From patchwork Wed Oct 11 17:52:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Dunlap X-Patchwork-Id: 10000255 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3406860244 for ; Wed, 11 Oct 2017 17:55:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2918928ADE for ; Wed, 11 Oct 2017 17:55:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E0EF28B01; Wed, 11 Oct 2017 17:55:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AA8F628ADE for ; Wed, 11 Oct 2017 17:55:27 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2LBf-0000ZZ-3I; Wed, 11 Oct 2017 17:52:55 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2LBe-0000YN-AJ for xen-devel@lists.xenproject.org; Wed, 11 Oct 2017 17:52:54 +0000 Received: from [85.158.137.68] by server-2.bemta-3.messagelabs.com id 0A/A0-23363-57A5ED95; Wed, 11 Oct 2017 17:52:53 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOIsWRWlGSWpSXmKPExsXitHRDpG5J1L1 Ig7dnTCy+b5nM5MDocfjDFZYAxijWzLyk/IoE1oy3UxoYCw4pVhyYdYC9gfGSTBcjJ4eEgL/E 4rXzWUBsNgE9iXnHvwLZHBwiAioSt/cadDFycTAL7GeU6P36gw2kRljAQeLcv7esIDaLgKrE4 2kQcV4BW4l9F0+yQcyUl3i/4D4jiM0pYCfx5vF9sHohoJoVS/cyQtiqEosfHGWH6BWUODnzCd gNzAISEgdfvGCewMg7C0lqFpLUAkamVYwaxalFZalFukaGeklFmekZJbmJmTm6hgbGermpxcW J6ak5iUnFesn5uZsYgcFTz8DAuIOxZ6/fIUZJDiYlUd5gvXuRQnxJ+SmVGYnFGfFFpTmpxYcY ZTg4lCR4F0QC5QSLUtNTK9Iyc4BhDJOW4OBREuE9DpLmLS5IzC3OTIdInWI05ji26fIfJo6Om 3f/MAmx5OXnpUqJ8/4GKRUAKc0ozYMbBIuvS4yyUsK8jAwMDEI8BalFuZklqPKvGMU5GJWEea 1BpvBk5pXA7XsFdAoT0CmiaXdATilJREhJNTC2MoaGXmd2vvbvlHf6z4fT4iPuMf78/XHTwuO rYmTatxZ3it4oePv/W8SlqvMn353oepIh73Fa4QffymU7+a48vBc1d9Hhz2E8rz6HSbYIy3lF 39aVnRPmPMvZoLmzfLrbL6VFL+bwNOcU7Fyo9Ux9n0Zm/kregN/yy+59iRKvPbyuRWy13rPfS izFGYmGWsxFxYkAd4BkJaoCAAA= X-Env-Sender: prvs=450528267=George.Dunlap@citrix.com X-Msg-Ref: server-12.tower-31.messagelabs.com!1507744369!93041152!2 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30523 invoked from network); 11 Oct 2017 17:52:52 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-12.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 11 Oct 2017 17:52:52 -0000 X-IronPort-AV: E=Sophos;i="5.43,362,1503360000"; d="scan'208";a="445492264" From: George Dunlap To: Date: Wed, 11 Oct 2017 18:52:36 +0100 Message-ID: <20171011175243.19871-5-george.dunlap@citrix.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171011175243.19871-1-george.dunlap@citrix.com> References: <20171011175243.19871-1-george.dunlap@citrix.com> MIME-Version: 1.0 Cc: Ian Jackson , Wei Liu , George Dunlap , Jan Beulich , Andrew Cooper Subject: [Xen-devel] [PATCH v4 05/12] fuzz/x86_emulate: Add 'afl-cov' target X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP ...to generate a "normal" coverage-instrumented binary, suitable for use with gcov or afl-cov. This is slightly annoying because: - Every object file needs to have been instrumented to work effectively - You generally want to have both an afl-instrumented binary and a gcov-instrumented binary at the same time, but - gcov instrumentation and afl instrumentation are mutually exclusive So when making the `afl-cov` target, generate a second set of object files and a second binary with the `-cov` suffix. While we're here, remove the redundant x86-emulate.c dependency for x86-emulate.o. Signed-off-by: George Dunlap Acked-by: Andrew Cooper --- v3: - Rebase on new versions of previous patch (mainly x86-emulate.* rename) - Tighten up build rules - Add newline at the end of README.afl - Use := for GCOV_FLAGS in Makefile Changes in v2: - Pull 'inputs' to x86_emulate_user* into a make variable to avoid duplication CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: Jan Beulich --- .gitignore | 1 + tools/fuzz/README.afl | 14 ++++++++++++++ tools/fuzz/x86_instruction_emulator/Makefile | 17 ++++++++++++++--- 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b3587f3809..d64b03d06c 100644 --- a/.gitignore +++ b/.gitignore @@ -166,6 +166,7 @@ tools/fuzz/x86_instruction_emulator/asm tools/fuzz/x86_instruction_emulator/x86_emulate tools/fuzz/x86_instruction_emulator/x86-emulate.[ch] tools/fuzz/x86_instruction_emulator/afl-harness +tools/fuzz/x86_instruction_emulator/afl-harness-cov tools/helpers/_paths.h tools/helpers/init-xenstore-domain tools/helpers/xen-init-dom0 diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl index 4758de2490..8b58b8cdea 100644 --- a/tools/fuzz/README.afl +++ b/tools/fuzz/README.afl @@ -41,3 +41,17 @@ Use the x86 instruction emulator fuzzer as an example. $ $AFLPATH/afl-fuzz -t 1000 -i testcase_dir -o findings_dir -- ./afl-harness Please see AFL documentation for more information. + +# GENERATING COVERAGE INFORMATION + +To use afl-cov or gcov, you need a separate binary instrumented to +generate coverage data. To do this, use the target `afl-cov`: + + $ make afl-cov #produces afl-harness-cov + +NOTE: Please also note that the coverage instrumentation hard-codes +the absolute path for the instrumentation read and write files in the +binary; so coverage data will always show up in the build directory no +matter where you run the binary from. + +Please see afl-cov and/or gcov documentation for more information. diff --git a/tools/fuzz/x86_instruction_emulator/Makefile b/tools/fuzz/x86_instruction_emulator/Makefile index 107bf62a21..cb561aec3f 100644 --- a/tools/fuzz/x86_instruction_emulator/Makefile +++ b/tools/fuzz/x86_instruction_emulator/Makefile @@ -23,12 +23,17 @@ x86-emulate.c x86-emulate.h: %: CFLAGS += $(CFLAGS_xeninclude) -D__XEN_TOOLS__ -I. +GCOV_FLAGS := --coverage +%-cov.o: %.c + $(CC) -c $(CFLAGS) $(GCOV_FLAGS) $< -o $@ + x86.h := asm/x86-vendors.h asm/x86-defns.h asm/msr-index.h x86_emulate.h := x86-emulate.h x86_emulate/x86_emulate.h $(x86.h) -x86-emulate.o: x86-emulate.c x86_emulate/x86_emulate.c $(x86_emulate.h) +# x86-emulate.c will be implicit for both +x86-emulate.o x86-emulate-cov.o: x86_emulate/x86_emulate.c $(x86_emulate.h) -fuzz-emul.o: $(x86_emulate.h) +fuzz-emul.o fuzz-emulate-cov.o: $(x86_emulate.h) x86-insn-fuzzer.a: fuzz-emul.o x86-emulate.o $(AR) rc $@ $^ @@ -36,6 +41,9 @@ x86-insn-fuzzer.a: fuzz-emul.o x86-emulate.o afl-harness: afl-harness.o fuzz-emul.o x86-emulate.o $(CC) $(CFLAGS) $^ -o $@ +afl-harness-cov: afl-harness-cov.o fuzz-emul-cov.o x86-emulate-cov.o + $(CC) $(CFLAGS) $(GCOV_FLAGS) $^ -o $@ + # Common targets .PHONY: all all: x86-insn-fuzz-all @@ -46,7 +54,7 @@ distclean: clean .PHONY: clean clean: - rm -f *.a *.o .*.d afl-harness + rm -f *.a *.o .*.d afl-harness afl-harness-cov *.gcda *.gcno *.gcov .PHONY: install install: all @@ -55,3 +63,6 @@ install: all .PHONY: afl afl: afl-harness + +.PHONY: afl-cov +afl-cov: afl-harness-cov