Skip to content

[sancov] add -sanitizer-coverage-drop-ctors #137980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 7, 2025
Merged

[sancov] add -sanitizer-coverage-drop-ctors #137980

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1ac6e55
[sancov] add -sanitizer-coverage-drop-ctors
ramosian-glider Apr 30, 2025
a6cd182
Merge branch 'main' into sancov-drop-ctor
ramosian-glider May 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 58 additions & 58 deletions llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,11 @@ static cl::opt<bool>
cl::desc("increments 8-bit counter for every edge"),
cl::Hidden);

static cl::opt<bool>
ClSancovDropCtors("sanitizer-coverage-drop-ctors",
cl::desc("do not emit module ctors for global counters"),
cl::Hidden);

static cl::opt<bool>
ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag",
cl::desc("sets a boolean flag for every edge"),
Expand Down Expand Up @@ -298,11 +303,11 @@ class ModuleSanitizerCoverage {
LLVMContext *C;
const DataLayout *DL;

GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
GlobalVariable *FunctionBoolArray; // for inline-bool-flag.
GlobalVariable *FunctionPCsArray; // for pc-table.
GlobalVariable *FunctionCFsArray; // for control flow table
GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
GlobalVariable *FunctionBoolArray; // for inline-bool-flag.
GlobalVariable *FunctionPCsArray; // for pc-table.
GlobalVariable *FunctionCFsArray; // for control flow table
SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;

Expand Down Expand Up @@ -346,13 +351,11 @@ ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
GlobalValue::LinkageTypes Linkage = TargetTriple.isOSBinFormatCOFF()
? GlobalVariable::ExternalLinkage
: GlobalVariable::ExternalWeakLinkage;
GlobalVariable *SecStart =
new GlobalVariable(M, Ty, false, Linkage, nullptr,
getSectionStart(Section));
GlobalVariable *SecStart = new GlobalVariable(M, Ty, false, Linkage, nullptr,
getSectionStart(Section));
SecStart->setVisibility(GlobalValue::HiddenVisibility);
GlobalVariable *SecEnd =
new GlobalVariable(M, Ty, false, Linkage, nullptr,
getSectionEnd(Section));
GlobalVariable *SecEnd = new GlobalVariable(M, Ty, false, Linkage, nullptr,
getSectionEnd(Section));
SecEnd->setVisibility(GlobalValue::HiddenVisibility);
IRBuilder<> IRB(M.getContext());
if (!TargetTriple.isOSBinFormatCOFF())
Expand All @@ -368,6 +371,8 @@ ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
Function *ModuleSanitizerCoverage::CreateInitCallsForSections(
Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty,
const char *Section) {
if (ClSancovDropCtors)
return nullptr;
auto SecStartEnd = CreateSecStartEnd(M, Section, Ty);
auto SecStart = SecStartEnd.first;
auto SecEnd = SecStartEnd.second;
Expand Down Expand Up @@ -457,25 +462,16 @@ bool ModuleSanitizerCoverage::instrumentModule() {

// Loads.
SanCovLoadFunction[0] = M.getOrInsertFunction(SanCovLoad1, VoidTy, PtrTy);
SanCovLoadFunction[1] =
M.getOrInsertFunction(SanCovLoad2, VoidTy, PtrTy);
SanCovLoadFunction[2] =
M.getOrInsertFunction(SanCovLoad4, VoidTy, PtrTy);
SanCovLoadFunction[3] =
M.getOrInsertFunction(SanCovLoad8, VoidTy, PtrTy);
SanCovLoadFunction[4] =
M.getOrInsertFunction(SanCovLoad16, VoidTy, PtrTy);
SanCovLoadFunction[1] = M.getOrInsertFunction(SanCovLoad2, VoidTy, PtrTy);
SanCovLoadFunction[2] = M.getOrInsertFunction(SanCovLoad4, VoidTy, PtrTy);
SanCovLoadFunction[3] = M.getOrInsertFunction(SanCovLoad8, VoidTy, PtrTy);
SanCovLoadFunction[4] = M.getOrInsertFunction(SanCovLoad16, VoidTy, PtrTy);
// Stores.
SanCovStoreFunction[0] =
M.getOrInsertFunction(SanCovStore1, VoidTy, PtrTy);
SanCovStoreFunction[1] =
M.getOrInsertFunction(SanCovStore2, VoidTy, PtrTy);
SanCovStoreFunction[2] =
M.getOrInsertFunction(SanCovStore4, VoidTy, PtrTy);
SanCovStoreFunction[3] =
M.getOrInsertFunction(SanCovStore8, VoidTy, PtrTy);
SanCovStoreFunction[4] =
M.getOrInsertFunction(SanCovStore16, VoidTy, PtrTy);
SanCovStoreFunction[0] = M.getOrInsertFunction(SanCovStore1, VoidTy, PtrTy);
SanCovStoreFunction[1] = M.getOrInsertFunction(SanCovStore2, VoidTy, PtrTy);
SanCovStoreFunction[2] = M.getOrInsertFunction(SanCovStore4, VoidTy, PtrTy);
SanCovStoreFunction[3] = M.getOrInsertFunction(SanCovStore8, VoidTy, PtrTy);
SanCovStoreFunction[4] = M.getOrInsertFunction(SanCovStore16, VoidTy, PtrTy);

{
AttributeList AL;
Expand Down Expand Up @@ -547,16 +543,16 @@ bool ModuleSanitizerCoverage::instrumentModule() {
}
if (Ctor && Options.PCTable) {
auto SecStartEnd = CreateSecStartEnd(M, SanCovPCsSectionName, IntptrTy);
FunctionCallee InitFunction = declareSanitizerInitFunction(
M, SanCovPCsInitName, {PtrTy, PtrTy});
FunctionCallee InitFunction =
declareSanitizerInitFunction(M, SanCovPCsInitName, {PtrTy, PtrTy});
IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
}

if (Ctor && Options.CollectControlFlow) {
auto SecStartEnd = CreateSecStartEnd(M, SanCovCFsSectionName, IntptrTy);
FunctionCallee InitFunction = declareSanitizerInitFunction(
M, SanCovCFsInitName, {PtrTy, PtrTy});
FunctionCallee InitFunction =
declareSanitizerInitFunction(M, SanCovCFsInitName, {PtrTy, PtrTy});
IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
}
Expand Down Expand Up @@ -613,8 +609,8 @@ static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,

// Do not instrument full dominators, or full post-dominators with multiple
// predecessors.
return !isFullDominator(BB, DT)
&& !(isFullPostDominator(BB, PDT) && !BB->getSinglePredecessor());
return !isFullDominator(BB, DT) &&
!(isFullPostDominator(BB, PDT) && !BB->getSinglePredecessor());
}

// Returns true iff From->To is a backedge.
Expand Down Expand Up @@ -789,16 +785,16 @@ ModuleSanitizerCoverage::CreatePCArray(Function &F,
for (size_t i = 0; i < N; i++) {
if (&F.getEntryBlock() == AllBlocks[i]) {
PCs.push_back((Constant *)IRB.CreatePointerCast(&F, PtrTy));
PCs.push_back((Constant *)IRB.CreateIntToPtr(
ConstantInt::get(IntptrTy, 1), PtrTy));
PCs.push_back(
(Constant *)IRB.CreateIntToPtr(ConstantInt::get(IntptrTy, 1), PtrTy));
} else {
PCs.push_back((Constant *)IRB.CreatePointerCast(
BlockAddress::get(AllBlocks[i]), PtrTy));
PCs.push_back(Constant::getNullValue(PtrTy));
}
}
auto *PCArray = CreateFunctionLocalArrayInSection(N * 2, F, PtrTy,
SanCovPCsSectionName);
auto *PCArray =
CreateFunctionLocalArrayInSection(N * 2, F, PtrTy, SanCovPCsSectionName);
PCArray->setInitializer(
ConstantArray::get(ArrayType::get(PtrTy, N * 2), PCs));
PCArray->setConstant(true);
Expand Down Expand Up @@ -853,7 +849,8 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function &F,
ArrayRef<BasicBlock *> AllBlocks,
Value *&FunctionGateCmp,
bool IsLeafFunc) {
if (AllBlocks.empty()) return false;
if (AllBlocks.empty())
return false;
CreateFunctionLocalArrays(F, AllBlocks);
for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
InjectCoverageAtBlock(F, *AllBlocks[i], i, FunctionGateCmp, IsLeafFunc);
Expand Down Expand Up @@ -936,13 +933,14 @@ void ModuleSanitizerCoverage::InjectTraceForDiv(
for (auto *BO : DivTraceTargets) {
InstrumentationIRBuilder IRB(BO);
Value *A1 = BO->getOperand(1);
if (isa<ConstantInt>(A1)) continue;
if (isa<ConstantInt>(A1))
continue;
if (!A1->getType()->isIntegerTy())
continue;
uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
int CallbackIdx = TypeSize == 32 ? 0 :
TypeSize == 64 ? 1 : -1;
if (CallbackIdx < 0) continue;
int CallbackIdx = TypeSize == 32 ? 0 : TypeSize == 64 ? 1 : -1;
if (CallbackIdx < 0)
continue;
auto Ty = Type::getIntNTy(*C, TypeSize);
IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx],
{IRB.CreateIntCast(A1, Ty, true)});
Expand Down Expand Up @@ -1000,17 +998,20 @@ void ModuleSanitizerCoverage::InjectTraceForCmp(
if (!A0->getType()->isIntegerTy())
continue;
uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType());
int CallbackIdx = TypeSize == 8 ? 0 :
TypeSize == 16 ? 1 :
TypeSize == 32 ? 2 :
TypeSize == 64 ? 3 : -1;
if (CallbackIdx < 0) continue;
int CallbackIdx = TypeSize == 8 ? 0
: TypeSize == 16 ? 1
: TypeSize == 32 ? 2
: TypeSize == 64 ? 3
: -1;
if (CallbackIdx < 0)
continue;
// __sanitizer_cov_trace_cmp((type_size << 32) | predicate, A0, A1);
auto CallbackFunc = SanCovTraceCmpFunction[CallbackIdx];
bool FirstIsConst = isa<ConstantInt>(A0);
bool SecondIsConst = isa<ConstantInt>(A1);
// If both are const, then we don't need such a comparison.
if (FirstIsConst && SecondIsConst) continue;
if (FirstIsConst && SecondIsConst)
continue;
// If only one is const, then make it the first callback argument.
if (FirstIsConst || SecondIsConst) {
CallbackFunc = SanCovTraceConstCmpFunction[CallbackIdx];
Expand Down Expand Up @@ -1192,13 +1193,13 @@ void ModuleSanitizerCoverage::createFunctionControlFlow(Function &F) {
if (&BB == &F.getEntryBlock())
CFs.push_back((Constant *)IRB.CreatePointerCast(&F, PtrTy));
else
CFs.push_back((Constant *)IRB.CreatePointerCast(BlockAddress::get(&BB),
PtrTy));
CFs.push_back(
(Constant *)IRB.CreatePointerCast(BlockAddress::get(&BB), PtrTy));

for (auto SuccBB : successors(&BB)) {
assert(SuccBB != &F.getEntryBlock());
CFs.push_back((Constant *)IRB.CreatePointerCast(BlockAddress::get(SuccBB),
PtrTy));
CFs.push_back(
(Constant *)IRB.CreatePointerCast(BlockAddress::get(SuccBB), PtrTy));
}

CFs.push_back((Constant *)Constant::getNullValue(PtrTy));
Expand All @@ -1212,17 +1213,16 @@ void ModuleSanitizerCoverage::createFunctionControlFlow(Function &F) {
} else {
auto CalledF = CB->getCalledFunction();
if (CalledF && !CalledF->isIntrinsic())
CFs.push_back(
(Constant *)IRB.CreatePointerCast(CalledF, PtrTy));
CFs.push_back((Constant *)IRB.CreatePointerCast(CalledF, PtrTy));
}
}
}

CFs.push_back((Constant *)Constant::getNullValue(PtrTy));
}

FunctionCFsArray = CreateFunctionLocalArrayInSection(
CFs.size(), F, PtrTy, SanCovCFsSectionName);
FunctionCFsArray = CreateFunctionLocalArrayInSection(CFs.size(), F, PtrTy,
SanCovCFsSectionName);
FunctionCFsArray->setInitializer(
ConstantArray::get(ArrayType::get(PtrTy, CFs.size()), CFs));
FunctionCFsArray->setConstant(true);
Expand Down
13 changes: 7 additions & 6 deletions llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard.ll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -mtriple=x86_64 -S | FileCheck %s --check-prefixes=CHECK,COMDAT,ELF
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -mtriple=x86_64 -S | FileCheck %s --check-prefixes=CHECK,CHECK-CTOR,COMDAT,ELF,ELF-CTOR
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -sanitizer-coverage-drop-ctors=1 -mtriple=x86_64 -S | FileCheck %s --check-prefixes=CHECK,COMDAT,ELF

; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -mtriple=aarch64-apple-darwin -S | FileCheck %s --check-prefixes=CHECK,MACHO
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -mtriple=aarch64-apple-darwin -S | FileCheck %s --check-prefixes=CHECK,CHECK-CTOR,MACHO

; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -mtriple=x86_64-windows -S | FileCheck %s --check-prefixes=CHECK,COMDAT,WIN
; RUN: opt < %s -passes='module(sancov-module)' -sanitizer-coverage-level=4 -sanitizer-coverage-trace-pc-guard -mtriple=x86_64-windows -S | FileCheck %s --check-prefixes=CHECK,CHECK-CTOR,COMDAT,WIN

; COMDAT: $foo = comdat nodeduplicate
; COMDAT: $CallViaVptr = comdat nodeduplicate
Expand All @@ -20,7 +21,7 @@
; WIN-NEXT: @__sancov_gen_.1 = private global [1 x i32] zeroinitializer, section ".SCOV$GM", comdat($CallViaVptr), align 4{{$}}
; WIN-NEXT: @__sancov_gen_.2 = private global [1 x i32] zeroinitializer, section ".SCOV$GM", comdat($DirectBitcastCall), align 4{{$}}

; ELF: @llvm.used = appending global [1 x ptr] [ptr @sancov.module_ctor_trace_pc_guard]
; ELF-CTOR: @llvm.used = appending global [1 x ptr] [ptr @sancov.module_ctor_trace_pc_guard]
; ELF: @llvm.compiler.used = appending global [3 x ptr] [ptr @__sancov_gen_, ptr @__sancov_gen_.1, ptr @__sancov_gen_.2], section "llvm.metadata"
; MACHO: @llvm.used = appending global [4 x ptr] [ptr @sancov.module_ctor_trace_pc_guard, ptr @__sancov_gen_, ptr @__sancov_gen_.1, ptr @__sancov_gen_.2]
; MACHO-NOT: @llvm.compiler.used =
Expand Down Expand Up @@ -73,7 +74,7 @@ define void @DirectBitcastCall() sanitize_address {
ret void
}

; ELF-LABEL: define internal void @sancov.module_ctor_trace_pc_guard() #2 comdat {
; ELF-CTOR-LABEL: define internal void @sancov.module_ctor_trace_pc_guard() #2 comdat {
; MACHO-LABEL: define internal void @sancov.module_ctor_trace_pc_guard() #2 {

; CHECK: attributes #2 = { nounwind }
; CHECK-CTOR: attributes #2 = { nounwind }
Loading