst : BB) { for (auto &Inst : BB) {
if (Options.IndirectCalls) { if (Options.IndirectCalls) {
CallSite CS(&Inst); CallSite CS(&Inst);
Show All 26 Linesbool SanitizerCoverage::instrumentFunction(Function &F, const DominatorTree *DT,
InjectCoverageForIndirectCalls(F, IndirCalls); InjectCoverageForIndirectCalls(F, IndirCalls);
InjectTraceForCmp(F, CmpTraceTargets); InjectTraceForCmp(F, CmpTraceTargets);
InjectTraceForSwitch(F, SwitchTraceTargets); InjectTraceForSwitch(F, SwitchTraceTargets);
InjectTraceForDiv(F, DivTraceTargets); InjectTraceForDiv(F, DivTraceTargets);
InjectTraceForGep(F, GepTraceTargets); InjectTraceForGep(F, GepTraceTargets);
return true; return true;
} }
GlobalVariable *SanitizerCoverageModule::CreateFunctionLocalArrayInSection( GlobalVariable *SanitizerCoverage::CreateFunctionLocalArrayInSection(
size_t NumElements, Function &F, Type *Ty, const char *Section) { size_t NumElements, Function &F, Type *Ty, const char *Section) {
ArrayType *ArrayTy = ArrayType::get(Ty, NumElements); ArrayType *ArrayTy = ArrayType::get(Ty, NumElements);
auto Array = new GlobalVariable( auto Array = new GlobalVariable(
*CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage,
Constant::getNullValue(ArrayTy), "__sancov_gen_"); Constant::getNullValue(ArrayTy), "__sancov_gen_");
chandlercUnsubmitted
Done
ReplyInline Actions

There is a GlobalsToAppendToCompilerUsed vector that we append Array to below (line 759). Why isn't that sufficient instead of this?

chandlerc: There is a `GlobalsToAppendToCompilerUsed` vector that we append `Array` to below (line 759).
leonardchanAuthorUnsubmitted
Done
ReplyInline Actions

Ah, I didn't actually see this for some reason. The reason why it wasn't working before was bc I left the code that called

if (TargetTriple.isOSBinFormatMachO())
  appendToUsed(M, GlobalsToAppendToUsed);
appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);

in initializeModule, so this never got appended. Fixed by moving this to a finalizeModule which runs after the function runs end.

leonardchan: Ah, I didn't actually see this for some reason. The reason why it wasn't working before was bc…
if (TargetTriple.supportsCOMDAT() && !F.isInterposable()) if (TargetTriple.supportsCOMDAT() && !F.isInterposable())
if (auto Comdat = if (auto Comdat =
GetOrCreateFunctionComdat(F, TargetTriple, CurModuleUniqueId)) GetOrCreateFunctionComdat(F, TargetTriple, CurModuleUniqueId))
Array->setComdat(Comdat); Array->setComdat(Comdat);
Array->setSection(getSectionName(Section)); Array->setSection(getSectionName(Section));
Array->setAlignment(Ty->isPointerTy() ? DL->getPointerSize() Array->setAlignment(Ty->isPointerTy() ? DL->getPointerSize()
: Ty->getPrimitiveSizeInBits() / 8); : Ty->getPrimitiveSizeInBits() / 8);
GlobalsToAppendToUsed.push_back(Array); GlobalsToAppendToUsed.push_back(Array);
GlobalsToAppendToCompilerUsed.push_back(Array); GlobalsToAppendToCompilerUsed.push_back(Array);
MDNode *MD = MDNode::get(F.getContext(), ValueAsMetadata::get(&F)); MDNode *MD = MDNode::get(F.getContext(), ValueAsMetadata::get(&F));
Array->addMetadata(LLVMContext::MD_associated, *MD); Array->addMetadata(LLVMContext::MD_associated, *MD);
return Array; return Array;
} }
GlobalVariable * GlobalVariable *
SanitizerCoverageModule::CreatePCArray(Function &F, SanitizerCoverage::CreatePCArray(Function &F,
ArrayRef<BasicBlock *> AllBlocks) { ArrayRef<BasicBlock *> AllBlocks) {
size_t N = AllBlocks.size(); size_t N = AllBlocks.size();
assert(N); assert(N);
SmallVector<Constant *, 32> PCs; SmallVector<Constant *, 32> PCs;
IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt()); IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt());
for (size_t i = 0; i < N; i++) { for (size_t i = 0; i < N; i++) {
if (&F.getEntryBlock() == AllBlocks[i]) { if (&F.getEntryBlock() == AllBlocks[i]) {
PCs.push_back((Constant *)IRB.CreatePointerCast(&F, IntptrPtrTy)); PCs.push_back((Constant *)IRB.CreatePointerCast(&F, IntptrPtrTy));
PCs.push_back((Constant *)IRB.CreateIntToPtr( PCs.push_back((Constant *)IRB.CreateIntToPtr(
Show All 9 Lines auto *PCArray = CreateFunctionLocalArrayInSection(N * 2, F, IntptrPtrTy,
SanCovPCsSectionName); SanCovPCsSectionName);
PCArray->setInitializer( PCArray->setInitializer(
ConstantArray::get(ArrayType::get(IntptrPtrTy, N * 2), PCs)); ConstantArray::get(ArrayType::get(IntptrPtrTy, N * 2), PCs));
PCArray->setConstant(true); PCArray->setConstant(true);
return PCArray; return PCArray;
} }
void SanitizerCoverageModule::CreateFunctionLocalArrays( void SanitizerCoverage::CreateFunctionLocalArrays(
Function &F, ArrayRef<BasicBlock *> AllBlocks) { Function &F, ArrayRef<BasicBlock *> AllBlocks) {
if (Options.TracePCGuard) if (Options.TracePCGuard)
FunctionGuardArray = CreateFunctionLocalArrayInSection( FunctionGuardArray = CreateFunctionLocalArrayInSection(
AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName); AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName);
if (Options.Inline8bitCounters) if (Options.Inline8bitCounters)
Function8bitCounterArray = CreateFunctionLocalArrayInSection( Function8bitCounterArray = CreateFunctionLocalArrayInSection(
AllBlocks.size(), F, Int8Ty, SanCovCountersSectionName); AllBlocks.size(), F, Int8Ty, SanCovCountersSectionName);
if (Options.PCTable) if (Options.PCTable)
FunctionPCsArray = CreatePCArray(F, AllBlocks); FunctionPCsArray = CreatePCArray(F, AllBlocks);
} }
bool SanitizerCoverageModule::InjectCoverage(Function &F, bool SanitizerCoverage::InjectCoverage(Function &F,
ArrayRef<BasicBlock *> AllBlocks, ArrayRef<BasicBlock *> AllBlocks,
bool IsLeafFunc) { bool IsLeafFunc) {
if (AllBlocks.empty()) return false; if (AllBlocks.empty()) return false;
CreateFunctionLocalArrays(F, AllBlocks); CreateFunctionLocalArrays(F, AllBlocks);
for (size_t i = 0, N = AllBlocks.size(); i < N; i++) for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc); InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
return true; return true;
} }
// On every indirect call we call a run-time function // On every indirect call we call a run-time function
// __sanitizer_cov_indir_call* with two parameters: // __sanitizer_cov_indir_call* with two parameters:
// - callee address, // - callee address,
// - global cache array that contains CacheSize pointers (zero-initialized). // - global cache array that contains CacheSize pointers (zero-initialized).
// The cache is used to speed up recording the caller-callee pairs. // The cache is used to speed up recording the caller-callee pairs.
// The address of the caller is passed implicitly via caller PC. // The address of the caller is passed implicitly via caller PC.
// CacheSize is encoded in the name of the run-time function. // CacheSize is encoded in the name of the run-time function.
void SanitizerCoverageModule::InjectCoverageForIndirectCalls( void SanitizerCoverage::InjectCoverageForIndirectCalls(
Function &F, ArrayRef<Instruction *> IndirCalls) { Function &F, ArrayRef<Instruction *> IndirCalls) {
if (IndirCalls.empty()) if (IndirCalls.empty())
return; return;
assert(Options.TracePC || Options.TracePCGuard || Options.Inline8bitCounters); assert(Options.TracePC || Options.TracePCGuard || Options.Inline8bitCounters);
for (auto I : IndirCalls) { for (auto I : IndirCalls) {
IRBuilder<> IRB(I); IRBuilder<> IRB(I);
CallSite CS(I); CallSite CS(I);
Value *Callee = CS.getCalledValue(); Value *Callee = CS.getCalledValue();
if (isa<InlineAsm>(Callee)) if (isa<InlineAsm>(Callee))
continue; continue;
IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy)); IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
} }
} }
// For every switch statement we insert a call: // For every switch statement we insert a call:
// __sanitizer_cov_trace_switch(CondValue, // __sanitizer_cov_trace_switch(CondValue,
// {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... }) // {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... })
void SanitizerCoverageModule::InjectTraceForSwitch( void SanitizerCoverage::InjectTraceForSwitch(
Function &, ArrayRef<Instruction *> SwitchTraceTargets) { Function &, ArrayRef<Instruction *> SwitchTraceTargets) {
for (auto I : SwitchTraceTargets) { for (auto I : SwitchTraceTargets) {
if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) { if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) {
IRBuilder<> IRB(I); IRBuilder<> IRB(I);
SmallVector<Constant *, 16> Initializers; SmallVector<Constant *, 16> Initializers;
Value *Cond = SI->getCondition(); Value *Cond = SI->getCondition();
if (Cond->getType()->getScalarSizeInBits() > if (Cond->getType()->getScalarSizeInBits() >
Int64Ty->getScalarSizeInBits()) Int64Ty->getScalarSizeInBits())
Show All 22 Lines if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) {
ConstantArray::get(ArrayOfInt64Ty, Initializers), ConstantArray::get(ArrayOfInt64Ty, Initializers),
"__sancov_gen_cov_switch_values"); "__sancov_gen_cov_switch_values");
IRB.CreateCall(SanCovTraceSwitchFunction, IRB.CreateCall(SanCovTraceSwitchFunction,
{Cond, IRB.CreatePointerCast(GV, Int64PtrTy)}); {Cond, IRB.CreatePointerCast(GV, Int64PtrTy)});
} }
} }
} }
void SanitizerCoverageModule::InjectTraceForDiv( void SanitizerCoverage::InjectTraceForDiv(
Function &, ArrayRef<BinaryOperator *> DivTraceTargets) { Function &, ArrayRef<BinaryOperator *> DivTraceTargets) {
for (auto BO : DivTraceTargets) { for (auto BO : DivTraceTargets) {
IRBuilder<> IRB(BO); IRBuilder<> IRB(BO);
Value *A1 = BO->getOperand(1); Value *A1 = BO->getOperand(1);
if (isa<ConstantInt>(A1)) continue; if (isa<ConstantInt>(A1)) continue;
if (!A1->getType()->isIntegerTy()) if (!A1->getType()->isIntegerTy())
continue; continue;
uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType()); uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
int CallbackIdx = TypeSize == 32 ? 0 : int CallbackIdx = TypeSize == 32 ? 0 :
TypeSize == 64 ? 1 : -1; TypeSize == 64 ? 1 : -1;
if (CallbackIdx < 0) continue; if (CallbackIdx < 0) continue;
auto Ty = Type::getIntNTy(*C, TypeSize); auto Ty = Type::getIntNTy(*C, TypeSize);
IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx], IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx],
{IRB.CreateIntCast(A1, Ty, true)}); {IRB.CreateIntCast(A1, Ty, true)});
} }
} }
void SanitizerCoverageModule::InjectTraceForGep( void SanitizerCoverage::InjectTraceForGep(
Function &, ArrayRef<GetElementPtrInst *> GepTraceTargets) { Function &, ArrayRef<GetElementPtrInst *> GepTraceTargets) {
for (auto GEP : GepTraceTargets) { for (auto GEP : GepTraceTargets) {
IRBuilder<> IRB(GEP); IRBuilder<> IRB(GEP);
for (auto I = GEP->idx_begin(); I != GEP->idx_end(); ++I) for (auto I = GEP->idx_begin(); I != GEP->idx_end(); ++I)
if (!isa<ConstantInt>(*I) && (*I)->getType()->isIntegerTy()) if (!isa<ConstantInt>(*I) && (*I)->getType()->isIntegerTy())
IRB.CreateCall(SanCovTraceGepFunction, IRB.CreateCall(SanCovTraceGepFunction,
{IRB.CreateIntCast(*I, IntptrTy, true)}); {IRB.CreateIntCast(*I, IntptrTy, true)});
} }
} }
void SanitizerCoverageModule::InjectTraceForCmp( void SanitizerCoverage::InjectTraceForCmp(
Function &, ArrayRef<Instruction *> CmpTraceTargets) { Function &, ArrayRef<Instruction *> CmpTraceTargets) {
for (auto I : CmpTraceTargets) { for (auto I : CmpTraceTargets) {
if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) { if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
IRBuilder<> IRB(ICMP); IRBuilder<> IRB(ICMP);
Value *A0 = ICMP->getOperand(0); Value *A0 = ICMP->getOperand(0);
Value *A1 = ICMP->getOperand(1); Value *A1 = ICMP->getOperand(1);
if (!A0->getType()->isIntegerTy()) if (!A0->getType()->isIntegerTy())
continue; continue;
Show All 18 Lines if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
auto Ty = Type::getIntNTy(*C, TypeSize); auto Ty = Type::getIntNTy(*C, TypeSize);
IRB.CreateCall(CallbackFunc, {IRB.CreateIntCast(A0, Ty, true), IRB.CreateCall(CallbackFunc, {IRB.CreateIntCast(A0, Ty, true),
IRB.CreateIntCast(A1, Ty, true)}); IRB.CreateIntCast(A1, Ty, true)});
} }
} }
} }
void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB, void SanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
size_t Idx, size_t Idx, bool IsLeafFunc) {
bool IsLeafFunc) {
BasicBlock::iterator IP = BB.getFirstInsertionPt(); BasicBlock::iterator IP = BB.getFirstInsertionPt();
bool IsEntryBB = &BB == &F.getEntryBlock(); bool IsEntryBB = &BB == &F.getEntryBlock();
DebugLoc EntryLoc; DebugLoc EntryLoc;
if (IsEntryBB) { if (IsEntryBB) {
if (auto SP = F.getSubprogram()) if (auto SP = F.getSubprogram())
EntryLoc = DebugLoc::get(SP->getScopeLine(), 0, SP); EntryLoc = DebugLoc::get(SP->getScopeLine(), 0, SP);
// Keep static allocas and llvm.localescape calls in the entry block. Even // Keep static allocas and llvm.localescape calls in the entry block. Even
// if we aren't splitting the block, it's nice for allocas to be before // if we aren't splitting the block, it's nice for allocas to be before
Show All 40 Lines if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
IRBuilder<> ThenIRB(ThenTerm); IRBuilder<> ThenIRB(ThenTerm);
auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack); auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
SetNoSanitizeMetadata(LowestStack); SetNoSanitizeMetadata(LowestStack);
SetNoSanitizeMetadata(Store); SetNoSanitizeMetadata(Store);
} }
} }
std::string std::string
SanitizerCoverageModule::getSectionName(const std::string &Section) const { SanitizerCoverage::getSectionName(const std::string &Section) const {
if (TargetTriple.isOSBinFormatCOFF()) { if (TargetTriple.isOSBinFormatCOFF()) {
if (Section == SanCovCountersSectionName) if (Section == SanCovCountersSectionName)
return ".SCOV$CM"; return ".SCOV$CM";
if (Section == SanCovPCsSectionName) if (Section == SanCovPCsSectionName)
return ".SCOVP$M"; return ".SCOVP$M";
return ".SCOV$GM"; // For SanCovGuardsSectionName. return ".SCOV$GM"; // For SanCovGuardsSectionName.
} }
if (TargetTriple.isOSBinFormatMachO()) if (TargetTriple.isOSBinFormatMachO())
return "__DATA,__" + Section; return "__DATA,__" + Section;
return "__" + Section; return "__" + Section;
} }
std::string std::string
SanitizerCoverageModule::getSectionStart(const std::string &Section) const { SanitizerCoverage::getSectionStart(const std::string &Section) const {
if (TargetTriple.isOSBinFormatMachO()) return getSectionStartImpl(TargetTriple, Section);
return "\1section$start$__DATA$__" + Section;
return "__start___" + Section;
} }
std::string std::string SanitizerCoverage::getSectionEnd(const std::string &Section) const {
SanitizerCoverageModule::getSectionEnd(const std::string &Section) const { return getSectionEndImpl(TargetTriple, Section);
if (TargetTriple.isOSBinFormatMachO())
return "\1section$end$__DATA$__" + Section;
return "__stop___" + Section;
} }
INITIALIZE_PASS(
ModuleSanitizerCoverageLegacyPass, "module-sancov",
"Pass for inserting sancov top-level initialization calls", false, false)
char SanitizerCoverageModule::ID = 0; char SanitizerCoverageLegacyPass::ID = 0;
INITIALIZE_PASS_BEGIN(SanitizerCoverageModule, "sancov", INITIALIZE_PASS_BEGIN(SanitizerCoverageLegacyPass, "sancov",
"SanitizerCoverage: TODO." "Pass for instrumenting coverage on functions", false,
"ModulePass", false)
false, false) INITIALIZE_PASS_DEPENDENCY(ModuleSanitizerCoverageLegacyPass)
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass) INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass) INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass)
INITIALIZE_PASS_END(SanitizerCoverageModule, "sancov", INITIALIZE_PASS_END(SanitizerCoverageLegacyPass, "sancov",
"SanitizerCoverage: TODO." "Pass for instrumenting coverage on functions", false,
"ModulePass", false)
false, false) FunctionPass *llvm::createSanitizerCoverageLegacyPassPass(
ModulePass *llvm::createSanitizerCoverageModulePass( const SanitizerCoverageOptions &Options) {
return new SanitizerCoverageLegacyPass(Options);
}
ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass(
const SanitizerCoverageOptions &Options) { const SanitizerCoverageOptions &Options) {
return new SanitizerCoverageModule(Options); return new ModuleSanitizerCoverageLegacyPass(Options);
} }

llvm/test/Instrumentation/SanitizerCoverage/abort-in-entry-block.ll

; Checks that a function with no-return in the entry block is not instrumented. ; Checks that a function with no-return in the entry block is not instrumented.
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
; CHECK-NOT: call void @__sanitizer_cov_trace_pc_guard ; CHECK-NOT: call void @__sanitizer_cov_trace_pc_guard
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define dso_local void @_Z3foov() noinline nounwind optnone uwtable { define dso_local void @_Z3foov() noinline nounwind optnone uwtable {
entry: entry:
call void @abort() noreturn nounwind call void @abort() noreturn nounwind
unreachable unreachable
return: ; No predecessors! return: ; No predecessors!
ret void ret void
} }
declare dso_local void @abort() noreturn nounwind declare dso_local void @abort() noreturn nounwind

llvm/test/Instrumentation/SanitizerCoverage/backedge-pruning.ll

; Test -sanitizer-coverage-trace-compares=1 and how it prunes backedge compares. ; Test -sanitizer-coverage-trace-compares=1 and how it prunes backedge compares.
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s --check-prefix=PRUNE ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s --check-prefix=PRUNE
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -sanitizer-coverage-prune-blocks=0 -S | FileCheck %s --check-prefix=NOPRUNE ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -sanitizer-coverage-prune-blocks=0 -S | FileCheck %s --check-prefix=NOPRUNE
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s --check-prefix=PRUNE
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -sanitizer-coverage-prune-blocks=0 -S | FileCheck %s --check-prefix=NOPRUNE
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define dso_local void @foo(i32* nocapture readnone %a, i32 %n) local_unnamed_addr { define dso_local void @foo(i32* nocapture readnone %a, i32 %n) local_unnamed_addr {
entry: entry:
br label %do.body br label %do.body
Show All 21 Lines

llvm/test/Instrumentation/SanitizerCoverage/chains.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s
define i32 @blah(i32) #0 { define i32 @blah(i32) #0 {
%2 = icmp sgt i32 %0, 1 %2 = icmp sgt i32 %0, 1
br i1 %2, label %branch, label %exit br i1 %2, label %branch, label %exit
; CHECK: call void @__sanitizer_cov_trace_pc() ; CHECK: call void @__sanitizer_cov_trace_pc()
branch: branch:
br label %pos2 br label %pos2
Show All 24 Lines

llvm/test/Instrumentation/SanitizerCoverage/cmp-tracing-api-x86_32.ll

; Test -sanitizer-coverage-trace-compares=1 API declarations on a non-x86_64 arch ; Test -sanitizer-coverage-trace-compares=1 API declarations on a non-x86_64 arch
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
target triple = "i386-unknown-linux-gnu" target triple = "i386-unknown-linux-gnu"
define i32 @foo() #0 { define i32 @foo() #0 {
entry: entry:
ret i32 0 ret i32 0
} }
; CHECK: declare void @__sanitizer_cov_trace_pc_indir(i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc_indir(i64)
; CHECK: declare void @__sanitizer_cov_trace_cmp1(i8, i8) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp1(i8, i8)
; CHECK: declare void @__sanitizer_cov_trace_cmp2(i16, i16) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp2(i16, i16)
; CHECK: declare void @__sanitizer_cov_trace_cmp4(i32, i32) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp4(i32, i32)
; CHECK: declare void @__sanitizer_cov_trace_cmp8(i64, i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp8(i64, i64)
; CHECK: declare void @__sanitizer_cov_trace_div4(i32) ; CHECK-DAG: declare void @__sanitizer_cov_trace_div4(i32)
; CHECK: declare void @__sanitizer_cov_trace_div8(i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_div8(i64)
; CHECK: declare void @__sanitizer_cov_trace_gep(i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_gep(i64)
; CHECK: declare void @__sanitizer_cov_trace_switch(i64, i64*) ; CHECK-DAG: declare void @__sanitizer_cov_trace_switch(i64, i64*)
; CHECK: declare void @__sanitizer_cov_trace_pc() ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc()
; CHECK: declare void @__sanitizer_cov_trace_pc_guard(i32*) ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc_guard(i32*)
; CHECK: declare void @__sanitizer_cov_trace_pc_guard_init(i32*, i32*) ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc_guard_init(i32*, i32*)
; CHECK-NOT: declare ; CHECK-NOT: declare

llvm/test/Instrumentation/SanitizerCoverage/cmp-tracing-api-x86_64.ll

; Test -sanitizer-coverage-trace-compares=1 API declarations on x86_64 ; Test -sanitizer-coverage-trace-compares=1 API declarations on x86_64
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i32 @foo() #0 { define i32 @foo() #0 {
entry: entry:
ret i32 0 ret i32 0
} }
; CHECK: declare void @__sanitizer_cov_trace_pc_indir(i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc_indir(i64)
; CHECK: declare void @__sanitizer_cov_trace_cmp1(i8 zeroext, i8 zeroext) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp1(i8 zeroext, i8 zeroext)
; CHECK: declare void @__sanitizer_cov_trace_cmp2(i16 zeroext, i16 zeroext) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp2(i16 zeroext, i16 zeroext)
; CHECK: declare void @__sanitizer_cov_trace_cmp4(i32 zeroext, i32 zeroext) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp4(i32 zeroext, i32 zeroext)
; CHECK: declare void @__sanitizer_cov_trace_cmp8(i64, i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_cmp8(i64, i64)
; CHECK: declare void @__sanitizer_cov_trace_div4(i32 zeroext) ; CHECK-DAG: declare void @__sanitizer_cov_trace_div4(i32 zeroext)
; CHECK: declare void @__sanitizer_cov_trace_div8(i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_div8(i64)
; CHECK: declare void @__sanitizer_cov_trace_gep(i64) ; CHECK-DAG: declare void @__sanitizer_cov_trace_gep(i64)
; CHECK: declare void @__sanitizer_cov_trace_switch(i64, i64*) ; CHECK-DAG: declare void @__sanitizer_cov_trace_switch(i64, i64*)
; CHECK: declare void @__sanitizer_cov_trace_pc() ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc()
; CHECK: declare void @__sanitizer_cov_trace_pc_guard(i32*) ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc_guard(i32*)
; CHECK: declare void @__sanitizer_cov_trace_pc_guard_init(i32*, i32*) ; CHECK-DAG: declare void @__sanitizer_cov_trace_pc_guard_init(i32*, i32*)
; CHECK-NOT: declare ; CHECK-NOT: declare

llvm/test/Instrumentation/SanitizerCoverage/cmp-tracing.ll

; Test -sanitizer-coverage-trace-compares=1 ; Test -sanitizer-coverage-trace-compares=1
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i32 @foo(i32 %a, i32 %b) #0 { define i32 @foo(i32 %a, i32 %b) #0 {
entry: entry:
%cmp = icmp slt i32 %a, %b %cmp = icmp slt i32 %a, %b
; CHECK: call void @__sanitizer_cov_trace_cmp4 ; CHECK: call void @__sanitizer_cov_trace_cmp4
; CHECK-NEXT: icmp slt i32 %a, %b ; CHECK-NEXT: icmp slt i32 %a, %b
%conv = zext i1 %cmp to i32 %conv = zext i1 %cmp to i32
ret i32 %conv ret i32 %conv
} }

llvm/test/Instrumentation/SanitizerCoverage/coff-comdat.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; Make sure we use the right comdat groups for COFF to avoid relocations ; Make sure we use the right comdat groups for COFF to avoid relocations
; against discarded sections. Internal linkage functions are also different from ; against discarded sections. Internal linkage functions are also different from
; ELF. We don't add a module unique identifier. ; ELF. We don't add a module unique identifier.
; Test based on this source: ; Test based on this source:
; int baz(int); ; int baz(int);
; static int __attribute__((noinline)) bar(int x) { ; static int __attribute__((noinline)) bar(int x) {
▲ Show 20 LinesShow All 76 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/coff-pc-table-inline-8bit-counters.ll

; Checks that the PC and 8-bit Counter Arrays are placed in their own sections in COFF binaries. ; Checks that the PC and 8-bit Counter Arrays are placed in their own sections in COFF binaries.
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s
target datalayout = "e-m:w-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:w-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-pc-windows-msvc19.14.26433" target triple = "x86_64-pc-windows-msvc19.14.26433"
define void @foo() { define void @foo() {
entry: entry:
ret void ret void
} }
; CHECK-DAG: section ".SCOV{{\$}}CM", ; CHECK-DAG: section ".SCOV{{\$}}CM",
; CHECK-DAG: section ".SCOVP{{\$}}M", ; CHECK-DAG: section ".SCOVP{{\$}}M",

llvm/test/Instrumentation/SanitizerCoverage/coff-used-ctor.ll

; Checks that sancov.module_ctor is marked used. ; Checks that sancov.module_ctor is marked used.
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -sanitizer-coverage-pc-table=1 -S | FileCheck %s
target datalayout = "e-m:w-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:w-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-pc-windows-msvc19.14.26433" target triple = "x86_64-pc-windows-msvc19.14.26433"
define void @foo() { define void @foo() {
entry: entry:
ret void ret void
} }
; CHECK: @llvm.used = appending global {{.*}} @sancov.module_ctor ; CHECK: @llvm.used = appending global {{.*}} @sancov.module_ctor
No newline at end of file

llvm/test/Instrumentation/SanitizerCoverage/const-cmp-tracing.ll

; Test -sanitizer-coverage-trace-compares=1 ; Test -sanitizer-coverage-trace-compares=1
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i32 @foo(i32 %a, i32 %b) #0 { define i32 @foo(i32 %a, i32 %b) #0 {
entry: entry:
; compare (non-const, non-const) ; compare (non-const, non-const)
%cmp = icmp slt i32 %a, %b %cmp = icmp slt i32 %a, %b
▲ Show 20 LinesShow All 54 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/coverage-dbg.ll

; Test that coverage instrumentation does not lose debug location. ; Test that coverage instrumentation does not lose debug location.
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -S | FileCheck %s
; C++ source: ; C++ source:
; 1: struct A { ; 1: struct A {
; 2: int f(); ; 2: int f();
; 3: int x; ; 3: int x;
; 4: }; ; 4: };
; 5: ; 5:
; 6: int A::f() { ; 6: int A::f() {
▲ Show 20 LinesShow All 55 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/coverage.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK_TRACE_PC ; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK_TRACE_PC
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s --check-prefix=CHECKPRUNE ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s --check-prefix=CHECKPRUNE
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK_TRACE_PC
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s --check-prefix=CHECKPRUNE
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo(i32* %a) sanitize_address { define void @foo(i32* %a) sanitize_address {
entry: entry:
%tobool = icmp eq i32* %a, null %tobool = icmp eq i32* %a, null
br i1 %tobool, label %if.end, label %if.then br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry if.then: ; preds = %entry
▲ Show 20 LinesShow All 92 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll

; Test that coverage instrumentation does not lose debug location. ; Test that coverage instrumentation does not lose debug location.
; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=2 -S | FileCheck %s
; C++ source: ; C++ source:
; 1: void foo(int *a) { ; 1: void foo(int *a) {
; 2: if (a) ; 2: if (a)
; 3: *a = 0; ; 3: *a = 0;
; 4: } ; 4: }
; clang++ if.cc -O3 -g -S -emit-llvm ; clang++ if.cc -O3 -g -S -emit-llvm
; and add sanitize_address to @_Z3fooPi ; and add sanitize_address to @_Z3fooPi
▲ Show 20 LinesShow All 61 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/div-tracing.ll

; Test -sanitizer-coverage-trace-divs=1 ; Test -sanitizer-coverage-trace-divs=1
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-divs=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-divs=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-divs=1 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i32 @div_a_b(i32 %a, i32 %b) local_unnamed_addr { define i32 @div_a_b(i32 %a, i32 %b) local_unnamed_addr {
entry: entry:
%div = sdiv i32 %a, %b %div = sdiv i32 %a, %b
ret i32 %div ret i32 %div
Show All 27 Lines

llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll

; Test -sanitizer-coverage-trace-geps=1 ; Test -sanitizer-coverage-trace-geps=1
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-geps=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-geps=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-geps=1 -S | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @gep_1(i32* nocapture %a, i32 %i) { define void @gep_1(i32* nocapture %a, i32 %i) {
entry: entry:
%idxprom = sext i32 %i to i64 %idxprom = sext i32 %i to i64
%arrayidx = getelementptr inbounds i32, i32* %a, i64 %idxprom %arrayidx = getelementptr inbounds i32, i32* %a, i64 %idxprom
Show All 30 Lines

llvm/test/Instrumentation/SanitizerCoverage/inline-8bit-counters.ll

; Test -sanitizer-coverage-inline-8bit-counters=1 ; Test -sanitizer-coverage-inline-8bit-counters=1
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo() { define void @foo() {
entry: entry:
; CHECK: section "__sancov_cntrs", comdat($foo), align 1 ; CHECK: section "__sancov_cntrs", comdat($foo), align 1
; CHECK: %0 = load i8, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @__sancov_gen_, i64 0, i64 0), !nosanitize ; CHECK: %0 = load i8, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @__sancov_gen_, i64 0, i64 0), !nosanitize
; CHECK: %1 = add i8 %0, 1 ; CHECK: %1 = add i8 %0, 1
; CHECK: store i8 %1, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @__sancov_gen_, i64 0, i64 0), !nosanitize ; CHECK: store i8 %1, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @__sancov_gen_, i64 0, i64 0), !nosanitize
ret void ret void
} }
; CHECK: call void @__sanitizer_cov_8bit_counters_init(i8* bitcast (i8** @__start___sancov_cntrs to i8*), i8* bitcast (i8** @__stop___sancov_cntrs to i8*)) ; CHECK: call void @__sanitizer_cov_8bit_counters_init(i8* bitcast (i8** @__start___sancov_cntrs to i8*), i8* bitcast (i8** @__stop___sancov_cntrs to i8*))

llvm/test/Instrumentation/SanitizerCoverage/interposable-symbol-nocomdat.ll

; Test that interposable symbols do not get put in comdats. ; Test that interposable symbols do not get put in comdats.
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -mtriple x86_64-linux-gnu -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -mtriple x86_64-linux-gnu -S | FileCheck %s
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -mtriple x86_64-windows-msvc -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -mtriple x86_64-windows-msvc -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -mtriple x86_64-linux-gnu -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -mtriple x86_64-windows-msvc -S | FileCheck %s
define void @Vanilla() { define void @Vanilla() {
entry: entry:
ret void ret void
} }
define linkonce void @LinkOnce() { define linkonce void @LinkOnce() {
entry: entry:
Show All 26 Lines

llvm/test/Instrumentation/SanitizerCoverage/no-func.ll

; Tests that we don't insert __sanitizer_cov_trace_pc_guard_init or some such ; Tests that we don't insert __sanitizer_cov_trace_pc_guard_init or some such
; when there is no instrumentation. ; when there is no instrumentation.
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
@a = global i32 0, align 4 @a = global i32 0, align 4
; CHECK-NOT: call void ; CHECK-NOT: call void

llvm/test/Instrumentation/SanitizerCoverage/pc-table.ll

; Test -sanitizer-coverage-pc-table=1 ; Test -sanitizer-coverage-pc-table=1
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-pc-table=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-inline-8bit-counters -sanitizer-coverage-pc-table=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-inline-8bit-counters -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-pc-table=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-inline-8bit-counters -sanitizer-coverage-pc-table=1 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo(i32* %a) sanitize_address { define void @foo(i32* %a) sanitize_address {
entry: entry:
%tobool = icmp eq i32* %a, null %tobool = icmp eq i32* %a, null
br i1 %tobool, label %if.end, label %if.then br i1 %tobool, label %if.end, label %if.then
Show All 12 Lines

llvm/test/Instrumentation/SanitizerCoverage/postdominator_check.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s
; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=0 -S | FileCheck %s --check-prefix=CHECK_NO_PRUNE ; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=0 -S | FileCheck %s --check-prefix=CHECK_NO_PRUNE
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc -sanitizer-coverage-prune-blocks=0 -S | FileCheck %s --check-prefix=CHECK_NO_PRUNE
define i32 @foo(i32) #0 { define i32 @foo(i32) #0 {
%2 = icmp sgt i32 %0, 0 %2 = icmp sgt i32 %0, 0
br i1 %2, label %left, label %right br i1 %2, label %left, label %right
; CHECK: call void @__sanitizer_cov_trace_pc() ; CHECK: call void @__sanitizer_cov_trace_pc()
; CHECK_NO_PRUNE: call void @__sanitizer_cov_trace_pc() ; CHECK_NO_PRUNE: call void @__sanitizer_cov_trace_pc()
▲ Show 20 LinesShow All 75 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/seh.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=0 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=0 -S | FileCheck %s
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -S | FileCheck %s
; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=0 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=2 -S | FileCheck %s
target datalayout = "e-m:x-p:32:32-i64:64-f80:32-n8:16:32-a:0:32-S32" target datalayout = "e-m:x-p:32:32-i64:64-f80:32-n8:16:32-a:0:32-S32"
target triple = "i686-pc-windows-msvc18.0.0" target triple = "i686-pc-windows-msvc18.0.0"
declare i32 @llvm.eh.typeid.for(i8*) #2 declare i32 @llvm.eh.typeid.for(i8*) #2
declare i8* @llvm.frameaddress(i32) declare i8* @llvm.frameaddress(i32)
declare i8* @llvm.eh.recoverfp(i8*, i8*) declare i8* @llvm.eh.recoverfp(i8*, i8*)
declare i8* @llvm.localrecover(i8*, i8*, i32) declare i8* @llvm.localrecover(i8*, i8*, i32)
▲ Show 20 LinesShow All 74 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/stack-depth-variable-declared-by-user.ll

; Ensure that we terminate with a useful error message (instead of crash) if the ; Ensure that we terminate with a useful error message (instead of crash) if the
; user declares `__sancov_lowest_stack` with an unexpected type. ; user declares `__sancov_lowest_stack` with an unexpected type.
; RUN: not opt < %s -sancov -sanitizer-coverage-level=1 \ ; RUN: not opt < %s -sancov -sanitizer-coverage-level=1 \
; RUN: -sanitizer-coverage-stack-depth -S 2>&1 | FileCheck %s ; RUN: -sanitizer-coverage-stack-depth -S 2>&1 | FileCheck %s
; RUN: not opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 \
; RUN: -sanitizer-coverage-stack-depth -S 2>&1 | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
; Wrong type: i32 instead of expected i64 ; Wrong type: i32 instead of expected i64
@__sancov_lowest_stack = thread_local global i32 0 @__sancov_lowest_stack = thread_local global i32 0
; CHECK: error: '__sancov_lowest_stack' should not be declared by the user ; CHECK: error: '__sancov_lowest_stack' should not be declared by the user

llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll

; This check verifies that stack depth instrumentation works correctly. ; This check verifies that stack depth instrumentation works correctly.
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \ ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s ; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \ ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \ ; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
; RUN: -S | FileCheck %s ; RUN: -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 \
; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 \
; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
; RUN: -S | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
; CHECK: @__sancov_lowest_stack = thread_local(initialexec) global i64 -1 ; CHECK: @__sancov_lowest_stack = thread_local(initialexec) global i64 -1
@__sancov_lowest_stack = thread_local global i64 0, align 8 @__sancov_lowest_stack = thread_local global i64 0, align 8
define i32 @foo() { define i32 @foo() {
Show All 29 Lines

llvm/test/Instrumentation/SanitizerCoverage/switch-tracing.ll

; Test -sanitizer-coverage-trace-compares=1 (instrumenting a switch) ; Test -sanitizer-coverage-trace-compares=1 (instrumenting a switch)
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-compares=1 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
declare void @_Z3bari(i32) declare void @_Z3bari(i32)
define void @foo(i32 %x) { define void @foo(i32 %x) {
entry: entry:
; CHECK: __sancov_gen_cov_switch_values = internal global [5 x i64] [i64 3, i64 32, i64 1, i64 101, i64 1001] ; CHECK: __sancov_gen_cov_switch_values = internal global [5 x i64] [i64 3, i64 32, i64 1, i64 101, i64 1001]
; CHECK: [[TMP:%[0-9]*]] = zext i32 %x to i64 ; CHECK: [[TMP:%[0-9]*]] = zext i32 %x to i64
▲ Show 20 LinesShow All 46 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard-comdat.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_TRACE_PC_GUARD ; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_TRACE_PC_GUARD
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_TRACE_PC_GUARD
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo(i32* %a) sanitize_address { define void @foo(i32* %a) sanitize_address {
entry: entry:
%tobool = icmp eq i32* %a, null %tobool = icmp eq i32* %a, null
br i1 %tobool, label %if.end, label %if.then br i1 %tobool, label %if.end, label %if.then
Show All 32 Lines

llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard-inline-8bit-counters.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-inline-8bit-counters -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-inline-8bit-counters -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=1 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-inline-8bit-counters -S | FileCheck %s
; Module ctors should have stable names across modules, not something like ; Module ctors should have stable names across modules, not something like
; @sancov.module_ctor.3 that may cause duplicate ctors after linked together. ; @sancov.module_ctor.3 that may cause duplicate ctors after linked together.
; CHECK: define internal void @sancov.module_ctor_trace_pc_guard() comdat { ; CHECK: define internal void @sancov.module_ctor_trace_pc_guard() comdat {
; CHECK: define internal void @sancov.module_ctor_8bit_counters() comdat { ; CHECK: define internal void @sancov.module_ctor_8bit_counters() comdat {
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo() { define void @foo() {
ret void ret void
} }

llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard-nocomdat.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_TRACE_PC_GUARD ; RUN: opt < %s -sancov -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_TRACE_PC_GUARD
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_TRACE_PC_GUARD
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-apple-darwin10.0.0" target triple = "x86_64-apple-darwin10.0.0"
define void @foo(i32* %a) sanitize_address { define void @foo(i32* %a) sanitize_address {
entry: entry:
%tobool = icmp eq i32* %a, null %tobool = icmp eq i32* %a, null
br i1 %tobool, label %if.end, label %if.then br i1 %tobool, label %if.end, label %if.then
Show All 32 Lines

llvm/test/Instrumentation/SanitizerCoverage/tracing-comdat.ll

; Test that the coverage guards have proper comdat ; Test that the coverage guards have proper comdat
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
; Make sure asan does not instrument __sancov_gen_ ; Make sure asan does not instrument __sancov_gen_
; RUN: opt < %s -sancov -asan -asan-module -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s ; RUN: opt < %s -sancov -asan -asan-module -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
; RUN: opt < %s -passes='module(require<asan-globals-md>,sancov-module,asan-module),function(sancov-func,asan)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
$Foo = comdat any $Foo = comdat any
; Function Attrs: uwtable ; Function Attrs: uwtable
define linkonce_odr void @Foo() comdat { define linkonce_odr void @Foo() comdat {
entry: entry:
ret void ret void
} }
define linkonce_odr void @Bar() { define linkonce_odr void @Bar() {
entry: entry:
ret void ret void
} }
; CHECK: @__sancov_gen_ = private global [1 x i32] zeroinitializer, section "__sancov_guards", comdat($Foo) ; CHECK: @__sancov_gen_ = private global [1 x i32] zeroinitializer, section "__sancov_guards", comdat($Foo)
; CHECK: @__sancov_gen_.1 = private global [1 x i32] zeroinitializer, section "__sancov_guards" ; CHECK: @__sancov_gen_.1 = private global [1 x i32] zeroinitializer, section "__sancov_guards"

llvm/test/Instrumentation/SanitizerCoverage/tracing.ll

; Test -sanitizer-coverage-experimental-tracing ; Test -sanitizer-coverage-experimental-tracing
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK_PC ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK_PC
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_PC_GUARD ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_PC_GUARD
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S -mtriple=x86_64-apple-macosx | FileCheck %s --check-prefix=CHECK_PC_GUARD_DARWIN ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S -mtriple=x86_64-apple-macosx | FileCheck %s --check-prefix=CHECK_PC_GUARD_DARWIN
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK_PC
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S | FileCheck %s --check-prefix=CHECK_PC_GUARD
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc-guard -S -mtriple=x86_64-apple-macosx | FileCheck %s --check-prefix=CHECK_PC_GUARD_DARWIN
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define void @foo(i32* %a) sanitize_address { define void @foo(i32* %a) sanitize_address {
entry: entry:
%tobool = icmp eq i32* %a, null %tobool = icmp eq i32* %a, null
br i1 %tobool, label %if.end, label %if.then br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry if.then: ; preds = %entry
▲ Show 20 LinesShow All 68 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/unreachable-critedge.ll

; RUN: opt < %s -S -sancov -sanitizer-coverage-level=3 | FileCheck %s ; RUN: opt < %s -S -sancov -sanitizer-coverage-level=3 | FileCheck %s
; RUN: opt < %s -S -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 | FileCheck %s
; The critical edges to unreachable_bb should not be split. ; The critical edges to unreachable_bb should not be split.
define i32 @foo(i32 %c, i32 %d) { define i32 @foo(i32 %c, i32 %d) {
; CHECK-LABEL: @foo( ; CHECK-LABEL: @foo(
; CHECK: switch i32 [[C:%.*]], label [[UNREACHABLE_BB:%.*]] [ ; CHECK: switch i32 [[C:%.*]], label [[UNREACHABLE_BB:%.*]] [
; CHECK-NEXT: i32 0, label %exit0 ; CHECK-NEXT: i32 0, label %exit0
; CHECK-NEXT: i32 1, label %exit1 ; CHECK-NEXT: i32 1, label %exit1
; CHECK-NEXT: i32 2, label %cont ; CHECK-NEXT: i32 2, label %cont
Show All 37 Lines

llvm/test/Instrumentation/SanitizerCoverage/wineh.ll

; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK
; RUN: opt < %s -passes='module(sancov-module),function(sancov-func)' -sanitizer-coverage-level=3 -sanitizer-coverage-trace-pc -S | FileCheck %s --check-prefix=CHECK
; Generated from this C++ source: ; Generated from this C++ source:
; $ clang -O2 t.cpp -S -emit-llvm ; $ clang -O2 t.cpp -S -emit-llvm
; void g(); ; void g();
; struct Foo { Foo(); ~Foo(); }; ; struct Foo { Foo(); ~Foo(); };
; int f() { ; int f() {
; Foo v; ; Foo v;
; g(); ; g();
▲ Show 20 LinesShow All 102 LinesShow Last 20 Lines