maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[libfuzzer] dump_coverage command line flag 

Reviewers: kcc, vitalybuka

Differential Revision: https://reviews.llvm.org/D27942

llvm-svn: 290138
This commit is contained in:
Mike Aizatsky 2016-12-19 22:18:08 +00:00
parent 492c5a1674
commit 9b415be1bf
7 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
llvm/lib/Fuzzer/FuzzerDriver.cpp
View File

@ -433,6 +433,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
Options.PrintFinalStats = Flags.print_final_stats;
Options.PrintCorpusStats = Flags.print_corpus_stats;
Options.PrintCoverage = Flags.print_coverage;
Options.DumpCoverage = Flags.dump_coverage;
if (Flags.exit_on_src_pos)
Options.ExitOnSrcPos = Flags.exit_on_src_pos;
if (Flags.exit_on_item)

2
llvm/lib/Fuzzer/FuzzerFlags.def
View File

@ -81,6 +81,8 @@ FUZZER_FLAG_INT(print_corpus_stats, 0,
"If 1, print statistics on corpus elements at exit.")
FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information at exit."
" Experimental, only with trace-pc-guard")
FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information at exit."
" Experimental, only with trace-pc-guard")
FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.")
FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGSEGV.")
FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.")

2
llvm/lib/Fuzzer/FuzzerLoop.cpp
View File

@ -375,6 +375,8 @@ void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units) {
void Fuzzer::PrintFinalStats() {
if (Options.PrintCoverage)
TPC.PrintCoverage();
if (Options.DumpCoverage)
TPC.DumpCoverage();
if (Options.PrintCorpusStats)
Corpus.PrintStats();
if (!Options.PrintFinalStats) return;

1
llvm/lib/Fuzzer/FuzzerOptions.h
View File

@ -51,6 +51,7 @@ struct FuzzingOptions {
bool PrintFinalStats = false;
bool PrintCorpusStats = false;
bool PrintCoverage = false;
bool DumpCoverage = false;
bool DetectLeaks = true;
int TraceMalloc = 0;
bool HandleAbrt = false;

5
llvm/lib/Fuzzer/FuzzerTracePC.cpp
View File

@ -20,6 +20,7 @@
#include "FuzzerTracePC.h"
#include "FuzzerValueBitMap.h"
#include <map>
#include <sanitizer/coverage_interface.h>
#include <set>
#include <sstream>
@ -188,6 +189,10 @@ void TracePC::PrintCoverage() {
}
}
void TracePC::DumpCoverage() {
__sanitizer_dump_coverage(PCs, GetNumPCs());
}
// Value profile.
// We keep track of various values that affect control flow.
// These values are inserted into a bit-set-based hash map.

1
llvm/lib/Fuzzer/FuzzerTracePC.h
View File

@ -71,6 +71,7 @@ class TracePC {
void PrintModuleInfo();
void PrintCoverage();
void DumpCoverage();
void AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2,
size_t n);

16
llvm/lib/Fuzzer/test/dump_coverage.test Normal file
View File

@ -0,0 +1,16 @@
RUN: DIR=%t_workdir
RUN: BUILD_DIR=$(pwd)
RUN: rm -rf $DIR && mkdir -p $DIR && cd $DIR
RUN: not $BUILD_DIR/LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s
RUN: $BUILD_DIR/LLVMFuzzer-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
RUN: not $BUILD_DIR/LLVMFuzzer-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV
RUN: rm -rf $DIR
CHECK: SanitizerCoverage: ./LLVMFuzzer-NullDerefTest.{{.*}}.sancov {{.*}} PCs written
DSO: SanitizerCoverage: ./LLVMFuzzer-DSOTest.{{.*}}.sancov {{.*}} PCs written
DSO-DAG: SanitizerCoverage: ./libLLVMFuzzer-DSO1.{{.*}}.sancov {{.*}} PCs written
DSO-DAG: SanitizerCoverage: ./libLLVMFuzzer-DSO2.{{.*}}.sancov {{.*}} PCs written
NOCOV-NOT: SanitizerCoverage: {{.*}} PCs written