2015-02-04 03:40:53 +08:00
|
|
|
//===-- sanitizer/coverage_interface.h --------------------------*- C++ -*-===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// Public interface for sanitizer coverage.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#ifndef SANITIZER_COVERAG_INTERFACE_H
|
|
|
|
#define SANITIZER_COVERAG_INTERFACE_H
|
|
|
|
|
|
|
|
#include <sanitizer/common_interface_defs.h>
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// Initialize coverage.
|
|
|
|
void __sanitizer_cov_init();
|
|
|
|
// Record and dump coverage info.
|
|
|
|
void __sanitizer_cov_dump();
|
|
|
|
// Open <name>.sancov.packed in the coverage directory and return the file
|
|
|
|
// descriptor. Returns -1 on failure, or if coverage dumping is disabled.
|
|
|
|
// This is intended for use by sandboxing code.
|
|
|
|
intptr_t __sanitizer_maybe_open_cov_file(const char *name);
|
|
|
|
// Get the number of total unique covered entities (blocks, edges, calls).
|
|
|
|
// This can be useful for coverage-directed in-process fuzzers.
|
|
|
|
uintptr_t __sanitizer_get_total_unique_coverage();
|
|
|
|
|
|
|
|
// Reset the basic-block (edge) coverage to the initial state.
|
|
|
|
// Useful for in-process fuzzing to start collecting coverage from scratch.
|
|
|
|
// Experimental, will likely not work for multi-threaded process.
|
|
|
|
void __sanitizer_reset_coverage();
|
|
|
|
// Set *data to the array of covered PCs and return the size of that array.
|
|
|
|
// Some of the entries in *data will be zero.
|
|
|
|
uintptr_t __sanitizer_get_coverage_guards(uintptr_t **data);
|
|
|
|
|
[sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing).
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.
The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.
These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.
Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).
Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.
llvm-svn: 231166
2015-03-04 07:27:02 +08:00
|
|
|
// The coverage instrumentation may optionally provide imprecise counters.
|
|
|
|
// Rather than exposing the counter values to the user we instead map
|
|
|
|
// the counters to a bitset.
|
|
|
|
// Every counter is associated with 8 bits in the bitset.
|
|
|
|
// We define 8 value ranges: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+
|
|
|
|
// The i-th bit is set to 1 if the counter value is in the i-th range.
|
|
|
|
// This counter-based coverage implementation is *not* thread-safe.
|
|
|
|
|
|
|
|
// Returns the number of registered coverage counters.
|
|
|
|
uintptr_t __sanitizer_get_number_of_counters();
|
|
|
|
// Updates the counter 'bitset', clears the counters and returns the number of
|
|
|
|
// new bits in 'bitset'.
|
|
|
|
// If 'bitset' is nullptr, only clears the counters.
|
|
|
|
// Otherwise 'bitset' should be at least
|
|
|
|
// __sanitizer_get_number_of_counters bytes long and 8-aligned.
|
|
|
|
uintptr_t
|
|
|
|
__sanitizer_update_counter_bitset_and_clear_counters(uint8_t *bitset);
|
2015-02-04 03:40:53 +08:00
|
|
|
#ifdef __cplusplus
|
|
|
|
} // extern "C"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif // SANITIZER_COVERAG_INTERFACE_H
|