The afl-cov project produces code coverage data with lcov based on AFL test cases. This allows the user to see exactly which branches/lines/functions afl-fuzz is actually exercising in a targeted project. The main application of afl-cov is to use code coverage results as a way to validate whether or not AFL is being driven in a manner that is effective across as much code as possible.
 Homepage
 Download
Recent Releases
0.609 Jun 2016 12:05
major feature:
* Add --cover-corpus argument so that . The main advantage is that code coverage results are produced more quickly in this mode since AFL can generate test cases - at least initially - much faster than code coverage can be calculated for each test case.
* Add a prerequisite test to make sure the targeted binary is compiled with code coverage support ('-fprofile-arcs -ftest coverage'). This test can be run by itself with --gcov-check.
* Use python tempfile module for various temporary files.
0.512 Jan 2016 02:13
major feature:
Add core_pattern detection logic similar to afl-fuzz.
0.410 Jan 2016 04:16
major feature:
Added support for parallelized AFL fuzzing runs. Added a test suite.
0.230 May 2015 20:42
major feature:
Add the fuzzing-dir/cov/id-delta-cov file which lists all functions and (and optionally lines) that are executed by the first "id:000000*" test case, and then lists all new functions/lines executed in subsequent test cases. Replace the fuzzing-dir/cov/zero-cov/ directory with a single file at the same path fuzzing-dir/cov/zero-cov that lists all functions/lines that are never executed by any AFL test case.
| 