3 files changed, 19 insertions, 5 deletions

diff --git a/lib/fuzzer.zig b/lib/fuzzer.zig
index 4c1f425a18..0c287c6afc 100644
--- a/lib/fuzzer.zig
+++ b/lib/fuzzer.zig
@@ -83,6 +83,18 @@ export fn __sanitizer_cov_trace_pc_indir(callee: usize) void {
     //fuzzer.traceValue(pc ^ callee);
     //std.log.debug("0x{x}: indirect call to 0x{x}", .{ pc, callee });
 }
+export fn __sanitizer_cov_8bit_counters_init(start: usize, end: usize) void {
+    // clang will emit a call to this function when compiling with code coverage instrumentation.
+    // however fuzzer_init() does not need this information, since it directly reads from the symbol table.
+    _ = start;
+    _ = end;
+}
+export fn __sanitizer_cov_pcs_init(start: usize, end: usize) void {
+    // clang will emit a call to this function when compiling with code coverage instrumentation.
+    // however fuzzer_init() does not need this information, since it directly reads from the symbol table.
+    _ = start;
+    _ = end;
+}
 
 fn handleCmp(pc: usize, arg1: u64, arg2: u64) void {
     fuzzer.traceValue(pc ^ arg1 ^ arg2);
diff --git a/src/Compilation.zig b/src/Compilation.zig
index aafbc30fef..c2b72c6b0f 100644
--- a/src/Compilation.zig
+++ b/src/Compilation.zig
@@ -5922,10 +5922,10 @@ pub fn addCCArgs(
                         // function was called.
                         try argv.append("-fno-sanitize=function");
                     }
+                }
 
-                    if (comp.config.san_cov_trace_pc_guard) {
-                        try argv.appendSlice(&.{ "-Xclang", "-fsanitize-coverage-trace-pc-guard" });
-                    }
+                if (comp.config.san_cov_trace_pc_guard) {
+                    try argv.append("-fsanitize-coverage=trace-pc-guard");
                 }
             }
 
diff --git a/src/codegen/llvm.zig b/src/codegen/llvm.zig
index 41c817303c..6970d0721a 100644
--- a/src/codegen/llvm.zig
+++ b/src/codegen/llvm.zig
@@ -1333,7 +1333,6 @@ pub const Object = struct {
             .is_small = options.is_small,
             .time_report = options.time_report,
             .tsan = options.sanitize_thread,
-            .sancov = options.fuzz,
             .lto = options.lto != .none,
             // https://github.com/ziglang/zig/issues/21215
             .allow_fast_isel = !comp.root_mod.resolved_target.result.cpu.arch.isMIPS(),
@@ -1341,6 +1340,9 @@ pub const Object = struct {
             .bin_filename = options.bin_path,
             .llvm_ir_filename = options.post_ir_path,
             .bitcode_filename = null,
+
+            // `.coverage` value is only used when `.sancov` is enabled.
+            .sancov = options.fuzz or comp.config.san_cov_trace_pc_guard,
             .coverage = .{
                 .CoverageType = .Edge,
                 // Works in tandem with Inline8bitCounters or InlineBoolFlag.
@@ -1348,7 +1350,7 @@ pub const Object = struct {
                 // needs to for better fuzzing logic.
                 .IndirectCalls = false,
                 .TraceBB = false,
-                .TraceCmp = true,
+                .TraceCmp = options.fuzz,
                 .TraceDiv = false,
                 .TraceGep = false,
                 .Use8bitCounters = false,