Tags: vanhauser-thc/afl-cov
Tags
afl-cov-0.6.2 (12/26/2018):
- (Tim Strazzere) Add support for llvm-cov compiled binaries. Add a check
when ensuring the binary was instrumented with gcov to catch an llvm-cov
binary.
- Bug fix for number of args to logr(), found by github user @NimdaKey.
Fixes mrash#38.
- Allow multi-spaces in --coverage-cmd, found by github user
@YourButterfly. Fixes mrash#37.
- Add ToC to README.md.
afl-cov-0.6.1 (11/27/2017):
- (James Steele) Add the '--follow' command line argument which provides an
option identical to that available on lcov that instructs the search for
.da files to follow symlinks (which are not traversed by default).
- Add the '--disable-gcov-check' argument so that the check for whether
the target binary has been compiled with code coverage support can be
disabled.
- (Denis Kasak) Fix incorrect variable name in search_cov.
- Bug fix noted by @umlaeute be more permissive with instrumented binaries
check.
afl-cov-0.6
afl-cov-0.6 (06/05/2016):
- (Markus Teufelberger) Add --cover-corpus argument so that code coverage
is measured only after all new AFL test cases are executed. The main
advantage is that code coverage results are produced more quickly in
this mode since AFL can generate test cases - at least initially - much
faster than code coverage can be calculated for each test case. The
trade off in this mode is that code coverage stats are not tracked per
AFL test case, but rather across all new test cases essentially as a
unified set. In --live mode, --cover-corpus causes coverage to be
calculated once per sleep cycle after all test cases have been executed.
In --coverage-at-exit mode, only a single coverage calculation will be
performed just before afl-cov exits.
- In either --cover-corpus or --coverage-at-exit modes, the
cov/id-delta-cov file will contain AFL test case ID ranges for where
coverage is hit. This is necessary because these modes cause afl-cov to
execute a series of AFL test cases (instead of each individual test
case one at a time) before coverage is calculated.
- Add a prerequisite test to make sure the targeted binary is compiled
with code coverage support ('-fprofile-arcs -ftest-coverage'). This test
can be run by itself with --gcov-check.
- Use the tempfile module for temporary files (suggested by Markus
Teufelberger in issue mrash#19).
- For --live mode operations, add the same core pattern detection log… …ic to afl-cov that is implemented by afl-fuzz. This helps to ensure that the environment in which afl-cov is running is consistent with what afl-fuzz expects to see. - Make sure --afl-fuzzing-dir exists in --func-search and --line-search modes.
afl-cov-0.4 (01/09/2016):
- Add support for parallelized execution runs of AFL. This is done by
tracking all fuzzing directory instances created with afl-fuzz '-M' or
'-S'. These directories are created in the main sync directory
('afl-fuzz -o sync_dir'). The coverage results are calculated globally
across all fuzzing instances.
- Default to not include branch coverage data within code coverag results
This is because AFL commonly build up many hundreds of test cases, and
generating branch coverage across all of these cases may slow afl-cov
down significantly. However, if branch coverage is desired or required,
just add the new --enable-branch-coverage argument.
- Added a test suite in the test/ directory that leverages the python
unittest module. Proper operation of the test suite requires afl-fuzz
to be installed, and tests are performed against a paricular commit
(e3ae6747) from the fwknop project for which AFL test cases were
pre-built.
- Bug fix reported by @kcwu about some files not showing up in zero
coverage lcov web reports.