afl-sancov is a fork of afl-cov (version 0.5) that works on Clang/LLVM sanitizer instrumented binaries.
- Cannot use afl-cov (Gcov/lcov) reliably on crashing tests
- Coverage info from crashing tests can be used towards Spectrum based fault localization
See docs/Example.md
- afl-sync-dir
- sancov (Root dir for coverage info)
- delta-diff (Dir for differential spectrum)
- Bunch of json files summarizing delta coverage between crashing and queue inputs
- delta-diff (Dir for differential spectrum)
- sancov (Root dir for coverage info)
I am happy to take both. If there is demand, I can work on polishing the delta-diff feature
A large part of afl-sancov development and testing has been possible due to Michael Rash's excellent tool and the open-source fuzzing community at afl-users and beyond. So, thank you all :-)