From: George Dunlap <george.dunlap@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Ian Jackson <ian.jackson@citrix.com>,
Wei Liu <wei.liu2@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH 08/14] fuzz/x86_emulate: Add 'afl-cov' target
Date: Fri, 25 Aug 2017 17:43:37 +0100 [thread overview]
Message-ID: <20170825164343.29015-8-george.dunlap@citrix.com> (raw)
In-Reply-To: <20170825164343.29015-1-george.dunlap@citrix.com>
...to generate a "normal" coverage-instrumented binary, suitable for
use with gcov or afl-cov.
This is slightly annoying because:
- Every object file needs to have been instrumented to work
effectively
- You generally want to have both an afl-instrumented binary and a
gcov-instrumented binary at the same time, but
- gcov instrumentation and afl instrumentation are mutually exclusive
So when making the `afl-cov` target, generate a second set of object
files and a second binary with the `-cov` suffix.
Signed-off-by: George Dunlap <george.dunlap@citrix.com>
---
CC: Ian Jackson <ian.jackson@citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
---
.gitignore | 1 +
tools/fuzz/README.afl | 14 ++++++++++++++
tools/fuzz/x86_instruction_emulator/Makefile | 19 ++++++++++++++++++-
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/.gitignore b/.gitignore
index 594ffd9a7f..66bceb3ebe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -159,6 +159,7 @@ tools/fuzz/libelf/afl-libelf-fuzzer
tools/fuzz/x86_instruction_emulator/asm
tools/fuzz/x86_instruction_emulator/x86_emulate*
tools/fuzz/x86_instruction_emulator/afl-harness
+tools/fuzz/x86_instruction_emulator/afl-harness-cov
tools/helpers/_paths.h
tools/helpers/init-xenstore-domain
tools/helpers/xen-init-dom0
diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl
index 4758de2490..0d955b2687 100644
--- a/tools/fuzz/README.afl
+++ b/tools/fuzz/README.afl
@@ -41,3 +41,17 @@ Use the x86 instruction emulator fuzzer as an example.
$ $AFLPATH/afl-fuzz -t 1000 -i testcase_dir -o findings_dir -- ./afl-harness
Please see AFL documentation for more information.
+
+# GENERATING COVERAGE INFORMATION
+
+To use afl-cov or gcov, you need a separate binary instrumented to
+generate coverage data. To do this, use the target `afl-cov`:
+
+ $ make afl-cov #produces afl-harness-cov
+
+NOTE: Please also note that the coverage instrumentation hard-codes
+the absolute path for the instrumentation read and write files in the
+binary; so coverage data will always show up in the build directory no
+matter where you run the binary from.
+
+Please see afl-cov and/or gcov documentation for more information.
\ No newline at end of file
diff --git a/tools/fuzz/x86_instruction_emulator/Makefile b/tools/fuzz/x86_instruction_emulator/Makefile
index 10009dc08f..629e191029 100644
--- a/tools/fuzz/x86_instruction_emulator/Makefile
+++ b/tools/fuzz/x86_instruction_emulator/Makefile
@@ -23,19 +23,33 @@ x86_emulate_user.c x86_emulate_user.h: %:
CFLAGS += $(CFLAGS_xeninclude) -D__XEN_TOOLS__ -I.
+GCOV_FLAGS=--coverage
+
x86.h := asm/x86-vendors.h asm/x86-defns.h asm/msr-index.h
x86_emulate.h := x86_emulate_user.h x86_emulate/x86_emulate.h $(x86.h)
x86_emulate_user.o: x86_emulate_user.c x86_emulate/x86_emulate.c $(x86_emulate.h)
+x86_emulate_user-cov.o: x86_emulate_user.c x86_emulate/x86_emulate.c $(x86_emulate.h)
+ $(CC) -c $(CFLAGS) $(GCOV_FLAGS) -o $@ x86_emulate_user.c
+
fuzz-emul.o: $(x86_emulate.h)
+fuzz-emul-cov.o: fuzz-emul.c $(x86_emulate.h)
+ $(CC) -c $(CFLAGS) $(GCOV_FLAGS) -o $@ fuzz-emul.c
+
+afl-harness-cov.o: afl-harness.c
+ $(CC) -c $(CFLAGS) $(GCOV_FLAGS) $^ -o $@
+
x86-insn-fuzzer.a: fuzz-emul.o x86_emulate_user.o
$(AR) rc $@ $^
afl-harness: afl-harness.o fuzz-emul.o x86_emulate_user.o
$(CC) $(CFLAGS) $^ -o $@
+afl-harness-cov: afl-harness-cov.o fuzz-emul-cov.o x86_emulate_user-cov.o
+ $(CC) $(CFLAGS) $(GCOV_FLAGS) $^ -o $@
+
# Common targets
.PHONY: all
all: x86-insn-fuzz-all
@@ -46,7 +60,7 @@ distclean: clean
.PHONY: clean
clean:
- rm -f *.a *.o .*.d afl-harness
+ rm -f *.a *.o .*.d afl-harness afl-harness-cov *.gcda *.gcno *.gcov
.PHONY: install
install: all
@@ -55,3 +69,6 @@ install: all
.PHONY: afl
afl: afl-harness
+
+.PHONY: afl-cov
+afl-cov: afl-harness-cov
--
2.14.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-08-25 16:44 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-25 16:43 [PATCH 01/14] fuzz/x86_emulate: Remove redundant AFL hook George Dunlap
2017-08-25 16:43 ` [PATCH 02/14] x86emul/fuzz: add rudimentary limit checking George Dunlap
2017-08-25 16:43 ` [PATCH 03/14] fuzz/x86_emulate: Actually use cpu_regs input George Dunlap
2017-09-15 11:21 ` Wei Liu
2017-08-25 16:43 ` [PATCH 04/14] fuzz/x86_emulate: Add a better input size check George Dunlap
2017-08-25 17:42 ` Andrew Cooper
2017-09-15 11:39 ` Wei Liu
2017-09-25 9:36 ` George Dunlap
2017-09-25 11:08 ` George Dunlap
2017-08-25 16:43 ` [PATCH 05/14] fuzz/x86_emulate: Improve failure descriptions in x86_emulate harness George Dunlap
2017-09-15 11:41 ` Wei Liu
2017-09-15 11:47 ` George Dunlap
2017-08-25 16:43 ` [PATCH 06/14] fuzz/x86_emulate: Implement dread() and davail() George Dunlap
2017-08-25 17:45 ` Andrew Cooper
2017-09-14 17:06 ` George Dunlap
2017-09-25 11:40 ` George Dunlap
2017-08-25 16:43 ` [PATCH 07/14] fuzz/x86_emulate: Rename the file containing the wrapper code George Dunlap
2017-09-15 11:45 ` Wei Liu
2017-08-25 16:43 ` George Dunlap [this message]
2017-09-15 12:55 ` [PATCH 08/14] fuzz/x86_emulate: Add 'afl-cov' target Wei Liu
2017-09-15 12:57 ` Wei Liu
2017-09-15 13:28 ` George Dunlap
2017-08-25 16:43 ` [PATCH 09/14] fuzz/x86_emulate: Take multiple test files for inputs George Dunlap
2017-09-15 13:07 ` Wei Liu
2017-09-15 13:27 ` George Dunlap
2017-09-15 13:42 ` Wei Liu
2017-08-25 16:43 ` [PATCH 10/14] fuzz/x86_emulate: Move all state into fuzz_state George Dunlap
2017-08-25 16:43 ` [PATCH 11/14] fuzz/x86_emulate: Make input more compact George Dunlap
2017-08-25 16:52 ` George Dunlap
2017-08-25 17:59 ` Andrew Cooper
2017-08-28 9:10 ` George Dunlap
2017-08-25 16:43 ` [PATCH 12/14] fuzz/x86_emulate: Add --rerun option to try to track down instability George Dunlap
2017-09-15 13:30 ` Wei Liu
2017-08-25 16:43 ` [PATCH 13/14] fuzz/x86_emulate: Set and fuzz more CPU state George Dunlap
2017-08-25 16:43 ` [PATCH 14/14] fuzz/x86_emulate: Add an option to limit the number of instructions executed George Dunlap
2017-09-15 13:38 ` Wei Liu
2017-09-15 13:55 ` George Dunlap
2017-09-19 10:05 ` Wei Liu
2017-08-25 17:37 ` [PATCH 01/14] fuzz/x86_emulate: Remove redundant AFL hook Andrew Cooper
2017-08-28 10:34 ` George Dunlap
2017-09-14 15:26 ` George Dunlap
2017-09-22 15:47 ` George Dunlap
2017-09-22 16:09 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170825164343.29015-8-george.dunlap@citrix.com \
--to=george.dunlap@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.jackson@citrix.com \
--cc=jbeulich@suse.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).