Commit 88bba4c154

Andrew Kelley <andrew@ziglang.org>
2024-08-28 23:36:28
LLVM: enable sancov pass partially
It's useful to have TraceCmp based on the results of LLVM optimizations, while the code coverage bits were emitted by Zig manually, allowing more careful correlation to points of interest in the source code. This re-enables the sancov pass in `-ffuzz` mode, but only TraceCmp. Notably, IndirectCalls is off, which needs to be implemented manually in the LLVM backend, and StackDepth remains off, because it is not used by libfuzzer or AFL either. If stack depth is re-introduced, it can be done with better performance characteristics by being function call graph aware, and only lowered in call graph cycles, where its heuristic properties come in useful. Fixes the fuzzing regression.
master
1 parent b8d99a3
Changed files (1)
src
codegen
llvm.zig
src/codegen/llvm.zig
@@ -1275,7 +1275,7 @@ pub const Object = struct {
             .is_small = options.is_small,
             .time_report = options.time_report,
             .tsan = options.sanitize_thread,
-            .sancov = sanCovPassEnabled(comp.config.san_cov_trace_pc_guard),
+            .sancov = options.fuzz,
             .lto = options.lto,
             .asm_filename = null,
             .bin_filename = options.bin_path,
@@ -1283,16 +1283,21 @@ pub const Object = struct {
             .bitcode_filename = null,
             .coverage = .{
                 .CoverageType = .Edge,
+                // Works in tandem with Inline8bitCounters or InlineBoolFlag.
+                // Zig does not yet implement its own version of this but it
+                // needs to for better fuzzing logic.
                 .IndirectCalls = false,
                 .TraceBB = false,
-                .TraceCmp = false,
+                .TraceCmp = true,
                 .TraceDiv = false,
                 .TraceGep = false,
                 .Use8bitCounters = false,
                 .TracePC = false,
                 .TracePCGuard = comp.config.san_cov_trace_pc_guard,
+                // Zig emits its own inline 8-bit counters instrumentation.
                 .Inline8bitCounters = false,
                 .InlineBoolFlag = false,
+                // Zig emits its own PC table instrumentation.
                 .PCTable = false,
                 .NoPrune = false,
                 .StackDepth = false,
@@ -12273,7 +12278,3 @@ pub fn initializeLLVMTarget(arch: std.Target.Cpu.Arch) void {
         => unreachable,
     }
 }
-
-fn sanCovPassEnabled(trace_pc_guard: bool) bool {
-    return trace_pc_guard;
-}