Hello Robert, On 04.09.2018 14:03, Robert Löhning wrote: > I saw your post and it helped me get started. Thanks for that!
cool, thanks for the feedback! > > By the way: In step 1 you use > -fsanitize-coverage=edge > whereas I followed LLVM's example [1] and used > -fsanitize-coverage=trace-pc-guard > > Unfortunately the documentation seems to be a bit scarce. Could you > please tell me briefly about the advantages of either one? > > I guess I should include "edge" to [2], shouldn't I? Instead of > hacking the mkspec you could then just use > <src>/configure -sanitize address -coverage edge <further params> The "-fsanitize-coverage=edge" just comes from an older clang version when there was no trace-pc-guard. Nowadays "trace-pc-guard" without other args implies "edge", so the latter can be ignored when configuring with address sanitizer. IIUC edge just provided information on whether a piece of code was executed or not, while trace-pc-guard provides a callback which allows for more fine-grained coverage information; the callback itself is then implemented in libFuzzer. What might be interesting to look at is "-fsanitize-coverage=trace-cmp" though... Regards, Peter -- Peter Hartmann // Titurelstrasse 2 // 89125 Munich // Germany [email protected] www.peter.hartmann.tk _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
