@@ -385,6 +385,46 @@ Users need to implement a single function to capture the CF table at startup:
385385 // the collected control flow.
386386 }
387387
388+ Tracing Stack Depth
389+ ===================
390+
391+ With ``-fsanitize-coverage=stack-depth `` the compiler will track how much
392+ stack space has been used for a function call chain. Leaf functions are
393+ not included in this tracing.
394+
395+ The maximum depth of a function call graph is stored in the thread-local
396+ ``__sancov_lowest_stack `` variable. Instrumentation is inserted in each
397+ non-leaf function to check the stack pointer against this variable, and
398+ if it is lower, store the current stack pointer. This effectively does:
399+
400+ .. code-block :: c++
401+
402+ thread_local __sancov_lowest_stack;
403+
404+ if (stack_pointer < __sancov_lowest_stack)
405+ __sancov_lowest_stack = stack_pointer;
406+
407+ If ``-fsanitize-coverage-stack-depth-callback-min=N `` is also used,
408+ the tracking is delegated to a callback, ``__sanitize_cov_stack_depth ``,
409+ instead of adding instrumentation to update ``__sancov_lowest_stack ``.
410+ The ``N `` of the argument is used to determine which functions to
411+ instrument. Only functions using ``N `` bytes or more of stack space
412+ will be instrumented to call the tracing callback. In the case of a
413+ dynamically sized stack, the callback is unconditionally added.
414+
415+ The callback takes no arguments and is responsible for determining
416+ the stack pointer and doing any needed comparisons and storage. The
417+ prototype is:
418+
419+ .. code-block :: c++
420+
421+ extern "C"
422+ void __sanitize_cov_stack_depth(void);
423+
424+ Note that, currently, dynamically sized stacks are not tracked by
425+ instrumentation correctly, as it is inserted too early. This means
426+ that only constant sized stack allocations are currently tracked.
427+
388428Gated Trace Callbacks
389429=====================
390430
0 commit comments