diff options
Diffstat (limited to 'driver/fuzz_target_runner.cpp')
-rw-r--r-- | driver/fuzz_target_runner.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/driver/fuzz_target_runner.cpp b/driver/fuzz_target_runner.cpp index 66405380..fd87d0e0 100644 --- a/driver/fuzz_target_runner.cpp +++ b/driver/fuzz_target_runner.cpp @@ -25,6 +25,7 @@ #include "absl/strings/str_format.h" #include "absl/strings/str_split.h" #include "absl/strings/substitute.h" +#include "coverage_tracker.h" #include "fuzzed_data_provider.h" #include "gflags/gflags.h" #include "glog/logging.h" @@ -53,6 +54,11 @@ DEFINE_string( DEFINE_string(reproducer_path, ".", "Path at which fuzzing reproducers are stored. Defaults to the " "current directory."); +DEFINE_string(coverage_report, "", + "Path at which a coverage report is stored when the fuzzer " + "exits. If left empty, no report is generated (default)"); + +DECLARE_bool(hooks); constexpr auto kManifestUtilsClass = "com/code_intelligence/jazzer/runtime/ManifestUtils"; @@ -165,6 +171,9 @@ FuzzTargetRunner::FuzzTargetRunner( std::exit(1); } + if (FLAGS_hooks && !FLAGS_coverage_report.empty()) { + CoverageTracker::RecordInitialCoverage(env); + } SetUpFuzzedDataProvider(jvm_); // Parse a comma-separated list of hex dedup tokens. @@ -184,6 +193,16 @@ FuzzTargetRunner::FuzzTargetRunner( } FuzzTargetRunner::~FuzzTargetRunner() { + if (FLAGS_hooks && !FLAGS_coverage_report.empty()) { + std::string report = CoverageTracker::ComputeCoverage(jvm_.GetEnv()); + std::ofstream report_file(FLAGS_coverage_report); + if (report_file) { + report_file << report << std::flush; + } else { + LOG(ERROR) << "Failed to write coverage report to " + << FLAGS_coverage_report; + } + } if (fuzzer_tear_down_ != nullptr) { std::cerr << "calling fuzzer teardown function" << std::endl; jvm_.GetEnv().CallStaticVoidMethod(jclass_, fuzzer_tear_down_); |