From 9792622ab9ae4f52e4a11841b3610a909e73068e Mon Sep 17 00:00:00 2001 From: Alexey Samsonov Date: Thu, 7 May 2015 23:33:24 +0000 Subject: [PATCH] Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags. llvm-svn: 236797 --- cmake/modules/HandleLLVMOptions.cmake | 2 +- docs/LibFuzzer.rst | 9 +++++---- lib/Fuzzer/FuzzerDFSan.cpp | 3 +-- lib/Fuzzer/test/CMakeLists.txt | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cmake/modules/HandleLLVMOptions.cmake b/cmake/modules/HandleLLVMOptions.cmake index 71a1902dcdd..b0da64d9745 100644 --- a/cmake/modules/HandleLLVMOptions.cmake +++ b/cmake/modules/HandleLLVMOptions.cmake @@ -476,7 +476,7 @@ if(LLVM_USE_SANITIZER) message(WARNING "LLVM_USE_SANITIZER is not supported on this platform.") endif() if (LLVM_USE_SANITIZE_COVERAGE) - append("-fsanitize-coverage=4 -mllvm -sanitizer-coverage-8bit-counters=1" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) + append("-fsanitize-coverage=edge,indirect-calls,8bit-counters" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) endif() endif() diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index f848021ef13..949ccd58418 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -14,7 +14,8 @@ This library is intended primarily for in-process coverage-guided fuzz testing * Build the Fuzzer library as a static archive (or just a set of .o files). Note that the Fuzzer contains the main() function. Preferably do *not* use sanitizers while building the Fuzzer. -* Build the library you are going to test with -fsanitize-coverage=[234] +* Build the library you are going to test with + `-fsanitize-coverage={bb,edge}[,indirect-calls]` and one of the sanitizers. We recommend to build the library in several different modes (e.g. asan, msan, lsan, ubsan, etc) and even using different optimizations options (e.g. -O0, -O1, -O2) to diversify testing. @@ -68,7 +69,7 @@ A simple function that does something interesting if it receives the input "HI!" # Build lib/Fuzzer files. clang -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer # Build test_fuzzer.cc with asan and link against lib/Fuzzer. - clang++ -fsanitize=address -fsanitize-coverage=3 test_fuzzer.cc Fuzzer*.o + clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc Fuzzer*.o # Run the fuzzer with no corpus. ./a.out @@ -79,7 +80,7 @@ PCRE2 Here we show how to use lib/Fuzzer on something real, yet simple: pcre2_:: - COV_FLAGS=" -fsanitize-coverage=4 -mllvm -sanitizer-coverage-8bit-counters=1" + COV_FLAGS=" -fsanitize-coverage=edge,indirect-calls,8bit-counters" # Get PCRE2 svn co svn://vcs.exim.org/pcre2/code/trunk pcre # Get lib/Fuzzer. Assuming that you already have fresh clang in PATH. @@ -172,7 +173,7 @@ to find Heartbleed with LibFuzzer:: wget https://www.openssl.org/source/openssl-1.0.1f.tar.gz tar xf openssl-1.0.1f.tar.gz - COV_FLAGS="-fsanitize-coverage=4" # -mllvm -sanitizer-coverage-8bit-counters=1" + COV_FLAGS="-fsanitize-coverage=edge,indirect-calls" # -fsanitize-coverage=8bit-counters (cd openssl-1.0.1f/ && ./config && make -j 32 CC="clang -g -fsanitize=address $COV_FLAGS") # Get and build LibFuzzer diff --git a/lib/Fuzzer/FuzzerDFSan.cpp b/lib/Fuzzer/FuzzerDFSan.cpp index 5e9a37dcff4..53f852e6bb0 100644 --- a/lib/Fuzzer/FuzzerDFSan.cpp +++ b/lib/Fuzzer/FuzzerDFSan.cpp @@ -57,8 +57,7 @@ ( cd $LLVM/lib/Fuzzer/ clang -fPIC -c -g -O2 -std=c++11 Fuzzer*.cpp - clang++ -O0 -std=c++11 -fsanitize-coverage=3 \ - -mllvm -sanitizer-coverage-experimental-trace-compares=1 \ + clang++ -O0 -std=c++11 -fsanitize-coverage=edge,trace-cmp \ -fsanitize=dataflow \ test/dfsan/DFSanSimpleCmpTest.cpp Fuzzer*.o ./a.out diff --git a/lib/Fuzzer/test/CMakeLists.txt b/lib/Fuzzer/test/CMakeLists.txt index 1692734d9be..1080b30ec39 100644 --- a/lib/Fuzzer/test/CMakeLists.txt +++ b/lib/Fuzzer/test/CMakeLists.txt @@ -2,7 +2,7 @@ # basic blocks and we'll fail to discover the targets. # Also enable the coverage instrumentation back (it is disabled # for the Fuzzer lib) -set(CMAKE_CXX_FLAGS_RELEASE "${LIBFUZZER_FLAGS_BASE} -O0 -fsanitize-coverage=4") +set(CMAKE_CXX_FLAGS_RELEASE "${LIBFUZZER_FLAGS_BASE} -O0 -fsanitize-coverage=edge,indirect-calls") set(Tests CounterTest