http://llvm.org/docs/LibFuzzer.html I'm doing some works with libfuzzer now but when I do with the official toy example. when i run this command:
clang++ -fsanitize=address -fsanitize-coverage=edge test-fuzzer.cc Fuzzer*.o
there is an error happening that
clang: error: invalid value 'edge' in 'fsanitize-coverage=edge'
it seems that clang supports this argument but i'm wondering how i can see what value is supported... i installed llvm 3.6 by apt-get with unbuntu14.04...
The syntax of the fsanitize-coverage= flag has been changed, as described in this commit message from May 2015. This bit is particularly relevant to you:
Original semantics of -fsanitize-coverage flag is preserved:
* -fsanitize-coverage=0 disables the coverage
* -fsanitize-coverage=1 is a synonym for -fsanitize-coverage=func
* -fsanitize-coverage=2 is a synonym for -fsanitize-coverage=bb
* -fsanitize-coverage=3 is a synonym for -fsanitize-coverage=edge
* -fsanitize-coverage=4 is a synonym for -fsanitize-coverage=edge,indirect-calls
So you might try -fsanitize-coverage=3.