LLVM  14.0.0git
SanitizerCoverage.cpp
Go to the documentation of this file.
1 //===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Coverage instrumentation done on LLVM IR level, works with Sanitizers.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
14 #include "llvm/ADT/ArrayRef.h"
15 #include "llvm/ADT/SmallVector.h"
16 #include "llvm/Analysis/EHPersonalities.h"
17 #include "llvm/Analysis/PostDominators.h"
18 #include "llvm/IR/CFG.h"
19 #include "llvm/IR/Constant.h"
20 #include "llvm/IR/DataLayout.h"
21 #include "llvm/IR/DebugInfo.h"
22 #include "llvm/IR/Dominators.h"
23 #include "llvm/IR/Function.h"
24 #include "llvm/IR/GlobalVariable.h"
25 #include "llvm/IR/IRBuilder.h"
26 #include "llvm/IR/InlineAsm.h"
27 #include "llvm/IR/IntrinsicInst.h"
28 #include "llvm/IR/Intrinsics.h"
29 #include "llvm/IR/LLVMContext.h"
30 #include "llvm/IR/MDBuilder.h"
31 #include "llvm/IR/Mangler.h"
32 #include "llvm/IR/Module.h"
33 #include "llvm/IR/Type.h"
34 #include "llvm/InitializePasses.h"
35 #include "llvm/Support/CommandLine.h"
36 #include "llvm/Support/Debug.h"
37 #include "llvm/Support/SpecialCaseList.h"
38 #include "llvm/Support/VirtualFileSystem.h"
39 #include "llvm/Support/raw_ostream.h"
40 #include "llvm/Transforms/Instrumentation.h"
41 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
42 #include "llvm/Transforms/Utils/ModuleUtils.h"
43 
44 using namespace llvm;
45 
46 #define DEBUG_TYPE "sancov"
47 
48 const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir";
49 const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc";
50 const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1";
51 const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2";
52 const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4";
53 const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8";
54 const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1";
55 const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2";
56 const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4";
57 const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8";
58 const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4";
59 const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8";
60 const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep";
61 const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch";
62 const char SanCovModuleCtorTracePcGuardName[] =
63  "sancov.module_ctor_trace_pc_guard";
64 const char SanCovModuleCtor8bitCountersName[] =
65  "sancov.module_ctor_8bit_counters";
66 const char SanCovModuleCtorBoolFlagName[] = "sancov.module_ctor_bool_flag";
67 static const uint64_t SanCtorAndDtorPriority = 2;
68 
69 const char SanCovTracePCGuardName[] = "__sanitizer_cov_trace_pc_guard";
70 const char SanCovTracePCGuardInitName[] = "__sanitizer_cov_trace_pc_guard_init";
71 const char SanCov8bitCountersInitName[] = "__sanitizer_cov_8bit_counters_init";
72 const char SanCovBoolFlagInitName[] = "__sanitizer_cov_bool_flag_init";
73 const char SanCovPCsInitName[] = "__sanitizer_cov_pcs_init";
74 
75 const char SanCovGuardsSectionName[] = "sancov_guards";
76 const char SanCovCountersSectionName[] = "sancov_cntrs";
77 const char SanCovBoolFlagSectionName[] = "sancov_bools";
78 const char SanCovPCsSectionName[] = "sancov_pcs";
79 
80 const char SanCovLowestStackName[] = "__sancov_lowest_stack";
81 
82 static cl::opt<int> ClCoverageLevel(
83  "sanitizer-coverage-level",
84  cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
85  "3: all blocks and critical edges"),
86  cl::Hidden, cl::init(0));
87 
88 static cl::opt<bool> ClTracePC("sanitizer-coverage-trace-pc",
89  cl::desc("Experimental pc tracing"), cl::Hidden,
90  cl::init(false));
91 
92 static cl::opt<bool> ClTracePCGuard("sanitizer-coverage-trace-pc-guard",
93  cl::desc("pc tracing with a guard"),
94  cl::Hidden, cl::init(false));
95 
96 // If true, we create a global variable that contains PCs of all instrumented
97 // BBs, put this global into a named section, and pass this section's bounds
98 // to __sanitizer_cov_pcs_init.
99 // This way the coverage instrumentation does not need to acquire the PCs
100 // at run-time. Works with trace-pc-guard, inline-8bit-counters, and
101 // inline-bool-flag.
102 static cl::opt<bool> ClCreatePCTable("sanitizer-coverage-pc-table",
103  cl::desc("create a static PC table"),
104  cl::Hidden, cl::init(false));
105 
106 static cl::opt<bool>
107  ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters",
108  cl::desc("increments 8-bit counter for every edge"),
109  cl::Hidden, cl::init(false));
110 
111 static cl::opt<bool>
112  ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag",
113  cl::desc("sets a boolean flag for every edge"), cl::Hidden,
114  cl::init(false));
115 
116 static cl::opt<bool>
117  ClCMPTracing("sanitizer-coverage-trace-compares",
118  cl::desc("Tracing of CMP and similar instructions"),
119  cl::Hidden, cl::init(false));
120 
121 static cl::opt<bool> ClDIVTracing("sanitizer-coverage-trace-divs",
122  cl::desc("Tracing of DIV instructions"),
123  cl::Hidden, cl::init(false));
124 
125 static cl::opt<bool> ClGEPTracing("sanitizer-coverage-trace-geps",
126  cl::desc("Tracing of GEP instructions"),
127  cl::Hidden, cl::init(false));
128 
129 static cl::opt<bool>
130  ClPruneBlocks("sanitizer-coverage-prune-blocks",
131  cl::desc("Reduce the number of instrumented blocks"),
132  cl::Hidden, cl::init(true));
133 
134 static cl::opt<bool> ClStackDepth("sanitizer-coverage-stack-depth",
135  cl::desc("max stack depth tracing"),
136  cl::Hidden, cl::init(false));
137 
138 namespace {
139 
140 SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
141  SanitizerCoverageOptions Res;
142  switch (LegacyCoverageLevel) {
143  case 0:
144  Res.CoverageType = SanitizerCoverageOptions::SCK_None;
145  break;
146  case 1:
147  Res.CoverageType = SanitizerCoverageOptions::SCK_Function;
148  break;
149  case 2:
150  Res.CoverageType = SanitizerCoverageOptions::SCK_BB;
151  break;
152  case 3:
153  Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
154  break;
155  case 4:
156  Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
157  Res.IndirectCalls = true;
158  break;
159  }
160  return Res;
161 }
162 
163 SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
164  // Sets CoverageType and IndirectCalls.
165  SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel);
166  Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType);
167  Options.IndirectCalls |= CLOpts.IndirectCalls;
168  Options.TraceCmp |= ClCMPTracing;
169  Options.TraceDiv |= ClDIVTracing;
170  Options.TraceGep |= ClGEPTracing;
171  Options.TracePC |= ClTracePC;
172  Options.TracePCGuard |= ClTracePCGuard;
173  Options.Inline8bitCounters |= ClInline8bitCounters;
174  Options.InlineBoolFlag |= ClInlineBoolFlag;
175  Options.PCTable |= ClCreatePCTable;
176  Options.NoPrune |= !ClPruneBlocks;
177  Options.StackDepth |= ClStackDepth;
178  if (!Options.TracePCGuard && !Options.TracePC &&
179  !Options.Inline8bitCounters && !Options.StackDepth &&
180  !Options.InlineBoolFlag)
181  Options.TracePCGuard = true; // TracePCGuard is default.
182  return Options;
183 }
184 
185 using DomTreeCallback = function_ref<const DominatorTree *(Function &F)>;
186 using PostDomTreeCallback =
187  function_ref<const PostDominatorTree *(Function &F)>;
188 
189 class ModuleSanitizerCoverage {
190 public:
191  ModuleSanitizerCoverage(
192  const SanitizerCoverageOptions &Options = SanitizerCoverageOptions(),
193  const SpecialCaseList *Allowlist = nullptr,
194  const SpecialCaseList *Blocklist = nullptr)
195  : Options(OverrideFromCL(Options)), Allowlist(Allowlist),
196  Blocklist(Blocklist) {}
197  bool instrumentModule(Module &M, DomTreeCallback DTCallback,
198  PostDomTreeCallback PDTCallback);
199 
200 private:
201  void instrumentFunction(Function &F, DomTreeCallback DTCallback,
202  PostDomTreeCallback PDTCallback);
203  void InjectCoverageForIndirectCalls(Function &F,
204  ArrayRef<Instruction *> IndirCalls);
205  void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets);
206  void InjectTraceForDiv(Function &F,
207  ArrayRef<BinaryOperator *> DivTraceTargets);
208  void InjectTraceForGep(Function &F,
209  ArrayRef<GetElementPtrInst *> GepTraceTargets);
210  void InjectTraceForSwitch(Function &F,
211  ArrayRef<Instruction *> SwitchTraceTargets);
212  bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
213  bool IsLeafFunc = true);
214  GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
215  Function &F, Type *Ty,
216  const char *Section);
217  GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
218  void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
219  void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
220  bool IsLeafFunc = true);
221  Function *CreateInitCallsForSections(Module &M, const char *CtorName,
222  const char *InitFunctionName, Type *Ty,
223  const char *Section);
224  std::pair<Value *, Value *> CreateSecStartEnd(Module &M, const char *Section,
225  Type *Ty);
226 
227  void SetNoSanitizeMetadata(Instruction *I) {
228  I->setMetadata(I->getModule()->getMDKindID("nosanitize"),
229  MDNode::get(*C, None));
230  }
231 
232  std::string getSectionName(const std::string &Section) const;
233  std::string getSectionStart(const std::string &Section) const;
234  std::string getSectionEnd(const std::string &Section) const;
235  FunctionCallee SanCovTracePCIndir;
236  FunctionCallee SanCovTracePC, SanCovTracePCGuard;
237  FunctionCallee SanCovTraceCmpFunction[4];
238  FunctionCallee SanCovTraceConstCmpFunction[4];
239  FunctionCallee SanCovTraceDivFunction[2];
240  FunctionCallee SanCovTraceGepFunction;
241  FunctionCallee SanCovTraceSwitchFunction;
242  GlobalVariable *SanCovLowestStack;
243  Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy,
244  *Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy;
245  Module *CurModule;
246  std::string CurModuleUniqueId;
247  Triple TargetTriple;
248  LLVMContext *C;
249  const DataLayout *DL;
250 
251  GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
252  GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
253  GlobalVariable *FunctionBoolArray; // for inline-bool-flag.
254  GlobalVariable *FunctionPCsArray; // for pc-table.
255  SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
256  SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;
257 
258  SanitizerCoverageOptions Options;
259 
260  const SpecialCaseList *Allowlist;
261  const SpecialCaseList *Blocklist;
262 };
263 
264 class ModuleSanitizerCoverageLegacyPass : public ModulePass {
265 public:
266  ModuleSanitizerCoverageLegacyPass(
267  const SanitizerCoverageOptions &Options = SanitizerCoverageOptions(),
268  const std::vector<std::string> &AllowlistFiles =
269  std::vector<std::string>(),
270  const std::vector<std::string> &BlocklistFiles =
271  std::vector<std::string>())
272  : ModulePass(ID), Options(Options) {
273  if (AllowlistFiles.size() > 0)
274  Allowlist = SpecialCaseList::createOrDie(AllowlistFiles,
275  *vfs::getRealFileSystem());
276  if (BlocklistFiles.size() > 0)
277  Blocklist = SpecialCaseList::createOrDie(BlocklistFiles,
278  *vfs::getRealFileSystem());
279  initializeModuleSanitizerCoverageLegacyPassPass(
280  *PassRegistry::getPassRegistry());
281  }
282  bool runOnModule(Module &M) override {
283  ModuleSanitizerCoverage ModuleSancov(Options, Allowlist.get(),
284  Blocklist.get());
285  auto DTCallback = [this](Function &F) -> const DominatorTree * {
286  return &this->getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
287  };
288  auto PDTCallback = [this](Function &F) -> const PostDominatorTree * {
289  return &this->getAnalysis<PostDominatorTreeWrapperPass>(F)
290  .getPostDomTree();
291  };
292  return ModuleSancov.instrumentModule(M, DTCallback, PDTCallback);
293  }
294 
295  static char ID; // Pass identification, replacement for typeid
296  StringRef getPassName() const override { return "ModuleSanitizerCoverage"; }
297 
298  void getAnalysisUsage(AnalysisUsage &AU) const override {
299  AU.addRequired<DominatorTreeWrapperPass>();
300  AU.addRequired<PostDominatorTreeWrapperPass>();
301  }
302 
303 private:
304  SanitizerCoverageOptions Options;
305 
306  std::unique_ptr<SpecialCaseList> Allowlist;
307  std::unique_ptr<SpecialCaseList> Blocklist;
308 };
309 
310 } // namespace
311 
312 PreservedAnalyses ModuleSanitizerCoveragePass::run(Module &M,
313  ModuleAnalysisManager &MAM) {
314  ModuleSanitizerCoverage ModuleSancov(Options, Allowlist.get(),
315  Blocklist.get());
316  auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
317  auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
318  return &FAM.getResult<DominatorTreeAnalysis>(F);
319  };
320  auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree * {
321  return &FAM.getResult<PostDominatorTreeAnalysis>(F);
322  };
323  if (ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
324  return PreservedAnalyses::none();
325  return PreservedAnalyses::all();
326 }
327 
328 std::pair<Value *, Value *>
329 ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
330  Type *Ty) {
331  // Use ExternalWeak so that if all sections are discarded due to section
332  // garbage collection, the linker will not report undefined symbol errors.
333  // Windows defines the start/stop symbols in compiler-rt so no need for
334  // ExternalWeak.
335  GlobalValue::LinkageTypes Linkage = TargetTriple.isOSBinFormatCOFF()
336  ? GlobalVariable::ExternalLinkage
337  : GlobalVariable::ExternalWeakLinkage;
338  GlobalVariable *SecStart =
339  new GlobalVariable(M, Ty, false, Linkage, nullptr,
340  getSectionStart(Section));
341  SecStart->setVisibility(GlobalValue::HiddenVisibility);
342  GlobalVariable *SecEnd =
343  new GlobalVariable(M, Ty, false, Linkage, nullptr,
344  getSectionEnd(Section));
345  SecEnd->setVisibility(GlobalValue::HiddenVisibility);
346  IRBuilder<> IRB(M.getContext());
347  if (!TargetTriple.isOSBinFormatCOFF())
348  return std::make_pair(SecStart, SecEnd);
349 
350  // Account for the fact that on windows-msvc __start_* symbols actually
351  // point to a uint64_t before the start of the array.
352  auto SecStartI8Ptr = IRB.CreatePointerCast(SecStart, Int8PtrTy);
353  auto GEP = IRB.CreateGEP(Int8Ty, SecStartI8Ptr,
354  ConstantInt::get(IntptrTy, sizeof(uint64_t)));
355  return std::make_pair(IRB.CreatePointerCast(GEP, PointerType::getUnqual(Ty)),
356  SecEnd);
357 }
358 
359 Function *ModuleSanitizerCoverage::CreateInitCallsForSections(
360  Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty,
361  const char *Section) {
362  auto SecStartEnd = CreateSecStartEnd(M, Section, Ty);
363  auto SecStart = SecStartEnd.first;
364  auto SecEnd = SecStartEnd.second;
365  Function *CtorFunc;
366  Type *PtrTy = PointerType::getUnqual(Ty);
367  std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
368  M, CtorName, InitFunctionName, {PtrTy, PtrTy}, {SecStart, SecEnd});
369  assert(CtorFunc->getName() == CtorName);
370 
371  if (TargetTriple.supportsCOMDAT()) {
372  // Use comdat to dedup CtorFunc.
373  CtorFunc->setComdat(M.getOrInsertComdat(CtorName));
374  appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority, CtorFunc);
375  } else {
376  appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority);
377  }
378 
379  if (TargetTriple.isOSBinFormatCOFF()) {
380  // In COFF files, if the contructors are set as COMDAT (they are because
381  // COFF supports COMDAT) and the linker flag /OPT:REF (strip unreferenced
382  // functions and data) is used, the constructors get stripped. To prevent
383  // this, give the constructors weak ODR linkage and ensure the linker knows
384  // to include the sancov constructor. This way the linker can deduplicate
385  // the constructors but always leave one copy.
386  CtorFunc->setLinkage(GlobalValue::WeakODRLinkage);
387  }
388  return CtorFunc;
389 }
390 
391 bool ModuleSanitizerCoverage::instrumentModule(
392  Module &M, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
393  if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
394  return false;
395  if (Allowlist &&
396  !Allowlist->inSection("coverage", "src", M.getSourceFileName()))
397  return false;
398  if (Blocklist &&
399  Blocklist->inSection("coverage", "src", M.getSourceFileName()))
400  return false;
401  C = &(M.getContext());
402  DL = &M.getDataLayout();
403  CurModule = &M;
404  CurModuleUniqueId = getUniqueModuleId(CurModule);
405  TargetTriple = Triple(M.getTargetTriple());
406  FunctionGuardArray = nullptr;
407  Function8bitCounterArray = nullptr;
408  FunctionBoolArray = nullptr;
409  FunctionPCsArray = nullptr;
410  IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
411  IntptrPtrTy = PointerType::getUnqual(IntptrTy);
412  Type *VoidTy = Type::getVoidTy(*C);
413  IRBuilder<> IRB(*C);
414  Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
415  Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
416  Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty());
417  Int1PtrTy = PointerType::getUnqual(IRB.getInt1Ty());
418  Int64Ty = IRB.getInt64Ty();
419  Int32Ty = IRB.getInt32Ty();
420  Int16Ty = IRB.getInt16Ty();
421  Int8Ty = IRB.getInt8Ty();
422  Int1Ty = IRB.getInt1Ty();
423 
424  SanCovTracePCIndir =
425  M.getOrInsertFunction(SanCovTracePCIndirName, VoidTy, IntptrTy);
426  // Make sure smaller parameters are zero-extended to i64 if required by the
427  // target ABI.
428  AttributeList SanCovTraceCmpZeroExtAL;
429  SanCovTraceCmpZeroExtAL =
430  SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 0, Attribute::ZExt);
431  SanCovTraceCmpZeroExtAL =
432  SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 1, Attribute::ZExt);
433 
434  SanCovTraceCmpFunction[0] =
435  M.getOrInsertFunction(SanCovTraceCmp1, SanCovTraceCmpZeroExtAL, VoidTy,
436  IRB.getInt8Ty(), IRB.getInt8Ty());
437  SanCovTraceCmpFunction[1] =
438  M.getOrInsertFunction(SanCovTraceCmp2, SanCovTraceCmpZeroExtAL, VoidTy,
439  IRB.getInt16Ty(), IRB.getInt16Ty());
440  SanCovTraceCmpFunction[2] =
441  M.getOrInsertFunction(SanCovTraceCmp4, SanCovTraceCmpZeroExtAL, VoidTy,
442  IRB.getInt32Ty(), IRB.getInt32Ty());
443  SanCovTraceCmpFunction[3] =
444  M.getOrInsertFunction(SanCovTraceCmp8, VoidTy, Int64Ty, Int64Ty);
445 
446  SanCovTraceConstCmpFunction[0] = M.getOrInsertFunction(
447  SanCovTraceConstCmp1, SanCovTraceCmpZeroExtAL, VoidTy, Int8Ty, Int8Ty);
448  SanCovTraceConstCmpFunction[1] = M.getOrInsertFunction(
449  SanCovTraceConstCmp2, SanCovTraceCmpZeroExtAL, VoidTy, Int16Ty, Int16Ty);
450  SanCovTraceConstCmpFunction[2] = M.getOrInsertFunction(
451  SanCovTraceConstCmp4, SanCovTraceCmpZeroExtAL, VoidTy, Int32Ty, Int32Ty);
452  SanCovTraceConstCmpFunction[3] =
453  M.getOrInsertFunction(SanCovTraceConstCmp8, VoidTy, Int64Ty, Int64Ty);
454 
455  {
456  AttributeList AL;
457  AL = AL.addParamAttribute(*C, 0, Attribute::ZExt);
458  SanCovTraceDivFunction[0] =
459  M.getOrInsertFunction(SanCovTraceDiv4, AL, VoidTy, IRB.getInt32Ty());
460  }
461  SanCovTraceDivFunction[1] =
462  M.getOrInsertFunction(SanCovTraceDiv8, VoidTy, Int64Ty);
463  SanCovTraceGepFunction =
464  M.getOrInsertFunction(SanCovTraceGep, VoidTy, IntptrTy);
465  SanCovTraceSwitchFunction =
466  M.getOrInsertFunction(SanCovTraceSwitchName, VoidTy, Int64Ty, Int64PtrTy);
467 
468  Constant *SanCovLowestStackConstant =
469  M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy);
470  SanCovLowestStack = dyn_cast<GlobalVariable>(SanCovLowestStackConstant);
471  if (!SanCovLowestStack || SanCovLowestStack->getValueType() != IntptrTy) {
472  C->emitError(StringRef("'") + SanCovLowestStackName +
473  "' should not be declared by the user");
474  return true;
475  }
476  SanCovLowestStack->setThreadLocalMode(
477  GlobalValue::ThreadLocalMode::InitialExecTLSModel);
478  if (Options.StackDepth && !SanCovLowestStack->isDeclaration())
479  SanCovLowestStack->setInitializer(Constant::getAllOnesValue(IntptrTy));
480 
481  SanCovTracePC = M.getOrInsertFunction(SanCovTracePCName, VoidTy);
482  SanCovTracePCGuard =
483  M.getOrInsertFunction(SanCovTracePCGuardName, VoidTy, Int32PtrTy);
484 
485  for (auto &F : M)
486  instrumentFunction(F, DTCallback, PDTCallback);
487 
488  Function *Ctor = nullptr;
489 
490  if (FunctionGuardArray)
491  Ctor = CreateInitCallsForSections(M, SanCovModuleCtorTracePcGuardName,
492  SanCovTracePCGuardInitName, Int32Ty,
493  SanCovGuardsSectionName);
494  if (Function8bitCounterArray)
495  Ctor = CreateInitCallsForSections(M, SanCovModuleCtor8bitCountersName,
496  SanCov8bitCountersInitName, Int8Ty,
497  SanCovCountersSectionName);
498  if (FunctionBoolArray) {
499  Ctor = CreateInitCallsForSections(M, SanCovModuleCtorBoolFlagName,
500  SanCovBoolFlagInitName, Int1Ty,
501  SanCovBoolFlagSectionName);
502  }
503  if (Ctor && Options.PCTable) {
504  auto SecStartEnd = CreateSecStartEnd(M, SanCovPCsSectionName, IntptrTy);
505  FunctionCallee InitFunction = declareSanitizerInitFunction(
506  M, SanCovPCsInitName, {IntptrPtrTy, IntptrPtrTy});
507  IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
508  IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
509  }
510  appendToUsed(M, GlobalsToAppendToUsed);
511  appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);
512  return true;
513 }
514 
515 // True if block has successors and it dominates all of them.
516 static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) {
517  if (succ_empty(BB))
518  return false;
519 
520  return llvm::all_of(successors(BB), [&](const BasicBlock *SUCC) {
521  return DT->dominates(BB, SUCC);
522  });
523 }
524 
525 // True if block has predecessors and it postdominates all of them.
526 static bool isFullPostDominator(const BasicBlock *BB,
527  const PostDominatorTree *PDT) {
528  if (pred_empty(BB))
529  return false;
530 
531  return llvm::all_of(predecessors(BB), [&](const BasicBlock *PRED) {
532  return PDT->dominates(BB, PRED);
533  });
534 }
535 
536 static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
537  const DominatorTree *DT,
538  const PostDominatorTree *PDT,
539  const SanitizerCoverageOptions &Options) {
540  // Don't insert coverage for blocks containing nothing but unreachable: we
541  // will never call __sanitizer_cov() for them, so counting them in
542  // NumberOfInstrumentedBlocks() might complicate calculation of code coverage
543  // percentage. Also, unreachable instructions frequently have no debug
544  // locations.
545  if (isa<UnreachableInst>(BB->getFirstNonPHIOrDbgOrLifetime()))
546  return false;
547 
548  // Don't insert coverage into blocks without a valid insertion point
549  // (catchswitch blocks).
550  if (BB->getFirstInsertionPt() == BB->end())
551  return false;
552 
553  if (Options.NoPrune || &F.getEntryBlock() == BB)
554  return true;
555 
556  if (Options.CoverageType == SanitizerCoverageOptions::SCK_Function &&
557  &F.getEntryBlock() != BB)
558  return false;
559 
560  // Do not instrument full dominators, or full post-dominators with multiple
561  // predecessors.
562  return !isFullDominator(BB, DT)
563  && !(isFullPostDominator(BB, PDT) && !BB->getSinglePredecessor());
564 }
565 
566 
567 // Returns true iff From->To is a backedge.
568 // A twist here is that we treat From->To as a backedge if
569 // * To dominates From or
570 // * To->UniqueSuccessor dominates From
571 static bool IsBackEdge(BasicBlock *From, BasicBlock *To,
572  const DominatorTree *DT) {
573  if (DT->dominates(To, From))
574  return true;
575  if (auto Next = To->getUniqueSuccessor())
576  if (DT->dominates(Next, From))
577  return true;
578  return false;
579 }
580 
581 // Prunes uninteresting Cmp instrumentation:
582 // * CMP instructions that feed into loop backedge branch.
583 //
584 // Note that Cmp pruning is controlled by the same flag as the
585 // BB pruning.
586 static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT,
587  const SanitizerCoverageOptions &Options) {
588  if (!Options.NoPrune)
589  if (CMP->hasOneUse())
590  if (auto BR = dyn_cast<BranchInst>(CMP->user_back()))
591  for (BasicBlock *B : BR->successors())
592  if (IsBackEdge(BR->getParent(), B, DT))
593  return false;
594  return true;
595 }
596 
597 void ModuleSanitizerCoverage::instrumentFunction(
598  Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
599  if (F.empty())
600  return;
601  if (F.getName().find(".module_ctor") != std::string::npos)
602  return; // Should not instrument sanitizer init functions.
603  if (F.getName().startswith("__sanitizer_"))
604  return; // Don't instrument __sanitizer_* callbacks.
605  // Don't touch available_externally functions, their actual body is elewhere.
606  if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
607  return;
608  // Don't instrument MSVC CRT configuration helpers. They may run before normal
609  // initialization.
610  if (F.getName() == "__local_stdio_printf_options" ||
611  F.getName() == "__local_stdio_scanf_options")
612  return;
613  if (isa<UnreachableInst>(F.getEntryBlock().getTerminator()))
614  return;
615  // Don't instrument functions using SEH for now. Splitting basic blocks like
616  // we do for coverage breaks WinEHPrepare.
617  // FIXME: Remove this when SEH no longer uses landingpad pattern matching.
618  if (F.hasPersonalityFn() &&
619  isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
620  return;
621  if (Allowlist && !Allowlist->inSection("coverage", "fun", F.getName()))
622  return;
623  if (Blocklist && Blocklist->inSection("coverage", "fun", F.getName()))
624  return;
625  if (F.hasFnAttribute(Attribute::NoSanitizeCoverage))
626  return;
627  if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge)
628  SplitAllCriticalEdges(F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests());
629  SmallVector<Instruction *, 8> IndirCalls;
630  SmallVector<BasicBlock *, 16> BlocksToInstrument;
631  SmallVector<Instruction *, 8> CmpTraceTargets;
632  SmallVector<Instruction *, 8> SwitchTraceTargets;
633  SmallVector<BinaryOperator *, 8> DivTraceTargets;
634  SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
635 
636  const DominatorTree *DT = DTCallback(F);
637  const PostDominatorTree *PDT = PDTCallback(F);
638  bool IsLeafFunc = true;
639 
640  for (auto &BB : F) {
641  if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
642  BlocksToInstrument.push_back(&BB);
643  for (auto &Inst : BB) {
644  if (Options.IndirectCalls) {
645  CallBase *CB = dyn_cast<CallBase>(&Inst);
646  if (CB && !CB->getCalledFunction())
647  IndirCalls.push_back(&Inst);
648  }
649  if (Options.TraceCmp) {
650  if (ICmpInst *CMP = dyn_cast<ICmpInst>(&Inst))
651  if (IsInterestingCmp(CMP, DT, Options))
652  CmpTraceTargets.push_back(&Inst);
653  if (isa<SwitchInst>(&Inst))
654  SwitchTraceTargets.push_back(&Inst);
655  }
656  if (Options.TraceDiv)
657  if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&Inst))
658  if (BO->getOpcode() == Instruction::SDiv ||
659  BO->getOpcode() == Instruction::UDiv)
660  DivTraceTargets.push_back(BO);
661  if (Options.TraceGep)
662  if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
663  GepTraceTargets.push_back(GEP);
664  if (Options.StackDepth)
665  if (isa<InvokeInst>(Inst) ||
666  (isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
667  IsLeafFunc = false;
668  }
669  }
670 
671  InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
672  InjectCoverageForIndirectCalls(F, IndirCalls);
673  InjectTraceForCmp(F, CmpTraceTargets);
674  InjectTraceForSwitch(F, SwitchTraceTargets);
675  InjectTraceForDiv(F, DivTraceTargets);
676  InjectTraceForGep(F, GepTraceTargets);
677 }
678 
679 GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
680  size_t NumElements, Function &F, Type *Ty, const char *Section) {
681  ArrayType *ArrayTy = ArrayType::get(Ty, NumElements);
682  auto Array = new GlobalVariable(
683  *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage,
684  Constant::getNullValue(ArrayTy), "__sancov_gen_");
685 
686  if (TargetTriple.supportsCOMDAT() &&
687  (TargetTriple.isOSBinFormatELF() || !F.isInterposable()))
688  if (auto Comdat = getOrCreateFunctionComdat(F, TargetTriple))
689  Array->setComdat(Comdat);
690  Array->setSection(getSectionName(Section));
691  Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedSize()));
692 
693  // sancov_pcs parallels the other metadata section(s). Optimizers (e.g.
694  // GlobalOpt/ConstantMerge) may not discard sancov_pcs and the other
695  // section(s) as a unit, so we conservatively retain all unconditionally in
696  // the compiler.
697  //
698  // With comdat (COFF/ELF), the linker can guarantee the associated sections
699  // will be retained or discarded as a unit, so llvm.compiler.used is
700  // sufficient. Otherwise, conservatively make all of them retained by the
701  // linker.
702  if (Array->hasComdat())
703  GlobalsToAppendToCompilerUsed.push_back(Array);
704  else
705  GlobalsToAppendToUsed.push_back(Array);
706 
707  return Array;
708 }
709 
710 GlobalVariable *
711 ModuleSanitizerCoverage::CreatePCArray(Function &F,
712  ArrayRef<BasicBlock *> AllBlocks) {
713  size_t N = AllBlocks.size();
714  assert(N);
715  SmallVector<Constant *, 32> PCs;
716  IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt());
717  for (size_t i = 0; i < N; i++) {
718  if (&F.getEntryBlock() == AllBlocks[i]) {
719  PCs.push_back((Constant *)IRB.CreatePointerCast(&F, IntptrPtrTy));
720  PCs.push_back((Constant *)IRB.CreateIntToPtr(
721  ConstantInt::get(IntptrTy, 1), IntptrPtrTy));
722  } else {
723  PCs.push_back((Constant *)IRB.CreatePointerCast(
724  BlockAddress::get(AllBlocks[i]), IntptrPtrTy));
725  PCs.push_back((Constant *)IRB.CreateIntToPtr(
726  ConstantInt::get(IntptrTy, 0), IntptrPtrTy));
727  }
728  }
729  auto *PCArray = CreateFunctionLocalArrayInSection(N * 2, F, IntptrPtrTy,
730  SanCovPCsSectionName);
731  PCArray->setInitializer(
732  ConstantArray::get(ArrayType::get(IntptrPtrTy, N * 2), PCs));
733  PCArray->setConstant(true);
734 
735  return PCArray;
736 }
737 
738 void ModuleSanitizerCoverage::CreateFunctionLocalArrays(
739  Function &F, ArrayRef<BasicBlock *> AllBlocks) {
740  if (Options.TracePCGuard)
741  FunctionGuardArray = CreateFunctionLocalArrayInSection(
742  AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName);
743 
744  if (Options.Inline8bitCounters)
745  Function8bitCounterArray = CreateFunctionLocalArrayInSection(
746  AllBlocks.size(), F, Int8Ty, SanCovCountersSectionName);
747  if (Options.InlineBoolFlag)
748  FunctionBoolArray = CreateFunctionLocalArrayInSection(
749  AllBlocks.size(), F, Int1Ty, SanCovBoolFlagSectionName);
750 
751  if (Options.PCTable)
752  FunctionPCsArray = CreatePCArray(F, AllBlocks);
753 }
754 
755 bool ModuleSanitizerCoverage::InjectCoverage(Function &F,
756  ArrayRef<BasicBlock *> AllBlocks,
757  bool IsLeafFunc) {
758  if (AllBlocks.empty()) return false;
759  CreateFunctionLocalArrays(F, AllBlocks);
760  for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
761  InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
762  return true;
763 }
764 
765 // On every indirect call we call a run-time function
766 // __sanitizer_cov_indir_call* with two parameters:
767 // - callee address,
768 // - global cache array that contains CacheSize pointers (zero-initialized).
769 // The cache is used to speed up recording the caller-callee pairs.
770 // The address of the caller is passed implicitly via caller PC.
771 // CacheSize is encoded in the name of the run-time function.
772 void ModuleSanitizerCoverage::InjectCoverageForIndirectCalls(
773  Function &F, ArrayRef<Instruction *> IndirCalls) {
774  if (IndirCalls.empty())
775  return;
776  assert(Options.TracePC || Options.TracePCGuard ||
777  Options.Inline8bitCounters || Options.InlineBoolFlag);
778  for (auto I : IndirCalls) {
779  IRBuilder<> IRB(I);
780  CallBase &CB = cast<CallBase>(*I);
781  Value *Callee = CB.getCalledOperand();
782  if (isa<InlineAsm>(Callee))
783  continue;
784  IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
785  }
786 }
787 
788 // For every switch statement we insert a call:
789 // __sanitizer_cov_trace_switch(CondValue,
790 // {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... })
791 
792 void ModuleSanitizerCoverage::InjectTraceForSwitch(
793  Function &, ArrayRef<Instruction *> SwitchTraceTargets) {
794  for (auto I : SwitchTraceTargets) {
795  if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) {
796  IRBuilder<> IRB(I);
797  SmallVector<Constant *, 16> Initializers;
798  Value *Cond = SI->getCondition();
799  if (Cond->getType()->getScalarSizeInBits() >
800  Int64Ty->getScalarSizeInBits())
801  continue;
802  Initializers.push_back(ConstantInt::get(Int64Ty, SI->getNumCases()));
803  Initializers.push_back(
804  ConstantInt::get(Int64Ty, Cond->getType()->getScalarSizeInBits()));
805  if (Cond->getType()->getScalarSizeInBits() <
806  Int64Ty->getScalarSizeInBits())
807  Cond = IRB.CreateIntCast(Cond, Int64Ty, false);
808  for (auto It : SI->cases()) {
809  Constant *C = It.getCaseValue();
810  if (C->getType()->getScalarSizeInBits() <
811  Int64Ty->getScalarSizeInBits())
812  C = ConstantExpr::getCast(CastInst::ZExt, It.getCaseValue(), Int64Ty);
813  Initializers.push_back(C);
814  }
815  llvm::sort(drop_begin(Initializers, 2),
816  [](const Constant *A, const Constant *B) {
817  return cast<ConstantInt>(A)->getLimitedValue() <
818  cast<ConstantInt>(B)->getLimitedValue();
819  });
820  ArrayType *ArrayOfInt64Ty = ArrayType::get(Int64Ty, Initializers.size());
821  GlobalVariable *GV = new GlobalVariable(
822  *CurModule, ArrayOfInt64Ty, false, GlobalVariable::InternalLinkage,
823  ConstantArray::get(ArrayOfInt64Ty, Initializers),
824  "__sancov_gen_cov_switch_values");
825  IRB.CreateCall(SanCovTraceSwitchFunction,
826  {Cond, IRB.CreatePointerCast(GV, Int64PtrTy)});
827  }
828  }
829 }
830 
831 void ModuleSanitizerCoverage::InjectTraceForDiv(
832  Function &, ArrayRef<BinaryOperator *> DivTraceTargets) {
833  for (auto BO : DivTraceTargets) {
834  IRBuilder<> IRB(BO);
835  Value *A1 = BO->getOperand(1);
836  if (isa<ConstantInt>(A1)) continue;
837  if (!A1->getType()->isIntegerTy())
838  continue;
839  uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
840  int CallbackIdx = TypeSize == 32 ? 0 :
841  TypeSize == 64 ? 1 : -1;
842  if (CallbackIdx < 0) continue;
843  auto Ty = Type::getIntNTy(*C, TypeSize);
844  IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx],
845  {IRB.CreateIntCast(A1, Ty, true)});
846  }
847 }
848 
849 void ModuleSanitizerCoverage::InjectTraceForGep(
850  Function &, ArrayRef<GetElementPtrInst *> GepTraceTargets) {
851  for (auto GEP : GepTraceTargets) {
852  IRBuilder<> IRB(GEP);
853  for (Use &Idx : GEP->indices())
854  if (!isa<ConstantInt>(Idx) && Idx->getType()->isIntegerTy())
855  IRB.CreateCall(SanCovTraceGepFunction,
856  {IRB.CreateIntCast(Idx, IntptrTy, true)});
857  }
858 }
859 
860 void ModuleSanitizerCoverage::InjectTraceForCmp(
861  Function &, ArrayRef<Instruction *> CmpTraceTargets) {
862  for (auto I : CmpTraceTargets) {
863  if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
864  IRBuilder<> IRB(ICMP);
865  Value *A0 = ICMP->getOperand(0);
866  Value *A1 = ICMP->getOperand(1);
867  if (!A0->getType()->isIntegerTy())
868  continue;
869  uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType());
870  int CallbackIdx = TypeSize == 8 ? 0 :
871  TypeSize == 16 ? 1 :
872  TypeSize == 32 ? 2 :
873  TypeSize == 64 ? 3 : -1;
874  if (CallbackIdx < 0) continue;
875  // __sanitizer_cov_trace_cmp((type_size << 32) | predicate, A0, A1);
876  auto CallbackFunc = SanCovTraceCmpFunction[CallbackIdx];
877  bool FirstIsConst = isa<ConstantInt>(A0);
878  bool SecondIsConst = isa<ConstantInt>(A1);
879  // If both are const, then we don't need such a comparison.
880  if (FirstIsConst && SecondIsConst) continue;
881  // If only one is const, then make it the first callback argument.
882  if (FirstIsConst || SecondIsConst) {
883  CallbackFunc = SanCovTraceConstCmpFunction[CallbackIdx];
884  if (SecondIsConst)
885  std::swap(A0, A1);
886  }
887 
888  auto Ty = Type::getIntNTy(*C, TypeSize);
889  IRB.CreateCall(CallbackFunc, {IRB.CreateIntCast(A0, Ty, true),
890  IRB.CreateIntCast(A1, Ty, true)});
891  }
892  }
893 }
894 
895 void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
896  size_t Idx,
897  bool IsLeafFunc) {
898  BasicBlock::iterator IP = BB.getFirstInsertionPt();
899  bool IsEntryBB = &BB == &F.getEntryBlock();
900  DebugLoc EntryLoc;
901  if (IsEntryBB) {
902  if (auto SP = F.getSubprogram())
903  EntryLoc = DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP);
904  // Keep static allocas and llvm.localescape calls in the entry block. Even
905  // if we aren't splitting the block, it's nice for allocas to be before
906  // calls.
907  IP = PrepareToSplitEntryBlock(BB, IP);
908  } else {
909  EntryLoc = IP->getDebugLoc();
910  if (!EntryLoc)
911  if (auto *SP = F.getSubprogram())
912  EntryLoc = DILocation::get(SP->getContext(), 0, 0, SP);
913  }
914 
915  IRBuilder<> IRB(&*IP);
916  IRB.SetCurrentDebugLocation(EntryLoc);
917  if (Options.TracePC) {
918  IRB.CreateCall(SanCovTracePC)
919  ->setCannotMerge(); // gets the PC using GET_CALLER_PC.
920  }
921  if (Options.TracePCGuard) {
922  auto GuardPtr = IRB.CreateIntToPtr(
923  IRB.CreateAdd(IRB.CreatePointerCast(FunctionGuardArray, IntptrTy),
924  ConstantInt::get(IntptrTy, Idx * 4)),
925  Int32PtrTy);
926  IRB.CreateCall(SanCovTracePCGuard, GuardPtr)->setCannotMerge();
927  }
928  if (Options.Inline8bitCounters) {
929  auto CounterPtr = IRB.CreateGEP(
930  Function8bitCounterArray->getValueType(), Function8bitCounterArray,
931  {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
932  auto Load = IRB.CreateLoad(Int8Ty, CounterPtr);
933  auto Inc = IRB.CreateAdd(Load, ConstantInt::get(Int8Ty, 1));
934  auto Store = IRB.CreateStore(Inc, CounterPtr);
935  SetNoSanitizeMetadata(Load);
936  SetNoSanitizeMetadata(Store);
937  }
938  if (Options.InlineBoolFlag) {
939  auto FlagPtr = IRB.CreateGEP(
940  FunctionBoolArray->getValueType(), FunctionBoolArray,
941  {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
942  auto Load = IRB.CreateLoad(Int1Ty, FlagPtr);
943  auto ThenTerm =
944  SplitBlockAndInsertIfThen(IRB.CreateIsNull(Load), &*IP, false);
945  IRBuilder<> ThenIRB(ThenTerm);
946  auto Store = ThenIRB.CreateStore(ConstantInt::getTrue(Int1Ty), FlagPtr);
947  SetNoSanitizeMetadata(Load);
948  SetNoSanitizeMetadata(Store);
949  }
950  if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
951  // Check stack depth. If it's the deepest so far, record it.
952  Module *M = F.getParent();
953  Function *GetFrameAddr = Intrinsic::getDeclaration(
954  M, Intrinsic::frameaddress,
955  IRB.getInt8PtrTy(M->getDataLayout().getAllocaAddrSpace()));
956  auto FrameAddrPtr =
957  IRB.CreateCall(GetFrameAddr, {Constant::getNullValue(Int32Ty)});
958  auto FrameAddrInt = IRB.CreatePtrToInt(FrameAddrPtr, IntptrTy);
959  auto LowestStack = IRB.CreateLoad(IntptrTy, SanCovLowestStack);
960  auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
961  auto ThenTerm = SplitBlockAndInsertIfThen(IsStackLower, &*IP, false);
962  IRBuilder<> ThenIRB(ThenTerm);
963  auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
964  SetNoSanitizeMetadata(LowestStack);
965  SetNoSanitizeMetadata(Store);
966  }
967 }
968 
969 std::string
970 ModuleSanitizerCoverage::getSectionName(const std::string &Section) const {
971  if (TargetTriple.isOSBinFormatCOFF()) {
972  if (Section == SanCovCountersSectionName)
973  return ".SCOV$CM";
974  if (Section == SanCovBoolFlagSectionName)
975  return ".SCOV$BM";
976  if (Section == SanCovPCsSectionName)
977  return ".SCOVP$M";
978  return ".SCOV$GM"; // For SanCovGuardsSectionName.
979  }
980  if (TargetTriple.isOSBinFormatMachO())
981  return "__DATA,__" + Section;
982  return "__" + Section;
983 }
984 
985 std::string
986 ModuleSanitizerCoverage::getSectionStart(const std::string &Section) const {
987  if (TargetTriple.isOSBinFormatMachO())
988  return "\1section$start$__DATA$__" + Section;
989  return "__start___" + Section;
990 }
991 
992 std::string
993 ModuleSanitizerCoverage::getSectionEnd(const std::string &Section) const {
994  if (TargetTriple.isOSBinFormatMachO())
995  return "\1section$end$__DATA$__" + Section;
996  return "__stop___" + Section;
997 }
998 
999 char ModuleSanitizerCoverageLegacyPass::ID = 0;
1000 INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass, "sancov",
1001  "Pass for instrumenting coverage on functions", false,
1002  false)
1003 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
1004 INITIALIZE_PASS_DEPENDENCY(PostDominatorTreeWrapperPass)
1005 INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass, "sancov",
1006  "Pass for instrumenting coverage on functions", false,
1007  false)
1008 ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass(
1009  const SanitizerCoverageOptions &Options,
1010  const std::vector<std::string> &AllowlistFiles,
1011  const std::vector<std::string> &BlocklistFiles) {
1012  return new ModuleSanitizerCoverageLegacyPass(Options, AllowlistFiles,
1013  BlocklistFiles);
1014 }
i
i
Definition: README.txt:29
ClInline8bitCounters
static cl::opt< bool > ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters", cl::desc("increments 8-bit counter for every edge"), cl::Hidden, cl::init(false))
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: PassManager.h:155
llvm::SpecialCaseList
Definition: SpecialCaseList.h:69
Instrumentation.h
llvm::isAsynchronousEHPersonality
bool isAsynchronousEHPersonality(EHPersonality Pers)
Returns true if this personality function catches asynchronous exceptions.
Definition: EHPersonalities.h:50
Int32Ty
IntegerType * Int32Ty
Definition: NVVMIntrRange.cpp:67
llvm::predecessors
pred_range predecessors(BasicBlock *BB)
Definition: CFG.h:127
llvm::PrepareToSplitEntryBlock
BasicBlock::iterator PrepareToSplitEntryBlock(BasicBlock &BB, BasicBlock::iterator IP)
Instrumentation passes often insert conditional checks into entry blocks.
Definition: Instrumentation.cpp:41
INITIALIZE_PASS_BEGIN
INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass, "sancov", "Pass for instrumenting coverage on functions", false, false) INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass
llvm
---------------------— PointerInfo ------------------------------------—
Definition: AllocatorList.h:23
llvm::Type::getInt1Ty
static IntegerType * getInt1Ty(LLVMContext &C)
Definition: Type.cpp:200
M
We currently emits eax Perhaps this is what we really should generate is Is imull three or four cycles eax eax The current instruction priority is based on pattern complexity The former is more complex because it folds a load so the latter will not be emitted Perhaps we should use AddedComplexity to give LEA32r a higher priority We should always try to match LEA first since the LEA matching code does some estimate to determine whether the match is profitable if we care more about code then imull is better It s two bytes shorter than movl leal On a Pentium M
Definition: README.txt:252
llvm::AArch64CC::AL
@ AL
Definition: AArch64BaseInfo.h:269
llvm::drop_begin
auto drop_begin(T &&RangeOrContainer, size_t N=1)
Return a range covering RangeOrContainer with the first N elements excluded.
Definition: STLExtras.h:266
SanCovTraceCmp2
const char SanCovTraceCmp2[]
Definition: SanitizerCoverage.cpp:51
ClGEPTracing
static cl::opt< bool > ClGEPTracing("sanitizer-coverage-trace-geps", cl::desc("Tracing of GEP instructions"), cl::Hidden, cl::init(false))
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:112
SanCovTracePCName
const char SanCovTracePCName[]
Definition: SanitizerCoverage.cpp:49
llvm::Intrinsic::getDeclaration
Function * getDeclaration(Module *M, ID id, ArrayRef< Type * > Tys=None)
Create or insert an LLVM Function declaration for an intrinsic, and return it.
Definition: Function.cpp:1379
llvm::BasicBlock::iterator
InstListType::iterator iterator
Instruction iterators...
Definition: BasicBlock.h:90
llvm::ModulePass
ModulePass class - This class is used to implement unstructured interprocedural optimizations and ana...
Definition: Pass.h:238
llvm::SanitizerCoverageOptions
Definition: Instrumentation.h:152
IntrinsicInst.h
llvm::AnalysisManager::getResult
PassT::Result & getResult(IRUnitT &IR, ExtraArgTs... ExtraArgs)
Get the result of an analysis pass for a given IR unit.
Definition: PassManager.h:779
llvm::SystemZISD::ICMP
@ ICMP
Definition: SystemZISelLowering.h:55
functions
Pass for instrumenting coverage on functions
Definition: SanitizerCoverage.cpp:1006
llvm::GlobalValue::HiddenVisibility
@ HiddenVisibility
The GV is hidden.
Definition: GlobalValue.h:64
llvm::Function
Definition: Function.h:61
ClDIVTracing
static cl::opt< bool > ClDIVTracing("sanitizer-coverage-trace-divs", cl::desc("Tracing of DIV instructions"), cl::Hidden, cl::init(false))
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1168
InlineAsm.h
llvm::AttributeList::addParamAttribute
LLVM_NODISCARD AttributeList addParamAttribute(LLVMContext &C, unsigned ArgNo, Attribute::AttrKind Kind) const
Add an argument attribute to the list.
Definition: Attributes.h:532
llvm::Function::getEntryBlock
const BasicBlock & getEntryBlock() const
Definition: Function.h:717
llvm::IRBuilder<>
SanCov8bitCountersInitName
const char SanCov8bitCountersInitName[]
Definition: SanitizerCoverage.cpp:71
llvm::GlobalVariable
Definition: GlobalVariable.h:40
SanCovTraceGep
const char SanCovTraceGep[]
Definition: SanitizerCoverage.cpp:60
SanCovModuleCtorBoolFlagName
const char SanCovModuleCtorBoolFlagName[]
Definition: SanitizerCoverage.cpp:66
llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition: Dominators.h:151
llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:45
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:59
llvm::cl::Hidden
@ Hidden
Definition: CommandLine.h:143
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition: PassManager.h:158
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
Module.h
llvm::AttributeList
Definition: Attributes.h:398
EHPersonalities.h
SanCovModuleCtor8bitCountersName
const char SanCovModuleCtor8bitCountersName[]
Definition: SanitizerCoverage.cpp:64
llvm::msgpack::Type::Array
@ Array
ClInlineBoolFlag
static cl::opt< bool > ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag", cl::desc("sets a boolean flag for every edge"), cl::Hidden, cl::init(false))
ClCreatePCTable
static cl::opt< bool > ClCreatePCTable("sanitizer-coverage-pc-table", cl::desc("create a static PC table"), cl::Hidden, cl::init(false))
llvm::GlobalValue::LinkageTypes
LinkageTypes
An enumeration for the kinds of linkage for global values.
Definition: GlobalValue.h:47
llvm::ArrayType
Class to represent array types.
Definition: DerivedTypes.h:357
llvm::successors
succ_range successors(Instruction *I)
Definition: CFG.h:262
llvm::succ_empty
bool succ_empty(const Instruction *I)
Definition: CFG.h:256
llvm::Type::getInt8Ty
static IntegerType * getInt8Ty(LLVMContext &C)
Definition: Type.cpp:201
llvm::Type::getInt32Ty
static IntegerType * getInt32Ty(LLVMContext &C)
Definition: Type.cpp:203
llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition: ArrayRef.h:160
SanCovLowestStackName
const char SanCovLowestStackName[]
Definition: SanitizerCoverage.cpp:80
llvm::MDNode::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition: Metadata.h:1208
F
#define F(x, y, z)
Definition: MD5.cpp:56
llvm::BasicBlock::getUniqueSuccessor
const BasicBlock * getUniqueSuccessor() const
Return the successor of this block if it has a unique successor.
Definition: BasicBlock.cpp:302
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:58
llvm::ARMBuildAttrs::Section
@ Section
Legacy Tags.
Definition: ARMBuildAttributes.h:78
llvm::SanitizerCoverageOptions::SCK_Edge
@ SCK_Edge
Definition: Instrumentation.h:157
llvm::classifyEHPersonality
EHPersonality classifyEHPersonality(const Value *Pers)
See if the given exception handling personality function is one that we understand.
Definition: EHPersonalities.cpp:21
llvm::DominatorTree::dominates
bool dominates(const BasicBlock *BB, const Use &U) const
Return true if the (end of the) basic block BB dominates the use U.
Definition: Dominators.cpp:115
CommandLine.h
llvm::all_of
bool all_of(R &&range, UnaryPredicate P)
Provide wrappers to std::all_of which take ranges instead of having to pass begin/end explicitly.
Definition: STLExtras.h:1551
llvm::SanitizerCoverageOptions::CoverageType
enum llvm::SanitizerCoverageOptions::Type CoverageType
SanCovBoolFlagInitName
const char SanCovBoolFlagInitName[]
Definition: SanitizerCoverage.cpp:72
llvm::PassRegistry::getPassRegistry
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition: PassRegistry.cpp:31
PostDominators.h
SanCovTraceCmp4
const char SanCovTraceCmp4[]
Definition: SanitizerCoverage.cpp:52
Intrinsics.h
C
(vector float) vec_cmpeq(*A, *B) C
Definition: README_ALTIVEC.txt:86
llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation.
Definition: InstrTypes.h:1393
MAM
ModuleAnalysisManager MAM
Definition: PassBuilderBindings.cpp:61
llvm::ModuleSanitizerCoveragePass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: SanitizerCoverage.cpp:312
llvm::PostDominatorTreeWrapperPass
Definition: PostDominators.h:73
SanCovPCsSectionName
const char SanCovPCsSectionName[]
Definition: SanitizerCoverage.cpp:78
llvm::AnalysisUsage
Represent the analysis usage information of a pass.
Definition: PassAnalysisSupport.h:47
isFullPostDominator
static bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT)
Definition: SanitizerCoverage.cpp:526
SanCovTraceDiv8
const char SanCovTraceDiv8[]
Definition: SanitizerCoverage.cpp:59
IP
Definition: NVPTXLowerArgs.cpp:166
llvm::CriticalEdgeSplittingOptions
Option class for critical edge splitting.
Definition: BasicBlockUtils.h:136
false
Definition: StackSlotColoring.cpp:142
B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")
llvm::Constant::getAllOnesValue
static Constant * getAllOnesValue(Type *Ty)
Definition: Constants.cpp:405
llvm::Instruction
Definition: Instruction.h:45
ClPruneBlocks
static cl::opt< bool > ClPruneBlocks("sanitizer-coverage-prune-blocks", cl::desc("Reduce the number of instrumented blocks"), cl::Hidden, cl::init(true))
llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition: Dominators.h:287
MDBuilder.h
llvm::appendToCompilerUsed
void appendToCompilerUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.compiler.used list.
Definition: ModuleUtils.cpp:110
Options
const char LLVMTargetMachineRef LLVMPassBuilderOptionsRef Options
Definition: PassBuilderBindings.cpp:48
llvm::initializeModuleSanitizerCoverageLegacyPassPass
void initializeModuleSanitizerCoverageLegacyPassPass(PassRegistry &)
llvm::ConstantInt::get
static Constant * get(Type *Ty, uint64_t V, bool IsSigned=false)
If Ty is a vector type, return a Constant with a splat of the given value.
Definition: Constants.cpp:900
SanCovGuardsSectionName
const char SanCovGuardsSectionName[]
Definition: SanitizerCoverage.cpp:75
Align
uint64_t Align
Definition: ELFObjHandler.cpp:83
llvm::GlobalValue::InternalLinkage
@ InternalLinkage
Rename collisions when linking (static functions).
Definition: GlobalValue.h:55
llvm::Comdat
Definition: Comdat.h:31
llvm::SPII::Load
@ Load
Definition: SparcInstrInfo.h:32
llvm::SanitizerCoverageOptions::SCK_BB
@ SCK_BB
Definition: Instrumentation.h:156
SanCovTraceConstCmp8
const char SanCovTraceConstCmp8[]
Definition: SanitizerCoverage.cpp:57
shouldInstrumentBlock
static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, const DominatorTree *DT, const PostDominatorTree *PDT, const SanitizerCoverageOptions &Options)
Definition: SanitizerCoverage.cpp:536
llvm::None
const NoneType None
Definition: None.h:23
SanCovTraceSwitchName
const char SanCovTraceSwitchName[]
Definition: SanitizerCoverage.cpp:61
Type.h
INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:58
CFG.h
llvm::Type::isIntegerTy
bool isIntegerTy() const
True if this is an instance of IntegerType.
Definition: Type.h:201
llvm::function_ref
An efficient, type-erasing, non-owning reference to a callable.
Definition: STLExtras.h:168
llvm::cl::opt
Definition: CommandLine.h:1434
llvm::Constant
This is an important base class in LLVM.
Definition: Constant.h:41
llvm::vfs::getRealFileSystem
IntrusiveRefCntPtr< FileSystem > getRealFileSystem()
Gets an vfs::FileSystem for the 'real' file system, as seen by the operating system.
Definition: VirtualFileSystem.cpp:346
llvm::PointerType::getUnqual
static PointerType * getUnqual(Type *ElementType)
This constructs a pointer to an object of the specified type in the default address space (address sp...
Definition: DerivedTypes.h:651
llvm::createSanitizerCtorAndInitFunctions
std::pair< Function *, FunctionCallee > createSanitizerCtorAndInitFunctions(Module &M, StringRef CtorName, StringRef InitName, ArrayRef< Type * > InitArgTypes, ArrayRef< Value * > InitArgs, StringRef VersionCheckName=StringRef())
Creates sanitizer constructor function, and calls sanitizer's init function from it.
Definition: ModuleUtils.cpp:136
llvm::ICmpInst
This instruction compares its operands according to the predicate given to the constructor.
Definition: Instructions.h:1203
uint64_t
const
aarch64 promote const
Definition: AArch64PromoteConstant.cpp:232
SanCovBoolFlagSectionName
const char SanCovBoolFlagSectionName[]
Definition: SanitizerCoverage.cpp:77
INITIALIZE_PASS_DEPENDENCY
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
sancov
sancov
Definition: SanitizerCoverage.cpp:1005
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:68
llvm::declareSanitizerInitFunction
FunctionCallee declareSanitizerInitFunction(Module &M, StringRef InitName, ArrayRef< Type * > InitArgTypes)
Definition: ModuleUtils.cpp:115
DebugInfo.h
I
#define I(x, y, z)
Definition: MD5.cpp:59
llvm::GlobalObject::setComdat
void setComdat(Comdat *C)
Definition: GlobalObject.h:125
ClCoverageLevel
static cl::opt< int > ClCoverageLevel("sanitizer-coverage-level", cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, " "3: all blocks and critical edges"), cl::Hidden, cl::init(0))
llvm::GetElementPtrInst
an instruction for type-safe pointer arithmetic to access elements of arrays and structs
Definition: Instructions.h:928
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:443
llvm::appendToUsed
void appendToUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.used list.
Definition: ModuleUtils.cpp:106
llvm::GlobalValue::setLinkage
void setLinkage(LinkageTypes LT)
Definition: GlobalValue.h:454
ArrayRef.h
llvm::SpecialCaseList::createOrDie
static std::unique_ptr< SpecialCaseList > createOrDie(const std::vector< std::string > &Paths, llvm::vfs::FileSystem &FS)
Parses the special case list entries from files.
Definition: SpecialCaseList.cpp:91
IRBuilder.h
ClTracePC
static cl::opt< bool > ClTracePC("sanitizer-coverage-trace-pc", cl::desc("Experimental pc tracing"), cl::Hidden, cl::init(false))
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
SanCovTraceCmp1
const char SanCovTraceCmp1[]
Definition: SanitizerCoverage.cpp:50
std::swap
void swap(llvm::BitVector &LHS, llvm::BitVector &RHS)
Implement std::swap in terms of BitVector swap.
Definition: BitVector.h:840
SI
StandardInstrumentations SI(Debug, VerifyEach)
SanCovTracePCGuardInitName
const char SanCovTracePCGuardInitName[]
Definition: SanitizerCoverage.cpp:70
llvm::ConstantExpr::getCast
static Constant * getCast(unsigned ops, Constant *C, Type *Ty, bool OnlyIfReduced=false)
Convenience function for getting a Cast operation.
Definition: Constants.cpp:1963
SanCovModuleCtorTracePcGuardName
const char SanCovModuleCtorTracePcGuardName[]
Definition: SanitizerCoverage.cpp:62
llvm::SPII::Store
@ Store
Definition: SparcInstrInfo.h:33
IsInterestingCmp
static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, const SanitizerCoverageOptions &Options)
Definition: SanitizerCoverage.cpp:586
llvm::ArrayType::get
static ArrayType * get(Type *ElementType, uint64_t NumElements)
This static method is the primary way to construct an ArrayType.
Definition: Type.cpp:602
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:67
ClCMPTracing
static cl::opt< bool > ClCMPTracing("sanitizer-coverage-trace-compares", cl::desc("Tracing of CMP and similar instructions"), cl::Hidden, cl::init(false))
Mangler.h
SanCovTracePCIndirName
const char SanCovTracePCIndirName[]
Definition: SanitizerCoverage.cpp:48
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: APInt.h:32
llvm::BinaryOperator
Definition: InstrTypes.h:189
DataLayout.h
Cond
SmallVector< MachineOperand, 4 > Cond
Definition: BasicBlockSections.cpp:179
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:58
SanCovTracePCGuardName
const char SanCovTracePCGuardName[]
Definition: SanitizerCoverage.cpp:69
llvm::SanitizerCoverageOptions::SCK_Function
@ SCK_Function
Definition: Instrumentation.h:155
SanitizerCoverage.h
llvm::PostDominatorTree
PostDominatorTree Class - Concrete subclass of DominatorTree that is used to compute the post-dominat...
Definition: PostDominators.h:28
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:256
llvm::GlobalValue::WeakODRLinkage
@ WeakODRLinkage
Same, but only replaced by something equivalent.
Definition: GlobalValue.h:53
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: AArch64SLSHardening.cpp:76
llvm::pred_empty
bool pred_empty(const BasicBlock *BB)
Definition: CFG.h:119
ClTracePCGuard
static cl::opt< bool > ClTracePCGuard("sanitizer-coverage-trace-pc-guard", cl::desc("pc tracing with a guard"), cl::Hidden, cl::init(false))
llvm::GlobalValue::AvailableExternallyLinkage
@ AvailableExternallyLinkage
Available for inspection, not emission.
Definition: GlobalValue.h:49
llvm::Value::getName
StringRef getName() const
Return a constant reference to the value's name.
Definition: Value.cpp:309
for
this could be done in SelectionDAGISel along with other special for
Definition: README.txt:104
llvm::BasicBlock::getTerminator
const Instruction * getTerminator() const LLVM_READONLY
Returns the terminator instruction if the block is well formed or null if the block is not well forme...
Definition: BasicBlock.cpp:148
VirtualFileSystem.h
Callee
amdgpu Simplify well known AMD library false FunctionCallee Callee
Definition: AMDGPULibCalls.cpp:206
SanCovTraceConstCmp1
const char SanCovTraceConstCmp1[]
Definition: SanitizerCoverage.cpp:54
Constant.h
llvm::ConstantInt::getTrue
static ConstantInt * getTrue(LLVMContext &Context)
Definition: Constants.cpp:848
std
Definition: BitVector.h:838
llvm::Constant::getNullValue
static Constant * getNullValue(Type *Ty)
Constructor to create a '0' constant of arbitrary type.
Definition: Constants.cpp:348
llvm::Type::getIntNTy
static IntegerType * getIntNTy(LLVMContext &C, unsigned N)
Definition: Type.cpp:207
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: PassManager.h:161
llvm::ISD::BR
@ BR
Control flow instructions. These all have token chains.
Definition: ISDOpcodes.h:937
GlobalVariable.h
llvm::TypeSize
Definition: TypeSize.h:417
llvm::getOrCreateFunctionComdat
Comdat * getOrCreateFunctionComdat(Function &F, Triple &T)
Definition: Instrumentation.cpp:76
Function.h
llvm::sort
void sort(IteratorTy Start, IteratorTy End)
Definition: STLExtras.h:1492
SpecialCaseList.h
llvm::getUniqueModuleId
std::string getUniqueModuleId(Module *M)
Produce a unique identifier for this module by taking the MD5 sum of the names of the module's strong...
Definition: ModuleUtils.cpp:244
llvm::ConstantArray::get
static Constant * get(ArrayType *T, ArrayRef< Constant * > V)
Definition: Constants.cpp:1263
isFullDominator
static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT)
Definition: SanitizerCoverage.cpp:516
llvm::SanitizerCoverageOptions::SCK_None
@ SCK_None
Definition: Instrumentation.h:154
llvm::CallBase::getCalledOperand
Value * getCalledOperand() const
Definition: InstrTypes.h:1386
SanCovTraceConstCmp4
const char SanCovTraceConstCmp4[]
Definition: SanitizerCoverage.cpp:56
SanCovTraceCmp8
const char SanCovTraceCmp8[]
Definition: SanitizerCoverage.cpp:53
llvm::GlobalValue::ExternalLinkage
@ ExternalLinkage
Externally visible function.
Definition: GlobalValue.h:48
llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition: Dominators.h:252
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
Definition: Type.cpp:186
llvm::SplitAllCriticalEdges
unsigned SplitAllCriticalEdges(Function &F, const CriticalEdgeSplittingOptions &Options=CriticalEdgeSplittingOptions())
Loop over all of the edges in the CFG, breaking critical edges as they are found.
Definition: BasicBlockUtils.cpp:744
llvm::Pass
Pass interface - Implemented by all 'passes'.
Definition: Pass.h:91
llvm::GlobalValue::PrivateLinkage
@ PrivateLinkage
Like Internal, but omit from symbol table.
Definition: GlobalValue.h:56
SmallVector.h
Dominators.h
llvm::ARCISD::CMP
@ CMP
Definition: ARCISelLowering.h:40
ModuleUtils.h
N
#define N
llvm::BlockAddress::get
static BlockAddress * get(Function *F, BasicBlock *BB)
Return a BlockAddress for the specified function and basic block.
Definition: Constants.cpp:1809
llvm::ArrayRef::size
size_t size() const
size - Get the array size.
Definition: ArrayRef.h:165
llvm::max
Align max(MaybeAlign Lhs, Align Rhs)
Definition: Alignment.h:340
SanCovTraceDiv4
const char SanCovTraceDiv4[]
Definition: SanitizerCoverage.cpp:58
SanCtorAndDtorPriority
static const uint64_t SanCtorAndDtorPriority
Definition: SanitizerCoverage.cpp:67
llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:165
SanCovTraceConstCmp2
const char SanCovTraceConstCmp2[]
Definition: SanitizerCoverage.cpp:55
llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition: InstrTypes.h:1161
llvm::Type::getInt16Ty
static IntegerType * getInt16Ty(LLVMContext &C)
Definition: Type.cpp:202
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: InstructionSimplify.h:44
SanCovPCsInitName
const char SanCovPCsInitName[]
Definition: SanitizerCoverage.cpp:73
llvm::InnerAnalysisManagerProxy
An analysis over an "outer" IR unit that provides access to an analysis manager over an "inner" IR un...
Definition: PassManager.h:936
BB
Common register allocation spilling lr str ldr sxth r3 ldr mla r4 can lr mov lr str ldr sxth r3 mla r4 and then merge mul and lr str ldr sxth r3 mla r4 It also increase the likelihood the store may become dead bb27 Successors according to LLVM BB
Definition: README.txt:39
GEP
Hexagon Common GEP
Definition: HexagonCommonGEP.cpp:172
llvm::PostDominatorTreeAnalysis
Analysis pass which computes a PostDominatorTree.
Definition: PostDominators.h:47
llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition: PassAnalysisSupport.h:75
LLVMContext.h
From
BlockVerifier::State From
Definition: BlockVerifier.cpp:55
llvm::SwitchInst
Multiway switch.
Definition: Instructions.h:3212
llvm::DebugLoc
A debug info location.
Definition: DebugLoc.h:33
llvm::SplitBlockAndInsertIfThen
Instruction * SplitBlockAndInsertIfThen(Value *Cond, Instruction *SplitBefore, bool Unreachable, MDNode *BranchWeights, DominatorTree *DT, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition: BasicBlockUtils.cpp:1418
llvm::appendToGlobalCtors
void appendToGlobalCtors(Module &M, Function *F, int Priority, Constant *Data=nullptr)
Append F to the list of global ctors of module M with the given Priority.
Definition: ModuleUtils.cpp:66
llvm::cl::desc
Definition: CommandLine.h:414
llvm::SanitizerCoverageOptions::IndirectCalls
bool IndirectCalls
Definition: Instrumentation.h:159
llvm::GlobalValue::ExternalWeakLinkage
@ ExternalWeakLinkage
ExternalWeak linkage description.
Definition: GlobalValue.h:57
raw_ostream.h
BasicBlockUtils.h
llvm::PostDominatorTree::dominates
bool dominates(const Instruction *I1, const Instruction *I2) const
Return true if I1 dominates I2.
Definition: PostDominators.cpp:54
llvm::GlobalValue::setVisibility
void setVisibility(VisibilityTypes V)
Definition: GlobalValue.h:235
InitializePasses.h
llvm::Value
LLVM Value Representation.
Definition: Value.h:75
IsBackEdge
static bool IsBackEdge(BasicBlock *From, BasicBlock *To, const DominatorTree *DT)
Definition: SanitizerCoverage.cpp:571
Debug.h
llvm::createModuleSanitizerCoverageLegacyPassPass
ModulePass * createModuleSanitizerCoverageLegacyPassPass(const SanitizerCoverageOptions &Options=SanitizerCoverageOptions(), const std::vector< std::string > &AllowlistFiles=std::vector< std::string >(), const std::vector< std::string > &BlocklistFiles=std::vector< std::string >())
Definition: SanitizerCoverage.cpp:1008
SanCovCountersSectionName
const char SanCovCountersSectionName[]
Definition: SanitizerCoverage.cpp:76
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition: Use.h:44
llvm::Intrinsic::ID
unsigned ID
Definition: TargetTransformInfo.h:37
ClStackDepth
static cl::opt< bool > ClStackDepth("sanitizer-coverage-stack-depth", cl::desc("max stack depth tracing"), cl::Hidden, cl::init(false))
Generated on Wed Sep 22 2021 00:46:31 for LLVM by   doxygen 1.8.17