Implement SanitizerCoverage support (Refs. #6513) #6517
Conversation
|
Hmm, looks like the test needs to be less fragile. Will look into that. |
ab8fc5d to
b312eee
Compare
Please refer to https://clang.llvm.org/docs/SanitizerCoverage.html TLDR: `ModuleSanitizerCoveragePass` instruments the IR by inserting calls to callbacks at certain constructs. What the callbacks should do is up to the implementation. They are effectively required for fuzzing to be effective, and are provided by e.g. libfuzzer. One huge caveat is `SanitizerCoverageOptions` which controls which which callbacks should actually be inserted. I just don't know what to do about it. Right now i have hardcoded the set that would have been enabled by `-fsanitize=fuzzer-no-link`, because the alternative, due to halide unflexibility, would be to introduce ~16 suboptions to control each one.
|
Just so you know, there's no need to force push... we always squash-merge our PRs and the history can be useful for review. |
|
Requesting reviews from @steven-johnson since he's familiar with the sanitizer stuff and from @zvookin since he will have opinions on how to deal with passing options to this. |
Thanks!
|
I think that's probably fine for the time being -- we can expand and add flexibility in the future as desired. That said, we should add a tracking issue here ("Target::SanitizerCoverage only supports equivalent of fuzzer-no-link") and add a link to it in comments at the relevant sites in the code. |
steven-johnson
left a comment
There was a problem hiding this comment.
Some nits re: style and comments, otherwise LGTM pending green
src/Module.cpp
Outdated
| Target::MSAN, | ||
| Target::NoRuntime, | ||
| Target::TSAN, | ||
| Target::SANCOV, |
There was a problem hiding this comment.
annoying style nit: all-caps SANCOV seems out of place here as an all-caps abbreviation, despite MSAN, etc, since the latter are commonly referred to that way in LLVM docs but the former seems to be SanitizerCoverage. If we are using this only for testing purposes then I think we should use either SanitizerCoverage or sanitizer_coverage to fit in with existing patterns. (Tagging @abadams here for his opinion as well.)
There was a problem hiding this comment.
IMO SanitizerCoverage to match the llvm docs, but I don't feel strongly about it
There was a problem hiding this comment.
Do you want me to change all instances of SANCOV to SanitizerCoverage, or just some?
If we are using this only for testing purposes
I'm not sure what you mean by that? Roughly, the feature will be requested the way it is requested in the test.
There was a problem hiding this comment.
change all instances of SANCOV to SanitizerCoverage, or just some?
I'd vote for all (except the ones in HalideRuntime.h, which should be sanitizer_coverage to match the conventions there)
There was a problem hiding this comment.
Ok, let me know if i did it wrong.
src/Target.cpp
Outdated
| {"rvv", Target::RVV}, | ||
| {"armv81a", Target::ARMv81a}, | ||
| {"sancov", Target::SANCOV}, | ||
| {"sanitizercoverage", Target::SanitizerCoverage}, |
There was a problem hiding this comment.
"sanitizer_coverage", so that it matches the name in HalideRuntime.h
src/Target.cpp
Outdated
| #endif | ||
| #if __has_feature(coverage_sanitizer) | ||
| host.set_feature(Target::SANCOV); | ||
| host.set_feature(Target::SANITIZERCOVERAGE); |
There was a problem hiding this comment.
This looks like it won't compile, did you mean Target::SanitizerCoverage
There was a problem hiding this comment.
I did verify that this builds for me, starting with clean build dir.
Right, thanks, i didn't test-build halide with sancov.
src/Target.cpp
Outdated
|
|
||
| if ((features & matching_mask) != (other.features & matching_mask)) { | ||
| Internal::debug(1) << "runtime targets must agree on SoftFloatABI, Debug, TSAN, ASAN, MSAN, HVX, HexagonDma, HVX_shared_object, SANCOV\n" | ||
| Internal::debug(1) << "runtime targets must agree on SoftFloatABI, Debug, TSAN, ASAN, MSAN, HVX, HexagonDma, HVX_shared_object, SANITIZERCOVERAGE\n" |
| namespace { | ||
|
|
||
| class SANCOV : public Halide::Generator<SANCOV> { | ||
| class SANITIZERCOVERAGE : public Halide::Generator<SANITIZERCOVERAGE> { |
There was a problem hiding this comment.
s/SANITIZERCOVERAGE/SanitizerCoverage/ or really anything that isn't ALLCAPS
|
|
||
| void generate() { | ||
| // Currently the test just exercises Target::SANCOV | ||
| // Currently the test just exercises Target::SANITIZERCOVERAGE |
There was a problem hiding this comment.
Target::SanitizerCoverage
|
|
||
| private: | ||
| // Currently the test just exercises Target::SANCOV | ||
| // Currently the test just exercises Target::SANITIZERCOVERAGE |
There was a problem hiding this comment.
Target::SanitizerCoverage
steven-johnson
left a comment
There was a problem hiding this comment.
Thanks for the fixes!
|
@alexreinking @steven-johnson Thank you! |
Please refer to https://clang.llvm.org/docs/SanitizerCoverage.html
TLDR:
ModuleSanitizerCoveragePassinstruments the IR by insertingcalls to callbacks at certain constructs. What the callbacks should do
is up to the implementation. They are effectively required for fuzzing
to be effective, and are provided by e.g. libfuzzer.
One huge caveat is
SanitizerCoverageOptionswhich controlswhich which callbacks should actually be inserted.
I just don't know what to do about it. Right now i have hardcoded
the set that would have been enabled by
-fsanitize=fuzzer-no-link,because the alternative, due to halide unflexibility,
would be to introduce ~16 suboptions to control each one.