google
Create fuzzer-specific coverage build
I am trying to integrate a libFuzzer-based structure-aware fuzzer that works with a corpus in an internal representation form. This means that the first step of the SUT or benchmark is always decoding the received test from the internal representation, similar to protobuf-based structure-aware solutions. For this, the benchmark build needs to know which fuzzer it is building the binary for. This works, except for the coverage build, where I couldn't find a way to inform the build that a decode step is required, as it automatically prepares the libFuzzer configuration. So the question is, is there any way to communicate the name of the corpus-generating fuzzer to the build script during the coverage build?
Maybe I can help because I also needed to configure the coverage runner. Since it is configured as a normal fuzzer - can't you just provide environment variables in fuzzers/<name>/fuzzer.py and then reference them in the build script?
