WIP: Add ability to generate drcov trace using QEMU backend (#1956)

* Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com>
author: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> 2024-01-12 15:42:41 +0100
committer: GitHub <noreply@github.com> 2024-01-12 14:42:41 +0000
commit: 355dcf63205227c6f1d9534aceb5ea2eb60c3afc (patch)
tree: f1ddfad9e4a403d5879c6aea3deb2c58ddd085a1 /qemu_mode/build_qemu_support.sh
parent: a4017406dc02e49dbc3820e3eb5bee5e15d7fed1 (diff)
download: afl++-355dcf63205227c6f1d9534aceb5ea2eb60c3afc.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh
index f59cba78..3f8a88f2 100755
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@@ -132,7 +132,10 @@ echo "Building for CPU target $CPU_TARGET"
 
 # --enable-pie seems to give a couple of exec's a second performance
 # improvement, much to my surprise. Not sure how universal this is..
+# --enable-plugins allows loading TCG plugins at runtime, for example to obtain
+# coverage information, and does not seem to negatively impact performance
 QEMU_CONF_FLAGS=" \
+  --enable-plugins \
   --audio-drv-list= \
   --disable-blobs \
   --disable-bochs \
@@ -162,7 +165,6 @@ QEMU_CONF_FLAGS=" \
   --disable-numa \
   --disable-opengl \
   --disable-parallels \
-  --disable-plugins \
   --disable-qcow1 \
   --disable-qed \
   --disable-rbd \
author	Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com>	2024-01-12 15:42:41 +0100
committer	GitHub <noreply@github.com>	2024-01-12 14:42:41 +0000
commit	355dcf63205227c6f1d9534aceb5ea2eb60c3afc (patch)
tree	f1ddfad9e4a403d5879c6aea3deb2c58ddd085a1 /qemu_mode/build_qemu_support.sh
parent	a4017406dc02e49dbc3820e3eb5bee5e15d7fed1 (diff)
download	afl++-355dcf63205227c6f1d9534aceb5ea2eb60c3afc.tar.gz