aboutsummaryrefslogtreecommitdiffstats
path: root/tests/qtest/fuzz/fork_fuzz.ld
diff options
context:
space:
mode:
Diffstat (limited to 'tests/qtest/fuzz/fork_fuzz.ld')
-rw-r--r--tests/qtest/fuzz/fork_fuzz.ld56
1 files changed, 56 insertions, 0 deletions
diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld
new file mode 100644
index 000000000..cfb88b7fd
--- /dev/null
+++ b/tests/qtest/fuzz/fork_fuzz.ld
@@ -0,0 +1,56 @@
+/*
+ * We adjust linker script modification to place all of the stuff that needs to
+ * persist across fuzzing runs into a contiguous section of memory. Then, it is
+ * easy to re-map the counter-related memory as shared.
+ */
+
+SECTIONS
+{
+ .data.fuzz_start : ALIGN(4K)
+ {
+ __FUZZ_COUNTERS_START = .;
+ __start___sancov_cntrs = .;
+ *(_*sancov_cntrs);
+ __stop___sancov_cntrs = .;
+
+ /* Lowest stack counter */
+ *(__sancov_lowest_stack);
+ }
+}
+INSERT AFTER .data;
+
+SECTIONS
+{
+ .data.fuzz_ordered :
+ {
+ /*
+ * Coverage counters. They're not necessary for fuzzing, but are useful
+ * for analyzing the fuzzing performance
+ */
+ __start___llvm_prf_cnts = .;
+ *(*llvm_prf_cnts);
+ __stop___llvm_prf_cnts = .;
+
+ /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */
+ FuzzerTracePC*(.bss*);
+ /*
+ * In case the above line fails, explicitly specify the (mangled) name of
+ * the object we care about
+ */
+ *(.bss._ZN6fuzzer3TPCE);
+ }
+}
+INSERT AFTER .data.fuzz_start;
+
+SECTIONS
+{
+ .data.fuzz_end : ALIGN(4K)
+ {
+ __FUZZ_COUNTERS_END = .;
+ }
+}
+/*
+ * Don't overwrite the SECTIONS in the default linker script. Instead insert the
+ * above into the default script
+ */
+INSERT AFTER .data.fuzz_ordered;