summaryrefslogtreecommitdiffstats
path: root/llvm/test/Instrumentation/SanitizerCoverage
Commit message (Collapse)AuthorAgeFilesLines
* [SanitizerCoverage] Clang crashes if user declares `__sancov_lowest_stack` ↵Julian Lettner2019-02-041-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | variable Summary: If the user declares or defines `__sancov_lowest_stack` with an unexpected type, then `getOrInsertGlobal` inserts a bitcast and the following cast fails: ``` Constant *SanCovLowestStackConstant = M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy); SanCovLowestStack = cast<GlobalVariable>(SanCovLowestStackConstant); ``` This variable is a SanitizerCoverage implementation detail and the user should generally never have a need to access it, so we emit an error now. rdar://problem/44143130 Reviewers: morehouse Differential Revision: https://reviews.llvm.org/D57633 llvm-svn: 353100
* [sanitizer-coverage] prune trace-cmp instrumentation for CMP isntructions ↵Kostya Serebryany2019-01-311-0/+32
| | | | | | that feed into the backedge branch. Instrumenting these CMP instructions is almost always useless (and harmful) for fuzzing llvm-svn: 352818
* [EH] Rename llvm.x86.seh.recoverfp intrinsic to llvm.eh.recoverfpMandeep Singh Grang2019-01-161-2/+2
| | | | | | | | | | | | | | | | Summary: Make recoverfp intrinsic target-independent so that it can be implemented for AArch64, etc. Refer D53541 for the context. Clang counterpart D56748. Reviewers: rnk, efriedma Reviewed By: rnk, efriedma Subscribers: javed.absar, kristof.beyls, llvm-commits Differential Revision: https://reviews.llvm.org/D56747 llvm-svn: 351281
* [SanitizerCoverage] Don't create comdat for interposable functions.Matt Morehouse2019-01-151-0/+37
| | | | | | | | | | | | | | | | | | | Summary: Comdat groups override weak symbol behavior, allowing the linker to keep the comdats for weak symbols in favor of comdats for strong symbols. Fixes the issue described in: https://bugs.chromium.org/p/chromium/issues/detail?id=918662 Reviewers: eugenis, pcc, rnk Reviewed By: pcc, rnk Subscribers: smeenai, rnk, bd1976llvm, hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D56516 llvm-svn: 351247
* [SanitizerCoverage][NFC] Use appendToUsed instead of includeJonathan Metzman2019-01-141-0/+11
| | | | | | | | | | | | | | | | | | | Summary: Use appendToUsed instead of include to ensure that SanitizerCoverage's constructors are not stripped. Also, use isOSBinFormatCOFF() to determine if target binary format is COFF. Reviewers: pcc Reviewed By: pcc Subscribers: hiraditya Differential Revision: https://reviews.llvm.org/D56369 llvm-svn: 351118
* [sancov] Put .SCOV* sections into the right comdat groups on COFFReid Kleckner2018-11-081-0/+85
| | | | | | | | | | | | | | | Avoids linker errors about relocations against discarded sections. This was uncovered during the Chromium clang roll here: https://chromium-review.googlesource.com/c/chromium/src/+/1321863#message-717516acfcf829176f6a2f50980f7a4bdd66469a After this change, Chromium's libGLESv2 links successfully for me. Reviewers: metzman, hans, morehouse Differential Revision: https://reviews.llvm.org/D54232 llvm-svn: 346381
* [SanitizerCoverage] Create comdat for global arrays.Matt Morehouse2018-09-135-7/+7
| | | | | | | | | | | | | | | | | Summary: Place global arrays in comdat sections with their associated functions. This makes sure they are stripped along with the functions they reference, even on the BFD linker. Reviewers: eugenis Reviewed By: eugenis Subscribers: eraman, hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D51902 llvm-svn: 342186
* Revert "[SanitizerCoverage] Create comdat for global arrays."Matt Morehouse2018-09-115-7/+7
| | | | | | | This reverts r341987 since it will cause trouble when there's a module ID collision. llvm-svn: 341995
* [SanitizerCoverage] Create comdat for global arrays.Matt Morehouse2018-09-115-7/+7
| | | | | | | | | | | | | | | | | Summary: Place global arrays in comdat sections with their associated functions. This makes sure they are stripped along with the functions they reference, even on the BFD linker. Reviewers: eugenis Reviewed By: eugenis Subscribers: eraman, hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D51902 llvm-svn: 341987
* Revert "[SanitizerCoverage] Create comdat for global arrays."Matt Morehouse2018-09-115-7/+7
| | | | | | This reverts r341951 due to bot breakage. llvm-svn: 341965
* [SanitizerCoverage] Create comdat for global arrays.Matt Morehouse2018-09-115-7/+7
| | | | | | | | | | | | | | | | | Summary: Place global arrays in comdat sections with their associated functions. This makes sure they are stripped along with the functions they reference, even on the BFD linker. Reviewers: eugenis Reviewed By: eugenis Subscribers: eraman, hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D51902 llvm-svn: 341951
* [libFuzzer] Port to WindowsMatt Morehouse2018-08-301-0/+12
| | | | | | | | | | | | | | | | | | | | Summary: Port libFuzzer to windows-msvc. This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well. It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch. It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them. Patch By: metzman Reviewers: morehouse, rnk Reviewed By: morehouse, rnk Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman Differential Revision: https://reviews.llvm.org/D51022 llvm-svn: 341082
* Revert "[libFuzzer] Port to Windows"Matt Morehouse2018-08-291-12/+0
| | | | | | This reverts r340949 due to bot breakage again. llvm-svn: 340954
* [libFuzzer] Port to WindowsMatt Morehouse2018-08-291-0/+12
| | | | | | | | | | | | | | | | | | Summary: Port libFuzzer to windows-msvc. This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well. It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch. It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them. Reviewers: morehouse, rnk Reviewed By: morehouse, rnk Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman Differential Revision: https://reviews.llvm.org/D51022 llvm-svn: 340949
* Revert "[libFuzzer] Port to Windows"Matt Morehouse2018-08-281-12/+0
| | | | | | This reverts commit r340860 due to failing tests. llvm-svn: 340867
* [libFuzzer] Port to WindowsMatt Morehouse2018-08-281-0/+12
| | | | | | | | | | | | | | | | | | | | Summary: Port libFuzzer to windows-msvc. This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well. It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch. It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them. Patch By: metzman Reviewers: morehouse, rnk Reviewed By: morehouse, rnk Subscribers: morehouse, kcc, eraman Differential Revision: https://reviews.llvm.org/D51022 llvm-svn: 340860
* [sanitizer-coverage] don't instrument a function if it's entry block ends ↵Kostya Serebryany2018-05-111-0/+17
| | | | | | with 'unreachable' llvm-svn: 332072
* [DebugInfo] Add DILabel metadata and intrinsic llvm.dbg.label.Shiva Chen2018-05-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to set breakpoints on labels and list source code around labels, we need collect debug information for labels, i.e., label name, the function label belong, line number in the file, and the address label located. In order to keep these information in LLVM IR and to allow backend to generate debug information correctly. We create a new kind of metadata for labels, DILabel. The format of DILabel is !DILabel(scope: !1, name: "foo", file: !2, line: 3) We hope to keep debug information as much as possible even the code is optimized. So, we create a new kind of intrinsic for label metadata to avoid the metadata is eliminated with basic block. The intrinsic will keep existing if we keep it from optimized out. The format of the intrinsic is llvm.dbg.label(metadata !1) It has only one argument, that is the DILabel metadata. The intrinsic will follow the label immediately. Backend could get the label metadata through the intrinsic's parameter. We also create DIBuilder API for labels to be used by Frontend. Frontend could use createLabel() to allocate DILabel objects, and use insertLabel() to insert llvm.dbg.label intrinsic in LLVM IR. Differential Revision: https://reviews.llvm.org/D45024 Patch by Hsiangkai Wang. llvm-svn: 331841
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-301-13/+8
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Only enable on Linux. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312185
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-291-8/+13
| | | | | | This reverts r312026 due to bot breakage. llvm-svn: 312047
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-291-13/+8
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Disable stack depth tracking on Mac. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312026
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-251-8/+13
| | | | | | This reverts r311801 due to a bot failure. llvm-svn: 311803
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-251-13/+8
| | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 311801
* [sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany2017-08-251-1/+1
| | | | llvm-svn: 311794
* [SanitizerCoverage] Optimize stack-depth instrumentation.Matt Morehouse2017-08-221-9/+7
| | | | | | | | | | | | | | | | Summary: Use the initialexec TLS type and eliminate calls to the TLS wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D37026 llvm-svn: 311490
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-181-0/+50
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [sanitizer-coverage] Change cmp instrumentation to distinguish const operandsAlexander Potapenko2017-08-101-0/+64
| | | | | | | | | | | | | | | | | | | | | This implementation of SanitizerCoverage instrumentation inserts different callbacks depending on constantness of operands: 1. If both operands are non-const, then a usual __sanitizer_cov_trace_cmp[1248] call is inserted. 2. If exactly one operand is const, then a __sanitizer_cov_trace_const_cmp[1248] call is inserted. The first argument of the call is always the constant one. 3. If both operands are const, then no callback is inserted. This separation comes useful in fuzzing when tasks like "find one operand of the comparison in input arguments and replace it with the other one" have to be done. The new instrumentation allows us to not waste time on searching the constant operands in the input. Patch by Victor Chibotaru. llvm-svn: 310600
* [sanitizer-coverage] don't instrument available_externally functionsKostya Serebryany2017-07-311-0/+10
| | | | llvm-svn: 309611
* [sanitizer-coverage] ensure minimal alignment for coverage counters and guardsKostya Serebryany2017-07-312-0/+2
| | | | llvm-svn: 309610
* [sanitizer-coverage] rename sanitizer-coverage-create-pc-table into ↵Kostya Serebryany2017-07-281-3/+3
| | | | | | sanitizer-coverage-pc-table and add plumbing for a clang flag llvm-svn: 309337
* [sanitizer-coverage] add a feature sanitizer-coverage-create-pc-table=1 ↵Kostya Serebryany2017-07-271-0/+23
| | | | | | (works with trace-pc-guard and inline-8bit-counters) that adds a static table of instrumented PCs to be used at run-time llvm-svn: 309335
* [sancov] Fix PR33732Alexander Potapenko2017-07-182-0/+44
| | | | | | | | Coverage hooks that take less-than-64-bit-integers as parameters need the zeroext parameter attribute (http://llvm.org/docs/LangRef.html#paramattrs) to make sure they are properly extended by the x86_64 ABI. llvm-svn: 308296
* Fixing section name for Darwin platforms for sanitizer coverageGeorge Karpenkov2017-06-141-1/+1
| | | | | | On Darwin, section names have a 16char length limit. llvm-svn: 305429
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-081-0/+13
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308 llvm-svn: 305026
* Revert "[sanitizer-coverage] one more flavor of coverage: ↵Renato Golin2017-06-051-13/+0
| | | | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet." This reverts commit r304630, as it broke ARM/AArch64 bots for 2 days. llvm-svn: 304698
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-031-0/+13
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. llvm-svn: 304630
* [sanitizer-coverage] remove stale code (old coverage); llvm part Kostya Serebryany2017-05-313-14/+2
| | | | llvm-svn: 304319
* Fix coverage check for full post-dominator basic blocks.George Karpenkov2017-05-252-0/+118
| | | | | | | | | | | Coverage instrumentation which does not instrument full post-dominators and full-dominators may skip valid paths, as the reasoning for skipping blocks may become circular. This patch fixes that, by only skipping full post-dominators with multiple predecessors, as such predecessors by definition can not be full-dominators. llvm-svn: 303827
* Revert "Disable coverage opt-out for strong postdominator blocks."George Karpenkov2017-05-241-27/+0
| | | | | | | This reverts commit 2ed06f05fc10869dd1239cff96fcdea2ee8bf4ef. Buildbots do not like this on Linux. llvm-svn: 303710
* Revert "Fixes for tests for r303698"George Karpenkov2017-05-242-7/+2
| | | | | | This reverts commit 69bfaf72e7502eb08bbca88a57925fa31c6295c6. llvm-svn: 303709
* Fixes for tests for r303698George Karpenkov2017-05-232-2/+7
| | | | llvm-svn: 303701
* Disable coverage opt-out for strong postdominator blocks.George Karpenkov2017-05-231-0/+27
| | | | | | | | | | | | | | | | Coverage instrumentation has an optimization not to instrument extra blocks, if the pass is already "accounted for" by a successor/predecessor basic block. However (https://github.com/google/sanitizers/issues/783) this reasoning may become circular, which stops valid paths from having coverage. In the worst case this can cause fuzzing to stop working entirely. This change simplifies logic to something which trivially can not have such circular reasoning, as losing valid paths does not seem like a good trade-off for a ~15% decrease in the # of instrumented basic blocks. llvm-svn: 303698
* [sanitizer-coverage] remove some more stale codeKostya Serebryany2017-04-191-12/+0
| | | | llvm-svn: 300778
* [sanitizer-coverage] remove stale codeKostya Serebryany2017-04-192-35/+0
| | | | llvm-svn: 300769
* [sancov] Don't instrument blocks with no insertion pointReid Kleckner2017-03-231-0/+111
| | | | | | | | | | | | | This prevents crashes when attempting to instrument functions containing C++ try. Sanitizer coverage will still fail at runtime when an exception is thrown through a sancov instrumented function, but that seems marginally better than what we have now. The full solution is to color the blocks in LLVM IR and only instrument blocks that have an unambiguous color, using the appropriate token. llvm-svn: 298662
* [sancov] using comdat only when it is enabledMike Aizatsky2017-02-083-13/+84
| | | | | | Differential Revision: https://reviews.llvm.org/D29733 llvm-svn: 294529
* [sancov] specifying comdat for sancov constructorsMike Aizatsky2017-02-081-1/+13
| | | | | | Differential Revision: https://reviews.llvm.org/D29662 llvm-svn: 294517
* SanitizerCoverage: Support sanitizer guard section on darwinJustin Bogner2017-02-011-0/+9
| | | | | | | MachO's sections need a segment as well as a section name, and the section start and end symbols are spelled differently than on ELF. llvm-svn: 293733
* [sanitizer-coverage] emit __sanitizer_cov_trace_pc_guard w/o a preceding ↵Kostya Serebryany2017-01-242-3/+3
| | | | | | 'if' by default. Update the docs, also add deprecation notes around other parts of sanitizer coverage llvm-svn: 292862
* [sanitizer-coverage] sort the switch casesKostya Serebryany2016-12-271-2/+2
| | | | llvm-svn: 290628
OpenPOWER on IntegriCloud