[compiler-rt] r227387 - [sanitizer] allow to reset the bb/edge coverage data inside the process while it is running (single-threaded). Also expose the current coverage set to the process.
Kostya Serebryany
kcc at google.com
Wed Jan 28 14:39:44 PST 2015
Author: kcc
Date: Wed Jan 28 16:39:44 2015
New Revision: 227387
URL: http://llvm.org/viewvc/llvm-project?rev=227387&view=rev
Log:
[sanitizer] allow to reset the bb/edge coverage data inside the process while it is running (single-threaded). Also expose the current coverage set to the process.
Added:
compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc
Modified:
compiler-rt/trunk/include/sanitizer/common_interface_defs.h
compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc
Modified: compiler-rt/trunk/include/sanitizer/common_interface_defs.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/include/sanitizer/common_interface_defs.h?rev=227387&r1=227386&r2=227387&view=diff
==============================================================================
--- compiler-rt/trunk/include/sanitizer/common_interface_defs.h (original)
+++ compiler-rt/trunk/include/sanitizer/common_interface_defs.h Wed Jan 28 16:39:44 2015
@@ -74,6 +74,14 @@ extern "C" {
// This can be useful for coverage-directed in-process fuzzers.
uintptr_t __sanitizer_get_total_unique_coverage();
+ // Reset the basic-block (edge) coverage to the initial state.
+ // Useful for in-process fuzzing to start collecting coverage from scratch.
+ // Experimental, will likely not work for multi-threaded process.
+ void __sanitizer_reset_coverage();
+ // Set *data to the array of covered PCs and return the size of that array.
+ // Some of the entries in *data will be zero.
+ uintptr_t __sanitizer_get_coverage_guards(uintptr_t **data);
+
// Annotate the current state of a contiguous container, such as
// std::vector, std::string or similar.
// A contiguous container is a container that keeps all of its elements
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc?rev=227387&r1=227386&r2=227387&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc Wed Jan 28 16:39:44 2015
@@ -83,6 +83,7 @@ class CoverageData {
void InitializeGuardArray(s32 *guards);
void InitializeGuards(s32 *guards, uptr n);
+ void ReinitializeGuards();
uptr *data();
uptr size();
@@ -211,6 +212,13 @@ void CoverageData::Disable() {
}
}
+void CoverageData::ReinitializeGuards() {
+ // Assuming single thread.
+ atomic_store(&pc_array_index, 0, memory_order_relaxed);
+ for (uptr i = 0; i < guard_array_vec.size(); i++)
+ InitializeGuardArray(guard_array_vec[i]);
+}
+
void CoverageData::ReInit() {
Disable();
if (coverage_enabled) {
@@ -228,8 +236,7 @@ void CoverageData::ReInit() {
// Re-initialize the guards.
// We are single-threaded now, no need to grab any lock.
CHECK_EQ(atomic_load(&pc_array_index, memory_order_relaxed), 0);
- for (uptr i = 0; i < guard_array_vec.size(); i++)
- InitializeGuardArray(guard_array_vec[i]);
+ ReinitializeGuards();
}
void CoverageData::BeforeFork() {
@@ -689,4 +696,16 @@ SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_cov_trace_basic_block(s32 *id) {
coverage_data.TraceBasicBlock(id);
}
+SANITIZER_INTERFACE_ATTRIBUTE
+void __sanitizer_reset_coverage() {
+ coverage_data.ReinitializeGuards();
+ internal_bzero_aligned16(
+ coverage_data.data(),
+ RoundUpTo(coverage_data.size() * sizeof(coverage_data.data()[0]), 16));
+}
+SANITIZER_INTERFACE_ATTRIBUTE
+uptr __sanitizer_get_coverage_guards(uptr **data) {
+ *data = coverage_data.data();
+ return coverage_data.size();
+}
} // extern "C"
Added: compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc?rev=227387&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc Wed Jan 28 16:39:44 2015
@@ -0,0 +1,52 @@
+// Test __sanitizer_reset_coverage().
+
+// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
+// RUN: ASAN_OPTIONS=coverage=1 %run %t
+
+#include <sanitizer/common_interface_defs.h>
+#include <stdio.h>
+#include <assert.h>
+static volatile int sink;
+__attribute__((noinline)) void bar() { sink = 2; }
+__attribute__((noinline)) void foo() { sink = 1; }
+
+#define GET_AND_PRINT_COVERAGE() \
+ bitset = 0; \
+ for (size_t i = 0; i < n_guards; i++) \
+ if (guards[i]) bitset |= 1U << i; \
+ printf("line %d: bitset %zd total: %zd\n", __LINE__, bitset, \
+ __sanitizer_get_total_unique_coverage());
+
+#define IS_POWER_OF_TWO(a) ((a & ((a) - 1)) == 0)
+
+int main() {
+ size_t *guards = 0;
+ size_t bitset;
+ size_t n_guards = __sanitizer_get_coverage_guards(&guards);
+
+ GET_AND_PRINT_COVERAGE();
+ size_t main_bit = bitset;
+ assert(IS_POWER_OF_TWO(main_bit));
+
+ foo();
+ GET_AND_PRINT_COVERAGE();
+ size_t foo_bit = bitset & ~main_bit;
+ assert(IS_POWER_OF_TWO(foo_bit));
+
+ bar();
+ GET_AND_PRINT_COVERAGE();
+ size_t bar_bit = bitset & ~(main_bit | foo_bit);
+ assert(IS_POWER_OF_TWO(bar_bit));
+
+ __sanitizer_reset_coverage();
+ GET_AND_PRINT_COVERAGE();
+ assert(bitset == 0);
+
+ foo();
+ GET_AND_PRINT_COVERAGE();
+ assert(bitset == foo_bit);
+
+ bar();
+ GET_AND_PRINT_COVERAGE();
+ assert(bitset == (foo_bit | bar_bit));
+}
More information about the llvm-commits
mailing list