diff options
4 files changed, 16 insertions, 10 deletions
diff --git a/clang/docs/SanitizerCoverage.rst b/clang/docs/SanitizerCoverage.rst index 3e8102a12f6..8ec6871d795 100644 --- a/clang/docs/SanitizerCoverage.rst +++ b/clang/docs/SanitizerCoverage.rst @@ -227,7 +227,8 @@ easily used for bitset-based corpus distillation. Caller-callee coverage ====================== -(Experimental!) +**Deprecated, don't use** + Every indirect function call is instrumented with a run-time function call that captures caller and callee. At the shutdown time the process dumps a separate file called ``caller-callee.PID.sancov`` which contains caller/callee pairs as @@ -253,6 +254,8 @@ Current limitations: Coverage counters ================= +**Deprecated, don't use** + This experimental feature is inspired by `AFL <http://lcamtuf.coredump.cx/afl/technical_details.txt>`__'s coverage instrumentation. With additional compile-time and run-time flags you can get @@ -296,6 +299,9 @@ These counters may also be used for in-process coverage-guided fuzzers. See Tracing basic blocks ==================== + +**Deprecated, don't use** + Experimental support for basic block (or edge) tracing. With ``-fsanitize-coverage=trace-bb`` the compiler will insert ``__sanitizer_cov_trace_basic_block(s32 *id)`` before every function, basic block, or edge @@ -319,6 +325,9 @@ Basic block tracing is currently supported only for single-threaded applications Tracing PCs =========== + +**Deprecated, don't use** + *Experimental* feature similar to tracing basic blocks, but with a different API. With ``-fsanitize-coverage=trace-pc`` the compiler will insert ``__sanitizer_cov_trace_pc()`` on every edge. @@ -331,16 +340,13 @@ and can be used with `AFL <http://lcamtuf.coredump.cx/afl>`__. Tracing PCs with guards ======================= -Another *experimental* feature that tries to combine the functionality of `trace-pc`, -`8bit-counters` and boolean coverage. With ``-fsanitize-coverage=trace-pc-guard`` the compiler will insert the following code on every edge: .. code-block:: none - if (guard_variable) - __sanitizer_cov_trace_pc_guard(&guard_variable) + __sanitizer_cov_trace_pc_guard(&guard_variable) Every edge will have its own `guard_variable` (uint32_t). @@ -352,7 +358,7 @@ The compler will also insert a module constructor that will call // This function may be called multiple times with the same values of start/stop. __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop); -Similarly to `trace-pc,indirect-calls`, with `trace-pc-guards,indirect-calls` +With `trace-pc-guards,indirect-calls` ``__sanitizer_cov_trace_pc_indirect(void *callee)`` will be inserted on every indirect call. The functions `__sanitizer_cov_trace_pc_*` should be defined by the user. diff --git a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp index 5b4b1fb7713..e34dd611b25 100644 --- a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp +++ b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp @@ -95,7 +95,7 @@ static cl::opt<unsigned> ClCoverageBlockThreshold( "sanitizer-coverage-block-threshold", cl::desc("Use a callback with a guard check inside it if there are" " more than this number of blocks."), - cl::Hidden, cl::init(500)); + cl::Hidden, cl::init(0)); static cl::opt<bool> ClExperimentalTracing("sanitizer-coverage-experimental-tracing", diff --git a/llvm/test/Instrumentation/SanitizerCoverage/coverage.ll b/llvm/test/Instrumentation/SanitizerCoverage/coverage.ll index a2a92a02c71..9dceceb2eef 100644 --- a/llvm/test/Instrumentation/SanitizerCoverage/coverage.ll +++ b/llvm/test/Instrumentation/SanitizerCoverage/coverage.ll @@ -1,6 +1,6 @@ ; RUN: opt < %s -sancov -sanitizer-coverage-level=0 -S | FileCheck %s --check-prefix=CHECK0 ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -S | FileCheck %s --check-prefix=CHECK1 -; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -S | FileCheck %s --check-prefix=CHECK2 +; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -S | FileCheck %s --check-prefix=CHECK_WITH_CHECK ; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -sanitizer-coverage-block-threshold=10 -S | FileCheck %s --check-prefix=CHECK2 ; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -sanitizer-coverage-block-threshold=0 -S | FileCheck %s --check-prefix=CHECK_WITH_CHECK ; RUN: opt < %s -sancov -sanitizer-coverage-level=2 -sanitizer-coverage-block-threshold=1 -S | FileCheck %s --check-prefix=CHECK_WITH_CHECK diff --git a/llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll b/llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll index 37eca1065fd..fde1904259d 100644 --- a/llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll +++ b/llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll @@ -17,8 +17,8 @@ target triple = "x86_64-unknown-linux-gnu" ; Check that __sanitizer_cov call has !dgb pointing to the beginning ; of appropriate basic blocks. ; CHECK-LABEL:_Z3fooPi -; CHECK: call void @__sanitizer_cov(i32*{{.*}}), !dbg [[A:!.*]] -; CHECK: call void @__sanitizer_cov(i32*{{.*}}), !dbg [[B:!.*]] +; CHECK: call void @__sanitizer_cov{{.*}}(i32*{{.*}}), !dbg [[A:!.*]] +; CHECK: call void @__sanitizer_cov{{.*}}(i32*{{.*}}), !dbg [[B:!.*]] ; CHECK: ret void ; CHECK: [[A]] = !DILocation(line: 1, scope: !{{.*}}) ; CHECK: [[B]] = !DILocation(line: 3, column: 5, scope: !{{.*}}) |
