summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Fixing section name for Darwin platforms for sanitizer coverageGeorge Karpenkov2017-06-141-1/+1
| | | | | | On Darwin, section names have a 16char length limit. llvm-svn: 305429
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-081-9/+43
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308 llvm-svn: 305026
* Revert "[sanitizer-coverage] one more flavor of coverage: ↵Renato Golin2017-06-051-43/+9
| | | | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet." This reverts commit r304630, as it broke ARM/AArch64 bots for 2 days. llvm-svn: 304698
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-031-9/+43
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. llvm-svn: 304630
* [sanitizer-coverage] refactor the code to make it easier to add more ↵Kostya Serebryany2017-06-021-55/+74
| | | | | | sections in future. NFC llvm-svn: 304610
* [sanitizer-coverage] remove stale code (old coverage); llvm part Kostya Serebryany2017-05-311-130/+10
| | | | llvm-svn: 304319
* Fix coverage check for full post-dominator basic blocks.George Karpenkov2017-05-251-1/+4
| | | | | | | | | | | Coverage instrumentation which does not instrument full post-dominators and full-dominators may skip valid paths, as the reasoning for skipping blocks may become circular. This patch fixes that, by only skipping full post-dominators with multiple predecessors, as such predecessors by definition can not be full-dominators. llvm-svn: 303827
* Revert "Disable coverage opt-out for strong postdominator blocks."George Karpenkov2017-05-241-2/+22
| | | | | | | This reverts commit 2ed06f05fc10869dd1239cff96fcdea2ee8bf4ef. Buildbots do not like this on Linux. llvm-svn: 303710
* Disable coverage opt-out for strong postdominator blocks.George Karpenkov2017-05-231-22/+2
| | | | | | | | | | | | | | | | Coverage instrumentation has an optimization not to instrument extra blocks, if the pass is already "accounted for" by a successor/predecessor basic block. However (https://github.com/google/sanitizers/issues/783) this reasoning may become circular, which stops valid paths from having coverage. In the worst case this can cause fuzzing to stop working entirely. This change simplifies logic to something which trivially can not have such circular reasoning, as losing valid paths does not seem like a good trade-off for a ~15% decrease in the # of instrumented basic blocks. llvm-svn: 303698
* [sanitizer-coverage] implement -fsanitize-coverage=no-prune,... instead of a ↵Kostya Serebryany2017-05-051-4/+7
| | | | | | hidden -mllvm flag. llvm part. llvm-svn: 302319
* [sanitizer-coverage] remove some more stale codeKostya Serebryany2017-04-191-21/+5
| | | | llvm-svn: 300778
* Remove two unused variables (-Werror).Evgeniy Stepanov2017-04-191-3/+0
| | | | llvm-svn: 300777
* [sanitizer-coverage] remove stale codeKostya Serebryany2017-04-191-66/+4
| | | | llvm-svn: 300769
* Module::getOrInsertFunction is using C-style vararg instead of variadic ↵Serge Guelton2017-04-111-16/+16
| | | | | | | | | | | templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. Differential Revision: https://reviews.llvm.org/D31070 llvm-svn: 299949
* Revert "Turn some C-style vararg into variadic templates"Diana Picus2017-04-111-16/+16
| | | | | | | This reverts commit r299925 because it broke the buildbots. See e.g. http://lab.llvm.org:8011/builders/clang-cmake-armv7-a15/builds/6008 llvm-svn: 299928
* Turn some C-style vararg into variadic templatesSerge Guelton2017-04-111-16/+16
| | | | | | | | | | | | Module::getOrInsertFunction is using C-style vararg instead of variadic templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. llvm-svn: 299925
* Revert "Turn some C-style vararg into variadic templates"Mehdi Amini2017-04-061-25/+30
| | | | | | This reverts commit r299699, the examples needs to be updated. llvm-svn: 299702
* Turn some C-style vararg into variadic templatesMehdi Amini2017-04-061-30/+25
| | | | | | | | | | | | | | | | Module::getOrInsertFunction is using C-style vararg instead of variadic templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. Patch by: Serge Guelton <serge.guelton@telecom-bretagne.eu> Differential Revision: https://reviews.llvm.org/D31070 llvm-svn: 299699
* [sancov] Don't instrument blocks with no insertion pointReid Kleckner2017-03-231-0/+5
| | | | | | | | | | | | | This prevents crashes when attempting to instrument functions containing C++ try. Sanitizer coverage will still fail at runtime when an exception is thrown through a sancov instrumented function, but that seems marginally better than what we have now. The full solution is to color the blocks in LLVM IR and only instrument blocks that have an unambiguous color, using the appropriate token. llvm-svn: 298662
* [sancov] using comdat only when it is enabledMike Aizatsky2017-02-081-3/+7
| | | | | | Differential Revision: https://reviews.llvm.org/D29733 llvm-svn: 294529
* [sancov] specifying comdat for sancov constructorsMike Aizatsky2017-02-081-1/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D29662 llvm-svn: 294517
* [sanitizer coverage] Fix Instrumentation to work on Windows.Marcos Pividori2017-02-031-21/+29
| | | | | | | | | | | | | | | | | | | | | On Windows, the symbols "___stop___sancov_guards" and "___start___sancov_guards" are not defined automatically. So, we need to take a different approach. We define 3 sections: Section ".SCOV$A" will only hold a variable ___start___sancov_guard. Section ".SCOV$M" will hold the main data. Section ".SCOV$Z" will only hold a variable ___stop___sancov_guards. When linking, they will be merged sorted by the characters after the $, so we can use the pointers of the variables ___[start|stop]___sancov_guard to know the actual range of addresses of that section. In this diff, I updated instrumentation to include all the guard arrays in section ".SCOV$M". Differential Revision: https://reviews.llvm.org/D28434 llvm-svn: 293987
* SanitizerCoverage: Support sanitizer guard section on darwinJustin Bogner2017-02-011-13/+30
| | | | | | | MachO's sections need a segment as well as a section name, and the section start and end symbols are spelled differently than on ELF. llvm-svn: 293733
* [sanitizer-coverage] emit __sanitizer_cov_trace_pc_guard w/o a preceding ↵Kostya Serebryany2017-01-241-1/+1
| | | | | | 'if' by default. Update the docs, also add deprecation notes around other parts of sanitizer coverage llvm-svn: 292862
* [sanitizer-coverage] sort the switch casesKostya Serebryany2016-12-271-0/+5
| | | | llvm-svn: 290628
* [sanitizer-coverage] use IRB.SetCurrentDebugLocation after IRB.SetInsertPointKostya Serebryany2016-12-031-1/+1
| | | | llvm-svn: 288568
* [sancov] Name the global containing the main source file nameReid Kleckner2016-11-161-3/+3
| | | | | | | If the global name doesn't start with __sancov_gen, ASan will insert unecessary red zones around it. llvm-svn: 287117
* [sanitizer-coverage] make sure asan does not instrument coverage guards ↵Kostya Serebryany2016-11-151-1/+1
| | | | | | (reported in https://github.com/google/oss-fuzz/issues/84) llvm-svn: 287030
* [sancov] Don't instrument MSVC CRT stdio config helpersReid Kleckner2016-11-111-0/+5
| | | | | | | | They get called before initialization, which is a problem for winasan. Test coming in compiler-rt. llvm-svn: 286615
* [sanitizer-coverage] use private linkage for coverage guards, delete old ↵Kostya Serebryany2016-10-111-12/+4
| | | | | | commented-out code. llvm-svn: 283924
* Use StringRef in Pass/PassManager APIs (NFC)Mehdi Amini2016-10-011-1/+1
| | | | llvm-svn: 283004
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-64/+91
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [sanitizer-coverage] fix a bug in trace-gepKostya Serebryany2016-09-271-1/+1
| | | | llvm-svn: 282467
* [sanitizer-coverage] don't emit the CTOR function if nothing has been ↵Kostya Serebryany2016-09-271-17/+21
| | | | | | instrumented llvm-svn: 282465
* [sanitizer-coverage] add comdat to coverage guards if neededKostya Serebryany2016-09-201-0/+2
| | | | llvm-svn: 281952
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-7/+9
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [sanitizer-coverage] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-24/+27
| | | | llvm-svn: 281809
* [sanitizer-coverage] make trace-pc-guard and indirect-call work togetherKostya Serebryany2016-09-151-1/+1
| | | | llvm-svn: 281665
* [sanitizer-coverage] add yet another flavour of coverage instrumentation: ↵Kostya Serebryany2016-09-141-2/+52
| | | | | | trace-pc-guard. The intent is to eventually replace all of {bool coverage, 8bit-counters, trace-pc} with just this one. LLVM part llvm-svn: 281431
* [sanitizer-coverage] add two more modes of instrumentation: trace-div and ↵Kostya Serebryany2016-08-301-6/+75
| | | | | | trace-gep, mostly usaful for value-profile-based fuzzing; llvm part llvm-svn: 280043
* [sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany2016-08-181-8/+24
| | | | | | __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
* [sanitizer-coverage] make sure that calls to __sanitizer_cov_trace_pc are ↵Kostya Serebryany2016-07-141-1/+2
| | | | | | not merged (otherwise different calls get the same PC and confuse fuzzers) llvm-svn: 275449
* [sancov] enabling coverage edge pruning by default.Mike Aizatsky2016-04-061-4/+4
| | | | | | Differential Revision: http://reviews.llvm.org/D18844 llvm-svn: 265615
* NFC: make AtomicOrdering an enum classJF Bastien2016-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: In the context of http://wg21.link/lwg2445 C++ uses the concept of 'stronger' ordering but doesn't define it properly. This should be fixed in C++17 barring a small question that's still open. The code currently plays fast and loose with the AtomicOrdering enum. Using an enum class is one step towards tightening things. I later also want to tighten related enums, such as clang's AtomicOrderingKind (which should be shared with LLVM as a 'C++ ABI' enum). This change touches a few lines of code which can be improved later, I'd like to keep it as NFC for now as it's already quite complex. I have related changes for clang. As a follow-up I'll add: bool operator<(AtomicOrdering, AtomicOrdering) = delete; bool operator>(AtomicOrdering, AtomicOrdering) = delete; bool operator<=(AtomicOrdering, AtomicOrdering) = delete; bool operator>=(AtomicOrdering, AtomicOrdering) = delete; This is separate so that clang and LLVM changes don't need to be in sync. Reviewers: jyknight, reames Subscribers: jyknight, llvm-commits Differential Revision: http://reviews.llvm.org/D18775 llvm-svn: 265602
* [sancov] save entry block from pruning (it is always full dominator)Mike Aizatsky2016-04-011-3/+3
| | | | llvm-svn: 265168
* [sancov] code readability improvement.Mike Aizatsky2016-03-231-11/+26
| | | | | | | | Summary: Reply to http://reviews.llvm.org/D18341 Differential Revision: http://reviews.llvm.org/D18406 llvm-svn: 264213
* [sancov] do not instrument nodes that are full pre-dominatorsMike Aizatsky2016-03-211-10/+17
| | | | | | | | | | | | | Summary: Without tree pruning clang has 2,667,552 points. Wiht only dominators pruning: 1,515,586. With both dominators & predominators pruning: 1,340,534. Resubmit of r262103. Differential Revision: http://reviews.llvm.org/D18341 llvm-svn: 264003
* [sancov] clang-formatting SanitizerCoverage.cpp and fully pleasing clang-tidy.Mike Aizatsky2016-03-181-72/+78
| | | | | | Differential Revision: http://reviews.llvm.org/D18288 llvm-svn: 263852
* Revert "Revert "[sancov] specifying sanitizer coverage dependencies.""Chandler Carruth2016-03-181-1/+7
| | | | | | This reverts commit r263825, re-instating r263797. llvm-svn: 263847
* [sancov] Fix the sancov pass to initialize itself inside itsChandler Carruth2016-03-181-1/+3
| | | | | | | constructor. This should fix the recent crashes on certain architectures. llvm-svn: 263845
OpenPOWER on IntegriCloud