add clang support

Author: vanhauser-thc

README.md

@@ -1,6 +1,6 @@
 # afl-cov - AFL Fuzzing Code Coverage
 
-Version: 0.6.5
+Version: 0.6.6
 
 - [Preface](#preface)
 - [Introduction](#introduction)
@@ -23,6 +23,8 @@ It has four changes:
  * afl-cov now can send to targets that read on stdin (just omit @@)
  * afl-cov.sh makes using afl-cov easier (just needs two parameters)
  * afl-cov-build.sh makes builing a target for coverage easier
+ * afl-cov/afl-cov.sh/afl-cov-build.sh now support clang coverage, just add
+   -c to afl-cov.sh/afl-cov-build.sh (and --clang to afl-cov)
  * afl-stat.sh shows the statistics of a run (in progress or completed)
 
 Enjoy!

VERSION

@@ -1 +1 @@
-0.6.3
+0.6.6

afl-clang-cov.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+llvm-cov gcov $*

afl-cov

@@ -2,7 +2,7 @@
 #
 #  File: afl-cov
 #
-#  Version: 0.6.5
+#  Version: 0.6.6
 #
 #  Purpose: Perform lcov coverage diff's against each AFL queue file to see
 #           new functions and line coverage evolve from an AFL fuzzing cycle.
@@ -45,7 +45,7 @@ try:
 except ImportError:
     import subprocess
 
-__version__ = '0.6.5'
+__version__ = '0.6.6'
 
 NO_OUTPUT   = 0
 WANT_OUTPUT = 1
@@ -579,6 +579,8 @@ def lcov_gen_coverage(cov_paths, cargs):
         lcov_opts += ' --rc lcov_branch_coverage=1'
     if cargs.follow:
         lcov_opts += ' --follow'
+    if cargs.clang:
+        lcov_opts += ' --gcov-tool afl-clang-cov.sh'
 
     run_cmd(cargs.lcov_path \
             + lcov_opts
@@ -807,6 +809,8 @@ def init_tracking(cov_paths, cargs):
         lcov_opts = ''
         if cargs.enable_branch_coverage:
             lcov_opts += ' --rc lcov_branch_coverage=1 '
+        if cargs.clang:
+            lcov_opts += ' --gcov-tool afl-clang-cov.sh'
 
         ### reset code coverage counters - this is done only once as
         ### afl-cov is spinning up even if AFL is running in parallel mode
@@ -1149,6 +1153,9 @@ def parse_cmdline():
     p.add_argument("--live", action='store_true',
             help="Process a live AFL directory, and afl-cov will exit when it appears afl-fuzz has been stopped",
             default=False)
+    p.add_argument("--clang", action='store_true',
+            help="If clang was used for coverage compilation instead of gcc"",
+            default=False)
     p.add_argument("--cover-corpus", action='store_true',
             help="Measure coverage after running all available tests instead of individually per queue file",
             default=False)

afl-cov-build.sh

@@ -1,18 +1,26 @@
-#!/bin/sh
+#!/bin/bash
 
 test -z "$1" -o "$1" = "-h" && {
-  echo "Syntax: $0 <command> [options]"
+  echo "Syntax: $0 [-c] <command> [options]"
   echo Sets build options for coverage instrumentation with gcov/lcov.
   echo Set CC/CXX environment variables if you do not want gcc/g++.
+  echo Specify the -c parameter if you want to use clang/clang++ instead.
   echo Example: "$0 ./configure --disable-shared"
   exit 1
 }
 
-test -z "$CC" && export CC=gcc
-test -z "$CXX" && export CXX=g++
+CLANG=
+test "$1" = "-c" && { CLANG=yes ; shift ; }
+
+test -z "$CC" -a -z "$CLANG" && export CC=gcc
+test -z "$CXX" -a -z "$CLANG" && export CXX=g++
+test -z "$CC" -a -n "$CLANG" && export CC=clang
+test -z "$CXX" -a -n "$CLANG" && export CXX=clang++
+
 export CFLAGS="-fprofile-arcs -ftest-coverage"
 export CXXFLAGS="$CFLAGS"
 export CPPFLAGS="$CFLAGS"
-export LDFLAGS="-lgcov --coverage"
+test -z "$CLANG" && export LDFLAGS="-lgcov --coverage"
+test -n "$CLANG" && export LDFLAGS="--coverage"
 
 $*

afl-cov.sh

@@ -3,25 +3,29 @@
 # easy wrapper script for afl-cov
 #
 test "$1" = "-h" -o -z "$1" && { 
-  echo "Syntax: $0 [-v] out-dir \"exec cmd --foo @@\""
+  echo "Syntax: $0 [-v] [-c] out-dir \"exec cmd --foo @@\""
   echo
   echo Generates the coverage information for an AFL run.
   echo Must be run from the top directory of the coverage build.
-  echo The -v option enables verbose output
+  echo The -v option enables verbose output.
+  echo The option -c specifies that clang was used for the coverage build
   echo
   echo Example: $0 ../target/out \"tools/target @@\"
   exit 1
 }
 
+test "$1" = "-v" && { OPT1="-v" ; shift ; }
+test "$1" = "-c" && { OPT2="--clang" ; shift ; }
+test "$1" = "-v" && { OPT1="-v" ; shift ; }
+
 test -d "$1" || { echo Error: not a directory: $1 ; exit 1 ; } 
 test -e "$1"/queue || { echo Error: not an afl-fuzz -o out directory ; exit 1 ; }
 
 HOMEPATH=`dirname $0`
 DST=`realpath "$1"`
 export PATH=$HOMEPATH:$PATH
 
-test "$1" = "-v" && { OPT="-v" ; shift ; }
-afl-cov $OPT -d "$DST" --cover-corpus --coverage-cmd "$2" --code-dir . --overwrite
+afl-cov $OPT1 $OPT2 -d "$DST" --cover-corpus --coverage-cmd "$2" --code-dir . --overwrite
 
 test -e "$1"/fuzzer_stats && {
   DIFF=$(expr `grep last_update "$DST"/fuzzer_stats|awk '{print$3}'` - `grep start_time "$DST"/fuzzer_stats|awk '{print$3}'`)