LLVM 22.0.0git
SanitizerCoverage.cpp
Go to the documentation of this file.
1//===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// Coverage instrumentation done on LLVM IR level, works with Sanitizers.
10//
11//===----------------------------------------------------------------------===//
12
13#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
14#include "llvm/ADT/ArrayRef.h"
15#include "llvm/ADT/SmallVector.h"
16#include "llvm/Analysis/GlobalsModRef.h"
17#include "llvm/Analysis/PostDominators.h"
18#include "llvm/IR/Constant.h"
19#include "llvm/IR/Constants.h"
20#include "llvm/IR/DataLayout.h"
21#include "llvm/IR/Dominators.h"
22#include "llvm/IR/EHPersonalities.h"
23#include "llvm/IR/Function.h"
24#include "llvm/IR/GlobalVariable.h"
25#include "llvm/IR/IRBuilder.h"
26#include "llvm/IR/IntrinsicInst.h"
27#include "llvm/IR/Intrinsics.h"
28#include "llvm/IR/LLVMContext.h"
29#include "llvm/IR/MDBuilder.h"
30#include "llvm/IR/Module.h"
31#include "llvm/IR/Type.h"
32#include "llvm/IR/ValueSymbolTable.h"
33#include "llvm/Support/CommandLine.h"
34#include "llvm/Support/SpecialCaseList.h"
35#include "llvm/Support/VirtualFileSystem.h"
36#include "llvm/TargetParser/Triple.h"
37#include "llvm/Transforms/Utils/BasicBlockUtils.h"
38#include "llvm/Transforms/Utils/ModuleUtils.h"
39
40using namespace llvm;
41
42#define DEBUG_TYPE "sancov"
43
44const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir";
45const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc";
46const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1";
47const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2";
48const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4";
49const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8";
50const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1";
51const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2";
52const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4";
53const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8";
54const char SanCovLoad1[] = "__sanitizer_cov_load1";
55const char SanCovLoad2[] = "__sanitizer_cov_load2";
56const char SanCovLoad4[] = "__sanitizer_cov_load4";
57const char SanCovLoad8[] = "__sanitizer_cov_load8";
58const char SanCovLoad16[] = "__sanitizer_cov_load16";
59const char SanCovStore1[] = "__sanitizer_cov_store1";
60const char SanCovStore2[] = "__sanitizer_cov_store2";
61const char SanCovStore4[] = "__sanitizer_cov_store4";
62const char SanCovStore8[] = "__sanitizer_cov_store8";
63const char SanCovStore16[] = "__sanitizer_cov_store16";
64const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4";
65const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8";
66const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep";
67const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch";
68const char SanCovModuleCtorTracePcGuardName[] =
69 "sancov.module_ctor_trace_pc_guard";
70const char SanCovModuleCtor8bitCountersName[] =
71 "sancov.module_ctor_8bit_counters";
72const char SanCovModuleCtorBoolFlagName[] = "sancov.module_ctor_bool_flag";
73static const uint64_t SanCtorAndDtorPriority = 2;
74
75const char SanCovTracePCGuardName[] = "__sanitizer_cov_trace_pc_guard";
76const char SanCovTracePCGuardInitName[] = "__sanitizer_cov_trace_pc_guard_init";
77const char SanCov8bitCountersInitName[] = "__sanitizer_cov_8bit_counters_init";
78const char SanCovBoolFlagInitName[] = "__sanitizer_cov_bool_flag_init";
79const char SanCovPCsInitName[] = "__sanitizer_cov_pcs_init";
80const char SanCovCFsInitName[] = "__sanitizer_cov_cfs_init";
81
82const char SanCovGuardsSectionName[] = "sancov_guards";
83const char SanCovCountersSectionName[] = "sancov_cntrs";
84const char SanCovBoolFlagSectionName[] = "sancov_bools";
85const char SanCovPCsSectionName[] = "sancov_pcs";
86const char SanCovCFsSectionName[] = "sancov_cfs";
87const char SanCovCallbackGateSectionName[] = "sancov_gate";
88
89const char SanCovStackDepthCallbackName[] = "__sanitizer_cov_stack_depth";
90const char SanCovLowestStackName[] = "__sancov_lowest_stack";
91const char SanCovCallbackGateName[] = "__sancov_should_track";
92
93static cl::opt<int> ClCoverageLevel(
94 "sanitizer-coverage-level",
95 cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, "
96 "3: all blocks and critical edges"),
97 cl::Hidden);
98
99static cl::opt<bool> ClTracePC("sanitizer-coverage-trace-pc",
100 cl::desc("Experimental pc tracing"), cl::Hidden);
101
102static cl::opt<bool> ClTracePCGuard("sanitizer-coverage-trace-pc-guard",
103 cl::desc("pc tracing with a guard"),
104 cl::Hidden);
105
106// If true, we create a global variable that contains PCs of all instrumented
107// BBs, put this global into a named section, and pass this section's bounds
108// to __sanitizer_cov_pcs_init.
109// This way the coverage instrumentation does not need to acquire the PCs
110// at run-time. Works with trace-pc-guard, inline-8bit-counters, and
111// inline-bool-flag.
112static cl::opt<bool> ClCreatePCTable("sanitizer-coverage-pc-table",
113 cl::desc("create a static PC table"),
114 cl::Hidden);
115
116static cl::opt<bool>
117 ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters",
118 cl::desc("increments 8-bit counter for every edge"),
119 cl::Hidden);
120
121static cl::opt<bool>
122 ClSancovDropCtors("sanitizer-coverage-drop-ctors",
123 cl::desc("do not emit module ctors for global counters"),
124 cl::Hidden);
125
126static cl::opt<bool>
127 ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag",
128 cl::desc("sets a boolean flag for every edge"),
129 cl::Hidden);
130
131static cl::opt<bool>
132 ClCMPTracing("sanitizer-coverage-trace-compares",
133 cl::desc("Tracing of CMP and similar instructions"),
134 cl::Hidden);
135
136static cl::opt<bool> ClDIVTracing("sanitizer-coverage-trace-divs",
137 cl::desc("Tracing of DIV instructions"),
138 cl::Hidden);
139
140static cl::opt<bool> ClLoadTracing("sanitizer-coverage-trace-loads",
141 cl::desc("Tracing of load instructions"),
142 cl::Hidden);
143
144static cl::opt<bool> ClStoreTracing("sanitizer-coverage-trace-stores",
145 cl::desc("Tracing of store instructions"),
146 cl::Hidden);
147
148static cl::opt<bool> ClGEPTracing("sanitizer-coverage-trace-geps",
149 cl::desc("Tracing of GEP instructions"),
150 cl::Hidden);
151
152static cl::opt<bool>
153 ClPruneBlocks("sanitizer-coverage-prune-blocks",
154 cl::desc("Reduce the number of instrumented blocks"),
155 cl::Hidden, cl::init(true));
156
157static cl::opt<bool> ClStackDepth("sanitizer-coverage-stack-depth",
158 cl::desc("max stack depth tracing"),
159 cl::Hidden);
160
161static cl::opt<int> ClStackDepthCallbackMin(
162 "sanitizer-coverage-stack-depth-callback-min",
163 cl::desc("max stack depth tracing should use callback and only when "
164 "stack depth more than specified"),
165 cl::Hidden);
166
167static cl::opt<bool>
168 ClCollectCF("sanitizer-coverage-control-flow",
169 cl::desc("collect control flow for each function"), cl::Hidden);
170
171static cl::opt<bool> ClGatedCallbacks(
172 "sanitizer-coverage-gated-trace-callbacks",
173 cl::desc("Gate the invocation of the tracing callbacks on a global variable"
174 ". Currently only supported for trace-pc-guard and trace-cmp."),
175 cl::Hidden, cl::init(false));
176
177namespace {
178
179SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) {
180 SanitizerCoverageOptions Res;
181 switch (LegacyCoverageLevel) {
182 case 0:
183 Res.CoverageType = SanitizerCoverageOptions::SCK_None;
184 break;
185 case 1:
186 Res.CoverageType = SanitizerCoverageOptions::SCK_Function;
187 break;
188 case 2:
189 Res.CoverageType = SanitizerCoverageOptions::SCK_BB;
190 break;
191 case 3:
192 Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
193 break;
194 case 4:
195 Res.CoverageType = SanitizerCoverageOptions::SCK_Edge;
196 Res.IndirectCalls = true;
197 break;
198 }
199 return Res;
200}
201
202SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) {
203 // Sets CoverageType and IndirectCalls.
204 SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel);
205 Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType);
206 Options.IndirectCalls |= CLOpts.IndirectCalls;
207 Options.TraceCmp |= ClCMPTracing;
208 Options.TraceDiv |= ClDIVTracing;
209 Options.TraceGep |= ClGEPTracing;
210 Options.TracePC |= ClTracePC;
211 Options.TracePCGuard |= ClTracePCGuard;
212 Options.Inline8bitCounters |= ClInline8bitCounters;
213 Options.InlineBoolFlag |= ClInlineBoolFlag;
214 Options.PCTable |= ClCreatePCTable;
215 Options.NoPrune |= !ClPruneBlocks;
216 Options.StackDepth |= ClStackDepth;
217 Options.StackDepthCallbackMin = std::max(Options.StackDepthCallbackMin,
218 ClStackDepthCallbackMin.getValue());
219 Options.TraceLoads |= ClLoadTracing;
220 Options.TraceStores |= ClStoreTracing;
221 Options.GatedCallbacks |= ClGatedCallbacks;
222 if (!Options.TracePCGuard && !Options.TracePC &&
223 !Options.Inline8bitCounters && !Options.StackDepth &&
224 !Options.InlineBoolFlag && !Options.TraceLoads && !Options.TraceStores)
225 Options.TracePCGuard = true; // TracePCGuard is default.
226 Options.CollectControlFlow |= ClCollectCF;
227 return Options;
228}
229
230class ModuleSanitizerCoverage {
231public:
232 using DomTreeCallback = function_ref<const DominatorTree &(Function &F)>;
233 using PostDomTreeCallback =
234 function_ref<const PostDominatorTree &(Function &F)>;
235
236 ModuleSanitizerCoverage(Module &M, DomTreeCallback DTCallback,
237 PostDomTreeCallback PDTCallback,
238 const SanitizerCoverageOptions &Options,
239 const SpecialCaseList *Allowlist,
240 const SpecialCaseList *Blocklist)
241 : M(M), DTCallback(DTCallback), PDTCallback(PDTCallback),
242 Options(Options), Allowlist(Allowlist), Blocklist(Blocklist) {}
243
244 bool instrumentModule();
245
246private:
247 void createFunctionControlFlow(Function &F);
248 void instrumentFunction(Function &F);
249 void InjectCoverageForIndirectCalls(Function &F,
250 ArrayRef<Instruction *> IndirCalls);
251 void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets,
252 Value *&FunctionGateCmp);
253 void InjectTraceForDiv(Function &F,
254 ArrayRef<BinaryOperator *> DivTraceTargets);
255 void InjectTraceForGep(Function &F,
256 ArrayRef<GetElementPtrInst *> GepTraceTargets);
257 void InjectTraceForLoadsAndStores(Function &F, ArrayRef<LoadInst *> Loads,
258 ArrayRef<StoreInst *> Stores);
259 void InjectTraceForSwitch(Function &F,
260 ArrayRef<Instruction *> SwitchTraceTargets,
261 Value *&FunctionGateCmp);
262 bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
263 Value *&FunctionGateCmp, bool IsLeafFunc);
264 GlobalVariable *CreateFunctionLocalArrayInSection(size_t NumElements,
265 Function &F, Type *Ty,
266 const char *Section);
267 GlobalVariable *CreatePCArray(Function &F, ArrayRef<BasicBlock *> AllBlocks);
268 void CreateFunctionLocalArrays(Function &F, ArrayRef<BasicBlock *> AllBlocks);
269 Instruction *CreateGateBranch(Function &F, Value *&FunctionGateCmp,
270 Instruction *I);
271 Value *CreateFunctionLocalGateCmp(IRBuilder<> &IRB);
272 void InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx,
273 Value *&FunctionGateCmp, bool IsLeafFunc);
274 Function *CreateInitCallsForSections(Module &M, const char *CtorName,
275 const char *InitFunctionName, Type *Ty,
276 const char *Section);
277 std::pair<Value *, Value *> CreateSecStartEnd(Module &M, const char *Section,
278 Type *Ty);
279
280 std::string getSectionName(const std::string &Section) const;
281 std::string getSectionStart(const std::string &Section) const;
282 std::string getSectionEnd(const std::string &Section) const;
283
284 Module &M;
285 DomTreeCallback DTCallback;
286 PostDomTreeCallback PDTCallback;
287
288 FunctionCallee SanCovStackDepthCallback;
289 FunctionCallee SanCovTracePCIndir;
290 FunctionCallee SanCovTracePC, SanCovTracePCGuard;
291 std::array<FunctionCallee, 4> SanCovTraceCmpFunction;
292 std::array<FunctionCallee, 4> SanCovTraceConstCmpFunction;
293 std::array<FunctionCallee, 5> SanCovLoadFunction;
294 std::array<FunctionCallee, 5> SanCovStoreFunction;
295 std::array<FunctionCallee, 2> SanCovTraceDivFunction;
296 FunctionCallee SanCovTraceGepFunction;
297 FunctionCallee SanCovTraceSwitchFunction;
298 GlobalVariable *SanCovLowestStack;
299 GlobalVariable *SanCovCallbackGate;
300 Type *PtrTy, *IntptrTy, *Int64Ty, *Int32Ty, *Int16Ty, *Int8Ty, *Int1Ty;
301 Module *CurModule;
302 Triple TargetTriple;
303 LLVMContext *C;
304 const DataLayout *DL;
305
306 GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
307 GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
308 GlobalVariable *FunctionBoolArray; // for inline-bool-flag.
309 GlobalVariable *FunctionPCsArray; // for pc-table.
310 GlobalVariable *FunctionCFsArray; // for control flow table
311 SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
312 SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;
313
314 SanitizerCoverageOptions Options;
315
316 const SpecialCaseList *Allowlist;
317 const SpecialCaseList *Blocklist;
318};
319} // namespace
320
321SanitizerCoveragePass::SanitizerCoveragePass(
322 SanitizerCoverageOptions Options, IntrusiveRefCntPtr<vfs::FileSystem> VFS,
323 const std::vector<std::string> &AllowlistFiles,
324 const std::vector<std::string> &BlocklistFiles)
325 : Options(std::move(Options)),
326 VFS(VFS ? std::move(VFS) : vfs::getRealFileSystem()) {
327 if (AllowlistFiles.size() > 0)
328 Allowlist = SpecialCaseList::createOrDie(AllowlistFiles, *this->VFS);
329 if (BlocklistFiles.size() > 0)
330 Blocklist = SpecialCaseList::createOrDie(BlocklistFiles, *this->VFS);
331}
332
333PreservedAnalyses SanitizerCoveragePass::run(Module &M,
334 ModuleAnalysisManager &MAM) {
335 auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
336 auto DTCallback = [&FAM](Function &F) -> const DominatorTree & {
337 return FAM.getResult<DominatorTreeAnalysis>(F);
338 };
339 auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree & {
340 return FAM.getResult<PostDominatorTreeAnalysis>(F);
341 };
342 ModuleSanitizerCoverage ModuleSancov(M, DTCallback, PDTCallback,
343 OverrideFromCL(Options), Allowlist.get(),
344 Blocklist.get());
345 if (!ModuleSancov.instrumentModule())
346 return PreservedAnalyses::all();
347
348 PreservedAnalyses PA = PreservedAnalyses::none();
349 // GlobalsAA is considered stateless and does not get invalidated unless
350 // explicitly invalidated; PreservedAnalyses::none() is not enough. Sanitizers
351 // make changes that require GlobalsAA to be invalidated.
352 PA.abandon<GlobalsAA>();
353 return PA;
354}
355
356std::pair<Value *, Value *>
357ModuleSanitizerCoverage::CreateSecStartEnd(Module &M, const char *Section,
358 Type *Ty) {
359 // Use ExternalWeak so that if all sections are discarded due to section
360 // garbage collection, the linker will not report undefined symbol errors.
361 // Windows defines the start/stop symbols in compiler-rt so no need for
362 // ExternalWeak.
363 GlobalValue::LinkageTypes Linkage = TargetTriple.isOSBinFormatCOFF()
364 ? GlobalVariable::ExternalLinkage
365 : GlobalVariable::ExternalWeakLinkage;
366 GlobalVariable *SecStart = new GlobalVariable(M, Ty, false, Linkage, nullptr,
367 getSectionStart(Section));
368 SecStart->setVisibility(GlobalValue::HiddenVisibility);
369 GlobalVariable *SecEnd = new GlobalVariable(M, Ty, false, Linkage, nullptr,
370 getSectionEnd(Section));
371 SecEnd->setVisibility(GlobalValue::HiddenVisibility);
372 IRBuilder<> IRB(M.getContext());
373 if (!TargetTriple.isOSBinFormatCOFF())
374 return std::make_pair(SecStart, SecEnd);
375
376 // Account for the fact that on windows-msvc __start_* symbols actually
377 // point to a uint64_t before the start of the array.
378 auto GEP =
379 IRB.CreatePtrAdd(SecStart, ConstantInt::get(IntptrTy, sizeof(uint64_t)));
380 return std::make_pair(GEP, SecEnd);
381}
382
383Function *ModuleSanitizerCoverage::CreateInitCallsForSections(
384 Module &M, const char *CtorName, const char *InitFunctionName, Type *Ty,
385 const char *Section) {
386 if (ClSancovDropCtors)
387 return nullptr;
388 auto SecStartEnd = CreateSecStartEnd(M, Section, Ty);
389 auto SecStart = SecStartEnd.first;
390 auto SecEnd = SecStartEnd.second;
391 Function *CtorFunc;
392 std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions(
393 M, CtorName, InitFunctionName, {PtrTy, PtrTy}, {SecStart, SecEnd});
394 assert(CtorFunc->getName() == CtorName);
395
396 if (TargetTriple.supportsCOMDAT()) {
397 // Use comdat to dedup CtorFunc.
398 CtorFunc->setComdat(M.getOrInsertComdat(CtorName));
399 appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority, CtorFunc);
400 } else {
401 appendToGlobalCtors(M, CtorFunc, SanCtorAndDtorPriority);
402 }
403
404 if (TargetTriple.isOSBinFormatCOFF()) {
405 // In COFF files, if the contructors are set as COMDAT (they are because
406 // COFF supports COMDAT) and the linker flag /OPT:REF (strip unreferenced
407 // functions and data) is used, the constructors get stripped. To prevent
408 // this, give the constructors weak ODR linkage and ensure the linker knows
409 // to include the sancov constructor. This way the linker can deduplicate
410 // the constructors but always leave one copy.
411 CtorFunc->setLinkage(GlobalValue::WeakODRLinkage);
412 }
413 return CtorFunc;
414}
415
416bool ModuleSanitizerCoverage::instrumentModule() {
417 if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)
418 return false;
419 if (Allowlist &&
420 !Allowlist->inSection("coverage", "src", M.getSourceFileName()))
421 return false;
422 if (Blocklist &&
423 Blocklist->inSection("coverage", "src", M.getSourceFileName()))
424 return false;
425 C = &(M.getContext());
426 DL = &M.getDataLayout();
427 CurModule = &M;
428 TargetTriple = M.getTargetTriple();
429 FunctionGuardArray = nullptr;
430 Function8bitCounterArray = nullptr;
431 FunctionBoolArray = nullptr;
432 FunctionPCsArray = nullptr;
433 FunctionCFsArray = nullptr;
434 IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
435 PtrTy = PointerType::getUnqual(*C);
436 Type *VoidTy = Type::getVoidTy(*C);
437 IRBuilder<> IRB(*C);
438 Int64Ty = IRB.getInt64Ty();
439 Int32Ty = IRB.getInt32Ty();
440 Int16Ty = IRB.getInt16Ty();
441 Int8Ty = IRB.getInt8Ty();
442 Int1Ty = IRB.getInt1Ty();
443
444 SanCovTracePCIndir =
445 M.getOrInsertFunction(SanCovTracePCIndirName, VoidTy, IntptrTy);
446 // Make sure smaller parameters are zero-extended to i64 if required by the
447 // target ABI.
448 AttributeList SanCovTraceCmpZeroExtAL;
449 SanCovTraceCmpZeroExtAL =
450 SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 0, Attribute::ZExt);
451 SanCovTraceCmpZeroExtAL =
452 SanCovTraceCmpZeroExtAL.addParamAttribute(*C, 1, Attribute::ZExt);
453
454 SanCovTraceCmpFunction[0] =
455 M.getOrInsertFunction(SanCovTraceCmp1, SanCovTraceCmpZeroExtAL, VoidTy,
456 IRB.getInt8Ty(), IRB.getInt8Ty());
457 SanCovTraceCmpFunction[1] =
458 M.getOrInsertFunction(SanCovTraceCmp2, SanCovTraceCmpZeroExtAL, VoidTy,
459 IRB.getInt16Ty(), IRB.getInt16Ty());
460 SanCovTraceCmpFunction[2] =
461 M.getOrInsertFunction(SanCovTraceCmp4, SanCovTraceCmpZeroExtAL, VoidTy,
462 IRB.getInt32Ty(), IRB.getInt32Ty());
463 SanCovTraceCmpFunction[3] =
464 M.getOrInsertFunction(SanCovTraceCmp8, VoidTy, Int64Ty, Int64Ty);
465
466 SanCovTraceConstCmpFunction[0] = M.getOrInsertFunction(
467 SanCovTraceConstCmp1, SanCovTraceCmpZeroExtAL, VoidTy, Int8Ty, Int8Ty);
468 SanCovTraceConstCmpFunction[1] = M.getOrInsertFunction(
469 SanCovTraceConstCmp2, SanCovTraceCmpZeroExtAL, VoidTy, Int16Ty, Int16Ty);
470 SanCovTraceConstCmpFunction[2] = M.getOrInsertFunction(
471 SanCovTraceConstCmp4, SanCovTraceCmpZeroExtAL, VoidTy, Int32Ty, Int32Ty);
472 SanCovTraceConstCmpFunction[3] =
473 M.getOrInsertFunction(SanCovTraceConstCmp8, VoidTy, Int64Ty, Int64Ty);
474
475 // Loads.
476 SanCovLoadFunction[0] = M.getOrInsertFunction(SanCovLoad1, VoidTy, PtrTy);
477 SanCovLoadFunction[1] = M.getOrInsertFunction(SanCovLoad2, VoidTy, PtrTy);
478 SanCovLoadFunction[2] = M.getOrInsertFunction(SanCovLoad4, VoidTy, PtrTy);
479 SanCovLoadFunction[3] = M.getOrInsertFunction(SanCovLoad8, VoidTy, PtrTy);
480 SanCovLoadFunction[4] = M.getOrInsertFunction(SanCovLoad16, VoidTy, PtrTy);
481 // Stores.
482 SanCovStoreFunction[0] = M.getOrInsertFunction(SanCovStore1, VoidTy, PtrTy);
483 SanCovStoreFunction[1] = M.getOrInsertFunction(SanCovStore2, VoidTy, PtrTy);
484 SanCovStoreFunction[2] = M.getOrInsertFunction(SanCovStore4, VoidTy, PtrTy);
485 SanCovStoreFunction[3] = M.getOrInsertFunction(SanCovStore8, VoidTy, PtrTy);
486 SanCovStoreFunction[4] = M.getOrInsertFunction(SanCovStore16, VoidTy, PtrTy);
487
488 {
489 AttributeList AL;
490 AL = AL.addParamAttribute(*C, 0, Attribute::ZExt);
491 SanCovTraceDivFunction[0] =
492 M.getOrInsertFunction(SanCovTraceDiv4, AL, VoidTy, IRB.getInt32Ty());
493 }
494 SanCovTraceDivFunction[1] =
495 M.getOrInsertFunction(SanCovTraceDiv8, VoidTy, Int64Ty);
496 SanCovTraceGepFunction =
497 M.getOrInsertFunction(SanCovTraceGep, VoidTy, IntptrTy);
498 SanCovTraceSwitchFunction =
499 M.getOrInsertFunction(SanCovTraceSwitchName, VoidTy, Int64Ty, PtrTy);
500
501 SanCovLowestStack = M.getOrInsertGlobal(SanCovLowestStackName, IntptrTy);
502 if (SanCovLowestStack->getValueType() != IntptrTy) {
503 C->emitError(StringRef("'") + SanCovLowestStackName +
504 "' should not be declared by the user");
505 return true;
506 }
507 SanCovLowestStack->setThreadLocalMode(
508 GlobalValue::ThreadLocalMode::InitialExecTLSModel);
509 if (Options.StackDepth && !SanCovLowestStack->isDeclaration())
510 SanCovLowestStack->setInitializer(Constant::getAllOnesValue(IntptrTy));
511
512 if (Options.GatedCallbacks) {
513 if (!Options.TracePCGuard && !Options.TraceCmp) {
514 C->emitError(StringRef("'") + ClGatedCallbacks.ArgStr +
515 "' is only supported with trace-pc-guard or trace-cmp");
516 return true;
517 }
518
519 SanCovCallbackGate = cast<GlobalVariable>(
520 M.getOrInsertGlobal(SanCovCallbackGateName, Int64Ty));
521 SanCovCallbackGate->setSection(
522 getSectionName(SanCovCallbackGateSectionName));
523 SanCovCallbackGate->setInitializer(Constant::getNullValue(Int64Ty));
524 SanCovCallbackGate->setLinkage(GlobalVariable::LinkOnceAnyLinkage);
525 SanCovCallbackGate->setVisibility(GlobalVariable::HiddenVisibility);
526 appendToCompilerUsed(M, SanCovCallbackGate);
527 }
528
529 SanCovTracePC = M.getOrInsertFunction(SanCovTracePCName, VoidTy);
530 SanCovTracePCGuard =
531 M.getOrInsertFunction(SanCovTracePCGuardName, VoidTy, PtrTy);
532
533 SanCovStackDepthCallback =
534 M.getOrInsertFunction(SanCovStackDepthCallbackName, VoidTy);
535
536 for (auto &F : M)
537 instrumentFunction(F);
538
539 Function *Ctor = nullptr;
540
541 if (FunctionGuardArray)
542 Ctor = CreateInitCallsForSections(M, SanCovModuleCtorTracePcGuardName,
543 SanCovTracePCGuardInitName, Int32Ty,
544 SanCovGuardsSectionName);
545 if (Function8bitCounterArray)
546 Ctor = CreateInitCallsForSections(M, SanCovModuleCtor8bitCountersName,
547 SanCov8bitCountersInitName, Int8Ty,
548 SanCovCountersSectionName);
549 if (FunctionBoolArray) {
550 Ctor = CreateInitCallsForSections(M, SanCovModuleCtorBoolFlagName,
551 SanCovBoolFlagInitName, Int1Ty,
552 SanCovBoolFlagSectionName);
553 }
554 if (Ctor && Options.PCTable) {
555 auto SecStartEnd = CreateSecStartEnd(M, SanCovPCsSectionName, IntptrTy);
556 FunctionCallee InitFunction =
557 declareSanitizerInitFunction(M, SanCovPCsInitName, {PtrTy, PtrTy});
558 IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
559 IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
560 }
561
562 if (Ctor && Options.CollectControlFlow) {
563 auto SecStartEnd = CreateSecStartEnd(M, SanCovCFsSectionName, IntptrTy);
564 FunctionCallee InitFunction =
565 declareSanitizerInitFunction(M, SanCovCFsInitName, {PtrTy, PtrTy});
566 IRBuilder<> IRBCtor(Ctor->getEntryBlock().getTerminator());
567 IRBCtor.CreateCall(InitFunction, {SecStartEnd.first, SecStartEnd.second});
568 }
569
570 appendToUsed(M, GlobalsToAppendToUsed);
571 appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);
572 return true;
573}
574
575// True if block has successors and it dominates all of them.
576static bool isFullDominator(const BasicBlock *BB, const DominatorTree &DT) {
577 if (succ_empty(BB))
578 return false;
579
580 return llvm::all_of(successors(BB), [&](const BasicBlock *SUCC) {
581 return DT.dominates(BB, SUCC);
582 });
583}
584
585// True if block has predecessors and it postdominates all of them.
586static bool isFullPostDominator(const BasicBlock *BB,
587 const PostDominatorTree &PDT) {
588 if (pred_empty(BB))
589 return false;
590
591 return llvm::all_of(predecessors(BB), [&](const BasicBlock *PRED) {
592 return PDT.dominates(BB, PRED);
593 });
594}
595
596static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
597 const DominatorTree &DT,
598 const PostDominatorTree &PDT,
599 const SanitizerCoverageOptions &Options) {
600 // Don't insert coverage for blocks containing nothing but unreachable: we
601 // will never call __sanitizer_cov() for them, so counting them in
602 // NumberOfInstrumentedBlocks() might complicate calculation of code coverage
603 // percentage. Also, unreachable instructions frequently have no debug
604 // locations.
605 if (isa<UnreachableInst>(BB->getFirstNonPHIOrDbgOrLifetime()))
606 return false;
607
608 // Don't insert coverage into blocks without a valid insertion point
609 // (catchswitch blocks).
610 if (BB->getFirstInsertionPt() == BB->end())
611 return false;
612
613 if (Options.NoPrune || &F.getEntryBlock() == BB)
614 return true;
615
616 if (Options.CoverageType == SanitizerCoverageOptions::SCK_Function &&
617 &F.getEntryBlock() != BB)
618 return false;
619
620 // Do not instrument full dominators, or full post-dominators with multiple
621 // predecessors.
622 return !isFullDominator(BB, DT) &&
623 !(isFullPostDominator(BB, PDT) && !BB->getSinglePredecessor());
624}
625
626// Returns true iff From->To is a backedge.
627// A twist here is that we treat From->To as a backedge if
628// * To dominates From or
629// * To->UniqueSuccessor dominates From
630static bool IsBackEdge(BasicBlock *From, BasicBlock *To,
631 const DominatorTree &DT) {
632 if (DT.dominates(To, From))
633 return true;
634 if (auto Next = To->getUniqueSuccessor())
635 if (DT.dominates(Next, From))
636 return true;
637 return false;
638}
639
640// Prunes uninteresting Cmp instrumentation:
641// * CMP instructions that feed into loop backedge branch.
642//
643// Note that Cmp pruning is controlled by the same flag as the
644// BB pruning.
645static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree &DT,
646 const SanitizerCoverageOptions &Options) {
647 if (!Options.NoPrune)
648 if (CMP->hasOneUse())
649 if (auto BR = dyn_cast<BranchInst>(CMP->user_back()))
650 for (BasicBlock *B : BR->successors())
651 if (IsBackEdge(BR->getParent(), B, DT))
652 return false;
653 return true;
654}
655
656void ModuleSanitizerCoverage::instrumentFunction(Function &F) {
657 if (F.empty())
658 return;
659 if (F.getName().contains(".module_ctor"))
660 return; // Should not instrument sanitizer init functions.
661 if (F.getName().starts_with("__sanitizer_"))
662 return; // Don't instrument __sanitizer_* callbacks.
663 // Don't touch available_externally functions, their actual body is elewhere.
664 if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
665 return;
666 // Don't instrument MSVC CRT configuration helpers. They may run before normal
667 // initialization.
668 if (F.getName() == "__local_stdio_printf_options" ||
669 F.getName() == "__local_stdio_scanf_options")
670 return;
671 if (isa<UnreachableInst>(F.getEntryBlock().getTerminator()))
672 return;
673 // Don't instrument functions using SEH for now. Splitting basic blocks like
674 // we do for coverage breaks WinEHPrepare.
675 // FIXME: Remove this when SEH no longer uses landingpad pattern matching.
676 if (F.hasPersonalityFn() &&
677 isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
678 return;
679 if (Allowlist && !Allowlist->inSection("coverage", "fun", F.getName()))
680 return;
681 if (Blocklist && Blocklist->inSection("coverage", "fun", F.getName()))
682 return;
683 // Do not apply any instrumentation for naked functions.
684 if (F.hasFnAttribute(Attribute::Naked))
685 return;
686 if (F.hasFnAttribute(Attribute::NoSanitizeCoverage))
687 return;
688 if (F.hasFnAttribute(Attribute::DisableSanitizerInstrumentation))
689 return;
690 if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge) {
691 SplitAllCriticalEdges(
692 F, CriticalEdgeSplittingOptions().setIgnoreUnreachableDests());
693 }
694 SmallVector<Instruction *, 8> IndirCalls;
695 SmallVector<BasicBlock *, 16> BlocksToInstrument;
696 SmallVector<Instruction *, 8> CmpTraceTargets;
697 SmallVector<Instruction *, 8> SwitchTraceTargets;
698 SmallVector<BinaryOperator *, 8> DivTraceTargets;
699 SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
700 SmallVector<LoadInst *, 8> Loads;
701 SmallVector<StoreInst *, 8> Stores;
702
703 const DominatorTree &DT = DTCallback(F);
704 const PostDominatorTree &PDT = PDTCallback(F);
705 bool IsLeafFunc = true;
706
707 for (auto &BB : F) {
708 if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
709 BlocksToInstrument.push_back(&BB);
710 for (auto &Inst : BB) {
711 if (Options.IndirectCalls) {
712 CallBase *CB = dyn_cast<CallBase>(&Inst);
713 if (CB && CB->isIndirectCall())
714 IndirCalls.push_back(&Inst);
715 }
716 if (Options.TraceCmp) {
717 if (ICmpInst *CMP = dyn_cast<ICmpInst>(&Inst))
718 if (IsInterestingCmp(CMP, DT, Options))
719 CmpTraceTargets.push_back(&Inst);
720 if (isa<SwitchInst>(&Inst))
721 SwitchTraceTargets.push_back(&Inst);
722 }
723 if (Options.TraceDiv)
724 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&Inst))
725 if (BO->getOpcode() == Instruction::SDiv ||
726 BO->getOpcode() == Instruction::UDiv)
727 DivTraceTargets.push_back(BO);
728 if (Options.TraceGep)
729 if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(&Inst))
730 GepTraceTargets.push_back(GEP);
731 if (Options.TraceLoads)
732 if (LoadInst *LI = dyn_cast<LoadInst>(&Inst))
733 Loads.push_back(LI);
734 if (Options.TraceStores)
735 if (StoreInst *SI = dyn_cast<StoreInst>(&Inst))
736 Stores.push_back(SI);
737 if (Options.StackDepth)
738 if (isa<InvokeInst>(Inst) ||
739 (isa<CallInst>(Inst) && !isa<IntrinsicInst>(Inst)))
740 IsLeafFunc = false;
741 }
742 }
743
744 if (Options.CollectControlFlow)
745 createFunctionControlFlow(F);
746
747 Value *FunctionGateCmp = nullptr;
748 InjectCoverage(F, BlocksToInstrument, FunctionGateCmp, IsLeafFunc);
749 InjectCoverageForIndirectCalls(F, IndirCalls);
750 InjectTraceForCmp(F, CmpTraceTargets, FunctionGateCmp);
751 InjectTraceForSwitch(F, SwitchTraceTargets, FunctionGateCmp);
752 InjectTraceForDiv(F, DivTraceTargets);
753 InjectTraceForGep(F, GepTraceTargets);
754 InjectTraceForLoadsAndStores(F, Loads, Stores);
755}
756
757GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
758 size_t NumElements, Function &F, Type *Ty, const char *Section) {
759 ArrayType *ArrayTy = ArrayType::get(Ty, NumElements);
760 auto Array = new GlobalVariable(
761 *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage,
762 Constant::getNullValue(ArrayTy), "__sancov_gen_");
763
764 if (TargetTriple.supportsCOMDAT() &&
765 (F.hasComdat() || TargetTriple.isOSBinFormatELF() || !F.isInterposable()))
766 if (auto Comdat = getOrCreateFunctionComdat(F, TargetTriple))
767 Array->setComdat(Comdat);
768 Array->setSection(getSectionName(Section));
769 Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedValue()));
770
771 // sancov_pcs parallels the other metadata section(s). Optimizers (e.g.
772 // GlobalOpt/ConstantMerge) may not discard sancov_pcs and the other
773 // section(s) as a unit, so we conservatively retain all unconditionally in
774 // the compiler.
775 //
776 // With comdat (COFF/ELF), the linker can guarantee the associated sections
777 // will be retained or discarded as a unit, so llvm.compiler.used is
778 // sufficient. Otherwise, conservatively make all of them retained by the
779 // linker.
780 if (Array->hasComdat())
781 GlobalsToAppendToCompilerUsed.push_back(Array);
782 else
783 GlobalsToAppendToUsed.push_back(Array);
784
785 return Array;
786}
787
788GlobalVariable *
789ModuleSanitizerCoverage::CreatePCArray(Function &F,
790 ArrayRef<BasicBlock *> AllBlocks) {
791 size_t N = AllBlocks.size();
792 assert(N);
793 SmallVector<Constant *, 32> PCs;
794 IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt());
795 for (size_t i = 0; i < N; i++) {
796 if (&F.getEntryBlock() == AllBlocks[i]) {
797 PCs.push_back((Constant *)IRB.CreatePointerCast(&F, PtrTy));
798 PCs.push_back(
799 (Constant *)IRB.CreateIntToPtr(ConstantInt::get(IntptrTy, 1), PtrTy));
800 } else {
801 PCs.push_back((Constant *)IRB.CreatePointerCast(
802 BlockAddress::get(AllBlocks[i]), PtrTy));
803 PCs.push_back(Constant::getNullValue(PtrTy));
804 }
805 }
806 auto *PCArray =
807 CreateFunctionLocalArrayInSection(N * 2, F, PtrTy, SanCovPCsSectionName);
808 PCArray->setInitializer(
809 ConstantArray::get(ArrayType::get(PtrTy, N * 2), PCs));
810 PCArray->setConstant(true);
811
812 return PCArray;
813}
814
815void ModuleSanitizerCoverage::CreateFunctionLocalArrays(
816 Function &F, ArrayRef<BasicBlock *> AllBlocks) {
817 if (Options.TracePCGuard)
818 FunctionGuardArray = CreateFunctionLocalArrayInSection(
819 AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName);
820
821 if (Options.Inline8bitCounters)
822 Function8bitCounterArray = CreateFunctionLocalArrayInSection(
823 AllBlocks.size(), F, Int8Ty, SanCovCountersSectionName);
824 if (Options.InlineBoolFlag)
825 FunctionBoolArray = CreateFunctionLocalArrayInSection(
826 AllBlocks.size(), F, Int1Ty, SanCovBoolFlagSectionName);
827
828 if (Options.PCTable)
829 FunctionPCsArray = CreatePCArray(F, AllBlocks);
830}
831
832Value *ModuleSanitizerCoverage::CreateFunctionLocalGateCmp(IRBuilder<> &IRB) {
833 auto Load = IRB.CreateLoad(Int64Ty, SanCovCallbackGate);
834 Load->setNoSanitizeMetadata();
835 auto Cmp = IRB.CreateIsNotNull(Load);
836 Cmp->setName("sancov gate cmp");
837 return Cmp;
838}
839
840Instruction *ModuleSanitizerCoverage::CreateGateBranch(Function &F,
841 Value *&FunctionGateCmp,
842 Instruction *IP) {
843 if (!FunctionGateCmp) {
844 // Create this in the entry block
845 BasicBlock &BB = F.getEntryBlock();
846 BasicBlock::iterator IP = BB.getFirstInsertionPt();
847 IP = PrepareToSplitEntryBlock(BB, IP);
848 IRBuilder<> EntryIRB(&*IP);
849 FunctionGateCmp = CreateFunctionLocalGateCmp(EntryIRB);
850 }
851 // Set the branch weights in order to minimize the price paid when the
852 // gate is turned off, allowing the default enablement of this
853 // instrumentation with as little of a performance cost as possible
854 auto Weights = MDBuilder(*C).createBranchWeights(1, 100000);
855 return SplitBlockAndInsertIfThen(FunctionGateCmp, IP, false, Weights);
856}
857
858bool ModuleSanitizerCoverage::InjectCoverage(Function &F,
859 ArrayRef<BasicBlock *> AllBlocks,
860 Value *&FunctionGateCmp,
861 bool IsLeafFunc) {
862 if (AllBlocks.empty())
863 return false;
864 CreateFunctionLocalArrays(F, AllBlocks);
865 for (size_t i = 0, N = AllBlocks.size(); i < N; i++)
866 InjectCoverageAtBlock(F, *AllBlocks[i], i, FunctionGateCmp, IsLeafFunc);
867 return true;
868}
869
870// On every indirect call we call a run-time function
871// __sanitizer_cov_indir_call* with two parameters:
872// - callee address,
873// - global cache array that contains CacheSize pointers (zero-initialized).
874// The cache is used to speed up recording the caller-callee pairs.
875// The address of the caller is passed implicitly via caller PC.
876// CacheSize is encoded in the name of the run-time function.
877void ModuleSanitizerCoverage::InjectCoverageForIndirectCalls(
878 Function &F, ArrayRef<Instruction *> IndirCalls) {
879 if (IndirCalls.empty())
880 return;
881 assert(Options.TracePC || Options.TracePCGuard ||
882 Options.Inline8bitCounters || Options.InlineBoolFlag);
883 for (auto *I : IndirCalls) {
884 InstrumentationIRBuilder IRB(I);
885 CallBase &CB = cast<CallBase>(*I);
886 Value *Callee = CB.getCalledOperand();
887 if (isa<InlineAsm>(Callee))
888 continue;
889 IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
890 }
891}
892
893// For every switch statement we insert a call:
894// __sanitizer_cov_trace_switch(CondValue,
895// {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... })
896
897void ModuleSanitizerCoverage::InjectTraceForSwitch(
898 Function &F, ArrayRef<Instruction *> SwitchTraceTargets,
899 Value *&FunctionGateCmp) {
900 for (auto *I : SwitchTraceTargets) {
901 if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) {
902 InstrumentationIRBuilder IRB(I);
903 SmallVector<Constant *, 16> Initializers;
904 Value *Cond = SI->getCondition();
905 if (Cond->getType()->getScalarSizeInBits() >
906 Int64Ty->getScalarSizeInBits())
907 continue;
908 Initializers.push_back(ConstantInt::get(Int64Ty, SI->getNumCases()));
909 Initializers.push_back(
910 ConstantInt::get(Int64Ty, Cond->getType()->getScalarSizeInBits()));
911 if (Cond->getType()->getScalarSizeInBits() <
912 Int64Ty->getScalarSizeInBits())
913 Cond = IRB.CreateIntCast(Cond, Int64Ty, false);
914 for (auto It : SI->cases()) {
915 ConstantInt *C = It.getCaseValue();
916 if (C->getType()->getScalarSizeInBits() < 64)
917 C = ConstantInt::get(C->getContext(), C->getValue().zext(64));
918 Initializers.push_back(C);
919 }
920 llvm::sort(drop_begin(Initializers, 2),
921 [](const Constant *A, const Constant *B) {
922 return cast<ConstantInt>(A)->getLimitedValue() <
923 cast<ConstantInt>(B)->getLimitedValue();
924 });
925 ArrayType *ArrayOfInt64Ty = ArrayType::get(Int64Ty, Initializers.size());
926 GlobalVariable *GV = new GlobalVariable(
927 *CurModule, ArrayOfInt64Ty, false, GlobalVariable::InternalLinkage,
928 ConstantArray::get(ArrayOfInt64Ty, Initializers),
929 "__sancov_gen_cov_switch_values");
930 if (Options.GatedCallbacks) {
931 auto GateBranch = CreateGateBranch(F, FunctionGateCmp, I);
932 IRBuilder<> GateIRB(GateBranch);
933 GateIRB.CreateCall(SanCovTraceSwitchFunction, {Cond, GV});
934 } else {
935 IRB.CreateCall(SanCovTraceSwitchFunction, {Cond, GV});
936 }
937 }
938 }
939}
940
941void ModuleSanitizerCoverage::InjectTraceForDiv(
942 Function &, ArrayRef<BinaryOperator *> DivTraceTargets) {
943 for (auto *BO : DivTraceTargets) {
944 InstrumentationIRBuilder IRB(BO);
945 Value *A1 = BO->getOperand(1);
946 if (isa<ConstantInt>(A1))
947 continue;
948 if (!A1->getType()->isIntegerTy())
949 continue;
950 uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
951 int CallbackIdx = TypeSize == 32 ? 0 : TypeSize == 64 ? 1 : -1;
952 if (CallbackIdx < 0)
953 continue;
954 auto Ty = Type::getIntNTy(*C, TypeSize);
955 IRB.CreateCall(SanCovTraceDivFunction[CallbackIdx],
956 {IRB.CreateIntCast(A1, Ty, true)});
957 }
958}
959
960void ModuleSanitizerCoverage::InjectTraceForGep(
961 Function &, ArrayRef<GetElementPtrInst *> GepTraceTargets) {
962 for (auto *GEP : GepTraceTargets) {
963 InstrumentationIRBuilder IRB(GEP);
964 for (Use &Idx : GEP->indices())
965 if (!isa<ConstantInt>(Idx) && Idx->getType()->isIntegerTy())
966 IRB.CreateCall(SanCovTraceGepFunction,
967 {IRB.CreateIntCast(Idx, IntptrTy, true)});
968 }
969}
970
971void ModuleSanitizerCoverage::InjectTraceForLoadsAndStores(
972 Function &, ArrayRef<LoadInst *> Loads, ArrayRef<StoreInst *> Stores) {
973 auto CallbackIdx = [&](Type *ElementTy) -> int {
974 uint64_t TypeSize = DL->getTypeStoreSizeInBits(ElementTy);
975 return TypeSize == 8 ? 0
976 : TypeSize == 16 ? 1
977 : TypeSize == 32 ? 2
978 : TypeSize == 64 ? 3
979 : TypeSize == 128 ? 4
980 : -1;
981 };
982 for (auto *LI : Loads) {
983 InstrumentationIRBuilder IRB(LI);
984 auto Ptr = LI->getPointerOperand();
985 int Idx = CallbackIdx(LI->getType());
986 if (Idx < 0)
987 continue;
988 IRB.CreateCall(SanCovLoadFunction[Idx], Ptr);
989 }
990 for (auto *SI : Stores) {
991 InstrumentationIRBuilder IRB(SI);
992 auto Ptr = SI->getPointerOperand();
993 int Idx = CallbackIdx(SI->getValueOperand()->getType());
994 if (Idx < 0)
995 continue;
996 IRB.CreateCall(SanCovStoreFunction[Idx], Ptr);
997 }
998}
999
1000void ModuleSanitizerCoverage::InjectTraceForCmp(
1001 Function &F, ArrayRef<Instruction *> CmpTraceTargets,
1002 Value *&FunctionGateCmp) {
1003 for (auto *I : CmpTraceTargets) {
1004 if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
1005 InstrumentationIRBuilder IRB(ICMP);
1006 Value *A0 = ICMP->getOperand(0);
1007 Value *A1 = ICMP->getOperand(1);
1008 if (!A0->getType()->isIntegerTy())
1009 continue;
1010 uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType());
1011 int CallbackIdx = TypeSize == 8 ? 0
1012 : TypeSize == 16 ? 1
1013 : TypeSize == 32 ? 2
1014 : TypeSize == 64 ? 3
1015 : -1;
1016 if (CallbackIdx < 0)
1017 continue;
1018 // __sanitizer_cov_trace_cmp((type_size << 32) | predicate, A0, A1);
1019 auto CallbackFunc = SanCovTraceCmpFunction[CallbackIdx];
1020 bool FirstIsConst = isa<ConstantInt>(A0);
1021 bool SecondIsConst = isa<ConstantInt>(A1);
1022 // If both are const, then we don't need such a comparison.
1023 if (FirstIsConst && SecondIsConst)
1024 continue;
1025 // If only one is const, then make it the first callback argument.
1026 if (FirstIsConst || SecondIsConst) {
1027 CallbackFunc = SanCovTraceConstCmpFunction[CallbackIdx];
1028 if (SecondIsConst)
1029 std::swap(A0, A1);
1030 }
1031
1032 auto Ty = Type::getIntNTy(*C, TypeSize);
1033 if (Options.GatedCallbacks) {
1034 auto GateBranch = CreateGateBranch(F, FunctionGateCmp, I);
1035 IRBuilder<> GateIRB(GateBranch);
1036 GateIRB.CreateCall(CallbackFunc, {GateIRB.CreateIntCast(A0, Ty, true),
1037 GateIRB.CreateIntCast(A1, Ty, true)});
1038 } else {
1039 IRB.CreateCall(CallbackFunc, {IRB.CreateIntCast(A0, Ty, true),
1040 IRB.CreateIntCast(A1, Ty, true)});
1041 }
1042 }
1043 }
1044}
1045
1046void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
1047 size_t Idx,
1048 Value *&FunctionGateCmp,
1049 bool IsLeafFunc) {
1050 BasicBlock::iterator IP = BB.getFirstInsertionPt();
1051 bool IsEntryBB = &BB == &F.getEntryBlock();
1052 DebugLoc EntryLoc;
1053 if (IsEntryBB) {
1054 if (auto SP = F.getSubprogram())
1055 EntryLoc = DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP);
1056 // Keep static allocas and llvm.localescape calls in the entry block. Even
1057 // if we aren't splitting the block, it's nice for allocas to be before
1058 // calls.
1059 IP = PrepareToSplitEntryBlock(BB, IP);
1060 }
1061
1062 InstrumentationIRBuilder IRB(&*IP);
1063 if (EntryLoc)
1064 IRB.SetCurrentDebugLocation(EntryLoc);
1065 if (Options.TracePC) {
1066 IRB.CreateCall(SanCovTracePC)
1067 ->setCannotMerge(); // gets the PC using GET_CALLER_PC.
1068 }
1069 if (Options.TracePCGuard) {
1070 auto GuardPtr = IRB.CreateConstInBoundsGEP2_64(
1071 FunctionGuardArray->getValueType(), FunctionGuardArray, 0, Idx);
1072 if (Options.GatedCallbacks) {
1073 Instruction *I = &*IP;
1074 auto GateBranch = CreateGateBranch(F, FunctionGateCmp, I);
1075 IRBuilder<> GateIRB(GateBranch);
1076 GateIRB.CreateCall(SanCovTracePCGuard, GuardPtr)->setCannotMerge();
1077 } else {
1078 IRB.CreateCall(SanCovTracePCGuard, GuardPtr)->setCannotMerge();
1079 }
1080 }
1081 if (Options.Inline8bitCounters) {
1082 auto CounterPtr = IRB.CreateGEP(
1083 Function8bitCounterArray->getValueType(), Function8bitCounterArray,
1084 {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
1085 auto Load = IRB.CreateLoad(Int8Ty, CounterPtr);
1086 auto Inc = IRB.CreateAdd(Load, ConstantInt::get(Int8Ty, 1));
1087 auto Store = IRB.CreateStore(Inc, CounterPtr);
1088 Load->setNoSanitizeMetadata();
1089 Store->setNoSanitizeMetadata();
1090 }
1091 if (Options.InlineBoolFlag) {
1092 auto FlagPtr = IRB.CreateGEP(
1093 FunctionBoolArray->getValueType(), FunctionBoolArray,
1094 {ConstantInt::get(IntptrTy, 0), ConstantInt::get(IntptrTy, Idx)});
1095 auto Load = IRB.CreateLoad(Int1Ty, FlagPtr);
1096 auto ThenTerm = SplitBlockAndInsertIfThen(
1097 IRB.CreateIsNull(Load), &*IP, false,
1098 MDBuilder(IRB.getContext()).createUnlikelyBranchWeights());
1099 InstrumentationIRBuilder ThenIRB(ThenTerm);
1100 auto Store = ThenIRB.CreateStore(ConstantInt::getTrue(Int1Ty), FlagPtr);
1101 if (EntryLoc)
1102 Store->setDebugLoc(EntryLoc);
1103 Load->setNoSanitizeMetadata();
1104 Store->setNoSanitizeMetadata();
1105 }
1106 if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
1107 Module *M = F.getParent();
1108 const DataLayout &DL = M->getDataLayout();
1109
1110 if (Options.StackDepthCallbackMin) {
1111 // In callback mode, only add call when stack depth reaches minimum.
1112 int EstimatedStackSize = 0;
1113 // If dynamic alloca found, always add call.
1114 bool HasDynamicAlloc = false;
1115 // Find an insertion point after last "alloca".
1116 llvm::Instruction *InsertBefore = nullptr;
1117
1118 // Examine all allocas in the basic block. since we're too early
1119 // to have results from Intrinsic::frameaddress, we have to manually
1120 // estimate the stack size.
1121 for (auto &I : BB) {
1122 if (auto *AI = dyn_cast<AllocaInst>(&I)) {
1123 // Move potential insertion point past the "alloca".
1124 InsertBefore = AI->getNextNode();
1125
1126 // Make an estimate on the stack usage.
1127 if (AI->isStaticAlloca()) {
1128 uint32_t Bytes = DL.getTypeAllocSize(AI->getAllocatedType());
1129 if (AI->isArrayAllocation()) {
1130 if (const ConstantInt *arraySize =
1131 dyn_cast<ConstantInt>(AI->getArraySize())) {
1132 Bytes *= arraySize->getZExtValue();
1133 } else {
1134 HasDynamicAlloc = true;
1135 }
1136 }
1137 EstimatedStackSize += Bytes;
1138 } else {
1139 HasDynamicAlloc = true;
1140 }
1141 }
1142 }
1143
1144 if (HasDynamicAlloc ||
1145 EstimatedStackSize >= Options.StackDepthCallbackMin) {
1146 if (InsertBefore)
1147 IRB.SetInsertPoint(InsertBefore);
1148 auto Call = IRB.CreateCall(SanCovStackDepthCallback);
1149 if (EntryLoc)
1150 Call->setDebugLoc(EntryLoc);
1151 Call->setCannotMerge();
1152 }
1153 } else {
1154 // Check stack depth. If it's the deepest so far, record it.
1155 auto FrameAddrPtr = IRB.CreateIntrinsic(
1156 Intrinsic::frameaddress, IRB.getPtrTy(DL.getAllocaAddrSpace()),
1157 {Constant::getNullValue(Int32Ty)});
1158 auto FrameAddrInt = IRB.CreatePtrToInt(FrameAddrPtr, IntptrTy);
1159 auto LowestStack = IRB.CreateLoad(IntptrTy, SanCovLowestStack);
1160 auto IsStackLower = IRB.CreateICmpULT(FrameAddrInt, LowestStack);
1161 auto ThenTerm = SplitBlockAndInsertIfThen(
1162 IsStackLower, &*IP, false,
1163 MDBuilder(IRB.getContext()).createUnlikelyBranchWeights());
1164 InstrumentationIRBuilder ThenIRB(ThenTerm);
1165 auto Store = ThenIRB.CreateStore(FrameAddrInt, SanCovLowestStack);
1166 if (EntryLoc)
1167 Store->setDebugLoc(EntryLoc);
1168 LowestStack->setNoSanitizeMetadata();
1169 Store->setNoSanitizeMetadata();
1170 }
1171 }
1172}
1173
1174std::string
1175ModuleSanitizerCoverage::getSectionName(const std::string &Section) const {
1176 if (TargetTriple.isOSBinFormatCOFF()) {
1177 if (Section == SanCovCountersSectionName)
1178 return ".SCOV$CM";
1179 if (Section == SanCovBoolFlagSectionName)
1180 return ".SCOV$BM";
1181 if (Section == SanCovPCsSectionName)
1182 return ".SCOVP$M";
1183 return ".SCOV$GM"; // For SanCovGuardsSectionName.
1184 }
1185 if (TargetTriple.isOSBinFormatMachO())
1186 return "__DATA,__" + Section;
1187 return "__" + Section;
1188}
1189
1190std::string
1191ModuleSanitizerCoverage::getSectionStart(const std::string &Section) const {
1192 if (TargetTriple.isOSBinFormatMachO())
1193 return "\1section$start$__DATA$__" + Section;
1194 return "__start___" + Section;
1195}
1196
1197std::string
1198ModuleSanitizerCoverage::getSectionEnd(const std::string &Section) const {
1199 if (TargetTriple.isOSBinFormatMachO())
1200 return "\1section$end$__DATA$__" + Section;
1201 return "__stop___" + Section;
1202}
1203
1204void ModuleSanitizerCoverage::createFunctionControlFlow(Function &F) {
1205 SmallVector<Constant *, 32> CFs;
1206 IRBuilder<> IRB(&*F.getEntryBlock().getFirstInsertionPt());
1207
1208 for (auto &BB : F) {
1209 // blockaddress can not be used on function's entry block.
1210 if (&BB == &F.getEntryBlock())
1211 CFs.push_back((Constant *)IRB.CreatePointerCast(&F, PtrTy));
1212 else
1213 CFs.push_back(
1214 (Constant *)IRB.CreatePointerCast(BlockAddress::get(&BB), PtrTy));
1215
1216 for (auto SuccBB : successors(&BB)) {
1217 assert(SuccBB != &F.getEntryBlock());
1218 CFs.push_back(
1219 (Constant *)IRB.CreatePointerCast(BlockAddress::get(SuccBB), PtrTy));
1220 }
1221
1222 CFs.push_back((Constant *)Constant::getNullValue(PtrTy));
1223
1224 for (auto &Inst : BB) {
1225 if (CallBase *CB = dyn_cast<CallBase>(&Inst)) {
1226 if (CB->isIndirectCall()) {
1227 // TODO(navidem): handle indirect calls, for now mark its existence.
1228 CFs.push_back((Constant *)IRB.CreateIntToPtr(
1229 ConstantInt::get(IntptrTy, -1), PtrTy));
1230 } else {
1231 auto CalledF = CB->getCalledFunction();
1232 if (CalledF && !CalledF->isIntrinsic())
1233 CFs.push_back((Constant *)IRB.CreatePointerCast(CalledF, PtrTy));
1234 }
1235 }
1236 }
1237
1238 CFs.push_back((Constant *)Constant::getNullValue(PtrTy));
1239 }
1240
1241 FunctionCFsArray = CreateFunctionLocalArrayInSection(CFs.size(), F, PtrTy,
1242 SanCovCFsSectionName);
1243 FunctionCFsArray->setInitializer(
1244 ConstantArray::get(ArrayType::get(PtrTy, CFs.size()), CFs));
1245 FunctionCFsArray->setConstant(true);
1246}
assert
assert(UImm &&(UImm !=~static_cast< T >(0)) &&"Invalid immediate!")
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition ARMSLSHardening.cpp:73
A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")
B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")
Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...
GlobalsModRef.h
This is the interface for a simple mod/ref and alias analysis over globals.
GEP
Hexagon Common GEP
Definition HexagonCommonGEP.cpp:164
Module.h
Module.h This file contains the declarations for the Module class.
Options
static LVOptions Options
Definition LVOptions.cpp:25
F
#define F(x, y, z)
Definition MD5.cpp:55
I
#define I(x, y, z)
Definition MD5.cpp:58
Module
Machine Check Debug Module
Definition MachineCheckDebugify.cpp:124
SplitAllCriticalEdges
static cl::opt< bool > SplitAllCriticalEdges("phi-elim-split-all-critical-edges", cl::init(false), cl::Hidden, cl::desc("Split all critical edges during " "PHI elimination"))
FAM
FunctionAnalysisManager FAM
Definition PassBuilderBindings.cpp:61
MAM
ModuleAnalysisManager MAM
Definition PassBuilderBindings.cpp:63
if
if(PassOpts->AAPipeline)
Definition PassBuilderBindings.cpp:64
Cond
const SmallVectorImpl< MachineOperand > & Cond
Definition RISCVRedundantCopyElimination.cpp:71
ClLoadTracing
static cl::opt< bool > ClLoadTracing("sanitizer-coverage-trace-loads", cl::desc("Tracing of load instructions"), cl::Hidden)
SanCovCFsSectionName
const char SanCovCFsSectionName[]
Definition SanitizerCoverage.cpp:86
isFullPostDominator
static bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree &PDT)
Definition SanitizerCoverage.cpp:586
ClCoverageLevel
static cl::opt< int > ClCoverageLevel("sanitizer-coverage-level", cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, " "3: all blocks and critical edges"), cl::Hidden)
ClSancovDropCtors
static cl::opt< bool > ClSancovDropCtors("sanitizer-coverage-drop-ctors", cl::desc("do not emit module ctors for global counters"), cl::Hidden)
ClStackDepth
static cl::opt< bool > ClStackDepth("sanitizer-coverage-stack-depth", cl::desc("max stack depth tracing"), cl::Hidden)
ClInlineBoolFlag
static cl::opt< bool > ClInlineBoolFlag("sanitizer-coverage-inline-bool-flag", cl::desc("sets a boolean flag for every edge"), cl::Hidden)
SanCovTraceConstCmp4
const char SanCovTraceConstCmp4[]
Definition SanitizerCoverage.cpp:52
SanCovBoolFlagSectionName
const char SanCovBoolFlagSectionName[]
Definition SanitizerCoverage.cpp:84
SanCov8bitCountersInitName
const char SanCov8bitCountersInitName[]
Definition SanitizerCoverage.cpp:77
SanCovLoad8
const char SanCovLoad8[]
Definition SanitizerCoverage.cpp:57
SanCovTraceSwitchName
const char SanCovTraceSwitchName[]
Definition SanitizerCoverage.cpp:67
SanCovTraceCmp1
const char SanCovTraceCmp1[]
Definition SanitizerCoverage.cpp:46
SanCovModuleCtorTracePcGuardName
const char SanCovModuleCtorTracePcGuardName[]
Definition SanitizerCoverage.cpp:68
SanCovCountersSectionName
const char SanCovCountersSectionName[]
Definition SanitizerCoverage.cpp:83
ClCreatePCTable
static cl::opt< bool > ClCreatePCTable("sanitizer-coverage-pc-table", cl::desc("create a static PC table"), cl::Hidden)
SanCovPCsInitName
const char SanCovPCsInitName[]
Definition SanitizerCoverage.cpp:79
SanCovTracePCGuardName
const char SanCovTracePCGuardName[]
Definition SanitizerCoverage.cpp:75
ClStackDepthCallbackMin
static cl::opt< int > ClStackDepthCallbackMin("sanitizer-coverage-stack-depth-callback-min", cl::desc("max stack depth tracing should use callback and only when " "stack depth more than specified"), cl::Hidden)
SanCovModuleCtor8bitCountersName
const char SanCovModuleCtor8bitCountersName[]
Definition SanitizerCoverage.cpp:70
SanCovTracePCGuardInitName
const char SanCovTracePCGuardInitName[]
Definition SanitizerCoverage.cpp:76
ClCollectCF
static cl::opt< bool > ClCollectCF("sanitizer-coverage-control-flow", cl::desc("collect control flow for each function"), cl::Hidden)
SanCovTraceDiv4
const char SanCovTraceDiv4[]
Definition SanitizerCoverage.cpp:64
SanCtorAndDtorPriority
static const uint64_t SanCtorAndDtorPriority
Definition SanitizerCoverage.cpp:73
SanCovBoolFlagInitName
const char SanCovBoolFlagInitName[]
Definition SanitizerCoverage.cpp:78
ClGatedCallbacks
static cl::opt< bool > ClGatedCallbacks("sanitizer-coverage-gated-trace-callbacks", cl::desc("Gate the invocation of the tracing callbacks on a global variable" ". Currently only supported for trace-pc-guard and trace-cmp."), cl::Hidden, cl::init(false))
SanCovTraceGep
const char SanCovTraceGep[]
Definition SanitizerCoverage.cpp:66
SanCovLoad16
const char SanCovLoad16[]
Definition SanitizerCoverage.cpp:58
SanCovTraceConstCmp8
const char SanCovTraceConstCmp8[]
Definition SanitizerCoverage.cpp:53
SanCovGuardsSectionName
const char SanCovGuardsSectionName[]
Definition SanitizerCoverage.cpp:82
SanCovStore1
const char SanCovStore1[]
Definition SanitizerCoverage.cpp:59
SanCovTraceConstCmp2
const char SanCovTraceConstCmp2[]
Definition SanitizerCoverage.cpp:51
SanCovTraceConstCmp1
const char SanCovTraceConstCmp1[]
Definition SanitizerCoverage.cpp:50
IsBackEdge
static bool IsBackEdge(BasicBlock *From, BasicBlock *To, const DominatorTree &DT)
Definition SanitizerCoverage.cpp:630
ClStoreTracing
static cl::opt< bool > ClStoreTracing("sanitizer-coverage-trace-stores", cl::desc("Tracing of store instructions"), cl::Hidden)
SanCovCallbackGateName
const char SanCovCallbackGateName[]
Definition SanitizerCoverage.cpp:91
ClTracePCGuard
static cl::opt< bool > ClTracePCGuard("sanitizer-coverage-trace-pc-guard", cl::desc("pc tracing with a guard"), cl::Hidden)
SanCovTraceDiv8
const char SanCovTraceDiv8[]
Definition SanitizerCoverage.cpp:65
SanCovLoad4
const char SanCovLoad4[]
Definition SanitizerCoverage.cpp:56
ClGEPTracing
static cl::opt< bool > ClGEPTracing("sanitizer-coverage-trace-geps", cl::desc("Tracing of GEP instructions"), cl::Hidden)
SanCovStackDepthCallbackName
const char SanCovStackDepthCallbackName[]
Definition SanitizerCoverage.cpp:89
SanCovCFsInitName
const char SanCovCFsInitName[]
Definition SanitizerCoverage.cpp:80
ClTracePC
static cl::opt< bool > ClTracePC("sanitizer-coverage-trace-pc", cl::desc("Experimental pc tracing"), cl::Hidden)
SanCovStore2
const char SanCovStore2[]
Definition SanitizerCoverage.cpp:60
ClPruneBlocks
static cl::opt< bool > ClPruneBlocks("sanitizer-coverage-prune-blocks", cl::desc("Reduce the number of instrumented blocks"), cl::Hidden, cl::init(true))
SanCovPCsSectionName
const char SanCovPCsSectionName[]
Definition SanitizerCoverage.cpp:85
SanCovLoad1
const char SanCovLoad1[]
Definition SanitizerCoverage.cpp:54
isFullDominator
static bool isFullDominator(const BasicBlock *BB, const DominatorTree &DT)
Definition SanitizerCoverage.cpp:576
ClCMPTracing
static cl::opt< bool > ClCMPTracing("sanitizer-coverage-trace-compares", cl::desc("Tracing of CMP and similar instructions"), cl::Hidden)
SanCovTraceCmp8
const char SanCovTraceCmp8[]
Definition SanitizerCoverage.cpp:49
SanCovCallbackGateSectionName
const char SanCovCallbackGateSectionName[]
Definition SanitizerCoverage.cpp:87
SanCovStore16
const char SanCovStore16[]
Definition SanitizerCoverage.cpp:63
IsInterestingCmp
static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree &DT, const SanitizerCoverageOptions &Options)
Definition SanitizerCoverage.cpp:645
ClDIVTracing
static cl::opt< bool > ClDIVTracing("sanitizer-coverage-trace-divs", cl::desc("Tracing of DIV instructions"), cl::Hidden)
ClInline8bitCounters
static cl::opt< bool > ClInline8bitCounters("sanitizer-coverage-inline-8bit-counters", cl::desc("increments 8-bit counter for every edge"), cl::Hidden)
shouldInstrumentBlock
static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, const DominatorTree &DT, const PostDominatorTree &PDT, const SanitizerCoverageOptions &Options)
Definition SanitizerCoverage.cpp:596
SanCovModuleCtorBoolFlagName
const char SanCovModuleCtorBoolFlagName[]
Definition SanitizerCoverage.cpp:72
SanCovTraceCmp2
const char SanCovTraceCmp2[]
Definition SanitizerCoverage.cpp:47
SanCovStore8
const char SanCovStore8[]
Definition SanitizerCoverage.cpp:62
SanCovTracePCName
const char SanCovTracePCName[]
Definition SanitizerCoverage.cpp:45
SanCovStore4
const char SanCovStore4[]
Definition SanitizerCoverage.cpp:61
SanCovLoad2
const char SanCovLoad2[]
Definition SanitizerCoverage.cpp:55
SanCovTraceCmp4
const char SanCovTraceCmp4[]
Definition SanitizerCoverage.cpp:48
SanCovLowestStackName
const char SanCovLowestStackName[]
Definition SanitizerCoverage.cpp:90
SanCovTracePCIndirName
const char SanCovTracePCIndirName[]
Definition SanitizerCoverage.cpp:44
SmallVector.h
This file defines the SmallVector class.
VirtualFileSystem.h
Defines the virtual file system interface vfs::FileSystem.
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition ArrayRef.h:41
llvm::ArrayRef::size
size_t size() const
size - Get the array size.
Definition ArrayRef.h:147
llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition ArrayRef.h:142
llvm::ArrayType
Class to represent array types.
Definition DerivedTypes.h:398
llvm::ArrayType::get
static LLVM_ABI ArrayType * get(Type *ElementType, uint64_t NumElements)
This static method is the primary way to construct an ArrayType.
llvm::BasicBlock
LLVM Basic Block Representation.
Definition BasicBlock.h:62
llvm::BasicBlock::end
iterator end()
Definition BasicBlock.h:472
llvm::BasicBlock::getFirstInsertionPt
LLVM_ABI const_iterator getFirstInsertionPt() const
Returns an iterator to the first instruction in this block that is suitable for inserting a non-PHI i...
Definition BasicBlock.cpp:393
llvm::BasicBlock::getUniqueSuccessor
LLVM_ABI const BasicBlock * getUniqueSuccessor() const
Return the successor of this block if it has a unique successor.
Definition BasicBlock.cpp:475
llvm::BasicBlock::getSinglePredecessor
LLVM_ABI const BasicBlock * getSinglePredecessor() const
Return the predecessor of this block if it has a single predecessor block.
Definition BasicBlock.cpp:437
llvm::BasicBlock::iterator
InstListType::iterator iterator
Instruction iterators...
Definition BasicBlock.h:170
llvm::BasicBlock::getFirstNonPHIOrDbgOrLifetime
LLVM_ABI InstListType::const_iterator getFirstNonPHIOrDbgOrLifetime(bool SkipPseudoOp=true) const
Returns a pointer to the first instruction in this block that is not a PHINode, a debug intrinsic,...
Definition BasicBlock.cpp:372
llvm::BasicBlock::getTerminator
const Instruction * getTerminator() const LLVM_READONLY
Returns the terminator instruction if the block is well formed or null if the block is not well forme...
Definition BasicBlock.h:233
llvm::BlockAddress::get
static LLVM_ABI BlockAddress * get(Function *F, BasicBlock *BB)
Return a BlockAddress for the specified function and basic block.
Definition Constants.cpp:1914
llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition InstrTypes.h:1114
llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation or the function signa...
Definition InstrTypes.h:1346
llvm::CallBase::isIndirectCall
LLVM_ABI bool isIndirectCall() const
Return true if the callsite is an indirect call.
Definition Instructions.cpp:335
llvm::CallBase::setCannotMerge
void setCannotMerge()
Definition InstrTypes.h:1962
llvm::CallBase::getCalledOperand
Value * getCalledOperand() const
Definition InstrTypes.h:1338
llvm::ConstantArray::get
static LLVM_ABI Constant * get(ArrayType *T, ArrayRef< Constant * > V)
Definition Constants.cpp:1317
llvm::ConstantInt
This is the shared class of boolean and integer constants.
Definition Constants.h:87
llvm::ConstantInt::getTrue
static LLVM_ABI ConstantInt * getTrue(LLVMContext &Context)
Definition Constants.cpp:871
llvm::Constant
This is an important base class in LLVM.
Definition Constant.h:43
llvm::Constant::getAllOnesValue
static LLVM_ABI Constant * getAllOnesValue(Type *Ty)
Definition Constants.cpp:420
llvm::Constant::getNullValue
static LLVM_ABI Constant * getNullValue(Type *Ty)
Constructor to create a '0' constant of arbitrary type.
Definition Constants.cpp:373
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition DataLayout.h:63
llvm::DebugLoc
A debug info location.
Definition DebugLoc.h:124
llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition Dominators.h:284
llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition Dominators.h:165
llvm::DominatorTree::dominates
LLVM_ABI bool dominates(const BasicBlock *BB, const Use &U) const
Return true if the (end of the) basic block BB dominates the use U.
Definition Dominators.cpp:135
llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition DerivedTypes.h:170
llvm::Function::getEntryBlock
const BasicBlock & getEntryBlock() const
Definition Function.h:807
llvm::GetElementPtrInst
an instruction for type-safe pointer arithmetic to access elements of arrays and structs
Definition Instructions.h:950
llvm::GlobalObject::setComdat
LLVM_ABI void setComdat(Comdat *C)
Definition Globals.cpp:214
llvm::GlobalValue::setLinkage
void setLinkage(LinkageTypes LT)
Definition GlobalValue.h:539
llvm::GlobalValue::HiddenVisibility
@ HiddenVisibility
The GV is hidden.
Definition GlobalValue.h:69
llvm::GlobalValue::setVisibility
void setVisibility(VisibilityTypes V)
Definition GlobalValue.h:256
llvm::GlobalValue::LinkageTypes
LinkageTypes
An enumeration for the kinds of linkage for global values.
Definition GlobalValue.h:52
llvm::GlobalValue::PrivateLinkage
@ PrivateLinkage
Like Internal, but omit from symbol table.
Definition GlobalValue.h:61
llvm::GlobalValue::InternalLinkage
@ InternalLinkage
Rename collisions when linking (static functions).
Definition GlobalValue.h:60
llvm::GlobalValue::LinkOnceAnyLinkage
@ LinkOnceAnyLinkage
Keep one copy of function when linking (inline)
Definition GlobalValue.h:55
llvm::GlobalValue::WeakODRLinkage
@ WeakODRLinkage
Same, but only replaced by something equivalent.
Definition GlobalValue.h:58
llvm::GlobalValue::ExternalLinkage
@ ExternalLinkage
Externally visible function.
Definition GlobalValue.h:53
llvm::GlobalValue::AvailableExternallyLinkage
@ AvailableExternallyLinkage
Available for inspection, not emission.
Definition GlobalValue.h:54
llvm::GlobalValue::ExternalWeakLinkage
@ ExternalWeakLinkage
ExternalWeak linkage description.
Definition GlobalValue.h:62
llvm::GlobalsAA
Analysis pass providing a never-invalidated alias analysis result.
Definition GlobalsModRef.h:131
llvm::ICmpInst
This instruction compares its operands according to the predicate given to the constructor.
Definition Instructions.h:1178
llvm::IRBuilderBase::CreateICmpULT
Value * CreateICmpULT(Value *LHS, Value *RHS, const Twine &Name="")
Definition IRBuilder.h:2348
llvm::IRBuilderBase::CreatePointerCast
Value * CreatePointerCast(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2254
llvm::IRBuilderBase::CreateIntToPtr
Value * CreateIntToPtr(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2202
llvm::IRBuilderBase::SetCurrentDebugLocation
void SetCurrentDebugLocation(DebugLoc L)
Set location information used by debugging information.
Definition IRBuilder.h:247
llvm::IRBuilderBase::CreateGEP
Value * CreateGEP(Type *Ty, Value *Ptr, ArrayRef< Value * > IdxList, const Twine &Name="", GEPNoWrapFlags NW=GEPNoWrapFlags::none())
Definition IRBuilder.h:1926
llvm::IRBuilderBase::CreateIntrinsic
LLVM_ABI CallInst * CreateIntrinsic(Intrinsic::ID ID, ArrayRef< Type * > Types, ArrayRef< Value * > Args, FMFSource FMFSource={}, const Twine &Name="")
Create a call to intrinsic ID with Args, mangled using Types.
Definition IRBuilder.cpp:845
llvm::IRBuilderBase::CreateLoad
LoadInst * CreateLoad(Type *Ty, Value *Ptr, const char *Name)
Provided to resolve 'CreateLoad(Ty, Ptr, "...")' correctly, instead of converting the string to 'bool...
Definition IRBuilder.h:1850
llvm::IRBuilderBase::getContext
LLVMContext & getContext() const
Definition IRBuilder.h:203
llvm::IRBuilderBase::CreateConstInBoundsGEP2_64
Value * CreateConstInBoundsGEP2_64(Type *Ty, Value *Ptr, uint64_t Idx0, uint64_t Idx1, const Twine &Name="")
Definition IRBuilder.h:2019
llvm::IRBuilderBase::CreateStore
StoreInst * CreateStore(Value *Val, Value *Ptr, bool isVolatile=false)
Definition IRBuilder.h:1863
llvm::IRBuilderBase::CreateAdd
Value * CreateAdd(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition IRBuilder.h:1403
llvm::IRBuilderBase::CreatePtrToInt
Value * CreatePtrToInt(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2197
llvm::IRBuilderBase::CreateIsNotNull
Value * CreateIsNotNull(Value *Arg, const Twine &Name="")
Return a boolean value testing if Arg != 0.
Definition IRBuilder.h:2659
llvm::IRBuilderBase::CreateCall
CallInst * CreateCall(FunctionType *FTy, Value *Callee, ArrayRef< Value * > Args={}, const Twine &Name="", MDNode *FPMathTag=nullptr)
Definition IRBuilder.h:2511
llvm::IRBuilderBase::getPtrTy
PointerType * getPtrTy(unsigned AddrSpace=0)
Fetch the type representing a pointer.
Definition IRBuilder.h:605
llvm::IRBuilderBase::CreateIntCast
Value * CreateIntCast(Value *V, Type *DestTy, bool isSigned, const Twine &Name="")
Definition IRBuilder.h:2280
llvm::IRBuilderBase::CreateIsNull
Value * CreateIsNull(Value *Arg, const Twine &Name="")
Return a boolean value testing if Arg == 0.
Definition IRBuilder.h:2654
llvm::IRBuilderBase::SetInsertPoint
void SetInsertPoint(BasicBlock *TheBB)
This specifies that created instructions should be appended to the end of the specified block.
Definition IRBuilder.h:207
llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition IRBuilder.h:2788
llvm::Instruction::setDebugLoc
void setDebugLoc(DebugLoc Loc)
Set the debug location information for this instruction.
Definition Instruction.h:510
llvm::IntrusiveRefCntPtr
A smart pointer to a reference-counted object that inherits from RefCountedBase or ThreadSafeRefCount...
Definition IntrusiveRefCntPtr.h:173
llvm::LoadInst
An instruction for reading from memory.
Definition Instructions.h:181
llvm::MDBuilder::createBranchWeights
LLVM_ABI MDNode * createBranchWeights(uint32_t TrueWeight, uint32_t FalseWeight, bool IsExpected=false)
Return metadata containing two branch weights.
Definition MDBuilder.cpp:38
llvm::MDBuilder::createUnlikelyBranchWeights
LLVM_ABI MDNode * createUnlikelyBranchWeights()
Return metadata containing two branch weights, with significant bias towards false destination.
Definition MDBuilder.cpp:48
llvm::MDNode::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition Metadata.h:1569
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition Module.h:67
llvm::PointerType::getUnqual
static PointerType * getUnqual(Type *ElementType)
This constructs a pointer to an object of the specified type in the default address space (address sp...
Definition DerivedTypes.h:722
llvm::PostDominatorTreeAnalysis
Analysis pass which computes a PostDominatorTree.
Definition PostDominators.h:49
llvm::PostDominatorTree
PostDominatorTree Class - Concrete subclass of DominatorTree that is used to compute the post-dominat...
Definition PostDominators.h:29
llvm::PostDominatorTree::dominates
LLVM_ABI bool dominates(const Instruction *I1, const Instruction *I2) const
Return true if I1 dominates I2.
Definition PostDominators.cpp:52
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition Analysis.h:112
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition Analysis.h:115
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition Analysis.h:118
llvm::PreservedAnalyses::abandon
PreservedAnalyses & abandon()
Mark an analysis as abandoned.
Definition Analysis.h:171
llvm::SanitizerCoveragePass::run
LLVM_ABI PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition SanitizerCoverage.cpp:333
llvm::SanitizerCoveragePass::SanitizerCoveragePass
SanitizerCoveragePass(SanitizerCoverageOptions Options=SanitizerCoverageOptions(), IntrusiveRefCntPtr< vfs::FileSystem > VFS=nullptr, const std::vector< std::string > &AllowlistFiles={}, const std::vector< std::string > &BlocklistFiles={})
Definition SanitizerCoverage.cpp:321
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition SmallVector.h:417
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition SmallVector.h:1203
llvm::SpecialCaseList::createOrDie
static LLVM_ABI std::unique_ptr< SpecialCaseList > createOrDie(const std::vector< std::string > &Paths, llvm::vfs::FileSystem &FS)
Parses the special case list entries from files.
Definition SpecialCaseList.cpp:199
llvm::StoreInst
An instruction for storing to memory.
Definition Instructions.h:297
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition StringRef.h:55
llvm::SwitchInst
Multiway switch.
Definition Instructions.h:3196
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition Type.h:45
llvm::Type::getVoidTy
static LLVM_ABI Type * getVoidTy(LLVMContext &C)
Definition Type.cpp:281
llvm::Type::isIntegerTy
bool isIntegerTy() const
True if this is an instance of IntegerType.
Definition Type.h:240
llvm::Type::getIntNTy
static LLVM_ABI IntegerType * getIntNTy(LLVMContext &C, unsigned N)
Definition Type.cpp:301
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition Use.h:35
llvm::Value
LLVM Value Representation.
Definition Value.h:75
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition Value.h:256
llvm::Value::getName
LLVM_ABI StringRef getName() const
Return a constant reference to the value's name.
Definition Value.cpp:322
llvm::ilist_node_with_parent::getNextNode
NodeTy * getNextNode()
Get the next node, or nullptr for the list tail.
Definition ilist_node.h:348
uint64_t
Call
CallInst * Call
Definition ObjCARCOpts.cpp:2359
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition CallingConv.h:34
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition CommandLine.h:445
llvm::dwarf_linker::getSectionName
static constexpr const StringLiteral & getSectionName(DebugSectionKind SectionKind)
Return the name of the section.
Definition DWARFLinkerBase.h:67
llvm::sandboxir::Instruction
friend class Instruction
Iterator for Instructions in a `BasicBlock.
Definition BasicBlock.h:73
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition AddressRanges.h:18
llvm::drop_begin
auto drop_begin(T &&RangeOrContainer, size_t N=1)
Return a range covering RangeOrContainer with the first N elements excluded.
Definition STLExtras.h:316
llvm::Value
FunctionAddr VTableAddr Value
Definition InstrProf.h:137
llvm::all_of
bool all_of(R &&range, UnaryPredicate P)
Provide wrappers to std::all_of which take ranges instead of having to pass begin/end explicitly.
Definition STLExtras.h:1725
llvm::succ_empty
bool succ_empty(const Instruction *I)
Definition CFG.h:257
llvm::dyn_cast
decltype(auto) dyn_cast(const From &Val)
dyn_cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:643
llvm::Int32Ty
FunctionAddr VTableAddr uintptr_t uintptr_t Int32Ty
Definition InstrProf.h:296
llvm::successors
auto successors(const MachineBasicBlock *BB)
Definition MachineBasicBlock.h:1437
llvm::FunctionAnalysisManagerModuleProxy
InnerAnalysisManagerProxy< FunctionAnalysisManager, Module > FunctionAnalysisManagerModuleProxy
Provide the FunctionAnalysisManager to Module proxy.
Definition PassManager.h:671
llvm::declareSanitizerInitFunction
LLVM_ABI FunctionCallee declareSanitizerInitFunction(Module &M, StringRef InitName, ArrayRef< Type * > InitArgTypes, bool Weak=false)
Definition ModuleUtils.cpp:224
llvm::createSanitizerCtorAndInitFunctions
LLVM_ABI std::pair< Function *, FunctionCallee > createSanitizerCtorAndInitFunctions(Module &M, StringRef CtorName, StringRef InitName, ArrayRef< Type * > InitArgTypes, ArrayRef< Value * > InitArgs, StringRef VersionCheckName=StringRef(), bool Weak=false)
Creates sanitizer constructor function, and calls sanitizer's init function from it.
Definition ModuleUtils.cpp:251
llvm::sort
void sort(IteratorTy Start, IteratorTy End)
Definition STLExtras.h:1622
llvm::classifyEHPersonality
LLVM_ABI EHPersonality classifyEHPersonality(const Value *Pers)
See if the given exception handling personality function is one that we understand.
Definition EHPersonalities.cpp:23
llvm::SmallVector
class LLVM_GSL_OWNER SmallVector
Forward declaration of SmallVector so that calculateSmallVectorDefaultInlinedElements can reference s...
Definition SmallVector.h:1129
llvm::getOrCreateFunctionComdat
LLVM_ABI Comdat * getOrCreateFunctionComdat(Function &F, Triple &T)
Definition Instrumentation.cpp:96
llvm::isa
bool isa(const From &Val)
isa<X> - Return true if the parameter to the template is an instance of one of the template type argu...
Definition Casting.h:547
llvm::IRBuilder
IRBuilder(LLVMContext &, FolderTy, InserterTy, MDNode *, ArrayRef< OperandBundleDef >) -> IRBuilder< FolderTy, InserterTy >
llvm::appendToCompilerUsed
LLVM_ABI void appendToCompilerUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.compiler.used list.
Definition ModuleUtils.cpp:162
llvm::Next
FunctionAddr VTableAddr Next
Definition InstrProf.h:141
llvm::ArrayRef
ArrayRef(const T &OneElt) -> ArrayRef< T >
llvm::isAsynchronousEHPersonality
bool isAsynchronousEHPersonality(EHPersonality Pers)
Returns true if this personality function catches asynchronous exceptions.
Definition EHPersonalities.h:51
llvm::move
OutputIt move(R &&Range, OutputIt Out)
Provide wrappers to std::move which take ranges instead of having to pass begin/end explicitly.
Definition STLExtras.h:1867
llvm::appendToGlobalCtors
LLVM_ABI void appendToGlobalCtors(Module &M, Function *F, int Priority, Constant *Data=nullptr)
Append F to the list of global ctors of module M with the given Priority.
Definition ModuleUtils.cpp:74
llvm::cast
decltype(auto) cast(const From &Val)
cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:559
llvm::predecessors
auto predecessors(const MachineBasicBlock *BB)
Definition MachineBasicBlock.h:1438
llvm::pred_empty
bool pred_empty(const BasicBlock *BB)
Definition CFG.h:119
llvm::PrepareToSplitEntryBlock
LLVM_ABI BasicBlock::iterator PrepareToSplitEntryBlock(BasicBlock &BB, BasicBlock::iterator IP)
Instrumentation passes often insert conditional checks into entry blocks.
Definition Instrumentation.cpp:61
llvm::SplitBlockAndInsertIfThen
LLVM_ABI Instruction * SplitBlockAndInsertIfThen(Value *Cond, BasicBlock::iterator SplitBefore, bool Unreachable, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition BasicBlockUtils.cpp:1486
llvm::appendToUsed
LLVM_ABI void appendToUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.used list.
Definition ModuleUtils.cpp:158
llvm::ModuleAnalysisManager
AnalysisManager< Module > ModuleAnalysisManager
Convenience typedef for the Module analysis manager.
Definition MIRParser.h:39
std
Implement std::hash so that hash_code can be used in STL containers.
Definition BitVector.h:867
std::swap
void swap(llvm::BitVector &LHS, llvm::BitVector &RHS)
Implement std::swap in terms of BitVector swap.
Definition BitVector.h:869
N
#define N
llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition Alignment.h:39
llvm::CriticalEdgeSplittingOptions
Option class for critical edge splitting.
Definition BasicBlockUtils.h:150
llvm::SanitizerCoverageOptions::CoverageType
enum llvm::SanitizerCoverageOptions::Type CoverageType
Generated on for LLVM by doxygen 1.14.0