afl-cov(1) code coverage for afl (American Fuzzy Lop)


$ afl-cov -d /path/to/afl-fuzz-output/ --live -e "./bin/foo afl-file" -c /path/to/project-gcov/


The workflow for afl-cov is to create a spare copy of the project binaries compiled for gcov profiling support (gcc -fprofile-arcs -ftest-coverage), and to start up afl-cov in live mode before starting the afl-fuzz fuzzing cycle. The command line arguments for afl-cov must specify the path to the output directory used by afl-fuzz next to the command to execute along with the associated arguments, closely resembling the manner in which afl-fuzz executes the targeted binary.

For exhaustive information on afl-cov and its usage see /usr/share/doc/afl-cov/README.html.


Please run $ afl-cov --help for a complete list of options.


afl-cov is written by Michael Rash <[email protected]>