summaryrefslogtreecommitdiffstats
path: root/clang/docs/SanitizerCoverage.rst
diff options
context:
space:
mode:
Diffstat (limited to 'clang/docs/SanitizerCoverage.rst')
-rw-r--r--clang/docs/SanitizerCoverage.rst11
1 files changed, 6 insertions, 5 deletions
diff --git a/clang/docs/SanitizerCoverage.rst b/clang/docs/SanitizerCoverage.rst
index 6d6e576e464..8ee2159ea31 100644
--- a/clang/docs/SanitizerCoverage.rst
+++ b/clang/docs/SanitizerCoverage.rst
@@ -294,13 +294,14 @@ With ``-fsanitize-coverage=trace-bb`` the compiler will insert
Tracing PCs
===========
*Experimental* feature similar to tracing basic blocks, but with a different API.
-With ``-fsanitize-coverage=[func,bb,edge],trace-pc`` the compiler will insert
-``__sanitizer_cov_trace_pc()`` on every function/block/edge.
-With and additional ``indirect-calls`` flag
+With ``-fsanitize-coverage=trace-pc`` the compiler will insert
+``__sanitizer_cov_trace_pc()`` on every edge.
+With an additional ``...=trace-pc,indirect-calls`` flag
``__sanitizer_cov_trace_pc_indirect(void *callee)`` will be inserted on every indirect call.
These callbacks are not implemented in the Sanitizer run-time and should be defined
-by the user.
-This mechanism is used for fuzzing the Linux kernel (https://github.com/google/syzkaller).
+by the user. So, these flags do not require the other sanitizer to be used.
+This mechanism is used for fuzzing the Linux kernel (https://github.com/google/syzkaller)
+and can be used with `AFL <http://lcamtuf.coredump.cx/afl>`_.
Tracing data flow
=================
OpenPOWER on IntegriCloud