[LLVMdev] asan coverage
Bob Wilson
bob.wilson at apple.com
Tue Feb 18 10:15:48 PST 2014
Our instrumentation code is basically done now, so you can try it out and compare the performance. Just build with -finstr-profile-generate. You may want to hack the compiler-rt code in lib/profile/PGOProfiling.c to disable writing the output, since the current implementation is pretty naive.
If it turns out as you suggest, and the different kinds of instrumentation serve different purposes, then I think it would make sense to do both.
On Feb 18, 2014, at 3:13 AM, Kostya Serebryany <kcc at google.com> wrote:
> Regarding performance, I've made a simple coverage with counters and compared it with AsanCoverage.
>
> AsanCoverage produces code like this:
> mov 0xe86cce(%rip),%al
> test %al,%al
> je 48b4a0 # to call __sanitizer_cov
> ...
> callq 4715b0 <__sanitizer_cov>
>
> A simple counter-based thing (which just increments counters and does nothing else useful) produces this:
> incq 0xe719c6(%rip)
>
> The performance is more or less the same, although the issue with false sharing still remains
> (http://lists.cs.uiuc.edu/pipermail/llvmdev/2013-October/066116.html)
>
> Do you have any more details about the planned clang coverage?
>
> Thanks,
>
> --kcc
>
>
> On Tue, Feb 18, 2014 at 1:00 PM, Kostya Serebryany <kcc at google.com> wrote:
>
>
>
> On Tue, Feb 18, 2014 at 12:20 AM, Bob Wilson <bob.wilson at apple.com> wrote:
>
> On Feb 17, 2014, at 5:13 AM, Kostya Serebryany <kcc at google.com> wrote:
> > Then my question: will there be any objection if I disentangle AsanCoverage from ASan and make it a separate LLVM phase with the proper clang driver support?
> > Or it will be an unwelcome competition with the planned clang coverage?
>
> I don’t view it as a competition, but assuming that we both succeed in our plans, LLVM would then end up with two very similar solutions for code coverage. Does it really make sense to have two?
>
> It depends. If the two will indeed have the same functionality -- then no.
> My understanding about your plans is that the upcoming coverage will provide "counters" (== how many times a bb/edge was executed).
> AsanCoverage produces booleans (== 1, iff a function/bb was executed), which is less information, but faster.
> How much faster -- I can't tell w/o your performance numbers.
> For our early users the performance is critical and booleans are sufficient.
>
> If we end up needing both variants, we may want to keep them similar from user perspective, e.g. have flag combinations like these:
> -coverage=per-edge,counter
> -coverage=per-function,counter
> -coverage=per-block,counter
> -coverage=per-function,boolean
> -coverage=per-block,boolean
>
> --kcc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20140218/11aae340/attachment.html>
More information about the llvm-dev
mailing list