# Code that we actually want the fuzzer to target
# See: https://clang.llvm.org/docs/SanitizerCoverage.html#disabling-instrumentation-without-source-modification
#
src:*/hw/*
src:*/include/hw/*
src:*/slirp/*
src:*/net/*

# We don't care about coverage over fuzzer-specific code, however we should
# instrument the fuzzer entry-point so libFuzzer always sees at least some
# coverage - otherwise it will exit after the first input
src:*/tests/qtest/fuzz/fuzz.c

# Enable instrumentation for all functions in those files
fun:*