search

0vercl0k / wtf

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
MIT License
1.47k stars 132 forks source link

Missing aggregate.cov #214

Open wumb0 opened 2 months ago

wumb0 commented 2 months ago

Between v0.3.2 and v0.4 the fuzzing server stopped generating the aggregate.cov file. The code was in server.h. The README still indicates that the fuzz server maintains an aggregate coverage file "coverage.cov".

Was this removed on purpose? As the README indicates, it's useful to have a single aggregate coverage file.

Of course I do realize I can just generate cov traces via the run command using the output directory as the --input argument and then concat them into a single trace file, but since it's still in the readme I wanted to inquire. I think Lighthouse has the "Code coverage batch" option too, which would do the same thing.

0vercl0k commented 1 month ago

Hello!

Sorry for the delay - I am mostly away from computer until November :)

Yeah I did remove it on purpose because I started to question how useful it was. Also, I seem to remember that when adding the edge coverage for bxcpu, the file became less useful has it had a bunch of values that weren't 'real' addresses. I can't remember exactly how annoying it'd be to log only valid ones.

I'd definitely be open to try to re-add this / review a PR if you think it's worth it :)

Cheers