summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [SanitizerCoverage] Add associated metadata to 8-bit counters.Matt Morehouse2018-07-121-1/+3
| | | | | | | | | | | | | | | | | | | | Summary: This allows counters associated with unused functions to be dead-stripped along with their functions. This approach is the same one we used for PC tables. Fixes an issue where LLD removes an unused PC table but leaves the 8-bit counter. Reviewers: eugenis Reviewed By: eugenis Subscribers: llvm-commits, hiraditya, kcc Differential Revision: https://reviews.llvm.org/D49264 llvm-svn: 336941
* [Instrumentation] Remove unused includeBenjamin Kramer2018-06-251-1/+0
| | | | | | It's also a layering violation. llvm-svn: 335528
* [SanitizerCoverage] Add associated metadata to pc-tables.Matt Morehouse2018-06-151-1/+5
| | | | | | | | | | | | | | | | | | | | Summary: Using associated metadata rather than llvm.used allows linkers to perform dead stripping with -fsanitize-coverage=pc-table. Unfortunately in my local tests, LLD was the only linker that made use of this metadata. Partially addresses https://bugs.llvm.org/show_bug.cgi?id=34636 and fixes https://github.com/google/sanitizers/issues/971. Reviewers: eugenis Reviewed By: eugenis Subscribers: Dor1s, hiraditya, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D48203 llvm-svn: 334858
* [sanitizer-coverage] don't instrument a function if it's entry block ends ↵Kostya Serebryany2018-05-111-0/+2
| | | | | | with 'unreachable' llvm-svn: 332072
* [Transforms] Change std::sort to llvm::sort in response to r327219Mandeep Singh Grang2018-04-131-5/+5
| | | | | | | | | | | | | | | | | | | | | | Summary: r327219 added wrappers to std::sort which randomly shuffle the container before sorting. This will help in uncovering non-determinism caused due to undefined sorting order of objects having the same key. To make use of that infrastructure we need to invoke llvm::sort instead of std::sort. Note: This patch is one of a series of patches to replace *all* std::sort to llvm::sort. Refer the comments section in D44363 for a list of all the required patches. Reviewers: kcc, pcc, danielcdh, jmolloy, sanjoy, dberlin, ruiu Reviewed By: ruiu Subscribers: ruiu, llvm-commits Differential Revision: https://reviews.llvm.org/D45142 llvm-svn: 330059
* [sanitizer-coverage] call appendToUsed once per module, not once per ↵Kostya Serebryany2017-09-091-8/+8
| | | | | | function (which is too slow) llvm-svn: 312855
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-301-9/+21
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Only enable on Linux. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312185
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-291-21/+9
| | | | | | This reverts r312026 due to bot breakage. llvm-svn: 312047
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-291-9/+21
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Disable stack depth tracking on Mac. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312026
* [sanitizer-coverage] Mark the guard and 8-bit counter arrays as usedJustin Bogner2017-08-291-7/+14
| | | | | | | | | | | | | | In r311742 we marked the PCs array as used so it wouldn't be dead stripped, but left the guard and 8-bit counters arrays alone since these are referenced by the coverage instrumentation. This doesn't quite work if we want the indices of the PCs array to match the other arrays though, since elements can still end up being dead and disappear. Instead, we mark all three of these arrays as used so that they'll be consistent with one another. llvm-svn: 311959
* [sanitizer-coverage] Return the array from CreatePCArray. NFCJustin Bogner2017-08-281-9/+12
| | | | | | | | | | | Be more consistent with CreateFunctionLocalArrayInSection in the API of CreatePCArray, and assign the member variable in the caller like we do for the guard and 8-bit counter arrays. This also tweaks the order of method declarations to match the order of definitions in the file. llvm-svn: 311955
* [sanitizer-coverage] Clean up trailing whitespace. NFCJustin Bogner2017-08-281-6/+6
| | | | llvm-svn: 311954
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-251-21/+9
| | | | | | This reverts r311801 due to a bot failure. llvm-svn: 311803
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-251-9/+21
| | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 311801
* [sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany2017-08-251-13/+20
| | | | llvm-svn: 311794
* [sanitizer-coverage] Make sure pc-tables aren't dead strippedJustin Bogner2017-08-251-0/+4
| | | | | | | Add a reference to the PC array in llvm.used so that linkers that aggressively dead strip (like ld64) don't remove it. llvm-svn: 311742
* [SanitizerCoverage] Optimize stack-depth instrumentation.Matt Morehouse2017-08-221-23/+7
| | | | | | | | | | | | | | | | Summary: Use the initialexec TLS type and eliminate calls to the TLS wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D37026 llvm-svn: 311490
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-181-2/+52
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [sanitizer-coverage] Change cmp instrumentation to distinguish const operandsAlexander Potapenko2017-08-101-4/+40
| | | | | | | | | | | | | | | | | | | | | This implementation of SanitizerCoverage instrumentation inserts different callbacks depending on constantness of operands: 1. If both operands are non-const, then a usual __sanitizer_cov_trace_cmp[1248] call is inserted. 2. If exactly one operand is const, then a __sanitizer_cov_trace_const_cmp[1248] call is inserted. The first argument of the call is always the constant one. 3. If both operands are const, then no callback is inserted. This separation comes useful in fuzzing when tasks like "find one operand of the comparison in input arguments and replace it with the other one" have to be done. The new instrumentation allows us to not waste time on searching the constant operands in the input. Patch by Victor Chibotaru. llvm-svn: 310600
* [sanitizer-coverage] relax an assertionKostya Serebryany2017-08-011-4/+5
| | | | llvm-svn: 309644
* [sanitizer-coverage] don't instrument available_externally functionsKostya Serebryany2017-07-311-0/+3
| | | | llvm-svn: 309611
* [sanitizer-coverage] ensure minimal alignment for coverage counters and guardsKostya Serebryany2017-07-311-1/+2
| | | | llvm-svn: 309610
* [sanitizer-coverage] rename sanitizer-coverage-create-pc-table into ↵Kostya Serebryany2017-07-281-4/+5
| | | | | | sanitizer-coverage-pc-table and add plumbing for a clang flag llvm-svn: 309337
* [sanitizer-coverage] add a feature sanitizer-coverage-create-pc-table=1 ↵Kostya Serebryany2017-07-271-22/+81
| | | | | | (works with trace-pc-guard and inline-8bit-counters) that adds a static table of instrumented PCs to be used at run-time llvm-svn: 309335
* [sanitizer-coverage] simplify the code, NFCKostya Serebryany2017-07-251-14/+8
| | | | llvm-svn: 308944
* [sancov] Fix PR33732Alexander Potapenko2017-07-181-0/+10
| | | | | | | | Coverage hooks that take less-than-64-bit-integers as parameters need the zeroext parameter attribute (http://llvm.org/docs/LangRef.html#paramattrs) to make sure they are properly extended by the x86_64 ABI. llvm-svn: 308296
* Fixing section name for Darwin platforms for sanitizer coverageGeorge Karpenkov2017-06-141-1/+1
| | | | | | On Darwin, section names have a 16char length limit. llvm-svn: 305429
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-081-9/+43
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308 llvm-svn: 305026
* Revert "[sanitizer-coverage] one more flavor of coverage: ↵Renato Golin2017-06-051-43/+9
| | | | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet." This reverts commit r304630, as it broke ARM/AArch64 bots for 2 days. llvm-svn: 304698
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-031-9/+43
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. llvm-svn: 304630
* [sanitizer-coverage] refactor the code to make it easier to add more ↵Kostya Serebryany2017-06-021-55/+74
| | | | | | sections in future. NFC llvm-svn: 304610
* [sanitizer-coverage] remove stale code (old coverage); llvm part Kostya Serebryany2017-05-311-130/+10
| | | | llvm-svn: 304319
* Fix coverage check for full post-dominator basic blocks.George Karpenkov2017-05-251-1/+4
| | | | | | | | | | | Coverage instrumentation which does not instrument full post-dominators and full-dominators may skip valid paths, as the reasoning for skipping blocks may become circular. This patch fixes that, by only skipping full post-dominators with multiple predecessors, as such predecessors by definition can not be full-dominators. llvm-svn: 303827
* Revert "Disable coverage opt-out for strong postdominator blocks."George Karpenkov2017-05-241-2/+22
| | | | | | | This reverts commit 2ed06f05fc10869dd1239cff96fcdea2ee8bf4ef. Buildbots do not like this on Linux. llvm-svn: 303710
* Disable coverage opt-out for strong postdominator blocks.George Karpenkov2017-05-231-22/+2
| | | | | | | | | | | | | | | | Coverage instrumentation has an optimization not to instrument extra blocks, if the pass is already "accounted for" by a successor/predecessor basic block. However (https://github.com/google/sanitizers/issues/783) this reasoning may become circular, which stops valid paths from having coverage. In the worst case this can cause fuzzing to stop working entirely. This change simplifies logic to something which trivially can not have such circular reasoning, as losing valid paths does not seem like a good trade-off for a ~15% decrease in the # of instrumented basic blocks. llvm-svn: 303698
* [sanitizer-coverage] implement -fsanitize-coverage=no-prune,... instead of a ↵Kostya Serebryany2017-05-051-4/+7
| | | | | | hidden -mllvm flag. llvm part. llvm-svn: 302319
* [sanitizer-coverage] remove some more stale codeKostya Serebryany2017-04-191-21/+5
| | | | llvm-svn: 300778
* Remove two unused variables (-Werror).Evgeniy Stepanov2017-04-191-3/+0
| | | | llvm-svn: 300777
* [sanitizer-coverage] remove stale codeKostya Serebryany2017-04-191-66/+4
| | | | llvm-svn: 300769
* Module::getOrInsertFunction is using C-style vararg instead of variadic ↵Serge Guelton2017-04-111-16/+16
| | | | | | | | | | | templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. Differential Revision: https://reviews.llvm.org/D31070 llvm-svn: 299949
* Revert "Turn some C-style vararg into variadic templates"Diana Picus2017-04-111-16/+16
| | | | | | | This reverts commit r299925 because it broke the buildbots. See e.g. http://lab.llvm.org:8011/builders/clang-cmake-armv7-a15/builds/6008 llvm-svn: 299928
* Turn some C-style vararg into variadic templatesSerge Guelton2017-04-111-16/+16
| | | | | | | | | | | | Module::getOrInsertFunction is using C-style vararg instead of variadic templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. llvm-svn: 299925
* Revert "Turn some C-style vararg into variadic templates"Mehdi Amini2017-04-061-25/+30
| | | | | | This reverts commit r299699, the examples needs to be updated. llvm-svn: 299702
* Turn some C-style vararg into variadic templatesMehdi Amini2017-04-061-30/+25
| | | | | | | | | | | | | | | | Module::getOrInsertFunction is using C-style vararg instead of variadic templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. Patch by: Serge Guelton <serge.guelton@telecom-bretagne.eu> Differential Revision: https://reviews.llvm.org/D31070 llvm-svn: 299699
* [sancov] Don't instrument blocks with no insertion pointReid Kleckner2017-03-231-0/+5
| | | | | | | | | | | | | This prevents crashes when attempting to instrument functions containing C++ try. Sanitizer coverage will still fail at runtime when an exception is thrown through a sancov instrumented function, but that seems marginally better than what we have now. The full solution is to color the blocks in LLVM IR and only instrument blocks that have an unambiguous color, using the appropriate token. llvm-svn: 298662
* [sancov] using comdat only when it is enabledMike Aizatsky2017-02-081-3/+7
| | | | | | Differential Revision: https://reviews.llvm.org/D29733 llvm-svn: 294529
* [sancov] specifying comdat for sancov constructorsMike Aizatsky2017-02-081-1/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D29662 llvm-svn: 294517
* [sanitizer coverage] Fix Instrumentation to work on Windows.Marcos Pividori2017-02-031-21/+29
| | | | | | | | | | | | | | | | | | | | | On Windows, the symbols "___stop___sancov_guards" and "___start___sancov_guards" are not defined automatically. So, we need to take a different approach. We define 3 sections: Section ".SCOV$A" will only hold a variable ___start___sancov_guard. Section ".SCOV$M" will hold the main data. Section ".SCOV$Z" will only hold a variable ___stop___sancov_guards. When linking, they will be merged sorted by the characters after the $, so we can use the pointers of the variables ___[start|stop]___sancov_guard to know the actual range of addresses of that section. In this diff, I updated instrumentation to include all the guard arrays in section ".SCOV$M". Differential Revision: https://reviews.llvm.org/D28434 llvm-svn: 293987
* SanitizerCoverage: Support sanitizer guard section on darwinJustin Bogner2017-02-011-13/+30
| | | | | | | MachO's sections need a segment as well as a section name, and the section start and end symbols are spelled differently than on ELF. llvm-svn: 293733
* [sanitizer-coverage] emit __sanitizer_cov_trace_pc_guard w/o a preceding ↵Kostya Serebryany2017-01-241-1/+1
| | | | | | 'if' by default. Update the docs, also add deprecation notes around other parts of sanitizer coverage llvm-svn: 292862
OpenPOWER on IntegriCloud