ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

add -z switch

Browse Source
This commit is contained in:
vanhauser-thc
2023-04-05 12:59:20 +02:00
parent 5fea071ae9
commit 36127fb197
4 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/Changelog.md
View File

@ -12,6 +12,7 @@
- fixed a crash in pizza (1st april easter egg) mode. Sorry for - fixed a crash in pizza (1st april easter egg) mode. Sorry for
everyone who was affected! everyone who was affected!
- allow pizza mode to be disabled when AFL_PIZZA_MODE is set to -1 - allow pizza mode to be disabled when AFL_PIZZA_MODE is set to -1
- add -z switch to prefer new coverage findings in seed selection
- afl-cc: - afl-cc:
- add CFI sanitizer variant to gcc targets - add CFI sanitizer variant to gcc targets
- llvm 16 support (thanks to @devnexen!) - llvm 16 support (thanks to @devnexen!)

3
include/afl-fuzz.h
View File

@ -501,7 +501,8 @@ typedef struct afl_state {
custom_splice_optout, /* Custom mutator no splice buffer */ custom_splice_optout, /* Custom mutator no splice buffer */
is_main_node, /* if this is the main node */ is_main_node, /* if this is the main node */
is_secondary_node, /* if this is a secondary instance */ is_secondary_node, /* if this is a secondary instance */
pizza_is_served; /* pizza mode */ pizza_is_served, /* pizza mode */
prefer_new; /* prefer new queue entries */
u32 stats_update_freq; /* Stats update frequency (execs) */ u32 stats_update_freq; /* Stats update frequency (execs) */

7
src/afl-fuzz-queue.c
View File

@ -74,9 +74,14 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q,
if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (log(q->bitmap_size) / avg_bitmap_size);
weight *= (1 + (q->tc_ref / avg_top_size)); weight *= (1 + (q->tc_ref / avg_top_size));
if (unlikely(weight < 1.0)) { weight = 1.0; } if (unlikely(weight < 0.1)) { weight = 0.1; }
if (unlikely(q->favored)) { weight *= 5; } if (unlikely(q->favored)) { weight *= 5; }
if (unlikely(!q->was_fuzzed)) { weight *= 2; } if (unlikely(!q->was_fuzzed)) { weight *= 2; }
if (unlikely(afl->prefer_new)) {
weight *= (2.0 * (q->id / (afl->queued_items - 1)));
}
return weight; return weight;

5
src/afl-fuzz.c
View File

@ -132,6 +132,7 @@ static void usage(u8 *argv0, int more_help) {
" fast(default), explore, exploit, seek, rare, mmopt, " " fast(default), explore, exploit, seek, rare, mmopt, "
"coe, lin\n" "coe, lin\n"
" quad -- see docs/FAQ.md for more information\n" " quad -- see docs/FAQ.md for more information\n"
" -z - prefer new coverage findings when fuzzing\n"
" -f file - location read by the fuzzed program (default: stdin " " -f file - location read by the fuzzed program (default: stdin "
"or @@)\n" "or @@)\n"
" -t msec - timeout for each run (auto-scaled, default %u ms). " " -t msec - timeout for each run (auto-scaled, default %u ms). "
@ -569,6 +570,10 @@ int main(int argc, char **argv_orig, char **envp) {
afl->max_length = atoi(optarg); afl->max_length = atoi(optarg);
break; break;
case 'z':
afl->prefer_new = 1;
break;
case 'Z': case 'Z':
afl->old_seed_selection = 1; afl->old_seed_selection = 1;
break; break;