https://github.com/andreafioraldi/afl-qemu-cov

Measure Basic Blocks coverage of all testcases in the AFL queue using a patched QEMU
https://github.com/andreafioraldi/afl-qemu-cov

Last synced: 12 months ago
JSON representation

Measure Basic Blocks coverage of all testcases in the AFL queue using a patched QEMU

• Host: GitHub
• URL: https://github.com/andreafioraldi/afl-qemu-cov
• Owner: andreafioraldi
• Created: 2019-06-05T15:43:09.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2024-01-15T11:22:02.000Z (over 2 years ago)
• Last Synced: 2025-03-27T13:11:14.977Z (about 1 year ago)
• Language: C
• Homepage:
• Size: 49.8 KB
• Stars: 22
• Watchers: 3
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# afl-qemu-cov

This is an utility to measure the basic blocks coverage of all testcases in the

AFL/AFL++ queue using a patched QEMU.

Written and maintained by Andrea Fioraldi 

## Usage

To count the number of basic blocks covered by all the testcases in the queue

run bb_cov.py:

`./afl-qemu-cov -i /path/to/AFL/queue -o output1.csv -- ./binary `

This output.csv file contains tuples in the format

(testcase id, basic block address). Of course the testcase id not no unique as

a testcase may discover more than one basic block.

`./afl-qemu-total-cov -l output1.csv`

This script outputs the Basic Blocks coverage from the output of the previous

script.

`./afl-qemu-ts-cov -i /path/to/AFL/queue -l output1.csv -o output2.csv`

This script will create output2.csv that contains the tuples

(unix timestamp, testcase id, number of new basic blocks discovered).

This script uses the time fields in the name of the testcase and so cannot be

used with AFL but only with AFL++.

## Option

Use AFL_QEMU_INST_RANGES / AFL_QEMU_EXCLUDE_RANGES as in AFL++