[PATCH] D65672: [compiler-rt] Expose fuzzer coverage bitmaps to the target

Alexander Oleinik via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Aug 27 09:40:20 PDT 2019


a1xndr added a comment.

In D65672#1644661 <https://reviews.llvm.org/D65672#1644661>, @lebedev.ri wrote:

> Not a libfuzzer person, but i wonder if this lifts the veil from internal implementation detail too much?


I think this is true, but at the same time exposing this info to the fuzzer developer provides them with flexibility to build e.g. custom fork-servers. You can get most of the way there by wrapping libfuzzer's  __sanitizer_cov_8bit_counters_init etc using ld --wrap, but this doesn't cover internal counters such as TracePC::ValueProfileMap. 
To avoid copying for each fuzzing-run, the counters could even be stored in a dynamically-allocated buffers, provided by the fuzz-target. This way, there is no need to copy the counters, as they could be stored directly in SHM.


Repository:
  rCRT Compiler Runtime

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D65672/new/

https://reviews.llvm.org/D65672





More information about the llvm-commits mailing list