Enables kcov to collect comparison operands from instrumented code. This is done by using Clang's -fsanitize=trace-cmp instrumentation (currently not available for GCC). The comparison operands help a lot in fuzz testing. E.g. they are used in syzkaller to cover the interiors of conditional statements with way less attempts and thus make previously unreachable code reachable. To allow separate collection of coverage and comparison operands two different work modes are implemented. Mode selection is now done via a KCOV_ENABLE ioctl call with corresponding argument value. Clang instrumentation: https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow Syzkaller: https://github.com/google/syzkaller Victor Chibotaru (3): kcov: support comparison operands collection Makefile: support flag -fsanitizer-coverage=trace-cmp kcov: update documentation Documentation/dev-tools/kcov.rst | 94 +++++++++++++++++- Makefile | 5 +- include/linux/kcov.h | 12 ++- include/uapi/linux/kcov.h | 32 ++++++ kernel/kcov.c | 203 ++++++++++++++++++++++++++++++++------- lib/Kconfig.debug | 8 ++ scripts/Makefile.kcov | 6 ++ scripts/Makefile.lib | 6 ++ 8 files changed, 322 insertions(+), 44 deletions(-) create mode 100644 scripts/Makefile.kcov -- 2.14.1.581.gf28d330327-goog -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
