[Development] Submitting Qt to oss-fuzz
Peter Hartmann
peter-qt at hartmann.tk
Wed Sep 5 12:40:00 CEST 2018
Hello Robert,
On 04.09.2018 14:03, Robert Löhning wrote:
> I saw your post and it helped me get started. Thanks for that!
cool, thanks for the feedback!
>
> By the way: In step 1 you use
> -fsanitize-coverage=edge
> whereas I followed LLVM's example [1] and used
> -fsanitize-coverage=trace-pc-guard
>
> Unfortunately the documentation seems to be a bit scarce. Could you
> please tell me briefly about the advantages of either one?
>
> I guess I should include "edge" to [2], shouldn't I? Instead of
> hacking the mkspec you could then just use
> <src>/configure -sanitize address -coverage edge <further params>
The "-fsanitize-coverage=edge" just comes from an older clang version
when there was no trace-pc-guard. Nowadays "trace-pc-guard" without
other args implies "edge", so the latter can be ignored when configuring
with address sanitizer.
IIUC edge just provided information on whether a piece of code was
executed or not, while trace-pc-guard provides a callback which allows
for more fine-grained coverage information; the callback itself is then
implemented in libFuzzer.
What might be interesting to look at is "-fsanitize-coverage=trace-cmp"
though...
Regards,
Peter
--
Peter Hartmann // Titurelstrasse 2 // 89125 Munich // Germany
peter at hartmann.tk
www.peter.hartmann.tk
More information about the Development
mailing list