Skip to content

Instrumentation

Jump to bottom
Hugo edited this page Feb 26, 2026 · 1 revision

Instrumentation

Instrumentation is applied on LLVM modules in src/compilerlib/instrumentation/.

Passes and runtime hooks

Pass Entry point Main inserted hooks
Allocation wrapAllocCalls() __ct_malloc, __ct_free, __ct_new, __ct_delete, __ct_realloc, __ct_mmap, ...
Bounds instrumentMemoryAccesses() __ct_check_bounds(base, ptr, size, site, is_write)
Trace instrumentModule() __ct_trace_enter, typed exit hooks (void/i64/ptr/f64/unknown)
VTable instrumentVirtualCalls() __ct_vtable_dump, __ct_vcall_trace

Allocation pass details

The allocation pass rewrites calls for C and C++ allocators/deallocators and several memory APIs. Highlights:

  • tracks allocations with source-site strings,
  • supports malloc/calloc/realloc/free,
  • supports new/delete variants (including nothrow/destroying delete hooks),
  • supports posix_memalign, aligned_alloc, mmap/munmap, sbrk/brk wrappers,
  • adds auto-free helper calls for unreachable allocations when enabled.

Bounds pass details

The bounds pass instruments:

  • loads/stores,
  • atomic memory ops,
  • llvm.mem* intrinsics.

Each check receives base pointer, accessed pointer, access size, site string, and write/read mode.

Trace pass details

The trace pass:

  • inserts __ct_trace_enter at function entry,
  • inserts typed exit hooks based on return type,
  • skips non-user/runtime functions via shared filtering helpers.

VTable pass details

The vtable pass instruments indirect virtual-style calls when it can recover a this pointer pattern. Depending on config:

  • dump_vtable: injects __ct_vtable_dump(this, site, static_type)
  • trace_calls: injects __ct_vcall_trace(this, callee, site, static_type)

RuntimeConfig (actual fields)

include/compilerlib/instrumentation/config.hpp:

  • shadow_enabled (default false)
  • shadow_aggressive (default false)
  • bounds_no_abort (default false)
  • trace_enabled (default true)
  • alloc_enabled (default true)
  • bounds_enabled (default true)
  • vtable_enabled (default false)
  • vcall_trace_enabled (default false)
  • vtable_diag_enabled (default false)
  • autofree_enabled (default false)
  • alloc_trace_enabled (default true)
  • bounds_without_alloc (derived)
  • optnone_enabled (default false)

If bounds is enabled while alloc is disabled, CoreTrace emits a warning because bounds checks rely on allocation metadata.

Frontend optnone wrapper

frontend/OptNoneAction can wrap frontend actions to force optnone/noinline on user functions. This is controlled by --ct-optnone and can apply even without --instrument.

Home

Start

Architecture

Instrumentation

Developer

Clone this wiki locally