afl-cov

code coverage for afl (American Fuzzy Lop)

afl-cov uses test cases produced by the fuzzer afl to produce gcov code coverage results (what parts of program are actually executed) of the targeted binary. afl-cov can be used to analyze the test results of afl after fuzzing has been completed. However, a typical workflow is to run afl-cov while afl-fuzz builds test cases during the fuzzing cycle runs on the same system, and to review the cumulative code coverage results. Analyzing code coverage results of afl test cases can help to maximize its effectiveness, e.g. when its needed to patch the project code to help the fuzzer to reach code that would be otherwise inaccessible.