asan.c (initialize_sanitizer_builtins): Add BT_FN_VOID_UINT8_UINT8...

	* asan.c (initialize_sanitizer_builtins): Add
	BT_FN_VOID_UINT8_UINT8, BT_FN_VOID_UINT16_UINT16,
	BT_FN_VOID_UINT32_UINT32, BT_FN_VOID_UINT64_UINT64,
	BT_FN_VOID_FLOAT_FLOAT, BT_FN_VOID_DOUBLE_DOUBLE and
	BT_FN_VOID_UINT64_PTR variables.
	* builtin-types.def (BT_FN_VOID_UINT8_UINT8): New fn type.
	(BT_FN_VOID_UINT16_UINT16): Likewise.
	(BT_FN_VOID_UINT32_UINT32): Likewise.
	(BT_FN_VOID_FLOAT_FLOAT): Likewise.
	(BT_FN_VOID_DOUBLE_DOUBLE): Likewise.
	(BT_FN_VOID_UINT64_PTR): Likewise.
	* common.opt (flag_sanitize_coverage): New variable.
	(fsanitize-coverage=trace-pc): Remove.
	(fsanitize-coverage=): Add.
	* flag-types.h (enum sanitize_coverage_code): New enum.
	* fold-const.c (fold_range_test): Disable non-short-circuit
	optimization if flag_sanitize_coverage.
	(fold_truth_andor): Likewise.
	* tree-ssa-ifcombine.c (ifcombine_ifandif): Likewise.
	* opts.c (COVERAGE_SANITIZER_OPT): Define.
	(coverage_sanitizer_opts): New array.
	(get_closest_sanitizer_option): Add OPTS argument, handle also
	OPT_fsanitize_coverage_.
	(parse_sanitizer_options): Adjusted to also handle
	OPT_fsanitize_coverage_.
	(common_handle_option): Add OPT_fsanitize_coverage_.
	* sancov.c (instrument_comparison, instrument_switch): New function.
	(sancov_pass): Add trace-cmp support.
	* sanitizer.def (BUILT_IN_SANITIZER_COV_TRACE_CMP1,
	BUILT_IN_SANITIZER_COV_TRACE_CMP2, BUILT_IN_SANITIZER_COV_TRACE_CMP4,
	BUILT_IN_SANITIZER_COV_TRACE_CMP8,
	BUILT_IN_SANITIZER_COV_TRACE_CONST_CMP1,
	BUILT_IN_SANITIZER_COV_TRACE_CONST_CMP2,
	BUILT_IN_SANITIZER_COV_TRACE_CONST_CMP4,
	BUILT_IN_SANITIZER_COV_TRACE_CONST_CMP8,
	BUILT_IN_SANITIZER_COV_TRACE_CMPF, BUILT_IN_SANITIZER_COV_TRACE_CMPD,
	BUILT_IN_SANITIZER_COV_TRACE_SWITCH): New builtins.
	* doc/invoke.texi: Document -fsanitize-coverage=trace-cmp.

	* gcc.dg/sancov/cmp0.c: New test.

Co-Authored-By: Jakub Jelinek <jakub@redhat.com>

From-SVN: r251801

1 files changed, 14 insertions, 0 deletions

diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index ed438d4..88edc93 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -11169,6 +11169,20 @@ is usable even in freestanding environments.
 Enable coverage-guided fuzzing code instrumentation.
 Inserts a call to @code{__sanitizer_cov_trace_pc} into every basic block.
 
+@item -fsanitize-coverage=trace-cmp
+@opindex fsanitize-coverage=trace-cmp
+Enable dataflow guided fuzzing code instrumentation.
+Inserts a call to @code{__sanitizer_cov_trace_cmp1},
+@code{__sanitizer_cov_trace_cmp2}, @code{__sanitizer_cov_trace_cmp4} or
+@code{__sanitizer_cov_trace_cmp8} for integral comparison with both operands
+variable or @code{__sanitizer_cov_trace_const_cmp1},
+@code{__sanitizer_cov_trace_const_cmp2},
+@code{__sanitizer_cov_trace_const_cmp4} or
+@code{__sanitizer_cov_trace_const_cmp8} for integral comparison with one
+operand constant, @code{__sanitizer_cov_trace_cmpf} or
+@code{__sanitizer_cov_trace_cmpd} for float or double comparisons and
+@code{__sanitizer_cov_trace_switch} for switch statements.
+
 @item -fbounds-check
 @opindex fbounds-check
 For front ends that support it, generate additional code to check that