sanitizer_coverage_fuchsia.cpp 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
  1. //===-- sanitizer_coverage_fuchsia.cpp ------------------------------------===//
  2. //
  3. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
  4. // See https://llvm.org/LICENSE.txt for license information.
  5. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
  6. //
  7. //===----------------------------------------------------------------------===//
  8. //
  9. // Sanitizer Coverage Controller for Trace PC Guard, Fuchsia-specific version.
  10. //
  11. // This Fuchsia-specific implementation uses the same basic scheme and the
  12. // same simple '.sancov' file format as the generic implementation. The
  13. // difference is that we just produce a single blob of output for the whole
  14. // program, not a separate one per DSO. We do not sort the PC table and do
  15. // not prune the zeros, so the resulting file is always as large as it
  16. // would be to report 100% coverage. Implicit tracing information about
  17. // the address ranges of DSOs allows offline tools to split the one big
  18. // blob into separate files that the 'sancov' tool can understand.
  19. //
  20. // Unlike the traditional implementation that uses an atexit hook to write
  21. // out data files at the end, the results on Fuchsia do not go into a file
  22. // per se. The 'coverage_dir' option is ignored. Instead, they are stored
  23. // directly into a shared memory object (a Zircon VMO). At exit, that VMO
  24. // is handed over to a system service that's responsible for getting the
  25. // data out to somewhere that it can be fed into the sancov tool (where and
  26. // how is not our problem).
  27. #include "sanitizer_platform.h"
  28. #if SANITIZER_FUCHSIA
  29. #error #include <zircon/process.h>
  30. #error #include <zircon/sanitizer.h>
  31. #error #include <zircon/syscalls.h>
  32. #include "sanitizer_atomic.h"
  33. #include "sanitizer_common.h"
  34. #include "sanitizer_interface_internal.h"
  35. #include "sanitizer_internal_defs.h"
  36. #include "sanitizer_symbolizer_fuchsia.h"
  37. using namespace __sanitizer;
  38. namespace __sancov {
  39. namespace {
  40. // TODO(mcgrathr): Move the constant into a header shared with other impls.
  41. constexpr u64 Magic64 = 0xC0BFFFFFFFFFFF64ULL;
  42. static_assert(SANITIZER_WORDSIZE == 64, "Fuchsia is always LP64");
  43. constexpr const char kSancovSinkName[] = "sancov";
  44. // Collects trace-pc guard coverage.
  45. // This class relies on zero-initialization.
  46. class TracePcGuardController final {
  47. public:
  48. constexpr TracePcGuardController() {}
  49. // For each PC location being tracked, there is a u32 reserved in global
  50. // data called the "guard". At startup, we assign each guard slot a
  51. // unique index into the big results array. Later during runtime, the
  52. // first call to TracePcGuard (below) will store the corresponding PC at
  53. // that index in the array. (Each later call with the same guard slot is
  54. // presumed to be from the same PC.) Then it clears the guard slot back
  55. // to zero, which tells the compiler not to bother calling in again. At
  56. // the end of the run, we have a big array where each element is either
  57. // zero or is a tracked PC location that was hit in the trace.
  58. // This is called from global constructors. Each translation unit has a
  59. // contiguous array of guard slots, and a constructor that calls here
  60. // with the bounds of its array. Those constructors are allowed to call
  61. // here more than once for the same array. Usually all of these
  62. // constructors run in the initial thread, but it's possible that a
  63. // dlopen call on a secondary thread will run constructors that get here.
  64. void InitTracePcGuard(u32 *start, u32 *end) {
  65. if (end > start && *start == 0 && common_flags()->coverage) {
  66. // Complete the setup before filling in any guards with indices.
  67. // This avoids the possibility of code called from Setup reentering
  68. // TracePcGuard.
  69. u32 idx = Setup(end - start);
  70. for (u32 *p = start; p < end; ++p) {
  71. *p = idx++;
  72. }
  73. }
  74. }
  75. void TracePcGuard(u32 *guard, uptr pc) {
  76. atomic_uint32_t *guard_ptr = reinterpret_cast<atomic_uint32_t *>(guard);
  77. u32 idx = atomic_exchange(guard_ptr, 0, memory_order_relaxed);
  78. if (idx > 0)
  79. array_[idx] = pc;
  80. }
  81. void Dump() {
  82. Lock locked(&setup_lock_);
  83. if (array_) {
  84. CHECK_NE(vmo_, ZX_HANDLE_INVALID);
  85. // Publish the VMO to the system, where it can be collected and
  86. // analyzed after this process exits. This always consumes the VMO
  87. // handle. Any failure is just logged and not indicated to us.
  88. __sanitizer_publish_data(kSancovSinkName, vmo_);
  89. vmo_ = ZX_HANDLE_INVALID;
  90. // This will route to __sanitizer_log_write, which will ensure that
  91. // information about shared libraries is written out. This message
  92. // uses the `dumpfile` symbolizer markup element to highlight the
  93. // dump. See the explanation for this in:
  94. // https://fuchsia.googlesource.com/zircon/+/master/docs/symbolizer_markup.md
  95. Printf("SanitizerCoverage: " FORMAT_DUMPFILE " with up to %u PCs\n",
  96. kSancovSinkName, vmo_name_, next_index_ - 1);
  97. }
  98. }
  99. private:
  100. // We map in the largest possible view into the VMO: one word
  101. // for every possible 32-bit index value. This avoids the need
  102. // to change the mapping when increasing the size of the VMO.
  103. // We can always spare the 32G of address space.
  104. static constexpr size_t MappingSize = sizeof(uptr) << 32;
  105. Mutex setup_lock_;
  106. uptr *array_ = nullptr;
  107. u32 next_index_ = 0;
  108. zx_handle_t vmo_ = {};
  109. char vmo_name_[ZX_MAX_NAME_LEN] = {};
  110. size_t DataSize() const { return next_index_ * sizeof(uintptr_t); }
  111. u32 Setup(u32 num_guards) {
  112. Lock locked(&setup_lock_);
  113. DCHECK(common_flags()->coverage);
  114. if (next_index_ == 0) {
  115. CHECK_EQ(vmo_, ZX_HANDLE_INVALID);
  116. CHECK_EQ(array_, nullptr);
  117. // The first sample goes at [1] to reserve [0] for the magic number.
  118. next_index_ = 1 + num_guards;
  119. zx_status_t status = _zx_vmo_create(DataSize(), ZX_VMO_RESIZABLE, &vmo_);
  120. CHECK_EQ(status, ZX_OK);
  121. // Give the VMO a name including our process KOID so it's easy to spot.
  122. internal_snprintf(vmo_name_, sizeof(vmo_name_), "%s.%zu", kSancovSinkName,
  123. internal_getpid());
  124. _zx_object_set_property(vmo_, ZX_PROP_NAME, vmo_name_,
  125. internal_strlen(vmo_name_));
  126. uint64_t size = DataSize();
  127. status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size,
  128. sizeof(size));
  129. CHECK_EQ(status, ZX_OK);
  130. // Map the largest possible view we might need into the VMO. Later
  131. // we might need to increase the VMO's size before we can use larger
  132. // indices, but we'll never move the mapping address so we don't have
  133. // any multi-thread synchronization issues with that.
  134. uintptr_t mapping;
  135. status =
  136. _zx_vmar_map(_zx_vmar_root_self(), ZX_VM_PERM_READ | ZX_VM_PERM_WRITE,
  137. 0, vmo_, 0, MappingSize, &mapping);
  138. CHECK_EQ(status, ZX_OK);
  139. // Hereafter other threads are free to start storing into
  140. // elements [1, next_index_) of the big array.
  141. array_ = reinterpret_cast<uptr *>(mapping);
  142. // Store the magic number.
  143. // Hereafter, the VMO serves as the contents of the '.sancov' file.
  144. array_[0] = Magic64;
  145. return 1;
  146. } else {
  147. // The VMO is already mapped in, but it's not big enough to use the
  148. // new indices. So increase the size to cover the new maximum index.
  149. CHECK_NE(vmo_, ZX_HANDLE_INVALID);
  150. CHECK_NE(array_, nullptr);
  151. uint32_t first_index = next_index_;
  152. next_index_ += num_guards;
  153. zx_status_t status = _zx_vmo_set_size(vmo_, DataSize());
  154. CHECK_EQ(status, ZX_OK);
  155. uint64_t size = DataSize();
  156. status = _zx_object_set_property(vmo_, ZX_PROP_VMO_CONTENT_SIZE, &size,
  157. sizeof(size));
  158. CHECK_EQ(status, ZX_OK);
  159. return first_index;
  160. }
  161. }
  162. };
  163. static TracePcGuardController pc_guard_controller;
  164. } // namespace
  165. } // namespace __sancov
  166. namespace __sanitizer {
  167. void InitializeCoverage(bool enabled, const char *dir) {
  168. CHECK_EQ(enabled, common_flags()->coverage);
  169. CHECK_EQ(dir, common_flags()->coverage_dir);
  170. static bool coverage_enabled = false;
  171. if (!coverage_enabled) {
  172. coverage_enabled = enabled;
  173. Atexit(__sanitizer_cov_dump);
  174. AddDieCallback(__sanitizer_cov_dump);
  175. }
  176. }
  177. } // namespace __sanitizer
  178. extern "C" {
  179. SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr *pcs,
  180. uptr len) {
  181. UNIMPLEMENTED();
  182. }
  183. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *guard) {
  184. if (!*guard)
  185. return;
  186. __sancov::pc_guard_controller.TracePcGuard(guard, GET_CALLER_PC() - 1);
  187. }
  188. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init,
  189. u32 *start, u32 *end) {
  190. if (start == end || *start)
  191. return;
  192. __sancov::pc_guard_controller.InitTracePcGuard(start, end);
  193. }
  194. SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_coverage() {
  195. __sancov::pc_guard_controller.Dump();
  196. }
  197. SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() {
  198. __sanitizer_dump_trace_pc_guard_coverage();
  199. }
  200. // Default empty implementations (weak). Users should redefine them.
  201. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {}
  202. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {}
  203. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {}
  204. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {}
  205. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {}
  206. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, void) {}
  207. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, void) {}
  208. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, void) {}
  209. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, void) {}
  210. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {}
  211. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {}
  212. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {}
  213. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {}
  214. SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
  215. } // extern "C"
  216. #endif // !SANITIZER_FUCHSIA