<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 6/16/2016 2:48 PM, Mehdi Amini via llvm-dev wrote:<br>
<blockquote
cite="mid:254C6ACC-11C6-4A86-9D59-5C8A82BE6FD4@apple.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Jun 16, 2016, at 9:01 AM, TB Schardl via
llvm-dev <<a moz-do-not-send="true"
href="mailto:llvm-dev@lists.llvm.org" class="">llvm-dev@lists.llvm.org</a>>
wrote:</div>
<span
id="docs-internal-guid-34866559-59e2-3d1a-9c9a-13d0f118737f"
class=""></span>
<div class="">
<div dir="ltr" class=""><span
id="docs-internal-guid-34866559-59e2-3d1a-9c9a-13d0f118737f"
class=""><br class="">
<div style="line-height: 1.38; margin-top: 0pt;
margin-bottom: 0pt;" class=""><span style="font-size: 14.6667px; font-family: Arial; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;" class="">The CSI framework inserts instrumentation hooks at salient locations throughout the compiled code of a program-under-test, such as function entry and exit points, basic-block entry and exit points, before and after each memory operation, etc. Tool writers can instrument a program-under-test simply by first writing a library that defines the semantics of relevant hooks</span></div>
<div style="line-height: 1.38; margin-top: 0pt;
margin-bottom: 0pt;" class=""><span style="font-size: 14.6667px; font-family: Arial; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;" class="">and then statically linking their compiled library with the program-under-test.</span></div>
<br class="">
<div style="line-height: 1.38; margin-top: 0pt;
margin-bottom: 0pt;" class=""><span style="font-size: 14.6667px; font-family: Arial; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;" class="">At first glance, this brute-force method of inserting hooks at every salient location in the program-under-test seems to be replete with overheads. CSI overcomes these overheads through the use of link-time-optimization (LTO), which is now readily available in most major compilers, including GCC and LLVM. Using LTO, instrumentation hooks that are not used by a particular tool can be elided, allowing the overheads of these hooks to be avoided when the</span></div>
</span></div>
</div>
</blockquote>
<div><br class="">
</div>
<div>I don't understand this flow: the front-end emits all the
possible instrumentation but the useless calls to the runtime
will be removed during the link?</div>
<div>It means that the final binary is specialized for a given
tool right? What is the advantage of generating this useless
instrumentation in the first place then? I'm missing a piece
here...</div>
<br>
</div>
</blockquote>
Suppose I want to build a production build, and one build for each
of ASAN, MSAN, UBSAN, and TSAN.<br>
<br>
With the current approach, I need to compile my source five
different times, and link five different times.<br>
<br>
With the CSI approach (assuming it was the backing technology behind
the sanitizers), I need to compile twice (once for production, once
for instrumentation), then LTO-link five times. I can reuse my .o
files across the sanitizer types.<br>
<br>
It's possible that the math doesn't really work out in practice if
the cost of the LTO-link dwarfs the compile times.<br>
<pre class="moz-signature" cols="72">--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
</pre>
</body>
</html>