Sancov guard draft #7
Conversation
kcov used to obey clang-format style, but somehow diverted over time. No functional change. Signed-off-by: Alexander Potapenko <[email protected]>
Group several kcov-related fields (area, size, mode, sequence) that are stored in various structures, into `struct kcov_state`, so that these fields can be easily passed around and manipulated. This prepares us for the upcoming change that will introduce more kcov state. Signed-off-by: Alexander Potapenko <[email protected]>
|
Do you have the userspace prog to test now? |
|
Here you go: (rename from kcov.txt to kcov.c) As for modules, I haven't looked closely, but I don't expect any issues with those. |
ramosian-glider
force-pushed
the
sancov-guard-take2
branch
from
43b9bbb to
dc780c7
Compare
The new config switches coverage instrumentation to using __sanitizer_cov_trace_pc_guard(u32 *guard) instead of __sanitizer_cov_trace_pc(void) Each callback receives a unique 32-bit guard variable residing in the __sancov_guards section. Those guards can be used by kcov to deduplicate the coverage on the fly. As a first step, we make the new instrumentation mode 1:1 compatible with the old one. Signed-off-by: Alexander Potapenko <[email protected]>
Keep kcov_state.area as the pointer to the memory buffer used by kcov and shared with the userspace. Store the pointer to the trace (part of the buffer holding sequential events) separately, as we will be splitting that buffer in multiple parts. No functional change so far. Signed-off-by: Alexander Potapenko <[email protected]>
ramosian-glider
force-pushed
the
sancov-guard-take2
branch
2 times, most recently
from
127e5b3 to
5cba390
Compare
|
To simplify the API and do not require the user to unconditionally carve out the bitmap from the mmapped region, we decided to remove the buffer partitioning API and introduce ioctl(KCOV_UNIQUE_ENABLE). |
ramosian-glider
force-pushed
the
sancov-guard-take2
branch
from
5cba390 to
8543e55
Compare
| this_cpu_write(saved_index, index); | ||
| return old_guard; | ||
| } | ||
| return index; |
There was a problem hiding this comment.
in previous version, userspace gets pos number as 177 and actual printed cover (not 0) is 22.
Curious to know in this version, how many actual covered pc / pos?
Please share the updated userspace program too.
There was a problem hiding this comment.
I am not sure I understand the question, can you please elaborate?
Please share the updated userspace program too.
Please check the updated documentation, you basically need to replace KCOV_ENABLE with KCOV_UNIQUE_ENABLE and memset the bitmap with zeroes every time you want to reset the coverage.
There was a problem hiding this comment.
Here is the updated userspace program.
There was a problem hiding this comment.
For example,
./kcov-guard
cover[0]: cea
cover[1]: ffffffff81c6472a
cover[2]: ffffffff81c647de
cover[3]: ffffffff81c6481e
cover[4]: ffffffff81c649a7
cover[5]: ffffffff81b54e8b
cover[6]: ffffffff81b4ee3b
cover[7]: ffffffff81b4eeb9
cover[8]: ffffffff81b4ef32
cover[9]: ffffffff81b4ef67
cover[10]: ffffffff81b54edf
cover[11]: ffffffff81b54f13
cover[12]: ffffffff81b54fcb
cover[13]: ffffffff823c3a04
cover[14]: ffffffff823c37aa
cover[15]: ffffffff82461107
cover[16]: ffffffff824612a0
cover[17]: ffffffff823c3869
cover[18]: ffffffff81c64cd9
cover[19]: ffffffff81c64d39
cover[20]: ffffffff81c63d8d
cover[21]: ffffffff81c63dea
cover[22]: ffffffff81883de0
cover[23]: ffffffff81883e8f
cover[24]: ffffffff81c6472a
cover[25]: ffffffff81c647de
cover[26]: ffffffff81c6481e
cover[27]: ffffffff81c649a7
cover[28]: ffffffff81b54e8b
cover[29]: ffffffff81b4ee3b
cover[30]: ffffffff81b4eeb9
cover[31]: ffffffff81b4ef32
cover[32]: ffffffff81b4ef67
cover[33]: ffffffff81b54edf
cover[34]: ffffffff81b54f13
cover[35]: ffffffff81b54fcb
cover[36]: ffffffff823c3a04
cover[37]: ffffffff823c37aa
cover[38]: ffffffff82461107
cover[39]: ffffffff824612a0
cover[40]: ffffffff823c3869
cover[41]: ffffffff81c64cd9
cover[42]: ffffffff81c64d39
cover[43]: ffffffff81c63d8d
cover[44]: ffffffff81c63dea
cover[45]: ffffffff81883de0
cover[46]: ffffffff81883e8f
cover[0] is the pos number which is 0xcea, while actually covered number is 46, so actual used index is only 46/0xcea =1.4%.
The same for uniq:
./kcov-guard uniq is 23/176=13.1%.
cover[0]: b0
cover[1]: ffffffff81c6472a
cover[2]: ffffffff81c647de
cover[3]: ffffffff81c6481e
cover[4]: ffffffff81c649a7
cover[5]: ffffffff81b54e8b
cover[6]: ffffffff81b4ee3b
cover[7]: ffffffff81b4eeb9
cover[8]: ffffffff81b4ef32
cover[9]: ffffffff81b4ef67
cover[10]: ffffffff81b54edf
cover[11]: ffffffff81b54f13
cover[12]: ffffffff81b54fcb
cover[13]: ffffffff823c3a04
cover[14]: ffffffff823c37aa
cover[15]: ffffffff82461107
cover[16]: ffffffff824612a0
cover[17]: ffffffff823c3869
cover[18]: ffffffff81c64cd9
cover[19]: ffffffff81c64d39
cover[20]: ffffffff81c63d8d
cover[21]: ffffffff81c63dea
cover[22]: ffffffff81883de0
cover[23]: ffffffff81883e8f
In sparse mode, it didn't print cover[0], cover[1];
./kcov-guard sparse
cover[2]: ffffffff81c64cd9
...
cover[176]: ffffffff82426910
cover[177]: ffffffff824242e6
After add printf for scan_size, it reports
scan_size=65536
So, it means overflow here. For 177 covered pc and kcov overflow happened.
ramosian-glider
force-pushed
the
sancov-guard-take2
branch
from
8543e55 to
91a94ce
Compare
ioctl(KCOV_UNIQUE_ENABLE) enables collection of deduplicated coverage in the presence of CONFIG_KCOV_ENABLE_GUARDS. The buffer shared with the userspace is divided in two parts, one holding a bitmap, and the other one being the trace. The single parameter of ioctl(KCOV_UNIQUE_ENABLE) determines the number of words used for the bitmap. Each __sanitizer_cov_trace_pc_guard() instrumentation hook receives a pointer to a unique guard variable. Upon the first call of each hook, the guard variable is initialized with a unique integer, which is used to map those hooks to bits in the bitmap. In the new coverage collection mode, the kernel first checks whether the bit corresponding to a particular hook is set, and then, if it is not, the PC is written into the trace buffer, and the bit is set. Also update the documentation. Signed-off-by: Alexander Potapenko <[email protected]>
ramosian-glider
force-pushed
the
sancov-guard-take2
branch
from
91a94ce to
ab8adf7
Compare
For example, If i load the module when trace_pc_guard enabled The readelf shows it has many __sancov_guards sections If I made the similar change to vmlinux.lds.S to module.lds.S. Then I can see However, load the module, I see see |
Add some search results: |
No description provided.