summaryrefslogtreecommitdiff
path: root/docs/LibFuzzer.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/LibFuzzer.rst')
-rw-r--r--docs/LibFuzzer.rst19
1 files changed, 15 insertions, 4 deletions
diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst
index a11baa720ec8..5acfa04ce1f4 100644
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -305,6 +305,10 @@ The most important command line options are:
- 1 : close ``stdout``
- 2 : close ``stderr``
- 3 : close both ``stdout`` and ``stderr``.
+``-print_coverage``
+ If 1, print coverage information as text at exit.
+``-dump_coverage``
+ If 1, dump coverage information as a .sancov file at exit.
For the full list of flags run the fuzzer binary with ``-help=1``.
@@ -543,12 +547,19 @@ You can get the coverage for your corpus like this:
.. code-block:: console
- ASAN_OPTIONS=coverage=1 ./fuzzer CORPUS_DIR -runs=0
+ ./fuzzer CORPUS_DIR -runs=0 -print_coverage=1
This will run all tests in the CORPUS_DIR but will not perform any fuzzing.
-At the end of the process it will dump a single ``.sancov`` file with coverage
-information. See SanitizerCoverage_ for details on querying the file using the
-``sancov`` tool.
+At the end of the process it will print text describing what code has been covered and what hasn't.
+
+Alternatively, use
+
+.. code-block:: console
+
+ ./fuzzer CORPUS_DIR -runs=0 -dump_coverage=1
+
+which will dump a ``.sancov`` file with coverage information.
+See SanitizerCoverage_ for details on querying the file using the ``sancov`` tool.
You may also use other ways to visualize coverage,
e.g. using `Clang coverage <http://clang.llvm.org/docs/SourceBasedCodeCoverage.html>`_,
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-04 03:22:52 +0000