RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2024-11-27 05:30:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[libFuzzer] update docs on -print_coverage/-dump_coverage

Browse Source 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@302498 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Kostya Serebryany 2017-05-09 01:34:27 +00:00
parent de20a5381a
commit ea56ec314e
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/LibFuzzer.rst
View File

@ -305,6 +305,10 @@ The most important command line options are:
- 1 : close ``stdout`` - 1 : close ``stdout``
- 2 : close ``stderr`` - 2 : close ``stderr``
- 3 : close both ``stdout`` and ``stderr``. - 3 : close both ``stdout`` and ``stderr``.
``-print_coverage``
If 1, print coverage information as text at exit.
``-dump_coverage``
If 1, dump coverage information as a .sancov file at exit.
For the full list of flags run the fuzzer binary with ``-help=1``. For the full list of flags run the fuzzer binary with ``-help=1``.
@ -543,12 +547,19 @@ You can get the coverage for your corpus like this:
.. code-block:: console .. code-block:: console
ASAN_OPTIONS=coverage=1 ./fuzzer CORPUS_DIR -runs=0 ./fuzzer CORPUS_DIR -runs=0 -print_coverage=1
This will run all tests in the CORPUS_DIR but will not perform any fuzzing. This will run all tests in the CORPUS_DIR but will not perform any fuzzing.
At the end of the process it will dump a single ``.sancov`` file with coverage At the end of the process it will print text describing what code has been covered and what hasn't.
information. See SanitizerCoverage_ for details on querying the file using the
``sancov`` tool. Alternatively, use
.. code-block:: console
./fuzzer CORPUS_DIR -runs=0 -dump_coverage=1
which will dump a ``.sancov`` file with coverage information.
See SanitizerCoverage_ for details on querying the file using the ``sancov`` tool.
You may also use other ways to visualize coverage, You may also use other ways to visualize coverage,
e.g. using `Clang coverage <http://clang.llvm.org/docs/SourceBasedCodeCoverage.html>`_, e.g. using `Clang coverage <http://clang.llvm.org/docs/SourceBasedCodeCoverage.html>`_,

8
lib/Fuzzer/FuzzerFlags.def
View File

@ -92,10 +92,10 @@ FUZZER_FLAG_INT(print_pcs, 0, "If 1, print out newly covered PCs.")
FUZZER_FLAG_INT(print_final_stats, 0, "If 1, print statistics at exit.") FUZZER_FLAG_INT(print_final_stats, 0, "If 1, print statistics at exit.")
FUZZER_FLAG_INT(print_corpus_stats, 0, FUZZER_FLAG_INT(print_corpus_stats, 0,
"If 1, print statistics on corpus elements at exit.") "If 1, print statistics on corpus elements at exit.")
FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information at exit." FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information as text"
" Experimental, only with trace-pc-guard") " at exit.")
FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information at exit." FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information as a"
" Experimental, only with trace-pc-guard") " .sancov file at exit.")
FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.") FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.")
FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.") FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.")
FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.") FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.")