[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-19 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc added a comment.

Please also write a lit test for test/DeepRecursionTest.cpp (e.g. 
test/deep-recursion.test)


Repository:
  rL LLVM

https://reviews.llvm.org/D36839



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-18 Thread Matt Morehouse via Phabricator via cfe-commits 
This revision was automatically updated to reflect the committed changes.
Closed by commit rL311186: [SanitizerCoverage] Add stack depth tracing 
instrumentation. (authored by morehouse).

Changed prior to commit:
  https://reviews.llvm.org/D36839?vs=111570=111718#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D36839

Files:
  cfe/trunk/include/clang/Driver/CC1Options.td
  cfe/trunk/include/clang/Frontend/CodeGenOptions.def
  cfe/trunk/lib/CodeGen/BackendUtil.cpp
  cfe/trunk/lib/Driver/SanitizerArgs.cpp
  cfe/trunk/lib/Frontend/CompilerInvocation.cpp
  cfe/trunk/test/Driver/fsanitize-coverage.c
  
compiler-rt/trunk/test/sanitizer_common/TestCases/sanitizer_coverage_stack_depth.cc
  llvm/trunk/include/llvm/Transforms/Instrumentation.h
  llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp
  llvm/trunk/lib/Fuzzer/FuzzerTracePC.h
  llvm/trunk/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
  llvm/trunk/test/Instrumentation/SanitizerCoverage/stack-depth.ll

Index: llvm/trunk/include/llvm/Transforms/Instrumentation.h
===
--- llvm/trunk/include/llvm/Transforms/Instrumentation.h
+++ llvm/trunk/include/llvm/Transforms/Instrumentation.h
@@ -185,6 +185,7 @@
   bool Inline8bitCounters = false;
   bool PCTable = false;
   bool NoPrune = false;
+  bool StackDepth = false;
 
   SanitizerCoverageOptions() = default;
 };
Index: llvm/trunk/test/Instrumentation/SanitizerCoverage/stack-depth.ll
===
--- llvm/trunk/test/Instrumentation/SanitizerCoverage/stack-depth.ll
+++ llvm/trunk/test/Instrumentation/SanitizerCoverage/stack-depth.ll
@@ -0,0 +1,50 @@
+; This check verifies that stack depth instrumentation works correctly.
+; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
+; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope
+; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
+; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
+; RUN: -S | FileCheck %s --enable-var-scope
+
+target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+; CHECK: @__sancov_lowest_stack = thread_local global i64 -1
+@__sancov_lowest_stack = thread_local global i64 0, align 8
+
+define i32 @foo() {
+entry:
+; CHECK-LABEL: define i32 @foo
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]]
+; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW21__sancov_lowest_stack
+; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]]
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: :[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]]
+; CHECK: ret i32 7
+
+  ret i32 7
+}
+
+define i32 @bar() {
+entry:
+; CHECK-LABEL: define i32 @bar
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]]
+; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW21__sancov_lowest_stack
+; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]]
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: :[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]]
+; CHECK: %call = call i32 @foo()
+; CHECK: ret i32 %call
+
+  %call = call i32 @foo()
+  ret i32 %call
+}
+
+define weak_odr hidden i64* @_ZTW21__sancov_lowest_stack() {
+  ret i64* @__sancov_lowest_stack
+}
Index: llvm/trunk/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
===
--- llvm/trunk/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ llvm/trunk/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -17,12 +17,15 @@
 #include "llvm/Analysis/PostDominators.h"
 #include "llvm/IR/CFG.h"
 #include "llvm/IR/CallSite.h"
+#include "llvm/IR/Constant.h"
 #include "llvm/IR/DataLayout.h"
 #include "llvm/IR/DebugInfo.h"
 #include "llvm/IR/Dominators.h"
 #include "llvm/IR/Function.h"
+#include "llvm/IR/GlobalVariable.h"
 #include "llvm/IR/IRBuilder.h"
 #include "llvm/IR/InlineAsm.h"
+#include "llvm/IR/Intrinsics.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/MDBuilder.h"
 #include "llvm/IR/Module.h"
@@ -73,6 +76,10 @@
 static const char *const SanCovCountersSectionName = "sancov_cntrs";
 static const char *const SanCovPCsSectionName = "sancov_pcs";
 
+static const char *const SanCovLowestStackName = "__sancov_lowest_stack";
+static const char *const SanCovLowestStackTLSWrapperName =
+"_ZTW21__sancov_lowest_stack";
+
 static cl::opt ClCoverageLevel(
 "sanitizer-coverage-level",
 cl::desc("Sanitizer Coverage. 0: none,

[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-17 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka accepted this revision.
vitalybuka added a comment.
This revision is now accepted and ready to land.

LGTM


https://reviews.llvm.org/D36839



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-17 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 111570.
morehouse added a comment.

- Extract shared condition.
- Add ATTRIBUTE_INTERFACE.
- Rename variable to __sancov_lowest_stack.
- Add driver test for -fsanitize-coverage=stack-depth.


https://reviews.llvm.org/D36839

Files:
  clang/include/clang/Driver/CC1Options.td
  clang/include/clang/Frontend/CodeGenOptions.def
  clang/lib/CodeGen/BackendUtil.cpp
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Frontend/CompilerInvocation.cpp
  clang/test/Driver/fsanitize-coverage.c
  compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_stack_depth.cc
  llvm/include/llvm/Transforms/Instrumentation.h
  llvm/lib/Fuzzer/FuzzerTracePC.cpp
  llvm/lib/Fuzzer/FuzzerTracePC.h
  llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
  llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll

Index: llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
===
--- /dev/null
+++ llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
@@ -0,0 +1,50 @@
+; This check verifies that stack depth instrumentation works correctly.
+; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
+; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope
+; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
+; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
+; RUN: -S | FileCheck %s --enable-var-scope
+
+target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+; CHECK: @__sancov_lowest_stack = thread_local global i64 -1
+@__sancov_lowest_stack = thread_local global i64 0, align 8
+
+define i32 @foo() {
+entry:
+; CHECK-LABEL: define i32 @foo
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]]
+; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW21__sancov_lowest_stack
+; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]]
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: :[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]]
+; CHECK: ret i32 7
+
+  ret i32 7
+}
+
+define i32 @bar() {
+entry:
+; CHECK-LABEL: define i32 @bar
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]]
+; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW21__sancov_lowest_stack
+; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]]
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: :[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]]
+; CHECK: %call = call i32 @foo()
+; CHECK: ret i32 %call
+
+  %call = call i32 @foo()
+  ret i32 %call
+}
+
+define weak_odr hidden i64* @_ZTW21__sancov_lowest_stack() {
+  ret i64* @__sancov_lowest_stack
+}
Index: llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
===
--- llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -17,12 +17,15 @@
 #include "llvm/Analysis/PostDominators.h"
 #include "llvm/IR/CFG.h"
 #include "llvm/IR/CallSite.h"
+#include "llvm/IR/Constant.h"
 #include "llvm/IR/DataLayout.h"
 #include "llvm/IR/DebugInfo.h"
 #include "llvm/IR/Dominators.h"
 #include "llvm/IR/Function.h"
+#include "llvm/IR/GlobalVariable.h"
 #include "llvm/IR/IRBuilder.h"
 #include "llvm/IR/InlineAsm.h"
+#include "llvm/IR/Intrinsics.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/MDBuilder.h"
 #include "llvm/IR/Module.h"
@@ -73,6 +76,10 @@
 static const char *const SanCovCountersSectionName = "sancov_cntrs";
 static const char *const SanCovPCsSectionName = "sancov_pcs";
 
+static const char *const SanCovLowestStackName = "__sancov_lowest_stack";
+static const char *const SanCovLowestStackTLSWrapperName =
+"_ZTW21__sancov_lowest_stack";
+
 static cl::opt ClCoverageLevel(
 "sanitizer-coverage-level",
 cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
@@ -119,6 +126,10 @@
   cl::desc("Reduce the number of instrumented blocks"),
   cl::Hidden, cl::init(true));
 
+static cl::opt ClStackDepth("sanitizer-coverage-stack-depth",
+  cl::desc("max stack depth tracing"),
+  cl::Hidden, cl::init(false));
+
 namespace {
 
 SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
@@ -156,9 +167,11 @@
   Options.TracePCGuard |= ClTracePCGuard;
   Options.Inline8bitCounters |= ClInline8bitCounters;
   Options.PCTable |= ClCreatePCTable;
-  if

[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-17 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse added inline comments.



Comment at: llvm/lib/Fuzzer/FuzzerTracePC.cpp:31
 
 ATTRIBUTE_INTERFACE
 uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];

vitalybuka wrote:
> Why this does not need ATTRIBUTE_INTERFACE?
Not sure why it works without it.  Maybe the default build doesn't use 
`-fvisibility=hidden`?  But seems like a good idea to add.



Comment at: llvm/lib/Fuzzer/FuzzerTracePC.cpp:35
+// Used by -fsanitize-coverage=stack-depth to track stack depth
+thread_local uintptr_t __sanitizer_cov_lowest_stack;
+

vitalybuka wrote:
> Should this be __sancov_lowest_stack or even __sancov_stack_depth?
It looks like the current convention is to use `__sancov_*` for variables and 
`__sanitizer_cov_*` for functions.  I'll modify the name here to reflect that.  
I think `__sancov_lowest_stack` would be the more descriptive choice since the 
"lowest stack" gets smaller as the "max stack depth" gets larger.


https://reviews.llvm.org/D36839



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-17 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka added inline comments.



Comment at: clang/lib/Driver/SanitizerArgs.cpp:559
 
   // trace-pc w/o func/bb/edge implies edge.
   if ((CoverageFeatures &

Extract
if (!(CoverageFeatures & InsertionPointTypes)) {


}



Comment at: clang/lib/Driver/SanitizerArgs.cpp:673
 std::make_pair(CoverageTracePCGuard, "-fsanitize-coverage-trace-pc-guard"),
 std::make_pair(CoverageInline8bitCounters, 
"-fsanitize-coverage-inline-8bit-counters"),
 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),

Could you please  add new flag into tools/clang/test/Driver/fsanitize-coverage.c



Comment at: llvm/lib/Fuzzer/FuzzerTracePC.cpp:31
 
 ATTRIBUTE_INTERFACE
 uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];

Why this does not need ATTRIBUTE_INTERFACE?



Comment at: llvm/lib/Fuzzer/FuzzerTracePC.cpp:35
+// Used by -fsanitize-coverage=stack-depth to track stack depth
+thread_local uintptr_t __sanitizer_cov_lowest_stack;
+

Should this be __sancov_lowest_stack or even __sancov_stack_depth?


https://reviews.llvm.org/D36839



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36839: [SanitizerCoverage] Add stack depth tracing instrumentation.

2017-08-17 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse created this revision.
Herald added subscribers: hiraditya, kubamracek.

Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer.  The new instrumentation is enabled by the flag
-fsanitize-coverage=stack-depth and is compatible with the existing
trace-pc-guard coverage.  The user must also declare the following
global variable in their code:

  thread_local uintptr_t __sanitizer_cov_lowest_stack


https://reviews.llvm.org/D36839

Files:
  clang/include/clang/Driver/CC1Options.td
  clang/include/clang/Frontend/CodeGenOptions.def
  clang/lib/CodeGen/BackendUtil.cpp
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Frontend/CompilerInvocation.cpp
  compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_stack_depth.cc
  llvm/include/llvm/Transforms/Instrumentation.h
  llvm/lib/Fuzzer/FuzzerTracePC.cpp
  llvm/lib/Fuzzer/FuzzerTracePC.h
  llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
  llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll

Index: llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
===
--- /dev/null
+++ llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll
@@ -0,0 +1,50 @@
+; This check verifies that stack depth instrumentation works correctly.
+; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
+; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope
+; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
+; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
+; RUN: -S | FileCheck %s --enable-var-scope
+
+target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+; CHECK: @__sanitizer_cov_lowest_stack = thread_local global i64 -1
+@__sanitizer_cov_lowest_stack = thread_local global i64 0, align 8
+
+define i32 @foo() {
+entry:
+; CHECK-LABEL: define i32 @foo
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]]
+; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW28__sanitizer_cov_lowest_stack
+; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]]
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: :[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]]
+; CHECK: ret i32 7
+
+  ret i32 7
+}
+
+define i32 @bar() {
+entry:
+; CHECK-LABEL: define i32 @bar
+; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
+; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]]
+; CHECK: [[lowestPtr:%[^ \t]+]] = call [[$intType]]* @_ZTW28__sanitizer_cov_lowest_stack
+; CHECK: [[lowestInt:%[^ \t]+]] = load [[$intType]], [[$intType]]* [[lowestPtr]]
+; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowestInt]]
+; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
+; CHECK: :[[ifLabel]]:
+; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* [[lowestPtr]]
+; CHECK: %call = call i32 @foo()
+; CHECK: ret i32 %call
+
+  %call = call i32 @foo()
+  ret i32 %call
+}
+
+define weak_odr hidden i64* @_ZTW28__sanitizer_cov_lowest_stack() {
+  ret i64* @__sanitizer_cov_lowest_stack
+}
Index: llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
===
--- llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -17,12 +17,15 @@
 #include "llvm/Analysis/PostDominators.h"
 #include "llvm/IR/CFG.h"
 #include "llvm/IR/CallSite.h"
+#include "llvm/IR/Constant.h"
 #include "llvm/IR/DataLayout.h"
 #include "llvm/IR/DebugInfo.h"
 #include "llvm/IR/Dominators.h"
 #include "llvm/IR/Function.h"
+#include "llvm/IR/GlobalVariable.h"
 #include "llvm/IR/IRBuilder.h"
 #include "llvm/IR/InlineAsm.h"
+#include "llvm/IR/Intrinsics.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/MDBuilder.h"
 #include "llvm/IR/Module.h"
@@ -73,6 +76,10 @@
 static const char *const SanCovCountersSectionName = "sancov_cntrs";
 static const char *const SanCovPCsSectionName = "sancov_pcs";
 
+static const char *const SanCovLowestStackName = "__sanitizer_cov_lowest_stack";
+static const char *const SanCovLowestStackTLSWrapperName =
+"_ZTW28__sanitizer_cov_lowest_stack";
+
 static cl::opt ClCoverageLevel(
 "sanitizer-coverage-level",
 cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
@@ -119,6 +126,10 @@
   cl::desc("Reduce the number of instrumented blocks"),
   cl::Hidden, cl::init(true));
 
+static cl::opt ClStackDepth("sanitizer-coverage-stack-depth",
+  cl::desc("max stack depth tracing"),
+  cl::Hidden, cl::init(false));
+
 namespace {