Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

How to calculate coverage? #138

Open
1789120321 opened this issue Jun 2, 2021 · 4 comments
Open

How to calculate coverage? #138

1789120321 opened this issue Jun 2, 2021 · 4 comments

Comments

@1789120321
Copy link

AFL is a classic fuzzer. There are many studies based on AFL. However, my known work does not explain how to calculate coverage.

I use llvm mode for instrumentation. Accumulate the inst_blocks in afl_llvm_pass.so.cc as the total number of instrumentation. Use ((MAP_SIZE << 3)-count_bits(virgin_bits)) as the number of positions covered in the code. However, the results did not meet expectations.

If anyone knows how to get the coverage, can I trouble you with some suggestions? Thank you!

@walter708
Copy link

@1789120321
Copy link
Author

@walter708 But afl-cov only supports gcc, and I want to collect the coverage of chakracore compiled by afl-clang-fast. So I use Clang's SOURCE-BASED CODE COVERAGE to collect coverage, but I found that when there are many running files, it cannot be calculated. So is there any other way?

@domenukk
Copy link

domenukk commented Jun 7, 2021

The afl-cov fork by @vanhauser-thc works with llvm.
https://github.com/vanhauser-thc/afl-cov

@1789120321
Copy link
Author

The afl-cov fork by @vanhauser-thc works with llvm.
https://github.com/vanhauser-thc/afl-cov

Because if afl runs for a long time, it will generate tens of thousands of files. Does this version of afl-cov support processing a large number of files?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants