[feature request] Report coverage for all queue items at once instead of per item
MarkusTeufelberger opened this issue · 6 comments
In my case, afl-fuzz is much faster in generating new test cases than lcov can generate output. A mode where counters are zeroed, then afl-cov runs all queue items it knows about and then runs the rest of the lcov commands to generate a single report would be a great thing to have.
Thanks for the suggestion, I'll take a look at implementing this (and your other suggestions too). It will take me a few days before I can start on this. Thanks.
Yeah, some are easier than others (adding a "2" vs. implementing a new switch), these were just the things that were coming up for me after playing around with your awesome project a bit. :-)
Currently I ended up just running lcov manually in the way I described here, but the added features of afl-cov would be great to have. I can provide pull requests for #18 and #20 if you want, they are fairly trivial changes.
Are you working on this at the moment? Otherwise I'd give it a try myself.
Not currently working on this, so it's all yours if you want to put cycles into this. It would be a good feature.
Ok, looked over it a bit more in detail, but it seems to be more complicated than I thought... as I see it either I'd have to refactor quite a bit of functionality to make it work in a "reset_counters(), capture_coverage_data(list_of_tests), write_report(previous_report)" loop or I'll just hack in the extra mode and probably duplicate a lot of existing stuff. The current approach with a more or less global dict that tracks current state doesn't seem to fit well to this use case. :-(
I refactored the --cover-corpus addition a bit. The id-delta-cov file now reports a range of AFL test case ID's in this mode. Also, added the --coverage-at-exit switch since --cover-corpus supports --live mode when new test cases are expected to be generated. These changes went into afl-cov-0.6. Please let me know if there are any issues. Closing this issue for now.