[libFuzzer] Disable experimental clang coverage support by default.

Summary:
It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling:
libFuzzer resets Clang Counters and makes it impossible to generate coverage
report for a regular fuzz target (i.e. not standalone build).

Reviewers: kcc

Reviewed By: kcc

Subscribers: kcc

Differential Revision: https://reviews.llvm.org/D38604

llvm-svn: 315029

compiler-rt/lib/fuzzer/FuzzerDriver.cpp

@@ -604,6 +604,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
   Options.PrintCorpusStats = Flags.print_corpus_stats;
   Options.PrintCoverage = Flags.print_coverage;
   Options.DumpCoverage = Flags.dump_coverage;
+  Options.UseClangCoverage = Flags.use_clang_coverage;
   if (Flags.exit_on_src_pos)
     Options.ExitOnSrcPos = Flags.exit_on_src_pos;
   if (Flags.exit_on_item)

compiler-rt/lib/fuzzer/FuzzerFlags.def

@@ -131,6 +131,7 @@ FUZZER_FLAG_INT(ignore_remaining_args, 0, "If 1, ignore all arguments passed "
 FUZZER_FLAG_STRING(run_equivalence_server, "Experimental")
 FUZZER_FLAG_STRING(use_equivalence_server, "Experimental")
 FUZZER_FLAG_INT(analyze_dict, 0, "Experimental")
+FUZZER_FLAG_INT(use_clang_coverage, 0, "Experimental")
 
 FUZZER_DEPRECATED_FLAG(exit_on_first)
 FUZZER_DEPRECATED_FLAG(save_minimized_corpus)

compiler-rt/lib/fuzzer/FuzzerLoop.cpp

@@ -122,6 +122,7 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
     EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook);
   TPC.SetUseCounters(Options.UseCounters);
   TPC.SetUseValueProfile(Options.UseValueProfile);
+  TPC.SetUseClangCoverage(Options.UseClangCoverage);
 
   if (Options.Verbosity)
     TPC.PrintModuleInfo();

compiler-rt/lib/fuzzer/FuzzerOptions.h

@@ -52,6 +52,7 @@ struct FuzzingOptions {
   bool PrintCorpusStats = false;
   bool PrintCoverage = false;
   bool DumpCoverage = false;
+  bool UseClangCoverage = false;
   bool DetectLeaks = true;
   int  TraceMalloc = 0;
   bool HandleAbrt = false;

compiler-rt/lib/fuzzer/FuzzerTracePC.h

@@ -80,6 +80,7 @@ class TracePC {
   template <class T> void HandleCmp(uintptr_t PC, T Arg1, T Arg2);
   size_t GetTotalPCCoverage();
   void SetUseCounters(bool UC) { UseCounters = UC; }
+  void SetUseClangCoverage(bool UCC) { UseClangCoverage = UCC; }
   void SetUseValueProfile(bool VP) { UseValueProfile = VP; }
   void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; }
   void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; }
@@ -92,7 +93,8 @@ class TracePC {
       memset(Counters(), 0, GetNumPCs());
     ClearExtraCounters();
     ClearInlineCounters();
-    ClearClangCounters();
+    if (UseClangCoverage)
+      ClearClangCounters();
   }
 
   void ClearInlineCounters();
@@ -133,6 +135,7 @@ class TracePC {
 private:
   bool UseCounters = false;
   bool UseValueProfile = false;
+  bool UseClangCoverage = false;
   bool DoPrintNewPCs = false;
   size_t NumPrintNewFuncs = 0;
 

compiler-rt/test/fuzzer/fprofile-instr-generate.test

@@ -0,0 +1,7 @@
+# Test libFuzzer + -fprofile-instr-generate
+REQUIRES: linux
+RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fprofile-instr-generate -o %t-SimpleTest-fprofile-instr-generate
+CHECK-NOT: INFO: Loaded 1 modules
+CHECK: INFO: {{.*}} Clang Coverage Counters
+CHECK: BINGO
+RUN: not %t-SimpleTest-fprofile-instr-generate -runs=1000000 -seed=1 -use_clang_coverage=1 2>&1 | FileCheck %s