1 //===-- sanitizer_coverage_fuchsia.cpp ------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Sanitizer Coverage Controller for Trace PC Guard, Fuchsia-specific version. 10 // 11 // This Fuchsia-specific implementation uses the same basic scheme and the 12 // same simple '.sancov' file format as the generic implementation. The 13 // difference is that we just produce a single blob of output for the whole 14 // program, not a separate one per DSO. We do not sort the PC table and do 15 // not prune the zeros, so the resulting file is always as large as it 16 // would be to report 100% coverage. Implicit tracing information about 17 // the address ranges of DSOs allows offline tools to split the one big 18 // blob into separate files that the 'sancov' tool can understand. 19 // 20 // Unlike the traditional implementation that uses an atexit hook to write 21 // out data files at the end, the results on Fuchsia do not go into a file 22 // per se. The 'coverage_dir' option is ignored. Instead, they are stored 23 // directly into a shared memory object (a Zircon VMO). At exit, that VMO 24 // is handed over to a system service that's responsible for getting the 25 // data out to somewhere that it can be fed into the sancov tool (where and 26 // how is not our problem). 27 28 #include "sanitizer_platform.h" 29 #if SANITIZER_FUCHSIA 30 #include "sanitizer_atomic.h" 31 #include "sanitizer_common.h" 32 #include "sanitizer_internal_defs.h" 33 #include "sanitizer_symbolizer_fuchsia.h" 34 35 #include <zircon/process.h> 36 #include <zircon/sanitizer.h> 37 #include <zircon/syscalls.h> 38 39 using namespace __sanitizer; 40 41 namespace __sancov { 42 namespace { 43 44 // TODO(mcgrathr): Move the constant into a header shared with other impls. 45 constexpr u64 Magic64 = 0xC0BFFFFFFFFFFF64ULL; 46 static_assert(SANITIZER_WORDSIZE == 64, "Fuchsia is always LP64"); 47 48 constexpr const char kSancovSinkName[] = "sancov"; 49 50 // Collects trace-pc guard coverage. 51 // This class relies on zero-initialization. 52 class TracePcGuardController final { 53 public: 54 // For each PC location being tracked, there is a u32 reserved in global 55 // data called the "guard". At startup, we assign each guard slot a 56 // unique index into the big results array. Later during runtime, the 57 // first call to TracePcGuard (below) will store the corresponding PC at 58 // that index in the array. (Each later call with the same guard slot is 59 // presumed to be from the same PC.) Then it clears the guard slot back 60 // to zero, which tells the compiler not to bother calling in again. At 61 // the end of the run, we have a big array where each element is either 62 // zero or is a tracked PC location that was hit in the trace. 63 64 // This is called from global constructors. Each translation unit has a 65 // contiguous array of guard slots, and a constructor that calls here 66 // with the bounds of its array. Those constructors are allowed to call 67 // here more than once for the same array. Usually all of these 68 // constructors run in the initial thread, but it's possible that a 69 // dlopen call on a secondary thread will run constructors that get here. 70 void InitTracePcGuard(u32 *start, u32 *end) { 71 if (end > start && *start == 0 && common_flags()->coverage) { 72 // Complete the setup before filling in any guards with indices. 73 // This avoids the possibility of code called from Setup reentering 74 // TracePcGuard. 75 u32 idx = Setup(end - start); 76 for (u32 *p = start; p < end; ++p) { 77 *p = idx++; 78 } 79 } 80 } 81 82 void TracePcGuard(u32 *guard, uptr pc) { 83 atomic_uint32_t *guard_ptr = reinterpret_cast<atomic_uint32_t *>(guard); 84 u32 idx = atomic_exchange(guard_ptr, 0, memory_order_relaxed); 85 if (idx > 0) array_[idx] = pc; 86 } 87 88 void Dump() { 89 BlockingMutexLock locked(&setup_lock_); 90 if (array_) { 91 CHECK_NE(vmo_, ZX_HANDLE_INVALID); 92 93 // Publish the VMO to the system, where it can be collected and 94 // analyzed after this process exits. This always consumes the VMO 95 // handle. Any failure is just logged and not indicated to us. 96 __sanitizer_publish_data(kSancovSinkName, vmo_); 97 vmo_ = ZX_HANDLE_INVALID; 98 99 // This will route to __sanitizer_log_write, which will ensure that 100 // information about shared libraries is written out. This message 101 // uses the `dumpfile` symbolizer markup element to highlight the 102 // dump. See the explanation for this in: 103 // https://fuchsia.googlesource.com/zircon/+/master/docs/symbolizer_markup.md 104 Printf("SanitizerCoverage: " FORMAT_DUMPFILE " with up to %u PCs\n", 105 kSancovSinkName, vmo_name_, next_index_ - 1); 106 } 107 } 108 109 private: 110 // We map in the largest possible view into the VMO: one word 111 // for every possible 32-bit index value. This avoids the need 112 // to change the mapping when increasing the size of the VMO. 113 // We can always spare the 32G of address space. 114 static constexpr size_t MappingSize = sizeof(uptr) << 32; 115 116 BlockingMutex setup_lock_ = BlockingMutex(LINKER_INITIALIZED); 117 uptr *array_ = nullptr; 118 u32 next_index_ = 0; 119 zx_handle_t vmo_ = {}; 120 char vmo_name_[ZX_MAX_NAME_LEN] = {}; 121 122 size_t DataSize() const { return next_index_ * sizeof(uintptr_t); } 123 124 u32 Setup(u32 num_guards) { 125 BlockingMutexLock locked(&setup_lock_); 126 DCHECK(common_flags()->coverage); 127 128 if (next_index_ == 0) { 129 CHECK_EQ(vmo_, ZX_HANDLE_INVALID); 130 CHECK_EQ(array_, nullptr); 131 132 // The first sample goes at [1] to reserve [0] for the magic number. 133 next_index_ = 1 + num_guards; 134 135 zx_status_t status = _zx_vmo_create(DataSize(), ZX_VMO_RESIZABLE, &vmo_); 136 CHECK_EQ(status, ZX_OK); 137 138 // Give the VMO a name including our process KOID so it's easy to spot. 139 internal_snprintf(vmo_name_, sizeof(vmo_name_), "%s.%zu", kSancovSinkName, 140 internal_getpid()); 141 _zx_object_set_property(vmo_, ZX_PROP_NAME, vmo_name_, 142 internal_strlen(vmo_name_)); 143 144 // Map the largest possible view we might need into the VMO. Later 145 // we might need to increase the VMO's size before we can use larger 146 // indices, but we'll never move the mapping address so we don't have 147 // any multi-thread synchronization issues with that. 148 uintptr_t mapping; 149 status = 150 _zx_vmar_map(_zx_vmar_root_self(), ZX_VM_PERM_READ | ZX_VM_PERM_WRITE, 151 0, vmo_, 0, MappingSize, &mapping); 152 CHECK_EQ(status, ZX_OK); 153 154 // Hereafter other threads are free to start storing into 155 // elements [1, next_index_) of the big array. 156 array_ = reinterpret_cast<uptr *>(mapping); 157 158 // Store the magic number. 159 // Hereafter, the VMO serves as the contents of the '.sancov' file. 160 array_[0] = Magic64; 161 162 return 1; 163 } else { 164 // The VMO is already mapped in, but it's not big enough to use the 165 // new indices. So increase the size to cover the new maximum index. 166 167 CHECK_NE(vmo_, ZX_HANDLE_INVALID); 168 CHECK_NE(array_, nullptr); 169 170 uint32_t first_index = next_index_; 171 next_index_ += num_guards; 172 173 zx_status_t status = _zx_vmo_set_size(vmo_, DataSize()); 174 CHECK_EQ(status, ZX_OK); 175 176 return first_index; 177 } 178 } 179 }; 180 181 static TracePcGuardController pc_guard_controller; 182 183 } // namespace 184 } // namespace __sancov 185 186 namespace __sanitizer { 187 void InitializeCoverage(bool enabled, const char *dir) { 188 CHECK_EQ(enabled, common_flags()->coverage); 189 CHECK_EQ(dir, common_flags()->coverage_dir); 190 191 static bool coverage_enabled = false; 192 if (!coverage_enabled) { 193 coverage_enabled = enabled; 194 Atexit(__sanitizer_cov_dump); 195 AddDieCallback(__sanitizer_cov_dump); 196 } 197 } 198 } // namespace __sanitizer 199 200 extern "C" { 201 SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr *pcs, 202 uptr len) { 203 UNIMPLEMENTED(); 204 } 205 206 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *guard) { 207 if (!*guard) return; 208 __sancov::pc_guard_controller.TracePcGuard(guard, GET_CALLER_PC() - 1); 209 } 210 211 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init, 212 u32 *start, u32 *end) { 213 if (start == end || *start) return; 214 __sancov::pc_guard_controller.InitTracePcGuard(start, end); 215 } 216 217 SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_coverage() { 218 __sancov::pc_guard_controller.Dump(); 219 } 220 SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() { 221 __sanitizer_dump_trace_pc_guard_coverage(); 222 } 223 // Default empty implementations (weak). Users should redefine them. 224 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {} 225 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {} 226 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {} 227 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {} 228 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {} 229 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, void) {} 230 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, void) {} 231 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, void) {} 232 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, void) {} 233 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {} 234 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {} 235 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {} 236 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {} 237 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {} 238 } // extern "C" 239 240 #endif // !SANITIZER_FUCHSIA 241