diff options
| -rw-r--r-- | include/sanitizer/coverage_interface.h | 7 | ||||
| -rw-r--r-- | lib/sanitizer_common/sanitizer_coverage_libcdep.cc | 19 | ||||
| -rw-r--r-- | lib/sanitizer_common/sanitizer_flags.inc | 3 | ||||
| -rw-r--r-- | test/asan/TestCases/coverage-pc-buffer.cc | 48 |
4 files changed, 77 insertions, 0 deletions
diff --git a/include/sanitizer/coverage_interface.h b/include/sanitizer/coverage_interface.h index b93111b85..2dcc09fc8 100644 --- a/include/sanitizer/coverage_interface.h +++ b/include/sanitizer/coverage_interface.h @@ -41,6 +41,13 @@ extern "C" { // Some of the entries in *data will be zero. uintptr_t __sanitizer_get_coverage_guards(uintptr_t **data); + // Set *data to the growing buffer with covered PCs and return the size + // of the buffer. The entries are never zero. + // When only unique pcs are collected, the size is equal to + // __sanitizer_get_total_unique_coverage. + // WARNING: EXPERIMENTAL API. + uintptr_t __sanitizer_get_coverage_pc_buffer(uintptr_t **data); + // The coverage instrumentation may optionally provide imprecise counters. // Rather than exposing the counter values to the user we instead map // the counters to a bitset. diff --git a/lib/sanitizer_common/sanitizer_coverage_libcdep.cc b/lib/sanitizer_common/sanitizer_coverage_libcdep.cc index b9833c5a1..eaa1446af 100644 --- a/lib/sanitizer_common/sanitizer_coverage_libcdep.cc +++ b/lib/sanitizer_common/sanitizer_coverage_libcdep.cc @@ -108,6 +108,7 @@ class CoverageData { uptr *data(); uptr size(); + uptr *buffer() const { return pc_buffer; } private: void DirectOpen(); @@ -133,6 +134,8 @@ class CoverageData { // Descriptor of the file mapped pc array. fd_t pc_fd; + uptr *pc_buffer; + // Vector of coverage guard arrays, protected by mu. InternalMmapVectorNoCtor<s32*> guard_array_vec; @@ -209,6 +212,11 @@ void CoverageData::Enable() { atomic_store(&pc_array_size, kPcArrayMaxSize, memory_order_relaxed); } + pc_buffer = nullptr; + if (common_flags()->coverage_pc_buffer) + pc_buffer = reinterpret_cast<uptr *>(MmapNoReserveOrDie( + sizeof(uptr) * kPcArrayMaxSize, "CovInit::pc_buffer")); + cc_array = reinterpret_cast<uptr **>(MmapNoReserveOrDie( sizeof(uptr *) * kCcArrayMaxSize, "CovInit::cc_array")); atomic_store(&cc_array_size, kCcArrayMaxSize, memory_order_relaxed); @@ -246,6 +254,10 @@ void CoverageData::Disable() { UnmapOrDie(cc_array, sizeof(uptr *) * kCcArrayMaxSize); cc_array = nullptr; } + if (pc_buffer) { + UnmapOrDie(pc_buffer, sizeof(uptr) * kPcArrayMaxSize); + pc_buffer = nullptr; + } if (tr_event_array) { UnmapOrDie(tr_event_array, sizeof(tr_event_array[0]) * kTrEventArrayMaxSize + @@ -414,6 +426,7 @@ void CoverageData::Add(uptr pc, u32 *guard) { atomic_load(&pc_array_size, memory_order_acquire)); uptr counter = atomic_fetch_add(&coverage_counter, 1, memory_order_relaxed); pc_array[idx] = BundlePcAndCounter(pc, counter); + if (pc_buffer) pc_buffer[counter] = pc; } // Registers a pair caller=>callee. @@ -944,6 +957,12 @@ uptr __sanitizer_get_coverage_guards(uptr **data) { } SANITIZER_INTERFACE_ATTRIBUTE +uptr __sanitizer_get_coverage_pc_buffer(uptr **data) { + *data = coverage_data.buffer(); + return __sanitizer_get_total_unique_coverage(); +} + +SANITIZER_INTERFACE_ATTRIBUTE uptr __sanitizer_get_number_of_counters() { return coverage_data.GetNumberOf8bitCounters(); } diff --git a/lib/sanitizer_common/sanitizer_flags.inc b/lib/sanitizer_common/sanitizer_flags.inc index c89273117..c28f7f4a6 100644 --- a/lib/sanitizer_common/sanitizer_flags.inc +++ b/lib/sanitizer_common/sanitizer_flags.inc @@ -144,6 +144,9 @@ COMMON_FLAG(bool, coverage_direct, SANITIZER_ANDROID, COMMON_FLAG(const char *, coverage_dir, ".", "Target directory for coverage dumps. Defaults to the current " "directory.") +COMMON_FLAG(bool, coverage_pc_buffer, true, + "If set (and if 'coverage' is set too), the pcs would be collected " + "in a buffer.") COMMON_FLAG(bool, full_address_space, false, "Sanitize complete address space; " "by default kernel area on 32-bit platforms will not be sanitized") diff --git a/test/asan/TestCases/coverage-pc-buffer.cc b/test/asan/TestCases/coverage-pc-buffer.cc new file mode 100644 index 000000000..67b6935ec --- /dev/null +++ b/test/asan/TestCases/coverage-pc-buffer.cc @@ -0,0 +1,48 @@ +// Test __sanitizer_coverage_pc_buffer(). + +// RUN: %clangxx_asan -fsanitize-coverage=edge %s -o %t && %run %t + +// UNSUPPORTED: android + +#include <assert.h> +#include <sanitizer/coverage_interface.h> +#include <stdio.h> + +static volatile int sink; +__attribute__((noinline)) void bar() { sink = 2; } +__attribute__((noinline)) void foo() { sink = 1; } + +void assertNotZeroPcs(uintptr_t *buf, uintptr_t size) { + assert(buf); + for (uintptr_t i = 0; i < size; ++i) + assert(buf[i]); +} + +int main() { + uintptr_t *buf = NULL; + uintptr_t sz = __sanitizer_get_coverage_pc_buffer(&buf); + assertNotZeroPcs(buf, sz); + assert(sz); + + foo(); + bar(); + uintptr_t *buf1 = NULL; + uintptr_t sz1 = __sanitizer_get_coverage_pc_buffer(&buf1); + assertNotZeroPcs(buf1, sz1); + assert(buf1 == buf); + assert(sz1 > sz); + + bar(); + uintptr_t *buf2 = NULL; + uintptr_t sz2 = __sanitizer_get_coverage_pc_buffer(&buf2); + assertNotZeroPcs(buf2, sz2); + assert(buf2 == buf); + assert(sz2 > sz1); + + __sanitizer_reset_coverage(); + uintptr_t *buf3 = NULL; + uintptr_t sz3 = __sanitizer_get_coverage_pc_buffer(&buf3); + assertNotZeroPcs(buf3, sz3); + assert(buf3 == buf); + assert(sz3 < sz2); +} |