diff options
| author | Mike Aizatsky <aizatsky@chromium.org> | 2016-12-19 22:18:08 +0000 |
|---|---|---|
| committer | Mike Aizatsky <aizatsky@chromium.org> | 2016-12-19 22:18:08 +0000 |
| commit | 9b415be1bf1b86cce12689fbc684306a24956824 (patch) | |
| tree | f59a430e0155216af83eef0e41a02c3751da073f /llvm/lib/Fuzzer | |
| parent | 492c5a16741e40a869b1b9981261c7644fd0f1c9 (diff) | |
| download | bcm5719-llvm-9b415be1bf1b86cce12689fbc684306a24956824.tar.gz bcm5719-llvm-9b415be1bf1b86cce12689fbc684306a24956824.zip | |
[libfuzzer] dump_coverage command line flag
Reviewers: kcc, vitalybuka
Differential Revision: https://reviews.llvm.org/D27942
llvm-svn: 290138
Diffstat (limited to 'llvm/lib/Fuzzer')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerFlags.def | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerOptions.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerTracePC.cpp | 5 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerTracePC.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/dump_coverage.test | 16 |
7 files changed, 28 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp index 8a8c12fd6cb..95b0721c87d 100644 --- a/llvm/lib/Fuzzer/FuzzerDriver.cpp +++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp @@ -433,6 +433,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.PrintFinalStats = Flags.print_final_stats; Options.PrintCorpusStats = Flags.print_corpus_stats; Options.PrintCoverage = Flags.print_coverage; + Options.DumpCoverage = Flags.dump_coverage; if (Flags.exit_on_src_pos) Options.ExitOnSrcPos = Flags.exit_on_src_pos; if (Flags.exit_on_item) diff --git a/llvm/lib/Fuzzer/FuzzerFlags.def b/llvm/lib/Fuzzer/FuzzerFlags.def index 68dc820caa3..25ef1741a9d 100644 --- a/llvm/lib/Fuzzer/FuzzerFlags.def +++ b/llvm/lib/Fuzzer/FuzzerFlags.def @@ -81,6 +81,8 @@ FUZZER_FLAG_INT(print_corpus_stats, 0, "If 1, print statistics on corpus elements at exit.") FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information at exit." " Experimental, only with trace-pc-guard") +FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information at exit." + " Experimental, only with trace-pc-guard") FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.") FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGSEGV.") FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.") diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 00dac2274f6..73e058ff34a 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -375,6 +375,8 @@ void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units) { void Fuzzer::PrintFinalStats() { if (Options.PrintCoverage) TPC.PrintCoverage(); + if (Options.DumpCoverage) + TPC.DumpCoverage(); if (Options.PrintCorpusStats) Corpus.PrintStats(); if (!Options.PrintFinalStats) return; diff --git a/llvm/lib/Fuzzer/FuzzerOptions.h b/llvm/lib/Fuzzer/FuzzerOptions.h index f1cd4935be9..34e93fc34ac 100644 --- a/llvm/lib/Fuzzer/FuzzerOptions.h +++ b/llvm/lib/Fuzzer/FuzzerOptions.h @@ -51,6 +51,7 @@ struct FuzzingOptions { bool PrintFinalStats = false; bool PrintCorpusStats = false; bool PrintCoverage = false; + bool DumpCoverage = false; bool DetectLeaks = true; int TraceMalloc = 0; bool HandleAbrt = false; diff --git a/llvm/lib/Fuzzer/FuzzerTracePC.cpp b/llvm/lib/Fuzzer/FuzzerTracePC.cpp index 3c6130e0090..81c084b5899 100644 --- a/llvm/lib/Fuzzer/FuzzerTracePC.cpp +++ b/llvm/lib/Fuzzer/FuzzerTracePC.cpp @@ -20,6 +20,7 @@ #include "FuzzerTracePC.h" #include "FuzzerValueBitMap.h" #include <map> +#include <sanitizer/coverage_interface.h> #include <set> #include <sstream> @@ -188,6 +189,10 @@ void TracePC::PrintCoverage() { } } +void TracePC::DumpCoverage() { + __sanitizer_dump_coverage(PCs, GetNumPCs()); +} + // Value profile. // We keep track of various values that affect control flow. // These values are inserted into a bit-set-based hash map. diff --git a/llvm/lib/Fuzzer/FuzzerTracePC.h b/llvm/lib/Fuzzer/FuzzerTracePC.h index 9d416283301..68827f80cbd 100644 --- a/llvm/lib/Fuzzer/FuzzerTracePC.h +++ b/llvm/lib/Fuzzer/FuzzerTracePC.h @@ -71,6 +71,7 @@ class TracePC { void PrintModuleInfo(); void PrintCoverage(); + void DumpCoverage(); void AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2, size_t n); diff --git a/llvm/lib/Fuzzer/test/dump_coverage.test b/llvm/lib/Fuzzer/test/dump_coverage.test new file mode 100644 index 00000000000..9bd98daa361 --- /dev/null +++ b/llvm/lib/Fuzzer/test/dump_coverage.test @@ -0,0 +1,16 @@ +RUN: DIR=%t_workdir +RUN: BUILD_DIR=$(pwd) +RUN: rm -rf $DIR && mkdir -p $DIR && cd $DIR +RUN: not $BUILD_DIR/LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s +RUN: $BUILD_DIR/LLVMFuzzer-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO +RUN: not $BUILD_DIR/LLVMFuzzer-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV +RUN: rm -rf $DIR + + +CHECK: SanitizerCoverage: ./LLVMFuzzer-NullDerefTest.{{.*}}.sancov {{.*}} PCs written + +DSO: SanitizerCoverage: ./LLVMFuzzer-DSOTest.{{.*}}.sancov {{.*}} PCs written +DSO-DAG: SanitizerCoverage: ./libLLVMFuzzer-DSO1.{{.*}}.sancov {{.*}} PCs written +DSO-DAG: SanitizerCoverage: ./libLLVMFuzzer-DSO2.{{.*}}.sancov {{.*}} PCs written + +NOCOV-NOT: SanitizerCoverage: {{.*}} PCs written |
