qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] docs/fuzz: add instructions for generating a coverage re


From: Thomas Huth
Subject: Re: [PATCH 4/4] docs/fuzz: add instructions for generating a coverage report
Date: Tue, 21 Jul 2020 07:31:56 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 07/07/2020 06.41, Alexander Bulekov wrote:
> On 200706 1555, Alexander Bulekov wrote:
>> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
>> ---
>>  docs/devel/fuzzing.txt | 19 +++++++++++++++++++
>>  1 file changed, 19 insertions(+)
>>
>> diff --git a/docs/devel/fuzzing.txt b/docs/devel/fuzzing.txt
>> index 284d57f8fd..a9816ffce9 100644
>> --- a/docs/devel/fuzzing.txt
>> +++ b/docs/devel/fuzzing.txt
>> @@ -85,6 +85,25 @@ better coverage performance, depending on the target.
>>  Note that libFuzzer's exact behavior will depend on the version of
>>  clang and libFuzzer used to build the device fuzzers.
>>  
>> +== Generating Coverage Reports ==
>> +Code coverage is a crucial metric for evaluating a fuzzer's performance.
>> +libFuzzer's output provides a "cov: " column that provides a total number of
>> +unique blocks/edges covered. To examine coverage on a line-by-line basis we
>> +can use Clang coverage:
>> +
>> + 1. Configure libFuzzer to store a corpus of all interesting inputs (see
>> +    CORPUS_DIR above)
>> + 2. ./configure the QEMU build with:
>> +    --enable-sanitizers \
> Oops... that should be --enable-fuzzing \

I've pushed it with the fix applied to my qtest-next branch:

 https://gitlab.com/huth/qemu/-/commits/qtest-next/

  Thomas




reply via email to

[Prev in Thread] Current Thread [Next in Thread]