add warning about coverage plugin impacting taint results #1583
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
As all this change does is modify a markdown file, the build errors must be totally unrelated to the changes made. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I know it's just a little thing, but hopefully the warning will save someone else the pain we just went through of trying to figure out what is going on.
The issue is that when the coverage plugin is loaded (it doesn't even have to be enabled), it inserts calls into the TCG instruction stream. This not only impacts the TCG optimizations, but also these calls get instrumented by the taint system. So, you get different taint than if you ran the same scenario without the coverage plugin loaded.
Although it is possible to make the taint system recognize the functions inserted by the coverage plugin and not instrument them, this only reduces the number of taint differences - it doesn't entirely eradicate them. One would also need to build PANDA without TCG optimizations in order to get rid of all the taint differences. Neither adjustment is sufficient on its own to make all the taint differences go away.
It doesn't seem like a good idea to permanently disable TCG optimizations (things are slow enough with them, and the number of taint reports increases with TCG optimizations off), and with recordings you shouldn't need to run coverage with taint at the same time (you can run them separately if you really want output from both plugins), so it seemed best just to warn the user "don't do that".