LLVM  13.0.0git
SanitizerCoverage.cpp
Go to the documentation of this file.
1 //===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Coverage instrumentation done on LLVM IR level, works with Sanitizers.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
14 #include "llvm/ADT/ArrayRef.h"
15 #include "llvm/ADT/SmallVector.h"
16 #include "llvm/Analysis/EHPersonalities.h"
17 #include "llvm/Analysis/PostDominators.h"
18 #include "llvm/IR/CFG.h"
19 #include "llvm/IR/Constant.h"
20 #include "llvm/IR/DataLayout.h"
21 #include "llvm/IR/DebugInfo.h"
22 #include "llvm/IR/Dominators.h"
23 #include "llvm/IR/Function.h"
24 #include "llvm/IR/GlobalVariable.h"
25 #include "llvm/IR/IRBuilder.h"
26 #include "llvm/IR/InlineAsm.h"
27 #include "llvm/IR/IntrinsicInst.h"
28 #include "llvm/IR/Intrinsics.h"
29 #include "llvm/IR/LLVMContext.h"
30 #include "llvm/IR/MDBuilder.h"
31 #include "llvm/IR/Mangler.h"
32 #include "llvm/IR/Module.h"
33 #include "llvm/IR/Type.h"
34 #include "llvm/InitializePasses.h"
35 #include "llvm/Support/CommandLine.h"
36 #include "llvm/Support/Debug.h"
37 #include "llvm/Support/SpecialCaseList.h"
38 #include "llvm/Support/VirtualFileSystem.h"
39 #include "llvm/Support/raw_ostream.h"
40 #include "llvm/Transforms/Instrumentation.h"
41 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
42 #include "llvm/Transforms/Utils/ModuleUtils.h"
43 
44 using namespace llvm;
45 
46 #define DEBUG_TYPE "sancov"
47 
48 const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir";
49 const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc";
50 const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1";
51 const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2";
52 const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4";
53 const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8";
54 const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1";
55 const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2";
56 const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4";
57 const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8";
58 const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4";
59 const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8";
60 const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep";
61 const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch";
62 const char SanCovModuleCtorTracePcGuardName[] =
63  "sancov.module_ctor_trace_pc_guard";
64 const char SanCovModuleCtor8bitCountersName[] =
65  "sancov.module_ctor_8bit_counters";
66 const char SanCovModuleCtorBoolFlagName[] = "sancov.module_ctor_bool_flag";
67 static const uint64_t SanCtorAndDtorPriority = 2;
68 
69 const char SanCovTracePCGuardName[] = "__sanitizer_cov_trace_pc_guard";
70 const char SanCovTracePCGuardInitName[] = "__sanitizer_cov_trace_pc_guard_init";
71 const char SanCov8bitCountersInitName[] = "__sanitizer_cov_8bit_counters_init";
72 const char SanCovBoolFlagInitName[] = "__sanitizer_cov_bool_flag_init";
73 const char SanCovPCsInitName[] = "__sanitizer_cov_pcs_init";
74 
75 const char SanCovGuardsSectionName[] = "sancov_guards";
76 const char SanCovCountersSectionName[] = "sancov_cntrs";
77 const char SanCovBoolFlagSectionName[] = "sancov_bools";
78 const char SanCovPCsSectionName[] = "sancov_pcs";
79 
80 const char SanCovLowestStackName[] = "__sancov_lowest_stack";
81 
82 static cl::opt<int> ClCoverageLevel(
83  "sanitizer-coverage-level",
84  cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
85  "3: all blocks and critical edges"),
86  cl::Hidden, cl::init(0));
87 
88 static cl::opt<bool> ClTracePC("sanitizer-coverage-trace-pc",
89  cl::desc("Experimental pc tracing"), cl::Hidden,
90  cl::init(false));
91 
92 static cl::opt<bool> ClTracePCGuard("sanitizer-coverage-trace-pc-guard",
93  cl::desc("pc tracing with a guard"),
94  cl::Hidden, cl::init(false));
95 
96 // If true, we create a global variable that contains PCs of all instrumented
97 // BBs, put this global into a named section, and pass this section's bounds
98 // to __sanitizer_cov_pcs_init.
99 // This way the coverage instrumentation does not need to acquire the PCs
100 // at run-time. Works with trace-pc-guard, inline-8bit-counters, and
101 // inline-bool-flag.
102 static cl::opt<bool> ClCreatePCTable("sanitizer-coverage-pc-table",
103  cl::desc("create a static PC table"),
104  cl::Hidden, cl::init(false));
105 
106 static cl::opt<bool>
107  ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters",
108  cl::desc("increments 8-bit counter for every edge"),
109  cl::Hidden, cl::init(false));
110 
111 static cl::opt<bool>
112  ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag",
113  cl::desc("sets a boolean flag for every edge"), cl::Hidden,
114  cl::init(false));
115 
116 static cl::opt<bool>
117  ClCMPTracing("sanitizer-coverage-trace-compares",
118  cl::desc("Tracing of CMP and similar instructions"),
119  cl::Hidden, cl::init(false));
120 
121 static cl::opt<bool> ClDIVTracing("sanitizer-coverage-trace-divs",
122  cl::desc("Tracing of DIV instructions"),
123  cl::Hidden, cl::init(false));
124 
125 static cl::opt<bool> ClGEPTracing("sanitizer-coverage-trace-geps",
126  cl::desc("Tracing of GEP instructions"),
127  cl::Hidden, cl::init(false));
128 
129 static cl::opt<bool>
130  ClPruneBlocks("sanitizer-coverage-prune-blocks",
131  cl::desc("Reduce the number of instrumented blocks"),
132  cl::Hidden, cl::init(true));
133 
134 static cl::opt<bool> ClStackDepth("sanitizer-coverage-stack-depth",
135  cl::desc("max stack depth tracing"),
136  cl::Hidden, cl::init(false));
137 
138 namespace {
139 
140 SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
141  SanitizerCoverageOptions Res;
142  switch (LegacyCoverageLevel) {
143  case 0:
144  Res.CoverageType = SanitizerCoverageOptions::SCK_None;
145  break;
146  case 1:
147  Res.CoverageType = SanitizerCoverageOptions::SCK_Function;
148  break;
149  case 2:
150  Res.CoverageType = SanitizerCoverageOptions::SCK_BB;
151  break;
152  case 3:
153  Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
154  break;
155  case 4:
156  Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
157  Res.IndirectCalls = true;
158  break;
159  }
160  return Res;
161 }
162 
163 SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
164  // Sets CoverageType and IndirectCalls.
165  SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel);
166  Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType);
167  Options.IndirectCalls |= CLOpts.IndirectCalls;
168  Options.TraceCmp |= ClCMPTracing;
169  Options.TraceDiv |= ClDIVTracing;
170  Options.TraceGep |= ClGEPTracing;
171  Options.TracePC |= ClTracePC;
172  Options.TracePCGuard |= ClTracePCGuard;
173  Options.Inline8bitCounters |= ClInline8bitCounters;
174  Options.InlineBoolFlag |= ClInlineBoolFlag;
175  Options.PCTable |= ClCreatePCTable;
176  Options.NoPrune |= !ClPruneBlocks;
177  Options.StackDepth |= ClStackDepth;
178  if (!Options.TracePCGuard && !Options.TracePC &&
179  !Options.Inline8bitCounters && !Options.StackDepth &&
180  !Options.InlineBoolFlag)
181  Options.TracePCGuard = true; // TracePCGuard is default.
182  return Options;
183 }
184 
185 using DomTreeCallback = function_ref<const DominatorTree *(Function &F)>;
186 using PostDomTreeCallback =
187  function_ref<const PostDominatorTree *(Function &F)>;
188 
189 class ModuleSanitizerCoverage {
190 public:
191  ModuleSanitizerCoverage(
192  const SanitizerCoverageOptions &Options = SanitizerCoverageOptions(),
193  const SpecialCaseList *Allowlist = nullptr,
194  const SpecialCaseList *Blocklist = nullptr)
195  : Options(OverrideFromCL(Options)), Allowlist(Allowlist),
196  Blocklist(Blocklist) {}
197  bool instrumentModule(Module &M, DomTreeCallback DTCallback,
198  PostDomTreeCallback PDTCallback);
199 
200 private:
201  void instrumentFunction(Function &F, DomTreeCallback DTCallback,
202  PostDomTreeCallback PDTCallback);
203  void InjectCoverageForIndirectCalls(Function &F,
204  ArrayRef<Instruction *> IndirCalls);
205  void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets);
206  void InjectTraceForDiv(Function &F,
207  ArrayRef<BinaryOperator *> DivTraceTargets);
208  void InjectTraceForGep(Function &F,
209  ArrayRef<GetElementPtrInst *> GepTraceTargets);
210  void InjectTraceForSwitch(Function &F,
211  ArrayRef<Instruction *> SwitchTraceTargets);
212  bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
213  bool IsLeafFunc = true);
214  GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
215  Function &F, Type *Ty,
216  const char *Section);
217  GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
218  void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
219  void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
220  bool IsLeafFunc = true);
221  Function *CreateInitCallsForSections(Module &M, const char *CtorName,
222  const char *InitFunctionName, Type *Ty,
223  const char *Section);
224  std::pair<Value *, Value *> CreateSecStartEnd(Module &M, const char *Section,
225  Type *Ty);
226 
227  void SetNoSanitizeMetadata(Instruction *I) {
228  I->setMetadata(I->getModule()->getMDKindID("nosanitize"),
229  MDNode::get(*C, None));
230  }
231 
232  std::string getSectionName(const std::string &Section) const;
233  std::string getSectionStart(const std::string &Section) const;
234  std::string getSectionEnd(const std::string &Section) const;
235  FunctionCallee SanCovTracePCIndir;
236  FunctionCallee SanCovTracePC, SanCovTracePCGuard;
237  FunctionCallee SanCovTraceCmpFunction[4];
238  FunctionCallee SanCovTraceConstCmpFunction[4];
239  FunctionCallee SanCovTraceDivFunction[2];
240  FunctionCallee SanCovTraceGepFunction;
241  FunctionCallee SanCovTraceSwitchFunction;
242  GlobalVariable *SanCovLowestStack;
243  Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy,
244  *Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy;
245  Module *CurModule;
246  std::string CurModuleUniqueId;
247  Triple TargetTriple;
248  LLVMContext *C;
249  const DataLayout *DL;
250 
251  GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
252  GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
253  GlobalVariable *FunctionBoolArray; // for inline-bool-flag.
254  GlobalVariable *FunctionPCsArray; // for pc-table.
255  SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
256  SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;
257 
258  SanitizerCoverageOptions Options;
259 
260  const SpecialCaseList *Allowlist;
261  const SpecialCaseList *Blocklist;
262 };
263 
264 class ModuleSanitizerCoverageLegacyPass : public ModulePass {
265 public:
266  ModuleSanitizerCoverageLegacyPass(
267  const SanitizerCoverageOptions &Options = SanitizerCoverageOptions(),
268  const std::vector<std::string> &AllowlistFiles =
269  std::vector<std::string>(),
270  const std::vector<std::string> &BlocklistFiles =
271  std::vector<std::string>())
272  : ModulePass(ID), Options(Options) {
273  if (AllowlistFiles.size() > 0)
274  Allowlist = SpecialCaseList::createOrDie(AllowlistFiles,
275  *vfs::getRealFileSystem());
276  if (BlocklistFiles.size() > 0)
277  Blocklist = SpecialCaseList::createOrDie(BlocklistFiles,
278  *vfs::getRealFileSystem());
279  initializeModuleSanitizerCoverageLegacyPassPass(
280  *PassRegistry::getPassRegistry());
281  }
282  bool runOnModule(Module &M) override {
283  ModuleSanitizerCoverage ModuleSancov(Options, Allowlist.get(),
284  Blocklist.get());
285  auto DTCallback = [this](Function &F) -> const DominatorTree * {
286  return &this->getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
287  };
288  auto PDTCallback = [this](Function &F) -> const PostDominatorTree * {
289  return &this->getAnalysis<PostDominatorTreeWrapperPass>(F)
290  .getPostDomTree();
291  };
292  return ModuleSancov.instrumentModule(M, DTCallback, PDTCallback);
293  }
294 
295  static char ID; // Pass identification, replacement for typeid
296  StringRef getPassName() const override { return "ModuleSanitizerCoverage"; }
297 
298  void getAnalysisUsage(AnalysisUsage &AU) const override {
299  AU.addRequired<DominatorTreeWrapperPass>();
300  AU.addRequired<PostDominatorTreeWrapperPass>();
301  }
302 
303 private:
304  SanitizerCoverageOptions Options;
305 
306  std::unique_ptr<SpecialCaseList> Allowlist;
307  std::unique_ptr<SpecialCaseList> Blocklist;
308 };
309 
310 } // namespace
311 
312 PreservedAnalyses ModuleSanitizerCoveragePass::run(Module &M,
313  ModuleAnalysisManager &MAM) {
314  ModuleSanitizerCoverage ModuleSancov(Options, Allowlist.get(),
315  Blocklist.get());
316  auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
317  auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
318  return &FAM.getResult<DominatorTreeAnalysis>(F);
319  };
320  auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree * {
321  return &FAM.getResult<PostDominatorTreeAnalysis>(F);
322  };
323  if (ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
324  return PreservedAnalyses::none();
325  return PreservedAnalyses::all();
326 }
327 
328 std::pair<Value *, Value *>
329 ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
330  Type *Ty) {
331  // Use ExternalWeak so that if all sections are discarded due to section
332  // garbage collection, the linker will not report undefined symbol errors.
333  // Windows defines the start/stop symbols in compiler-rt so no need for
334  // ExternalWeak.
335  GlobalValue::LinkageTypes Linkage = TargetTriple.isOSBinFormatCOFF()
336  ? GlobalVariable::ExternalLinkage
337  : GlobalVariable::ExternalWeakLinkage;
338  GlobalVariable *SecStart =
339  new GlobalVariable(M, Ty->getPointerElementType(), false, Linkage,
340  nullptr, getSectionStart(Section));
341  SecStart->setVisibility(GlobalValue::HiddenVisibility);
342  GlobalVariable *SecEnd =
343  new GlobalVariable(M, Ty->getPointerElementType(), false, Linkage,
344  nullptr, getSectionEnd(Section));
345  SecEnd->setVisibility(GlobalValue::HiddenVisibility);
346  IRBuilder<> IRB(M.getContext());
347  if (!TargetTriple.isOSBinFormatCOFF())
348  return std::make_pair(SecStart, SecEnd);
349 
350  // Account for the fact that on windows-msvc __start_* symbols actually
351  // point to a uint64_t before the start of the array.
352  auto SecStartI8Ptr = IRB.CreatePointerCast(SecStart, Int8PtrTy);
353  auto GEP = IRB.CreateGEP(Int8Ty, SecStartI8Ptr,
354  ConstantInt::get(IntptrTy, sizeof(uint64_t)));
355  return std::make_pair(IRB.CreatePointerCast(GEP, Ty), SecEnd);
356 }
357 
358 Function *ModuleSanitizerCoverage::CreateInitCallsForSections(
359  Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty,
360  const char *Section) {
361  auto SecStartEnd = CreateSecStartEnd(M, Section, Ty);
362  auto SecStart = SecStartEnd.first;
363  auto SecEnd = SecStartEnd.second;
364  Function *CtorFunc;
365  std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
366  M, CtorName, InitFunctionName, {Ty, Ty}, {SecStart, SecEnd});
367  assert(CtorFunc->getName() == CtorName);
368 
369  if (TargetTriple.supportsCOMDAT()) {
370  // Use comdat to dedup CtorFunc.
371  CtorFunc->setComdat(M.getOrInsertComdat(CtorName));
372  appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority, CtorFunc);
373  } else {
374  appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority);
375  }
376 
377  if (TargetTriple.isOSBinFormatCOFF()) {
378  // In COFF files, if the contructors are set as COMDAT (they are because
379  // COFF supports COMDAT) and the linker flag /OPT:REF (strip unreferenced
380  // functions and data) is used, the constructors get stripped. To prevent
381  // this, give the constructors weak ODR linkage and ensure the linker knows
382  // to include the sancov constructor. This way the linker can deduplicate
383  // the constructors but always leave one copy.
384  CtorFunc->setLinkage(GlobalValue::WeakODRLinkage);
385  appendToUsed(M, CtorFunc);
386  }
387  return CtorFunc;
388 }
389 
390 bool ModuleSanitizerCoverage::instrumentModule(
391  Module &M, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
392  if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
393  return false;
394  if (Allowlist &&
395  !Allowlist->inSection("coverage", "src", M.getSourceFileName()))
396  return false;
397  if (Blocklist &&
398  Blocklist->inSection("coverage", "src", M.getSourceFileName()))
399  return false;
400  C = &(M.getContext());
401  DL = &M.getDataLayout();
402  CurModule = &M;
403  CurModuleUniqueId = getUniqueModuleId(CurModule);
404  TargetTriple = Triple(M.getTargetTriple());
405  FunctionGuardArray = nullptr;
406  Function8bitCounterArray = nullptr;
407  FunctionBoolArray = nullptr;
408  FunctionPCsArray = nullptr;
409  IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
410  IntptrPtrTy = PointerType::getUnqual(IntptrTy);
411  Type *VoidTy = Type::getVoidTy(*C);
412  IRBuilder<> IRB(*C);
413  Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
414  Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
415  Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
416  Int1PtrTy = PointerType::getUnqual(IRB.getInt1Ty());
417  Int64Ty = IRB.getInt64Ty();
418  Int32Ty = IRB.getInt32Ty();
419  Int16Ty = IRB.getInt16Ty();
420  Int8Ty = IRB.getInt8Ty();
421  Int1Ty = IRB.getInt1Ty();
422 
423  SanCovTracePCIndir =
424  M.getOrInsertFunction(SanCovTracePCIndirName, VoidTy, IntptrTy);
425  // Make sure smaller parameters are zero-extended to i64 if required by the
426  // target ABI.
427  AttributeList SanCovTraceCmpZeroExtAL;
428  SanCovTraceCmpZeroExtAL =
429  SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 0, Attribute::ZExt);
430  SanCovTraceCmpZeroExtAL =
431  SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 1, Attribute::ZExt);
432 
433  SanCovTraceCmpFunction[0] =
434  M.getOrInsertFunction(SanCovTraceCmp1, SanCovTraceCmpZeroExtAL, VoidTy,
435  IRB.getInt8Ty(), IRB.getInt8Ty());
436  SanCovTraceCmpFunction[1] =
437  M.getOrInsertFunction(SanCovTraceCmp2, SanCovTraceCmpZeroExtAL, VoidTy,
438  IRB.getInt16Ty(), IRB.getInt16Ty());
439  SanCovTraceCmpFunction[2] =
440  M.getOrInsertFunction(SanCovTraceCmp4, SanCovTraceCmpZeroExtAL, VoidTy,
441  IRB.getInt32Ty(), IRB.getInt32Ty());
442  SanCovTraceCmpFunction[3] =
443  M.getOrInsertFunction(SanCovTraceCmp8, VoidTy, Int64Ty, Int64Ty);
444 
445  SanCovTraceConstCmpFunction[0] = M.getOrInsertFunction(
446  SanCovTraceConstCmp1, SanCovTraceCmpZeroExtAL, VoidTy, Int8Ty, Int8Ty);
447  SanCovTraceConstCmpFunction[1] = M.getOrInsertFunction(
448  SanCovTraceConstCmp2, SanCovTraceCmpZeroExtAL, VoidTy, Int16Ty, Int16Ty);
449  SanCovTraceConstCmpFunction[2] = M.getOrInsertFunction(
450  SanCovTraceConstCmp4, SanCovTraceCmpZeroExtAL, VoidTy, Int32Ty, Int32Ty);
451  SanCovTraceConstCmpFunction[3] =
452  M.getOrInsertFunction(SanCovTraceConstCmp8, VoidTy, Int64Ty, Int64Ty);
453 
454  {
455  AttributeList AL;
456  AL = AL.addParamAttribute(*C, 0, Attribute::ZExt);
457  SanCovTraceDivFunction[0] =
458  M.getOrInsertFunction(SanCovTraceDiv4, AL, VoidTy, IRB.getInt32Ty());
459  }
460  SanCovTraceDivFunction[1] =
461  M.getOrInsertFunction(SanCovTraceDiv8, VoidTy, Int64Ty);
462  SanCovTraceGepFunction =
463  M.getOrInsertFunction(SanCovTraceGep, VoidTy, IntptrTy);
464  SanCovTraceSwitchFunction =
465  M.getOrInsertFunction(SanCovTraceSwitchName, VoidTy, Int64Ty, Int64PtrTy);
466 
467  Constant *SanCovLowestStackConstant =
468  M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy);
469  SanCovLowestStack = dyn_cast<GlobalVariable>(SanCovLowestStackConstant);
470  if (!SanCovLowestStack) {
471  C->emitError(StringRef("'") + SanCovLowestStackName +
472  "' should not be declared by the user");
473  return true;
474  }
475  SanCovLowestStack->setThreadLocalMode(
476  GlobalValue::ThreadLocalMode::InitialExecTLSModel);
477  if (Options.StackDepth && !SanCovLowestStack->isDeclaration())
478  SanCovLowestStack->setInitializer(Constant::getAllOnesValue(IntptrTy));
479 
480  SanCovTracePC = M.getOrInsertFunction(SanCovTracePCName, VoidTy);
481  SanCovTracePCGuard =
482  M.getOrInsertFunction(SanCovTracePCGuardName, VoidTy, Int32PtrTy);
483 
484  for (auto &F : M)
485  instrumentFunction(F, DTCallback, PDTCallback);
486 
487  Function *Ctor = nullptr;
488 
489  if (FunctionGuardArray)
490  Ctor = CreateInitCallsForSections(M, SanCovModuleCtorTracePcGuardName,
491  SanCovTracePCGuardInitName, Int32PtrTy,
492  SanCovGuardsSectionName);
493  if (Function8bitCounterArray)
494  Ctor = CreateInitCallsForSections(M, SanCovModuleCtor8bitCountersName,
495  SanCov8bitCountersInitName, Int8PtrTy,
496  SanCovCountersSectionName);
497  if (FunctionBoolArray) {
498  Ctor = CreateInitCallsForSections(M, SanCovModuleCtorBoolFlagName,
499  SanCovBoolFlagInitName, Int1PtrTy,
500  SanCovBoolFlagSectionName);
501  }
502  if (Ctor && Options.PCTable) {
503  auto SecStartEnd = CreateSecStartEnd(M, SanCovPCsSectionName, IntptrPtrTy);
504  FunctionCallee InitFunction = declareSanitizerInitFunction(
505  M, SanCovPCsInitName, {IntptrPtrTy, IntptrPtrTy});
506  IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
507  IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
508  }
509  appendToUsed(M, GlobalsToAppendToUsed);
510  appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);
511  return true;
512 }
513 
514 // True if block has successors and it dominates all of them.
515 static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) {
516  if (succ_empty(BB))
517  return false;
518 
519  return llvm::all_of(successors(BB), [&](const BasicBlock *SUCC) {
520  return DT->dominates(BB, SUCC);
521  });
522 }
523 
524 // True if block has predecessors and it postdominates all of them.
525 static bool isFullPostDominator(const BasicBlock *BB,
526  const PostDominatorTree *PDT) {
527  if (pred_empty(BB))
528  return false;
529 
530  return llvm::all_of(predecessors(BB), [&](const BasicBlock *PRED) {
531  return PDT->dominates(BB, PRED);
532  });
533 }
534 
535 static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
536  const DominatorTree *DT,
537  const PostDominatorTree *PDT,
538  const SanitizerCoverageOptions &Options) {
539  // Don't insert coverage for blocks containing nothing but unreachable: we
540  // will never call __sanitizer_cov() for them, so counting them in
541  // NumberOfInstrumentedBlocks() might complicate calculation of code coverage
542  // percentage. Also, unreachable instructions frequently have no debug
543  // locations.
544  if (isa<UnreachableInst>(BB->getFirstNonPHIOrDbgOrLifetime()))
545  return false;
546 
547  // Don't insert coverage into blocks without a valid insertion point
548  // (catchswitch blocks).
549  if (BB->getFirstInsertionPt() == BB->end())
550  return false;
551 
552  if (Options.NoPrune || &F.getEntryBlock() == BB)
553  return true;
554 
555  if (Options.CoverageType == SanitizerCoverageOptions::SCK_Function &&
556  &F.getEntryBlock() != BB)
557  return false;
558 
559  // Do not instrument full dominators, or full post-dominators with multiple
560  // predecessors.
561  return !isFullDominator(BB, DT)
562  && !(isFullPostDominator(BB, PDT) && !BB->getSinglePredecessor());
563 }
564 
565 
566 // Returns true iff From->To is a backedge.
567 // A twist here is that we treat From->To as a backedge if
568 // * To dominates From or
569 // * To->UniqueSuccessor dominates From
570 static bool IsBackEdge(BasicBlock *From, BasicBlock *To,
571  const DominatorTree *DT) {
572  if (DT->dominates(To, From))
573  return true;
574  if (auto Next = To->getUniqueSuccessor())
575  if (DT->dominates(Next, From))
576  return true;
577  return false;
578 }
579 
580 // Prunes uninteresting Cmp instrumentation:
581 // * CMP instructions that feed into loop backedge branch.
582 //
583 // Note that Cmp pruning is controlled by the same flag as the
584 // BB pruning.
585 static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT,
586  const SanitizerCoverageOptions &Options) {
587  if (!Options.NoPrune)
588  if (CMP->hasOneUse())
589  if (auto BR = dyn_cast<BranchInst>(CMP->user_back()))
590  for (BasicBlock *B : BR->successors())
591  if (IsBackEdge(BR->getParent(), B, DT))
592  return false;
593  return true;
594 }
595 
596 void ModuleSanitizerCoverage::instrumentFunction(
597  Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
598  if (F.empty())
599  return;
600  if (F.getName().find(".module_ctor") != std::string::npos)
601  return; // Should not instrument sanitizer init functions.
602  if (F.getName().startswith("__sanitizer_"))
603  return; // Don't instrument __sanitizer_* callbacks.
604  // Don't touch available_externally functions, their actual body is elewhere.
605  if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
606  return;
607  // Don't instrument MSVC CRT configuration helpers. They may run before normal
608  // initialization.
609  if (F.getName() == "__local_stdio_printf_options" ||
610  F.getName() == "__local_stdio_scanf_options")
611  return;
612  if (isa<UnreachableInst>(F.getEntryBlock().getTerminator()))
613  return;
614  // Don't instrument functions using SEH for now. Splitting basic blocks like
615  // we do for coverage breaks WinEHPrepare.
616  // FIXME: Remove this when SEH no longer uses landingpad pattern matching.
617  if (F.hasPersonalityFn() &&
618  isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
619  return;
620  if (Allowlist && !Allowlist->inSection("coverage", "fun", F.getName()))
621  return;
622  if (Blocklist && Blocklist->inSection("coverage", "fun", F.getName()))
623  return;
624  if (F.hasFnAttribute(Attribute::NoSanitizeCoverage))
625  return;
626  if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge)
627  SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests());
628  SmallVector<Instruction *, 8> IndirCalls;
629  SmallVector<BasicBlock *, 16> BlocksToInstrument;
630  SmallVector<Instruction *, 8> CmpTraceTargets;
631  SmallVector<Instruction *, 8> SwitchTraceTargets;
632  SmallVector<BinaryOperator *, 8> DivTraceTargets;
633  SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
634 
635  const DominatorTree *DT = DTCallback(F);
636  const PostDominatorTree *PDT = PDTCallback(F);
637  bool IsLeafFunc = true;
638 
639  for (auto &BB : F) {
640  if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
641  BlocksToInstrument.push_back(&BB);
642  for (auto &Inst : BB) {
643  if (Options.IndirectCalls) {
644  CallBase *CB = dyn_cast<CallBase>(&Inst);
645  if (CB && !CB->getCalledFunction())
646  IndirCalls.push_back(&Inst);
647  }
648  if (Options.TraceCmp) {
649  if (ICmpInst *CMP = dyn_cast<ICmpInst>(&Inst))
650  if (IsInterestingCmp(CMP, DT, Options))
651  CmpTraceTargets.push_back(&Inst);
652  if (isa<SwitchInst>(&Inst))
653  SwitchTraceTargets.push_back(&Inst);
654  }
655  if (Options.TraceDiv)
656  if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&Inst))
657  if (BO->getOpcode() == Instruction::SDiv ||
658  BO->getOpcode() == Instruction::UDiv)
659  DivTraceTargets.push_back(BO);
660  if (Options.TraceGep)
661  if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
662  GepTraceTargets.push_back(GEP);
663  if (Options.StackDepth)
664  if (isa<InvokeInst>(Inst) ||
665  (isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
666  IsLeafFunc = false;
667  }
668  }
669 
670  InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
671  InjectCoverageForIndirectCalls(F, IndirCalls);
672  InjectTraceForCmp(F, CmpTraceTargets);
673  InjectTraceForSwitch(F, SwitchTraceTargets);
674  InjectTraceForDiv(F, DivTraceTargets);
675  InjectTraceForGep(F, GepTraceTargets);
676 }
677 
678 GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
679  size_t NumElements, Function &F, Type *Ty, const char *Section) {
680  ArrayType *ArrayTy = ArrayType::get(Ty, NumElements);
681  auto Array = new GlobalVariable(
682  *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage,
683  Constant::getNullValue(ArrayTy), "__sancov_gen_");
684 
685  if (TargetTriple.supportsCOMDAT() &&
686  (TargetTriple.isOSBinFormatELF() || !F.isInterposable()))
687  if (auto Comdat = getOrCreateFunctionComdat(F, TargetTriple))
688  Array->setComdat(Comdat);
689  Array->setSection(getSectionName(Section));
690  Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedSize()));
691 
692  // sancov_pcs parallels the other metadata section(s). Optimizers (e.g.
693  // GlobalOpt/ConstantMerge) may not discard sancov_pcs and the other
694  // section(s) as a unit, so we conservatively retain all unconditionally in
695  // the compiler.
696  //
697  // With comdat (COFF/ELF), the linker can guarantee the associated sections
698  // will be retained or discarded as a unit, so llvm.compiler.used is
699  // sufficient. Otherwise, conservatively make all of them retained by the
700  // linker.
701  if (Array->hasComdat())
702  GlobalsToAppendToCompilerUsed.push_back(Array);
703  else
704  GlobalsToAppendToUsed.push_back(Array);
705 
706  return Array;
707 }
708 
709 GlobalVariable *
710 ModuleSanitizerCoverage::CreatePCArray(Function &F,
711  ArrayRef<BasicBlock *> AllBlocks) {
712  size_t N = AllBlocks.size();
713  assert(N);
714  SmallVector<Constant *, 32> PCs;
715  IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt());
716  for (size_t i = 0; i < N; i++) {
717  if (&F.getEntryBlock() == AllBlocks[i]) {
718  PCs.push_back((Constant *)IRB.CreatePointerCast(&F, IntptrPtrTy));
719  PCs.push_back((Constant *)IRB.CreateIntToPtr(
720  ConstantInt::get(IntptrTy, 1), IntptrPtrTy));
721  } else {
722  PCs.push_back((Constant *)IRB.CreatePointerCast(
723  BlockAddress::get(AllBlocks[i]), IntptrPtrTy));
724  PCs.push_back((Constant *)IRB.CreateIntToPtr(
725  ConstantInt::get(IntptrTy, 0), IntptrPtrTy));
726  }
727  }
728  auto *PCArray = CreateFunctionLocalArrayInSection(N * 2, F, IntptrPtrTy,
729  SanCovPCsSectionName);
730  PCArray->setInitializer(
731  ConstantArray::get(ArrayType::get(IntptrPtrTy, N * 2), PCs));
732  PCArray->setConstant(true);
733 
734  return PCArray;
735 }
736 
737 void ModuleSanitizerCoverage::CreateFunctionLocalArrays(
738  Function &F, ArrayRef<BasicBlock *> AllBlocks) {
739  if (Options.TracePCGuard)
740  FunctionGuardArray = CreateFunctionLocalArrayInSection(
741  AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName);
742 
743  if (Options.Inline8bitCounters)
744  Function8bitCounterArray = CreateFunctionLocalArrayInSection(
745  AllBlocks.size(), F, Int8Ty, SanCovCountersSectionName);
746  if (Options.InlineBoolFlag)
747  FunctionBoolArray = CreateFunctionLocalArrayInSection(
748  AllBlocks.size(), F, Int1Ty, SanCovBoolFlagSectionName);
749 
750  if (Options.PCTable)
751  FunctionPCsArray = CreatePCArray(F, AllBlocks);
752 }
753 
754 bool ModuleSanitizerCoverage::InjectCoverage(Function &F,
755  ArrayRef<BasicBlock *> AllBlocks,
756  bool IsLeafFunc) {
757  if (AllBlocks.empty()) return false;
758  CreateFunctionLocalArrays(F, AllBlocks);
759  for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
760  InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
761  return true;
762 }
763 
764 // On every indirect call we call a run-time function
765 // __sanitizer_cov_indir_call* with two parameters:
766 // - callee address,
767 // - global cache array that contains CacheSize pointers (zero-initialized).
768 // The cache is used to speed up recording the caller-callee pairs.
769 // The address of the caller is passed implicitly via caller PC.
770 // CacheSize is encoded in the name of the run-time function.
771 void ModuleSanitizerCoverage::InjectCoverageForIndirectCalls(
772  Function &F, ArrayRef<Instruction *> IndirCalls) {
773  if (IndirCalls.empty())
774  return;
775  assert(Options.TracePC || Options.TracePCGuard ||
776  Options.Inline8bitCounters || Options.InlineBoolFlag);
777  for (auto I : IndirCalls) {
778  IRBuilder<> IRB(I);
779  CallBase &CB = cast<CallBase>(*I);
780  Value *Callee = CB.getCalledOperand();
781  if (isa<InlineAsm>(Callee))
782  continue;
783  IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
784  }
785 }
786 
787 // For every switch statement we insert a call:
788 // __sanitizer_cov_trace_switch(CondValue,
789 // {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... })
790 
791 void ModuleSanitizerCoverage::InjectTraceForSwitch(
792  Function &, ArrayRef<Instruction *> SwitchTraceTargets) {
793  for (auto I : SwitchTraceTargets) {
794  if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) {
795  IRBuilder<> IRB(I);
796  SmallVector<Constant *, 16> Initializers;
797  Value *Cond = SI->getCondition();
798  if (Cond->getType()->getScalarSizeInBits() >
799  Int64Ty->getScalarSizeInBits())
800  continue;
801  Initializers.push_back(ConstantInt::get(Int64Ty, SI->getNumCases()));
802  Initializers.push_back(
803  ConstantInt::get(Int64Ty, Cond->getType()->getScalarSizeInBits()));
804  if (Cond->getType()->getScalarSizeInBits() <
805  Int64Ty->getScalarSizeInBits())
806  Cond = IRB.CreateIntCast(Cond, Int64Ty, false);
807  for (auto It : SI->cases()) {
808  Constant *C = It.getCaseValue();
809  if (C->getType()->getScalarSizeInBits() <
810  Int64Ty->getScalarSizeInBits())
811  C = ConstantExpr::getCast(CastInst::ZExt, It.getCaseValue(), Int64Ty);
812  Initializers.push_back(C);
813  }
814  llvm::sort(drop_begin(Initializers, 2),
815  [](const Constant *A, const Constant *B) {
816  return cast<ConstantInt>(A)->getLimitedValue() <
817  cast<ConstantInt>(B)->getLimitedValue();
818  });
819  ArrayType *ArrayOfInt64Ty = ArrayType::get(Int64Ty, Initializers.size());
820  GlobalVariable *GV = new GlobalVariable(
821  *CurModule, ArrayOfInt64Ty, false, GlobalVariable::InternalLinkage,
822  ConstantArray::get(ArrayOfInt64Ty, Initializers),
823  "__sancov_gen_cov_switch_values");
824  IRB.CreateCall(SanCovTraceSwitchFunction,
825  {Cond, IRB.CreatePointerCast(GV, Int64PtrTy)});
826  }
827  }
828 }
829 
830 void ModuleSanitizerCoverage::InjectTraceForDiv(
831  Function &, ArrayRef<BinaryOperator *> DivTraceTargets) {
832  for (auto BO : DivTraceTargets) {
833  IRBuilder<> IRB(BO);
834  Value *A1 = BO->getOperand(1);
835  if (isa<ConstantInt>(A1)) continue;
836  if (!A1->getType()->isIntegerTy())
837  continue;
838  uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
839  int CallbackIdx = TypeSize == 32 ? 0 :
840  TypeSize == 64 ? 1 : -1;
841  if (CallbackIdx < 0) continue;
842  auto Ty = Type::getIntNTy(*C, TypeSize);
843  IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx],
844  {IRB.CreateIntCast(A1, Ty, true)});
845  }
846 }
847 
848 void ModuleSanitizerCoverage::InjectTraceForGep(
849  Function &, ArrayRef<GetElementPtrInst *> GepTraceTargets) {
850  for (auto GEP : GepTraceTargets) {
851  IRBuilder<> IRB(GEP);
852  for (Use &Idx : GEP->indices())
853  if (!isa<ConstantInt>(Idx) && Idx->getType()->isIntegerTy())
854  IRB.CreateCall(SanCovTraceGepFunction,
855  {IRB.CreateIntCast(Idx, IntptrTy, true)});
856  }
857 }
858 
859 void ModuleSanitizerCoverage::InjectTraceForCmp(
860  Function &, ArrayRef<Instruction *> CmpTraceTargets) {
861  for (auto I : CmpTraceTargets) {
862  if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
863  IRBuilder<> IRB(ICMP);
864  Value *A0 = ICMP->getOperand(0);
865  Value *A1 = ICMP->getOperand(1);
866  if (!A0->getType()->isIntegerTy())
867  continue;
868  uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType());
869  int CallbackIdx = TypeSize == 8 ? 0 :
870  TypeSize == 16 ? 1 :
871  TypeSize == 32 ? 2 :
872  TypeSize == 64 ? 3 : -1;
873  if (CallbackIdx < 0) continue;
874  // __sanitizer_cov_trace_cmp((type_size << 32) | predicate, A0, A1);
875  auto CallbackFunc = SanCovTraceCmpFunction[CallbackIdx];
876  bool FirstIsConst = isa<ConstantInt>(A0);
877  bool SecondIsConst = isa<ConstantInt>(A1);
878  // If both are const, then we don't need such a comparison.
879  if (FirstIsConst && SecondIsConst) continue;
880  // If only one is const, then make it the first callback argument.
881  if (FirstIsConst || SecondIsConst) {
882  CallbackFunc = SanCovTraceConstCmpFunction[CallbackIdx];
883  if (SecondIsConst)
884  std::swap(A0, A1);
885  }
886 
887  auto Ty = Type::getIntNTy(*C, TypeSize);
888  IRB.CreateCall(CallbackFunc, {IRB.CreateIntCast(A0, Ty, true),
889  IRB.CreateIntCast(A1, Ty, true)});
890  }
891  }
892 }
893 
894 void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
895  size_t Idx,
896  bool IsLeafFunc) {
897  BasicBlock::iterator IP = BB.getFirstInsertionPt();
898  bool IsEntryBB = &BB == &F.getEntryBlock();
899  DebugLoc EntryLoc;
900  if (IsEntryBB) {
901  if (auto SP = F.getSubprogram())
902  EntryLoc = DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP);
903  // Keep static allocas and llvm.localescape calls in the entry block. Even
904  // if we aren't splitting the block, it's nice for allocas to be before
905  // calls.
906  IP = PrepareToSplitEntryBlock(BB, IP);
907  } else {
908  EntryLoc = IP->getDebugLoc();
909  if (!EntryLoc)
910  if (auto *SP = F.getSubprogram())
911  EntryLoc = DILocation::get(SP->getContext(), 0, 0, SP);
912  }
913 
914  IRBuilder<> IRB(&*IP);
915  IRB.SetCurrentDebugLocation(EntryLoc);
916  if (Options.TracePC) {
917  IRB.CreateCall(SanCovTracePC)
918  ->setCannotMerge(); // gets the PC using GET_CALLER_PC.
919  }
920  if (Options.TracePCGuard) {
921  auto GuardPtr = IRB.CreateIntToPtr(
922  IRB.CreateAdd(IRB.CreatePointerCast(FunctionGuardArray, IntptrTy),
923  ConstantInt::get(IntptrTy, Idx * 4)),
924  Int32PtrTy);
925  IRB.CreateCall(SanCovTracePCGuard, GuardPtr)->setCannotMerge();
926  }
927  if (Options.Inline8bitCounters) {
928  auto CounterPtr = IRB.CreateGEP(
929  Function8bitCounterArray->getValueType(), Function8bitCounterArray,
930  {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
931  auto Load = IRB.CreateLoad(Int8Ty, CounterPtr);
932  auto Inc = IRB.CreateAdd(Load, ConstantInt::get(Int8Ty, 1));
933  auto Store = IRB.CreateStore(Inc, CounterPtr);
934  SetNoSanitizeMetadata(Load);
935  SetNoSanitizeMetadata(Store);
936  }
937  if (Options.InlineBoolFlag) {
938  auto FlagPtr = IRB.CreateGEP(
939  FunctionBoolArray->getValueType(), FunctionBoolArray,
940  {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
941  auto Load = IRB.CreateLoad(Int1Ty, FlagPtr);
942  auto ThenTerm =
943  SplitBlockAndInsertIfThen(IRB.CreateIsNull(Load), &*IP, false);
944  IRBuilder<> ThenIRB(ThenTerm);
945  auto Store = ThenIRB.CreateStore(ConstantInt::getTrue(Int1Ty), FlagPtr);
946  SetNoSanitizeMetadata(Load);
947  SetNoSanitizeMetadata(Store);
948  }
949  if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
950  // Check stack depth. If it's the deepest so far, record it.
951  Module *M = F.getParent();
952  Function *GetFrameAddr = Intrinsic::getDeclaration(
953  M, Intrinsic::frameaddress,
954  IRB.getInt8PtrTy(M->getDataLayout().getAllocaAddrSpace()));
955  auto FrameAddrPtr =
956  IRB.CreateCall(GetFrameAddr, {Constant::getNullValue(Int32Ty)});
957  auto FrameAddrInt = IRB.CreatePtrToInt(FrameAddrPtr, IntptrTy);
958  auto LowestStack = IRB.CreateLoad(IntptrTy, SanCovLowestStack);
959  auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
960  auto ThenTerm = SplitBlockAndInsertIfThen(IsStackLower, &*IP, false);
961  IRBuilder<> ThenIRB(ThenTerm);
962  auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
963  SetNoSanitizeMetadata(LowestStack);
964  SetNoSanitizeMetadata(Store);
965  }
966 }
967 
968 std::string
969 ModuleSanitizerCoverage::getSectionName(const std::string &Section) const {
970  if (TargetTriple.isOSBinFormatCOFF()) {
971  if (Section == SanCovCountersSectionName)
972  return ".SCOV$CM";
973  if (Section == SanCovBoolFlagSectionName)
974  return ".SCOV$BM";
975  if (Section == SanCovPCsSectionName)
976  return ".SCOVP$M";
977  return ".SCOV$GM"; // For SanCovGuardsSectionName.
978  }
979  if (TargetTriple.isOSBinFormatMachO())
980  return "__DATA,__" + Section;
981  return "__" + Section;
982 }
983 
984 std::string
985 ModuleSanitizerCoverage::getSectionStart(const std::string &Section) const {
986  if (TargetTriple.isOSBinFormatMachO())
987  return "\1section$start$__DATA$__" + Section;
988  return "__start___" + Section;
989 }
990 
991 std::string
992 ModuleSanitizerCoverage::getSectionEnd(const std::string &Section) const {
993  if (TargetTriple.isOSBinFormatMachO())
994  return "\1section$end$__DATA$__" + Section;
995  return "__stop___" + Section;
996 }
997 
998 char ModuleSanitizerCoverageLegacyPass::ID = 0;
999 INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass, "sancov",
1000  "Pass for instrumenting coverage on functions", false,
1001  false)
1002 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
1003 INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass)
1004 INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass, "sancov",
1005  "Pass for instrumenting coverage on functions", false,
1006  false)
1007 ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass(
1008  const SanitizerCoverageOptions &Options,
1009  const std::vector<std::string> &AllowlistFiles,
1010  const std::vector<std::string> &BlocklistFiles) {
1011  return new ModuleSanitizerCoverageLegacyPass(Options, AllowlistFiles,
1012  BlocklistFiles);
1013 }
i
i
Definition: README.txt:29
ClInline8bitCounters
static cl::opt< bool > ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters", cl::desc("increments 8-bit counter for every edge"), cl::Hidden, cl::init(false))
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: PassManager.h:155
llvm::SpecialCaseList
Definition: SpecialCaseList.h:69
Instrumentation.h
llvm::isAsynchronousEHPersonality
bool isAsynchronousEHPersonality(EHPersonality Pers)
Returns true if this personality function catches asynchronous exceptions.
Definition: EHPersonalities.h:50
Int32Ty
IntegerType * Int32Ty
Definition: NVVMIntrRange.cpp:67
llvm::predecessors
pred_range predecessors(BasicBlock *BB)
Definition: CFG.h:127
llvm::PrepareToSplitEntryBlock
BasicBlock::iterator PrepareToSplitEntryBlock(BasicBlock &BB, BasicBlock::iterator IP)
Instrumentation passes often insert conditional checks into entry blocks.
Definition: Instrumentation.cpp:41
INITIALIZE_PASS_BEGIN
INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass, "sancov", "Pass for instrumenting coverage on functions", false, false) INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass
llvm
Definition: AllocatorList.h:23
llvm::Type::getInt1Ty
static IntegerType * getInt1Ty(LLVMContext &C)
Definition: Type.cpp:194
M
We currently emits eax Perhaps this is what we really should generate is Is imull three or four cycles eax eax The current instruction priority is based on pattern complexity The former is more complex because it folds a load so the latter will not be emitted Perhaps we should use AddedComplexity to give LEA32r a higher priority We should always try to match LEA first since the LEA matching code does some estimate to determine whether the match is profitable if we care more about code then imull is better It s two bytes shorter than movl leal On a Pentium M
Definition: README.txt:252
llvm::AArch64CC::AL
@ AL
Definition: AArch64BaseInfo.h:250
llvm::drop_begin
auto drop_begin(T &&RangeOrContainer, size_t N=1)
Return a range covering RangeOrContainer with the first N elements excluded.
Definition: STLExtras.h:266
SanCovTraceCmp2
const char SanCovTraceCmp2[]
Definition: SanitizerCoverage.cpp:51
ClGEPTracing
static cl::opt< bool > ClGEPTracing("sanitizer-coverage-trace-geps", cl::desc("Tracing of GEP instructions"), cl::Hidden, cl::init(false))
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:112
SanCovTracePCName
const char SanCovTracePCName[]
Definition: SanitizerCoverage.cpp:49
llvm::Intrinsic::getDeclaration
Function * getDeclaration(Module *M, ID id, ArrayRef< Type * > Tys=None)
Create or insert an LLVM Function declaration for an intrinsic, and return it.
Definition: Function.cpp:1329
llvm::BasicBlock::iterator
InstListType::iterator iterator
Instruction iterators...
Definition: BasicBlock.h:90
llvm::ModulePass
ModulePass class - This class is used to implement unstructured interprocedural optimizations and ana...
Definition: Pass.h:238
llvm::SanitizerCoverageOptions
Definition: Instrumentation.h:152
IntrinsicInst.h
llvm::AnalysisManager::getResult
PassT::Result & getResult(IRUnitT &IR, ExtraArgTs... ExtraArgs)
Get the result of an analysis pass for a given IR unit.
Definition: PassManager.h:769
llvm::SystemZISD::ICMP
@ ICMP
Definition: SystemZISelLowering.h:55
functions
Pass for instrumenting coverage on functions
Definition: SanitizerCoverage.cpp:1005
llvm::GlobalValue::HiddenVisibility
@ HiddenVisibility
The GV is hidden.
Definition: GlobalValue.h:64
llvm::Function
Definition: Function.h:61
ClDIVTracing
static cl::opt< bool > ClDIVTracing("sanitizer-coverage-trace-divs", cl::desc("Tracing of DIV instructions"), cl::Hidden, cl::init(false))
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1167
InlineAsm.h
llvm::AttributeList::addParamAttribute
LLVM_NODISCARD AttributeList addParamAttribute(LLVMContext &C, unsigned ArgNo, Attribute::AttrKind Kind) const
Add an argument attribute to the list.
Definition: Attributes.h:467
llvm::Function::getEntryBlock
const BasicBlock & getEntryBlock() const
Definition: Function.h:762
llvm::IRBuilder<>
SanCov8bitCountersInitName
const char SanCov8bitCountersInitName[]
Definition: SanitizerCoverage.cpp:71
llvm::GlobalVariable
Definition: GlobalVariable.h:40
SanCovTraceGep
const char SanCovTraceGep[]
Definition: SanitizerCoverage.cpp:60
SanCovModuleCtorBoolFlagName
const char SanCovModuleCtorBoolFlagName[]
Definition: SanitizerCoverage.cpp:66
llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition: Dominators.h:151
llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:45
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:59
llvm::cl::Hidden
@ Hidden
Definition: CommandLine.h:143
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition: PassManager.h:158
llvm::SPII::Load
@ Load
Definition: SparcInstrInfo.h:32
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:46
Module.h
llvm::AttributeList
Definition: Attributes.h:385
EHPersonalities.h
SanCovModuleCtor8bitCountersName
const char SanCovModuleCtor8bitCountersName[]
Definition: SanitizerCoverage.cpp:64
llvm::msgpack::Type::Array
@ Array
ClInlineBoolFlag
static cl::opt< bool > ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag", cl::desc("sets a boolean flag for every edge"), cl::Hidden, cl::init(false))
ClCreatePCTable
static cl::opt< bool > ClCreatePCTable("sanitizer-coverage-pc-table", cl::desc("create a static PC table"), cl::Hidden, cl::init(false))
llvm::GlobalValue::LinkageTypes
LinkageTypes
An enumeration for the kinds of linkage for global values.
Definition: GlobalValue.h:47
llvm::ArrayType
Class to represent array types.
Definition: DerivedTypes.h:359
llvm::successors
succ_range successors(Instruction *I)
Definition: CFG.h:262
llvm::succ_empty
bool succ_empty(const Instruction *I)
Definition: CFG.h:256
llvm::Type::getInt8Ty
static IntegerType * getInt8Ty(LLVMContext &C)
Definition: Type.cpp:195
llvm::Type::getInt32Ty
static IntegerType * getInt32Ty(LLVMContext &C)
Definition: Type.cpp:197
llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition: ArrayRef.h:160
SanCovLowestStackName
const char SanCovLowestStackName[]
Definition: SanitizerCoverage.cpp:80
llvm::MDNode::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition: Metadata.h:1198
F
#define F(x, y, z)
Definition: MD5.cpp:56
llvm::BasicBlock::getUniqueSuccessor
const BasicBlock * getUniqueSuccessor() const
Return the successor of this block if it has a unique successor.
Definition: BasicBlock.cpp:302
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:58
llvm::ARMBuildAttrs::Section
@ Section
Legacy Tags.
Definition: ARMBuildAttributes.h:78
llvm::SanitizerCoverageOptions::SCK_Edge
@ SCK_Edge
Definition: Instrumentation.h:157
llvm::classifyEHPersonality
EHPersonality classifyEHPersonality(const Value *Pers)
See if the given exception handling personality function is one that we understand.
Definition: EHPersonalities.cpp:21
llvm::DominatorTree::dominates
bool dominates(const BasicBlock *BB, const Use &U) const
Return true if the (end of the) basic block BB dominates the use U.
Definition: Dominators.cpp:115
CommandLine.h
llvm::all_of
bool all_of(R &&range, UnaryPredicate P)
Provide wrappers to std::all_of which take ranges instead of having to pass begin/end explicitly.
Definition: STLExtras.h:1482
llvm::SanitizerCoverageOptions::CoverageType
enum llvm::SanitizerCoverageOptions::Type CoverageType
SanCovBoolFlagInitName
const char SanCovBoolFlagInitName[]
Definition: SanitizerCoverage.cpp:72
llvm::PassRegistry::getPassRegistry
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition: PassRegistry.cpp:31
PostDominators.h
SanCovTraceCmp4
const char SanCovTraceCmp4[]
Definition: SanitizerCoverage.cpp:52
Intrinsics.h
C
(vector float) vec_cmpeq(*A, *B) C
Definition: README_ALTIVEC.txt:86
llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation.
Definition: InstrTypes.h:1396
MAM
ModuleAnalysisManager MAM
Definition: PassBuilderBindings.cpp:61
llvm::ModuleSanitizerCoveragePass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: SanitizerCoverage.cpp:312
llvm::PostDominatorTreeWrapperPass
Definition: PostDominators.h:73
SanCovPCsSectionName
const char SanCovPCsSectionName[]
Definition: SanitizerCoverage.cpp:78
llvm::AnalysisUsage
Represent the analysis usage information of a pass.
Definition: PassAnalysisSupport.h:47
isFullPostDominator
static bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT)
Definition: SanitizerCoverage.cpp:525
SanCovTraceDiv8
const char SanCovTraceDiv8[]
Definition: SanitizerCoverage.cpp:59
IP
Definition: NVPTXLowerArgs.cpp:166
llvm::CriticalEdgeSplittingOptions
Option class for critical edge splitting.
Definition: BasicBlockUtils.h:136
false
Definition: StackSlotColoring.cpp:142
B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")
llvm::Constant::getAllOnesValue
static Constant * getAllOnesValue(Type *Ty)
Definition: Constants.cpp:404
llvm::Instruction
Definition: Instruction.h:45
ClPruneBlocks
static cl::opt< bool > ClPruneBlocks("sanitizer-coverage-prune-blocks", cl::desc("Reduce the number of instrumented blocks"), cl::Hidden, cl::init(true))
llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition: Dominators.h:281
MDBuilder.h
llvm::appendToCompilerUsed
void appendToCompilerUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.compiler.used list.
Definition: ModuleUtils.cpp:110
Options
const char LLVMTargetMachineRef LLVMPassBuilderOptionsRef Options
Definition: PassBuilderBindings.cpp:48
llvm::initializeModuleSanitizerCoverageLegacyPassPass
void initializeModuleSanitizerCoverageLegacyPassPass(PassRegistry &)
llvm::ConstantInt::get
static Constant * get(Type *Ty, uint64_t V, bool IsSigned=false)
If Ty is a vector type, return a Constant with a splat of the given value.
Definition: Constants.cpp:898
SanCovGuardsSectionName
const char SanCovGuardsSectionName[]
Definition: SanitizerCoverage.cpp:75
Align
uint64_t Align
Definition: ELFObjHandler.cpp:83
llvm::GlobalValue::InternalLinkage
@ InternalLinkage
Rename collisions when linking (static functions).
Definition: GlobalValue.h:55
llvm::Comdat
Definition: Comdat.h:31
llvm::SanitizerCoverageOptions::SCK_BB
@ SCK_BB
Definition: Instrumentation.h:156
SanCovTraceConstCmp8
const char SanCovTraceConstCmp8[]
Definition: SanitizerCoverage.cpp:57
shouldInstrumentBlock
static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, const DominatorTree *DT, const PostDominatorTree *PDT, const SanitizerCoverageOptions &Options)
Definition: SanitizerCoverage.cpp:535
llvm::None
const NoneType None
Definition: None.h:23
SanCovTraceSwitchName
const char SanCovTraceSwitchName[]
Definition: SanitizerCoverage.cpp:61
Type.h
INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:58
CFG.h
llvm::Type::isIntegerTy
bool isIntegerTy() const
True if this is an instance of IntegerType.
Definition: Type.h:202
llvm::function_ref
An efficient, type-erasing, non-owning reference to a callable.
Definition: STLExtras.h:168
llvm::cl::opt
Definition: CommandLine.h:1422
llvm::Constant
This is an important base class in LLVM.
Definition: Constant.h:41
llvm::vfs::getRealFileSystem
IntrusiveRefCntPtr< FileSystem > getRealFileSystem()
Gets an vfs::FileSystem for the 'real' file system, as seen by the operating system.
Definition: VirtualFileSystem.cpp:346
llvm::PointerType::getUnqual
static PointerType * getUnqual(Type *ElementType)
This constructs a pointer to an object of the specified type in the default address space (address sp...
Definition: DerivedTypes.h:653
llvm::createSanitizerCtorAndInitFunctions
std::pair< Function *, FunctionCallee > createSanitizerCtorAndInitFunctions(Module &M, StringRef CtorName, StringRef InitName, ArrayRef< Type * > InitArgTypes, ArrayRef< Value * > InitArgs, StringRef VersionCheckName=StringRef())
Creates sanitizer constructor function, and calls sanitizer's init function from it.
Definition: ModuleUtils.cpp:134
llvm::ICmpInst
This instruction compares its operands according to the predicate given to the constructor.
Definition: Instructions.h:1206
const
aarch64 promote const
Definition: AArch64PromoteConstant.cpp:232
SanCovBoolFlagSectionName
const char SanCovBoolFlagSectionName[]
Definition: SanitizerCoverage.cpp:77
INITIALIZE_PASS_DEPENDENCY
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
sancov
sancov
Definition: SanitizerCoverage.cpp:1004
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:68
llvm::declareSanitizerInitFunction
FunctionCallee declareSanitizerInitFunction(Module &M, StringRef InitName, ArrayRef< Type * > InitArgTypes)
Definition: ModuleUtils.cpp:115
DebugInfo.h
I
#define I(x, y, z)
Definition: MD5.cpp:59
llvm::GlobalObject::setComdat
void setComdat(Comdat *C)
Definition: GlobalObject.h:125
ClCoverageLevel
static cl::opt< int > ClCoverageLevel("sanitizer-coverage-level", cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, " "3: all blocks and critical edges"), cl::Hidden, cl::init(0))
llvm::GetElementPtrInst
an instruction for type-safe pointer arithmetic to access elements of arrays and structs
Definition: Instructions.h:931
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:443
llvm::appendToUsed
void appendToUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.used list.
Definition: ModuleUtils.cpp:106
llvm::GlobalValue::setLinkage
void setLinkage(LinkageTypes LT)
Definition: GlobalValue.h:454
ArrayRef.h
llvm::SpecialCaseList::createOrDie
static std::unique_ptr< SpecialCaseList > createOrDie(const std::vector< std::string > &Paths, llvm::vfs::FileSystem &FS)
Parses the special case list entries from files.
Definition: SpecialCaseList.cpp:91
IRBuilder.h
ClTracePC
static cl::opt< bool > ClTracePC("sanitizer-coverage-trace-pc", cl::desc("Experimental pc tracing"), cl::Hidden, cl::init(false))
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
SanCovTraceCmp1
const char SanCovTraceCmp1[]
Definition: SanitizerCoverage.cpp:50
std::swap
void swap(llvm::BitVector &LHS, llvm::BitVector &RHS)
Implement std::swap in terms of BitVector swap.
Definition: BitVector.h:840
SI
StandardInstrumentations SI(Debug, VerifyEach)
SanCovTracePCGuardInitName
const char SanCovTracePCGuardInitName[]
Definition: SanitizerCoverage.cpp:70
llvm::ConstantExpr::getCast
static Constant * getCast(unsigned ops, Constant *C, Type *Ty, bool OnlyIfReduced=false)
Convenience function for getting a Cast operation.
Definition: Constants.cpp:1975
SanCovModuleCtorTracePcGuardName
const char SanCovModuleCtorTracePcGuardName[]
Definition: SanitizerCoverage.cpp:62
IsInterestingCmp
static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, const SanitizerCoverageOptions &Options)
Definition: SanitizerCoverage.cpp:585
llvm::ArrayType::get
static ArrayType * get(Type *ElementType, uint64_t NumElements)
This static method is the primary way to construct an ArrayType.
Definition: Type.cpp:598
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:67
ClCMPTracing
static cl::opt< bool > ClCMPTracing("sanitizer-coverage-trace-compares", cl::desc("Tracing of CMP and similar instructions"), cl::Hidden, cl::init(false))
Mangler.h
SanCovTracePCIndirName
const char SanCovTracePCIndirName[]
Definition: SanitizerCoverage.cpp:48
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: APInt.h:32
llvm::BinaryOperator
Definition: InstrTypes.h:190
DataLayout.h
Cond
SmallVector< MachineOperand, 4 > Cond
Definition: BasicBlockSections.cpp:167
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:58
SanCovTracePCGuardName
const char SanCovTracePCGuardName[]
Definition: SanitizerCoverage.cpp:69
llvm::SanitizerCoverageOptions::SCK_Function
@ SCK_Function
Definition: Instrumentation.h:155
SanitizerCoverage.h
llvm::PostDominatorTree
PostDominatorTree Class - Concrete subclass of DominatorTree that is used to compute the post-dominat...
Definition: PostDominators.h:28
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:256
llvm::GlobalValue::WeakODRLinkage
@ WeakODRLinkage
Same, but only replaced by something equivalent.
Definition: GlobalValue.h:53
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: AArch64SLSHardening.cpp:76
llvm::pred_empty
bool pred_empty(const BasicBlock *BB)
Definition: CFG.h:119
ClTracePCGuard
static cl::opt< bool > ClTracePCGuard("sanitizer-coverage-trace-pc-guard", cl::desc("pc tracing with a guard"), cl::Hidden, cl::init(false))
llvm::GlobalValue::AvailableExternallyLinkage
@ AvailableExternallyLinkage
Available for inspection, not emission.
Definition: GlobalValue.h:49
llvm::Value::getName
StringRef getName() const
Return a constant reference to the value's name.
Definition: Value.cpp:294
for
this could be done in SelectionDAGISel along with other special for
Definition: README.txt:104
llvm::BasicBlock::getTerminator
const Instruction * getTerminator() const LLVM_READONLY
Returns the terminator instruction if the block is well formed or null if the block is not well forme...
Definition: BasicBlock.cpp:148
VirtualFileSystem.h
Callee
amdgpu Simplify well known AMD library false FunctionCallee Callee
Definition: AMDGPULibCalls.cpp:206
SanCovTraceConstCmp1
const char SanCovTraceConstCmp1[]
Definition: SanitizerCoverage.cpp:54
Constant.h
llvm::ConstantInt::getTrue
static ConstantInt * getTrue(LLVMContext &Context)
Definition: Constants.cpp:846
std
Definition: BitVector.h:838
llvm::Constant::getNullValue
static Constant * getNullValue(Type *Ty)
Constructor to create a '0' constant of arbitrary type.
Definition: Constants.cpp:346
llvm::Type::getIntNTy
static IntegerType * getIntNTy(LLVMContext &C, unsigned N)
Definition: Type.cpp:201
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: PassManager.h:161
llvm::ISD::BR
@ BR
Control flow instructions. These all have token chains.
Definition: ISDOpcodes.h:927
GlobalVariable.h
llvm::TypeSize
Definition: TypeSize.h:417
llvm::getOrCreateFunctionComdat
Comdat * getOrCreateFunctionComdat(Function &F, Triple &T)
Definition: Instrumentation.cpp:76
Function.h
llvm::sort
void sort(IteratorTy Start, IteratorTy End)
Definition: STLExtras.h:1423
SpecialCaseList.h
llvm::getUniqueModuleId
std::string getUniqueModuleId(Module *M)
Produce a unique identifier for this module by taking the MD5 sum of the names of the module's strong...
Definition: ModuleUtils.cpp:264
llvm::ConstantArray::get
static Constant * get(ArrayType *T, ArrayRef< Constant * > V)
Definition: Constants.cpp:1261
isFullDominator
static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT)
Definition: SanitizerCoverage.cpp:515
llvm::SanitizerCoverageOptions::SCK_None
@ SCK_None
Definition: Instrumentation.h:154
llvm::CallBase::getCalledOperand
Value * getCalledOperand() const
Definition: InstrTypes.h:1389
SanCovTraceConstCmp4
const char SanCovTraceConstCmp4[]
Definition: SanitizerCoverage.cpp:56
SanCovTraceCmp8
const char SanCovTraceCmp8[]
Definition: SanitizerCoverage.cpp:53
llvm::GlobalValue::ExternalLinkage
@ ExternalLinkage
Externally visible function.
Definition: GlobalValue.h:48
llvm::SPII::Store
@ Store
Definition: SparcInstrInfo.h:33
llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition: Dominators.h:252
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
Definition: Type.cpp:180
llvm::SplitAllCriticalEdges
unsigned SplitAllCriticalEdges(Function &F, const CriticalEdgeSplittingOptions &Options=CriticalEdgeSplittingOptions())
Loop over all of the edges in the CFG, breaking critical edges as they are found.
Definition: BasicBlockUtils.cpp:746
llvm::Pass
Pass interface - Implemented by all 'passes'.
Definition: Pass.h:91
llvm::GlobalValue::PrivateLinkage
@ PrivateLinkage
Like Internal, but omit from symbol table.
Definition: GlobalValue.h:56
SmallVector.h
Dominators.h
llvm::ARCISD::CMP
@ CMP
Definition: ARCISelLowering.h:40
llvm::Type::getPointerElementType
Type * getPointerElementType() const
Definition: Type.h:378
ModuleUtils.h
N
#define N
llvm::BlockAddress::get
static BlockAddress * get(Function *F, BasicBlock *BB)
Return a BlockAddress for the specified function and basic block.
Definition: Constants.cpp:1821
llvm::ArrayRef::size
size_t size() const
size - Get the array size.
Definition: ArrayRef.h:165
llvm::max
Align max(MaybeAlign Lhs, Align Rhs)
Definition: Alignment.h:340
SanCovTraceDiv4
const char SanCovTraceDiv4[]
Definition: SanitizerCoverage.cpp:58
SanCtorAndDtorPriority
static const uint64_t SanCtorAndDtorPriority
Definition: SanitizerCoverage.cpp:67
llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:164
SanCovTraceConstCmp2
const char SanCovTraceConstCmp2[]
Definition: SanitizerCoverage.cpp:55
llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition: InstrTypes.h:1164
llvm::Type::getInt16Ty
static IntegerType * getInt16Ty(LLVMContext &C)
Definition: Type.cpp:196
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: InstructionSimplify.h:44
SanCovPCsInitName
const char SanCovPCsInitName[]
Definition: SanitizerCoverage.cpp:73
llvm::InnerAnalysisManagerProxy
An analysis over an "outer" IR unit that provides access to an analysis manager over an "inner" IR un...
Definition: PassManager.h:926
BB
Common register allocation spilling lr str ldr sxth r3 ldr mla r4 can lr mov lr str ldr sxth r3 mla r4 and then merge mul and lr str ldr sxth r3 mla r4 It also increase the likelihood the store may become dead bb27 Successors according to LLVM BB
Definition: README.txt:39
GEP
Hexagon Common GEP
Definition: HexagonCommonGEP.cpp:171
llvm::PostDominatorTreeAnalysis
Analysis pass which computes a PostDominatorTree.
Definition: PostDominators.h:47
llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition: PassAnalysisSupport.h:75
LLVMContext.h
From
BlockVerifier::State From
Definition: BlockVerifier.cpp:55
llvm::SwitchInst
Multiway switch.
Definition: Instructions.h:3179
llvm::DebugLoc
A debug info location.
Definition: DebugLoc.h:33
llvm::SplitBlockAndInsertIfThen
Instruction * SplitBlockAndInsertIfThen(Value *Cond, Instruction *SplitBefore, bool Unreachable, MDNode *BranchWeights, DominatorTree *DT, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition: BasicBlockUtils.cpp:1418
llvm::appendToGlobalCtors
void appendToGlobalCtors(Module &M, Function *F, int Priority, Constant *Data=nullptr)
Append F to the list of global ctors of module M with the given Priority.
Definition: ModuleUtils.cpp:66
llvm::cl::desc
Definition: CommandLine.h:414
llvm::SanitizerCoverageOptions::IndirectCalls
bool IndirectCalls
Definition: Instrumentation.h:159
llvm::GlobalValue::ExternalWeakLinkage
@ ExternalWeakLinkage
ExternalWeak linkage description.
Definition: GlobalValue.h:57
raw_ostream.h
BasicBlockUtils.h
llvm::PostDominatorTree::dominates
bool dominates(const Instruction *I1, const Instruction *I2) const
Return true if I1 dominates I2.
Definition: PostDominators.cpp:54
llvm::GlobalValue::setVisibility
void setVisibility(VisibilityTypes V)
Definition: GlobalValue.h:235
InitializePasses.h
llvm::Value
LLVM Value Representation.
Definition: Value.h:75
IsBackEdge
static bool IsBackEdge(BasicBlock *From, BasicBlock *To, const DominatorTree *DT)
Definition: SanitizerCoverage.cpp:570
Debug.h
llvm::createModuleSanitizerCoverageLegacyPassPass
ModulePass * createModuleSanitizerCoverageLegacyPassPass(const SanitizerCoverageOptions &Options=SanitizerCoverageOptions(), const std::vector< std::string > &AllowlistFiles=std::vector< std::string >(), const std::vector< std::string > &BlocklistFiles=std::vector< std::string >())
Definition: SanitizerCoverage.cpp:1007
SanCovCountersSectionName
const char SanCovCountersSectionName[]
Definition: SanitizerCoverage.cpp:76
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition: Use.h:44
llvm::Intrinsic::ID
unsigned ID
Definition: TargetTransformInfo.h:38
ClStackDepth
static cl::opt< bool > ClStackDepth("sanitizer-coverage-stack-depth", cl::desc("max stack depth tracing"), cl::Hidden, cl::init(false))
Generated on Tue Jun 8 2021 06:09:31 for LLVM by   doxygen 1.8.17