Coverage based minimizer

[project-repo]

Hi,
While using honggfuzz in practice, I noticed that it would be useful to have a coverage based test case minimizer for honggfuzz comparable to afl-minimize for the american fuzzy lop. This uses the instrumentation to try and minimize a file so as to retain it's entire coverage. It may be that this already exists and I have simply missed it in which case it might make sense to include it in the USAGE file or somewhere comparable.
cheers
project-repo

[ghedo]

Yes, afl has afl-cmin/afl-tmin and libfuzzer has the -merge flag. It's unfortunate that honggfuzz doesn't seem to have an equivalent of those.

[robertswiecki]

There is, just called not very intuitively. You can use --covdir_all <dir> to save all non-duplicating testcases to a directory. It could be definitely better (e.g. first sorting by overall coverage per input, and then running it), but it's something for the future.

[robertswiecki]

Ok, I've implemented a coverage-based minimizer.

It works as follows

W/o the output dir (unnecessary files in the input dir will be deleted)

honggfuzz -M -f input_dir -- binary/to/fuzz

or with the output dir (interesting files will be copied to the --output directory)

honggfuzz -M -f input_dir --output output_dir -- binary/to/fuzz