diff options
| author | Max Moroz <mmoroz@chromium.org> | 2017-10-05 22:41:03 +0000 |
|---|---|---|
| committer | Max Moroz <mmoroz@chromium.org> | 2017-10-05 22:41:03 +0000 |
| commit | 590a32da41f486f5d834ccc9af1d337565b6a675 (patch) | |
| tree | 8e96c5110a938df2585a3e9bffd09cc832257bd5 | |
| parent | 2edf2374329a4748bad03d6a6517ec89b1e472de (diff) | |
[libFuzzer] Disable experimental clang coverage support by default.
Summary:
It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling:
libFuzzer resets Clang Counters and makes it impossible to generate coverage
report for a regular fuzz target (i.e. not standalone build).
Reviewers: kcc
Reviewed By: kcc
Subscribers: kcc
Differential Revision: https://reviews.llvm.org/D38604
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315029 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerFlags.def | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerOptions.h | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerTracePC.h | 5 | ||||
| -rw-r--r-- | test/fuzzer/fprofile-instr-generate.test | 7 |
6 files changed, 15 insertions, 1 deletions
diff --git a/lib/fuzzer/FuzzerDriver.cpp b/lib/fuzzer/FuzzerDriver.cpp index cc995348e..dcf8d505f 100644 --- a/lib/fuzzer/FuzzerDriver.cpp +++ b/lib/fuzzer/FuzzerDriver.cpp @@ -604,6 +604,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.PrintCorpusStats = Flags.print_corpus_stats; Options.PrintCoverage = Flags.print_coverage; Options.DumpCoverage = Flags.dump_coverage; + Options.UseClangCoverage = Flags.use_clang_coverage; if (Flags.exit_on_src_pos) Options.ExitOnSrcPos = Flags.exit_on_src_pos; if (Flags.exit_on_item) diff --git a/lib/fuzzer/FuzzerFlags.def b/lib/fuzzer/FuzzerFlags.def index 790b5783d..a23818fd5 100644 --- a/lib/fuzzer/FuzzerFlags.def +++ b/lib/fuzzer/FuzzerFlags.def @@ -131,6 +131,7 @@ FUZZER_FLAG_INT(ignore_remaining_args, 0, "If 1, ignore all arguments passed " FUZZER_FLAG_STRING(run_equivalence_server, "Experimental") FUZZER_FLAG_STRING(use_equivalence_server, "Experimental") FUZZER_FLAG_INT(analyze_dict, 0, "Experimental") +FUZZER_FLAG_INT(use_clang_coverage, 0, "Experimental") FUZZER_DEPRECATED_FLAG(exit_on_first) FUZZER_DEPRECATED_FLAG(save_minimized_corpus) diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index ec126024e..4ccfe3f2a 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -122,6 +122,7 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook); TPC.SetUseCounters(Options.UseCounters); TPC.SetUseValueProfile(Options.UseValueProfile); + TPC.SetUseClangCoverage(Options.UseClangCoverage); if (Options.Verbosity) TPC.PrintModuleInfo(); diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index bfac3b685..ddf6e4201 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -52,6 +52,7 @@ struct FuzzingOptions { bool PrintCorpusStats = false; bool PrintCoverage = false; bool DumpCoverage = false; + bool UseClangCoverage = false; bool DetectLeaks = true; int TraceMalloc = 0; bool HandleAbrt = false; diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index 743db5483..b3c9b9861 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -80,6 +80,7 @@ class TracePC { template <class T> void HandleCmp(uintptr_t PC, T Arg1, T Arg2); size_t GetTotalPCCoverage(); void SetUseCounters(bool UC) { UseCounters = UC; } + void SetUseClangCoverage(bool UCC) { UseClangCoverage = UCC; } void SetUseValueProfile(bool VP) { UseValueProfile = VP; } void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; } void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; } @@ -92,7 +93,8 @@ class TracePC { memset(Counters(), 0, GetNumPCs()); ClearExtraCounters(); ClearInlineCounters(); - ClearClangCounters(); + if (UseClangCoverage) + ClearClangCounters(); } void ClearInlineCounters(); @@ -133,6 +135,7 @@ class TracePC { private: bool UseCounters = false; bool UseValueProfile = false; + bool UseClangCoverage = false; bool DoPrintNewPCs = false; size_t NumPrintNewFuncs = 0; diff --git a/test/fuzzer/fprofile-instr-generate.test b/test/fuzzer/fprofile-instr-generate.test new file mode 100644 index 000000000..2a3ec96f1 --- /dev/null +++ b/test/fuzzer/fprofile-instr-generate.test @@ -0,0 +1,7 @@ +# Test libFuzzer + -fprofile-instr-generate +REQUIRES: linux +RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fprofile-instr-generate -o %t-SimpleTest-fprofile-instr-generate +CHECK-NOT: INFO: Loaded 1 modules +CHECK: INFO: {{.*}} Clang Coverage Counters +CHECK: BINGO +RUN: not %t-SimpleTest-fprofile-instr-generate -runs=1000000 -seed=1 -use_clang_coverage=1 2>&1 | FileCheck %s |