After I searched more information about it, I found that there is also a tool called afl-showmap that can generate a readable bitmap file for human. I used command shown in picture below and found it was not run as expected.
But it still generated a readable output file like below. In this stage, I think what bitmap can provide us is a tuple<code block id, execution times of certain code block given an input>.
At last, I found an reasonable explanation in a paper. In this stage, I think that every byte in the bitmap represents a count of edge between two code blocks. However, there is a doubt hit on me now. Is it really works for XOR operation to identify a unique path between two code blocks?
The content showed above is what I've learnt about bitmap in different stages.
In the end, I want to ask another question about bitmap. Is it possible for me to get every input and corresponding feedback from afl ?
Because I can only get some useful input files in /results/queue directory and one fuzz_bitmap file in /results directory now.
Thanks in advance!
Is there anyone who has an idea about it ?