[sanitizer-coverage] one more flavor of coverage: -fsanitize-coverage=inline-8bit...

author Kostya Serebryany <kcc@google.com>

Thu, 8 Jun 2017 22:58:19 +0000 (22:58 +0000)

committer Kostya Serebryany <kcc@google.com>

Thu, 8 Jun 2017 22:58:19 +0000 (22:58 +0000)
author Kostya Serebryany <kcc@google.com>
Thu, 8 Jun 2017 22:58:19 +0000 (22:58 +0000)
committer Kostya Serebryany <kcc@google.com>
Thu, 8 Jun 2017 22:58:19 +0000 (22:58 +0000)
diff --git a/include/llvm/Transforms/Instrumentation.h b/include/llvm/Transforms/Instrumentation.h

index 023d7af7f729d7a48460a0c1e5104384ad637434..b6c6c091631d54376ecd64a026a674e0a15d134b 100644 (file)
--- a/include/llvm/Transforms/Instrumentation.h
+++ b/include/llvm/Transforms/Instrumentation.h
@@ -177,6 +177,7 @@ struct SanitizerCoverageOptions {
    bool Use8bitCounters = false;
    bool TracePC = false;
    bool TracePCGuard = false;
+  bool Inline8bitCounters = false;
    bool NoPrune = false;
  
    SanitizerCoverageOptions() = default;
diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

index 2ae3d43bca582e82719761ae6fe7d3161c8f7c0a..8aa40d1759de62ae1984110dcaa35a870aa6b79d 100644 (file)
--- a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -57,8 +57,11 @@ static const char *const SanCovTracePCGuardName =
      "__sanitizer_cov_trace_pc_guard";
  static const char *const SanCovTracePCGuardInitName =
      "__sanitizer_cov_trace_pc_guard_init";
+static const char *const SanCov8bitCountersInitName = 
+    "__sanitizer_cov_8bit_counters_init";
  
  static const char *const SanCovGuardsSectionName = "sancov_guards";
+static const char *const SanCovCountersSectionName = "sancov_counters";
  
  static cl::opt<int> ClCoverageLevel(
      "sanitizer-coverage-level",
@@ -66,14 +69,18 @@ static cl::opt<int> ClCoverageLevel(
               "3: all blocks and critical edges"),
      cl::Hidden, cl::init(0));
  
-static cl::opt<bool> ClExperimentalTracePC("sanitizer-coverage-trace-pc",
-                                           cl::desc("Experimental pc tracing"),
-                                           cl::Hidden, cl::init(false));
+static cl::opt<bool> ClTracePC("sanitizer-coverage-trace-pc",
+                               cl::desc("Experimental pc tracing"), cl::Hidden,
+                               cl::init(false));
  
  static cl::opt<bool> ClTracePCGuard("sanitizer-coverage-trace-pc-guard",
                                      cl::desc("pc tracing with a guard"),
                                      cl::Hidden, cl::init(false));
  
+static cl::opt<bool> ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters",
+                                    cl::desc("increments 8-bit counter for every edge"),
+                                    cl::Hidden, cl::init(false));
+
  static cl::opt<bool>
      ClCMPTracing("sanitizer-coverage-trace-compares",
                   cl::desc("Tracing of CMP and similar instructions"),
@@ -125,9 +132,10 @@ SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
    Options.TraceCmp |= ClCMPTracing;
    Options.TraceDiv |= ClDIVTracing;
    Options.TraceGep |= ClGEPTracing;
-  Options.TracePC |= ClExperimentalTracePC;
+  Options.TracePC |= ClTracePC;
    Options.TracePCGuard |= ClTracePCGuard;
-  if (!Options.TracePCGuard && !Options.TracePC)
+  Options.Inline8bitCounters |= ClInline8bitCounters;
+  if (!Options.TracePCGuard && !Options.TracePC && !Options.Inline8bitCounters)
      Options.TracePCGuard = true; // TracePCGuard is default.
    Options.NoPrune |= !ClPruneBlocks;
    return Options;
@@ -169,6 +177,11 @@ private:
    void CreateInitCallForSection(Module &M, const char *InitFunctionName,
                                  Type *Ty, const std::string &Section);
  
+  void SetNoSanitizeMetadata(Instruction *I) {
+    I->setMetadata(I->getModule()->getMDKindID("nosanitize"),
+                   MDNode::get(*C, None));
+  }
+
    std::string getSectionName(const std::string &Section) const;
    std::string getSectionStart(const std::string &Section) const;
    std::string getSectionEnd(const std::string &Section) const;
@@ -179,13 +192,15 @@ private:
    Function *SanCovTraceGepFunction;
    Function *SanCovTraceSwitchFunction;
    InlineAsm *EmptyAsm;
-  Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy;
+  Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy,
+      *Int8Ty, *Int8PtrTy;
    Module *CurModule;
    Triple TargetTriple;
    LLVMContext *C;
    const DataLayout *DL;
  
    GlobalVariable *FunctionGuardArray;  // for trace-pc-guard.
+  GlobalVariable *Function8bitCounterArray;  // for inline-8bit-counters.
  
    SanitizerCoverageOptions Options;
  };
@@ -227,14 +242,17 @@ bool SanitizerCoverageModule::runOnModule(Module &M) {
    CurModule = &M;
    TargetTriple = Triple(M.getTargetTriple());
    FunctionGuardArray = nullptr;
+  Function8bitCounterArray = nullptr;
    IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
    IntptrPtrTy = PointerType::getUnqual(IntptrTy);
    Type *VoidTy = Type::getVoidTy(*C);
    IRBuilder<> IRB(*C);
    Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
    Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
+  Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
    Int64Ty = IRB.getInt64Ty();
    Int32Ty = IRB.getInt32Ty();
+  Int8Ty = IRB.getInt8Ty();
  
    SanCovTracePCIndir = checkSanitizerInterfaceFunction(
        M.getOrInsertFunction(SanCovTracePCIndirName, VoidTy, IntptrTy));
@@ -280,6 +298,9 @@ bool SanitizerCoverageModule::runOnModule(Module &M) {
    if (FunctionGuardArray)
      CreateInitCallForSection(M, SanCovTracePCGuardInitName, Int32PtrTy,
                               SanCovGuardsSectionName);
+  if (Function8bitCounterArray)
+    CreateInitCallForSection(M, SanCov8bitCountersInitName, Int8PtrTy,
+                             SanCovCountersSectionName);
  
    return true;
  }
@@ -420,6 +441,9 @@ void SanitizerCoverageModule::CreateFunctionLocalArrays(size_t NumGuards,
    if (Options.TracePCGuard)
      FunctionGuardArray = CreateFunctionLocalArrayInSection(
          NumGuards, F, Int32Ty, SanCovGuardsSectionName);
+  if (Options.Inline8bitCounters)
+    Function8bitCounterArray = CreateFunctionLocalArrayInSection(
+        NumGuards, F, Int8Ty, SanCovCountersSectionName);
  }
  
  bool SanitizerCoverageModule::InjectCoverage(Function &F,
@@ -452,7 +476,7 @@ void SanitizerCoverageModule::InjectCoverageForIndirectCalls(
      Function &F, ArrayRef<Instruction *> IndirCalls) {
    if (IndirCalls.empty())
      return;
-  assert(Options.TracePC || Options.TracePCGuard);
+  assert(Options.TracePC || Options.TracePCGuard || Options.Inline8bitCounters);
    for (auto I : IndirCalls) {
      IRBuilder<> IRB(I);
      CallSite CS(I);
@@ -580,8 +604,8 @@ void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
    if (Options.TracePC) {
      IRB.CreateCall(SanCovTracePC); // gets the PC using GET_CALLER_PC.
      IRB.CreateCall(EmptyAsm, {}); // Avoids callback merge.
-  } else {
-    assert(Options.TracePCGuard);
+  }
+  if (Options.TracePCGuard) {
      auto GuardPtr = IRB.CreateIntToPtr(
          IRB.CreateAdd(IRB.CreatePointerCast(FunctionGuardArray, IntptrTy),
                        ConstantInt::get(IntptrTy, Idx * 4)),
@@ -589,6 +613,16 @@ void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
      IRB.CreateCall(SanCovTracePCGuard, GuardPtr);
      IRB.CreateCall(EmptyAsm, {}); // Avoids callback merge.
    }
+  if (Options.Inline8bitCounters) {
+    auto CounterPtr = IRB.CreateGEP(
+        Function8bitCounterArray,
+        {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
+    auto Load = IRB.CreateLoad(CounterPtr);
+    auto Inc = IRB.CreateAdd(Load, ConstantInt::get(Int8Ty, 1));
+    auto Store = IRB.CreateStore(Inc, CounterPtr);
+    SetNoSanitizeMetadata(Load);
+    SetNoSanitizeMetadata(Store);
+  }
  }
  
  std::string
diff --git a/test/Instrumentation/SanitizerCoverage/inline-8bit-counters.ll b/test/Instrumentation/SanitizerCoverage/inline-8bit-counters.ll

new file mode 100644 (file)

index 0000000..4df6ffe
--- /dev/null
+++ b/test/Instrumentation/SanitizerCoverage/inline-8bit-counters.ll
@@ -0,0 +1,13 @@
+; Test -sanitizer-coverage-inline-8bit-counters=1
+; RUN: opt < %s -sancov -sanitizer-coverage-level=1 -sanitizer-coverage-inline-8bit-counters=1  -S | FileCheck %s
+
+target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
+target triple = "x86_64-unknown-linux-gnu"
+define void @foo() {
+entry:
+; CHECK:  %0 = load i8, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @__sancov_gen_, i64 0, i64 0), !nosanitize
+; CHECK:  %1 = add i8 %0, 1
+; CHECK:  store i8 %1, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @__sancov_gen_, i64 0, i64 0), !nosanitize
+  ret void
+}
+; CHECK: call void @__sanitizer_cov_8bit_counters_init(i8* bitcast (i8** @__start___sancov_counters to i8*), i8* bitcast (i8** @__stop___sancov_counters to i8*))
author	Kostya Serebryany <kcc@google.com>
	Thu, 8 Jun 2017 22:58:19 +0000 (22:58 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Thu, 8 Jun 2017 22:58:19 +0000 (22:58 +0000)
include/llvm/Transforms/Instrumentation.h		patch \| blob \| history
lib/Transforms/Instrumentation/SanitizerCoverage.cpp		patch \| blob \| history
test/Instrumentation/SanitizerCoverage/inline-8bit-counters.ll	[new file with mode: 0644]	patch \| blob