summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [sanitizer-coverage] call appendToUsed once per module, not once per ↵Kostya Serebryany2017-09-091-8/+8
| | | | | | function (which is too slow) llvm-svn: 312855
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-301-9/+21
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Only enable on Linux. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312185
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-291-21/+9
| | | | | | This reverts r312026 due to bot breakage. llvm-svn: 312047
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-291-9/+21
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Disable stack depth tracking on Mac. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312026
* [sanitizer-coverage] Mark the guard and 8-bit counter arrays as usedJustin Bogner2017-08-291-7/+14
| | | | | | | | | | | | | | In r311742 we marked the PCs array as used so it wouldn't be dead stripped, but left the guard and 8-bit counters arrays alone since these are referenced by the coverage instrumentation. This doesn't quite work if we want the indices of the PCs array to match the other arrays though, since elements can still end up being dead and disappear. Instead, we mark all three of these arrays as used so that they'll be consistent with one another. llvm-svn: 311959
* [sanitizer-coverage] Return the array from CreatePCArray. NFCJustin Bogner2017-08-281-9/+12
| | | | | | | | | | | Be more consistent with CreateFunctionLocalArrayInSection in the API of CreatePCArray, and assign the member variable in the caller like we do for the guard and 8-bit counter arrays. This also tweaks the order of method declarations to match the order of definitions in the file. llvm-svn: 311955
* [sanitizer-coverage] Clean up trailing whitespace. NFCJustin Bogner2017-08-281-6/+6
| | | | llvm-svn: 311954
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-251-21/+9
| | | | | | This reverts r311801 due to a bot failure. llvm-svn: 311803
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-251-9/+21
| | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 311801
* [sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany2017-08-251-13/+20
| | | | llvm-svn: 311794
* [sanitizer-coverage] Make sure pc-tables aren't dead strippedJustin Bogner2017-08-251-0/+4
| | | | | | | Add a reference to the PC array in llvm.used so that linkers that aggressively dead strip (like ld64) don't remove it. llvm-svn: 311742
* [SanitizerCoverage] Optimize stack-depth instrumentation.Matt Morehouse2017-08-221-23/+7
| | | | | | | | | | | | | | | | Summary: Use the initialexec TLS type and eliminate calls to the TLS wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D37026 llvm-svn: 311490
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-181-2/+52
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [sanitizer-coverage] Change cmp instrumentation to distinguish const operandsAlexander Potapenko2017-08-101-4/+40
| | | | | | | | | | | | | | | | | | | | | This implementation of SanitizerCoverage instrumentation inserts different callbacks depending on constantness of operands: 1. If both operands are non-const, then a usual __sanitizer_cov_trace_cmp[1248] call is inserted. 2. If exactly one operand is const, then a __sanitizer_cov_trace_const_cmp[1248] call is inserted. The first argument of the call is always the constant one. 3. If both operands are const, then no callback is inserted. This separation comes useful in fuzzing when tasks like "find one operand of the comparison in input arguments and replace it with the other one" have to be done. The new instrumentation allows us to not waste time on searching the constant operands in the input. Patch by Victor Chibotaru. llvm-svn: 310600
* [sanitizer-coverage] relax an assertionKostya Serebryany2017-08-011-4/+5
| | | | llvm-svn: 309644
* [sanitizer-coverage] don't instrument available_externally functionsKostya Serebryany2017-07-311-0/+3
| | | | llvm-svn: 309611
* [sanitizer-coverage] ensure minimal alignment for coverage counters and guardsKostya Serebryany2017-07-311-1/+2
| | | | llvm-svn: 309610
* [sanitizer-coverage] rename sanitizer-coverage-create-pc-table into ↵Kostya Serebryany2017-07-281-4/+5
| | | | | | sanitizer-coverage-pc-table and add plumbing for a clang flag llvm-svn: 309337
* [sanitizer-coverage] add a feature sanitizer-coverage-create-pc-table=1 ↵Kostya Serebryany2017-07-271-22/+81
| | | | | | (works with trace-pc-guard and inline-8bit-counters) that adds a static table of instrumented PCs to be used at run-time llvm-svn: 309335
* [sanitizer-coverage] simplify the code, NFCKostya Serebryany2017-07-251-14/+8
| | | | llvm-svn: 308944
* [sancov] Fix PR33732Alexander Potapenko2017-07-181-0/+10
| | | | | | | | Coverage hooks that take less-than-64-bit-integers as parameters need the zeroext parameter attribute (http://llvm.org/docs/LangRef.html#paramattrs) to make sure they are properly extended by the x86_64 ABI. llvm-svn: 308296
* Fixing section name for Darwin platforms for sanitizer coverageGeorge Karpenkov2017-06-141-1/+1
| | | | | | On Darwin, section names have a 16char length limit. llvm-svn: 305429
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-081-9/+43
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308 llvm-svn: 305026
* Revert "[sanitizer-coverage] one more flavor of coverage: ↵Renato Golin2017-06-051-43/+9
| | | | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet." This reverts commit r304630, as it broke ARM/AArch64 bots for 2 days. llvm-svn: 304698
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-031-9/+43
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. llvm-svn: 304630
* [sanitizer-coverage] refactor the code to make it easier to add more ↵Kostya Serebryany2017-06-021-55/+74
| | | | | | sections in future. NFC llvm-svn: 304610
* [sanitizer-coverage] remove stale code (old coverage); llvm part Kostya Serebryany2017-05-311-130/+10
| | | | llvm-svn: 304319
* Fix coverage check for full post-dominator basic blocks.George Karpenkov2017-05-251-1/+4
| | | | | | | | | | | Coverage instrumentation which does not instrument full post-dominators and full-dominators may skip valid paths, as the reasoning for skipping blocks may become circular. This patch fixes that, by only skipping full post-dominators with multiple predecessors, as such predecessors by definition can not be full-dominators. llvm-svn: 303827
* Revert "Disable coverage opt-out for strong postdominator blocks."George Karpenkov2017-05-241-2/+22
| | | | | | | This reverts commit 2ed06f05fc10869dd1239cff96fcdea2ee8bf4ef. Buildbots do not like this on Linux. llvm-svn: 303710
* Disable coverage opt-out for strong postdominator blocks.George Karpenkov2017-05-231-22/+2
| | | | | | | | | | | | | | | | Coverage instrumentation has an optimization not to instrument extra blocks, if the pass is already "accounted for" by a successor/predecessor basic block. However (https://github.com/google/sanitizers/issues/783) this reasoning may become circular, which stops valid paths from having coverage. In the worst case this can cause fuzzing to stop working entirely. This change simplifies logic to something which trivially can not have such circular reasoning, as losing valid paths does not seem like a good trade-off for a ~15% decrease in the # of instrumented basic blocks. llvm-svn: 303698
* [sanitizer-coverage] implement -fsanitize-coverage=no-prune,... instead of a ↵Kostya Serebryany2017-05-051-4/+7
| | | | | | hidden -mllvm flag. llvm part. llvm-svn: 302319
* [sanitizer-coverage] remove some more stale codeKostya Serebryany2017-04-191-21/+5
| | | | llvm-svn: 300778
* Remove two unused variables (-Werror).Evgeniy Stepanov2017-04-191-3/+0
| | | | llvm-svn: 300777
* [sanitizer-coverage] remove stale codeKostya Serebryany2017-04-191-66/+4
| | | | llvm-svn: 300769
* Module::getOrInsertFunction is using C-style vararg instead of variadic ↵Serge Guelton2017-04-111-16/+16
| | | | | | | | | | | templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. Differential Revision: https://reviews.llvm.org/D31070 llvm-svn: 299949
* Revert "Turn some C-style vararg into variadic templates"Diana Picus2017-04-111-16/+16
| | | | | | | This reverts commit r299925 because it broke the buildbots. See e.g. http://lab.llvm.org:8011/builders/clang-cmake-armv7-a15/builds/6008 llvm-svn: 299928
* Turn some C-style vararg into variadic templatesSerge Guelton2017-04-111-16/+16
| | | | | | | | | | | | Module::getOrInsertFunction is using C-style vararg instead of variadic templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. llvm-svn: 299925
* Revert "Turn some C-style vararg into variadic templates"Mehdi Amini2017-04-061-25/+30
| | | | | | This reverts commit r299699, the examples needs to be updated. llvm-svn: 299702
* Turn some C-style vararg into variadic templatesMehdi Amini2017-04-061-30/+25
| | | | | | | | | | | | | | | | Module::getOrInsertFunction is using C-style vararg instead of variadic templates. From a user prospective, it forces the use of an annoying nullptr to mark the end of the vararg, and there's not type checking on the arguments. The variadic template is an obvious solution to both issues. Patch by: Serge Guelton <serge.guelton@telecom-bretagne.eu> Differential Revision: https://reviews.llvm.org/D31070 llvm-svn: 299699
* [sancov] Don't instrument blocks with no insertion pointReid Kleckner2017-03-231-0/+5
| | | | | | | | | | | | | This prevents crashes when attempting to instrument functions containing C++ try. Sanitizer coverage will still fail at runtime when an exception is thrown through a sancov instrumented function, but that seems marginally better than what we have now. The full solution is to color the blocks in LLVM IR and only instrument blocks that have an unambiguous color, using the appropriate token. llvm-svn: 298662
* [sancov] using comdat only when it is enabledMike Aizatsky2017-02-081-3/+7
| | | | | | Differential Revision: https://reviews.llvm.org/D29733 llvm-svn: 294529
* [sancov] specifying comdat for sancov constructorsMike Aizatsky2017-02-081-1/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D29662 llvm-svn: 294517
* [sanitizer coverage] Fix Instrumentation to work on Windows.Marcos Pividori2017-02-031-21/+29
| | | | | | | | | | | | | | | | | | | | | On Windows, the symbols "___stop___sancov_guards" and "___start___sancov_guards" are not defined automatically. So, we need to take a different approach. We define 3 sections: Section ".SCOV$A" will only hold a variable ___start___sancov_guard. Section ".SCOV$M" will hold the main data. Section ".SCOV$Z" will only hold a variable ___stop___sancov_guards. When linking, they will be merged sorted by the characters after the $, so we can use the pointers of the variables ___[start|stop]___sancov_guard to know the actual range of addresses of that section. In this diff, I updated instrumentation to include all the guard arrays in section ".SCOV$M". Differential Revision: https://reviews.llvm.org/D28434 llvm-svn: 293987
* SanitizerCoverage: Support sanitizer guard section on darwinJustin Bogner2017-02-011-13/+30
| | | | | | | MachO's sections need a segment as well as a section name, and the section start and end symbols are spelled differently than on ELF. llvm-svn: 293733
* [sanitizer-coverage] emit __sanitizer_cov_trace_pc_guard w/o a preceding ↵Kostya Serebryany2017-01-241-1/+1
| | | | | | 'if' by default. Update the docs, also add deprecation notes around other parts of sanitizer coverage llvm-svn: 292862
* [sanitizer-coverage] sort the switch casesKostya Serebryany2016-12-271-0/+5
| | | | llvm-svn: 290628
* [sanitizer-coverage] use IRB.SetCurrentDebugLocation after IRB.SetInsertPointKostya Serebryany2016-12-031-1/+1
| | | | llvm-svn: 288568
* [sancov] Name the global containing the main source file nameReid Kleckner2016-11-161-3/+3
| | | | | | | If the global name doesn't start with __sancov_gen, ASan will insert unecessary red zones around it. llvm-svn: 287117
* [sanitizer-coverage] make sure asan does not instrument coverage guards ↵Kostya Serebryany2016-11-151-1/+1
| | | | | | (reported in https://github.com/google/oss-fuzz/issues/84) llvm-svn: 287030
* [sancov] Don't instrument MSVC CRT stdio config helpersReid Kleckner2016-11-111-0/+5
| | | | | | | | They get called before initialization, which is a problem for winasan. Test coming in compiler-rt. llvm-svn: 286615
OpenPOWER on IntegriCloud