1============== 2SanitizerStats 3============== 4 5.. contents:: 6 :local: 7 8Introduction 9============ 10 11The sanitizers support a simple mechanism for gathering profiling statistics 12to help understand the overhead associated with sanitizers. 13 14How to build and run 15==================== 16 17SanitizerStats can currently only be used with :doc:`ControlFlowIntegrity`. 18In addition to ``-fsanitize=cfi*``, pass the ``-fsanitize-stats`` flag. 19This will cause the program to count the number of times that each control 20flow integrity check in the program fires. 21 22At run time, set the ``SANITIZER_STATS_PATH`` environment variable to direct 23statistics output to a file. The file will be written on process exit. 24The following substitutions will be applied to the environment variable: 25 26 - ``%b`` -- The executable basename. 27 - ``%p`` -- The process ID. 28 29You can also send the ``SIGUSR2`` signal to a process to make it write 30sanitizer statistics immediately. 31 32The ``sanstats`` program can be used to dump statistics. It takes as a 33command line argument the path to a statistics file produced by a program 34compiled with ``-fsanitize-stats``. 35 36The output of ``sanstats`` is in four columns, separated by spaces. The first 37column is the file and line number of the call site. The second column is 38the function name. The third column is the type of statistic gathered (in 39this case, the type of control flow integrity check). The fourth column is 40the call count. 41 42Example: 43 44.. code-block:: console 45 46 $ cat -n vcall.cc 47 1 struct A { 48 2 virtual void f() {} 49 3 }; 50 4 51 5 __attribute__((noinline)) void g(A *a) { 52 6 a->f(); 53 7 } 54 8 55 9 int main() { 56 10 A a; 57 11 g(&a); 58 12 } 59 $ clang++ -fsanitize=cfi -flto -fuse-ld=gold vcall.cc -fsanitize-stats -g 60 $ SANITIZER_STATS_PATH=a.stats ./a.out 61 $ sanstats a.stats 62 vcall.cc:6 _Z1gP1A cfi-vcall 1 63