summaryrefslogtreecommitdiffstats
path: root/llvm/test/Instrumentation/SanitizerCoverage
Commit message (Collapse)AuthorAgeFilesLines
* [sanitizer-coverage] don't instrument a function if it's entry block ends ↵Kostya Serebryany2018-05-111-0/+17
| | | | | | with 'unreachable' llvm-svn: 332072
* [DebugInfo] Add DILabel metadata and intrinsic llvm.dbg.label.Shiva Chen2018-05-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to set breakpoints on labels and list source code around labels, we need collect debug information for labels, i.e., label name, the function label belong, line number in the file, and the address label located. In order to keep these information in LLVM IR and to allow backend to generate debug information correctly. We create a new kind of metadata for labels, DILabel. The format of DILabel is !DILabel(scope: !1, name: "foo", file: !2, line: 3) We hope to keep debug information as much as possible even the code is optimized. So, we create a new kind of intrinsic for label metadata to avoid the metadata is eliminated with basic block. The intrinsic will keep existing if we keep it from optimized out. The format of the intrinsic is llvm.dbg.label(metadata !1) It has only one argument, that is the DILabel metadata. The intrinsic will follow the label immediately. Backend could get the label metadata through the intrinsic's parameter. We also create DIBuilder API for labels to be used by Frontend. Frontend could use createLabel() to allocate DILabel objects, and use insertLabel() to insert llvm.dbg.label intrinsic in LLVM IR. Differential Revision: https://reviews.llvm.org/D45024 Patch by Hsiangkai Wang. llvm-svn: 331841
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-301-13/+8
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Only enable on Linux. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312185
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-291-8/+13
| | | | | | This reverts r312026 due to bot breakage. llvm-svn: 312047
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-291-13/+8
| | | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. - Disable stack depth tracking on Mac. Reviewers: vitalybuka, kcc, george.karpenkov Reviewed By: kcc Subscribers: kubamracek, cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 312026
* Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"Matt Morehouse2017-08-251-8/+13
| | | | | | This reverts r311801 due to a bot failure. llvm-svn: 311803
* [SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzerMatt Morehouse2017-08-251-13/+8
| | | | | | | | | | | | | | | | | Summary: - Don't sanitize __sancov_lowest_stack. - Don't instrument leaf functions. - Add CoverageStackDepth to Fuzzer and FuzzerNoLink. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: cfe-commits, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D37156 llvm-svn: 311801
* [sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany2017-08-251-1/+1
| | | | llvm-svn: 311794
* [SanitizerCoverage] Optimize stack-depth instrumentation.Matt Morehouse2017-08-221-9/+7
| | | | | | | | | | | | | | | | Summary: Use the initialexec TLS type and eliminate calls to the TLS wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D37026 llvm-svn: 311490
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-181-0/+50
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [sanitizer-coverage] Change cmp instrumentation to distinguish const operandsAlexander Potapenko2017-08-101-0/+64
| | | | | | | | | | | | | | | | | | | | | This implementation of SanitizerCoverage instrumentation inserts different callbacks depending on constantness of operands: 1. If both operands are non-const, then a usual __sanitizer_cov_trace_cmp[1248] call is inserted. 2. If exactly one operand is const, then a __sanitizer_cov_trace_const_cmp[1248] call is inserted. The first argument of the call is always the constant one. 3. If both operands are const, then no callback is inserted. This separation comes useful in fuzzing when tasks like "find one operand of the comparison in input arguments and replace it with the other one" have to be done. The new instrumentation allows us to not waste time on searching the constant operands in the input. Patch by Victor Chibotaru. llvm-svn: 310600
* [sanitizer-coverage] don't instrument available_externally functionsKostya Serebryany2017-07-311-0/+10
| | | | llvm-svn: 309611
* [sanitizer-coverage] ensure minimal alignment for coverage counters and guardsKostya Serebryany2017-07-312-0/+2
| | | | llvm-svn: 309610
* [sanitizer-coverage] rename sanitizer-coverage-create-pc-table into ↵Kostya Serebryany2017-07-281-3/+3
| | | | | | sanitizer-coverage-pc-table and add plumbing for a clang flag llvm-svn: 309337
* [sanitizer-coverage] add a feature sanitizer-coverage-create-pc-table=1 ↵Kostya Serebryany2017-07-271-0/+23
| | | | | | (works with trace-pc-guard and inline-8bit-counters) that adds a static table of instrumented PCs to be used at run-time llvm-svn: 309335
* [sancov] Fix PR33732Alexander Potapenko2017-07-182-0/+44
| | | | | | | | Coverage hooks that take less-than-64-bit-integers as parameters need the zeroext parameter attribute (http://llvm.org/docs/LangRef.html#paramattrs) to make sure they are properly extended by the x86_64 ABI. llvm-svn: 308296
* Fixing section name for Darwin platforms for sanitizer coverageGeorge Karpenkov2017-06-141-1/+1
| | | | | | On Darwin, section names have a 16char length limit. llvm-svn: 305429
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-081-0/+13
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308 llvm-svn: 305026
* Revert "[sanitizer-coverage] one more flavor of coverage: ↵Renato Golin2017-06-051-13/+0
| | | | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet." This reverts commit r304630, as it broke ARM/AArch64 bots for 2 days. llvm-svn: 304698
* [sanitizer-coverage] one more flavor of coverage: ↵Kostya Serebryany2017-06-031-0/+13
| | | | | | -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. llvm-svn: 304630
* [sanitizer-coverage] remove stale code (old coverage); llvm part Kostya Serebryany2017-05-313-14/+2
| | | | llvm-svn: 304319
* Fix coverage check for full post-dominator basic blocks.George Karpenkov2017-05-252-0/+118
| | | | | | | | | | | Coverage instrumentation which does not instrument full post-dominators and full-dominators may skip valid paths, as the reasoning for skipping blocks may become circular. This patch fixes that, by only skipping full post-dominators with multiple predecessors, as such predecessors by definition can not be full-dominators. llvm-svn: 303827
* Revert "Disable coverage opt-out for strong postdominator blocks."George Karpenkov2017-05-241-27/+0
| | | | | | | This reverts commit 2ed06f05fc10869dd1239cff96fcdea2ee8bf4ef. Buildbots do not like this on Linux. llvm-svn: 303710
* Revert "Fixes for tests for r303698"George Karpenkov2017-05-242-7/+2
| | | | | | This reverts commit 69bfaf72e7502eb08bbca88a57925fa31c6295c6. llvm-svn: 303709
* Fixes for tests for r303698George Karpenkov2017-05-232-2/+7
| | | | llvm-svn: 303701
* Disable coverage opt-out for strong postdominator blocks.George Karpenkov2017-05-231-0/+27
| | | | | | | | | | | | | | | | Coverage instrumentation has an optimization not to instrument extra blocks, if the pass is already "accounted for" by a successor/predecessor basic block. However (https://github.com/google/sanitizers/issues/783) this reasoning may become circular, which stops valid paths from having coverage. In the worst case this can cause fuzzing to stop working entirely. This change simplifies logic to something which trivially can not have such circular reasoning, as losing valid paths does not seem like a good trade-off for a ~15% decrease in the # of instrumented basic blocks. llvm-svn: 303698
* [sanitizer-coverage] remove some more stale codeKostya Serebryany2017-04-191-12/+0
| | | | llvm-svn: 300778
* [sanitizer-coverage] remove stale codeKostya Serebryany2017-04-192-35/+0
| | | | llvm-svn: 300769
* [sancov] Don't instrument blocks with no insertion pointReid Kleckner2017-03-231-0/+111
| | | | | | | | | | | | | This prevents crashes when attempting to instrument functions containing C++ try. Sanitizer coverage will still fail at runtime when an exception is thrown through a sancov instrumented function, but that seems marginally better than what we have now. The full solution is to color the blocks in LLVM IR and only instrument blocks that have an unambiguous color, using the appropriate token. llvm-svn: 298662
* [sancov] using comdat only when it is enabledMike Aizatsky2017-02-083-13/+84
| | | | | | Differential Revision: https://reviews.llvm.org/D29733 llvm-svn: 294529
* [sancov] specifying comdat for sancov constructorsMike Aizatsky2017-02-081-1/+13
| | | | | | Differential Revision: https://reviews.llvm.org/D29662 llvm-svn: 294517
* SanitizerCoverage: Support sanitizer guard section on darwinJustin Bogner2017-02-011-0/+9
| | | | | | | MachO's sections need a segment as well as a section name, and the section start and end symbols are spelled differently than on ELF. llvm-svn: 293733
* [sanitizer-coverage] emit __sanitizer_cov_trace_pc_guard w/o a preceding ↵Kostya Serebryany2017-01-242-3/+3
| | | | | | 'if' by default. Update the docs, also add deprecation notes around other parts of sanitizer coverage llvm-svn: 292862
* [sanitizer-coverage] sort the switch casesKostya Serebryany2016-12-271-2/+2
| | | | llvm-svn: 290628
* [sancov] Name the global containing the main source file nameReid Kleckner2016-11-161-1/+1
| | | | | | | If the global name doesn't start with __sancov_gen, ASan will insert unecessary red zones around it. llvm-svn: 287117
* [sanitizer-coverage] make sure asan does not instrument coverage guards ↵Kostya Serebryany2016-11-151-2/+10
| | | | | | (reported in https://github.com/google/oss-fuzz/issues/84) llvm-svn: 287030
* [sanitizer-coverage] use private linkage for coverage guards, delete old ↵Kostya Serebryany2016-10-111-1/+1
| | | | | | commented-out code. llvm-svn: 283924
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-292-3/+2
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [sanitizer-coverage] fix a bug in trace-gepKostya Serebryany2016-09-271-0/+8
| | | | llvm-svn: 282467
* [sanitizer-coverage] don't emit the CTOR function if nothing has been ↵Kostya Serebryany2016-09-271-0/+9
| | | | | | instrumented llvm-svn: 282465
* [sanitizer-coverage] add comdat to coverage guards if neededKostya Serebryany2016-09-201-0/+13
| | | | llvm-svn: 281952
* [sanitizer-coverage] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-1/+1
| | | | llvm-svn: 281809
* [sanitizer-coverage] make trace-pc-guard and indirect-call work togetherKostya Serebryany2016-09-151-0/+1
| | | | llvm-svn: 281665
* [sanitizer-coverage] add yet another flavour of coverage instrumentation: ↵Kostya Serebryany2016-09-141-0/+9
| | | | | | trace-pc-guard. The intent is to eventually replace all of {bool coverage, 8bit-counters, trace-pc} with just this one. LLVM part llvm-svn: 281431
* [sanitizer-coverage] add two more modes of instrumentation: trace-div and ↵Kostya Serebryany2016-08-304-4/+73
| | | | | | trace-gep, mostly usaful for value-profile-based fuzzing; llvm part llvm-svn: 280043
* [sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany2016-08-181-1/+1
| | | | | | __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
* [sanitizer-coverage] make sure that calls to __sanitizer_cov_trace_pc are ↵Kostya Serebryany2016-07-141-5/+10
| | | | | | not merged (otherwise different calls get the same PC and confuse fuzzers) llvm-svn: 275449
* DebugInfo: Remove MDString-based type referencesDuncan P. N. Exon Smith2016-04-231-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | Eliminate DITypeIdentifierMap and make DITypeRef a thin wrapper around DIType*. It is no longer legal to refer to a DICompositeType by its 'identifier:', and DIBuilder no longer retains all types with an 'identifier:' automatically. Aside from the bitcode upgrade, this is mainly removing logic to resolve an MDString-based reference to an actualy DIType. The commits leading up to this have made the implicit type map in DICompileUnit's 'retainedTypes:' field superfluous. This does not remove DITypeRef, DIScopeRef, DINodeRef, and DITypeRefArray, or stop using them in DI-related metadata. Although as of this commit they aren't serving a useful purpose, there are patchces under review to reuse them for CodeView support. The tests in LLVM were updated with deref-typerefs.sh, which is attached to the thread "[RFC] Lazy-loading of debug info metadata": http://lists.llvm.org/pipermail/llvm-dev/2016-April/098318.html llvm-svn: 267296
* [LLVM] Remove unwanted --check-prefix=CHECK from unit tests. NFC.Mandeep Singh Grang2016-04-192-2/+2
| | | | | | | | | | | | Summary: Removed unwanted --check-prefix=CHECK from numerous unit tests. Reviewers: t.p.northover, dblaikie, uweigand, MatzeB, tstellarAMD, mcrosier Subscribers: mcrosier, dsanders Differential Revision: http://reviews.llvm.org/D19279 llvm-svn: 266834
* [PR27284] Reverse the ownership between DICompileUnit and DISubprogram.Adrian Prantl2016-04-152-6/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently each Function points to a DISubprogram and DISubprogram has a scope field. For member functions the scope is a DICompositeType. DIScopes point to the DICompileUnit to facilitate type uniquing. Distinct DISubprograms (with isDefinition: true) are not part of the type hierarchy and cannot be uniqued. This change removes the subprograms list from DICompileUnit and instead adds a pointer to the owning compile unit to distinct DISubprograms. This would make it easy for ThinLTO to strip unneeded DISubprograms and their transitively referenced debug info. Motivation ---------- Materializing DISubprograms is currently the most expensive operation when doing a ThinLTO build of clang. We want the DISubprogram to be stored in a separate Bitcode block (or the same block as the function body) so we can avoid having to expensively deserialize all DISubprograms together with the global metadata. If a function has been inlined into another subprogram we need to store a reference the block containing the inlined subprogram. Attached to https://llvm.org/bugs/show_bug.cgi?id=27284 is a python script that updates LLVM IR testcases to the new format. http://reviews.llvm.org/D19034 <rdar://problem/25256815> llvm-svn: 266446
OpenPOWER on IntegriCloud