1 files changed, 17 insertions, 10 deletions
diff --git a/docs/SanitizerCoverage.rst b/docs/SanitizerCoverage.rst
index 3e8102a12f67..8ff5bdf3a3d2 100644
--- a/docs/SanitizerCoverage.rst
+++ b/docs/SanitizerCoverage.rst
@@ -227,7 +227,8 @@ easily used for bitset-based corpus distillation.
 Caller-callee coverage
 ======================
 
-(Experimental!)
+**Deprecated, don't use**
+
 Every indirect function call is instrumented with a run-time function call that
 captures caller and callee.  At the shutdown time the process dumps a separate
 file called ``caller-callee.PID.sancov`` which contains caller/callee pairs as
@@ -253,6 +254,8 @@ Current limitations:
 Coverage counters
 =================
 
+**Deprecated, don't use**
+
 This experimental feature is inspired by
 `AFL <http://lcamtuf.coredump.cx/afl/technical_details.txt>`__'s coverage
 instrumentation. With additional compile-time and run-time flags you can get
@@ -296,6 +299,9 @@ These counters may also be used for in-process coverage-guided fuzzers. See
 
 Tracing basic blocks
 ====================
+
+**Deprecated, don't use**
+
 Experimental support for basic block (or edge) tracing.
 With ``-fsanitize-coverage=trace-bb`` the compiler will insert
 ``__sanitizer_cov_trace_basic_block(s32 *id)`` before every function, basic block, or edge
@@ -319,6 +325,9 @@ Basic block tracing is currently supported only for single-threaded applications
 
 Tracing PCs
 ===========
+
+**Deprecated, don't use**
+
 *Experimental* feature similar to tracing basic blocks, but with a different API.
 With ``-fsanitize-coverage=trace-pc`` the compiler will insert
 ``__sanitizer_cov_trace_pc()`` on every edge.
@@ -331,16 +340,13 @@ and can be used with `AFL <http://lcamtuf.coredump.cx/afl>`__.
 
 Tracing PCs with guards
 =======================
-Another *experimental* feature that tries to combine the functionality of `trace-pc`,
-`8bit-counters` and boolean coverage.
 
 With ``-fsanitize-coverage=trace-pc-guard`` the compiler will insert the following code
 on every edge:
 
 .. code-block:: none
 
-   if (guard_variable)
-     __sanitizer_cov_trace_pc_guard(&guard_variable)
+   __sanitizer_cov_trace_pc_guard(&guard_variable)
 
 Every edge will have its own `guard_variable` (uint32_t).
 
@@ -349,10 +355,11 @@ The compler will also insert a module constructor that will call
 .. code-block:: c++
 
    // The guards are [start, stop).
-   // This function may be called multiple times with the same values of start/stop.
+   // This function will be called at least once per DSO and may be called
+   // more than once with the same values of start/stop.
    __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop);
 
-Similarly to `trace-pc,indirect-calls`, with `trace-pc-guards,indirect-calls`
+With `trace-pc-guards,indirect-calls`
 ``__sanitizer_cov_trace_pc_indirect(void *callee)`` will be inserted on every indirect call.
 
 The functions `__sanitizer_cov_trace_pc_*` should be defined by the user.
@@ -367,10 +374,10 @@ Example:
   #include <sanitizer/coverage_interface.h>
 
   // This callback is inserted by the compiler as a module constructor
-  // into every compilation unit. 'start' and 'stop' correspond to the
+  // into every DSO. 'start' and 'stop' correspond to the
   // beginning and end of the section with the guards for the entire
-  // binary (executable or DSO) and so it will be called multiple times
-  // with the same parameters.
+  // binary (executable or DSO). The callback will be called at least
+  // once per DSO and may be called multiple times with the same parameters.
   extern "C" void __sanitizer_cov_trace_pc_guard_init(uint32_t *start,
                                                       uint32_t *stop) {
     static uint64_t N;  // Counter for the guards.