fork_fuzz.ld (1313B)
1 /* 2 * We adjust linker script modification to place all of the stuff that needs to 3 * persist across fuzzing runs into a contiguous section of memory. Then, it is 4 * easy to re-map the counter-related memory as shared. 5 */ 6 7 SECTIONS 8 { 9 .data.fuzz_start : ALIGN(4K) 10 { 11 __FUZZ_COUNTERS_START = .; 12 __start___sancov_cntrs = .; 13 *(_*sancov_cntrs); 14 __stop___sancov_cntrs = .; 15 16 /* Lowest stack counter */ 17 *(__sancov_lowest_stack); 18 } 19 } 20 INSERT AFTER .data; 21 22 SECTIONS 23 { 24 .data.fuzz_ordered : 25 { 26 /* 27 * Coverage counters. They're not necessary for fuzzing, but are useful 28 * for analyzing the fuzzing performance 29 */ 30 __start___llvm_prf_cnts = .; 31 *(*llvm_prf_cnts); 32 __stop___llvm_prf_cnts = .; 33 34 /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ 35 FuzzerTracePC*(.bss*); 36 /* 37 * In case the above line fails, explicitly specify the (mangled) name of 38 * the object we care about 39 */ 40 *(.bss._ZN6fuzzer3TPCE); 41 } 42 } 43 INSERT AFTER .data.fuzz_start; 44 45 SECTIONS 46 { 47 .data.fuzz_end : ALIGN(4K) 48 { 49 __FUZZ_COUNTERS_END = .; 50 } 51 } 52 /* 53 * Don't overwrite the SECTIONS in the default linker script. Instead insert the 54 * above into the default script 55 */ 56 INSERT AFTER .data.fuzz_ordered;