Displaying 3 results from an estimated 3 matches for "print_coverage".
2016 Sep 21
3
-sanitizer-coverage-prune-blocks=true and LibFuzzer
Hello,
Is this reproducible?
> Fuzzing is a probabilistic business and one or even two runs don't prove
> much.
>
I've reproduced the behavior on two different machines. Attached is a
script to do so. To use the script,
- create an empty folder and copy both prune-blocks.sh and
ff-http-parser.sh in there
- ensure clang and clang++ are in your $PATH
- cd /path/to/prune-blocks.sh
2016 Sep 21
2
-sanitizer-coverage-prune-blocks=true and LibFuzzer
...1640
>
> Conclusions:
> * testing a fuzzing engine is not trivial :(
> * testing it on a very short run with a single seed may be misleading
>
>
> BTW, I am also looking into more automation of libFuzzer testing.
> With trace-pc-guard we now have libFuzzer's flag -print_coverage=1 that will print all the covered lines.
> My hope is that this feature can be used for more detailed analysis of coverage differences.
>
> --kcc
>
>
> On Wed, Sep 21, 2016 at 6:00 AM, Jonas Wagner <jonas.wagner at epfl.ch <mailto:jonas.wagner at epfl.ch>> wrote:...
2016 Sep 21
2
-sanitizer-coverage-prune-blocks=true and LibFuzzer
...sions:
>> * testing a fuzzing engine is not trivial :(
>> * testing it on a very short run with a single seed may be misleading
>>
>>
>> BTW, I am also looking into more automation of libFuzzer testing.
>> With trace-pc-guard we now have libFuzzer's flag -print_coverage=1 that will print all the covered lines.
>> My hope is that this feature can be used for more detailed analysis of coverage differences.
>>
>> --kcc
>>
>>
>> On Wed, Sep 21, 2016 at 6:00 AM, Jonas Wagner <jonas.wagner at epfl.ch <mailto:jonas.wagner a...