Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I'm curious about how SharpFuzz measures coverage #53

Open
howl-2019 opened this issue Oct 16, 2023 · 1 comment
Open

I'm curious about how SharpFuzz measures coverage #53

howl-2019 opened this issue Oct 16, 2023 · 1 comment

Comments

@howl-2019
Copy link

I've been using your SharpFuzz and finding it quite useful. However, I have a question. It seems like SharpFuzz takes input generated by afl and reports that input if an exception occurs. I'm curious about how afl measures coverage for that input. It seems like afl and SharpFuzz operate as separate processes. If I've misunderstood something, please point it out, and I would appreciate it if you could explain the coverage measurement method used by SharpFuzz.

Thank you.
@Mic92
Copy link

Mic92 commented Oct 21, 2023

afl-showmap seems to produce some result:

$ afl-showmap -C -i ./findings/default -o /dev/null -- $(cat findings/default/cmdline)
[*] Reading from directory './findings/default/queue'...
[*] Scanning './findings/default/queue'...
[+] Captured 660 tuples (map size 8388608, highest value 255, total values 1009849) in '/dev/null'.
[+] A coverage of 660 edges were achieved out of 8388608 existing (0.01%) with 544 input files.

I wonder if there is some way to map this back to source code?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mic92 @howl-2019