Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236797 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Alexey Samsonov 2015-05-07 23:33:24 +00:00
parent c0b80631b6
commit 8227e6a8b4
4 changed files with 8 additions and 8 deletions

View File

@ -476,7 +476,7 @@ if(LLVM_USE_SANITIZER)
message(WARNING "LLVM_USE_SANITIZER is not supported on this platform.")
endif()
if (LLVM_USE_SANITIZE_COVERAGE)
append("-fsanitize-coverage=4 -mllvm -sanitizer-coverage-8bit-counters=1" CMAKE_C_FLAGS CMAKE_CXX_FLAGS)
append("-fsanitize-coverage=edge,indirect-calls,8bit-counters" CMAKE_C_FLAGS CMAKE_CXX_FLAGS)
endif()
endif()

View File

@ -14,7 +14,8 @@ This library is intended primarily for in-process coverage-guided fuzz testing
* Build the Fuzzer library as a static archive (or just a set of .o files).
Note that the Fuzzer contains the main() function.
Preferably do *not* use sanitizers while building the Fuzzer.
* Build the library you are going to test with -fsanitize-coverage=[234]
* Build the library you are going to test with
`-fsanitize-coverage={bb,edge}[,indirect-calls]`
and one of the sanitizers. We recommend to build the library in several
different modes (e.g. asan, msan, lsan, ubsan, etc) and even using different
optimizations options (e.g. -O0, -O1, -O2) to diversify testing.
@ -68,7 +69,7 @@ A simple function that does something interesting if it receives the input "HI!"
# Build lib/Fuzzer files.
clang -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
# Build test_fuzzer.cc with asan and link against lib/Fuzzer.
clang++ -fsanitize=address -fsanitize-coverage=3 test_fuzzer.cc Fuzzer*.o
clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc Fuzzer*.o
# Run the fuzzer with no corpus.
./a.out
@ -79,7 +80,7 @@ PCRE2
Here we show how to use lib/Fuzzer on something real, yet simple: pcre2_::
COV_FLAGS=" -fsanitize-coverage=4 -mllvm -sanitizer-coverage-8bit-counters=1"
COV_FLAGS=" -fsanitize-coverage=edge,indirect-calls,8bit-counters"
# Get PCRE2
svn co svn://vcs.exim.org/pcre2/code/trunk pcre
# Get lib/Fuzzer. Assuming that you already have fresh clang in PATH.
@ -172,7 +173,7 @@ to find Heartbleed with LibFuzzer::
wget https://www.openssl.org/source/openssl-1.0.1f.tar.gz
tar xf openssl-1.0.1f.tar.gz
COV_FLAGS="-fsanitize-coverage=4" # -mllvm -sanitizer-coverage-8bit-counters=1"
COV_FLAGS="-fsanitize-coverage=edge,indirect-calls" # -fsanitize-coverage=8bit-counters
(cd openssl-1.0.1f/ && ./config &&
make -j 32 CC="clang -g -fsanitize=address $COV_FLAGS")
# Get and build LibFuzzer

View File

@ -57,8 +57,7 @@
(
cd $LLVM/lib/Fuzzer/
clang -fPIC -c -g -O2 -std=c++11 Fuzzer*.cpp
clang++ -O0 -std=c++11 -fsanitize-coverage=3 \
-mllvm -sanitizer-coverage-experimental-trace-compares=1 \
clang++ -O0 -std=c++11 -fsanitize-coverage=edge,trace-cmp \
-fsanitize=dataflow \
test/dfsan/DFSanSimpleCmpTest.cpp Fuzzer*.o
./a.out

View File

@ -2,7 +2,7 @@
# basic blocks and we'll fail to discover the targets.
# Also enable the coverage instrumentation back (it is disabled
# for the Fuzzer lib)
set(CMAKE_CXX_FLAGS_RELEASE "${LIBFUZZER_FLAGS_BASE} -O0 -fsanitize-coverage=4")
set(CMAKE_CXX_FLAGS_RELEASE "${LIBFUZZER_FLAGS_BASE} -O0 -fsanitize-coverage=edge,indirect-calls")
set(Tests
CounterTest