| Pirama Arumuga Nainar | 4967a71 | 2016-09-19 22:19:55 -0700 | [diff] [blame] | 1 | ============== |
| 2 | SanitizerStats |
| 3 | ============== |
| 4 | |
| 5 | .. contents:: |
| 6 | :local: |
| 7 | |
| 8 | Introduction |
| 9 | ============ |
| 10 | |
| 11 | The sanitizers support a simple mechanism for gathering profiling statistics |
| 12 | to help understand the overhead associated with sanitizers. |
| 13 | |
| 14 | How to build and run |
| 15 | ==================== |
| 16 | |
| 17 | SanitizerStats can currently only be used with :doc:`ControlFlowIntegrity`. |
| 18 | In addition to ``-fsanitize=cfi*``, pass the ``-fsanitize-stats`` flag. |
| 19 | This will cause the program to count the number of times that each control |
| 20 | flow integrity check in the program fires. |
| 21 | |
| 22 | At run time, set the ``SANITIZER_STATS_PATH`` environment variable to direct |
| 23 | statistics output to a file. The file will be written on process exit. |
| 24 | The following substitutions will be applied to the environment variable: |
| 25 | |
| 26 | - ``%b`` -- The executable basename. |
| 27 | - ``%p`` -- The process ID. |
| 28 | |
| 29 | You can also send the ``SIGUSR2`` signal to a process to make it write |
| 30 | sanitizer statistics immediately. |
| 31 | |
| 32 | The ``sanstats`` program can be used to dump statistics. It takes as a |
| 33 | command line argument the path to a statistics file produced by a program |
| 34 | compiled with ``-fsanitize-stats``. |
| 35 | |
| 36 | The output of ``sanstats`` is in four columns, separated by spaces. The first |
| 37 | column is the file and line number of the call site. The second column is |
| 38 | the function name. The third column is the type of statistic gathered (in |
| 39 | this case, the type of control flow integrity check). The fourth column is |
| 40 | the call count. |
| 41 | |
| 42 | Example: |
| 43 | |
| 44 | .. code-block:: console |
| 45 | |
| 46 | $ cat -n vcall.cc |
| 47 | 1 struct A { |
| 48 | 2 virtual void f() {} |
| 49 | 3 }; |
| 50 | 4 |
| 51 | 5 __attribute__((noinline)) void g(A *a) { |
| 52 | 6 a->f(); |
| 53 | 7 } |
| 54 | 8 |
| 55 | 9 int main() { |
| 56 | 10 A a; |
| 57 | 11 g(&a); |
| 58 | 12 } |
| 59 | $ clang++ -fsanitize=cfi -flto -fuse-ld=gold vcall.cc -fsanitize-stats -g |
| 60 | $ SANITIZER_STATS_PATH=a.stats ./a.out |
| 61 | $ sanstats a.stats |
| 62 | vcall.cc:6 _Z1gP1A cfi-vcall 1 |