]>
Commit | Line | Data |
---|---|---|
b667dd70 | 1 | //===-- sanitizer_coverage_fuchsia.cpp ------------------------------------===// |
5d3805fc | 2 | // |
b667dd70 ML |
3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
4 | // See https://llvm.org/LICENSE.txt for license information. | |
5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | |
5d3805fc | 6 | // |
eac97531 | 7 | //===----------------------------------------------------------------------===// |
5d3805fc JJ |
8 | // |
9 | // Sanitizer Coverage Controller for Trace PC Guard, Fuchsia-specific version. | |
10 | // | |
11 | // This Fuchsia-specific implementation uses the same basic scheme and the | |
12 | // same simple '.sancov' file format as the generic implementation. The | |
13 | // difference is that we just produce a single blob of output for the whole | |
14 | // program, not a separate one per DSO. We do not sort the PC table and do | |
15 | // not prune the zeros, so the resulting file is always as large as it | |
16 | // would be to report 100% coverage. Implicit tracing information about | |
17 | // the address ranges of DSOs allows offline tools to split the one big | |
18 | // blob into separate files that the 'sancov' tool can understand. | |
19 | // | |
20 | // Unlike the traditional implementation that uses an atexit hook to write | |
21 | // out data files at the end, the results on Fuchsia do not go into a file | |
22 | // per se. The 'coverage_dir' option is ignored. Instead, they are stored | |
23 | // directly into a shared memory object (a Zircon VMO). At exit, that VMO | |
24 | // is handed over to a system service that's responsible for getting the | |
25 | // data out to somewhere that it can be fed into the sancov tool (where and | |
26 | // how is not our problem). | |
27 | ||
28 | #include "sanitizer_platform.h" | |
29 | #if SANITIZER_FUCHSIA | |
3c6331c2 ML |
30 | #include <zircon/process.h> |
31 | #include <zircon/sanitizer.h> | |
32 | #include <zircon/syscalls.h> | |
33 | ||
5d3805fc JJ |
34 | #include "sanitizer_atomic.h" |
35 | #include "sanitizer_common.h" | |
36 | #include "sanitizer_internal_defs.h" | |
b667dd70 | 37 | #include "sanitizer_symbolizer_fuchsia.h" |
5d3805fc | 38 | |
3ca75cd5 | 39 | using namespace __sanitizer; |
5d3805fc JJ |
40 | |
41 | namespace __sancov { | |
42 | namespace { | |
43 | ||
44 | // TODO(mcgrathr): Move the constant into a header shared with other impls. | |
45 | constexpr u64 Magic64 = 0xC0BFFFFFFFFFFF64ULL; | |
46 | static_assert(SANITIZER_WORDSIZE == 64, "Fuchsia is always LP64"); | |
47 | ||
48 | constexpr const char kSancovSinkName[] = "sancov"; | |
49 | ||
50 | // Collects trace-pc guard coverage. | |
51 | // This class relies on zero-initialization. | |
eac97531 | 52 | class TracePcGuardController final { |
5d3805fc JJ |
53 | public: |
54 | // For each PC location being tracked, there is a u32 reserved in global | |
55 | // data called the "guard". At startup, we assign each guard slot a | |
56 | // unique index into the big results array. Later during runtime, the | |
57 | // first call to TracePcGuard (below) will store the corresponding PC at | |
58 | // that index in the array. (Each later call with the same guard slot is | |
59 | // presumed to be from the same PC.) Then it clears the guard slot back | |
60 | // to zero, which tells the compiler not to bother calling in again. At | |
61 | // the end of the run, we have a big array where each element is either | |
62 | // zero or is a tracked PC location that was hit in the trace. | |
63 | ||
64 | // This is called from global constructors. Each translation unit has a | |
65 | // contiguous array of guard slots, and a constructor that calls here | |
66 | // with the bounds of its array. Those constructors are allowed to call | |
67 | // here more than once for the same array. Usually all of these | |
68 | // constructors run in the initial thread, but it's possible that a | |
69 | // dlopen call on a secondary thread will run constructors that get here. | |
70 | void InitTracePcGuard(u32 *start, u32 *end) { | |
71 | if (end > start && *start == 0 && common_flags()->coverage) { | |
72 | // Complete the setup before filling in any guards with indices. | |
73 | // This avoids the possibility of code called from Setup reentering | |
74 | // TracePcGuard. | |
75 | u32 idx = Setup(end - start); | |
76 | for (u32 *p = start; p < end; ++p) { | |
77 | *p = idx++; | |
78 | } | |
79 | } | |
80 | } | |
81 | ||
82 | void TracePcGuard(u32 *guard, uptr pc) { | |
83 | atomic_uint32_t *guard_ptr = reinterpret_cast<atomic_uint32_t *>(guard); | |
84 | u32 idx = atomic_exchange(guard_ptr, 0, memory_order_relaxed); | |
3c6331c2 ML |
85 | if (idx > 0) |
86 | array_[idx] = pc; | |
5d3805fc JJ |
87 | } |
88 | ||
89 | void Dump() { | |
90 | BlockingMutexLock locked(&setup_lock_); | |
91 | if (array_) { | |
92 | CHECK_NE(vmo_, ZX_HANDLE_INVALID); | |
93 | ||
94 | // Publish the VMO to the system, where it can be collected and | |
95 | // analyzed after this process exits. This always consumes the VMO | |
96 | // handle. Any failure is just logged and not indicated to us. | |
97 | __sanitizer_publish_data(kSancovSinkName, vmo_); | |
98 | vmo_ = ZX_HANDLE_INVALID; | |
99 | ||
100 | // This will route to __sanitizer_log_write, which will ensure that | |
101 | // information about shared libraries is written out. This message | |
102 | // uses the `dumpfile` symbolizer markup element to highlight the | |
103 | // dump. See the explanation for this in: | |
104 | // https://fuchsia.googlesource.com/zircon/+/master/docs/symbolizer_markup.md | |
b667dd70 | 105 | Printf("SanitizerCoverage: " FORMAT_DUMPFILE " with up to %u PCs\n", |
5d3805fc JJ |
106 | kSancovSinkName, vmo_name_, next_index_ - 1); |
107 | } | |
108 | } | |
109 | ||
110 | private: | |
111 | // We map in the largest possible view into the VMO: one word | |
112 | // for every possible 32-bit index value. This avoids the need | |
113 | // to change the mapping when increasing the size of the VMO. | |
114 | // We can always spare the 32G of address space. | |
115 | static constexpr size_t MappingSize = sizeof(uptr) << 32; | |
116 | ||
eac97531 ML |
117 | BlockingMutex setup_lock_ = BlockingMutex(LINKER_INITIALIZED); |
118 | uptr *array_ = nullptr; | |
119 | u32 next_index_ = 0; | |
120 | zx_handle_t vmo_ = {}; | |
121 | char vmo_name_[ZX_MAX_NAME_LEN] = {}; | |
5d3805fc JJ |
122 | |
123 | size_t DataSize() const { return next_index_ * sizeof(uintptr_t); } | |
124 | ||
125 | u32 Setup(u32 num_guards) { | |
126 | BlockingMutexLock locked(&setup_lock_); | |
127 | DCHECK(common_flags()->coverage); | |
128 | ||
129 | if (next_index_ == 0) { | |
130 | CHECK_EQ(vmo_, ZX_HANDLE_INVALID); | |
131 | CHECK_EQ(array_, nullptr); | |
132 | ||
133 | // The first sample goes at [1] to reserve [0] for the magic number. | |
134 | next_index_ = 1 + num_guards; | |
135 | ||
b667dd70 | 136 | zx_status_t status = _zx_vmo_create(DataSize(), ZX_VMO_RESIZABLE, &vmo_); |
5d3805fc JJ |
137 | CHECK_EQ(status, ZX_OK); |
138 | ||
139 | // Give the VMO a name including our process KOID so it's easy to spot. | |
140 | internal_snprintf(vmo_name_, sizeof(vmo_name_), "%s.%zu", kSancovSinkName, | |
141 | internal_getpid()); | |
142 | _zx_object_set_property(vmo_, ZX_PROP_NAME, vmo_name_, | |
143 | internal_strlen(vmo_name_)); | |
3c6331c2 ML |
144 | uint64_t size = DataSize(); |
145 | status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size, | |
146 | sizeof(size)); | |
147 | CHECK_EQ(status, ZX_OK); | |
5d3805fc JJ |
148 | |
149 | // Map the largest possible view we might need into the VMO. Later | |
150 | // we might need to increase the VMO's size before we can use larger | |
151 | // indices, but we'll never move the mapping address so we don't have | |
152 | // any multi-thread synchronization issues with that. | |
153 | uintptr_t mapping; | |
154 | status = | |
eac97531 ML |
155 | _zx_vmar_map(_zx_vmar_root_self(), ZX_VM_PERM_READ | ZX_VM_PERM_WRITE, |
156 | 0, vmo_, 0, MappingSize, &mapping); | |
5d3805fc JJ |
157 | CHECK_EQ(status, ZX_OK); |
158 | ||
159 | // Hereafter other threads are free to start storing into | |
160 | // elements [1, next_index_) of the big array. | |
161 | array_ = reinterpret_cast<uptr *>(mapping); | |
162 | ||
163 | // Store the magic number. | |
164 | // Hereafter, the VMO serves as the contents of the '.sancov' file. | |
165 | array_[0] = Magic64; | |
166 | ||
167 | return 1; | |
168 | } else { | |
169 | // The VMO is already mapped in, but it's not big enough to use the | |
170 | // new indices. So increase the size to cover the new maximum index. | |
171 | ||
172 | CHECK_NE(vmo_, ZX_HANDLE_INVALID); | |
173 | CHECK_NE(array_, nullptr); | |
174 | ||
175 | uint32_t first_index = next_index_; | |
176 | next_index_ += num_guards; | |
177 | ||
178 | zx_status_t status = _zx_vmo_set_size(vmo_, DataSize()); | |
179 | CHECK_EQ(status, ZX_OK); | |
3c6331c2 ML |
180 | uint64_t size = DataSize(); |
181 | status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size, | |
182 | sizeof(size)); | |
183 | CHECK_EQ(status, ZX_OK); | |
5d3805fc JJ |
184 | |
185 | return first_index; | |
186 | } | |
187 | } | |
188 | }; | |
189 | ||
190 | static TracePcGuardController pc_guard_controller; | |
191 | ||
192 | } // namespace | |
193 | } // namespace __sancov | |
194 | ||
195 | namespace __sanitizer { | |
196 | void InitializeCoverage(bool enabled, const char *dir) { | |
197 | CHECK_EQ(enabled, common_flags()->coverage); | |
198 | CHECK_EQ(dir, common_flags()->coverage_dir); | |
199 | ||
200 | static bool coverage_enabled = false; | |
201 | if (!coverage_enabled) { | |
202 | coverage_enabled = enabled; | |
203 | Atexit(__sanitizer_cov_dump); | |
204 | AddDieCallback(__sanitizer_cov_dump); | |
205 | } | |
206 | } | |
207 | } // namespace __sanitizer | |
208 | ||
209 | extern "C" { | |
3ca75cd5 ML |
210 | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr *pcs, |
211 | uptr len) { | |
5d3805fc JJ |
212 | UNIMPLEMENTED(); |
213 | } | |
214 | ||
215 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *guard) { | |
3c6331c2 ML |
216 | if (!*guard) |
217 | return; | |
5d3805fc JJ |
218 | __sancov::pc_guard_controller.TracePcGuard(guard, GET_CALLER_PC() - 1); |
219 | } | |
220 | ||
221 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init, | |
222 | u32 *start, u32 *end) { | |
3c6331c2 ML |
223 | if (start == end || *start) |
224 | return; | |
5d3805fc JJ |
225 | __sancov::pc_guard_controller.InitTracePcGuard(start, end); |
226 | } | |
227 | ||
228 | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_coverage() { | |
229 | __sancov::pc_guard_controller.Dump(); | |
230 | } | |
231 | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() { | |
232 | __sanitizer_dump_trace_pc_guard_coverage(); | |
233 | } | |
234 | // Default empty implementations (weak). Users should redefine them. | |
235 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {} | |
236 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {} | |
237 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {} | |
238 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {} | |
239 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {} | |
240 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, void) {} | |
241 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, void) {} | |
242 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, void) {} | |
243 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, void) {} | |
244 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {} | |
245 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {} | |
246 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {} | |
247 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {} | |
248 | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {} | |
249 | } // extern "C" | |
250 | ||
251 | #endif // !SANITIZER_FUCHSIA |