diff options
| author | Matt Morehouse <mascasa@google.com> | 2017-08-18 18:43:30 +0000 |
|---|---|---|
| committer | Matt Morehouse <mascasa@google.com> | 2017-08-18 18:43:30 +0000 |
| commit | 5c7fc76983f609894c1b24f6c03195a5db00d718 (patch) | |
| tree | 7c840a35f129ac84624bc7f7c7fc34ad12fa6c50 /llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll | |
| parent | 6178cfaf7bd4144371b75279e903f6fcc405b6f3 (diff) | |
| download | bcm5719-llvm-5c7fc76983f609894c1b24f6c03195a5db00d718.tar.gz bcm5719-llvm-5c7fc76983f609894c1b24f6c03195a5db00d718.zip | |
[SanitizerCoverage] Add stack depth tracing instrumentation.
Summary:
Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer. The new instrumentation is enabled by the flag
-fsanitize-coverage=stack-depth and is compatible with the existing
trace-pc-guard coverage. The user must also declare the following
global variable in their code:
thread_local uintptr_t __sancov_lowest_stack
https://bugs.llvm.org/show_bug.cgi?id=33857
Reviewers: vitalybuka, kcc
Reviewed By: vitalybuka
Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits
Differential Revision: https://reviews.llvm.org/D36839
llvm-svn: 311186
Diffstat (limited to 'llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll')
| -rw-r--r-- | llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll b/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll new file mode 100644 index 00000000000..015f5676bc8 --- /dev/null +++ b/llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll @@ -0,0 +1,50 @@ +; This check verifies that stack depth instrumentation works correctly. +; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \ +; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope +; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \ +; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \ +; RUN: -S | FileCheck %s --enable-var-scope + +target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +; CHECK: @__sancov_lowest_stack = thread_local global i64 -1 +@__sancov_lowest_stack = thread_local global i64 0, align 8 + +define i32 @foo() { +entry: +; CHECK-LABEL: define i32 @foo +; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0) +; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]] +; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW21__sancov_lowest_stack +; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]] +; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]] +; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label +; CHECK: <label>:[[ifLabel]]: +; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]] +; CHECK: ret i32 7 + + ret i32 7 +} + +define i32 @bar() { +entry: +; CHECK-LABEL: define i32 @bar +; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0) +; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]] +; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW21__sancov_lowest_stack +; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]] +; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]] +; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label +; CHECK: <label>:[[ifLabel]]: +; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]] +; CHECK: %call = call i32 @foo() +; CHECK: ret i32 %call + + %call = call i32 @foo() + ret i32 %call +} + +define weak_odr hidden i64* @_ZTW21__sancov_lowest_stack() { + ret i64* @__sancov_lowest_stack +} |
