Giter Club home page Giter Club logo

Comments (21)

PaulCher avatar PaulCher commented on August 23, 2024 2

I just had the same problem and I think I have figured out what was wrong for me.
This happened to me, because the program I have been fuzzing used _exit, so destructor (which writes *.gcda files) was not executed and these files were not created. You can figure it out by checking out the man page of gcc for -fprofile-arcs flag.

To make this work I just used exit function instead of _exit, which executes the ELF destructors before exitting.

from afl-cov.

grumpycatfb avatar grumpycatfb commented on August 23, 2024 1

I think i ended up fixing this btw. I ended up compiling a newer version of gcc and replacing 4.8 that was installed via apt-get. That fixed the issue.

from afl-cov.

hullale avatar hullale commented on August 23, 2024 1

I have run into this error a number of times, and have figured out that it is exclusively caused by a failure in compiling with gcov profiling support. The following fixed this issue:

  1. Specifying lcov and genhtml paths. In command line arguments.
  2. Double checking the compilation arguments to verify you are correctly compiling with gcov profiling support.
  3. Verifying the other compilation arguments are the same between your Fuzzed copy of source and copy to generate coverage with.
  4. Verify that a .gcno file have been generated for every file that you wish to generate coverage for.

from afl-cov.

umlaeute avatar umlaeute commented on August 23, 2024

are you sure that you've added -fprofile-arcs -ftest-coverage to both the compiler and linker flags?

from afl-cov.

mrash avatar mrash commented on August 23, 2024

By default, afl-cov tries to determine whether the fuzzed binary has been compiled with '-fprofile-arcs -ftest-coverage' by using readelf. It looks to me as though the lcov command is throwing an error. Can you manually execute the two lcov commands you have above from the terminal and post any errors:

/usr/bin/lcov --no-checksum --capture --directory ../ --output-file ../afl_out/cov/lcov/trace.lcov_info
/usr/bin/lcov --no-checksum -a ../afl_out/cov/lcov/trace.lcov_base -a ../afl_out/cov/lcov/trace.lcov_info --output-file /tmp/tmppLxYHX

from afl-cov.

mrash avatar mrash commented on August 23, 2024

Also, the very first lcov command generated an error in your initial bug report - try executing the manually and post any errors. I'll update afl-cov to detect whatever error condition lcov seems to be warning about:

/usr/bin/lcov --no-checksum --capture --initial --directory ../ --output-file ../afl_out/cov/lcov/trace.lcov_base

from afl-cov.

bactis avatar bactis commented on August 23, 2024

@mrash I'm getting the same error here is the output of the two commands on my system

original command to launch afl-cov

batman@batcavecomputer:~/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov$ ~/git/afl-cov/afl-cov -d /hom
e/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/ --live --coverage-cmd "cat AFL_FILE | /home/
batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov/msg-driver" --code-dir .                        
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_base
    
*** Imported 27 new test cases from: /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//fuzzer01/queue

    [+] AFL test case: id:000000,orig:.blah.swp (0 / 27), cycle: 0
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --directory . --output-file /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_info
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_base -a /home/batman/GammaStorage/GaryWork/codeStuf$
/fuzz-msgparser-sync//cov/lcov/trace.lcov_info --output-file /tmp/tmplVTjxp
Traceback (most recent call last):
  File "/home/batman/git/afl-cov/afl-cov", line 1194, in <module>
    sys.exit(main())
  File "/home/batman/git/afl-cov/afl-cov", line 91, in main
    return not process_afl_test_cases(cargs)
  File "/home/batman/git/afl-cov/afl-cov", line 208, in process_afl_test_cases
    cov, cargs)
  File "/home/batman/git/afl-cov/afl-cov", line 314, in coverage_diff
    new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
  File "/home/batman/git/afl-cov/afl-cov", line 462, in extract_coverage
    with open(lcov_file, 'r') as f:
IOError: [Errno 2] No such file or directory: '/home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_info_final'

1st command and output below

batman@batcavecomputer:~/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov$ /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base
Capturing coverage data from .
Found gcov version: 5.4.0
Scanning . for .gcno files ...
Found 52 graph files in .
Processing clock_control.gcno
geninfo: ERROR: /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov/clock_control.gcno: reached unexpected end of file

2nd command error

batman@batcavecomputer:~/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov$ /usr/bin/lcov --no-checksum -a /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base -a /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_info --output-file /tmp/tmp4WVR83
Combining tracefiles.
Reading tracefile /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base
lcov: ERROR: no valid records found in tracefile /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base

from afl-cov.

mrash avatar mrash commented on August 23, 2024

@PaulCher That is an excellent point about using _exit() vs. exit() and the ELF destructors. There might be other factors too, if upgrading gcc seems to fix the problem as noted by @grumpycatfb. Not sure what afl-cov can do to minimize this sort of behavior though.

from afl-cov.

Nimo-Zhang avatar Nimo-Zhang commented on August 23, 2024

Hi @mrash , I meet the same problem. Here is the 1st command and output below:

$sudo /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file ../../../output/cov/lcov/trace.lcov_base
Capturing coverage data from .
Found gcov version: 5.2.1
Scanning . for .gcno files ...
Found 1 graph files in .
Processing base64.gcno
Out of memory!

The version of lcov on my computer is 1.13.

from afl-cov.

umlaeute avatar umlaeute commented on August 23, 2024

@zzzssseee how is this the same problem? it looks very different to me.

from afl-cov.

Nimo-Zhang avatar Nimo-Zhang commented on August 23, 2024

@umlaeute I don't know why this happened. When I tried to run afl-cov , I got the same error :

$ sudo ../../../afl-cov-master/afl-cov -d ../../../output --live --coverage-cmd "cat AFL_FILE ./base64" --code-dir . --overwrite
[sudo] password for zhang123: 
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
        Non-zero exit status '1' for CMD: /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file ../../../output/cov/lcov/trace.lcov_base
    
*** Imported 21 new test cases from: ../../../output/queue

    [+] AFL test case: id:000000,orig:1 (0 / 21), cycle: 0
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --directory . --output-file ../../../output/cov/lcov/trace.lcov_info
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a ../../../output/cov/lcov/trace.lcov_base -a ../../../output/cov/lcov/trace.lcov_info --output-file /tmp/tmp9_nd43
Traceback (most recent call last):
  File "../../../afl-cov-master/afl-cov", line 1200, in <module>
    sys.exit(main())
  File "../../../afl-cov-master/afl-cov", line 91, in main
    return not process_afl_test_cases(cargs)
  File "../../../afl-cov-master/afl-cov", line 208, in process_afl_test_cases
    cov, cargs)
  File "../../../afl-cov-master/afl-cov", line 314, in coverage_diff
    new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
  File "../../../afl-cov-master/afl-cov", line 462, in extract_coverage
    with open(lcov_file, 'r') as f:
IOError: [Errno 2] No such file or directory: '../../../output/cov/lcov/trace.lcov_info_final'

So I tried to find the cause of the problem and then entered the above command as you see,and then got the “out of memory” error.

from afl-cov.

valour01 avatar valour01 commented on August 23, 2024

I come across the same problems.
system version is Linux jmh-SYS 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
gcc version is gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609
-fprofile-arcs -ftest-coverage is added
lcov version is lcov: LCOV version 1.12

Those who can run the afl-cov successfully. Could you please share your system and compiler version or any specific configurations. Many Thanks

from afl-cov.

spencerwuwu avatar spencerwuwu commented on August 23, 2024

@valour01 I'm currently dealing with the same problem.
It seems to be an issue discussed here .
I'm thinking about writing another script based on the GCOV's intermediate format approach given in the discussion.

from afl-cov.

valour01 avatar valour01 commented on August 23, 2024

@spencerwuwu Thank you very much

Actually, I don't have so much time and I have to catch the deadline. Thus, I hope those who can run the afl-cov successfully to provide me the specific version of the compiler, system and binary version so that I can try this tool now. Many Thanks.

from afl-cov.

mrash avatar mrash commented on August 23, 2024

Ok, can you try the latest afl-cov from git master? This commit will likely help: 7d0b064 since afl-cov will log command errors to the afl-cov.log logfile, so if lcov is having a problem then the error should appear in this file.

from afl-cov.

whitefir avatar whitefir commented on August 23, 2024

I'd like to share my experience in this matter.
Firstly, I also met this error same as above ones.
But later I find, I used afl-clang-fast to compile the lib and linker, as it is 'default' and 'favorable' when using afl. So, after I change afl-clang-fast to afl-gcc, afl-cov works successfully. Maybe, this is the only reason simply.
BTW, is there any method to make afl-cov compatible with clang? Many thanks.

from afl-cov.

Kankarollo avatar Kankarollo commented on August 23, 2024

I had the same problem, but managed to solve it because of hint from @hullale comment. In my case the biggest flaw was that .gcda files were not generated in the same directory that .gcno and <afl-gcov_binary>.

I solved it by producing my gcov binary (<afl-gcov_binary>) with afl-gcc -fprofile-arcs -ftest-coverage in the same folder (folder_with_source_code) where my source code (only the main .c file not all of dependency code) and <afl_binary> (on which I used afl-fuzz) were and made sure that all *.gcno and *.gcda files were generated there too. ( *.gcda files are generated only when you execute afl-cov)

I used command:

afl-cov -d .../afl-output --coverage-cmd ".../folder_with_source_code/<afl-gcov_binary> < AFL_FILE " --code-dir .../folder_with_source_code/.

In my case afl-fuzzer take input from binary rerouted to stdin that's why ".../folder_with_source_code/<afl-gcov_binary> < AFL_FILE "

from afl-cov.

sgzeng avatar sgzeng commented on August 23, 2024

same. Would afl-cov add support to clang? Many thx!

from afl-cov.

r-2007 avatar r-2007 commented on August 23, 2024

Hey, I run into the same problem when trying to use afl-cov.
This is the error message I receive.

 afl-cov -c fuzz-cov/ -d temp1/output/aflsmart/TinyDTLS/test_copy -e "fuzz-cov/tests/dtls-fuzz AFL_FILE psk 2" --overwrite
    
*** Imported 3 new test cases from: temp1/output/aflsmart/TinyDTLS/test_copy/queue

    [+] AFL test case: id:000000,time:0,orig:0 (0 / 3), cycle: 0
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info --output-file /tmp/tmp2KcTpg
Traceback (most recent call last):
  File "/usr/bin/afl-cov", line 1194, in <module>
    sys.exit(main())
  File "/usr/bin/afl-cov", line 91, in main
    return not process_afl_test_cases(cargs)
  File "/usr/bin/afl-cov", line 208, in process_afl_test_cases
    cov, cargs)
  File "/usr/bin/afl-cov", line 314, in coverage_diff
    new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
  File "/usr/bin/afl-cov", line 462, in extract_coverage
    with open(lcov_file, 'r') as f:
IOError: [Errno 2] No such file or directory: 'temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info_final'

This is the output I get from running the lcov command
1st command:

rahbar@rahbar-VirtualBox:~$ /usr/bin/lcov --no-checksum --capture --initial --directory fuzz-cov/ --output-file temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base
Capturing coverage data from fuzz-cov/
Found gcov version: 7.5.0
Scanning fuzz-cov/ for .gcno files ...
Found 16 graph files in fuzz-cov/
Processing tests/dtls-fuzz.gcno
Processing tests/prf-test.gcno
Processing tests/dtls-server.gcno
Processing tests/dtls-client.gcno
Processing tests/ccm-test.gcno
Processing dtls-hmac.gcno
Processing sha2/sha2.gcno
Processing posix/dtls-support.gcno
Processing netq.gcno
Processing aes/rijndael.gcno
Processing dtls-crypto.gcno
Processing ecc/ecc.gcno
Processing dtls-ccm.gcno
Processing dtls-peer.gcno
Processing dtls-log.gcno
Processing dtls.gcno
Finished .info-file creation

2nd command:

rahbar@rahbar-VirtualBox:~$ /usr/bin/lcov --no-checksum -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info --output-file /tmp/tmppLxYHX
Combining tracefiles.
Reading tracefile temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base
Reading tracefile temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info
lcov: ERROR: no valid records found in tracefile temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info

I have GCC (Ubuntu 7.5.0-3ubuntu1~18.04) and LCOV(1.13) versions.
I compiled the source code used for fuzzing with afl-gcc. and added gcov profiling support while using afl-gcc for the separate copy that is used for afl-cov.

Could someone suggest me where I am going wrong?

from afl-cov.

umlaeute avatar umlaeute commented on August 23, 2024

@r-2007 would you mind posting text-output of the error-messages, rather than images? it makes it so much easier to search for.

from afl-cov.

wyunc avatar wyunc commented on August 23, 2024

I just had this problem too.
I found that it was because gcov was version incompatible when parsing the gcc compiler
I copied the whole afl-gcc project into docker with gcc version=7.5.0 and gcov=7.5.0; However, the docker version is gcc=10.3.0 and gcov=9.3.0.
Therefore, it only needs to be recompiled in the new environment
Maybe lcov --gcov-tool /path/to/gcov-7 can be specified to the specific gcov version? I didn't try this

from afl-cov.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.