Why "Coverage instrumentation is only supported for a single module"?

[capgelka]

I am trying to use fuzzilli with custom js engine which use a few shared libraries, And it looks like this configuration is not currently supported by fuzzilli because of https://github.com/googleprojectzero/fuzzilli/blob/main/Targets/coverage.c#L39

If I change this lines to

    if (__edges_start != NULL || __edges_stop != NULL) {
        __edges_start = start;
        __edges_stop = stop;
        __sanitizer_cov_reset_edgeguards();

        __shmem->num_edges += stop - start;
        const char* shmKey = std::getenv("SHM_ID");
        printf("[COV] New edge counters initialized. Shared memory: %s with %u edges\n", shm_key, __shmem->num_edges);
        return;
}

Would it be a correct solution? It looks like we just need to know the total number of edges, and it doesn't matter what module an edge belongs to. Am I missing something important?

[saelo]

I think you'll also need to make sure that the edges from the 2nd, 3rd etc. module start at the right position. I.e. you'll need to set N here: https://github.com/googleprojectzero/fuzzilli/blob/5422ea441ed37e14152de8db532947f5c5178548/Targets/coverage.c#L27 to start at the current number of edges (basically __shmem->num_edges). Then it could work, so let me know how that goes!