Add support of SANITIZE_TARGET='address coverage' for fuzzing.

Also, add trace-cmp instrumentation to fuzz_test and host_fuzz_test.

Bug: 22850550
Change-Id: Ifff7b8be693ae991feb0a64e19439370a19b2748
diff --git a/core/Makefile b/core/Makefile
index 9ded53b..dfacf28 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1383,7 +1383,7 @@
     $(call intermediates-dir-for,EXECUTABLES,sqlite3,,,$(TARGET_PREFER_32_BIT))/sqlite3
 
 # We can't build static executables when SANITIZE_TARGET=address
-ifneq (address,$(SANITIZE_TARGET))
+ifeq ($(strip $(SANITIZE_TARGET)),)
 built_ota_tools += \
     $(call intermediates-dir-for,EXECUTABLES,check_prereq,,,$(TARGET_PREFER_32_BIT))/check_prereq \
     $(call intermediates-dir-for,EXECUTABLES,applypatch_static,,,$(TARGET_PREFER_32_BIT))/applypatch_static \
@@ -1526,7 +1526,7 @@
 	# OTA scripts are only interested in fingerprint related properties
 	$(hide) echo "oem_fingerprint_properties=$(OEM_THUMBPRINT_PROPERTIES)" >> $(zip_root)/META/misc_info.txt
 endif
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(strip $(SANITIZE_TARGET)),)
 	# We need to create userdata.img with real data because the instrumented libraries are in userdata.img.
 	$(hide) echo "userdata_img_with_data=true" >> $(zip_root)/META/misc_info.txt
 endif
@@ -1565,7 +1565,7 @@
 ifeq ($(BUILD_OS),darwin)
 build_ota_package := false
 endif
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(strip $(SANITIZE_TARGET)),)
 build_ota_package := false
 endif
 ifeq ($(TARGET_PRODUCT),sdk)
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 1efc932..7189338 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -75,6 +75,14 @@
   my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
 endif
 
+ifneq ($(filter coverage,$(my_sanitize)),)
+  ifeq ($(filter address,$(my_sanitize)),)
+    $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
+  endif
+  my_cflags += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
+  my_sanitize := $(filter-out coverage,$(my_sanitize))
+endif
+
 ifneq ($(my_sanitize),)
   fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize)),
   my_cflags += -fsanitize=$(fsanitize_arg)
diff --git a/core/envsetup.mk b/core/envsetup.mk
index ecfca9f..51a2fb3 100644
--- a/core/envsetup.mk
+++ b/core/envsetup.mk
@@ -276,7 +276,7 @@
 TARGET_OUT_COMMON_GEN := $(TARGET_COMMON_OUT_ROOT)/gen
 
 TARGET_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_SYSTEM)
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(filter address,$(SANITIZE_TARGET)),)
 target_out_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_DATA)
 else
 target_out_shared_libraries_base := $(TARGET_OUT)
@@ -333,7 +333,7 @@
 TARGET_OUT_CACHE := $(PRODUCT_OUT)/cache
 
 TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR)
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(filter address,$(SANITIZE_TARGET)),)
 target_out_vendor_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_DATA)/vendor
 else
 target_out_vendor_shared_libraries_base := $(TARGET_OUT_VENDOR)
diff --git a/core/executable.mk b/core/executable.mk
index 0ce400c..70ef0d9 100644
--- a/core/executable.mk
+++ b/core/executable.mk
@@ -7,7 +7,7 @@
 # LOCAL_MODULE_STEM_64
 
 my_skip_this_target :=
-ifeq (address,$(strip $(SANITIZE_TARGET)))
+ifneq ($(filter address,$(SANITIZE_TARGET)),)
   ifeq (true,$(LOCAL_FORCE_STATIC_EXECUTABLE))
     my_skip_this_target := true
   else ifeq (false, $(LOCAL_CLANG))
diff --git a/core/fuzz_test.mk b/core/fuzz_test.mk
index 065cc03..fc582b3 100644
--- a/core/fuzz_test.mk
+++ b/core/fuzz_test.mk
@@ -7,7 +7,7 @@
     $(error $(LOCAL_PATH): $(LOCAL_MODULE): NDK fuzz tests are not supported.)
 endif
 
-LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters
+LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
 LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
 
 ifdef LOCAL_MODULE_PATH
diff --git a/core/host_fuzz_test.mk b/core/host_fuzz_test.mk
index e917959..cc7baad 100644
--- a/core/host_fuzz_test.mk
+++ b/core/host_fuzz_test.mk
@@ -3,7 +3,7 @@
 ## Common flags for host fuzz tests are added.
 ################################################
 
-LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters
+LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
 LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
 
 include $(BUILD_HOST_EXECUTABLE)