From: George Dunlap <george.dunlap@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Ian Jackson <ian.jackson@citrix.com>,
Wei Liu <wei.liu2@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH v3 05/12] fuzz/x86_emulate: Add 'afl-cov' target
Date: Tue, 10 Oct 2017 17:20:04 +0100 [thread overview]
Message-ID: <20171010162011.9629-5-george.dunlap@citrix.com> (raw)
In-Reply-To: <20171010162011.9629-1-george.dunlap@citrix.com>
...to generate a "normal" coverage-instrumented binary, suitable for
use with gcov or afl-cov.
This is slightly annoying because:
- Every object file needs to have been instrumented to work
effectively
- You generally want to have both an afl-instrumented binary and a
gcov-instrumented binary at the same time, but
- gcov instrumentation and afl instrumentation are mutually exclusive
So when making the `afl-cov` target, generate a second set of object
files and a second binary with the `-cov` suffix.
While we're here, remove the redundant x86-emulate.c dependency for
x86-emulate.o.
Signed-off-by: George Dunlap <george.dunlap@citrix.com>
---
v3:
- Rebase on new versions of previous patch (mainly x86-emulate.* rename)
- Tighten up build rules
- Add newline at the end of README.afl
- Use := for GCOV_FLAGS in Makefile
Changes in v2:
- Pull 'inputs' to x86_emulate_user* into a make variable to avoid duplication
CC: Ian Jackson <ian.jackson@citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
---
.gitignore | 1 +
tools/fuzz/README.afl | 14 ++++++++++++++
tools/fuzz/x86_instruction_emulator/Makefile | 17 ++++++++++++++---
3 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/.gitignore b/.gitignore
index ef27553a2d..0514842dae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,6 +163,7 @@ tools/fuzz/x86_instruction_emulator/asm
tools/fuzz/x86_instruction_emulator/x86_emulate
tools/fuzz/x86_instruction_emulator/x86-emulate.[ch]
tools/fuzz/x86_instruction_emulator/afl-harness
+tools/fuzz/x86_instruction_emulator/afl-harness-cov
tools/helpers/_paths.h
tools/helpers/init-xenstore-domain
tools/helpers/xen-init-dom0
diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl
index 4758de2490..8b58b8cdea 100644
--- a/tools/fuzz/README.afl
+++ b/tools/fuzz/README.afl
@@ -41,3 +41,17 @@ Use the x86 instruction emulator fuzzer as an example.
$ $AFLPATH/afl-fuzz -t 1000 -i testcase_dir -o findings_dir -- ./afl-harness
Please see AFL documentation for more information.
+
+# GENERATING COVERAGE INFORMATION
+
+To use afl-cov or gcov, you need a separate binary instrumented to
+generate coverage data. To do this, use the target `afl-cov`:
+
+ $ make afl-cov #produces afl-harness-cov
+
+NOTE: Please also note that the coverage instrumentation hard-codes
+the absolute path for the instrumentation read and write files in the
+binary; so coverage data will always show up in the build directory no
+matter where you run the binary from.
+
+Please see afl-cov and/or gcov documentation for more information.
diff --git a/tools/fuzz/x86_instruction_emulator/Makefile b/tools/fuzz/x86_instruction_emulator/Makefile
index 107bf62a21..cb561aec3f 100644
--- a/tools/fuzz/x86_instruction_emulator/Makefile
+++ b/tools/fuzz/x86_instruction_emulator/Makefile
@@ -23,12 +23,17 @@ x86-emulate.c x86-emulate.h: %:
CFLAGS += $(CFLAGS_xeninclude) -D__XEN_TOOLS__ -I.
+GCOV_FLAGS := --coverage
+%-cov.o: %.c
+ $(CC) -c $(CFLAGS) $(GCOV_FLAGS) $< -o $@
+
x86.h := asm/x86-vendors.h asm/x86-defns.h asm/msr-index.h
x86_emulate.h := x86-emulate.h x86_emulate/x86_emulate.h $(x86.h)
-x86-emulate.o: x86-emulate.c x86_emulate/x86_emulate.c $(x86_emulate.h)
+# x86-emulate.c will be implicit for both
+x86-emulate.o x86-emulate-cov.o: x86_emulate/x86_emulate.c $(x86_emulate.h)
-fuzz-emul.o: $(x86_emulate.h)
+fuzz-emul.o fuzz-emulate-cov.o: $(x86_emulate.h)
x86-insn-fuzzer.a: fuzz-emul.o x86-emulate.o
$(AR) rc $@ $^
@@ -36,6 +41,9 @@ x86-insn-fuzzer.a: fuzz-emul.o x86-emulate.o
afl-harness: afl-harness.o fuzz-emul.o x86-emulate.o
$(CC) $(CFLAGS) $^ -o $@
+afl-harness-cov: afl-harness-cov.o fuzz-emul-cov.o x86-emulate-cov.o
+ $(CC) $(CFLAGS) $(GCOV_FLAGS) $^ -o $@
+
# Common targets
.PHONY: all
all: x86-insn-fuzz-all
@@ -46,7 +54,7 @@ distclean: clean
.PHONY: clean
clean:
- rm -f *.a *.o .*.d afl-harness
+ rm -f *.a *.o .*.d afl-harness afl-harness-cov *.gcda *.gcno *.gcov
.PHONY: install
install: all
@@ -55,3 +63,6 @@ install: all
.PHONY: afl
afl: afl-harness
+
+.PHONY: afl-cov
+afl-cov: afl-harness-cov
--
2.14.2
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-10-10 22:00 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-10 16:20 [PATCH v3 01/12] fuzz/x86_emulate: Clear errors after each iteration George Dunlap
2017-10-10 16:20 ` [PATCH v3 02/12] fuzz/x86_emulate: Improve failure descriptions in x86_emulate harness George Dunlap
2017-10-10 16:20 ` [PATCH v3 03/12] fuzz/x86_emulate: Implement input_read() and input_avail() George Dunlap
2017-10-10 16:52 ` Andrew Cooper
2017-10-10 17:24 ` Ian Jackson
2017-10-10 16:20 ` [PATCH v3 04/12] fuzz/x86_emulate: Rename the file containing the wrapper code George Dunlap
2017-10-11 9:03 ` Jan Beulich
2017-10-10 16:20 ` George Dunlap [this message]
2017-10-10 16:53 ` [PATCH v3 05/12] fuzz/x86_emulate: Add 'afl-cov' target Andrew Cooper
2017-10-10 16:20 ` [PATCH v3 06/12] fuzz/x86_emulate: Take multiple test files for inputs George Dunlap
2017-10-10 16:56 ` Andrew Cooper
2017-10-10 16:58 ` George Dunlap
2017-10-10 17:56 ` Andrew Cooper
2017-10-10 16:20 ` [PATCH v3 07/12] fuzz/x86_emulate: Move all state into fuzz_state George Dunlap
2017-10-10 18:20 ` Andrew Cooper
2017-10-11 11:30 ` George Dunlap
2017-10-11 14:50 ` George Dunlap
2017-10-10 16:20 ` [PATCH v3 08/12] fuzz/x86_emulate: Move definitions into a header George Dunlap
2017-10-10 17:25 ` Ian Jackson
2017-10-11 9:09 ` Jan Beulich
2017-10-10 16:20 ` [PATCH v3 09/12] fuzz/x86_emulate: Make input more compact George Dunlap
2017-10-10 16:59 ` Andrew Cooper
2017-10-10 17:01 ` George Dunlap
2017-10-10 17:11 ` Andrew Cooper
2017-10-10 17:13 ` George Dunlap
2017-10-10 17:31 ` Andrew Cooper
2017-10-10 20:55 ` George Dunlap
2017-10-10 17:26 ` Ian Jackson
2017-10-10 18:57 ` George Dunlap
2017-10-11 9:18 ` Jan Beulich
2017-10-10 16:20 ` [PATCH v3 10/12] fuzz/x86_emulate: Add --rerun option to try to track down instability George Dunlap
2017-10-10 18:44 ` Andrew Cooper
2017-10-11 9:20 ` Jan Beulich
2017-10-11 15:56 ` George Dunlap
2017-10-10 16:20 ` [PATCH v3 11/12] fuzz/x86_emulate: Set and fuzz more CPU state George Dunlap
2017-10-11 9:31 ` Jan Beulich
2017-10-11 16:52 ` George Dunlap
2017-10-12 9:58 ` Jan Beulich
2017-10-10 16:20 ` [PATCH v3 12/12] fuzz/x86_emulate: Add an option to limit the number of instructions executed George Dunlap
2017-10-11 9:34 ` Jan Beulich
2017-10-10 16:47 ` [PATCH v3 01/12] fuzz/x86_emulate: Clear errors after each iteration George Dunlap
2017-10-10 16:47 ` Andrew Cooper
2017-10-11 8:59 ` Jan Beulich
2017-10-10 17:22 ` Ian Jackson
2017-10-11 9:00 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171010162011.9629-5-george.dunlap@citrix.com \
--to=george.dunlap@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.jackson@citrix.com \
--cc=jbeulich@suse.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.