From ea56ec314ef068b71224c75f2c19aff729657477 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Tue, 9 May 2017 01:34:27 +0000 Subject: [PATCH] [libFuzzer] update docs on -print_coverage/-dump_coverage git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@302498 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/LibFuzzer.rst | 19 +++++++++++++++---- lib/Fuzzer/FuzzerFlags.def | 8 ++++---- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index a11baa720ec..5acfa04ce1f 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -305,6 +305,10 @@ The most important command line options are: - 1 : close ``stdout`` - 2 : close ``stderr`` - 3 : close both ``stdout`` and ``stderr``. +``-print_coverage`` + If 1, print coverage information as text at exit. +``-dump_coverage`` + If 1, dump coverage information as a .sancov file at exit. For the full list of flags run the fuzzer binary with ``-help=1``. @@ -543,12 +547,19 @@ You can get the coverage for your corpus like this: .. code-block:: console - ASAN_OPTIONS=coverage=1 ./fuzzer CORPUS_DIR -runs=0 + ./fuzzer CORPUS_DIR -runs=0 -print_coverage=1 This will run all tests in the CORPUS_DIR but will not perform any fuzzing. -At the end of the process it will dump a single ``.sancov`` file with coverage -information. See SanitizerCoverage_ for details on querying the file using the -``sancov`` tool. +At the end of the process it will print text describing what code has been covered and what hasn't. + +Alternatively, use + +.. code-block:: console + + ./fuzzer CORPUS_DIR -runs=0 -dump_coverage=1 + +which will dump a ``.sancov`` file with coverage information. +See SanitizerCoverage_ for details on querying the file using the ``sancov`` tool. You may also use other ways to visualize coverage, e.g. using `Clang coverage `_, diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index 0a1ff1b1df6..7ff196c8fa9 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -92,10 +92,10 @@ FUZZER_FLAG_INT(print_pcs, 0, "If 1, print out newly covered PCs.") FUZZER_FLAG_INT(print_final_stats, 0, "If 1, print statistics at exit.") FUZZER_FLAG_INT(print_corpus_stats, 0, "If 1, print statistics on corpus elements at exit.") -FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information at exit." - " Experimental, only with trace-pc-guard") -FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information at exit." - " Experimental, only with trace-pc-guard") +FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information as text" + " at exit.") +FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information as a" + " .sancov file at exit.") FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.") FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.") FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.")