[compiler-rt] r227387 - [sanitizer] allow to reset the bb/edge coverage data inside the process while it is running (single-threaded). Also expose the current coverage set to the process.

Wed Jan 28 15:01:37 PST 2015

On Wed, Jan 28, 2015 at 2:39 PM, Kostya Serebryany <kcc at google.com> wrote:

> Author: kcc
> Date: Wed Jan 28 16:39:44 2015
> New Revision: 227387
>
> URL: http://llvm.org/viewvc/llvm-project?rev=227387&view=rev
> Log:
> [sanitizer] allow to reset the bb/edge coverage data inside the process
> while it is running (single-threaded). Also expose the current coverage set
> to the process.
>
> Added:
>     compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc
> Modified:
>     compiler-rt/trunk/include/sanitizer/common_interface_defs.h
>     compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc
>
> Modified: compiler-rt/trunk/include/sanitizer/common_interface_defs.h
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/include/sanitizer/common_interface_defs.h?rev=227387&r1=227386&r2=227387&view=diff
>
> ==============================================================================
> --- compiler-rt/trunk/include/sanitizer/common_interface_defs.h (original)
> +++ compiler-rt/trunk/include/sanitizer/common_interface_defs.h Wed Jan 28
> 16:39:44 2015
> @@ -74,6 +74,14 @@ extern "C" {
>    // This can be useful for coverage-directed in-process fuzzers.
>    uintptr_t __sanitizer_get_total_unique_coverage();
>
> +  // Reset the basic-block (edge) coverage to the initial state.
> +  // Useful for in-process fuzzing to start collecting coverage from
> scratch.
> +  // Experimental, will likely not work for multi-threaded process.
> +  void __sanitizer_reset_coverage();
> +  // Set *data to the array of covered PCs and return the size of that
> array.
> +  // Some of the entries in *data will be zero.
> +  uintptr_t __sanitizer_get_coverage_guards(uintptr_t **data);
>

^^^
I feel that the number of coverage-related functions is substantial enough
to move them to a dedicated <sanitizer/coverage_interface.h> header.

> +
>    // Annotate the current state of a contiguous container, such as
>    // std::vector, std::string or similar.
>    // A contiguous container is a container that keeps all of its elements
>
> Modified:
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc?rev=227387&r1=227386&r2=227387&view=diff
>
> ==============================================================================
> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc
> (original)
> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_coverage_libcdep.cc
> Wed Jan 28 16:39:44 2015
> @@ -83,6 +83,7 @@ class CoverageData {
>
>    void InitializeGuardArray(s32 *guards);
>    void InitializeGuards(s32 *guards, uptr n);
> +  void ReinitializeGuards();
>
>    uptr *data();
>    uptr size();
> @@ -211,6 +212,13 @@ void CoverageData::Disable() {
>    }
>  }
>
> +void CoverageData::ReinitializeGuards() {
> +  // Assuming single thread.
> +  atomic_store(&pc_array_index, 0, memory_order_relaxed);
> +  for (uptr i = 0; i < guard_array_vec.size(); i++)
> +    InitializeGuardArray(guard_array_vec[i]);
> +}
> +
>  void CoverageData::ReInit() {
>    Disable();
>    if (coverage_enabled) {
> @@ -228,8 +236,7 @@ void CoverageData::ReInit() {
>    // Re-initialize the guards.
>    // We are single-threaded now, no need to grab any lock.
>    CHECK_EQ(atomic_load(&pc_array_index, memory_order_relaxed), 0);
> -  for (uptr i = 0; i < guard_array_vec.size(); i++)
> -    InitializeGuardArray(guard_array_vec[i]);
> +  ReinitializeGuards();
>  }
>
>  void CoverageData::BeforeFork() {
> @@ -689,4 +696,16 @@ SANITIZER_INTERFACE_ATTRIBUTE
>  void __sanitizer_cov_trace_basic_block(s32 *id) {
>    coverage_data.TraceBasicBlock(id);
>  }
> +SANITIZER_INTERFACE_ATTRIBUTE
> +void __sanitizer_reset_coverage() {
> +  coverage_data.ReinitializeGuards();
> +  internal_bzero_aligned16(
> +      coverage_data.data(),
> +      RoundUpTo(coverage_data.size() * sizeof(coverage_data.data()[0]),
> 16));
> +}
> +SANITIZER_INTERFACE_ATTRIBUTE
> +uptr __sanitizer_get_coverage_guards(uptr **data) {
> +  *data = coverage_data.data();
> +  return coverage_data.size();
> +}
>  }  // extern "C"
>
> Added: compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc?rev=227387&view=auto
>
> ==============================================================================
> --- compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc (added)
> +++ compiler-rt/trunk/test/asan/TestCases/Linux/coverage-reset.cc Wed Jan
> 28 16:39:44 2015
> @@ -0,0 +1,52 @@
> +// Test __sanitizer_reset_coverage().
> +
> +// RUN: %clangxx_asan -fsanitize-coverage=1 %s -o %t
> +// RUN: ASAN_OPTIONS=coverage=1 %run %t
> +
> +#include <sanitizer/common_interface_defs.h>
> +#include <stdio.h>
> +#include <assert.h>
> +static volatile int sink;
> +__attribute__((noinline)) void bar() { sink = 2; }
> +__attribute__((noinline)) void foo() { sink = 1; }
> +
> +#define GET_AND_PRINT_COVERAGE()                                       \
> +  bitset = 0;                                                  \
> +  for (size_t i = 0; i < n_guards; i++)                        \
> +    if (guards[i]) bitset |= 1U << i;                          \
> +  printf("line %d: bitset %zd total: %zd\n", __LINE__, bitset, \
> +         __sanitizer_get_total_unique_coverage());
> +
> +#define IS_POWER_OF_TWO(a) ((a & ((a) - 1)) == 0)
> +
> +int main() {
> +  size_t *guards = 0;
> +  size_t bitset;
> +  size_t n_guards = __sanitizer_get_coverage_guards(&guards);
> +
> +  GET_AND_PRINT_COVERAGE();
> +  size_t main_bit = bitset;
> +  assert(IS_POWER_OF_TWO(main_bit));
> +
> +  foo();
> +  GET_AND_PRINT_COVERAGE();
> +  size_t foo_bit = bitset & ~main_bit;
> +  assert(IS_POWER_OF_TWO(foo_bit));
> +
> +  bar();
> +  GET_AND_PRINT_COVERAGE();
> +  size_t bar_bit = bitset & ~(main_bit | foo_bit);
> +  assert(IS_POWER_OF_TWO(bar_bit));
> +
> +  __sanitizer_reset_coverage();
> +  GET_AND_PRINT_COVERAGE();
> +  assert(bitset == 0);
> +
> +  foo();
> +  GET_AND_PRINT_COVERAGE();
> +  assert(bitset == foo_bit);
> +
> +  bar();
> +  GET_AND_PRINT_COVERAGE();
> +  assert(bitset == (foo_bit | bar_bit));
> +}
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>

-- 
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150128/d8385fbc/attachment.html>