Open LebedevRI opened 1 year ago
Yes I think that would be a welcomed addition. I long wanted to have support for tsan in a similar addition.
We will have to talk about how this interacts with cached object files / multi-versioning.
cc: @pchintalapudi
Great to hear!
I'm going to take a look then...
Two observations so far:
Assertion in RTDyldMemoryManagerJL::allocateCodeSection
// allocating more than one code section can confuse libunwind.
assert(!code_allocated);
(https://github.com/JuliaLang/julia/commit/8533a1c40a62e2ae874ae4e3eb6719af24aa34e8#diff-8186bd96ba9aaa52f867b0e1d5e203800b1d15c4f2c2d8b332bb120744b7da85R761-R762) fails with sancov too. While i have workarounded that by disabling it when sancov is enabled, it raises the question, is the comment still true/relevant?
I haven't solved this yet, but looks like a stub hooks will need to be provided (effectively, https://godbolt.org/z/78ExvTzsY), otherwise even init_f16_funcs()
crashes. The interesting question being their linkage, since we'd want for the real hooks to override the stubs.
1 should be solved by turning on JITLink (in src/jitlayers.h), 2 may need 1 or 2 new JITDylib linked in the correct order to allow overriding.
1 should be solved by turning on JITLink (in src/jitlayers.h)
Looking at that file, i see the point. But the problem is, it's not known at the time the julia itself is compiled whether or not sancov is enabled, it's a run-time setting, so that would effectively require the julia to completely migrate to JITLink.
2 may need 1 or 2 new JITDylib linked in the correct order to allow overriding.
Yeah, that's the rough plan i guess.
I think if you want a sancov-capable build there should be a flag that turns on JITLink, but then also does the runtime check for the sancov flag. Turning on JITLink on your chosen platform shouldn't harm the JIT (and if it does, we'd like to hear about it) unless the platform isn't supported by JITLink.
I think if you want a sancov-capable build there should be a flag that turns on JITLink
... which would be default-on.
Ok, with JL_USE_JITLINK
, stubs seem to work, and (non-fuzzing) julia --sanitizer-coverage
is usable,
but there's now this weird JIT session error: Duplicate section issue.
,
i'm guessing pass-generated instrumentation functions happen to end up in different section?
@code_llvm raw=true dump_module=true
might provide additional helpful info here.
And you can use the environment variable JULIA_LLVM_ARGS to pass flags like you would to opt. IIRC JITLink has some options to get more information.
(thank you, i'm aware of those tricks, that was more of a rhetorical question)
FTR, here's the complete output of:
JULIA_LLVM_ARGS="-print-before-all -debug" /builddirs/julia-dev/julia -Cnative -Jusr/lib/julia/sys-debug.so --depwarn=error --check-bounds=yes -g1 --startup-file=no --startup-file=no --color=no --sanitizer-coverage -E"Bool(Base.JLOptions().sanitizer_coverage)" &> log.txt
:
log.txt
It is a bit unobvious which sections are the problem, but i guess it's
12: Creating section for "__sancov_guards"
13: Creating section for "__sancov_pcs"
14: ".rela__sancov_pcs" is not an SHF_ALLOC section: No graph section will be created.
15: Creating section for "__sancov_guards"
16: Creating section for "__sancov_pcs"
I wonder if we could just uniquify section names for all LLVM IR globals? Or is that generally undesired in Julia?
What do you mean by that?
Maybe @lhames as an idea.
What do you mean by that?
Effectively, the same what -ffunction-sections
does: https://godbolt.org/z/PrnYr38a9
)Just go through each global, and if it is in a section that we have already seen, change it's section to a new one.
Would it be considered acceptable to add (at least a) a front-end switch (
julia --sanitizer-coverage
?) to control insertion of said pass into the LLVM pass pipeline (close to where sanitizer passes are handled)?The long story is, i have a C++ codebase, and in my expirience, having more than one implementation is paramount to weeding-out various issues, so i'm somewhat interested in having a second implementation of said codebase. But just having a second implementation isn't sufficient, the key is to be able to compare their externally-observable side-effects, and fuzzing is rather invaluable there, and that strongly suggests AOT compilation and guided fuzzing, and thus coverage is needed (thus, subj).