summaryrefslogtreecommitdiffstats
path: root/clang/docs/SanitizerCoverage.rst
Commit message (Collapse)AuthorAgeFilesLines
* Update SanitizerCoverage doc regarding the issue with pc-table and gc-sections.Max Moroz2019-02-011-0/+5
| | | | | | | | | | | | | | | | | | | Summary: There is a bug for this: https://bugs.llvm.org/show_bug.cgi?id=34636 But it would be also helpful to leave a note in the docs to prevent users from running into issues, e.g. https://crbug.com/926588. Reviewers: morehouse Reviewed By: morehouse Subscribers: cfe-commits, llvm-commits, kcc Tags: #clang Differential Revision: https://reviews.llvm.org/D57474 llvm-svn: 352890
* [sanitizer-coverage] prune trace-cmp instrumentation for CMP isntructions ↵Kostya Serebryany2019-01-311-0/+3
| | | | | | that feed into the backedge branch. Instrumenting these CMP instructions is almost always useless (and harmful) for fuzzing llvm-svn: 352818
* [Documentation] Use HTTPS whenever possibleEugene Zelenko2019-01-231-3/+3
| | | | | | Differential revision: https://reviews.llvm.org/D56946 llvm-svn: 351976
* Update our URLs in clang doc to use httpsSylvestre Ledru2018-11-041-1/+1
| | | | llvm-svn: 346101
* docs: don't say that data flow tracing interface is unstableDmitry Vyukov2017-08-311-2/+0
| | | | | | | | | We are starting to use data flow tracing in kernel. The interface is not subject to change anymore. Reviewed in https://reviews.llvm.org/D37303 llvm-svn: 312232
* [sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany2017-08-251-7/+9
| | | | llvm-svn: 311794
* [sanitizer-coverage] document -fsanitize-coverage=pc-table and ↵Kostya Serebryany2017-08-241-1/+45
| | | | | | -fsanitize-coverage=inline-8bit-counters llvm-svn: 311719
* [sanitizer-coverage] Change cmp instrumentation to distinguish const operandsAlexander Potapenko2017-08-101-1/+8
| | | | | | | | | | | | | | | | | | | | | This implementation of SanitizerCoverage instrumentation inserts different callbacks depending on constantness of operands: 1. If both operands are non-const, then a usual __sanitizer_cov_trace_cmp[1248] call is inserted. 2. If exactly one operand is const, then a __sanitizer_cov_trace_const_cmp[1248] call is inserted. The first argument of the call is always the constant one. 3. If both operands are const, then no callback is inserted. This separation comes useful in fuzzing when tasks like "find one operand of the comparison in input arguments and replace it with the other one" have to be done. The new instrumentation allows us to not waste time on searching the constant operands in the input. Patch by Victor Chibotaru. llvm-svn: 310600
* [sanitizer-coverage] implement -fsanitize-coverage=no-prune,... instead of a ↵Kostya Serebryany2017-05-051-2/+3
| | | | | | hidden -mllvm flag. clang part. llvm-svn: 302320
* [sanitizer-coverage] update the SanitizerCoverage docs to reflect the ↵Kostya Serebryany2017-05-021-233/+167
| | | | | | current state llvm-svn: 301888
* [sanitizer-coverage] add a deprecation note to coverage_direct=1Kostya Serebryany2017-05-011-0/+2
| | | | llvm-svn: 301824
* [sanitizer-coverage] trim down the docsKostya Serebryany2017-04-191-170/+0
| | | | llvm-svn: 300776
* [sanitizer-coverage] deprecate some of the stale coverage variantsKostya Serebryany2017-04-191-23/+1
| | | | llvm-svn: 300738
* [sancov] pc_guard_init is called at least once per DSO.Mike Aizatsky2017-02-081-4/+5
| | | | | | | | Summary: Documentation update for https://reviews.llvm.org/D29662 Differential Revision: https://reviews.llvm.org/D29722 llvm-svn: 294522
* [sanitizer-coverage] emit __sanitizer_cov_trace_pc_guard w/o a preceding ↵Kostya Serebryany2017-01-241-6/+12
| | | | | | 'if' by default. Update the docs, also add deprecation notes around other parts of sanitizer coverage llvm-svn: 292862
* [sancov] documentation update after r283241Mike Aizatsky2016-10-041-1/+1
| | | | llvm-svn: 283242
* [sanitizer-coverage] fix docsKostya Serebryany2016-09-301-0/+1
| | | | llvm-svn: 282962
* [sancov] -symbolize documentation updateMike Aizatsky2016-09-301-6/+13
| | | | llvm-svn: 282948
* [sanitizer-coverage] a bit more docsKostya Serebryany2016-09-291-1/+13
| | | | llvm-svn: 282752
* [sanitizer-coverage] more docsKostya Serebryany2016-09-291-0/+67
| | | | llvm-svn: 282751
* [sanitize-coverage] doc typoKostya Serebryany2016-09-291-1/+1
| | | | llvm-svn: 282749
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-2/+2
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-3/+3
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [sanitizer-coverage] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-10/+9
| | | | llvm-svn: 281809
* [sanitizer-coverage] make trace-pc-guard and indirect-call work togetherKostya Serebryany2016-09-151-2/+5
| | | | llvm-svn: 281665
* [sanitizer-coverage] add yet another flavour of coverage instrumentation: ↵Kostya Serebryany2016-09-141-0/+26
| | | | | | trace-pc-guard. The intent is to eventually replace all of {bool coverage, 8bit-counters, trace-pc} with just this one. Clang part llvm-svn: 281432
* [sanitizer-coverage] add two more modes of instrumentation: trace-div and ↵Kostya Serebryany2016-08-301-3/+16
| | | | | | trace-gep, mostly usaful for value-profile-based fuzzing; clang part llvm-svn: 280044
* [sanitizer-coverag] update the docs in __sanitizer_cov_trace_cmpKostya Serebryany2016-08-181-4/+4
| | | | llvm-svn: 279028
* [sanitizer] Allow sanitize coverage w/o sanitizers.Evgeniy Stepanov2016-06-141-4/+6
| | | | | | | The reason is that this (a) seems to work just fine and (b) useful when building stuff with sanitizer+coverage, but need to exclude the sanitizer for a particular source file. llvm-svn: 272717
* [sanitizer-coverage] better docs for -fsanitize-coverage=trace-bbKostya Serebryany2016-04-181-1/+17
| | | | llvm-svn: 266672
* Use an anonymous hyperlink reference to eliminate Sphinx warnings.Aaron Ballman2016-02-221-2/+2
| | | | llvm-svn: 261523
* [sanitizer-coverage] allow -fsanitize-coverage=trace-pc w/o any other ↵Kostya Serebryany2016-02-181-5/+6
| | | | | | sanitizer and w/o ...=[func,bb,edge]. This makes this syntax a superset of the GCC's syntax llvm-svn: 261182
* [sanitizer-coverage] implement -fsanitize-coverage=trace-pc. This is similar ↵Kostya Serebryany2016-02-171-0/+11
| | | | | | to trace-bb, but has a different API. We already use the equivalent flag in GCC for Linux kernel fuzzing. We may be able to use this flag with AFL too llvm-svn: 261159
* Fix some typos in the clang docSylvestre Ledru2016-02-141-2/+2
| | | | llvm-svn: 260856
* [sancov] improved object files handling.Mike Aizatsky2016-02-121-4/+5
| | | | | | | | Documentation change for: http://reviews.llvm.org/D17169 Differential Revision: http://reviews.llvm.org/D17175 llvm-svn: 260630
* [sancov] sancov tool documentationMike Aizatsky2016-01-271-0/+34
| | | | | | Differential Revision: http://reviews.llvm.org/D16432 llvm-svn: 259000
* [sanitizer coverage] document -fsanitize-coverage=trace-bbKostya Serebryany2015-12-021-0/+7
| | | | llvm-svn: 254481
* [libFuzzer] clarify the limitation of fsanitize-coverage=trace-cmpKostya Serebryany2015-11-301-0/+1
| | | | llvm-svn: 254337
* [libFuzzer] minimal documentation on data-flow-guided fuzzingKostya Serebryany2015-07-311-0/+27
| | | | llvm-svn: 243793
* Update docs for SanitizerCoverage.Alexey Samsonov2015-05-071-17/+18
| | | | llvm-svn: 236793
* [docs] Update SanitizerCoverage docs.Sergey Matveev2015-05-061-6/+12
| | | | llvm-svn: 236641
* Fix clang docs build.Sergey Matveev2015-04-231-2/+2
| | | | llvm-svn: 235650
* Add clang/docs/SanitizerCoverage.rstSergey Matveev2015-04-231-0/+348
Moved from https://code.google.com/p/address-sanitizer/wiki/AsanCoverage llvm-svn: 235643
OpenPOWER on IntegriCloud