#!/usr/bin/env python
# Merge or print the coverage data collected by asan's coverage.
# Input files are sequences of 4-byte integers.
# We need to merge these integers into a set and then
# either print them (as hex) or dump them into another file.
import array
import bisect
import glob
import os.path
import struct
import subprocess
import sys
prog_name = ""
def Usage():
sys.stderr.write(
"Usage: \n" + " " + prog_name + " merge FILE [FILE...] > OUTPUT\n"
" " + prog_name + " print FILE [FILE...]\n"
" " + prog_name + " unpack FILE [FILE...]\n"
" " + prog_name + " rawunpack FILE [FILE ...]\n"
" " + prog_name + " missing BINARY < LIST_OF_PCS\n"
"\n"
)
exit(1)
def CheckBits(bits):
if bits != 32 and bits != 64:
raise Exception("Wrong bitness: %d" % bits)
def TypeCodeForBits(bits):
CheckBits(bits)
return "L" if bits == 64 else "I"
def TypeCodeForStruct(bits):
CheckBits(bits)
return "Q" if bits == 64 else "I"
kMagic32SecondHalf = 0xFFFFFF32
kMagic64SecondHalf = 0xFFFFFF64
kMagicFirstHalf = 0xC0BFFFFF
def MagicForBits(bits):
CheckBits(bits)
if sys.byteorder == "little":
return [
kMagic64SecondHalf if bits == 64 else kMagic32SecondHalf,
kMagicFirstHalf,
]
else:
return [
kMagicFirstHalf,
kMagic64SecondHalf if bits == 64 else kMagic32SecondHalf,
]
def ReadMagicAndReturnBitness(f, path):
magic_bytes = f.read(8)
magic_words = struct.unpack("II", magic_bytes)
bits = 0
idx = 1 if sys.byteorder == "little" else 0
if magic_words[idx] == kMagicFirstHalf:
if magic_words[1 - idx] == kMagic64SecondHalf:
bits = 64
elif magic_words[1 - idx] == kMagic32SecondHalf:
bits = 32
if bits == 0:
raise Exception("Bad magic word in %s" % path)
return bits
def ReadOneFile(path):
with open(path, mode="rb") as f:
f.seek(0, 2)
size = f.tell()
f.seek(0, 0)
if size < 8:
raise Exception("File %s is short (< 8 bytes)" % path)
bits = ReadMagicAndReturnBitness(f, path)
size -= 8
w = size * 8 // bits
s = struct.unpack_from(TypeCodeForStruct(bits) * (w), f.read(size))
sys.stderr.write("%s: read %d %d-bit PCs from %s\n" % (prog_name, w, bits, path))
return s
def Merge(files):
s = set()
for f in files:
s = s.union(set(ReadOneFile(f)))
sys.stderr.write(
"%s: %d files merged; %d PCs total\n" % (prog_name, len(files), len(s))
)
return sorted(s)
def PrintFiles(files):
if len(files) > 1:
s = Merge(files)
else: # If there is just on file, print the PCs in order.
s = ReadOneFile(files[0])
sys.stderr.write("%s: 1 file merged; %d PCs total\n" % (prog_name, len(s)))
for i in s:
print("0x%x" % i)
def MergeAndPrint(files):
if sys.stdout.isatty():
Usage()
s = Merge(files)
bits = 32
if max(s) > 0xFFFFFFFF:
bits = 64
stdout_buf = getattr(sys.stdout, "buffer", sys.stdout)
array.array("I", MagicForBits(bits)).tofile(stdout_buf)
a = struct.pack(TypeCodeForStruct(bits) * len(s), *s)
stdout_buf.write(a)
def UnpackOneFile(path):
with open(path, mode="rb") as f:
sys.stderr.write("%s: unpacking %s\n" % (prog_name, path))
while True:
header = f.read(12)
if not header:
return
if len(header) < 12:
break
pid, module_length, blob_size = struct.unpack("iII", header)
module = f.read(module_length).decode("utf-8")
blob = f.read(blob_size)
assert len(module) == module_length
assert len(blob) == blob_size
extracted_file = "%s.%d.sancov" % (module, pid)
sys.stderr.write("%s: extracting %s\n" % (prog_name, extracted_file))
# The packed file may contain multiple blobs for the same pid/module
# pair. Append to the end of the file instead of overwriting.
with open(extracted_file, "ab") as f2:
f2.write(blob)
# fail
raise Exception("Error reading file %s" % path)
def Unpack(files):
for f in files:
UnpackOneFile(f)
def UnpackOneRawFile(path, map_path):
mem_map = []
with open(map_path, mode="rt") as f_map:
sys.stderr.write("%s: reading map %s\n" % (prog_name, map_path))
bits = int(f_map.readline())
if bits != 32 and bits != 64:
raise Exception("Wrong bits size in the map")
for line in f_map:
parts = line.rstrip().split()
mem_map.append(
(
int(parts[0], 16),
int(parts[1], 16),
int(parts[2], 16),
" ".join(parts[3:]),
)
)
mem_map.sort(key=lambda m: m[0])
mem_map_keys = [m[0] for m in mem_map]
with open(path, mode="rb") as f:
sys.stderr.write("%s: unpacking %s\n" % (prog_name, path))
f.seek(0, 2)
size = f.tell()
f.seek(0, 0)
pcs = struct.unpack_from(
TypeCodeForStruct(bits) * (size * 8 // bits), f.read(size)
)
mem_map_pcs = [[] for i in range(0, len(mem_map))]
for pc in pcs:
if pc == 0:
continue
map_idx = bisect.bisect(mem_map_keys, pc) - 1
(start, end, base, module_path) = mem_map[map_idx]
assert pc >= start
if pc >= end:
sys.stderr.write(
"warning: %s: pc %x outside of any known mapping\n"
% (prog_name, pc)
)
continue
mem_map_pcs[map_idx].append(pc - base)
for ((start, end, base, module_path), pc_list) in zip(mem_map, mem_map_pcs):
if len(pc_list) == 0:
continue
assert path.endswith(".sancov.raw")
dst_path = module_path + "." + os.path.basename(path)[:-4]
sys.stderr.write(
"%s: writing %d PCs to %s\n" % (prog_name, len(pc_list), dst_path)
)
sorted_pc_list = sorted(pc_list)
pc_buffer = struct.pack(
TypeCodeForStruct(bits) * len(pc_list), *sorted_pc_list
)
with open(dst_path, "ab+") as f2:
array.array("I", MagicForBits(bits)).tofile(f2)
f2.seek(0, 2)
f2.write(pc_buffer)
def RawUnpack(files):
for f in files:
if not f.endswith(".sancov.raw"):
raise Exception("Unexpected raw file name %s" % f)
f_map = f[:-3] + "map"
UnpackOneRawFile(f, f_map)
def GetInstrumentedPCs(binary):
# This looks scary, but all it does is extract all offsets where we call:
# - __sanitizer_cov() or __sanitizer_cov_with_check(),
# - with call or callq,
# - directly or via PLT.
cmd = (
r"objdump --no-show-raw-insn -d %s | "
r"grep '^\s\+[0-9a-f]\+:\s\+call\(q\|\)\s\+\(0x\|\)[0-9a-f]\+ <__sanitizer_cov\(_with_check\|\|_trace_pc_guard\)\(@plt\|\)>' | "
r"grep -o '^\s\+[0-9a-f]\+'" % binary
)
lines = subprocess.check_output(cmd, stdin=subprocess.PIPE, shell=True).splitlines()
# The PCs we get from objdump are off by 4 bytes, as they point to the
# beginning of the callq instruction. Empirically this is true on x86 and
# x86_64.
return set(int(line.strip(), 16) + 4 for line in lines)
def PrintMissing(binary):
if not os.path.isfile(binary):
raise Exception("File not found: %s" % binary)
instrumented = GetInstrumentedPCs(binary)
sys.stderr.write(
"%s: found %d instrumented PCs in %s\n" % (prog_name, len(instrumented), binary)
)
covered = set(int(line, 16) for line in sys.stdin)
sys.stderr.write("%s: read %d PCs from stdin\n" % (prog_name, len(covered)))
missing = instrumented - covered
sys.stderr.write("%s: %d PCs missing from coverage\n" % (prog_name, len(missing)))
if len(missing) > len(instrumented) - len(covered):
sys.stderr.write(
"%s: WARNING: stdin contains PCs not found in binary\n" % prog_name
)
for pc in sorted(missing):
print("0x%x" % pc)
if __name__ == "__main__":
prog_name = sys.argv[0]
if len(sys.argv) <= 2:
Usage()
if sys.argv[1] == "missing":
if len(sys.argv) != 3:
Usage()
PrintMissing(sys.argv[2])
exit(0)
file_list = []
for f in sys.argv[2:]:
file_list += glob.glob(f)
if not file_list:
Usage()
if sys.argv[1] == "print":
PrintFiles(file_list)
elif sys.argv[1] == "merge":
MergeAndPrint(file_list)
elif sys.argv[1] == "unpack":
Unpack(file_list)
elif sys.argv[1] == "rawunpack":
RawUnpack(file_list)
else:
Usage()
Codebase Browser
llvm