llvm.org GIT mirror llvm / cd698b8
Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer" This reverts r311801 due to a bot failure. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@311803 91177308-0d34-0410-b5e6-96231b3b80d8 Matt Morehouse 2 years ago
2 changed file(s) with 24 addition(s) and 31 deletion(s). Raw diff Collapse all Expand all
2424 #include "llvm/IR/GlobalVariable.h"
2525 #include "llvm/IR/IRBuilder.h"
2626 #include "llvm/IR/InlineAsm.h"
27 #include "llvm/IR/IntrinsicInst.h"
2827 #include "llvm/IR/Intrinsics.h"
2928 #include "llvm/IR/LLVMContext.h"
3029 #include "llvm/IR/MDBuilder.h"
200199 ArrayRef GepTraceTargets);
201200 void InjectTraceForSwitch(Function &F,
202201 ArrayRef SwitchTraceTargets);
203 bool InjectCoverage(Function &F, ArrayRef AllBlocks,
204 bool IsLeafFunc = true);
202 bool InjectCoverage(Function &F, ArrayRef AllBlocks);
205203 GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
206204 Function &F, Type *Ty,
207205 const char *Section);
208206 void CreateFunctionLocalArrays(Function &F, ArrayRef AllBlocks);
209207 void CreatePCArray(Function &F, ArrayRef AllBlocks);
210 void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
211 bool IsLeafFunc = true);
208 void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx);
212209 Function *CreateInitCallsForSections(Module &M, const char *InitFunctionName,
213210 Type *Ty, const char *Section);
214211 std::pair
493490 &getAnalysis(F).getDomTree();
494491 const PostDominatorTree *PDT =
495492 &getAnalysis(F).getPostDomTree();
496 bool IsLeafFunc = true;
497493
498494 for (auto &BB : F) {
499495 if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
518514 if (Options.TraceGep)
519515 if (GetElementPtrInst *GEP = dyn_cast(&Inst))
520516 GepTraceTargets.push_back(GEP);
521 if (Options.StackDepth)
522 if (isa(Inst) ||
523 (isa(Inst) && !isa(Inst)))
524 IsLeafFunc = false;
525 }
526 }
527
528 InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
517 }
518 }
519
520 InjectCoverage(F, BlocksToInstrument);
529521 InjectCoverageForIndirectCalls(F, IndirCalls);
530522 InjectTraceForCmp(F, CmpTraceTargets);
531523 InjectTraceForSwitch(F, SwitchTraceTargets);
590582 }
591583
592584 bool SanitizerCoverageModule::InjectCoverage(Function &F,
593 ArrayRef AllBlocks,
594 bool IsLeafFunc) {
585 ArrayRef AllBlocks) {
595586 if (AllBlocks.empty()) return false;
596587 CreateFunctionLocalArrays(F, AllBlocks);
597588 for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
598 InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
589 InjectCoverageAtBlock(F, *AllBlocks[i], i);
599590 return true;
600591 }
601592
729720 }
730721
731722 void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
732 size_t Idx,
733 bool IsLeafFunc) {
723 size_t Idx) {
734724 BasicBlock::iterator IP = BB.getFirstInsertionPt();
735725 bool IsEntryBB = &BB == &F.getEntryBlock();
736726 DebugLoc EntryLoc;
769759 SetNoSanitizeMetadata(Load);
770760 SetNoSanitizeMetadata(Store);
771761 }
772 if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
762 if (Options.StackDepth && IsEntryBB) {
773763 // Check stack depth. If it's the deepest so far, record it.
774764 Function *GetFrameAddr =
775765 Intrinsic::getDeclaration(F.getParent(), Intrinsic::frameaddress);
780770 auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
781771 auto ThenTerm = SplitBlockAndInsertIfThen(IsStackLower, &*IP, false);
782772 IRBuilder<> ThenIRB(ThenTerm);
783 auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
784 SetNoSanitizeMetadata(LowestStack);
785 SetNoSanitizeMetadata(Store);
773 ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
786774 }
787775 }
788776
0 ; This check verifies that stack depth instrumentation works correctly.
11 ; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
2 ; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s
2 ; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope
33 ; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
44 ; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
5 ; RUN: -S | FileCheck %s
5 ; RUN: -S | FileCheck %s --enable-var-scope
66
77 target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
88 target triple = "x86_64-unknown-linux-gnu"
1313 define i32 @foo() {
1414 entry:
1515 ; CHECK-LABEL: define i32 @foo
16 ; CHECK-NOT: call i8* @llvm.frameaddress(i32 0)
17 ; CHECK-NOT: @__sancov_lowest_stack
16 ; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
17 ; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]]
18 ; CHECK: [[lowest:%[^ \t]+]] = load [[$intType]], [[$intType]]* @__sancov_lowest_stack
19 ; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowest]]
20 ; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
21 ; CHECK:
22 ; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* @__sancov_lowest_stack
1823 ; CHECK: ret i32 7
1924
2025 ret i32 7
2429 entry:
2530 ; CHECK-LABEL: define i32 @bar
2631 ; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
27 ; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[intType:i[0-9]+]]
28 ; CHECK: [[lowest:%[^ \t]+]] = load [[intType]], [[intType]]* @__sancov_lowest_stack
29 ; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[intType]] [[frameInt]], [[lowest]]
32 ; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]]
33 ; CHECK: [[lowest:%[^ \t]+]] = load [[$intType]], [[$intType]]* @__sancov_lowest_stack
34 ; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowest]]
3035 ; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
3136 ; CHECK:
32 ; CHECK: store [[intType]] [[frameInt]], [[intType]]* @__sancov_lowest_stack
37 ; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* @__sancov_lowest_stack
3338 ; CHECK: %call = call i32 @foo()
3439 ; CHECK: ret i32 %call
3540