[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 08/14] fuzz/x86_emulate: Add 'afl-cov' target



On Fri, Aug 25, 2017 at 05:43:37PM +0100, George Dunlap wrote:
> ...to generate a "normal" coverage-instrumented binary, suitable for
> use with gcov or afl-cov.
> 
> This is slightly annoying because:
> 
>  - Every object file needs to have been instrumented to work
>    effectively
> 
>  - You generally want to have both an afl-instrumented binary and a
>    gcov-instrumented binary at the same time, but
> 
>  - gcov instrumentation and afl instrumentation are mutually exclusive
> 
> So when making the `afl-cov` target, generate a second set of object
> files and a second binary with the `-cov` suffix.
> 
> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
> ---
> CC: Ian Jackson <ian.jackson@xxxxxxxxxx>
> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> CC: Jan Beulich <jbeulich@xxxxxxxx>
> ---
>  .gitignore                                   |  1 +
>  tools/fuzz/README.afl                        | 14 ++++++++++++++
>  tools/fuzz/x86_instruction_emulator/Makefile | 19 ++++++++++++++++++-
>  3 files changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/.gitignore b/.gitignore
> index 594ffd9a7f..66bceb3ebe 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -159,6 +159,7 @@ tools/fuzz/libelf/afl-libelf-fuzzer
>  tools/fuzz/x86_instruction_emulator/asm
>  tools/fuzz/x86_instruction_emulator/x86_emulate*
>  tools/fuzz/x86_instruction_emulator/afl-harness
> +tools/fuzz/x86_instruction_emulator/afl-harness-cov
>  tools/helpers/_paths.h
>  tools/helpers/init-xenstore-domain
>  tools/helpers/xen-init-dom0
> diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl
> index 4758de2490..0d955b2687 100644
> --- a/tools/fuzz/README.afl
> +++ b/tools/fuzz/README.afl
> @@ -41,3 +41,17 @@ Use the x86 instruction emulator fuzzer as an example.
>     $ $AFLPATH/afl-fuzz -t 1000 -i testcase_dir -o findings_dir -- 
> ./afl-harness
>  
>  Please see AFL documentation for more information.
> +
> +# GENERATING COVERAGE INFORMATION
> +
> +To use afl-cov or gcov, you need a separate binary instrumented to
> +generate coverage data.  To do this, use the target `afl-cov`:
> +
> +    $ make afl-cov #produces afl-harness-cov
> +
> +NOTE: Please also note that the coverage instrumentation hard-codes
> +the absolute path for the instrumentation read and write files in the
> +binary; so coverage data will always show up in the build directory no
> +matter where you run the binary from.
> +
> +Please see afl-cov and/or gcov documentation for more information.
> \ No newline at end of file
> diff --git a/tools/fuzz/x86_instruction_emulator/Makefile 
> b/tools/fuzz/x86_instruction_emulator/Makefile
> index 10009dc08f..629e191029 100644
> --- a/tools/fuzz/x86_instruction_emulator/Makefile
> +++ b/tools/fuzz/x86_instruction_emulator/Makefile
> @@ -23,19 +23,33 @@ x86_emulate_user.c x86_emulate_user.h: %:
>  
>  CFLAGS += $(CFLAGS_xeninclude) -D__XEN_TOOLS__ -I.
>  
> +GCOV_FLAGS=--coverage
> +
>  x86.h := asm/x86-vendors.h asm/x86-defns.h asm/msr-index.h
>  x86_emulate.h := x86_emulate_user.h x86_emulate/x86_emulate.h $(x86.h)
>  
>  x86_emulate_user.o: x86_emulate_user.c x86_emulate/x86_emulate.c 
> $(x86_emulate.h)
>  
> +x86_emulate_user-cov.o: x86_emulate_user.c x86_emulate/x86_emulate.c 
> $(x86_emulate.h)

The dependencies should be factored out and used by this and the
non-gcov target.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.