LLVM  15.0.0git
SanitizerCoverage.cpp
Go to the documentation of this file.
1 //===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Coverage instrumentation done on LLVM IR level, works with Sanitizers.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
14 #include "llvm/ADT/ArrayRef.h"
15 #include "llvm/ADT/SmallVector.h"
16 #include "llvm/ADT/Triple.h"
17 #include "llvm/Analysis/EHPersonalities.h"
18 #include "llvm/Analysis/PostDominators.h"
19 #include "llvm/IR/Constant.h"
20 #include "llvm/IR/DataLayout.h"
21 #include "llvm/IR/Dominators.h"
22 #include "llvm/IR/Function.h"
23 #include "llvm/IR/GlobalVariable.h"
24 #include "llvm/IR/IRBuilder.h"
25 #include "llvm/IR/IntrinsicInst.h"
26 #include "llvm/IR/Intrinsics.h"
27 #include "llvm/IR/LLVMContext.h"
28 #include "llvm/IR/Module.h"
29 #include "llvm/IR/Type.h"
30 #include "llvm/InitializePasses.h"
31 #include "llvm/Support/CommandLine.h"
32 #include "llvm/Support/SpecialCaseList.h"
33 #include "llvm/Support/VirtualFileSystem.h"
34 #include "llvm/Transforms/Instrumentation.h"
35 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
36 #include "llvm/Transforms/Utils/ModuleUtils.h"
37 
38 using namespace llvm;
39 
40 #define DEBUG_TYPE "sancov"
41 
42 const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir";
43 const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc";
44 const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1";
45 const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2";
46 const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4";
47 const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8";
48 const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1";
49 const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2";
50 const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4";
51 const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8";
52 const char SanCovLoad1[] = "__sanitizer_cov_load1";
53 const char SanCovLoad2[] = "__sanitizer_cov_load2";
54 const char SanCovLoad4[] = "__sanitizer_cov_load4";
55 const char SanCovLoad8[] = "__sanitizer_cov_load8";
56 const char SanCovLoad16[] = "__sanitizer_cov_load16";
57 const char SanCovStore1[] = "__sanitizer_cov_store1";
58 const char SanCovStore2[] = "__sanitizer_cov_store2";
59 const char SanCovStore4[] = "__sanitizer_cov_store4";
60 const char SanCovStore8[] = "__sanitizer_cov_store8";
61 const char SanCovStore16[] = "__sanitizer_cov_store16";
62 const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4";
63 const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8";
64 const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep";
65 const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch";
66 const char SanCovModuleCtorTracePcGuardName[] =
67  "sancov.module_ctor_trace_pc_guard";
68 const char SanCovModuleCtor8bitCountersName[] =
69  "sancov.module_ctor_8bit_counters";
70 const char SanCovModuleCtorBoolFlagName[] = "sancov.module_ctor_bool_flag";
71 static const uint64_t SanCtorAndDtorPriority = 2;
72 
73 const char SanCovTracePCGuardName[] = "__sanitizer_cov_trace_pc_guard";
74 const char SanCovTracePCGuardInitName[] = "__sanitizer_cov_trace_pc_guard_init";
75 const char SanCov8bitCountersInitName[] = "__sanitizer_cov_8bit_counters_init";
76 const char SanCovBoolFlagInitName[] = "__sanitizer_cov_bool_flag_init";
77 const char SanCovPCsInitName[] = "__sanitizer_cov_pcs_init";
78 
79 const char SanCovGuardsSectionName[] = "sancov_guards";
80 const char SanCovCountersSectionName[] = "sancov_cntrs";
81 const char SanCovBoolFlagSectionName[] = "sancov_bools";
82 const char SanCovPCsSectionName[] = "sancov_pcs";
83 
84 const char SanCovLowestStackName[] = "__sancov_lowest_stack";
85 
86 static cl::opt<int> ClCoverageLevel(
87  "sanitizer-coverage-level",
88  cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
89  "3: all blocks and critical edges"),
90  cl::Hidden, cl::init(0));
91 
92 static cl::opt<bool> ClTracePC("sanitizer-coverage-trace-pc",
93  cl::desc("Experimental pc tracing"), cl::Hidden,
94  cl::init(false));
95 
96 static cl::opt<bool> ClTracePCGuard("sanitizer-coverage-trace-pc-guard",
97  cl::desc("pc tracing with a guard"),
98  cl::Hidden, cl::init(false));
99 
100 // If true, we create a global variable that contains PCs of all instrumented
101 // BBs, put this global into a named section, and pass this section's bounds
102 // to __sanitizer_cov_pcs_init.
103 // This way the coverage instrumentation does not need to acquire the PCs
104 // at run-time. Works with trace-pc-guard, inline-8bit-counters, and
105 // inline-bool-flag.
106 static cl::opt<bool> ClCreatePCTable("sanitizer-coverage-pc-table",
107  cl::desc("create a static PC table"),
108  cl::Hidden, cl::init(false));
109 
110 static cl::opt<bool>
111  ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters",
112  cl::desc("increments 8-bit counter for every edge"),
113  cl::Hidden, cl::init(false));
114 
115 static cl::opt<bool>
116  ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag",
117  cl::desc("sets a boolean flag for every edge"), cl::Hidden,
118  cl::init(false));
119 
120 static cl::opt<bool>
121  ClCMPTracing("sanitizer-coverage-trace-compares",
122  cl::desc("Tracing of CMP and similar instructions"),
123  cl::Hidden, cl::init(false));
124 
125 static cl::opt<bool> ClDIVTracing("sanitizer-coverage-trace-divs",
126  cl::desc("Tracing of DIV instructions"),
127  cl::Hidden, cl::init(false));
128 
129 static cl::opt<bool> ClLoadTracing("sanitizer-coverage-trace-loads",
130  cl::desc("Tracing of load instructions"),
131  cl::Hidden, cl::init(false));
132 
133 static cl::opt<bool> ClStoreTracing("sanitizer-coverage-trace-stores",
134  cl::desc("Tracing of store instructions"),
135  cl::Hidden, cl::init(false));
136 
137 static cl::opt<bool> ClGEPTracing("sanitizer-coverage-trace-geps",
138  cl::desc("Tracing of GEP instructions"),
139  cl::Hidden, cl::init(false));
140 
141 static cl::opt<bool>
142  ClPruneBlocks("sanitizer-coverage-prune-blocks",
143  cl::desc("Reduce the number of instrumented blocks"),
144  cl::Hidden, cl::init(true));
145 
146 static cl::opt<bool> ClStackDepth("sanitizer-coverage-stack-depth",
147  cl::desc("max stack depth tracing"),
148  cl::Hidden, cl::init(false));
149 
150 namespace {
151 
152 SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
153  SanitizerCoverageOptions Res;
154  switch (LegacyCoverageLevel) {
155  case 0:
156  Res.CoverageType = SanitizerCoverageOptions::SCK_None;
157  break;
158  case 1:
159  Res.CoverageType = SanitizerCoverageOptions::SCK_Function;
160  break;
161  case 2:
162  Res.CoverageType = SanitizerCoverageOptions::SCK_BB;
163  break;
164  case 3:
165  Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
166  break;
167  case 4:
168  Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
169  Res.IndirectCalls = true;
170  break;
171  }
172  return Res;
173 }
174 
175 SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
176  // Sets CoverageType and IndirectCalls.
177  SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel);
178  Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType);
179  Options.IndirectCalls |= CLOpts.IndirectCalls;
180  Options.TraceCmp |= ClCMPTracing;
181  Options.TraceDiv |= ClDIVTracing;
182  Options.TraceGep |= ClGEPTracing;
183  Options.TracePC |= ClTracePC;
184  Options.TracePCGuard |= ClTracePCGuard;
185  Options.Inline8bitCounters |= ClInline8bitCounters;
186  Options.InlineBoolFlag |= ClInlineBoolFlag;
187  Options.PCTable |= ClCreatePCTable;
188  Options.NoPrune |= !ClPruneBlocks;
189  Options.StackDepth |= ClStackDepth;
190  Options.TraceLoads |= ClLoadTracing;
191  Options.TraceStores |= ClStoreTracing;
192  if (!Options.TracePCGuard && !Options.TracePC &&
193  !Options.Inline8bitCounters && !Options.StackDepth &&
194  !Options.InlineBoolFlag && !Options.TraceLoads && !Options.TraceStores)
195  Options.TracePCGuard = true; // TracePCGuard is default.
196  return Options;
197 }
198 
199 using DomTreeCallback = function_ref<const DominatorTree *(Function &F)>;
200 using PostDomTreeCallback =
201  function_ref<const PostDominatorTree *(Function &F)>;
202 
203 class ModuleSanitizerCoverage {
204 public:
205  ModuleSanitizerCoverage(
206  const SanitizerCoverageOptions &Options = SanitizerCoverageOptions(),
207  const SpecialCaseList *Allowlist = nullptr,
208  const SpecialCaseList *Blocklist = nullptr)
209  : Options(OverrideFromCL(Options)), Allowlist(Allowlist),
210  Blocklist(Blocklist) {}
211  bool instrumentModule(Module &M, DomTreeCallback DTCallback,
212  PostDomTreeCallback PDTCallback);
213 
214 private:
215  void instrumentFunction(Function &F, DomTreeCallback DTCallback,
216  PostDomTreeCallback PDTCallback);
217  void InjectCoverageForIndirectCalls(Function &F,
218  ArrayRef<Instruction *> IndirCalls);
219  void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets);
220  void InjectTraceForDiv(Function &F,
221  ArrayRef<BinaryOperator *> DivTraceTargets);
222  void InjectTraceForGep(Function &F,
223  ArrayRef<GetElementPtrInst *> GepTraceTargets);
224  void InjectTraceForLoadsAndStores(Function &F, ArrayRef<LoadInst *> Loads,
225  ArrayRef<StoreInst *> Stores);
226  void InjectTraceForSwitch(Function &F,
227  ArrayRef<Instruction *> SwitchTraceTargets);
228  bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
229  bool IsLeafFunc = true);
230  GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
231  Function &F, Type *Ty,
232  const char *Section);
233  GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
234  void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
235  void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
236  bool IsLeafFunc = true);
237  Function *CreateInitCallsForSections(Module &M, const char *CtorName,
238  const char *InitFunctionName, Type *Ty,
239  const char *Section);
240  std::pair<Value *, Value *> CreateSecStartEnd(Module &M, const char *Section,
241  Type *Ty);
242 
243  void SetNoSanitizeMetadata(Instruction *I) {
244  I->setMetadata(LLVMContext::MD_nosanitize, MDNode::get(*C, None));
245  }
246 
247  std::string getSectionName(const std::string &Section) const;
248  std::string getSectionStart(const std::string &Section) const;
249  std::string getSectionEnd(const std::string &Section) const;
250  FunctionCallee SanCovTracePCIndir;
251  FunctionCallee SanCovTracePC, SanCovTracePCGuard;
252  std::array<FunctionCallee, 4> SanCovTraceCmpFunction;
253  std::array<FunctionCallee, 4> SanCovTraceConstCmpFunction;
254  std::array<FunctionCallee, 5> SanCovLoadFunction;
255  std::array<FunctionCallee, 5> SanCovStoreFunction;
256  std::array<FunctionCallee, 2> SanCovTraceDivFunction;
257  FunctionCallee SanCovTraceGepFunction;
258  FunctionCallee SanCovTraceSwitchFunction;
259  GlobalVariable *SanCovLowestStack;
260  Type *Int128PtrTy, *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty,
261  *Int32PtrTy, *Int16PtrTy, *Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty,
262  *Int1PtrTy;
263  Module *CurModule;
264  std::string CurModuleUniqueId;
265  Triple TargetTriple;
266  LLVMContext *C;
267  const DataLayout *DL;
268 
269  GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
270  GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
271  GlobalVariable *FunctionBoolArray; // for inline-bool-flag.
272  GlobalVariable *FunctionPCsArray; // for pc-table.
273  SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
274  SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;
275 
276  SanitizerCoverageOptions Options;
277 
278  const SpecialCaseList *Allowlist;
279  const SpecialCaseList *Blocklist;
280 };
281 
282 class ModuleSanitizerCoverageLegacyPass : public ModulePass {
283 public:
284  ModuleSanitizerCoverageLegacyPass(
285  const SanitizerCoverageOptions &Options = SanitizerCoverageOptions(),
286  const std::vector<std::string> &AllowlistFiles =
287  std::vector<std::string>(),
288  const std::vector<std::string> &BlocklistFiles =
289  std::vector<std::string>())
290  : ModulePass(ID), Options(Options) {
291  if (AllowlistFiles.size() > 0)
292  Allowlist = SpecialCaseList::createOrDie(AllowlistFiles,
293  *vfs::getRealFileSystem());
294  if (BlocklistFiles.size() > 0)
295  Blocklist = SpecialCaseList::createOrDie(BlocklistFiles,
296  *vfs::getRealFileSystem());
297  initializeModuleSanitizerCoverageLegacyPassPass(
298  *PassRegistry::getPassRegistry());
299  }
300  bool runOnModule(Module &M) override {
301  ModuleSanitizerCoverage ModuleSancov(Options, Allowlist.get(),
302  Blocklist.get());
303  auto DTCallback = [this](Function &F) -> const DominatorTree * {
304  return &this->getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
305  };
306  auto PDTCallback = [this](Function &F) -> const PostDominatorTree * {
307  return &this->getAnalysis<PostDominatorTreeWrapperPass>(F)
308  .getPostDomTree();
309  };
310  return ModuleSancov.instrumentModule(M, DTCallback, PDTCallback);
311  }
312 
313  static char ID; // Pass identification, replacement for typeid
314  StringRef getPassName() const override { return "ModuleSanitizerCoverage"; }
315 
316  void getAnalysisUsage(AnalysisUsage &AU) const override {
317  AU.addRequired<DominatorTreeWrapperPass>();
318  AU.addRequired<PostDominatorTreeWrapperPass>();
319  }
320 
321 private:
322  SanitizerCoverageOptions Options;
323 
324  std::unique_ptr<SpecialCaseList> Allowlist;
325  std::unique_ptr<SpecialCaseList> Blocklist;
326 };
327 
328 } // namespace
329 
330 PreservedAnalyses ModuleSanitizerCoveragePass::run(Module &M,
331  ModuleAnalysisManager &MAM) {
332  ModuleSanitizerCoverage ModuleSancov(Options, Allowlist.get(),
333  Blocklist.get());
334  auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
335  auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
336  return &FAM.getResult<DominatorTreeAnalysis>(F);
337  };
338  auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree * {
339  return &FAM.getResult<PostDominatorTreeAnalysis>(F);
340  };
341  if (ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
342  return PreservedAnalyses::none();
343  return PreservedAnalyses::all();
344 }
345 
346 std::pair<Value *, Value *>
347 ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
348  Type *Ty) {
349  // Use ExternalWeak so that if all sections are discarded due to section
350  // garbage collection, the linker will not report undefined symbol errors.
351  // Windows defines the start/stop symbols in compiler-rt so no need for
352  // ExternalWeak.
353  GlobalValue::LinkageTypes Linkage = TargetTriple.isOSBinFormatCOFF()
354  ? GlobalVariable::ExternalLinkage
355  : GlobalVariable::ExternalWeakLinkage;
356  GlobalVariable *SecStart =
357  new GlobalVariable(M, Ty, false, Linkage, nullptr,
358  getSectionStart(Section));
359  SecStart->setVisibility(GlobalValue::HiddenVisibility);
360  GlobalVariable *SecEnd =
361  new GlobalVariable(M, Ty, false, Linkage, nullptr,
362  getSectionEnd(Section));
363  SecEnd->setVisibility(GlobalValue::HiddenVisibility);
364  IRBuilder<> IRB(M.getContext());
365  if (!TargetTriple.isOSBinFormatCOFF())
366  return std::make_pair(SecStart, SecEnd);
367 
368  // Account for the fact that on windows-msvc __start_* symbols actually
369  // point to a uint64_t before the start of the array.
370  auto SecStartI8Ptr = IRB.CreatePointerCast(SecStart, Int8PtrTy);
371  auto GEP = IRB.CreateGEP(Int8Ty, SecStartI8Ptr,
372  ConstantInt::get(IntptrTy, sizeof(uint64_t)));
373  return std::make_pair(IRB.CreatePointerCast(GEP, PointerType::getUnqual(Ty)),
374  SecEnd);
375 }
376 
377 Function *ModuleSanitizerCoverage::CreateInitCallsForSections(
378  Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty,
379  const char *Section) {
380  auto SecStartEnd = CreateSecStartEnd(M, Section, Ty);
381  auto SecStart = SecStartEnd.first;
382  auto SecEnd = SecStartEnd.second;
383  Function *CtorFunc;
384  Type *PtrTy = PointerType::getUnqual(Ty);
385  std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
386  M, CtorName, InitFunctionName, {PtrTy, PtrTy}, {SecStart, SecEnd});
387  assert(CtorFunc->getName() == CtorName);
388 
389  if (TargetTriple.supportsCOMDAT()) {
390  // Use comdat to dedup CtorFunc.
391  CtorFunc->setComdat(M.getOrInsertComdat(CtorName));
392  appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority, CtorFunc);
393  } else {
394  appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority);
395  }
396 
397  if (TargetTriple.isOSBinFormatCOFF()) {
398  // In COFF files, if the contructors are set as COMDAT (they are because
399  // COFF supports COMDAT) and the linker flag /OPT:REF (strip unreferenced
400  // functions and data) is used, the constructors get stripped. To prevent
401  // this, give the constructors weak ODR linkage and ensure the linker knows
402  // to include the sancov constructor. This way the linker can deduplicate
403  // the constructors but always leave one copy.
404  CtorFunc->setLinkage(GlobalValue::WeakODRLinkage);
405  }
406  return CtorFunc;
407 }
408 
409 bool ModuleSanitizerCoverage::instrumentModule(
410  Module &M, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
411  if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
412  return false;
413  if (Allowlist &&
414  !Allowlist->inSection("coverage", "src", M.getSourceFileName()))
415  return false;
416  if (Blocklist &&
417  Blocklist->inSection("coverage", "src", M.getSourceFileName()))
418  return false;
419  C = &(M.getContext());
420  DL = &M.getDataLayout();
421  CurModule = &M;
422  CurModuleUniqueId = getUniqueModuleId(CurModule);
423  TargetTriple = Triple(M.getTargetTriple());
424  FunctionGuardArray = nullptr;
425  Function8bitCounterArray = nullptr;
426  FunctionBoolArray = nullptr;
427  FunctionPCsArray = nullptr;
428  IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
429  IntptrPtrTy = PointerType::getUnqual(IntptrTy);
430  Type *VoidTy = Type::getVoidTy(*C);
431  IRBuilder<> IRB(*C);
432  Int128PtrTy = PointerType::getUnqual(IRB.getInt128Ty());
433  Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
434  Int16PtrTy = PointerType::getUnqual(IRB.getInt16Ty());
435  Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
436  Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
437  Int1PtrTy = PointerType::getUnqual(IRB.getInt1Ty());
438  Int64Ty = IRB.getInt64Ty();
439  Int32Ty = IRB.getInt32Ty();
440  Int16Ty = IRB.getInt16Ty();
441  Int8Ty = IRB.getInt8Ty();
442  Int1Ty = IRB.getInt1Ty();
443 
444  SanCovTracePCIndir =
445  M.getOrInsertFunction(SanCovTracePCIndirName, VoidTy, IntptrTy);
446  // Make sure smaller parameters are zero-extended to i64 if required by the
447  // target ABI.
448  AttributeList SanCovTraceCmpZeroExtAL;
449  SanCovTraceCmpZeroExtAL =
450  SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 0, Attribute::ZExt);
451  SanCovTraceCmpZeroExtAL =
452  SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 1, Attribute::ZExt);
453 
454  SanCovTraceCmpFunction[0] =
455  M.getOrInsertFunction(SanCovTraceCmp1, SanCovTraceCmpZeroExtAL, VoidTy,
456  IRB.getInt8Ty(), IRB.getInt8Ty());
457  SanCovTraceCmpFunction[1] =
458  M.getOrInsertFunction(SanCovTraceCmp2, SanCovTraceCmpZeroExtAL, VoidTy,
459  IRB.getInt16Ty(), IRB.getInt16Ty());
460  SanCovTraceCmpFunction[2] =
461  M.getOrInsertFunction(SanCovTraceCmp4, SanCovTraceCmpZeroExtAL, VoidTy,
462  IRB.getInt32Ty(), IRB.getInt32Ty());
463  SanCovTraceCmpFunction[3] =
464  M.getOrInsertFunction(SanCovTraceCmp8, VoidTy, Int64Ty, Int64Ty);
465 
466  SanCovTraceConstCmpFunction[0] = M.getOrInsertFunction(
467  SanCovTraceConstCmp1, SanCovTraceCmpZeroExtAL, VoidTy, Int8Ty, Int8Ty);
468  SanCovTraceConstCmpFunction[1] = M.getOrInsertFunction(
469  SanCovTraceConstCmp2, SanCovTraceCmpZeroExtAL, VoidTy, Int16Ty, Int16Ty);
470  SanCovTraceConstCmpFunction[2] = M.getOrInsertFunction(
471  SanCovTraceConstCmp4, SanCovTraceCmpZeroExtAL, VoidTy, Int32Ty, Int32Ty);
472  SanCovTraceConstCmpFunction[3] =
473  M.getOrInsertFunction(SanCovTraceConstCmp8, VoidTy, Int64Ty, Int64Ty);
474 
475  // Loads.
476  SanCovLoadFunction[0] = M.getOrInsertFunction(SanCovLoad1, VoidTy, Int8PtrTy);
477  SanCovLoadFunction[1] =
478  M.getOrInsertFunction(SanCovLoad2, VoidTy, Int16PtrTy);
479  SanCovLoadFunction[2] =
480  M.getOrInsertFunction(SanCovLoad4, VoidTy, Int32PtrTy);
481  SanCovLoadFunction[3] =
482  M.getOrInsertFunction(SanCovLoad8, VoidTy, Int64PtrTy);
483  SanCovLoadFunction[4] =
484  M.getOrInsertFunction(SanCovLoad16, VoidTy, Int128PtrTy);
485  // Stores.
486  SanCovStoreFunction[0] =
487  M.getOrInsertFunction(SanCovStore1, VoidTy, Int8PtrTy);
488  SanCovStoreFunction[1] =
489  M.getOrInsertFunction(SanCovStore2, VoidTy, Int16PtrTy);
490  SanCovStoreFunction[2] =
491  M.getOrInsertFunction(SanCovStore4, VoidTy, Int32PtrTy);
492  SanCovStoreFunction[3] =
493  M.getOrInsertFunction(SanCovStore8, VoidTy, Int64PtrTy);
494  SanCovStoreFunction[4] =
495  M.getOrInsertFunction(SanCovStore16, VoidTy, Int128PtrTy);
496 
497  {
498  AttributeList AL;
499  AL = AL.addParamAttribute(*C, 0, Attribute::ZExt);
500  SanCovTraceDivFunction[0] =
501  M.getOrInsertFunction(SanCovTraceDiv4, AL, VoidTy, IRB.getInt32Ty());
502  }
503  SanCovTraceDivFunction[1] =
504  M.getOrInsertFunction(SanCovTraceDiv8, VoidTy, Int64Ty);
505  SanCovTraceGepFunction =
506  M.getOrInsertFunction(SanCovTraceGep, VoidTy, IntptrTy);
507  SanCovTraceSwitchFunction =
508  M.getOrInsertFunction(SanCovTraceSwitchName, VoidTy, Int64Ty, Int64PtrTy);
509 
510  Constant *SanCovLowestStackConstant =
511  M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy);
512  SanCovLowestStack = dyn_cast<GlobalVariable>(SanCovLowestStackConstant);
513  if (!SanCovLowestStack || SanCovLowestStack->getValueType() != IntptrTy) {
514  C->emitError(StringRef("'") + SanCovLowestStackName +
515  "' should not be declared by the user");
516  return true;
517  }
518  SanCovLowestStack->setThreadLocalMode(
519  GlobalValue::ThreadLocalMode::InitialExecTLSModel);
520  if (Options.StackDepth && !SanCovLowestStack->isDeclaration())
521  SanCovLowestStack->setInitializer(Constant::getAllOnesValue(IntptrTy));
522 
523  SanCovTracePC = M.getOrInsertFunction(SanCovTracePCName, VoidTy);
524  SanCovTracePCGuard =
525  M.getOrInsertFunction(SanCovTracePCGuardName, VoidTy, Int32PtrTy);
526 
527  for (auto &F : M)
528  instrumentFunction(F, DTCallback, PDTCallback);
529 
530  Function *Ctor = nullptr;
531 
532  if (FunctionGuardArray)
533  Ctor = CreateInitCallsForSections(M, SanCovModuleCtorTracePcGuardName,
534  SanCovTracePCGuardInitName, Int32Ty,
535  SanCovGuardsSectionName);
536  if (Function8bitCounterArray)
537  Ctor = CreateInitCallsForSections(M, SanCovModuleCtor8bitCountersName,
538  SanCov8bitCountersInitName, Int8Ty,
539  SanCovCountersSectionName);
540  if (FunctionBoolArray) {
541  Ctor = CreateInitCallsForSections(M, SanCovModuleCtorBoolFlagName,
542  SanCovBoolFlagInitName, Int1Ty,
543  SanCovBoolFlagSectionName);
544  }
545  if (Ctor && Options.PCTable) {
546  auto SecStartEnd = CreateSecStartEnd(M, SanCovPCsSectionName, IntptrTy);
547  FunctionCallee InitFunction = declareSanitizerInitFunction(
548  M, SanCovPCsInitName, {IntptrPtrTy, IntptrPtrTy});
549  IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
550  IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
551  }
552  appendToUsed(M, GlobalsToAppendToUsed);
553  appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);
554  return true;
555 }
556 
557 // True if block has successors and it dominates all of them.
558 static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) {
559  if (succ_empty(BB))
560  return false;
561 
562  return llvm::all_of(successors(BB), [&](const BasicBlock *SUCC) {
563  return DT->dominates(BB, SUCC);
564  });
565 }
566 
567 // True if block has predecessors and it postdominates all of them.
568 static bool isFullPostDominator(const BasicBlock *BB,
569  const PostDominatorTree *PDT) {
570  if (pred_empty(BB))
571  return false;
572 
573  return llvm::all_of(predecessors(BB), [&](const BasicBlock *PRED) {
574  return PDT->dominates(BB, PRED);
575  });
576 }
577 
578 static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
579  const DominatorTree *DT,
580  const PostDominatorTree *PDT,
581  const SanitizerCoverageOptions &Options) {
582  // Don't insert coverage for blocks containing nothing but unreachable: we
583  // will never call __sanitizer_cov() for them, so counting them in
584  // NumberOfInstrumentedBlocks() might complicate calculation of code coverage
585  // percentage. Also, unreachable instructions frequently have no debug
586  // locations.
587  if (isa<UnreachableInst>(BB->getFirstNonPHIOrDbgOrLifetime()))
588  return false;
589 
590  // Don't insert coverage into blocks without a valid insertion point
591  // (catchswitch blocks).
592  if (BB->getFirstInsertionPt() == BB->end())
593  return false;
594 
595  if (Options.NoPrune || &F.getEntryBlock() == BB)
596  return true;
597 
598  if (Options.CoverageType == SanitizerCoverageOptions::SCK_Function &&
599  &F.getEntryBlock() != BB)
600  return false;
601 
602  // Do not instrument full dominators, or full post-dominators with multiple
603  // predecessors.
604  return !isFullDominator(BB, DT)
605  && !(isFullPostDominator(BB, PDT) && !BB->getSinglePredecessor());
606 }
607 
608 
609 // Returns true iff From->To is a backedge.
610 // A twist here is that we treat From->To as a backedge if
611 // * To dominates From or
612 // * To->UniqueSuccessor dominates From
613 static bool IsBackEdge(BasicBlock *From, BasicBlock *To,
614  const DominatorTree *DT) {
615  if (DT->dominates(To, From))
616  return true;
617  if (auto Next = To->getUniqueSuccessor())
618  if (DT->dominates(Next, From))
619  return true;
620  return false;
621 }
622 
623 // Prunes uninteresting Cmp instrumentation:
624 // * CMP instructions that feed into loop backedge branch.
625 //
626 // Note that Cmp pruning is controlled by the same flag as the
627 // BB pruning.
628 static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT,
629  const SanitizerCoverageOptions &Options) {
630  if (!Options.NoPrune)
631  if (CMP->hasOneUse())
632  if (auto BR = dyn_cast<BranchInst>(CMP->user_back()))
633  for (BasicBlock *B : BR->successors())
634  if (IsBackEdge(BR->getParent(), B, DT))
635  return false;
636  return true;
637 }
638 
639 void ModuleSanitizerCoverage::instrumentFunction(
640  Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
641  if (F.empty())
642  return;
643  if (F.getName().find(".module_ctor") != std::string::npos)
644  return; // Should not instrument sanitizer init functions.
645  if (F.getName().startswith("__sanitizer_"))
646  return; // Don't instrument __sanitizer_* callbacks.
647  // Don't touch available_externally functions, their actual body is elewhere.
648  if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
649  return;
650  // Don't instrument MSVC CRT configuration helpers. They may run before normal
651  // initialization.
652  if (F.getName() == "__local_stdio_printf_options" ||
653  F.getName() == "__local_stdio_scanf_options")
654  return;
655  if (isa<UnreachableInst>(F.getEntryBlock().getTerminator()))
656  return;
657  // Don't instrument functions using SEH for now. Splitting basic blocks like
658  // we do for coverage breaks WinEHPrepare.
659  // FIXME: Remove this when SEH no longer uses landingpad pattern matching.
660  if (F.hasPersonalityFn() &&
661  isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
662  return;
663  if (Allowlist && !Allowlist->inSection("coverage", "fun", F.getName()))
664  return;
665  if (Blocklist && Blocklist->inSection("coverage", "fun", F.getName()))
666  return;
667  if (F.hasFnAttribute(Attribute::NoSanitizeCoverage))
668  return;
669  if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge)
670  SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests());
671  SmallVector<Instruction *, 8> IndirCalls;
672  SmallVector<BasicBlock *, 16> BlocksToInstrument;
673  SmallVector<Instruction *, 8> CmpTraceTargets;
674  SmallVector<Instruction *, 8> SwitchTraceTargets;
675  SmallVector<BinaryOperator *, 8> DivTraceTargets;
676  SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
677  SmallVector<LoadInst *, 8> Loads;
678  SmallVector<StoreInst *, 8> Stores;
679 
680  const DominatorTree *DT = DTCallback(F);
681  const PostDominatorTree *PDT = PDTCallback(F);
682  bool IsLeafFunc = true;
683 
684  for (auto &BB : F) {
685  if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
686  BlocksToInstrument.push_back(&BB);
687  for (auto &Inst : BB) {
688  if (Options.IndirectCalls) {
689  CallBase *CB = dyn_cast<CallBase>(&Inst);
690  if (CB && CB->isIndirectCall())
691  IndirCalls.push_back(&Inst);
692  }
693  if (Options.TraceCmp) {
694  if (ICmpInst *CMP = dyn_cast<ICmpInst>(&Inst))
695  if (IsInterestingCmp(CMP, DT, Options))
696  CmpTraceTargets.push_back(&Inst);
697  if (isa<SwitchInst>(&Inst))
698  SwitchTraceTargets.push_back(&Inst);
699  }
700  if (Options.TraceDiv)
701  if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&Inst))
702  if (BO->getOpcode() == Instruction::SDiv ||
703  BO->getOpcode() == Instruction::UDiv)
704  DivTraceTargets.push_back(BO);
705  if (Options.TraceGep)
706  if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
707  GepTraceTargets.push_back(GEP);
708  if (Options.TraceLoads)
709  if (LoadInst *LI = dyn_cast<LoadInst>(&Inst))
710  Loads.push_back(LI);
711  if (Options.TraceStores)
712  if (StoreInst *SI = dyn_cast<StoreInst>(&Inst))
713  Stores.push_back(SI);
714  if (Options.StackDepth)
715  if (isa<InvokeInst>(Inst) ||
716  (isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
717  IsLeafFunc = false;
718  }
719  }
720 
721  InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
722  InjectCoverageForIndirectCalls(F, IndirCalls);
723  InjectTraceForCmp(F, CmpTraceTargets);
724  InjectTraceForSwitch(F, SwitchTraceTargets);
725  InjectTraceForDiv(F, DivTraceTargets);
726  InjectTraceForGep(F, GepTraceTargets);
727  InjectTraceForLoadsAndStores(F, Loads, Stores);
728 }
729 
730 GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
731  size_t NumElements, Function &F, Type *Ty, const char *Section) {
732  ArrayType *ArrayTy = ArrayType::get(Ty, NumElements);
733  auto Array = new GlobalVariable(
734  *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage,
735  Constant::getNullValue(ArrayTy), "__sancov_gen_");
736 
737  if (TargetTriple.supportsCOMDAT() &&
738  (TargetTriple.isOSBinFormatELF() || !F.isInterposable()))
739  if (auto Comdat = getOrCreateFunctionComdat(F, TargetTriple))
740  Array->setComdat(Comdat);
741  Array->setSection(getSectionName(Section));
742  Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedSize()));
743 
744  // sancov_pcs parallels the other metadata section(s). Optimizers (e.g.
745  // GlobalOpt/ConstantMerge) may not discard sancov_pcs and the other
746  // section(s) as a unit, so we conservatively retain all unconditionally in
747  // the compiler.
748  //
749  // With comdat (COFF/ELF), the linker can guarantee the associated sections
750  // will be retained or discarded as a unit, so llvm.compiler.used is
751  // sufficient. Otherwise, conservatively make all of them retained by the
752  // linker.
753  if (Array->hasComdat())
754  GlobalsToAppendToCompilerUsed.push_back(Array);
755  else
756  GlobalsToAppendToUsed.push_back(Array);
757 
758  return Array;
759 }
760 
761 GlobalVariable *
762 ModuleSanitizerCoverage::CreatePCArray(Function &F,
763  ArrayRef<BasicBlock *> AllBlocks) {
764  size_t N = AllBlocks.size();
765  assert(N);
766  SmallVector<Constant *, 32> PCs;
767  IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt());
768  for (size_t i = 0; i < N; i++) {
769  if (&F.getEntryBlock() == AllBlocks[i]) {
770  PCs.push_back((Constant *)IRB.CreatePointerCast(&F, IntptrPtrTy));
771  PCs.push_back((Constant *)IRB.CreateIntToPtr(
772  ConstantInt::get(IntptrTy, 1), IntptrPtrTy));
773  } else {
774  PCs.push_back((Constant *)IRB.CreatePointerCast(
775  BlockAddress::get(AllBlocks[i]), IntptrPtrTy));
776  PCs.push_back((Constant *)IRB.CreateIntToPtr(
777  ConstantInt::get(IntptrTy, 0), IntptrPtrTy));
778  }
779  }
780  auto *PCArray = CreateFunctionLocalArrayInSection(N * 2, F, IntptrPtrTy,
781  SanCovPCsSectionName);
782  PCArray->setInitializer(
783  ConstantArray::get(ArrayType::get(IntptrPtrTy, N * 2), PCs));
784  PCArray->setConstant(true);
785 
786  return PCArray;
787 }
788 
789 void ModuleSanitizerCoverage::CreateFunctionLocalArrays(
790  Function &F, ArrayRef<BasicBlock *> AllBlocks) {
791  if (Options.TracePCGuard)
792  FunctionGuardArray = CreateFunctionLocalArrayInSection(
793  AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName);
794 
795  if (Options.Inline8bitCounters)
796  Function8bitCounterArray = CreateFunctionLocalArrayInSection(
797  AllBlocks.size(), F, Int8Ty, SanCovCountersSectionName);
798  if (Options.InlineBoolFlag)
799  FunctionBoolArray = CreateFunctionLocalArrayInSection(
800  AllBlocks.size(), F, Int1Ty, SanCovBoolFlagSectionName);
801 
802  if (Options.PCTable)
803  FunctionPCsArray = CreatePCArray(F, AllBlocks);
804 }
805 
806 bool ModuleSanitizerCoverage::InjectCoverage(Function &F,
807  ArrayRef<BasicBlock *> AllBlocks,
808  bool IsLeafFunc) {
809  if (AllBlocks.empty()) return false;
810  CreateFunctionLocalArrays(F, AllBlocks);
811  for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
812  InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
813  return true;
814 }
815 
816 // On every indirect call we call a run-time function
817 // __sanitizer_cov_indir_call* with two parameters:
818 // - callee address,
819 // - global cache array that contains CacheSize pointers (zero-initialized).
820 // The cache is used to speed up recording the caller-callee pairs.
821 // The address of the caller is passed implicitly via caller PC.
822 // CacheSize is encoded in the name of the run-time function.
823 void ModuleSanitizerCoverage::InjectCoverageForIndirectCalls(
824  Function &F, ArrayRef<Instruction *> IndirCalls) {
825  if (IndirCalls.empty())
826  return;
827  assert(Options.TracePC || Options.TracePCGuard ||
828  Options.Inline8bitCounters || Options.InlineBoolFlag);
829  for (auto I : IndirCalls) {
830  IRBuilder<> IRB(I);
831  CallBase &CB = cast<CallBase>(*I);
832  Value *Callee = CB.getCalledOperand();
833  if (isa<InlineAsm>(Callee))
834  continue;
835  IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
836  }
837 }
838 
839 // For every switch statement we insert a call:
840 // __sanitizer_cov_trace_switch(CondValue,
841 // {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... })
842 
843 void ModuleSanitizerCoverage::InjectTraceForSwitch(
844  Function &, ArrayRef<Instruction *> SwitchTraceTargets) {
845  for (auto I : SwitchTraceTargets) {
846  if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) {
847  IRBuilder<> IRB(I);
848  SmallVector<Constant *, 16> Initializers;
849  Value *Cond = SI->getCondition();
850  if (Cond->getType()->getScalarSizeInBits() >
851  Int64Ty->getScalarSizeInBits())
852  continue;
853  Initializers.push_back(ConstantInt::get(Int64Ty, SI->getNumCases()));
854  Initializers.push_back(
855  ConstantInt::get(Int64Ty, Cond->getType()->getScalarSizeInBits()));
856  if (Cond->getType()->getScalarSizeInBits() <
857  Int64Ty->getScalarSizeInBits())
858  Cond = IRB.CreateIntCast(Cond, Int64Ty, false);
859  for (auto It : SI->cases()) {
860  Constant *C = It.getCaseValue();
861  if (C->getType()->getScalarSizeInBits() <
862  Int64Ty->getScalarSizeInBits())
863  C = ConstantExpr::getCast(CastInst::ZExt, It.getCaseValue(), Int64Ty);
864  Initializers.push_back(C);
865  }
866  llvm::sort(drop_begin(Initializers, 2),
867  [](const Constant *A, const Constant *B) {
868  return cast<ConstantInt>(A)->getLimitedValue() <
869  cast<ConstantInt>(B)->getLimitedValue();
870  });
871  ArrayType *ArrayOfInt64Ty = ArrayType::get(Int64Ty, Initializers.size());
872  GlobalVariable *GV = new GlobalVariable(
873  *CurModule, ArrayOfInt64Ty, false, GlobalVariable::InternalLinkage,
874  ConstantArray::get(ArrayOfInt64Ty, Initializers),
875  "__sancov_gen_cov_switch_values");
876  IRB.CreateCall(SanCovTraceSwitchFunction,
877  {Cond, IRB.CreatePointerCast(GV, Int64PtrTy)});
878  }
879  }
880 }
881 
882 void ModuleSanitizerCoverage::InjectTraceForDiv(
883  Function &, ArrayRef<BinaryOperator *> DivTraceTargets) {
884  for (auto BO : DivTraceTargets) {
885  IRBuilder<> IRB(BO);
886  Value *A1 = BO->getOperand(1);
887  if (isa<ConstantInt>(A1)) continue;
888  if (!A1->getType()->isIntegerTy())
889  continue;
890  uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
891  int CallbackIdx = TypeSize == 32 ? 0 :
892  TypeSize == 64 ? 1 : -1;
893  if (CallbackIdx < 0) continue;
894  auto Ty = Type::getIntNTy(*C, TypeSize);
895  IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx],
896  {IRB.CreateIntCast(A1, Ty, true)});
897  }
898 }
899 
900 void ModuleSanitizerCoverage::InjectTraceForGep(
901  Function &, ArrayRef<GetElementPtrInst *> GepTraceTargets) {
902  for (auto GEP : GepTraceTargets) {
903  IRBuilder<> IRB(GEP);
904  for (Use &Idx : GEP->indices())
905  if (!isa<ConstantInt>(Idx) && Idx->getType()->isIntegerTy())
906  IRB.CreateCall(SanCovTraceGepFunction,
907  {IRB.CreateIntCast(Idx, IntptrTy, true)});
908  }
909 }
910 
911 void ModuleSanitizerCoverage::InjectTraceForLoadsAndStores(
912  Function &, ArrayRef<LoadInst *> Loads, ArrayRef<StoreInst *> Stores) {
913  auto CallbackIdx = [&](Type *ElementTy) -> int {
914  uint64_t TypeSize = DL->getTypeStoreSizeInBits(ElementTy);
915  return TypeSize == 8 ? 0
916  : TypeSize == 16 ? 1
917  : TypeSize == 32 ? 2
918  : TypeSize == 64 ? 3
919  : TypeSize == 128 ? 4
920  : -1;
921  };
922  Type *PointerType[5] = {Int8PtrTy, Int16PtrTy, Int32PtrTy, Int64PtrTy,
923  Int128PtrTy};
924  for (auto LI : Loads) {
925  IRBuilder<> IRB(LI);
926  auto Ptr = LI->getPointerOperand();
927  int Idx = CallbackIdx(LI->getType());
928  if (Idx < 0)
929  continue;
930  IRB.CreateCall(SanCovLoadFunction[Idx],
931  IRB.CreatePointerCast(Ptr, PointerType[Idx]));
932  }
933  for (auto SI : Stores) {
934  IRBuilder<> IRB(SI);
935  auto Ptr = SI->getPointerOperand();
936  int Idx = CallbackIdx(SI->getValueOperand()->getType());
937  if (Idx < 0)
938  continue;
939  IRB.CreateCall(SanCovStoreFunction[Idx],
940  IRB.CreatePointerCast(Ptr, PointerType[Idx]));
941  }
942 }
943 
944 void ModuleSanitizerCoverage::InjectTraceForCmp(
945  Function &, ArrayRef<Instruction *> CmpTraceTargets) {
946  for (auto I : CmpTraceTargets) {
947  if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
948  IRBuilder<> IRB(ICMP);
949  Value *A0 = ICMP->getOperand(0);
950  Value *A1 = ICMP->getOperand(1);
951  if (!A0->getType()->isIntegerTy())
952  continue;
953  uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType());
954  int CallbackIdx = TypeSize == 8 ? 0 :
955  TypeSize == 16 ? 1 :
956  TypeSize == 32 ? 2 :
957  TypeSize == 64 ? 3 : -1;
958  if (CallbackIdx < 0) continue;
959  // __sanitizer_cov_trace_cmp((type_size << 32) | predicate, A0, A1);
960  auto CallbackFunc = SanCovTraceCmpFunction[CallbackIdx];
961  bool FirstIsConst = isa<ConstantInt>(A0);
962  bool SecondIsConst = isa<ConstantInt>(A1);
963  // If both are const, then we don't need such a comparison.
964  if (FirstIsConst && SecondIsConst) continue;
965  // If only one is const, then make it the first callback argument.
966  if (FirstIsConst || SecondIsConst) {
967  CallbackFunc = SanCovTraceConstCmpFunction[CallbackIdx];
968  if (SecondIsConst)
969  std::swap(A0, A1);
970  }
971 
972  auto Ty = Type::getIntNTy(*C, TypeSize);
973  IRB.CreateCall(CallbackFunc, {IRB.CreateIntCast(A0, Ty, true),
974  IRB.CreateIntCast(A1, Ty, true)});
975  }
976  }
977 }
978 
979 void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
980  size_t Idx,
981  bool IsLeafFunc) {
982  BasicBlock::iterator IP = BB.getFirstInsertionPt();
983  bool IsEntryBB = &BB == &F.getEntryBlock();
984  DebugLoc EntryLoc;
985  if (IsEntryBB) {
986  if (auto SP = F.getSubprogram())
987  EntryLoc = DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP);
988  // Keep static allocas and llvm.localescape calls in the entry block. Even
989  // if we aren't splitting the block, it's nice for allocas to be before
990  // calls.
991  IP = PrepareToSplitEntryBlock(BB, IP);
992  }
993 
994  InstrumentationIRBuilder IRB(&*IP);
995  if (EntryLoc)
996  IRB.SetCurrentDebugLocation(EntryLoc);
997  if (Options.TracePC) {
998  IRB.CreateCall(SanCovTracePC)
999  ->setCannotMerge(); // gets the PC using GET_CALLER_PC.
1000  }
1001  if (Options.TracePCGuard) {
1002  auto GuardPtr = IRB.CreateIntToPtr(
1003  IRB.CreateAdd(IRB.CreatePointerCast(FunctionGuardArray, IntptrTy),
1004  ConstantInt::get(IntptrTy, Idx * 4)),
1005  Int32PtrTy);
1006  IRB.CreateCall(SanCovTracePCGuard, GuardPtr)->setCannotMerge();
1007  }
1008  if (Options.Inline8bitCounters) {
1009  auto CounterPtr = IRB.CreateGEP(
1010  Function8bitCounterArray->getValueType(), Function8bitCounterArray,
1011  {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
1012  auto Load = IRB.CreateLoad(Int8Ty, CounterPtr);
1013  auto Inc = IRB.CreateAdd(Load, ConstantInt::get(Int8Ty, 1));
1014  auto Store = IRB.CreateStore(Inc, CounterPtr);
1015  SetNoSanitizeMetadata(Load);
1016  SetNoSanitizeMetadata(Store);
1017  }
1018  if (Options.InlineBoolFlag) {
1019  auto FlagPtr = IRB.CreateGEP(
1020  FunctionBoolArray->getValueType(), FunctionBoolArray,
1021  {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
1022  auto Load = IRB.CreateLoad(Int1Ty, FlagPtr);
1023  auto ThenTerm =
1024  SplitBlockAndInsertIfThen(IRB.CreateIsNull(Load), &*IP, false);
1025  IRBuilder<> ThenIRB(ThenTerm);
1026  auto Store = ThenIRB.CreateStore(ConstantInt::getTrue(Int1Ty), FlagPtr);
1027  SetNoSanitizeMetadata(Load);
1028  SetNoSanitizeMetadata(Store);
1029  }
1030  if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
1031  // Check stack depth. If it's the deepest so far, record it.
1032  Module *M = F.getParent();
1033  Function *GetFrameAddr = Intrinsic::getDeclaration(
1034  M, Intrinsic::frameaddress,
1035  IRB.getInt8PtrTy(M->getDataLayout().getAllocaAddrSpace()));
1036  auto FrameAddrPtr =
1037  IRB.CreateCall(GetFrameAddr, {Constant::getNullValue(Int32Ty)});
1038  auto FrameAddrInt = IRB.CreatePtrToInt(FrameAddrPtr, IntptrTy);
1039  auto LowestStack = IRB.CreateLoad(IntptrTy, SanCovLowestStack);
1040  auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
1041  auto ThenTerm = SplitBlockAndInsertIfThen(IsStackLower, &*IP, false);
1042  IRBuilder<> ThenIRB(ThenTerm);
1043  auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
1044  SetNoSanitizeMetadata(LowestStack);
1045  SetNoSanitizeMetadata(Store);
1046  }
1047 }
1048 
1049 std::string
1050 ModuleSanitizerCoverage::getSectionName(const std::string &Section) const {
1051  if (TargetTriple.isOSBinFormatCOFF()) {
1052  if (Section == SanCovCountersSectionName)
1053  return ".SCOV$CM";
1054  if (Section == SanCovBoolFlagSectionName)
1055  return ".SCOV$BM";
1056  if (Section == SanCovPCsSectionName)
1057  return ".SCOVP$M";
1058  return ".SCOV$GM"; // For SanCovGuardsSectionName.
1059  }
1060  if (TargetTriple.isOSBinFormatMachO())
1061  return "__DATA,__" + Section;
1062  return "__" + Section;
1063 }
1064 
1065 std::string
1066 ModuleSanitizerCoverage::getSectionStart(const std::string &Section) const {
1067  if (TargetTriple.isOSBinFormatMachO())
1068  return "\1section$start$__DATA$__" + Section;
1069  return "__start___" + Section;
1070 }
1071 
1072 std::string
1073 ModuleSanitizerCoverage::getSectionEnd(const std::string &Section) const {
1074  if (TargetTriple.isOSBinFormatMachO())
1075  return "\1section$end$__DATA$__" + Section;
1076  return "__stop___" + Section;
1077 }
1078 
1079 char ModuleSanitizerCoverageLegacyPass::ID = 0;
1080 INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass, "sancov",
1081  "Pass for instrumenting coverage on functions", false,
1082  false)
1083 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
1084 INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass)
1085 INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass, "sancov",
1086  "Pass for instrumenting coverage on functions", false,
1087  false)
1088 ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass(
1089  const SanitizerCoverageOptions &Options,
1090  const std::vector<std::string> &AllowlistFiles,
1091  const std::vector<std::string> &BlocklistFiles) {
1092  return new ModuleSanitizerCoverageLegacyPass(Options, AllowlistFiles,
1093  BlocklistFiles);
1094 }
i
i
Definition: README.txt:29
ClInline8bitCounters
static cl::opt< bool > ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters", cl::desc("increments 8-bit counter for every edge"), cl::Hidden, cl::init(false))
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: PassManager.h:152
llvm::SpecialCaseList
Definition: SpecialCaseList.h:69
Instrumentation.h
llvm::isAsynchronousEHPersonality
bool isAsynchronousEHPersonality(EHPersonality Pers)
Returns true if this personality function catches asynchronous exceptions.
Definition: EHPersonalities.h:49
Int32Ty
IntegerType * Int32Ty
Definition: NVVMIntrRange.cpp:67
llvm::PrepareToSplitEntryBlock
BasicBlock::iterator PrepareToSplitEntryBlock(BasicBlock &BB, BasicBlock::iterator IP)
Instrumentation passes often insert conditional checks into entry blocks.
Definition: Instrumentation.cpp:41
INITIALIZE_PASS_BEGIN
INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass, "sancov", "Pass for instrumenting coverage on functions", false, false) INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass
llvm::GlobalObject::setComdat
void setComdat(Comdat *C)
Definition: Globals.cpp:194
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:17
llvm::Type::getInt1Ty
static IntegerType * getInt1Ty(LLVMContext &C)
Definition: Type.cpp:236
M
We currently emits eax Perhaps this is what we really should generate is Is imull three or four cycles eax eax The current instruction priority is based on pattern complexity The former is more complex because it folds a load so the latter will not be emitted Perhaps we should use AddedComplexity to give LEA32r a higher priority We should always try to match LEA first since the LEA matching code does some estimate to determine whether the match is profitable if we care more about code then imull is better It s two bytes shorter than movl leal On a Pentium M
Definition: README.txt:252
llvm::AArch64CC::AL
@ AL
Definition: AArch64BaseInfo.h:269
llvm::drop_begin
auto drop_begin(T &&RangeOrContainer, size_t N=1)
Return a range covering RangeOrContainer with the first N elements excluded.
Definition: STLExtras.h:280
SanCovTraceCmp2
const char SanCovTraceCmp2[]
Definition: SanitizerCoverage.cpp:45
ClGEPTracing
static cl::opt< bool > ClGEPTracing("sanitizer-coverage-trace-geps", cl::desc("Tracing of GEP instructions"), cl::Hidden, cl::init(false))
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:113
SanCovTracePCName
const char SanCovTracePCName[]
Definition: SanitizerCoverage.cpp:43
llvm::Intrinsic::getDeclaration
Function * getDeclaration(Module *M, ID id, ArrayRef< Type * > Tys=None)
Create or insert an LLVM Function declaration for an intrinsic, and return it.
Definition: Function.cpp:1418
llvm::BasicBlock::iterator
InstListType::iterator iterator
Instruction iterators...
Definition: BasicBlock.h:87
llvm::ModulePass
ModulePass class - This class is used to implement unstructured interprocedural optimizations and ana...
Definition: Pass.h:248
llvm::SanitizerCoverageOptions
Definition: Instrumentation.h:141
IntrinsicInst.h
llvm::AnalysisManager::getResult
PassT::Result & getResult(IRUnitT &IR, ExtraArgTs... ExtraArgs)
Get the result of an analysis pass for a given IR unit.
Definition: PassManager.h:780
llvm::SystemZISD::ICMP
@ ICMP
Definition: SystemZISelLowering.h:55
functions
Pass for instrumenting coverage on functions
Definition: SanitizerCoverage.cpp:1086
llvm::GlobalValue::HiddenVisibility
@ HiddenVisibility
The GV is hidden.
Definition: GlobalValue.h:64
llvm::Function
Definition: Function.h:60
ClDIVTracing
static cl::opt< bool > ClDIVTracing("sanitizer-coverage-trace-divs", cl::desc("Tracing of DIV instructions"), cl::Hidden, cl::init(false))
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1185
llvm::AttributeList::addParamAttribute
LLVM_NODISCARD AttributeList addParamAttribute(LLVMContext &C, unsigned ArgNo, Attribute::AttrKind Kind) const
Add an argument attribute to the list.
Definition: Attributes.h:561
llvm::Function::getEntryBlock
const BasicBlock & getEntryBlock() const
Definition: Function.h:710
llvm::IRBuilder<>
SanCov8bitCountersInitName
const char SanCov8bitCountersInitName[]
Definition: SanitizerCoverage.cpp:75
llvm::GlobalVariable
Definition: GlobalVariable.h:39
SanCovTraceGep
const char SanCovTraceGep[]
Definition: SanitizerCoverage.cpp:64
SanCovModuleCtorBoolFlagName
const char SanCovModuleCtorBoolFlagName[]
Definition: SanitizerCoverage.cpp:70
llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition: Dominators.h:166
llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:44
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:59
llvm::cl::Hidden
@ Hidden
Definition: CommandLine.h:139
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition: PassManager.h:155
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
Module.h
llvm::AttributeList
Definition: Attributes.h:425
EHPersonalities.h
SanCovModuleCtor8bitCountersName
const char SanCovModuleCtor8bitCountersName[]
Definition: SanitizerCoverage.cpp:68
SanCovStore16
const char SanCovStore16[]
Definition: SanitizerCoverage.cpp:61
llvm::msgpack::Type::Array
@ Array
llvm::successors
auto successors(MachineBasicBlock *BB)
Definition: MachineSSAContext.h:29
ClInlineBoolFlag
static cl::opt< bool > ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag", cl::desc("sets a boolean flag for every edge"), cl::Hidden, cl::init(false))
llvm::max
Expected< ExpressionValue > max(const ExpressionValue &Lhs, const ExpressionValue &Rhs)
Definition: FileCheck.cpp:337
ClCreatePCTable
static cl::opt< bool > ClCreatePCTable("sanitizer-coverage-pc-table", cl::desc("create a static PC table"), cl::Hidden, cl::init(false))
llvm::GlobalValue::LinkageTypes
LinkageTypes
An enumeration for the kinds of linkage for global values.
Definition: GlobalValue.h:47
llvm::ArrayType
Class to represent array types.
Definition: DerivedTypes.h:357
llvm::succ_empty
bool succ_empty(const Instruction *I)
Definition: CFG.h:255
llvm::Type::getInt8Ty
static IntegerType * getInt8Ty(LLVMContext &C)
Definition: Type.cpp:237
ClLoadTracing
static cl::opt< bool > ClLoadTracing("sanitizer-coverage-trace-loads", cl::desc("Tracing of load instructions"), cl::Hidden, cl::init(false))
llvm::Type::getInt32Ty
static IntegerType * getInt32Ty(LLVMContext &C)
Definition: Type.cpp:239
llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition: ArrayRef.h:159
SanCovLowestStackName
const char SanCovLowestStackName[]
Definition: SanitizerCoverage.cpp:84
llvm::MDNode::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition: Metadata.h:1300
F
#define F(x, y, z)
Definition: MD5.cpp:55
llvm::BasicBlock::getUniqueSuccessor
const BasicBlock * getUniqueSuccessor() const
Return the successor of this block if it has a unique successor.
Definition: BasicBlock.cpp:299
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:55
llvm::ARMBuildAttrs::Section
@ Section
Legacy Tags.
Definition: ARMBuildAttributes.h:82
llvm::SanitizerCoverageOptions::SCK_Edge
@ SCK_Edge
Definition: Instrumentation.h:146
llvm::classifyEHPersonality
EHPersonality classifyEHPersonality(const Value *Pers)
See if the given exception handling personality function is one that we understand.
Definition: EHPersonalities.cpp:22
llvm::DominatorTree::dominates
bool dominates(const BasicBlock *BB, const Use &U) const
Return true if the (end of the) basic block BB dominates the use U.
Definition: Dominators.cpp:122
SanCovLoad2
const char SanCovLoad2[]
Definition: SanitizerCoverage.cpp:53
CommandLine.h
llvm::SPII::Load
@ Load
Definition: SparcInstrInfo.h:32
llvm::all_of
bool all_of(R &&range, UnaryPredicate P)
Provide wrappers to std::all_of which take ranges instead of having to pass begin/end explicitly.
Definition: STLExtras.h:1617
llvm::SanitizerCoverageOptions::CoverageType
enum llvm::SanitizerCoverageOptions::Type CoverageType
SanCovBoolFlagInitName
const char SanCovBoolFlagInitName[]
Definition: SanitizerCoverage.cpp:76
llvm::PassRegistry::getPassRegistry
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition: PassRegistry.cpp:31
PostDominators.h
SanCovTraceCmp4
const char SanCovTraceCmp4[]
Definition: SanitizerCoverage.cpp:46
SanCovStore4
const char SanCovStore4[]
Definition: SanitizerCoverage.cpp:59
Intrinsics.h
C
(vector float) vec_cmpeq(*A, *B) C
Definition: README_ALTIVEC.txt:86
MAM
ModuleAnalysisManager MAM
Definition: PassBuilderBindings.cpp:61
llvm::ModuleSanitizerCoveragePass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: SanitizerCoverage.cpp:330
llvm::PostDominatorTreeWrapperPass
Definition: PostDominators.h:73
SanCovPCsSectionName
const char SanCovPCsSectionName[]
Definition: SanitizerCoverage.cpp:82
llvm::AnalysisUsage
Represent the analysis usage information of a pass.
Definition: PassAnalysisSupport.h:47
isFullPostDominator
static bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT)
Definition: SanitizerCoverage.cpp:568
SanCovLoad4
const char SanCovLoad4[]
Definition: SanitizerCoverage.cpp:54
SanCovTraceDiv8
const char SanCovTraceDiv8[]
Definition: SanitizerCoverage.cpp:63
IP
Definition: NVPTXLowerArgs.cpp:167
llvm::CriticalEdgeSplittingOptions
Option class for critical edge splitting.
Definition: BasicBlockUtils.h:142
false
Definition: StackSlotColoring.cpp:141
B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")
llvm::Constant::getAllOnesValue
static Constant * getAllOnesValue(Type *Ty)
Definition: Constants.cpp:395
llvm::InstrumentationIRBuilder
Definition: Instrumentation.h:194
llvm::Instruction
Definition: Instruction.h:42
ClPruneBlocks
static cl::opt< bool > ClPruneBlocks("sanitizer-coverage-prune-blocks", cl::desc("Reduce the number of instrumented blocks"), cl::Hidden, cl::init(true))
llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition: Dominators.h:302
llvm::appendToCompilerUsed
void appendToCompilerUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.compiler.used list.
Definition: ModuleUtils.cpp:109
Options
const char LLVMTargetMachineRef LLVMPassBuilderOptionsRef Options
Definition: PassBuilderBindings.cpp:48
llvm::predecessors
auto predecessors(MachineBasicBlock *BB)
Definition: MachineSSAContext.h:30
llvm::initializeModuleSanitizerCoverageLegacyPassPass
void initializeModuleSanitizerCoverageLegacyPassPass(PassRegistry &)
llvm::ConstantInt::get
static Constant * get(Type *Ty, uint64_t V, bool IsSigned=false)
If Ty is a vector type, return a Constant with a splat of the given value.
Definition: Constants.cpp:928
SanCovGuardsSectionName
const char SanCovGuardsSectionName[]
Definition: SanitizerCoverage.cpp:79
Align
uint64_t Align
Definition: ELFObjHandler.cpp:81
llvm::GlobalValue::InternalLinkage
@ InternalLinkage
Rename collisions when linking (static functions).
Definition: GlobalValue.h:55
llvm::Comdat
Definition: Comdat.h:33
llvm::SPII::Store
@ Store
Definition: SparcInstrInfo.h:33
llvm::SanitizerCoverageOptions::SCK_BB
@ SCK_BB
Definition: Instrumentation.h:145
SanCovTraceConstCmp8
const char SanCovTraceConstCmp8[]
Definition: SanitizerCoverage.cpp:51
shouldInstrumentBlock
static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, const DominatorTree *DT, const PostDominatorTree *PDT, const SanitizerCoverageOptions &Options)
Definition: SanitizerCoverage.cpp:578
llvm::None
const NoneType None
Definition: None.h:24
llvm::CallingConv::ID
unsigned ID
LLVM IR allows to use arbitrary numbers as calling convention identifiers.
Definition: CallingConv.h:24
SanCovTraceSwitchName
const char SanCovTraceSwitchName[]
Definition: SanitizerCoverage.cpp:65
Type.h
INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:58
llvm::Type::isIntegerTy
bool isIntegerTy() const
True if this is an instance of IntegerType.
Definition: Type.h:191
llvm::function_ref
An efficient, type-erasing, non-owning reference to a callable.
Definition: STLFunctionalExtras.h:36
llvm::cl::opt
Definition: CommandLine.h:1392
llvm::StoreInst
An instruction for storing to memory.
Definition: Instructions.h:297
llvm::Constant
This is an important base class in LLVM.
Definition: Constant.h:41
llvm::vfs::getRealFileSystem
IntrusiveRefCntPtr< FileSystem > getRealFileSystem()
Gets an vfs::FileSystem for the 'real' file system, as seen by the operating system.
Definition: VirtualFileSystem.cpp:376
llvm::PointerType::getUnqual
static PointerType * getUnqual(Type *ElementType)
This constructs a pointer to an object of the specified type in the default address space (address sp...
Definition: DerivedTypes.h:651
llvm::createSanitizerCtorAndInitFunctions
std::pair< Function *, FunctionCallee > createSanitizerCtorAndInitFunctions(Module &M, StringRef CtorName, StringRef InitName, ArrayRef< Type * > InitArgTypes, ArrayRef< Value * > InitArgs, StringRef VersionCheckName=StringRef())
Creates sanitizer constructor function, and calls sanitizer's init function from it.
Definition: ModuleUtils.cpp:135
llvm::ICmpInst
This instruction compares its operands according to the predicate given to the constructor.
Definition: Instructions.h:1173
uint64_t
const
aarch64 promote const
Definition: AArch64PromoteConstant.cpp:232
SanCovBoolFlagSectionName
const char SanCovBoolFlagSectionName[]
Definition: SanitizerCoverage.cpp:81
INITIALIZE_PASS_DEPENDENCY
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
sancov
sancov
Definition: SanitizerCoverage.cpp:1085
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:68
llvm::declareSanitizerInitFunction
FunctionCallee declareSanitizerInitFunction(Module &M, StringRef InitName, ArrayRef< Type * > InitArgTypes)
Definition: ModuleUtils.cpp:114
I
#define I(x, y, z)
Definition: MD5.cpp:58
ClCoverageLevel
static cl::opt< int > ClCoverageLevel("sanitizer-coverage-level", cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, " "3: all blocks and critical edges"), cl::Hidden, cl::init(0))
SanCovStore8
const char SanCovStore8[]
Definition: SanitizerCoverage.cpp:60
llvm::GetElementPtrInst
an instruction for type-safe pointer arithmetic to access elements of arrays and structs
Definition: Instructions.h:916
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:432
llvm::appendToUsed
void appendToUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.used list.
Definition: ModuleUtils.cpp:105
llvm::PointerType
Class to represent pointers.
Definition: DerivedTypes.h:632
llvm::GlobalValue::setLinkage
void setLinkage(LinkageTypes LT)
Definition: GlobalValue.h:502
ArrayRef.h
llvm::SpecialCaseList::createOrDie
static std::unique_ptr< SpecialCaseList > createOrDie(const std::vector< std::string > &Paths, llvm::vfs::FileSystem &FS)
Parses the special case list entries from files.
Definition: SpecialCaseList.cpp:90
IRBuilder.h
ClTracePC
static cl::opt< bool > ClTracePC("sanitizer-coverage-trace-pc", cl::desc("Experimental pc tracing"), cl::Hidden, cl::init(false))
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
SanCovTraceCmp1
const char SanCovTraceCmp1[]
Definition: SanitizerCoverage.cpp:44
std::swap
void swap(llvm::BitVector &LHS, llvm::BitVector &RHS)
Implement std::swap in terms of BitVector swap.
Definition: BitVector.h:853
SI
StandardInstrumentations SI(Debug, VerifyEach)
SanCovTracePCGuardInitName
const char SanCovTracePCGuardInitName[]
Definition: SanitizerCoverage.cpp:74
llvm::ConstantExpr::getCast
static Constant * getCast(unsigned ops, Constant *C, Type *Ty, bool OnlyIfReduced=false)
Convenience function for getting a Cast operation.
Definition: Constants.cpp:2010
SanCovModuleCtorTracePcGuardName
const char SanCovModuleCtorTracePcGuardName[]
Definition: SanitizerCoverage.cpp:66
IsInterestingCmp
static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, const SanitizerCoverageOptions &Options)
Definition: SanitizerCoverage.cpp:628
llvm::ArrayType::get
static ArrayType * get(Type *ElementType, uint64_t NumElements)
This static method is the primary way to construct an ArrayType.
Definition: Type.cpp:638
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65
ClCMPTracing
static cl::opt< bool > ClCMPTracing("sanitizer-coverage-trace-compares", cl::desc("Tracing of CMP and similar instructions"), cl::Hidden, cl::init(false))
Triple.h
SanCovTracePCIndirName
const char SanCovTracePCIndirName[]
Definition: SanitizerCoverage.cpp:42
ClStoreTracing
static cl::opt< bool > ClStoreTracing("sanitizer-coverage-trace-stores", cl::desc("Tracing of store instructions"), cl::Hidden, cl::init(false))
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: APInt.h:32
llvm::BinaryOperator
Definition: InstrTypes.h:188
SanCovLoad1
const char SanCovLoad1[]
Definition: SanitizerCoverage.cpp:52
DataLayout.h
Cond
SmallVector< MachineOperand, 4 > Cond
Definition: BasicBlockSections.cpp:137
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:58
SanCovTracePCGuardName
const char SanCovTracePCGuardName[]
Definition: SanitizerCoverage.cpp:73
llvm::SanitizerCoverageOptions::SCK_Function
@ SCK_Function
Definition: Instrumentation.h:144
SanitizerCoverage.h
llvm::PostDominatorTree
PostDominatorTree Class - Concrete subclass of DominatorTree that is used to compute the post-dominat...
Definition: PostDominators.h:28
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255
llvm::GlobalValue::WeakODRLinkage
@ WeakODRLinkage
Same, but only replaced by something equivalent.
Definition: GlobalValue.h:53
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: AArch64SLSHardening.cpp:76
llvm::pred_empty
bool pred_empty(const BasicBlock *BB)
Definition: CFG.h:118
ClTracePCGuard
static cl::opt< bool > ClTracePCGuard("sanitizer-coverage-trace-pc-guard", cl::desc("pc tracing with a guard"), cl::Hidden, cl::init(false))
llvm::GlobalValue::AvailableExternallyLinkage
@ AvailableExternallyLinkage
Available for inspection, not emission.
Definition: GlobalValue.h:49
llvm::Value::getName
StringRef getName() const
Return a constant reference to the value's name.
Definition: Value.cpp:305
for
this could be done in SelectionDAGISel along with other special for
Definition: README.txt:104
llvm::LoadInst
An instruction for reading from memory.
Definition: Instructions.h:173
VirtualFileSystem.h
SanCovLoad16
const char SanCovLoad16[]
Definition: SanitizerCoverage.cpp:56
Callee
amdgpu Simplify well known AMD library false FunctionCallee Callee
Definition: AMDGPULibCalls.cpp:186
SanCovTraceConstCmp1
const char SanCovTraceConstCmp1[]
Definition: SanitizerCoverage.cpp:48
Constant.h
llvm::ConstantInt::getTrue
static ConstantInt * getTrue(LLVMContext &Context)
Definition: Constants.cpp:876
std
Definition: BitVector.h:851
llvm::Constant::getNullValue
static Constant * getNullValue(Type *Ty)
Constructor to create a '0' constant of arbitrary type.
Definition: Constants.cpp:350
llvm::Type::getIntNTy
static IntegerType * getIntNTy(LLVMContext &C, unsigned N)
Definition: Type.cpp:243
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: PassManager.h:158
llvm::ISD::BR
@ BR
Control flow instructions. These all have token chains.
Definition: ISDOpcodes.h:982
GlobalVariable.h
llvm::TypeSize
Definition: TypeSize.h:435
llvm::getOrCreateFunctionComdat
Comdat * getOrCreateFunctionComdat(Function &F, Triple &T)
Definition: Instrumentation.cpp:76
Function.h
llvm::sort
void sort(IteratorTy Start, IteratorTy End)
Definition: STLExtras.h:1562
llvm::CallBase::isIndirectCall
bool isIndirectCall() const
Return true if the callsite is an indirect call.
Definition: Instructions.cpp:289
SpecialCaseList.h
llvm::getUniqueModuleId
std::string getUniqueModuleId(Module *M)
Produce a unique identifier for this module by taking the MD5 sum of the names of the module's strong...
Definition: ModuleUtils.cpp:207
llvm::ConstantArray::get
static Constant * get(ArrayType *T, ArrayRef< Constant * > V)
Definition: Constants.cpp:1290
isFullDominator
static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT)
Definition: SanitizerCoverage.cpp:558
llvm::SanitizerCoverageOptions::SCK_None
@ SCK_None
Definition: Instrumentation.h:143
llvm::CallBase::getCalledOperand
Value * getCalledOperand() const
Definition: InstrTypes.h:1389
SanCovTraceConstCmp4
const char SanCovTraceConstCmp4[]
Definition: SanitizerCoverage.cpp:50
SanCovTraceCmp8
const char SanCovTraceCmp8[]
Definition: SanitizerCoverage.cpp:47
llvm::GlobalValue::ExternalLinkage
@ ExternalLinkage
Externally visible function.
Definition: GlobalValue.h:48
llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition: Dominators.h:267
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
Definition: Type.cpp:222
llvm::SplitAllCriticalEdges
unsigned SplitAllCriticalEdges(Function &F, const CriticalEdgeSplittingOptions &Options=CriticalEdgeSplittingOptions())
Loop over all of the edges in the CFG, breaking critical edges as they are found.
Definition: BasicBlockUtils.cpp:767
llvm::Pass
Pass interface - Implemented by all 'passes'.
Definition: Pass.h:91
llvm::GlobalValue::PrivateLinkage
@ PrivateLinkage
Like Internal, but omit from symbol table.
Definition: GlobalValue.h:56
SmallVector.h
Dominators.h
llvm::ARCISD::CMP
@ CMP
Definition: ARCISelLowering.h:40
ModuleUtils.h
N
#define N
llvm::BlockAddress::get
static BlockAddress * get(Function *F, BasicBlock *BB)
Return a BlockAddress for the specified function and basic block.
Definition: Constants.cpp:1815
llvm::ArrayRef::size
size_t size() const
size - Get the array size.
Definition: ArrayRef.h:164
SanCovTraceDiv4
const char SanCovTraceDiv4[]
Definition: SanitizerCoverage.cpp:62
SanCtorAndDtorPriority
static const uint64_t SanCtorAndDtorPriority
Definition: SanitizerCoverage.cpp:71
llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:165
llvm::BasicBlock::getTerminator
const Instruction * getTerminator() const LLVM_READONLY
Returns the terminator instruction if the block is well formed or null if the block is not well forme...
Definition: BasicBlock.h:119
SanCovTraceConstCmp2
const char SanCovTraceConstCmp2[]
Definition: SanitizerCoverage.cpp:49
llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition: InstrTypes.h:1174
llvm::Type::getInt16Ty
static IntegerType * getInt16Ty(LLVMContext &C)
Definition: Type.cpp:238
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: InstructionSimplify.h:42
SanCovPCsInitName
const char SanCovPCsInitName[]
Definition: SanitizerCoverage.cpp:77
llvm::InnerAnalysisManagerProxy
An analysis over an "outer" IR unit that provides access to an analysis manager over an "inner" IR un...
Definition: PassManager.h:937
BB
Common register allocation spilling lr str ldr sxth r3 ldr mla r4 can lr mov lr str ldr sxth r3 mla r4 and then merge mul and lr str ldr sxth r3 mla r4 It also increase the likelihood the store may become dead bb27 Successors according to LLVM BB
Definition: README.txt:39
GEP
Hexagon Common GEP
Definition: HexagonCommonGEP.cpp:171
llvm::PostDominatorTreeAnalysis
Analysis pass which computes a PostDominatorTree.
Definition: PostDominators.h:47
llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition: PassAnalysisSupport.h:75
LLVMContext.h
From
BlockVerifier::State From
Definition: BlockVerifier.cpp:55
llvm::SwitchInst
Multiway switch.
Definition: Instructions.h:3230
llvm::DebugLoc
A debug info location.
Definition: DebugLoc.h:33
llvm::SplitBlockAndInsertIfThen
Instruction * SplitBlockAndInsertIfThen(Value *Cond, Instruction *SplitBefore, bool Unreachable, MDNode *BranchWeights, DominatorTree *DT, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition: BasicBlockUtils.cpp:1446
llvm::appendToGlobalCtors
void appendToGlobalCtors(Module &M, Function *F, int Priority, Constant *Data=nullptr)
Append F to the list of global ctors of module M with the given Priority.
Definition: ModuleUtils.cpp:65
llvm::cl::desc
Definition: CommandLine.h:405
llvm::SanitizerCoverageOptions::IndirectCalls
bool IndirectCalls
Definition: Instrumentation.h:148
llvm::GlobalValue::ExternalWeakLinkage
@ ExternalWeakLinkage
ExternalWeak linkage description.
Definition: GlobalValue.h:57
SanCovStore2
const char SanCovStore2[]
Definition: SanitizerCoverage.cpp:58
BasicBlockUtils.h
llvm::PostDominatorTree::dominates
bool dominates(const Instruction *I1, const Instruction *I2) const
Return true if I1 dominates I2.
Definition: PostDominators.cpp:54
llvm::GlobalValue::setVisibility
void setVisibility(VisibilityTypes V)
Definition: GlobalValue.h:240
SanCovStore1
const char SanCovStore1[]
Definition: SanitizerCoverage.cpp:57
InitializePasses.h
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
IsBackEdge
static bool IsBackEdge(BasicBlock *From, BasicBlock *To, const DominatorTree *DT)
Definition: SanitizerCoverage.cpp:613
SanCovLoad8
const char SanCovLoad8[]
Definition: SanitizerCoverage.cpp:55
llvm::createModuleSanitizerCoverageLegacyPassPass
ModulePass * createModuleSanitizerCoverageLegacyPassPass(const SanitizerCoverageOptions &Options=SanitizerCoverageOptions(), const std::vector< std::string > &AllowlistFiles=std::vector< std::string >(), const std::vector< std::string > &BlocklistFiles=std::vector< std::string >())
Definition: SanitizerCoverage.cpp:1088
SanCovCountersSectionName
const char SanCovCountersSectionName[]
Definition: SanitizerCoverage.cpp:80
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition: Use.h:43
llvm::Intrinsic::ID
unsigned ID
Definition: TargetTransformInfo.h:38
ClStackDepth
static cl::opt< bool > ClStackDepth("sanitizer-coverage-stack-depth", cl::desc("max stack depth tracing"), cl::Hidden, cl::init(false))
Generated on Mon Jun 27 2022 03:29:43 for LLVM by   doxygen 1.8.17