Open Klavishnik opened 1 month ago
I can imagine a aflr cov
sub-command that would aggregate the coverage data across all runs and just outputs it in some form, probably the HTML report would be best..
However, updating the compilation process would currently still be a user thing to do
That's right. To collect coverage, it is necessary to make a new build of the project with special compilation flags, and this must be done by the user, not aflr. An instrumented binary, when run, will generaterate additional files that will contain code coverage data. Therefore, in the configuration file (maybe) you will have to make two parameters - the path to the binary and the path to the source folder. With clang, the coverage will be collected into a file. .profraw, which can then be converted into an HTML report. I can send bash commands for this. It is also worth adding conditions for stop fuzzing by time when new paths are not found.
There are some my scripts for getting coverage by vanilla afl++ fuzzing:
#!/bin/bash
for file in out/*/queue/*
do
./bin_cov < $file
done
After that step you get .default.profraw
file in source dir
llvm-profdata merge -sparse default.profraw -o foo.profdata
llvm-cov show bin_cov -instr-profile=foo.profdata
llvm-cov report bin_cov -instr-profile=foo.profdata
llvm-cov show bin_cov -instr-profile=foo.profdata -format=html -output-dir=coverage_report_clang
rm foo.profdata default.profraw
I'll try to work on this in a timely manner. PRs are very much appreciated though!
Unfortunately I don't know the rust. I tried to understand the project code, but I didn’t understand anything....
https://clang.llvm.org/docs/SourceBasedCodeCoverage.html