sancov: -symbolize does not work on Android ObjectFile

[yogurfrul]

I'm doing some test based on Android, I want to generate the html coverage report using *.sancov files following SanitizerCoverage WIKI (version of clang in Android is 4.0.0) it works on Linux PC, but it failed on Android ObjectFile . my Android arm executable is cov_target, the tool always print that

sancov -symbolize cov_target.5171.sancov cov_target
Ignoring cov_target and its coverage because  __sanitizer_cov* functions were not found.

I know the tool is only working on x86 , and the tool can't get the sanitizer_cov* function in the binary running on arm. then I found that the command work for me sancov.py print cov_target.5171.sancov 2> /dev/null | llvm-symbolizer --obj cov_target so I know that llvm-symbolizer can read symbols in binary correctly .It seems that llvm-symbolizer support both x86 and arm . What't the difference between the way of sancov -symbolize and llvm-symbolizer to symbolize the binary ?

If I want to modify sancov to support Android arm obj, what should I do? or another way to generate coverage report ? Any idea would be appreciated ~

[eugenis]

sancov -symbolize wants to find all possible coverage points in order to show missing coverage (red lines in html output). The thing you are doing with llvm-symbolizer outputs only covered lines. It should work correctly on Android.

To fix sancov, one would need to teach the LLVM disassembler (or maybe sancov directly) to recognize PLT stubs in order to find calls to __sanitizer_cov@plt in the binary. Note that PLT stubs are architecture specific.

On Wed, May 24, 2017 at 8:49 PM, yogurfrul notifications@github.com wrote:

I'm doing some test based on Android, I want to generate the html coverage report using .sancov files following http://releases.llvm.org/4.0. 0/tools/clang/docs/SanitizerCoverage.html (version of clang in Android is 4.0.0) it works on Linux PC, but it failed on Android ObjectFile . my Android arm executable is cov_target, the tool always print that sancov -symbolize cov_target.5171.sancov cov_target Ignoring cov_target and its coverage because __sanitizer_cov functions were not found.

I know the tool is only working on x86 , and the tool can't get the sanitizer_cov* function in the binary running on arm. then I found that the command work for me sancov.py print cov_target.5171.sancov 2> /dev/null | llvm-symbolizer --obj cov_target so I know that llvm-symbolizer can read symbols in binary correctly .It seems that llvm-symbolizer support both x86 and arm . What't the difference between the way of sancov -symbolize and llvm-symbolizer to symbolize the binary ?

If I want to modify sancov to support Android arm obj, what should I do? or another way to generate coverage report ? Any idea would be appreciated ~

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/google/sanitizers/issues/815, or mute the thread https://github.com/notifications/unsubscribe-auth/AAZuSp3LRbuAm-5uh24BbUchbADCg9Jmks5r9PpJgaJpZM4Nl7lb .

[yogurfrul]

I have no experience on dissassembler or PLT stubs, do you have plan to support architecture the user specific?

so I firstly objdump -d the object to get all the instrumented PCs , then llvm-symbolizer them , then I print the *.sancov files to get the covered PCs, finally I can get the covered line and missing line response to the source code. what do you think ?

[kcc]

Yes, that works. We may not be able to finish sancov any time soon, so that's what you have.

[yogurfrul]

still have one problem: I llvm-symbolizer one stub PC , knowing that it point to line 6, however ,in fact , the stub PC is pointing to one basic block , responsing to lines 6,7,8,9

I use -fsanitize-coverage=edge ,its stub is __sanitizer_cov(@plt) how can I know which lines covered in one stub pc?

[morehouse]

No major updates to SanCov planned. Clang Coverage is the preferred way to visualize coverage.