[Development] Submitting Qt to oss-fuzz

Peter Hartmann peter-qt at hartmann.tk
Wed Sep 5 12:40:00 CEST 2018


Hello Robert,

On 04.09.2018 14:03, Robert Löhning wrote:
> I saw your post and it helped me get started. Thanks for that!

cool, thanks for the feedback!

>
> By the way: In step 1 you use
> -fsanitize-coverage=edge
> whereas I followed LLVM's example [1] and used
> -fsanitize-coverage=trace-pc-guard
>
> Unfortunately the documentation seems to be a bit scarce. Could you
> please tell me briefly about the advantages of either one?
>
> I guess I should include "edge" to [2], shouldn't I? Instead of
> hacking the mkspec you could then just use
> <src>/configure -sanitize address -coverage edge <further params> 

The "-fsanitize-coverage=edge" just comes from an older clang version
when there was no trace-pc-guard. Nowadays "trace-pc-guard" without
other args implies "edge", so the latter can be ignored when configuring
with address sanitizer.

IIUC edge just provided information on whether a piece of code was
executed or not, while trace-pc-guard provides a callback which allows
for more fine-grained coverage information; the callback itself is then
implemented in libFuzzer.

What might be interesting to look at is "-fsanitize-coverage=trace-cmp"
though...

Regards,

Peter

-- 
Peter Hartmann // Titurelstrasse 2 // 89125 Munich // Germany
peter at hartmann.tk
www.peter.hartmann.tk





More information about the Development mailing list