RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2025-04-03 08:11:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[libFuzzer] better documentation for -fsanitize-coverage=trace-cmp

Browse Source 
llvm-svn: 287240
This commit is contained in:
Kostya Serebryany 2016-11-17 17:31:54 +00:00
parent 37f1e6770c
commit 4e1c2984fd
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/LibFuzzer.rst
View File

@ -451,12 +451,22 @@ The dictionary syntax is similar to that used by AFL_ for its ``-x`` option::
# the name of the keyword followed by '=' may be omitted: # the name of the keyword followed by '=' may be omitted:
"foo\x0Abar" "foo\x0Abar"
Value Profile
---------------
*EXPERIMENTAL*.
Tracing CMP instructions
------------------------
With an additional compiler flag ``-fsanitize-coverage=trace-cmp`` With an additional compiler flag ``-fsanitize-coverage=trace-cmp``
(see SanitizerCoverageTraceDataFlow_) (see SanitizerCoverageTraceDataFlow_)
libFuzzer will intercept CMP instructions and guide mutations based
on the arguments of intercepted CMP instructions. This may slow down
the fuzzing but is very likely to improve the results.
Value Profile
-------------
*EXPERIMENTAL*.
With ``-fsanitize-coverage=trace-cmp``
and extra run-time flag ``-use_value_profile=1`` the fuzzer will and extra run-time flag ``-use_value_profile=1`` the fuzzer will
collect value profiles for the parameters of compare instructions collect value profiles for the parameters of compare instructions
and treat some new values as new coverage. and treat some new values as new coverage.