I'm working on a fuzzer using libFuzzer and I wanted to take a look at
how my coverage was doing, as per the instructions here:
First of all, I suspect the instructions there are out of date, but
passing -dump_coverage=1 to the binary rather than setting ASAN_OPTIONS
generated a .sancov file for me.
However, when I inspect this with the sancov tool, all of the line
numbers it reports are "<invalid>:0". I can list the covered and
uncovered functions successfully, but without locations it's really hard
to do anything with that information.
I've built with -gline-tables-only, as is the default when building llvm
with sanitizers enabled.
Have you seen this before? Am I doing something obviously wrong?
I haven’t seen this before. I suspect it is because of line-tables-only. Can you try it with full debug info?
I haven't seen this before. I suspect it is because of line-tables-only.
Can you try it with full debug info?
That would be strange.
-gline-tables-only is *the* recommended flag for all of the sanitizers, I'd
expect it to work.
I’ll need more details then. Maybe you can share the binary & its .sancov file? Or if you have a way to reproduce it?
So I tried using full debug info and it fails the same way, which is
probably to be expected. After poking around in test/tools/sancov I'm
fairly sure the problem is that I'm on macOS, given that almost all of
the tests there have "REQUIRES: x86_64-linux".
Mike Aizatsky <email@example.com> writes:
Are there instructions on how Inputs/foo.cpp was compiled to generate
the binaries in the sancov tests? We should probably create .sancov and
.symcov files for macOS so that we're actually testing it at all.
Justin Bogner <firstname.lastname@example.org> writes:
Yes, instructions are in Inputs/test.cpp (main test file).