ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

autotokens: print stats at exit

Browse Source
This commit is contained in:
vanhauser-thc
2023-01-17 09:52:35 +01:00
parent 4b915207c4
commit 33f41e3974
3 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
custom_mutators/autotokens/README
View File

@ -1,6 +1,6 @@
# autotokens # autotokens
This implements an improved autotoken idea presented in This implements an improved autotoken grammar fuzzing idea presented in
[Token-Level Fuzzing][https://www.usenix.org/system/files/sec21-salls.pdf]. [Token-Level Fuzzing][https://www.usenix.org/system/files/sec21-salls.pdf].
It is a grammar fuzzer without actually knowing the grammar. It is a grammar fuzzer without actually knowing the grammar.
@ -8,5 +8,6 @@ It is recommended to run with together in an instance with `CMPLOG`.
If you have a dictionary (`-x`) this improves this custom grammar mutator. If you have a dictionary (`-x`) this improves this custom grammar mutator.
If **not** run with `CMPLOG`, it is possible to set `AFL_CUSTOM_MUTATOR_ONLY`, If **not** running with `CMPLOG`, it is possible to set
to concentrate on grammar bug classes. `AFL_CUSTOM_MUTATOR_ONLY` to concentrate on grammar bug classes.

12
custom_mutators/autotokens/autotokens.cpp
View File

@ -35,6 +35,7 @@ static u32 valid_structures;
static u32 whitespace_ids; static u32 whitespace_ids;
static u32 extras_cnt, a_extras_cnt; static u32 extras_cnt, a_extras_cnt;
static u64 all_spaces, all_tabs, all_lf, all_ws; static u64 all_spaces, all_tabs, all_lf, all_ws;
static u64 all_structure_items;
static unordered_map<string, vector<u32> *> file_mapping; static unordered_map<string, vector<u32> *> file_mapping;
static unordered_map<string, u32> token_to_id; static unordered_map<string, u32> token_to_id;
static unordered_map<u32, string> id_to_token; static unordered_map<u32, string> id_to_token;
@ -519,6 +520,7 @@ extern "C" unsigned char afl_custom_queue_get(void *data,
file_mapping[fn] = structure; file_mapping[fn] = structure;
s = structure; s = structure;
++valid_structures; ++valid_structures;
all_structure_items += structure->size();
// we are done! // we are done!
DEBUG(stderr, "DONE! We have %lu tokens in the structure\n", DEBUG(stderr, "DONE! We have %lu tokens in the structure\n",
@ -586,6 +588,16 @@ extern "C" my_mutator_t *afl_custom_init(afl_state *afl, unsigned int seed) {
extern "C" void afl_custom_deinit(my_mutator_t *data) { extern "C" void afl_custom_deinit(my_mutator_t *data) {
/* we use this to print statistics at exit :-)
needs to be stderr as stdout is filtered */
fprintf(stderr,
"\n\nAutotoken mutator statistics:\n"
" Number of all seen tokens: %lu\n"
" Number of input structures: %lu\n"
" Number of all items in structures: %lu\n\n",
current_id - 1, valid_structures, all_structure_items);
free(data); free(data);
} }

4
include/config.h
View File

@ -364,9 +364,9 @@
* * * *
***********************************************************/ ***********************************************************/
/* Call count interval between reseeding the libc PRNG from /dev/urandom: */ /* Call count interval between reseeding the PRNG from /dev/urandom: */
#define RESEED_RNG 100000 #define RESEED_RNG 2500000
/* The default maximum testcase cache size in MB, 0 = disable. /* The default maximum testcase cache size in MB, 0 = disable.
A value between 50 and 250 is a good default value. Note that the A value between 50 and 250 is a good default value. Note that the