chromium/third_party/fuzztest/src/fuzztest/internal/coverage.h

// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Coverage interface.
//
// We rely on SanitizerCoverage instrumentation for coverage feedback:
// https://clang.llvm.org/docs/SanitizerCoverage.html
//
// Currently, we use the inline counters feature of SanCov. To enable the
// instrumentation, we need to compile with:
//
//   -fsanitize-coverage=inline-8bit-counters
//
// This will create a 8-bit counter for each edge in the code.

#ifndef FUZZTEST_FUZZTEST_INTERNAL_COVERAGE_H_
#define FUZZTEST_FUZZTEST_INTERNAL_COVERAGE_H_

#include <algorithm>
#include <cstddef>
#include <cstdint>
#include <cstring>
#include <optional>

#include "absl/types/span.h"
#include "./fuzztest/internal/table_of_recent_compares.h"

#if defined(__linux__)
#define FUZZTEST_INTERNAL_ENABLE_STACK_SIZE_CHECK
#include <pthread.h>
#endif

namespace fuzztest::internal {

// Stack information for a thread under test.
struct ThreadStackInfo {};

// Represents the coverage information generated by the SanitizerCoverage
// instrumentation. Used for storing the coverage of a single input's execution.
//
// The counters are non-atomic. Race conditions are ignored. As well as
// overflows. Single threaded processes are more ideal for tests.
class ExecutionCoverage {};

// Set the singleton ExecutionCoverage object.
void SetExecutionCoverage(ExecutionCoverage* value);
// Returns the singleton ExecutionCoverage object.
ExecutionCoverage* GetExecutionCoverage();

// Represents the aggregate coverage of all inputs in the corpus. Used for
// detecting if new coverage was triggered by executing an input.
class CorpusCoverage {};

}  // namespace fuzztest::internal

#endif  // FUZZTEST_FUZZTEST_INTERNAL_COVERAGE_H_