QEMU-SanCov

Very WIP project. SanCov hooks and coverage reports for QEMU user.

Create a shared library with the user-defined hooks and load it in QEMU-SanCov using the QEMU_SANCOV_LIB env var.

At the moment only the equivalent to -fsanitize-coverage=bb,no-prune,trace-pc,trace-cmp -finstrument-functions is supported.

trace-cmp only in x86/x86_64

$./build_qemu.sh

$ gcc test-instr.c -o test-instr

$ gcc -fPIC -shared examples/bbs_dump.c -o bbs_dump.so
$ QEMU_SANCOV_LIB=./bbs_dump.so ./qemu-sancov-x86_64 ./test-instr 0

$ gcc -fPIC -shared examples/cmp_dump.c -o cmp_dump.so
$ QEMU_SANCOV_LIB=./cmp_dump.so ./qemu-sancov-x86_64 ./test-instr 0

$ gcc -fPIC -shared examples/fn_dump.c -o fn_dump.so
$ QEMU_SANCOV_LIB=./fn_dump.so ./qemu-sancov-x86_64 ./test-instr 0

FlashDB BSP for auto test

Simple hooking library for C/C++ (x86 only, 32/64-bit, no dependencies)

An ATTiny45 Emulator Written in C

Modular and configurable OS for embedded applications

C collections. Easy to build, boring algorithms. Dumb is good.

An extension to bash's builtin, providing more functionalities and potentially better performance.

QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.

Qemu KVM(Kernel Virtual Machine)学习笔记

Measure Basic Blocks coverage of all testcases in the AFL queue using a patched QEMU