New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 728684 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Jul 10
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 651540



Sign in to add a comment

Make sandboxed sanitizer coverage work again.

Project Member Reported by och...@chromium.org, Jun 1 2017

Issue description

Unfortunately bug 651540 means that sandboxed coverage doesn't work anymore. The new preferred way is to implement this in chromium using __sanitizer_cov_trace_pc_guard[_init] (with e.g. a --dump-coverage flag or some environment variable).

The old mechanism (bug 336212) creates sancov.packed files containing PCs from all modules.
 
Labels: -Pri-3 Pri-1
Cc: glider@chromium.org p...@chromium.org

Comment 3 by kcc@chromium.org, Jun 2 2017

I admit that this work fell on you on a short notice (which in turn was a miscommunication between our teams). But I'm still afraid we don't have capacity to implement the chrome part (only to consult and add things to compiler-rt, if needed)

The old design had lots of complexity because it needed to jump hoops between compiler-rt and chrome. 
The new coverage simply has *no* compiler-rt component as far as chrome is concerned  (there are simple weak definitions of callbacks in compiler-rt, but chrome will simply need to redefine them). So, hopefully, the chrome part will actually be simpler than the previous code in compiler-rt. 

And I had to move "quickly" with removing the old coverage support because the old code was literally unmaintanable and was blocking me from performance improvements in coverage for libFuzzer. 
Owner: och...@chromium.org
Status: Assigned (was: Untriaged)
I'll own this for now, but unfortunately won't be able to get to it likely until Q3.
Project Member

Comment 5 by bugdroid1@chromium.org, Jun 12 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ae28b08add10e81782b81e04c083425ca0bd42c9

commit ae28b08add10e81782b81e04c083425ca0bd42c9
Author: Oliver Chang <ochang@chromium.org>
Date: Mon Jun 12 20:46:19 2017

Remove sandboxed sanitizer coverage support code for Linux.

This will need to be reimplemented later using
__sanitizer_cov_trace_pc_guard.

BUG= 728684 , 729822 

Change-Id: I1f979b3ceac8a59e27f96428b77ec1d983ac4cef
Reviewed-on: https://chromium-review.googlesource.com/529972
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Oliver Chang <ochang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#478748}
[modify] https://crrev.com/ae28b08add10e81782b81e04c083425ca0bd42c9/content/gpu/gpu_main.cc
[modify] https://crrev.com/ae28b08add10e81782b81e04c083425ca0bd42c9/content/zygote/zygote_main_linux.cc

Status: WontFix (was: Assigned)
This is no longer needed, and superceded by clang source based coverage.

Sign in to add a comment