Can the compilation flags -fsanitize-coverage=trace-pc-guard and -fprofile-instr-generate -fcoverage-mapping be used together?

[blu3sh0rk]

Can the compilation flags -fsanitize-coverage=trace-pc-guard and -fprofile-instr-generate -fcoverage-mapping be used together, or do they conflict?
I want to use Source-based Code Coverage, but modifications have been made to the project source code using AFL-persistent mode, so I need to compile it using afl-clang-fast. I'm not sure if there will be conflicts between the compilation parameters.

[vanhauser-thc]

you give no context so I can only speculate what you want to achieve and what your setup is :)

you cannot not use -fsanitize-coverage=trace-pc-guard directly. If you do you will see:

[!] WARNING: Found '-fsanitize-coverage=trace-pc-guard' - stripping!

however just set AFL_LLVM_INSTRUMENT=LLVM-NATIVE and it does that behind the scenes.

I think it is possible to use this together with -fprofile-instr-generate -fcoverage-mapping. If you do that for the binary for fuzzing it will obviously run slower because of that.
do you should have two binaries, one for fuzzing, and a second comiled with coverage mappings to obtain coverage information which you can when you need it.

[blu3sh0rk]

Sorry for not providing enough context. I want to use the following command to compile Apache httpd and get a binary for coverage information：

CC=/opt/aflpp/afl-clang-fast \
CXX=/opt/aflpp/afl-clang-fast++ \
LD=/usr/lib/llvm-12/bin/ld.lld \
CFLAGS="-g -w -flto -fprofile-instr-generate -fcoverage-mapping" \
CXXFLAGS="-g -w -flto -fprofile-instr-generate -fcoverage-mapping -std=c++11 -stdlib=libc++" \
LDFLAGS="-flto -fuse-ld=lld-12" \
./configure --with-apr="/usr/local/apache_lab/apr" \
            --with-apr-util="/usr/local/apache_lab/apr-util" \
            --with-expat="/usr/local/apache_lab/expat" \
            --with-pcre="/usr/local/apache_lab/pcre" \
            --disable-pie \
            --disable-so \
            --disable-example-ipc \
            --disable-example-hooks \
            --disable-optional-hook-export \
            --disable-optional-hook-import \
            --disable-optional-fn-export \
            --disable-optional-fn-import \
            --with-mpm=prefork \
            --enable-static-support \
            --enable-mods-static=reallyall \
            --enable-debugger-mode \
            --with-crypto --with-openssl \
            --disable-shared

I need to use afl-clang-fast to compile PUT source code after modifying it with __AFL_LOOP(10000). My concern is whether afl-clang-fast is compatible with -fprofile-instr-generate and -fcoverage-mapping. Slow execution speed is not a concern because this binary will not be used directly for fuzzing testing.

Are there other CC options available?

[vanhauser-thc]

if you want to use the target with AFL_LOOP + AFL_LLVM_INSTRUMENT=LLVM-NATIVE + profile/coverage mapping just for getting the coverage, yes this will work.
you could also use it for fuzzing, however the profiling/coverage mapping would hurt performance.