Index: lib/fuzzer/FuzzerDriver.cpp =================================================================== --- lib/fuzzer/FuzzerDriver.cpp +++ lib/fuzzer/FuzzerDriver.cpp @@ -604,6 +604,7 @@ Options.PrintCorpusStats = Flags.print_corpus_stats; Options.PrintCoverage = Flags.print_coverage; Options.DumpCoverage = Flags.dump_coverage; + Options.UseClangCoverage = Flags.use_clang_coverage; if (Flags.exit_on_src_pos) Options.ExitOnSrcPos = Flags.exit_on_src_pos; if (Flags.exit_on_item) Index: lib/fuzzer/FuzzerFlags.def =================================================================== --- lib/fuzzer/FuzzerFlags.def +++ lib/fuzzer/FuzzerFlags.def @@ -131,6 +131,7 @@ FUZZER_FLAG_STRING(run_equivalence_server, "Experimental") FUZZER_FLAG_STRING(use_equivalence_server, "Experimental") FUZZER_FLAG_INT(analyze_dict, 0, "Experimental") +FUZZER_FLAG_INT(use_clang_coverage, 0, "Experimental") FUZZER_DEPRECATED_FLAG(exit_on_first) FUZZER_DEPRECATED_FLAG(save_minimized_corpus) Index: lib/fuzzer/FuzzerLoop.cpp =================================================================== --- lib/fuzzer/FuzzerLoop.cpp +++ lib/fuzzer/FuzzerLoop.cpp @@ -122,6 +122,7 @@ EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook); TPC.SetUseCounters(Options.UseCounters); TPC.SetUseValueProfile(Options.UseValueProfile); + TPC.SetUseClangCoverage(Options.UseClangCoverage); if (Options.Verbosity) TPC.PrintModuleInfo(); Index: lib/fuzzer/FuzzerOptions.h =================================================================== --- lib/fuzzer/FuzzerOptions.h +++ lib/fuzzer/FuzzerOptions.h @@ -52,6 +52,7 @@ bool PrintCorpusStats = false; bool PrintCoverage = false; bool DumpCoverage = false; + bool UseClangCoverage = false; bool DetectLeaks = true; int TraceMalloc = 0; bool HandleAbrt = false; Index: lib/fuzzer/FuzzerTracePC.h =================================================================== --- lib/fuzzer/FuzzerTracePC.h +++ lib/fuzzer/FuzzerTracePC.h @@ -80,6 +80,7 @@ template void HandleCmp(uintptr_t PC, T Arg1, T Arg2); size_t GetTotalPCCoverage(); void SetUseCounters(bool UC) { UseCounters = UC; } + void SetUseClangCoverage(bool UCC) { UseClangCoverage = UCC; } void SetUseValueProfile(bool VP) { UseValueProfile = VP; } void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; } void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; } @@ -92,7 +93,8 @@ memset(Counters(), 0, GetNumPCs()); ClearExtraCounters(); ClearInlineCounters(); - ClearClangCounters(); + if (UseClangCoverage) + ClearClangCounters(); } void ClearInlineCounters(); @@ -133,6 +135,7 @@ private: bool UseCounters = false; bool UseValueProfile = false; + bool UseClangCoverage = false; bool DoPrintNewPCs = false; size_t NumPrintNewFuncs = 0; Index: test/fuzzer/fprofile-instr-generate.test =================================================================== --- /dev/null +++ test/fuzzer/fprofile-instr-generate.test @@ -0,0 +1,7 @@ +# Test libFuzzer + -fprofile-instr-generate +REQUIRES: linux +RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fprofile-instr-generate -o %t-SimpleTest-fprofile-instr-generate +CHECK-NOT: INFO: Loaded 1 modules +CHECK: INFO: {{.*}} Clang Coverage Counters +CHECK: BINGO +RUN: not %t-SimpleTest-fprofile-instr-generate -runs=1000000 -seed=1 -use_clang_coverage=1 2>&1 | FileCheck %s \ No newline at end of file