Add commands to collect branch coverage (#7709)

* Add commands to collect branch coverage * Add -g flag * Switch branch coverage option placement * Set guarding env variable Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
author: Navidem <navid.emamdoost@gmail.com> 2022-05-24 01:10:38 -0500
committer: GitHub <noreply@github.com> 2022-05-24 16:10:38 +1000
commit: c5be869e4ee7d87066758eee7a668d0e1c0ed228 (patch)
tree: c7b58fe6b19301f7f861611c6128a716a66dad94 /infra
parent: 94b400c520a53823a6b8cf53e1b6804a2937644d (diff)
2 files changed, 11 insertions, 3 deletions
diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile
index b6c78e8d..71a93114 100755
--- a/infra/base-images/base-builder/compile
+++ b/infra/base-images/base-builder/compile
@@ -151,6 +151,10 @@ if [ "$SANITIZER" = "introspector" ]; then
   export NM=llvm-nm
   export RANLIB=llvm-ranlib
 
+  export CFLAGS="$CFLAGS -g"
+  export CXXFLAGS="$CXXFLAGS -g"
+  export FI_BRANCH_PROFILE=1
+
   # Move ar and ranlib
   mv /usr/bin/ar /usr/bin/old-ar
   mv /usr/bin/nm /usr/bin/old-nm
@@ -211,12 +215,13 @@ if [ "$SANITIZER" = "introspector" ]; then
 
   find $SRC/ -name "*.data" -exec cp {} $SRC/inspector/ \;
   find $SRC/ -name "*.data.yaml" -exec cp {} $SRC/inspector/ \;
+  find $SRC/ -name "*branchProfile.yaml" -exec cp {} $SRC/inspector/ \;
   # Move coverage report.
   if [ -d "$OUT/textcov_reports" ]
   then
     cp $OUT/textcov_reports/*.covreport $SRC/inspector/
-  fi  
-  
+  fi
+
   cd $SRC/inspector
 
   # Correlate fuzzer binaries to fuzz-introspector's raw data
diff --git a/infra/base-images/base-runner/coverage b/infra/base-images/base-runner/coverage
index 30e9920e..6f21c892 100755
--- a/infra/base-images/base-runner/coverage
+++ b/infra/base-images/base-runner/coverage
@@ -55,6 +55,9 @@ PATH_EQUIVALENCE_ARGS="-path-equivalence=/,$OUT"
 LLVM_COV_COMMON_ARGS="$PATH_EQUIVALENCE_ARGS \
     -ignore-filename-regex=.*src/libfuzzer/.* $COVERAGE_EXTRA_ARGS"
 
+# Options to extract branch coverage.
+BRANCH_COV_ARGS="--show-branches=count --show-expansions"
+
 # Timeout for running a single fuzz target.
 TIMEOUT=1h
 
@@ -116,7 +119,7 @@ function run_fuzz_target {
       $shared_libraries $LLVM_COV_COMMON_ARGS > $FUZZER_STATS_DIR/$target.json
 
   # For introspector.
-  llvm-cov show -instr-profile=$profdata_file -object=$target -line-coverage-gt=0 $shared_libraries $LLVM_COV_COMMON_ARGS > ${TEXTCOV_REPORT_DIR}/$target.covreport
+  llvm-cov show -instr-profile=$profdata_file -object=$target -line-coverage-gt=0 $shared_libraries $BRANCH_COV_ARGS $LLVM_COV_COMMON_ARGS > ${TEXTCOV_REPORT_DIR}/$target.covreport
   
   if [ -n "${FULL_SUMMARY_PER_TARGET-}" ]; then
     # This is needed for dataflow strategy analysis, can be removed later. See
author	Navidem <navid.emamdoost@gmail.com>	2022-05-24 01:10:38 -0500
committer	GitHub <noreply@github.com>	2022-05-24 16:10:38 +1000
commit	c5be869e4ee7d87066758eee7a668d0e1c0ed228 (patch)
tree	c7b58fe6b19301f7f861611c6128a716a66dad94 /infra
parent	94b400c520a53823a6b8cf53e1b6804a2937644d (diff)