Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"

This reverts r311801 due to a bot failure.

llvm-svn: 311803

[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer

Summary:
- Don't sanitize __sancov_lowest_stack.
- Don't instrument leaf functions.
- Add CoverageStackDepth to Fuzzer and Fuzzer

[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer

Summary:
- Don't sanitize __sancov_lowest_stack.
- Don't instrument leaf functions.
- Add CoverageStackDepth to Fuzzer and FuzzerNoLink.

Reviewers: vitalybuka, kcc

Reviewed By: kcc

Subscribers: cfe-commits, llvm-commits, hiraditya

Differential Revision: https://reviews.llvm.org/D37156

llvm-svn: 311801

show more ...

[sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PC

llvm-svn: 311794

[sanitizer-coverage] Make sure pc-tables aren't dead stripped

Add a reference to the PC array in llvm.used so that linkers that
aggressively dead strip (like ld64) don't remove it.

llvm-svn: 311742

[SanitizerCoverage] Optimize stack-depth instrumentation.

Summary:
Use the initialexec TLS type and eliminate calls to the TLS
wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure.

Reviewe

[SanitizerCoverage] Optimize stack-depth instrumentation.

Summary:
Use the initialexec TLS type and eliminate calls to the TLS
wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure.

Reviewers: vitalybuka, kcc

Reviewed By: kcc

Subscribers: hiraditya, llvm-commits

Differential Revision: https://reviews.llvm.org/D37026

llvm-svn: 311490

show more ...

[SanitizerCoverage] Add stack depth tracing instrumentation.

Summary:
Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer. The new instrumentation is enabled by the

[SanitizerCoverage] Add stack depth tracing instrumentation.

Summary:
Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer. The new instrumentation is enabled by the flag
-fsanitize-coverage=stack-depth and is compatible with the existing
trace-pc-guard coverage. The user must also declare the following
global variable in their code:
thread_local uintptr_t __sancov_lowest_stack

https://bugs.llvm.org/show_bug.cgi?id=33857

Reviewers: vitalybuka, kcc

Reviewed By: vitalybuka

Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits

Differential Revision: https://reviews.llvm.org/D36839

llvm-svn: 311186

show more ...

[sanitizer-coverage] Change cmp instrumentation to distinguish const operands

This implementation of SanitizerCoverage instrumentation inserts different
callbacks depending on constantness of operan

[sanitizer-coverage] Change cmp instrumentation to distinguish const operands

This implementation of SanitizerCoverage instrumentation inserts different
callbacks depending on constantness of operands:

1. If both operands are non-const, then a usual
__sanitizer_cov_trace_cmp[1248] call is inserted.
2. If exactly one operand is const, then a
__sanitizer_cov_trace_const_cmp[1248] call is inserted. The first
argument of the call is always the constant one.
3. If both operands are const, then no callback is inserted.

This separation comes useful in fuzzing when tasks like "find one operand
of the comparison in input arguments and replace it with the other one"
have to be done. The new instrumentation allows us to not waste time on
searching the constant operands in the input.

Patch by Victor Chibotaru.

llvm-svn: 310600

show more ...

[sanitizer-coverage] relax an assertion

llvm-svn: 309644

[sanitizer-coverage] don't instrument available_externally functions

llvm-svn: 309611

[sanitizer-coverage] ensure minimal alignment for coverage counters and guards

llvm-svn: 309610

[sanitizer-coverage] rename sanitizer-coverage-create-pc-table into sanitizer-coverage-pc-table and add plumbing for a clang flag

llvm-svn: 309337

[sanitizer-coverage] add a feature sanitizer-coverage-create-pc-table=1 (works with trace-pc-guard and inline-8bit-counters) that adds a static table of instrumented PCs to be used at run-time

llvm

[sanitizer-coverage] add a feature sanitizer-coverage-create-pc-table=1 (works with trace-pc-guard and inline-8bit-counters) that adds a static table of instrumented PCs to be used at run-time

llvm-svn: 309335

show more ...

[sanitizer-coverage] simplify the code, NFC

llvm-svn: 308944

[sancov] Fix PR33732

Coverage hooks that take less-than-64-bit-integers as parameters need the
zeroext parameter attribute (http://llvm.org/docs/LangRef.html#paramattrs)
to make sure they are proper

[sancov] Fix PR33732

Coverage hooks that take less-than-64-bit-integers as parameters need the
zeroext parameter attribute (http://llvm.org/docs/LangRef.html#paramattrs)
to make sure they are properly extended by the x86_64 ABI.

llvm-svn: 308296

show more ...

Fixing section name for Darwin platforms for sanitizer coverage

On Darwin, section names have a 16char length limit.

llvm-svn: 305429

[sanitizer-coverage] one more flavor of coverage: -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308

[sanitizer-coverage] one more flavor of coverage: -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet. Reapplying revisions 304630, 304631, 304632, 304673, see PR33308

llvm-svn: 305026

show more ...

Revert "[sanitizer-coverage] one more flavor of coverage: -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet."

This reverts commit r304630, as it broke ARM/AArch64 bo

Revert "[sanitizer-coverage] one more flavor of coverage: -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet."

This reverts commit r304630, as it broke ARM/AArch64 bots for 2 days.

llvm-svn: 304698

show more ...

[sanitizer-coverage] one more flavor of coverage: -fsanitize-coverage=inline-8bit-counters. Experimental so far, not documenting yet.

llvm-svn: 304630

[sanitizer-coverage] refactor the code to make it easier to add more sections in future. NFC

llvm-svn: 304610

[sanitizer-coverage] remove stale code (old coverage); llvm part

llvm-svn: 304319

Fix coverage check for full post-dominator basic blocks.

Coverage instrumentation which does not instrument full post-dominators
and full-dominators may skip valid paths, as the reasoning for skippi

Fix coverage check for full post-dominator basic blocks.

Coverage instrumentation which does not instrument full post-dominators
and full-dominators may skip valid paths, as the reasoning for skipping
blocks may become circular.
This patch fixes that, by only skipping
full post-dominators with multiple predecessors, as such predecessors by
definition can not be full-dominators.

llvm-svn: 303827

show more ...

Revert "Disable coverage opt-out for strong postdominator blocks."

This reverts commit 2ed06f05fc10869dd1239cff96fcdea2ee8bf4ef.
Buildbots do not like this on Linux.

llvm-svn: 303710

Disable coverage opt-out for strong postdominator blocks.

Coverage instrumentation has an optimization not to instrument extra
blocks, if the pass is already "accounted for" by a
successor/predecess

Disable coverage opt-out for strong postdominator blocks.

Coverage instrumentation has an optimization not to instrument extra
blocks, if the pass is already "accounted for" by a
successor/predecessor basic block.
However (https://github.com/google/sanitizers/issues/783) this
reasoning may become circular, which stops valid paths from having
coverage.
In the worst case this can cause fuzzing to stop working entirely.

This change simplifies logic to something which trivially can not have
such circular reasoning, as losing valid paths does not seem like a
good trade-off for a ~15% decrease in the # of instrumented basic blocks.

llvm-svn: 303698

show more ...

[sanitizer-coverage] implement -fsanitize-coverage=no-prune,... instead of a hidden -mllvm flag. llvm part.

llvm-svn: 302319

[sanitizer-coverage] remove some more stale code

llvm-svn: 300778