Commit Graph

85 Commits

Author SHA1 Message Date
Mike Aizatsky 04897dcc3d [sanitizers] trace buffer API to use user-allocated buffer.
Subscribers: kubabrecka

Differential Revision: https://reviews.llvm.org/D23186

llvm-svn: 277858
2016-08-05 20:09:42 +00:00
Reid Kleckner 9f0ef01197 Reduce coverage PC buffer size on 32-bit Windows to match 32-bit Linux
In r235779, Timur bumped the buffer size up to 1<<27, or about 134
million coverage points, presumably to handle Chrome. We allocate two
arrays of uptrs with this size, and this reliably exhausts all available
address space on 32-bit Windows (2 allocations of 512MB) when ASan is
also enabled.

Let's reduce the buffer size for now to stabilize the test suite. We can
re-evaluate the approach later when we've brought the Chrome ASan
builders back to life.

Kostya said that Mike reduced the number of instrumented coverage points
that LLVM emits by half since Timur made this change, so reducing this
array size should also be safe.

With this change, the 32-bit ASan tests reliably pass for me on Windows
10.

llvm-svn: 277558
2016-08-03 01:19:46 +00:00
Alexey Samsonov 8e3cbde27d [Sanitizer] Introduce ListOfModules object and use it to replace GetListOfModules().
Summary:
This removes the hard limit on the number of loaded modules (used to be
16K), and makes it easier to use LoadedModules w/o causing a memory
leak: ListOfModules owns the modules, and makes sure to properly clean
them in destructor.

Remove filtering functionality that is only needed in one place (LSan).

Reviewers: aizatsky

Subscribers: llvm-commits, kcc

Differential Revision: http://reviews.llvm.org/D17470

llvm-svn: 261554
2016-02-22 18:52:51 +00:00
Mike Aizatsky 635ade9305 [sancov] use GetLoadedModules for list of modules rather than sanitizer's list.
llvm-svn: 261376
2016-02-19 22:55:21 +00:00
Mike Aizatsky 92cbbfcd89 [sancov] improved object files handling.
Updating sancov invocation on html_cov_dump.

sancov change: http://reviews.llvm.org/D17169

Differential Revision: http://reviews.llvm.org/D17171

llvm-svn: 260629
2016-02-12 00:29:24 +00:00
Mike Aizatsky c22e72e6b0 GetArgv returns null on widnows, do not crash
llvm-svn: 259005
2016-01-28 00:31:49 +00:00
Mike Aizatsky 2654299d6a [sanitizers] generating html report on coverage dump
Subscribers: tberghammer, danalbert, srhines

Differential Revision: http://reviews.llvm.org/D16374

llvm-svn: 258999
2016-01-27 23:51:36 +00:00
Mike Aizatsky 7d866cb145 using const instead of constexpr: MSVC troubles
llvm-svn: 258253
2016-01-19 23:46:27 +00:00
Mike Aizatsky dba78e676f [sancov] NFC: simplifying DumpOffsets.
Summary: Extracting GetRangeOffset function before report-on-dump
functionality.

Differential Revision: http://reviews.llvm.org/D16332

llvm-svn: 258211
2016-01-19 22:47:38 +00:00
Mike Aizatsky 54fc6575c5 [sancov] coverage pc buffer
Differential Revision: http://reviews.llvm.org/D15871

llvm-svn: 256804
2016-01-05 01:49:39 +00:00
Kostya Serebryany 6c19d8c2ac [sanitizer coverage] when adding a bb trace instrumentation, do it instead, not in addition to, regular coverage. Do the regular coverage in the run-time instead
llvm-svn: 254483
2015-12-02 02:37:31 +00:00
Kostya Serebryany 673283cc7c [sanitizer coverage] reset global counters in __sanitizer_reset_coverage
llvm-svn: 252815
2015-11-11 22:44:25 +00:00
Dmitry Vyukov e38d3c8f9f sanitizer: speedup coverage by 33%
Atomic RMW is not necessary in InitializeGuardArray.
It is supposed to run when no user code runs.
And if user code runs concurrently, then the atomic
RMW won't help anyway. So replace it with non-atomic RMW.

InitializeGuardArray takes more than 50% of time during re2 fuzzing:

real	0m47.215s
51.56% a.out a.out [.] __sanitizer_reset_coverage

6.68%  a.out  a.out                [.] __sanitizer_cov
3.41%  a.out  a.out                [.] __sanitizer::internal_bzero_aligned16(void*, unsigned long)
1.79%  a.out  a.out                [.] __asan::Allocator::Allocate(unsigned long, unsigned long,
With this change:

real 0m31.661s
26.21% a.out a.out [.] sanitizer_reset_coverage
10.12% a.out a.out [.] sanitizer_cov

5.38%  a.out  a.out                [.] __sanitizer::internal_bzero_aligned16(void*, unsigned long)
2.53%  a.out  a.out                [.] __asan::Allocator::Allocate(unsigned long, unsigned long,
That's 33% speedup.

Reviewed in http://reviews.llvm.org/D14537

llvm-svn: 252715
2015-11-11 09:36:26 +00:00
Kostya Serebryany e3d25c3873 [sanitizer-coverage] introduce __sanitizer_get_total_unique_caller_callee_pairs
llvm-svn: 251071
2015-10-22 22:06:41 +00:00
Vedant Kumar 552c0111f1 [sanitizer_common] Apply modernize-use-nullptr, other minor fixes
- Trim spaces.
- Use nullptr in place of 0 for pointer variables.
- Use '!p' in place of 'p == 0' for null pointer checks.

Patch by Eugene Zelenko!

Differential Revision: http://reviews.llvm.org/D13310

llvm-svn: 248964
2015-09-30 23:52:54 +00:00
Alexey Samsonov ab229c13a6 [Sanitizer] Dump coverage if we're killing the program with __sanitizer::Die().
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a
single place.

This is a re-application of r245770, with slightly different approach
taken.

llvm-svn: 245890
2015-08-24 22:21:47 +00:00
Alexey Samsonov 4369a3f4ad Revert r245770 and r245777.
These changes break both autoconf Mac OS X buildbot (linker errors
due to wrong Makefiles) and CMake buildbot (safestack test failures).

llvm-svn: 245784
2015-08-22 05:15:55 +00:00
Alexey Samsonov 8e38c71cb7 [Sanitizer] Dump coverage if we're killing the program with __sanitizer::Die().
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a single place.

llvm-svn: 245770
2015-08-22 00:28:12 +00:00
Kostya Serebryany 4fca6e8063 [libFuzzer] prepare for __sanitizer_cov_trace_switch in libFuzzer and sanitizer coverage. Also fix pedantic warnings
llvm-svn: 243721
2015-07-31 01:07:12 +00:00
Kostya Serebryany 8fd66a71c4 [asan/fuzzer] define a dummy weak __sanitizer_cov_trace_cmp
llvm-svn: 236907
2015-05-08 21:32:03 +00:00
Evgeniy Stepanov b0707833a1 [asancov] Fix coverage reserving 4x the necessary amount of memory on fork.
llvm-svn: 236294
2015-05-01 00:40:42 +00:00
Timur Iskhodzhanov aac51934cf [ASan/Win] Increase the size of the PC array for coverage on Windows
llvm-svn: 235779
2015-04-24 21:24:51 +00:00
Timur Iskhodzhanov ac990bfcd3 [Sanitizer coverage] Print out the error number if OpenFile fails
llvm-svn: 235593
2015-04-23 13:18:50 +00:00
Timur Iskhodzhanov ea1f332b79 Split Mprotect into MmapNoAccess and MprotectNoAccess to be more portable
On Windows, we have to know if a memory to be protected is mapped or not.
On POSIX, Mprotect was semantically different from mprotect most people know.

llvm-svn: 234602
2015-04-10 15:02:19 +00:00
Timur Iskhodzhanov 007435c1b7 [ASan/Win] Add more support for file operations
llvm-svn: 234494
2015-04-09 15:25:21 +00:00
Timur Iskhodzhanov e8a6fbbfd3 Use WriteToFile instead of internal_write in non-POSIX code
llvm-svn: 234487
2015-04-09 14:11:25 +00:00
Timur Iskhodzhanov 864308a78d Introduce CloseFile to be used instead of internal_close on non-POSIX
llvm-svn: 234481
2015-04-09 12:37:05 +00:00
Timur Iskhodzhanov 1b2ff68408 Replace a hard-coded constant with a named one
llvm-svn: 234479
2015-04-09 12:20:02 +00:00
Timur Iskhodzhanov 3745303c5b Move some POSIX-specific functions from sanitizer_libc.h to a new sanitizer_posix.h
llvm-svn: 234418
2015-04-08 17:08:24 +00:00
Timur Iskhodzhanov daa9e2d4e8 [Sanitizers] Make OpenFile more portable
llvm-svn: 234410
2015-04-08 16:03:22 +00:00
Evgeniy Stepanov e2a8241f84 [sancov] Shrink pc array on Android back to 2**24.
Address space is a lot more constrained on 32-bit Android compared to Linux.

llvm-svn: 234010
2015-04-03 12:59:39 +00:00
Timur Iskhodzhanov ad3ec82bb1 [ASan/Win] Minor improvements towards enabling coverage
llvm-svn: 233918
2015-04-02 14:48:08 +00:00
Alexey Samsonov c4ed548b40 [Sanitizer] Be consistent about separating ==%PID== and logged data.
See https://code.google.com/p/address-sanitizer/issues/detail?id=385.

llvm-svn: 233720
2015-03-31 18:16:42 +00:00
Timur Iskhodzhanov 6c66ad0d75 [Sanitizer RT] Put the Symbolizer module name string ownership in order
Reviewed at http://reviews.llvm.org/D8666

llvm-svn: 233687
2015-03-31 12:50:05 +00:00
Timur Iskhodzhanov 3e8d392e9a [Sanitizers coverage] Minor cleanup: reduce scope and visibility of one method and one variable
llvm-svn: 233212
2015-03-25 20:19:51 +00:00
Kostya Serebryany cd019f3655 [sanitizer] instead of comparing pointers to module_names while initializing coverage do a proper strcmp and strdup. NFC
llvm-svn: 233037
2015-03-23 23:19:13 +00:00
Alexander Potapenko 141e420a81 [ASan] Distinguish between read, write and read-write file access modes in OpenFile.
This is to fix mapping coverage files into memory on OSX.

llvm-svn: 232936
2015-03-23 10:10:46 +00:00
Kostya Serebryany 2d56abacd1 [sanitizer] change the sanitizer coverage format once again, this time adding a magic to the beginning of the file
llvm-svn: 232679
2015-03-18 22:03:39 +00:00
Kostya Serebryany cba49d4b04 [sanitizer] add run-time a flag coverage_order_pcs. When true, the PCs are dumped in the order of their appearance
llvm-svn: 232573
2015-03-18 00:23:44 +00:00
Kostya Serebryany 9f1243ee49 [sanitizer] change the format of coverage dump: instead of always dumping 32-bit offsets dump 32-bit offsets on 32-bit arch and 64-bit offsets on 64-bit arch. Also add the 'bits' parameter to sancov.py. This is a user-visible interface change.
llvm-svn: 232555
2015-03-17 22:09:19 +00:00
Dmitry Vyukov 27c50f4f02 asan: remove left-over code from submitted in rev r232501
__sanitizer_cov_hint is part of a different functionality
and was not intended to be submitted.

llvm-svn: 232506
2015-03-17 17:30:41 +00:00
Dmitry Vyukov 6bd917a31f asan: optimization experiments
The experiments can be used to evaluate potential optimizations that remove
instrumentation (assess false negatives). Instead of completely removing
some instrumentation, you set Exp to a non-zero value (mask of optimization
experiments that want to remove instrumentation of this instruction).
If Exp is non-zero, this pass will emit special calls into runtime
(e.g. __asan_report_exp_load1 instead of __asan_report_load1). These calls
make runtime terminate the program in a special way (with a different
exit status). Then you run the new compiler on a buggy corpus, collect
the special terminations (ideally, you don't see them at all -- no false
negatives) and make the decision on the optimization.

The exact reaction to experiments in runtime is not implemented in this patch.
It will be defined and implemented in a subsequent patch.

http://reviews.llvm.org/D8198

llvm-svn: 232501
2015-03-17 16:59:11 +00:00
Kostya Serebryany 48a4023f40 [sanitizer] fix instrumentation with -mllvm -sanitizer-coverage-block-threshold=0 to actually do something useful.
llvm-svn: 231736
2015-03-10 01:58:27 +00:00
Kostya Serebryany 769ddaa2d4 [sanitizer] Reconstruct the function that dumps block/edge coverage, hopefully making it more robust. Also increase the allowed coverage size on 32-bit.
llvm-svn: 231413
2015-03-05 22:19:25 +00:00
Kostya Serebryany c1d6ab9a1e [sanitizer] add a run-time flag to dump the coverage counter bitset
llvm-svn: 231343
2015-03-05 02:48:51 +00:00
Kostya Serebryany 07aee9c2c6 [sanitizer] when dumping coverage bitset, dump seperate file for every module, instead of dumping a single combined bitset
llvm-svn: 231319
2015-03-04 23:41:55 +00:00
Kostya Serebryany be5e0ed919 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing).
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.

llvm-svn: 231166
2015-03-03 23:27:02 +00:00
Kostya Serebryany 885994618c [sanitizer] when dumping the basic block trace, also dump the module names. Patch by Laszlo Szekeres
llvm-svn: 229940
2015-02-20 00:30:44 +00:00
Kostya Serebryany 77cc729ad7 [sanitizer] add another workaround for PR 17409: when over a threshold emit coverage instrumentation as calls.
llvm-svn: 228102
2015-02-04 01:21:45 +00:00
Viktor Kutuzov 7891c8c173 [Sanitizers] Re-apply the fix ordering initialization of coverage and guard arrays
Original commit: http://reviews.llvm.org/rL226440
Related review: http://reviews.llvm.org/D6892

llvm-svn: 227789
2015-02-02 09:38:10 +00:00