Thank you, kcc. I am unsure if I misunderstand your reply. It seems that trace-bb, rather than trace-pc, fits better for my problem, given that my instrumentation is to put before each conditional statement. Do I misunderstand something here? " Tracing basic blocks <http://clang.llvm.org/docs/SanitizerCoverage.html#id11> With -fsanitize-coverage=trace-bb the compiler will insert __sanitizer_cov_trace_basic_block(s32 *id) before every function, basic block, or edge (depending on the value of -fsanitize-coverage=[func,bb,edge]). " *Thanks,* *Zhoulai* Zhoulai On Fri, Aug 12, 2016 at 1:57 PM, Kostya Serebryany <kcc at google.com> wrote:> Hi Zhoulai, > The closest you can get is http://clang.llvm.org/docs/ > SanitizerCoverage.html#tracing-pcs > With this flavor of instrumentation the compiler inserts calls to > __sanitizer_cov_trace_pc into the control flow. > The users (you) needs to define the function __sanitizer_cov_trace_pc and > so you can call printf there. > > By default, not all edges in the control flow are instrumented > This is an optimization, you can disable it by -mllvm > -sanitizer-coverage-prune-blocks=0 > > --kcc > > On Fri, Aug 12, 2016 at 11:46 AM, Zhoulai via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > >> Hi, all >> >> I want to instrument a program automatically so that it prints "hello" >> before each conditional statement. For example, consider the function P >> below. >> >> int P(int x) { >> if (x<3) >> if (x>0) >> return 1; >> return 0; >> } >> >> Let P_instrum be the instrumented version of P. It is expected that: >> >> -- P_instrum(1) prints two "hello"s >> -- P_instrum(-1) prints one "hello" >> -- P_instrum(5) prints no "hello" >> >> From my understanding about Clang's sanitizer coverage, >> <http://clang.llvm.org/docs/SanitizerCoverage.html> we can use a >> sanitizer to achieve this instrumentation. However, so far I have not >> found a working example or snippet code to get started. Any idea? >> >> Thanks, >> >> Zhoulai >> >> _______________________________________________ >> LLVM Developers mailing list >> llvm-dev at lists.llvm.org >> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160812/67b96b76/attachment.html>
Kostya Serebryany via llvm-dev
2016-Aug-13 04:01 UTC
[llvm-dev] A "hello world" coverage sanitizer
I did mean trace-pc. trace-bb inserts callbacks to the existing run-time function that does some bookkeeping; you can not (easily) redefine it. trace-pc inserts callbacks to user-defined functions -- you can implement those functions to do whatever you need to. --kcc On Fri, Aug 12, 2016 at 7:40 PM, Zhoulai <zell08v at gmail.com> wrote:> Thank you, kcc. I am unsure if I misunderstand your reply. It seems that > trace-bb, rather than trace-pc, fits better for my problem, given that my > instrumentation is to put before each conditional statement. Do I > misunderstand something here? > > " > Tracing basic blocks > <http://clang.llvm.org/docs/SanitizerCoverage.html#id11> > With -fsanitize-coverage=trace-bb the compiler will insert > __sanitizer_cov_trace_basic_block(s32 *id) before every function, basic > block, or edge (depending on the value of -fsanitize-coverage=[func,bb, > edge]). > " > > > *Thanks,* > > *Zhoulai* > > > > > > Zhoulai > > On Fri, Aug 12, 2016 at 1:57 PM, Kostya Serebryany <kcc at google.com> wrote: > >> Hi Zhoulai, >> The closest you can get is http://clang.llvm.org/docs/ >> SanitizerCoverage.html#tracing-pcs >> With this flavor of instrumentation the compiler inserts calls to >> __sanitizer_cov_trace_pc into the control flow. >> The users (you) needs to define the function __sanitizer_cov_trace_pc and >> so you can call printf there. >> >> By default, not all edges in the control flow are instrumented >> This is an optimization, you can disable it by -mllvm >> -sanitizer-coverage-prune-blocks=0 >> >> --kcc >> >> On Fri, Aug 12, 2016 at 11:46 AM, Zhoulai via llvm-dev < >> llvm-dev at lists.llvm.org> wrote: >> >>> Hi, all >>> >>> I want to instrument a program automatically so that it prints "hello" >>> before each conditional statement. For example, consider the function P >>> below. >>> >>> int P(int x) { >>> if (x<3) >>> if (x>0) >>> return 1; >>> return 0; >>> } >>> >>> Let P_instrum be the instrumented version of P. It is expected that: >>> >>> -- P_instrum(1) prints two "hello"s >>> -- P_instrum(-1) prints one "hello" >>> -- P_instrum(5) prints no "hello" >>> >>> From my understanding about Clang's sanitizer coverage, >>> <http://clang.llvm.org/docs/SanitizerCoverage.html> we can use a >>> sanitizer to achieve this instrumentation. However, so far I have not >>> found a working example or snippet code to get started. Any idea? >>> >>> Thanks, >>> >>> Zhoulai >>> >>> _______________________________________________ >>> LLVM Developers mailing list >>> llvm-dev at lists.llvm.org >>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >>> >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160812/73c21cb4/attachment.html>
KCC, thank you. Please allow me to ask one related question: Now I would like to print out the execution trace (rather than "hello" as in my previous question). An identifier sequence of of the basic blocks or conditional statements will be sufficient for my purpose. For example, consider again the function P: int P(int x) { l_0: if (x<3) l_1: if (x>0) return 1; return 0; } where l_0 and l_1 are identifiers for the two conditional statements. Let P_instrum be the instrumented version of P. It is expected that: -- P_instrum(1) prints l_0, l_1 -- P_instrum(-1) prints l_0 -- P_instrum(5) prints nothing *Question*: Is there any built-in sanitizer coverage for implementing this ? For information, I did have checked http://clang.llvm.org/docs/SanitizerCoverage.html, but that page seems to lack some details (e.g. what is the difference between -fsanitize-coverage=bb and -fsanitize-coverage=trace-bb) Thanks, Zhoulai Zhoulai On Fri, Aug 12, 2016 at 9:01 PM, Kostya Serebryany <kcc at google.com> wrote:> I did mean trace-pc. > trace-bb inserts callbacks to the existing run-time function that does > some bookkeeping; you can not (easily) redefine it. > trace-pc inserts callbacks to user-defined functions -- you can implement > those functions to do whatever you need to. > > --kcc > > On Fri, Aug 12, 2016 at 7:40 PM, Zhoulai <zell08v at gmail.com> wrote: > >> Thank you, kcc. I am unsure if I misunderstand your reply. It seems that >> trace-bb, rather than trace-pc, fits better for my problem, given that my >> instrumentation is to put before each conditional statement. Do I >> misunderstand something here? >> >> " >> Tracing basic blocks >> <http://clang.llvm.org/docs/SanitizerCoverage.html#id11> >> With -fsanitize-coverage=trace-bb the compiler will insert >> __sanitizer_cov_trace_basic_block(s32 *id) before every function, basic >> block, or edge (depending on the value of -fsanitize-coverage=[func,bb,e >> dge]). >> " >> >> >> *Thanks,* >> >> *Zhoulai* >> >> >> >> >> >> Zhoulai >> >> On Fri, Aug 12, 2016 at 1:57 PM, Kostya Serebryany <kcc at google.com> >> wrote: >> >>> Hi Zhoulai, >>> The closest you can get is http://clang.llvm.org/docs/ >>> SanitizerCoverage.html#tracing-pcs >>> With this flavor of instrumentation the compiler inserts calls to >>> __sanitizer_cov_trace_pc into the control flow. >>> The users (you) needs to define the function __sanitizer_cov_trace_pc >>> and so you can call printf there. >>> >>> By default, not all edges in the control flow are instrumented >>> This is an optimization, you can disable it by -mllvm >>> -sanitizer-coverage-prune-blocks=0 >>> >>> --kcc >>> >>> On Fri, Aug 12, 2016 at 11:46 AM, Zhoulai via llvm-dev < >>> llvm-dev at lists.llvm.org> wrote: >>> >>>> Hi, all >>>> >>>> I want to instrument a program automatically so that it prints "hello" >>>> before each conditional statement. For example, consider the function P >>>> below. >>>> >>>> int P(int x) { >>>> if (x<3) >>>> if (x>0) >>>> return 1; >>>> return 0; >>>> } >>>> >>>> Let P_instrum be the instrumented version of P. It is expected that: >>>> >>>> -- P_instrum(1) prints two "hello"s >>>> -- P_instrum(-1) prints one "hello" >>>> -- P_instrum(5) prints no "hello" >>>> >>>> From my understanding about Clang's sanitizer coverage, >>>> <http://clang.llvm.org/docs/SanitizerCoverage.html> we can use a >>>> sanitizer to achieve this instrumentation. However, so far I have not >>>> found a working example or snippet code to get started. Any idea? >>>> >>>> Thanks, >>>> >>>> Zhoulai >>>> >>>> _______________________________________________ >>>> LLVM Developers mailing list >>>> llvm-dev at lists.llvm.org >>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >>>> >>>> >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160815/2ba1c536/attachment.html>