Skip to content

Commit ba2e61b

Browse files
committed
Revert "[SanitizeCoverage] Enable stack-depth coverage for -fsanitize=fuzzer"
This reverts r312026 due to bot breakage. llvm-svn: 312047
1 parent 913d038 commit ba2e61b

File tree

6 files changed

+24
-48
lines changed

6 files changed

+24
-48
lines changed

clang/lib/Driver/SanitizerArgs.cpp

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -312,13 +312,9 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC,
312312
Add |= FuzzerNoLink;
313313

314314
// Enable coverage if the fuzzing flag is set.
315-
if (Add & FuzzerNoLink) {
315+
if (Add & FuzzerNoLink)
316316
CoverageFeatures |= CoverageTracePCGuard | CoverageIndirCall |
317317
CoverageTraceCmp | CoveragePCTable;
318-
// Due to TLS differences, stack depth tracking is disabled on Mac.
319-
if (!TC.getTriple().isOSDarwin())
320-
CoverageFeatures |= CoverageStackDepth;
321-
}
322318

323319
Kinds |= Add;
324320
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {

compiler-rt/lib/sanitizer_common/sanitizer_coverage_libcdep_new.cc

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -211,10 +211,5 @@ SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
211211
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_8bit_counters_init, void) {}
212212
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_pcs_init, void) {}
213213
} // extern "C"
214-
// Weak definition for code instrumented with -fsanitize-coverage=stack-depth
215-
// and later linked with code containing a strong definition.
216-
// E.g., -fsanitize=fuzzer-no-link
217-
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
218-
SANITIZER_TLS_INITIAL_EXEC_ATTRIBUTE uptr __sancov_lowest_stack;
219214

220215
#endif // !SANITIZER_FUCHSIA

compiler-rt/lib/sanitizer_common/sanitizer_internal_defs.h

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,6 @@
3535
# define SANITIZER_WEAK_ATTRIBUTE __attribute__((weak))
3636
#endif
3737

38-
// Mac handles TLS differently
39-
#if SANITIZER_MAC
40-
# define SANITIZER_TLS_INITIAL_EXEC_ATTRIBUTE
41-
#else
42-
# define SANITIZER_TLS_INITIAL_EXEC_ATTRIBUTE \
43-
__attribute__((tls_model("initial-exec"))) thread_local
44-
#endif
45-
4638
//--------------------------- WEAK FUNCTIONS ---------------------------------//
4739
// When working with weak functions, to simplify the code and make it more
4840
// portable, when possible define a default implementation using this macro:
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# Test that we can find a stack overflow
22
REQUIRES: linux
3-
RUN: %cpp_compiler %S/DeepRecursionTest.cpp -o %t
3+
RUN: %cpp_compiler -fsanitize-coverage=stack-depth %S/DeepRecursionTest.cpp -o %t
44
RUN: not %t -seed=1 -runs=100000000 2>&1 | FileCheck %s
55
CHECK: ERROR: libFuzzer: deadly signal

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

Lines changed: 9 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,6 @@
2525
#include "llvm/IR/GlobalVariable.h"
2626
#include "llvm/IR/IRBuilder.h"
2727
#include "llvm/IR/InlineAsm.h"
28-
#include "llvm/IR/IntrinsicInst.h"
2928
#include "llvm/IR/Intrinsics.h"
3029
#include "llvm/IR/LLVMContext.h"
3130
#include "llvm/IR/MDBuilder.h"
@@ -201,15 +200,13 @@ class SanitizerCoverageModule : public ModulePass {
201200
ArrayRef<GetElementPtrInst *> GepTraceTargets);
202201
void InjectTraceForSwitch(Function &F,
203202
ArrayRef<Instruction *> SwitchTraceTargets);
204-
bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
205-
bool IsLeafFunc = true);
203+
bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks);
206204
GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
207205
Function &F, Type *Ty,
208206
const char *Section);
209207
GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
210208
void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
211-
void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
212-
bool IsLeafFunc = true);
209+
void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx);
213210
Function *CreateInitCallsForSections(Module &M, const char *InitFunctionName,
214211
Type *Ty, const char *Section);
215212
std::pair<GlobalVariable *, GlobalVariable *>
@@ -494,7 +491,6 @@ bool SanitizerCoverageModule::runOnFunction(Function &F) {
494491
&getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
495492
const PostDominatorTree *PDT =
496493
&getAnalysis<PostDominatorTreeWrapperPass>(F).getPostDomTree();
497-
bool IsLeafFunc = true;
498494

499495
for (auto &BB : F) {
500496
if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
@@ -519,14 +515,10 @@ bool SanitizerCoverageModule::runOnFunction(Function &F) {
519515
if (Options.TraceGep)
520516
if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
521517
GepTraceTargets.push_back(GEP);
522-
if (Options.StackDepth)
523-
if (isa<InvokeInst>(Inst) ||
524-
(isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
525-
IsLeafFunc = false;
526-
}
518+
}
527519
}
528520

529-
InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
521+
InjectCoverage(F, BlocksToInstrument);
530522
InjectCoverageForIndirectCalls(F, IndirCalls);
531523
InjectTraceForCmp(F, CmpTraceTargets);
532524
InjectTraceForSwitch(F, SwitchTraceTargets);
@@ -601,12 +593,11 @@ void SanitizerCoverageModule::CreateFunctionLocalArrays(
601593
}
602594

603595
bool SanitizerCoverageModule::InjectCoverage(Function &F,
604-
ArrayRef<BasicBlock *> AllBlocks,
605-
bool IsLeafFunc) {
596+
ArrayRef<BasicBlock *> AllBlocks) {
606597
if (AllBlocks.empty()) return false;
607598
CreateFunctionLocalArrays(F, AllBlocks);
608599
for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
609-
InjectCoverageAtBlock(F, *AllBlocks[i], i, IsLeafFunc);
600+
InjectCoverageAtBlock(F, *AllBlocks[i], i);
610601
return true;
611602
}
612603

@@ -740,8 +731,7 @@ void SanitizerCoverageModule::InjectTraceForCmp(
740731
}
741732

742733
void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
743-
size_t Idx,
744-
bool IsLeafFunc) {
734+
size_t Idx) {
745735
BasicBlock::iterator IP = BB.getFirstInsertionPt();
746736
bool IsEntryBB = &BB == &F.getEntryBlock();
747737
DebugLoc EntryLoc;
@@ -780,7 +770,7 @@ void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
780770
SetNoSanitizeMetadata(Load);
781771
SetNoSanitizeMetadata(Store);
782772
}
783-
if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
773+
if (Options.StackDepth && IsEntryBB) {
784774
// Check stack depth. If it's the deepest so far, record it.
785775
Function *GetFrameAddr =
786776
Intrinsic::getDeclaration(F.getParent(), Intrinsic::frameaddress);
@@ -791,9 +781,7 @@ void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
791781
auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
792782
auto ThenTerm = SplitBlockAndInsertIfThen(IsStackLower, &*IP, false);
793783
IRBuilder<> ThenIRB(ThenTerm);
794-
auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
795-
SetNoSanitizeMetadata(LowestStack);
796-
SetNoSanitizeMetadata(Store);
784+
ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
797785
}
798786
}
799787

llvm/test/Instrumentation/SanitizerCoverage/stack-depth.ll

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
; This check verifies that stack depth instrumentation works correctly.
22
; RUN: opt < %s -sancov -sanitizer-coverage-level=1 \
3-
; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s
3+
; RUN: -sanitizer-coverage-stack-depth -S | FileCheck %s --enable-var-scope
44
; RUN: opt < %s -sancov -sanitizer-coverage-level=3 \
55
; RUN: -sanitizer-coverage-stack-depth -sanitizer-coverage-trace-pc-guard \
6-
; RUN: -S | FileCheck %s
6+
; RUN: -S | FileCheck %s --enable-var-scope
77

88
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
99
target triple = "x86_64-unknown-linux-gnu"
@@ -14,8 +14,13 @@ target triple = "x86_64-unknown-linux-gnu"
1414
define i32 @foo() {
1515
entry:
1616
; CHECK-LABEL: define i32 @foo
17-
; CHECK-NOT: call i8* @llvm.frameaddress(i32 0)
18-
; CHECK-NOT: @__sancov_lowest_stack
17+
; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
18+
; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType:i[0-9]+]]
19+
; CHECK: [[lowest:%[^ \t]+]] = load [[$intType]], [[$intType]]* @__sancov_lowest_stack
20+
; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowest]]
21+
; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
22+
; CHECK: <label>:[[ifLabel]]:
23+
; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* @__sancov_lowest_stack
1924
; CHECK: ret i32 7
2025

2126
ret i32 7
@@ -25,12 +30,12 @@ define i32 @bar() {
2530
entry:
2631
; CHECK-LABEL: define i32 @bar
2732
; CHECK: [[framePtr:%[^ \t]+]] = call i8* @llvm.frameaddress(i32 0)
28-
; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[intType:i[0-9]+]]
29-
; CHECK: [[lowest:%[^ \t]+]] = load [[intType]], [[intType]]* @__sancov_lowest_stack
30-
; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[intType]] [[frameInt]], [[lowest]]
33+
; CHECK: [[frameInt:%[^ \t]+]] = ptrtoint i8* [[framePtr]] to [[$intType]]
34+
; CHECK: [[lowest:%[^ \t]+]] = load [[$intType]], [[$intType]]* @__sancov_lowest_stack
35+
; CHECK: [[cmp:%[^ \t]+]] = icmp ult [[$intType]] [[frameInt]], [[lowest]]
3136
; CHECK: br i1 [[cmp]], label %[[ifLabel:[^ \t]+]], label
3237
; CHECK: <label>:[[ifLabel]]:
33-
; CHECK: store [[intType]] [[frameInt]], [[intType]]* @__sancov_lowest_stack
38+
; CHECK: store [[$intType]] [[frameInt]], [[$intType]]* @__sancov_lowest_stack
3439
; CHECK: %call = call i32 @foo()
3540
; CHECK: ret i32 %call
3641

0 commit comments

Comments
 (0)