similar to: sancov reporting all locations as <invalid>:0

Justin, I haven't seen this before. I suspect it is because of line-tables-only. Can you try it with full debug info? On Tue, Mar 7, 2017 at 12:36 PM Kostya Serebryany <kcc at google.com> wrote: > +aizatsky > > On Tue, Mar 7, 2017 at 12:34 PM, Justin Bogner <mail at justinbogner.com> > wrote: > > I'm working on a fuzzer using libFuzzer and I wanted to take

I'll need more details then. Maybe you can share the binary & its .sancov file? Or if you have a way to reproduce it? On Tue, Mar 7, 2017 at 1:23 PM Kostya Serebryany <kcc at google.com> wrote: > On Tue, Mar 7, 2017 at 12:50 PM, Mike Aizatsky <aizatsky at google.com> > wrote: > > Justin, > > I haven't seen this before. I suspect it is because of

I think the simplest fix is something like this: diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp index c6f0d17f8fe..e81957ab80a 100644 --- a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp +++ b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp @@ -256,6 +256,7 @@ SanitizerCoverageModule::CreateSecStartEnd(Module

Given the following C++ code: ``` // test.cpp struct Foo { int public_foo(); int outside_foo(); [[gnu::always_inline]] int inline_foo() { int x = outside_foo(); if (x % 17) { x += 1; } return x; } [[gnu::noinline]] int inline_bar1() { int x = inline_foo(); if (x % 23) { x += 2; } return x; } [[gnu::noinline]] int inline_bar2() {

On Thu, Aug 24, 2017 at 3:21 PM, Kostya Serebryany via llvm-dev < llvm-dev at lists.llvm.org> wrote: > > > On Thu, Aug 24, 2017 at 3:20 PM, Justin Bogner <mail at justinbogner.com> > wrote: > >> I think the simplest fix is something like this: >> >> diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp >>

On Thu, Aug 24, 2017 at 3:38 PM, Kostya Serebryany <kcc at google.com> wrote: > > > On Thu, Aug 24, 2017 at 3:35 PM, Peter Collingbourne <peter at pcc.me.uk> > wrote: > >> On Thu, Aug 24, 2017 at 3:21 PM, Kostya Serebryany via llvm-dev < >> llvm-dev at lists.llvm.org> wrote: >> >>> >>> >>> On Thu, Aug 24, 2017 at 3:20

On Thu, Aug 24, 2017 at 6:30 PM, Justin Bogner <mail at justinbogner.com> wrote: > Peter Collingbourne <peter at pcc.me.uk> writes: > > On Thu, Aug 24, 2017 at 3:38 PM, Kostya Serebryany <kcc at google.com> > wrote: > > > >> > >> > >> On Thu, Aug 24, 2017 at 3:35 PM, Peter Collingbourne <peter at pcc.me.uk> > >> wrote:

Kostya Serebryany <kcc at google.com> writes: > Justin, > Calling appendToUsed has horrible complexity and if we call it in > every function clang consumes tons of memory (6Gb when compiling one > of the clang's source files). This killed my machine today :) > > The solution is to call appendToUsed once per module, instead of once > per function. Oh right,

> On Aug 24, 2017, at 2:55 PM, Kostya Serebryany <kcc at google.com> wrote: > > Interesting. > This is a relatively new addition (fsanitize-coverage=pc-tables, which is now a part of -fsanitize=fuzzer). > The tests worked (did they? On Mac?) so I thought everything is ok. For tests we never compile the tested target with -O3 (and that wouldn’t be sufficient), and for

Greg, This is lots of useful feedback! I'll reply to individual bullets when time permits (mostly after the holidays). If you find a bug in Postgres with libFuzzer, please let us know so that we can add it to http://llvm.org/docs/LibFuzzer.html#trophies On Sat, Sep 5, 2015 at 8:40 AM, Greg Stark via llvm-dev < llvm-dev at lists.llvm.org> wrote: > On Sat, Sep 5, 2015 at 1:50 PM,

Hi Mitch, Thank you for the response. 1. You don't need to build the library with `-fsanitize-coverage=...`, using `-fsanitize=fuzzer-no-link,address` should be sufficient. - Acknowledged 2. (although you can actually build object files/shared libraries with -fsanitize=fuzzer, and the libFuzzer main won't be linked, if this makes your build process easier). - with just the *fuzzer

This is a pretty nice warning. Should we enable it for LLVM's build when the host compiler supports it? Benjamin Kramer via llvm-commits <llvm-commits at lists.llvm.org> writes: > Author: d0k > Date: Mon Feb 22 07:11:58 2016 > New Revision: 261524 > > URL: http://llvm.org/viewvc/llvm-project?rev=261524&view=rev > Log: > Fix some abuse of auto flagged by

Hi Alex Thanks for your email. But it seems not work. I removed the -fsanitize=address flag. The global buffer overflow message doesn't show. However, no *.sancov file is created after I run perlbench. Thus, I could not get the BB coverage. Do you have any ideas? Many Thanks Regards Muhui Alexander Potapenko <glider at google.com> 于2018年9月5日周三 下午7:14写道： > Hi Muhui, > > If

Is there is minimum required version for GCC to build LLVM from the head revision? I have GCC v4.9.3, but 'Tools/sancov/sancov.cc' won't build because 'std::to_string' does not exist. When running CMake it did not flag GCC v4.9.3 as too old, and it is passing the '-std=gnu++11' option, but apparently this version of GCC is not fully C++ 11 compliant, or at least

Hi Fangrui, Many thanks for providing such detailed feedback! Please find my comments inlined below. - Ammar On Sun, Jun 28, 2020 at 5:59 AM Fangrui Song <maskray at google.com> wrote: > On 2020-06-26, Ammar Ben Khadra via llvm-dev wrote: > >## TL;DR > > > >We introduce bcov, an open-source binary-level coverage analysis tool [1]. > >The details are discussed

HI think I have a fairly nicely integrated Libfuzzer based fuzzer in Postgres now. I can run things like: SELECT fuzz(100000,'select regexp_matches(''foo/bar/baz'',$1,''g'')') Which makes it convenient to fuzz arbitrary public functions available in SQL. (I haven't figured out what interface to make for fuzzing internal functions which take char

Hi, I'm playing around with LLVM and stumbled upon this issue while while performing "make install". The build itself was successful. I'm using the latest git version. #make install -- Installing: /home/alesko/llvm-install/bin/llvm-mc -- Installing: /home/alesko/llvm-install/bin/sancov -- Installing: /home/alesko/llvm-install/bin/opt -- Installing:

Hi! My cron-based worker is being indeed invoked by backgroundRB at correct times. But... After several runs it can no longer find DB columns! The same query, which was running OK an hour ago starts to throw MySQL error about unkown column in where clause. If I restart backgroundrb it works for some time but stops working after several invocations. Has anyone epxerienced the similar beahviour?

Rafael, Filipe, I am looking at the fixes you apply to sanitizer tests and they worry me. (e.g. https://reviews.llvm.org/D31498) The fixes are mostly mechanical and thus every single change looks safe, but given the amount of changes there is large risk to cripple some of the tests in a way that they will stop detecting failures. When I write a test for new functionality, I always verify that

I need some help figuring out existing pass problem. I've submitted a CL on Friday (http://reviews.llvm.org/rL262103) that broke _only_ armv7 & aarch64 bots: "Pass 'SanitizerCoverageModule' is not initialized." (it was rolled back). Today I've obtained access to aarch64 machine today, applied the patch and check-all passes without any issues (terminal capture at the