[thirdparty/gcc.git] / libsanitizer / sanitizer_common / sanitizer_coverage_fuchsia.cpp

//===-- sanitizer_coverage_fuchsia.cpp ------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// Sanitizer Coverage Controller for Trace PC Guard, Fuchsia-specific version.
//
// This Fuchsia-specific implementation uses the same basic scheme and the
// same simple '.sancov' file format as the generic implementation.  The
// difference is that we just produce a single blob of output for the whole
// program, not a separate one per DSO.  We do not sort the PC table and do
// not prune the zeros, so the resulting file is always as large as it
// would be to report 100% coverage.  Implicit tracing information about
// the address ranges of DSOs allows offline tools to split the one big
// blob into separate files that the 'sancov' tool can understand.
//
// Unlike the traditional implementation that uses an atexit hook to write
// out data files at the end, the results on Fuchsia do not go into a file
// per se.  The 'coverage_dir' option is ignored.  Instead, they are stored
// directly into a shared memory object (a Zircon VMO).  At exit, that VMO
// is handed over to a system service that's responsible for getting the
// data out to somewhere that it can be fed into the sancov tool (where and
// how is not our problem).

#include "sanitizer_platform.h"
#if SANITIZER_FUCHSIA
#include <zircon/process.h>
#include <zircon/sanitizer.h>
#include <zircon/syscalls.h>

#include "sanitizer_atomic.h"
#include "sanitizer_common.h"
#include "sanitizer_internal_defs.h"
#include "sanitizer_symbolizer_fuchsia.h"

using namespace __sanitizer;

namespace __sancov {
namespace {

// TODO(mcgrathr): Move the constant into a header shared with other impls.
constexpr u64 Magic64 = 0xC0BFFFFFFFFFFF64ULL;
static_assert(SANITIZER_WORDSIZE == 64, "Fuchsia is always LP64");

constexpr const char kSancovSinkName[] = "sancov";

// Collects trace-pc guard coverage.
// This class relies on zero-initialization.
class TracePcGuardController final {
 public:
  // For each PC location being tracked, there is a u32 reserved in global
  // data called the "guard".  At startup, we assign each guard slot a
  // unique index into the big results array.  Later during runtime, the
  // first call to TracePcGuard (below) will store the corresponding PC at
  // that index in the array.  (Each later call with the same guard slot is
  // presumed to be from the same PC.)  Then it clears the guard slot back
  // to zero, which tells the compiler not to bother calling in again.  At
  // the end of the run, we have a big array where each element is either
  // zero or is a tracked PC location that was hit in the trace.

  // This is called from global constructors.  Each translation unit has a
  // contiguous array of guard slots, and a constructor that calls here
  // with the bounds of its array.  Those constructors are allowed to call
  // here more than once for the same array.  Usually all of these
  // constructors run in the initial thread, but it's possible that a
  // dlopen call on a secondary thread will run constructors that get here.
  void InitTracePcGuard(u32 *start, u32 *end) {
    if (end > start && *start == 0 && common_flags()->coverage) {
      // Complete the setup before filling in any guards with indices.
      // This avoids the possibility of code called from Setup reentering
      // TracePcGuard.
      u32 idx = Setup(end - start);
      for (u32 *p = start; p < end; ++p) {
        *p = idx++;
      }
    }
  }

  void TracePcGuard(u32 *guard, uptr pc) {
    atomic_uint32_t *guard_ptr = reinterpret_cast<atomic_uint32_t *>(guard);
    u32 idx = atomic_exchange(guard_ptr, 0, memory_order_relaxed);
    if (idx > 0)
      array_[idx] = pc;
  }

  void Dump() {
    BlockingMutexLock locked(&setup_lock_);
    if (array_) {
      CHECK_NE(vmo_, ZX_HANDLE_INVALID);

      // Publish the VMO to the system, where it can be collected and
      // analyzed after this process exits.  This always consumes the VMO
      // handle.  Any failure is just logged and not indicated to us.
      __sanitizer_publish_data(kSancovSinkName, vmo_);
      vmo_ = ZX_HANDLE_INVALID;

      // This will route to __sanitizer_log_write, which will ensure that
      // information about shared libraries is written out.  This message
      // uses the `dumpfile` symbolizer markup element to highlight the
      // dump.  See the explanation for this in:
      // https://fuchsia.googlesource.com/zircon/+/master/docs/symbolizer_markup.md
      Printf("SanitizerCoverage: " FORMAT_DUMPFILE " with up to %u PCs\n",
             kSancovSinkName, vmo_name_, next_index_ - 1);
    }
  }

 private:
  // We map in the largest possible view into the VMO: one word
  // for every possible 32-bit index value.  This avoids the need
  // to change the mapping when increasing the size of the VMO.
  // We can always spare the 32G of address space.
  static constexpr size_t MappingSize = sizeof(uptr) << 32;

  BlockingMutex setup_lock_ = BlockingMutex(LINKER_INITIALIZED);
  uptr *array_ = nullptr;
  u32 next_index_ = 0;
  zx_handle_t vmo_ = {};
  char vmo_name_[ZX_MAX_NAME_LEN] = {};

  size_t DataSize() const { return next_index_ * sizeof(uintptr_t); }

  u32 Setup(u32 num_guards) {
    BlockingMutexLock locked(&setup_lock_);
    DCHECK(common_flags()->coverage);

    if (next_index_ == 0) {
      CHECK_EQ(vmo_, ZX_HANDLE_INVALID);
      CHECK_EQ(array_, nullptr);

      // The first sample goes at [1] to reserve [0] for the magic number.
      next_index_ = 1 + num_guards;

      zx_status_t status = _zx_vmo_create(DataSize(), ZX_VMO_RESIZABLE, &vmo_);
      CHECK_EQ(status, ZX_OK);

      // Give the VMO a name including our process KOID so it's easy to spot.
      internal_snprintf(vmo_name_, sizeof(vmo_name_), "%s.%zu", kSancovSinkName,
                        internal_getpid());
      _zx_object_set_property(vmo_, ZX_PROP_NAME, vmo_name_,
                              internal_strlen(vmo_name_));
      uint64_t size = DataSize();
      status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size,
                                       sizeof(size));
      CHECK_EQ(status, ZX_OK);

      // Map the largest possible view we might need into the VMO.  Later
      // we might need to increase the VMO's size before we can use larger
      // indices, but we'll never move the mapping address so we don't have
      // any multi-thread synchronization issues with that.
      uintptr_t mapping;
      status =
          _zx_vmar_map(_zx_vmar_root_self(), ZX_VM_PERM_READ | ZX_VM_PERM_WRITE,
                       0, vmo_, 0, MappingSize, &mapping);
      CHECK_EQ(status, ZX_OK);

      // Hereafter other threads are free to start storing into
      // elements [1, next_index_) of the big array.
      array_ = reinterpret_cast<uptr *>(mapping);

      // Store the magic number.
      // Hereafter, the VMO serves as the contents of the '.sancov' file.
      array_[0] = Magic64;

      return 1;
    } else {
      // The VMO is already mapped in, but it's not big enough to use the
      // new indices.  So increase the size to cover the new maximum index.

      CHECK_NE(vmo_, ZX_HANDLE_INVALID);
      CHECK_NE(array_, nullptr);

      uint32_t first_index = next_index_;
      next_index_ += num_guards;

      zx_status_t status = _zx_vmo_set_size(vmo_, DataSize());
      CHECK_EQ(status, ZX_OK);
      uint64_t size = DataSize();
      status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size,
                                       sizeof(size));
      CHECK_EQ(status, ZX_OK);

      return first_index;
    }
  }
};

static TracePcGuardController pc_guard_controller;

}  // namespace
}  // namespace __sancov

namespace __sanitizer {
void InitializeCoverage(bool enabled, const char *dir) {
  CHECK_EQ(enabled, common_flags()->coverage);
  CHECK_EQ(dir, common_flags()->coverage_dir);

  static bool coverage_enabled = false;
  if (!coverage_enabled) {
    coverage_enabled = enabled;
    Atexit(__sanitizer_cov_dump);
    AddDieCallback(__sanitizer_cov_dump);
  }
}
}  // namespace __sanitizer

extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr *pcs,
                                                             uptr len) {
  UNIMPLEMENTED();
}

SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *guard) {
  if (!*guard)
    return;
  __sancov::pc_guard_controller.TracePcGuard(guard, GET_CALLER_PC() - 1);
}

SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init,
                             u32 *start, u32 *end) {
  if (start == end || *start)
    return;
  __sancov::pc_guard_controller.InitTracePcGuard(start, end);
}

SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_coverage() {
  __sancov::pc_guard_controller.Dump();
}
SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() {
  __sanitizer_dump_trace_pc_guard_coverage();
}
// Default empty implementations (weak). Users should redefine them.
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {}
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
}  // extern "C"

#endif  // !SANITIZER_FUCHSIA
Commit	Line	Data
b667dd70	1	//===-- sanitizer_coverage_fuchsia.cpp ------------------------------------===//
5d3805fc	2	//
b667dd70 ML	3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
	4	// See https://llvm.org/LICENSE.txt for license information.
	5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
5d3805fc	6	//
eac97531	7	//===----------------------------------------------------------------------===//
5d3805fc JJ	8	//
	9	// Sanitizer Coverage Controller for Trace PC Guard, Fuchsia-specific version.
	10	//
	11	// This Fuchsia-specific implementation uses the same basic scheme and the
	12	// same simple '.sancov' file format as the generic implementation. The
	13	// difference is that we just produce a single blob of output for the whole
	14	// program, not a separate one per DSO. We do not sort the PC table and do
	15	// not prune the zeros, so the resulting file is always as large as it
	16	// would be to report 100% coverage. Implicit tracing information about
	17	// the address ranges of DSOs allows offline tools to split the one big
	18	// blob into separate files that the 'sancov' tool can understand.
	19	//
	20	// Unlike the traditional implementation that uses an atexit hook to write
	21	// out data files at the end, the results on Fuchsia do not go into a file
	22	// per se. The 'coverage_dir' option is ignored. Instead, they are stored
	23	// directly into a shared memory object (a Zircon VMO). At exit, that VMO
	24	// is handed over to a system service that's responsible for getting the
	25	// data out to somewhere that it can be fed into the sancov tool (where and
	26	// how is not our problem).
	27
	28	#include "sanitizer_platform.h"
	29	#if SANITIZER_FUCHSIA
3c6331c2 ML	30	#include <zircon/process.h>
	31	#include <zircon/sanitizer.h>
	32	#include <zircon/syscalls.h>
	33
5d3805fc JJ	34	#include "sanitizer_atomic.h"
	35	#include "sanitizer_common.h"
	36	#include "sanitizer_internal_defs.h"
b667dd70	37	#include "sanitizer_symbolizer_fuchsia.h"
5d3805fc	38
3ca75cd5	39	using namespace __sanitizer;
5d3805fc JJ	40
	41	namespace __sancov {
	42	namespace {
	43
	44	// TODO(mcgrathr): Move the constant into a header shared with other impls.
	45	constexpr u64 Magic64 = 0xC0BFFFFFFFFFFF64ULL;
	46	static_assert(SANITIZER_WORDSIZE == 64, "Fuchsia is always LP64");
	47
	48	constexpr const char kSancovSinkName[] = "sancov";
	49
	50	// Collects trace-pc guard coverage.
	51	// This class relies on zero-initialization.
eac97531	52	class TracePcGuardController final {
5d3805fc JJ	53	public:
	54	// For each PC location being tracked, there is a u32 reserved in global
	55	// data called the "guard". At startup, we assign each guard slot a
	56	// unique index into the big results array. Later during runtime, the
	57	// first call to TracePcGuard (below) will store the corresponding PC at
	58	// that index in the array. (Each later call with the same guard slot is
	59	// presumed to be from the same PC.) Then it clears the guard slot back
	60	// to zero, which tells the compiler not to bother calling in again. At
	61	// the end of the run, we have a big array where each element is either
	62	// zero or is a tracked PC location that was hit in the trace.
	63
	64	// This is called from global constructors. Each translation unit has a
	65	// contiguous array of guard slots, and a constructor that calls here
	66	// with the bounds of its array. Those constructors are allowed to call
	67	// here more than once for the same array. Usually all of these
	68	// constructors run in the initial thread, but it's possible that a
	69	// dlopen call on a secondary thread will run constructors that get here.
	70	void InitTracePcGuard(u32 start, u32 end) {
	71	if (end > start && *start == 0 && common_flags()->coverage) {
	72	// Complete the setup before filling in any guards with indices.
	73	// This avoids the possibility of code called from Setup reentering
	74	// TracePcGuard.
	75	u32 idx = Setup(end - start);
	76	for (u32 *p = start; p < end; ++p) {
	77	*p = idx++;
	78	}
	79	}
	80	}
	81
	82	void TracePcGuard(u32 *guard, uptr pc) {
	83	atomic_uint32_t guard_ptr = reinterpret_cast<atomic_uint32_t >(guard);
	84	u32 idx = atomic_exchange(guard_ptr, 0, memory_order_relaxed);
3c6331c2 ML	85	if (idx > 0)
3c6331c2 ML	86	array_[idx] = pc;
5d3805fc JJ	87	}
	88
	89	void Dump() {
	90	BlockingMutexLock locked(&setup_lock_);
	91	if (array_) {
	92	CHECK_NE(vmo_, ZX_HANDLE_INVALID);
	93
	94	// Publish the VMO to the system, where it can be collected and
	95	// analyzed after this process exits. This always consumes the VMO
	96	// handle. Any failure is just logged and not indicated to us.
	97	__sanitizer_publish_data(kSancovSinkName, vmo_);
	98	vmo_ = ZX_HANDLE_INVALID;
	99
	100	// This will route to __sanitizer_log_write, which will ensure that
	101	// information about shared libraries is written out. This message
	102	// uses the `dumpfile` symbolizer markup element to highlight the
	103	// dump. See the explanation for this in:
	104	// https://fuchsia.googlesource.com/zircon/+/master/docs/symbolizer_markup.md
b667dd70	105	Printf("SanitizerCoverage: " FORMAT_DUMPFILE " with up to %u PCs\n",
5d3805fc JJ	106	kSancovSinkName, vmo_name_, next_index_ - 1);
	107	}
	108	}
	109
	110	private:
	111	// We map in the largest possible view into the VMO: one word
	112	// for every possible 32-bit index value. This avoids the need
	113	// to change the mapping when increasing the size of the VMO.
	114	// We can always spare the 32G of address space.
	115	static constexpr size_t MappingSize = sizeof(uptr) << 32;
	116
eac97531 ML	117	BlockingMutex setup_lock_ = BlockingMutex(LINKER_INITIALIZED);
	118	uptr *array_ = nullptr;
	119	u32 next_index_ = 0;
	120	zx_handle_t vmo_ = {};
	121	char vmo_name_[ZX_MAX_NAME_LEN] = {};
5d3805fc JJ	122
	123	size_t DataSize() const { return next_index_ * sizeof(uintptr_t); }
	124
	125	u32 Setup(u32 num_guards) {
	126	BlockingMutexLock locked(&setup_lock_);
	127	DCHECK(common_flags()->coverage);
	128
	129	if (next_index_ == 0) {
	130	CHECK_EQ(vmo_, ZX_HANDLE_INVALID);
	131	CHECK_EQ(array_, nullptr);
	132
	133	// The first sample goes at [1] to reserve [0] for the magic number.
	134	next_index_ = 1 + num_guards;
	135
b667dd70	136	zx_status_t status = _zx_vmo_create(DataSize(), ZX_VMO_RESIZABLE, &vmo_);
5d3805fc JJ	137	CHECK_EQ(status, ZX_OK);
	138
	139	// Give the VMO a name including our process KOID so it's easy to spot.
	140	internal_snprintf(vmo_name_, sizeof(vmo_name_), "%s.%zu", kSancovSinkName,
	141	internal_getpid());
	142	_zx_object_set_property(vmo_, ZX_PROP_NAME, vmo_name_,
	143	internal_strlen(vmo_name_));
3c6331c2 ML	144	uint64_t size = DataSize();
	145	status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size,
	146	sizeof(size));
	147	CHECK_EQ(status, ZX_OK);
5d3805fc JJ	148
	149	// Map the largest possible view we might need into the VMO. Later
	150	// we might need to increase the VMO's size before we can use larger
	151	// indices, but we'll never move the mapping address so we don't have
	152	// any multi-thread synchronization issues with that.
	153	uintptr_t mapping;
	154	status =
eac97531 ML	155	_zx_vmar_map(_zx_vmar_root_self(), ZX_VM_PERM_READ \| ZX_VM_PERM_WRITE,
eac97531 ML	156	0, vmo_, 0, MappingSize, &mapping);
5d3805fc JJ	157	CHECK_EQ(status, ZX_OK);
	158
	159	// Hereafter other threads are free to start storing into
	160	// elements [1, next_index_) of the big array.
	161	array_ = reinterpret_cast<uptr *>(mapping);
	162
	163	// Store the magic number.
	164	// Hereafter, the VMO serves as the contents of the '.sancov' file.
	165	array_[0] = Magic64;
	166
	167	return 1;
	168	} else {
	169	// The VMO is already mapped in, but it's not big enough to use the
	170	// new indices. So increase the size to cover the new maximum index.
	171
	172	CHECK_NE(vmo_, ZX_HANDLE_INVALID);
	173	CHECK_NE(array_, nullptr);
	174
	175	uint32_t first_index = next_index_;
	176	next_index_ += num_guards;
	177
	178	zx_status_t status = _zx_vmo_set_size(vmo_, DataSize());
	179	CHECK_EQ(status, ZX_OK);
3c6331c2 ML	180	uint64_t size = DataSize();
	181	status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size,
	182	sizeof(size));
	183	CHECK_EQ(status, ZX_OK);
5d3805fc JJ	184
	185	return first_index;
	186	}
	187	}
	188	};
	189
	190	static TracePcGuardController pc_guard_controller;
	191
	192	} // namespace
	193	} // namespace __sancov
	194
	195	namespace __sanitizer {
	196	void InitializeCoverage(bool enabled, const char *dir) {
	197	CHECK_EQ(enabled, common_flags()->coverage);
	198	CHECK_EQ(dir, common_flags()->coverage_dir);
	199
	200	static bool coverage_enabled = false;
	201	if (!coverage_enabled) {
	202	coverage_enabled = enabled;
	203	Atexit(__sanitizer_cov_dump);
	204	AddDieCallback(__sanitizer_cov_dump);
	205	}
	206	}
	207	} // namespace __sanitizer
	208
	209	extern "C" {
3ca75cd5 ML	210	SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr *pcs,
3ca75cd5 ML	211	uptr len) {
5d3805fc JJ	212	UNIMPLEMENTED();
	213	}
	214
	215	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *guard) {
3c6331c2 ML	216	if (!*guard)
3c6331c2 ML	217	return;
5d3805fc JJ	218	__sancov::pc_guard_controller.TracePcGuard(guard, GET_CALLER_PC() - 1);
	219	}
	220
	221	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init,
	222	u32 start, u32 end) {
3c6331c2 ML	223	if (start == end \|\| *start)
3c6331c2 ML	224	return;
5d3805fc JJ	225	__sancov::pc_guard_controller.InitTracePcGuard(start, end);
	226	}
	227
	228	SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_coverage() {
	229	__sancov::pc_guard_controller.Dump();
	230	}
	231	SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() {
	232	__sanitizer_dump_trace_pc_guard_coverage();
	233	}
	234	// Default empty implementations (weak). Users should redefine them.
	235	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {}
	236	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {}
	237	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {}
	238	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {}
	239	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {}
	240	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, void) {}
	241	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, void) {}
	242	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, void) {}
	243	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, void) {}
	244	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {}
	245	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {}
	246	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {}
	247	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {}
	248	SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
	249	} // extern "C"
	250
	251	#endif // !SANITIZER_FUCHSIA