diff options
| author | Kostya Serebryany <kcc@google.com> | 2018-05-21 19:47:00 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2018-05-21 19:47:00 +0000 |
| commit | cfc4a3e12b343978b104a1b8b0070593fceb5965 (patch) | |
| tree | 3eea2f375dfec0d57c3bd2ae2af2fe83c65f6756 | |
| parent | 6d4a6ff7196268f1568af3d72a2681fb76d9e599 (diff) | |
[libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332876 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerFlags.def | 4 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 2 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerOptions.h | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerTracePC.cpp | 9 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerTracePC.h | 1 | ||||
| -rw-r--r-- | test/fuzzer/dump_coverage.test | 21 |
7 files changed, 38 insertions, 1 deletions
diff --git a/lib/fuzzer/FuzzerDriver.cpp b/lib/fuzzer/FuzzerDriver.cpp index 26e5548a9..dfb3d492c 100644 --- a/lib/fuzzer/FuzzerDriver.cpp +++ b/lib/fuzzer/FuzzerDriver.cpp @@ -615,6 +615,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.PrintFinalStats = Flags.print_final_stats; Options.PrintCorpusStats = Flags.print_corpus_stats; Options.PrintCoverage = Flags.print_coverage; + Options.DumpCoverage = Flags.dump_coverage; Options.UseFeatureFrequency = Flags.use_feature_frequency; if (Flags.exit_on_src_pos) Options.ExitOnSrcPos = Flags.exit_on_src_pos; diff --git a/lib/fuzzer/FuzzerFlags.def b/lib/fuzzer/FuzzerFlags.def index 1ff3fd95e..139e6187f 100644 --- a/lib/fuzzer/FuzzerFlags.def +++ b/lib/fuzzer/FuzzerFlags.def @@ -107,7 +107,9 @@ FUZZER_FLAG_INT(print_corpus_stats, 0, "If 1, print statistics on corpus elements at exit.") FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information as text" " at exit.") -FUZZER_DEPRECATED_FLAG(dump_coverage) +FUZZER_FLAG_INT(dump_coverage, 0, "Deprecated." + " If 1, dump coverage information as a" + " .sancov file at exit.") FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.") FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.") FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.") diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 4bf5c7802..d5b949c5f 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -350,6 +350,8 @@ void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units) { void Fuzzer::PrintFinalStats() { if (Options.PrintCoverage) TPC.PrintCoverage(); + if (Options.DumpCoverage) + TPC.DumpCoverage(); if (Options.PrintCorpusStats) Corpus.PrintStats(); if (!Options.PrintFinalStats) diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index 0c51d9e39..946f0b9d6 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -53,6 +53,7 @@ struct FuzzingOptions { bool PrintFinalStats = false; bool PrintCorpusStats = false; bool PrintCoverage = false; + bool DumpCoverage = false; bool DetectLeaks = true; int PurgeAllocatorIntervalSec = 1; int UseFeatureFrequency = false; diff --git a/lib/fuzzer/FuzzerTracePC.cpp b/lib/fuzzer/FuzzerTracePC.cpp index ed62cdcf4..fb8544f9c 100644 --- a/lib/fuzzer/FuzzerTracePC.cpp +++ b/lib/fuzzer/FuzzerTracePC.cpp @@ -298,6 +298,15 @@ void TracePC::PrintCoverage() { IterateCoveredFunctions(CoveredFunctionCallback); } +void TracePC::DumpCoverage() { + if (EF->__sanitizer_dump_coverage) { + Vector<uintptr_t> PCsCopy(GetNumPCs()); + for (size_t i = 0; i < GetNumPCs(); i++) + PCsCopy[i] = PCs()[i] ? GetPreviousInstructionPc(PCs()[i]) : 0; + EF->__sanitizer_dump_coverage(PCsCopy.data(), PCsCopy.size()); + } +} + // Value profile. // We keep track of various values that affect control flow. // These values are inserted into a bit-set-based hash map. diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index e1db5127c..c17626cf3 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -102,6 +102,7 @@ class TracePC { void PrintModuleInfo(); void PrintCoverage(); + void DumpCoverage(); template<class CallBack> void IterateCoveredFunctions(CallBack CB); diff --git a/test/fuzzer/dump_coverage.test b/test/fuzzer/dump_coverage.test new file mode 100644 index 000000000..dd3e73e44 --- /dev/null +++ b/test/fuzzer/dump_coverage.test @@ -0,0 +1,21 @@ +UNSUPPORTED: freebsd +RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so +RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so +RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest + +RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/NullDerefTest.cpp -o %t-NullDerefTest + +RUN: rm -rf %t_workdir && mkdir -p %t_workdir +RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s +RUN: sancov -covered-functions %t-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV +RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %t-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO +RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV + +CHECK: SanitizerCoverage: {{.*}}NullDerefTest.{{.*}}.sancov: {{.*}} PCs written +SANCOV: LLVMFuzzerTestOneInput + +DSO: SanitizerCoverage: {{.*}}DSOTest.{{.*}}.sancov: {{.*}} PCs written +DSO-DAG: SanitizerCoverage: {{.*}}DSO1.{{.*}}.sancov: {{.*}} PCs written +DSO-DAG: SanitizerCoverage: {{.*}}DSO2.{{.*}}.sancov: {{.*}} PCs written + +NOCOV-NOT: SanitizerCoverage: {{.*}} PCs written |