[llvm] r287240 - [libFuzzer] better documentation for -fsanitize-coverage=trace-cmp
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 17 09:31:54 PST 2016
Author: kcc
Date: Thu Nov 17 11:31:54 2016
New Revision: 287240
URL: http://llvm.org/viewvc/llvm-project?rev=287240&view=rev
Log:
[libFuzzer] better documentation for -fsanitize-coverage=trace-cmp
Modified:
llvm/trunk/docs/LibFuzzer.rst
Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=287240&r1=287239&r2=287240&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Thu Nov 17 11:31:54 2016
@@ -451,12 +451,22 @@ The dictionary syntax is similar to that
# the name of the keyword followed by '=' may be omitted:
"foo\x0Abar"
-Value Profile
----------------
-*EXPERIMENTAL*.
+
+Tracing CMP instructions
+------------------------
+
With an additional compiler flag ``-fsanitize-coverage=trace-cmp``
(see SanitizerCoverageTraceDataFlow_)
+libFuzzer will intercept CMP instructions and guide mutations based
+on the arguments of intercepted CMP instructions. This may slow down
+the fuzzing but is very likely to improve the results.
+
+Value Profile
+-------------
+
+*EXPERIMENTAL*.
+With ``-fsanitize-coverage=trace-cmp``
and extra run-time flag ``-use_value_profile=1`` the fuzzer will
collect value profiles for the parameters of compare instructions
and treat some new values as new coverage.
More information about the llvm-commits
mailing list