On Thu, Jul 25, 2019 at 10:21:18AM +0200, Paolo Bonzini wrote: > On 25/07/19 05:23, Oleinik, Alexander wrote: > > Intercept coverage buffer registration calls and use this information to > > copy them to shared memory, if using fork() to avoid resetting device > > state. > > > > Signed-off-by: Alexander Oleinik <alx...@bu.edu> > > --- > > tests/fuzz/fuzzer_hooks.c | 106 ++++++++++++++++++++++++++++++++++++++ > > tests/fuzz/fuzzer_hooks.h | 9 ++++ > > 2 files changed, 115 insertions(+) > > create mode 100644 tests/fuzz/fuzzer_hooks.c > > create mode 100644 tests/fuzz/fuzzer_hooks.h > > > > diff --git a/tests/fuzz/fuzzer_hooks.c b/tests/fuzz/fuzzer_hooks.c > > new file mode 100644 > > index 0000000000..5a0bbec413 > > --- /dev/null > > +++ b/tests/fuzz/fuzzer_hooks.c > > @@ -0,0 +1,106 @@ > > +#include "qemu/osdep.h" > > +#include "qemu/units.h" > > +#include "qapi/error.h" > > +#include "qemu-common.h" > > +#include "fuzzer_hooks.h" > > + > > +#include <dlfcn.h> > > +#include <elf.h> > > + > > + > > +extern void* _ZN6fuzzer3TPCE; > > Would it make sense to make this a C++ source, so that you can avoid > using the mangled names (in this case, "namespace fuzzer { extern void > *TPC; }" and then using fuzzer::TPC)? Even if it's just a single symbol.
A proper libfuzzer API is nicest in the long term. Alexander: Could you send a patch to libfuzzer to see if they are willing to support this via their API? Stefan
signature.asc
Description: PGP signature