1 //===-- SanitizerCoverage.cpp - coverage instrumentation for sanitizers ---===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // Coverage instrumentation that works with AddressSanitizer 11 // and potentially with other Sanitizers. 12 // 13 // We create a Guard variable with the same linkage 14 // as the function and inject this code into the entry block (SCK_Function) 15 // or all blocks (SCK_BB): 16 // if (Guard < 0) { 17 // __sanitizer_cov(&Guard); 18 // } 19 // The accesses to Guard are atomic. The rest of the logic is 20 // in __sanitizer_cov (it's fine to call it more than once). 21 // 22 // With SCK_Edge we also split critical edges this effectively 23 // instrumenting all edges. 24 // 25 // This coverage implementation provides very limited data: 26 // it only tells if a given function (block) was ever executed. No counters. 27 // But for many use cases this is what we need and the added slowdown small. 28 // 29 //===----------------------------------------------------------------------===// 30 31 #include "llvm/Transforms/Instrumentation.h" 32 #include "llvm/ADT/ArrayRef.h" 33 #include "llvm/ADT/SmallVector.h" 34 #include "llvm/Analysis/EHPersonalities.h" 35 #include "llvm/IR/CallSite.h" 36 #include "llvm/IR/DataLayout.h" 37 #include "llvm/IR/DebugInfo.h" 38 #include "llvm/IR/Function.h" 39 #include "llvm/IR/IRBuilder.h" 40 #include "llvm/IR/InlineAsm.h" 41 #include "llvm/IR/LLVMContext.h" 42 #include "llvm/IR/MDBuilder.h" 43 #include "llvm/IR/Module.h" 44 #include "llvm/IR/Type.h" 45 #include "llvm/Support/CommandLine.h" 46 #include "llvm/Support/Debug.h" 47 #include "llvm/Support/raw_ostream.h" 48 #include "llvm/Transforms/Scalar.h" 49 #include "llvm/Transforms/Utils/BasicBlockUtils.h" 50 #include "llvm/Transforms/Utils/ModuleUtils.h" 51 52 using namespace llvm; 53 54 #define DEBUG_TYPE "sancov" 55 56 static const char *const kSanCovModuleInitName = "__sanitizer_cov_module_init"; 57 static const char *const kSanCovName = "__sanitizer_cov"; 58 static const char *const kSanCovWithCheckName = "__sanitizer_cov_with_check"; 59 static const char *const kSanCovIndirCallName = "__sanitizer_cov_indir_call16"; 60 static const char *const kSanCovTraceEnter = "__sanitizer_cov_trace_func_enter"; 61 static const char *const kSanCovTraceBB = "__sanitizer_cov_trace_basic_block"; 62 static const char *const kSanCovTraceCmp = "__sanitizer_cov_trace_cmp"; 63 static const char *const kSanCovTraceSwitch = "__sanitizer_cov_trace_switch"; 64 static const char *const kSanCovModuleCtorName = "sancov.module_ctor"; 65 static const uint64_t kSanCtorAndDtorPriority = 2; 66 67 static cl::opt<int> ClCoverageLevel("sanitizer-coverage-level", 68 cl::desc("Sanitizer Coverage. 0: none, 1: entry block, 2: all blocks, " 69 "3: all blocks and critical edges, " 70 "4: above plus indirect calls"), 71 cl::Hidden, cl::init(0)); 72 73 static cl::opt<unsigned> ClCoverageBlockThreshold( 74 "sanitizer-coverage-block-threshold", 75 cl::desc("Use a callback with a guard check inside it if there are" 76 " more than this number of blocks."), 77 cl::Hidden, cl::init(500)); 78 79 static cl::opt<bool> 80 ClExperimentalTracing("sanitizer-coverage-experimental-tracing", 81 cl::desc("Experimental basic-block tracing: insert " 82 "callbacks at every basic block"), 83 cl::Hidden, cl::init(false)); 84 85 static cl::opt<bool> 86 ClExperimentalCMPTracing("sanitizer-coverage-experimental-trace-compares", 87 cl::desc("Experimental tracing of CMP and similar " 88 "instructions"), 89 cl::Hidden, cl::init(false)); 90 91 // Experimental 8-bit counters used as an additional search heuristic during 92 // coverage-guided fuzzing. 93 // The counters are not thread-friendly: 94 // - contention on these counters may cause significant slowdown; 95 // - the counter updates are racy and the results may be inaccurate. 96 // They are also inaccurate due to 8-bit integer overflow. 97 static cl::opt<bool> ClUse8bitCounters("sanitizer-coverage-8bit-counters", 98 cl::desc("Experimental 8-bit counters"), 99 cl::Hidden, cl::init(false)); 100 101 namespace { 102 103 SanitizerCoverageOptions getOptions(int LegacyCoverageLevel) { 104 SanitizerCoverageOptions Res; 105 switch (LegacyCoverageLevel) { 106 case 0: 107 Res.CoverageType = SanitizerCoverageOptions::SCK_None; 108 break; 109 case 1: 110 Res.CoverageType = SanitizerCoverageOptions::SCK_Function; 111 break; 112 case 2: 113 Res.CoverageType = SanitizerCoverageOptions::SCK_BB; 114 break; 115 case 3: 116 Res.CoverageType = SanitizerCoverageOptions::SCK_Edge; 117 break; 118 case 4: 119 Res.CoverageType = SanitizerCoverageOptions::SCK_Edge; 120 Res.IndirectCalls = true; 121 break; 122 } 123 return Res; 124 } 125 126 SanitizerCoverageOptions OverrideFromCL(SanitizerCoverageOptions Options) { 127 // Sets CoverageType and IndirectCalls. 128 SanitizerCoverageOptions CLOpts = getOptions(ClCoverageLevel); 129 Options.CoverageType = std::max(Options.CoverageType, CLOpts.CoverageType); 130 Options.IndirectCalls |= CLOpts.IndirectCalls; 131 Options.TraceBB |= ClExperimentalTracing; 132 Options.TraceCmp |= ClExperimentalCMPTracing; 133 Options.Use8bitCounters |= ClUse8bitCounters; 134 return Options; 135 } 136 137 class SanitizerCoverageModule : public ModulePass { 138 public: 139 SanitizerCoverageModule( 140 const SanitizerCoverageOptions &Options = SanitizerCoverageOptions()) 141 : ModulePass(ID), Options(OverrideFromCL(Options)) {} 142 bool runOnModule(Module &M) override; 143 bool runOnFunction(Function &F); 144 static char ID; // Pass identification, replacement for typeid 145 const char *getPassName() const override { 146 return "SanitizerCoverageModule"; 147 } 148 149 private: 150 void InjectCoverageForIndirectCalls(Function &F, 151 ArrayRef<Instruction *> IndirCalls); 152 void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets); 153 void InjectTraceForSwitch(Function &F, 154 ArrayRef<Instruction *> SwitchTraceTargets); 155 bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks); 156 void SetNoSanitizeMetadata(Instruction *I); 157 void InjectCoverageAtBlock(Function &F, BasicBlock &BB, bool UseCalls); 158 unsigned NumberOfInstrumentedBlocks() { 159 return SanCovFunction->getNumUses() + 160 SanCovWithCheckFunction->getNumUses() + SanCovTraceBB->getNumUses() + 161 SanCovTraceEnter->getNumUses(); 162 } 163 Function *SanCovFunction; 164 Function *SanCovWithCheckFunction; 165 Function *SanCovIndirCallFunction; 166 Function *SanCovTraceEnter, *SanCovTraceBB; 167 Function *SanCovTraceCmpFunction; 168 Function *SanCovTraceSwitchFunction; 169 InlineAsm *EmptyAsm; 170 Type *IntptrTy, *Int64Ty, *Int64PtrTy; 171 Module *CurModule; 172 LLVMContext *C; 173 const DataLayout *DL; 174 175 GlobalVariable *GuardArray; 176 GlobalVariable *EightBitCounterArray; 177 178 SanitizerCoverageOptions Options; 179 }; 180 181 } // namespace 182 183 bool SanitizerCoverageModule::runOnModule(Module &M) { 184 if (Options.CoverageType == SanitizerCoverageOptions::SCK_None) 185 return false; 186 C = &(M.getContext()); 187 DL = &M.getDataLayout(); 188 CurModule = &M; 189 IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits()); 190 Type *VoidTy = Type::getVoidTy(*C); 191 IRBuilder<> IRB(*C); 192 Type *Int8PtrTy = PointerType::getUnqual(IRB.getInt8Ty()); 193 Type *Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty()); 194 Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty()); 195 Int64Ty = IRB.getInt64Ty(); 196 197 SanCovFunction = checkSanitizerInterfaceFunction( 198 M.getOrInsertFunction(kSanCovName, VoidTy, Int32PtrTy, nullptr)); 199 SanCovWithCheckFunction = checkSanitizerInterfaceFunction( 200 M.getOrInsertFunction(kSanCovWithCheckName, VoidTy, Int32PtrTy, nullptr)); 201 SanCovIndirCallFunction = 202 checkSanitizerInterfaceFunction(M.getOrInsertFunction( 203 kSanCovIndirCallName, VoidTy, IntptrTy, IntptrTy, nullptr)); 204 SanCovTraceCmpFunction = 205 checkSanitizerInterfaceFunction(M.getOrInsertFunction( 206 kSanCovTraceCmp, VoidTy, Int64Ty, Int64Ty, Int64Ty, nullptr)); 207 SanCovTraceSwitchFunction = 208 checkSanitizerInterfaceFunction(M.getOrInsertFunction( 209 kSanCovTraceSwitch, VoidTy, Int64Ty, Int64PtrTy, nullptr)); 210 211 // We insert an empty inline asm after cov callbacks to avoid callback merge. 212 EmptyAsm = InlineAsm::get(FunctionType::get(IRB.getVoidTy(), false), 213 StringRef(""), StringRef(""), 214 /*hasSideEffects=*/true); 215 216 SanCovTraceEnter = checkSanitizerInterfaceFunction( 217 M.getOrInsertFunction(kSanCovTraceEnter, VoidTy, Int32PtrTy, nullptr)); 218 SanCovTraceBB = checkSanitizerInterfaceFunction( 219 M.getOrInsertFunction(kSanCovTraceBB, VoidTy, Int32PtrTy, nullptr)); 220 221 // At this point we create a dummy array of guards because we don't 222 // know how many elements we will need. 223 Type *Int32Ty = IRB.getInt32Ty(); 224 Type *Int8Ty = IRB.getInt8Ty(); 225 226 GuardArray = 227 new GlobalVariable(M, Int32Ty, false, GlobalValue::ExternalLinkage, 228 nullptr, "__sancov_gen_cov_tmp"); 229 if (Options.Use8bitCounters) 230 EightBitCounterArray = 231 new GlobalVariable(M, Int8Ty, false, GlobalVariable::ExternalLinkage, 232 nullptr, "__sancov_gen_cov_tmp"); 233 234 for (auto &F : M) 235 runOnFunction(F); 236 237 auto N = NumberOfInstrumentedBlocks(); 238 239 // Now we know how many elements we need. Create an array of guards 240 // with one extra element at the beginning for the size. 241 Type *Int32ArrayNTy = ArrayType::get(Int32Ty, N + 1); 242 GlobalVariable *RealGuardArray = new GlobalVariable( 243 M, Int32ArrayNTy, false, GlobalValue::PrivateLinkage, 244 Constant::getNullValue(Int32ArrayNTy), "__sancov_gen_cov"); 245 246 247 // Replace the dummy array with the real one. 248 GuardArray->replaceAllUsesWith( 249 IRB.CreatePointerCast(RealGuardArray, Int32PtrTy)); 250 GuardArray->eraseFromParent(); 251 252 GlobalVariable *RealEightBitCounterArray; 253 if (Options.Use8bitCounters) { 254 // Make sure the array is 16-aligned. 255 static const int kCounterAlignment = 16; 256 Type *Int8ArrayNTy = 257 ArrayType::get(Int8Ty, RoundUpToAlignment(N, kCounterAlignment)); 258 RealEightBitCounterArray = new GlobalVariable( 259 M, Int8ArrayNTy, false, GlobalValue::PrivateLinkage, 260 Constant::getNullValue(Int8ArrayNTy), "__sancov_gen_cov_counter"); 261 RealEightBitCounterArray->setAlignment(kCounterAlignment); 262 EightBitCounterArray->replaceAllUsesWith( 263 IRB.CreatePointerCast(RealEightBitCounterArray, Int8PtrTy)); 264 EightBitCounterArray->eraseFromParent(); 265 } 266 267 // Create variable for module (compilation unit) name 268 Constant *ModNameStrConst = 269 ConstantDataArray::getString(M.getContext(), M.getName(), true); 270 GlobalVariable *ModuleName = 271 new GlobalVariable(M, ModNameStrConst->getType(), true, 272 GlobalValue::PrivateLinkage, ModNameStrConst); 273 274 Function *CtorFunc; 275 std::tie(CtorFunc, std::ignore) = createSanitizerCtorAndInitFunctions( 276 M, kSanCovModuleCtorName, kSanCovModuleInitName, 277 {Int32PtrTy, IntptrTy, Int8PtrTy, Int8PtrTy}, 278 {IRB.CreatePointerCast(RealGuardArray, Int32PtrTy), 279 ConstantInt::get(IntptrTy, N), 280 Options.Use8bitCounters 281 ? IRB.CreatePointerCast(RealEightBitCounterArray, Int8PtrTy) 282 : Constant::getNullValue(Int8PtrTy), 283 IRB.CreatePointerCast(ModuleName, Int8PtrTy)}); 284 285 appendToGlobalCtors(M, CtorFunc, kSanCtorAndDtorPriority); 286 287 return true; 288 } 289 290 bool SanitizerCoverageModule::runOnFunction(Function &F) { 291 if (F.empty()) return false; 292 if (F.getName().find(".module_ctor") != std::string::npos) 293 return false; // Should not instrument sanitizer init functions. 294 // Don't instrument functions using SEH for now. Splitting basic blocks like 295 // we do for coverage breaks WinEHPrepare. 296 // FIXME: Remove this when SEH no longer uses landingpad pattern matching. 297 if (F.hasPersonalityFn() && 298 isAsynchronousEHPersonality(classifyEHPersonality(F.getPersonalityFn()))) 299 return false; 300 if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge) 301 SplitAllCriticalEdges(F); 302 SmallVector<Instruction*, 8> IndirCalls; 303 SmallVector<BasicBlock*, 16> AllBlocks; 304 SmallVector<Instruction*, 8> CmpTraceTargets; 305 SmallVector<Instruction*, 8> SwitchTraceTargets; 306 for (auto &BB : F) { 307 AllBlocks.push_back(&BB); 308 for (auto &Inst : BB) { 309 if (Options.IndirectCalls) { 310 CallSite CS(&Inst); 311 if (CS && !CS.getCalledFunction()) 312 IndirCalls.push_back(&Inst); 313 } 314 if (Options.TraceCmp) { 315 if (isa<ICmpInst>(&Inst)) 316 CmpTraceTargets.push_back(&Inst); 317 if (isa<SwitchInst>(&Inst)) 318 SwitchTraceTargets.push_back(&Inst); 319 } 320 } 321 } 322 InjectCoverage(F, AllBlocks); 323 InjectCoverageForIndirectCalls(F, IndirCalls); 324 InjectTraceForCmp(F, CmpTraceTargets); 325 InjectTraceForSwitch(F, SwitchTraceTargets); 326 return true; 327 } 328 329 bool SanitizerCoverageModule::InjectCoverage(Function &F, 330 ArrayRef<BasicBlock *> AllBlocks) { 331 switch (Options.CoverageType) { 332 case SanitizerCoverageOptions::SCK_None: 333 return false; 334 case SanitizerCoverageOptions::SCK_Function: 335 InjectCoverageAtBlock(F, F.getEntryBlock(), false); 336 return true; 337 default: { 338 bool UseCalls = ClCoverageBlockThreshold < AllBlocks.size(); 339 for (auto BB : AllBlocks) 340 InjectCoverageAtBlock(F, *BB, UseCalls); 341 return true; 342 } 343 } 344 } 345 346 // On every indirect call we call a run-time function 347 // __sanitizer_cov_indir_call* with two parameters: 348 // - callee address, 349 // - global cache array that contains kCacheSize pointers (zero-initialized). 350 // The cache is used to speed up recording the caller-callee pairs. 351 // The address of the caller is passed implicitly via caller PC. 352 // kCacheSize is encoded in the name of the run-time function. 353 void SanitizerCoverageModule::InjectCoverageForIndirectCalls( 354 Function &F, ArrayRef<Instruction *> IndirCalls) { 355 if (IndirCalls.empty()) return; 356 const int kCacheSize = 16; 357 const int kCacheAlignment = 64; // Align for better performance. 358 Type *Ty = ArrayType::get(IntptrTy, kCacheSize); 359 for (auto I : IndirCalls) { 360 IRBuilder<> IRB(I); 361 CallSite CS(I); 362 Value *Callee = CS.getCalledValue(); 363 if (isa<InlineAsm>(Callee)) continue; 364 GlobalVariable *CalleeCache = new GlobalVariable( 365 *F.getParent(), Ty, false, GlobalValue::PrivateLinkage, 366 Constant::getNullValue(Ty), "__sancov_gen_callee_cache"); 367 CalleeCache->setAlignment(kCacheAlignment); 368 IRB.CreateCall(SanCovIndirCallFunction, 369 {IRB.CreatePointerCast(Callee, IntptrTy), 370 IRB.CreatePointerCast(CalleeCache, IntptrTy)}); 371 } 372 } 373 374 // For every switch statement we insert a call: 375 // __sanitizer_cov_trace_switch(CondValue, 376 // {NumCases, ValueSizeInBits, Case0Value, Case1Value, Case2Value, ... }) 377 378 void SanitizerCoverageModule::InjectTraceForSwitch( 379 Function &F, ArrayRef<Instruction *> SwitchTraceTargets) { 380 for (auto I : SwitchTraceTargets) { 381 if (SwitchInst *SI = dyn_cast<SwitchInst>(I)) { 382 IRBuilder<> IRB(I); 383 SmallVector<Constant *, 16> Initializers; 384 Value *Cond = SI->getCondition(); 385 if (Cond->getType()->getScalarSizeInBits() > 386 Int64Ty->getScalarSizeInBits()) 387 continue; 388 Initializers.push_back(ConstantInt::get(Int64Ty, SI->getNumCases())); 389 Initializers.push_back( 390 ConstantInt::get(Int64Ty, Cond->getType()->getScalarSizeInBits())); 391 if (Cond->getType()->getScalarSizeInBits() < 392 Int64Ty->getScalarSizeInBits()) 393 Cond = IRB.CreateIntCast(Cond, Int64Ty, false); 394 for (auto It: SI->cases()) { 395 Constant *C = It.getCaseValue(); 396 if (C->getType()->getScalarSizeInBits() < 397 Int64Ty->getScalarSizeInBits()) 398 C = ConstantExpr::getCast(CastInst::ZExt, It.getCaseValue(), Int64Ty); 399 Initializers.push_back(C); 400 } 401 ArrayType *ArrayOfInt64Ty = ArrayType::get(Int64Ty, Initializers.size()); 402 GlobalVariable *GV = new GlobalVariable( 403 *CurModule, ArrayOfInt64Ty, false, GlobalVariable::InternalLinkage, 404 ConstantArray::get(ArrayOfInt64Ty, Initializers), 405 "__sancov_gen_cov_switch_values"); 406 IRB.CreateCall(SanCovTraceSwitchFunction, 407 {Cond, IRB.CreatePointerCast(GV, Int64PtrTy)}); 408 } 409 } 410 } 411 412 413 void SanitizerCoverageModule::InjectTraceForCmp( 414 Function &F, ArrayRef<Instruction *> CmpTraceTargets) { 415 for (auto I : CmpTraceTargets) { 416 if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) { 417 IRBuilder<> IRB(ICMP); 418 Value *A0 = ICMP->getOperand(0); 419 Value *A1 = ICMP->getOperand(1); 420 if (!A0->getType()->isIntegerTy()) continue; 421 uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType()); 422 // __sanitizer_cov_trace_cmp((type_size << 32) | predicate, A0, A1); 423 IRB.CreateCall( 424 SanCovTraceCmpFunction, 425 {ConstantInt::get(Int64Ty, (TypeSize << 32) | ICMP->getPredicate()), 426 IRB.CreateIntCast(A0, Int64Ty, true), 427 IRB.CreateIntCast(A1, Int64Ty, true)}); 428 } 429 } 430 } 431 432 void SanitizerCoverageModule::SetNoSanitizeMetadata(Instruction *I) { 433 I->setMetadata( 434 I->getModule()->getMDKindID("nosanitize"), MDNode::get(*C, None)); 435 } 436 437 void SanitizerCoverageModule::InjectCoverageAtBlock(Function &F, BasicBlock &BB, 438 bool UseCalls) { 439 // Don't insert coverage for unreachable blocks: we will never call 440 // __sanitizer_cov() for them, so counting them in 441 // NumberOfInstrumentedBlocks() might complicate calculation of code coverage 442 // percentage. Also, unreachable instructions frequently have no debug 443 // locations. 444 if (isa<UnreachableInst>(BB.getTerminator())) 445 return; 446 BasicBlock::iterator IP = BB.getFirstInsertionPt(); 447 448 bool IsEntryBB = &BB == &F.getEntryBlock(); 449 DebugLoc EntryLoc; 450 if (IsEntryBB) { 451 if (auto SP = getDISubprogram(&F)) 452 EntryLoc = DebugLoc::get(SP->getScopeLine(), 0, SP); 453 // Keep static allocas and llvm.localescape calls in the entry block. Even 454 // if we aren't splitting the block, it's nice for allocas to be before 455 // calls. 456 IP = PrepareToSplitEntryBlock(BB, IP); 457 } else { 458 EntryLoc = IP->getDebugLoc(); 459 } 460 461 IRBuilder<> IRB(&*IP); 462 IRB.SetCurrentDebugLocation(EntryLoc); 463 Value *GuardP = IRB.CreateAdd( 464 IRB.CreatePointerCast(GuardArray, IntptrTy), 465 ConstantInt::get(IntptrTy, (1 + NumberOfInstrumentedBlocks()) * 4)); 466 Type *Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty()); 467 GuardP = IRB.CreateIntToPtr(GuardP, Int32PtrTy); 468 if (Options.TraceBB) { 469 IRB.CreateCall(IsEntryBB ? SanCovTraceEnter : SanCovTraceBB, GuardP); 470 } else if (UseCalls) { 471 IRB.CreateCall(SanCovWithCheckFunction, GuardP); 472 } else { 473 LoadInst *Load = IRB.CreateLoad(GuardP); 474 Load->setAtomic(Monotonic); 475 Load->setAlignment(4); 476 SetNoSanitizeMetadata(Load); 477 Value *Cmp = IRB.CreateICmpSGE(Constant::getNullValue(Load->getType()), Load); 478 Instruction *Ins = SplitBlockAndInsertIfThen( 479 Cmp, &*IP, false, MDBuilder(*C).createBranchWeights(1, 100000)); 480 IRB.SetInsertPoint(Ins); 481 IRB.SetCurrentDebugLocation(EntryLoc); 482 // __sanitizer_cov gets the PC of the instruction using GET_CALLER_PC. 483 IRB.CreateCall(SanCovFunction, GuardP); 484 IRB.CreateCall(EmptyAsm, {}); // Avoids callback merge. 485 } 486 487 if (Options.Use8bitCounters) { 488 IRB.SetInsertPoint(&*IP); 489 Value *P = IRB.CreateAdd( 490 IRB.CreatePointerCast(EightBitCounterArray, IntptrTy), 491 ConstantInt::get(IntptrTy, NumberOfInstrumentedBlocks() - 1)); 492 P = IRB.CreateIntToPtr(P, IRB.getInt8PtrTy()); 493 LoadInst *LI = IRB.CreateLoad(P); 494 Value *Inc = IRB.CreateAdd(LI, ConstantInt::get(IRB.getInt8Ty(), 1)); 495 StoreInst *SI = IRB.CreateStore(Inc, P); 496 SetNoSanitizeMetadata(LI); 497 SetNoSanitizeMetadata(SI); 498 } 499 } 500 501 char SanitizerCoverageModule::ID = 0; 502 INITIALIZE_PASS(SanitizerCoverageModule, "sancov", 503 "SanitizerCoverage: TODO." 504 "ModulePass", false, false) 505 ModulePass *llvm::createSanitizerCoverageModulePass( 506 const SanitizerCoverageOptions &Options) { 507 return new SanitizerCoverageModule(Options); 508 } 509
