Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"

This reverts r311801 due to a bot failure. llvm-svn: 311803
author: Matt Morehouse <mascasa@google.com> 2017-08-25 22:01:21 +0000
committer: Matt Morehouse <mascasa@google.com> 2017-08-25 22:01:21 +0000
commit: 6ec7595b1e2ab79a1b456fe3338cce9619a08083 (patch)
tree: 29ea2875352791b4458ae9cf02082e8c5fd104f5
parent: a32707d5b102ea2883461079b061d2bd929b2db0 (diff)
download: bcm5719-llvm-6ec7595b1e2ab79a1b456fe3338cce9619a08083.tar.gz
bcm5719-llvm-6ec7595b1e2ab79a1b456fe3338cce9619a08083.zip
4 files changed, 25 insertions, 33 deletions
diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp
index 7086ee382ef..a37d0b64cbe 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -290,11 +290,10 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC,
       if (Add & Fuzzer)
         Add |= FuzzerNoLink;
 
-      // Enable coverage and stack depth tracking if the fuzzing flag is set.
+      // Enable coverage if the fuzzing flag is set.
       if (Add & FuzzerNoLink)
         CoverageFeatures |= CoverageTracePCGuard | CoverageIndirCall |
-                            CoverageTraceCmp | CoveragePCTable |
-                            CoverageStackDepth;
+                            CoverageTraceCmp | CoveragePCTable;
 
       Kinds |= Add;
     } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
diff --git a/compiler-rt/test/fuzzer/deep-recursion.test b/compiler-rt/test/fuzzer/deep-recursion.test
index d3294d9a74c..23b7af1df38 100644
--- a/compiler-rt/test/fuzzer/deep-recursion.test
+++ b/compiler-rt/test/fuzzer/deep-recursion.test
@@ -1,4 +1,4 @@
 # Test that we can find a stack overflow
-RUN: %cpp_compiler %S/DeepRecursionTest.cpp -o %t
+RUN: %cpp_compiler -fsanitize-coverage=stack-depth %S/DeepRecursionTest.cpp -o %t
 RUN: not %t -seed=1 -runs=100000000 2>&1 | FileCheck %s
 CHECK: ERROR: libFuzzer: deadly signal
diff --git a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
index 01689dfd161..870784dc483 100644
--- a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -25,7 +25,6 @@
 #include "llvm/IR/GlobalVariable.h"
 #include "llvm/IR/IRBuilder.h"
 #include "llvm/IR/InlineAsm.h"
-#include "llvm/IR/IntrinsicInst.h"
 #include "llvm/IR/Intrinsics.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/MDBuilder.h"
@@ -201,15 +200,13 @@ private:
                          ArrayRef<GetElementPtrInst *> GepTraceTargets);
   void InjectTraceForSwitch(Function &F,
                             ArrayRef<Instruction *> SwitchTraceTargets);
-  bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
-                      bool IsLeafFunc = true);
+  bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks);
   GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
                                                     Function &F, Type *Ty,
                                                     const char *Section);
   void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
   void CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
-  void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
-                             bool IsLeafFunc = true);
+  void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx);
   Function *CreateInitCallsForSections(Module &M, const char *InitFunctionName,
                                        Type *Ty, const char *Section);
   std::pair<GlobalVariable *, GlobalVariable *>
@@ -494,7 +491,6 @@ bool SanitizerCoverageModule::runOnFunction(Function &F) {
       &getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
   const PostDominatorTree *PDT =
       &getAnalysis<PostDominatorTreeWrapperPass>(F).getPostDomTree();
-  bool IsLeafFunc = true;
 
   for (auto &BB : F) {
     if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
@@ -519,14 +515,10 @@ bool SanitizerCoverageModule::runOnFunction(Function &F) {
       if (Options.TraceGep)
         if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
           GepTraceTargets.push_back(GEP);
-      if (Options.StackDepth)
-        if (isa<InvokeInst>(Inst) ||
-            (isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
-          IsLeafFunc = false;
-    }
+   }
   }
 
-  InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
+  InjectCoverage(F, BlocksToInstrument);
   InjectCoverageForIndirectCalls(F, IndirCalls);
   InjectTraceForCmp(F, CmpTraceTargets);
   InjectTraceForSwitch(F, SwitchTraceTargets);
@@ -591,12 +583,11 @@ void SanitizerCoverageModule::CreateFunctionLocalArrays(
 }
 
 bool SanitizerCoverageModule::InjectCoverage(Function &F,
-                                             ArrayRef<BasicBlock *> AllBlocks,
-                                             bool IsLeafFunc) {
+                                             ArrayRef<BasicBlock *> AllBlocks) {
   if (AllBlocks.empty()) return false;
   CreateFunctionLocalArrays(F, AllBlocks);
   for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
-    InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
+    InjectCoverageAtBlock(F, *AllBlocks[i], i);
   return true;
 }
 
@@ -730,8 +721,7 @@ void SanitizerCoverageModule::InjectTraceForCmp(
 }
 
 void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
-                                                    size_t Idx,
-                                                    bool IsLeafFunc) {
+                                                    size_t Idx) {
   BasicBlock::iterator IP = BB.getFirstInsertionPt();
   bool IsEntryBB = &BB == &F.getEntryBlock();
   DebugLoc EntryLoc;
@@ -770,7 +760,7 @@ void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
     SetNoSanitizeMetadata(Load);
     SetNoSanitizeMetadata(Store);
   }
-  if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
+  if (Options.StackDepth && IsEntryBB) {
     // Check stack depth.  If it's the deepest so far, record it.
     Function *GetFrameAddr =
         Intrinsic::getDeclaration(F.getParent(), Intrinsic::frameaddress);
@@ -781,9 +771,7 @@ void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
     auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
     auto ThenTerm = SplitBlockAndInsertIfThen(IsStackLower, &*IP, false);
     IRBuilder<> ThenIRB(ThenTerm);
-    auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
-    SetNoSanitizeMetadata(LowestStack);
-    SetNoSanitizeMetadata(Store);
+    ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
   }
 }
 
diff --git a/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll b/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
index 878295cd653..e88741553d5 100644
--- a/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
+++ b/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
@@ -1,9 +1,9 @@
 ; This check verifies that stack depth instrumentation works correctly.
 ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
-; RUN:     -sanitizer-coverage-stack-depth -S | FileCheck %s
+; RUN:     -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope
 ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
 ; RUN:     -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
-; RUN:     -S | FileCheck %s
+; RUN:     -S | FileCheck %s --enable-var-scope
 
 target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
 target triple = "x86_64-unknown-linux-gnu"
@@ -14,8 +14,13 @@ target triple = "x86_64-unknown-linux-gnu"
 define i32 @foo() {
 entry:
 ; CHECK-LABEL: define i32 @foo
-; CHECK-NOT: call i8* @llvm.frameaddress(i32 0)
-; CHECK-NOT: @__sancov_lowest_stack
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]]
+; CHECK: [[lowest:%[^ \t]+]] = load [[$intType]], [[$intType]]* @__sancov_lowest_stack
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowest]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: <label>:[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* @__sancov_lowest_stack
 ; CHECK: ret i32 7
 
   ret i32 7
@@ -25,12 +30,12 @@ define i32 @bar() {
 entry:
 ; CHECK-LABEL: define i32 @bar
 ; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
-; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[intType:i[0-9]+]]
-; CHECK: [[lowest:%[^ \t]+]] = load [[intType]], [[intType]]* @__sancov_lowest_stack
-; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[intType]] [[frameInt]], [[lowest]]
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]]
+; CHECK: [[lowest:%[^ \t]+]] = load [[$intType]], [[$intType]]* @__sancov_lowest_stack
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowest]]
 ; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
 ; CHECK: <label>:[[ifLabel]]:
-; CHECK: store [[intType]] [[frameInt]], [[intType]]* @__sancov_lowest_stack
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* @__sancov_lowest_stack
 ; CHECK: %call = call i32 @foo()
 ; CHECK: ret i32 %call
author	Matt Morehouse <mascasa@google.com>	2017-08-25 22:01:21 +0000
committer	Matt Morehouse <mascasa@google.com>	2017-08-25 22:01:21 +0000
commit	6ec7595b1e2ab79a1b456fe3338cce9619a08083 (patch)
tree	29ea2875352791b4458ae9cf02082e8c5fd104f5
parent	a32707d5b102ea2883461079b061d2bd929b2db0 (diff)
download	bcm5719-llvm-6ec7595b1e2ab79a1b456fe3338cce9619a08083.tar.gz bcm5719-llvm-6ec7595b1e2ab79a1b456fe3338cce9619a08083.zip