llvm.org GIT mirror llvm / 0a4c4a2
[libFuzzer] recommend Clang Coverage for coverage visualization git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@310751 91177308-0d34-0410-b5e6-96231b3b80d8 Kostya Serebryany 2 years ago
1 changed file(s) with 6 addition(s) and 26 deletion(s). Raw diff Collapse all Expand all
316316 - 1 : close ``stdout``
317317 - 2 : close ``stderr``
318318 - 3 : close both ``stdout`` and ``stderr``.
319 ``-print_coverage``
320 If 1, print coverage information as text at exit.
321 ``-dump_coverage``
322 If 1, dump coverage information as a .sancov file at exit.
323319
324320 For the full list of flags run the fuzzer binary with ``-help=1``.
325321
557553 Once you implement your target function ``LLVMFuzzerTestOneInput`` and fuzz it to death,
558554 you will want to know whether the function or the corpus can be improved further.
559555 One easy to use metric is, of course, code coverage.
560 You can get the coverage for your corpus like this:
561
562 .. code-block:: console
563
564 ./fuzzer CORPUS_DIR -runs=0 -print_coverage=1
565
566 This will run all tests in the CORPUS_DIR but will not perform any fuzzing.
567 At the end of the process it will print text describing what code has been covered and what hasn't.
568
569 Alternatively, use
570
571 .. code-block:: console
572
573 ./fuzzer CORPUS_DIR -runs=0 -dump_coverage=1
574
575 which will dump a ``.sancov`` file with coverage information.
576 See SanitizerCoverage_ for details on querying the file using the ``sancov`` tool.
577
578 You may also use other ways to visualize coverage,
579 e.g. using `Clang coverage `_,
580 but those will require
581 you to rebuild the code with different compiler flags.
556
557 We recommend to use
558 `Clang Coverage `_,
559 to visualize and study your code coverage
560 (`example `_).
561
582562
583563 User-supplied mutators
584564 ----------------------