ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-10 01:01:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

minor enhancement

Browse Source
This commit is contained in:
vanhauser-thc 2024-05-23 21:42:17 +02:00
parent 35156eb917
commit 59d546f39a
3 changed files with 42 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/afl-fuzz.h
View File

@ -200,6 +200,7 @@ struct queue_entry {
u8 *fname; /* File name for the test case */ u8 *fname; /* File name for the test case */
u32 len; /* Input length */ u32 len; /* Input length */
u32 id; /* entry number in queue_buf */ u32 id; /* entry number in queue_buf */
u32 found;
u8 colorized, /* Do not run redqueen stage again */ u8 colorized, /* Do not run redqueen stage again */
cal_failed; /* Calibration failed? */ cal_failed; /* Calibration failed? */

71
src/afl-fuzz-queue.c
View File

@ -60,53 +60,53 @@ inline u32 select_next_queue_entry(afl_state_t *afl) {
} }
//#define DEBUG_QUEUE 1 // #define DEBUG_QUEUE 1
double compute_weight(afl_state_t *afl, struct queue_entry *q, double compute_weight(afl_state_t *afl, struct queue_entry *q,
double avg_exec_us, double avg_bitmap_size, double avg_exec_us, double avg_bitmap_size,
double avg_top_size, double avg_score) { double avg_top_size, double avg_score) {
double weight = 1.0; double weight = 1.0;
/* /*
if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) {
u32 hits = afl->n_fuzz[q->n_fuzz_entry]; u32 hits = afl->n_fuzz[q->n_fuzz_entry];
if (likely(hits)) { weight /= (log10(hits) + 1); } if (likely(hits)) { weight /= (log10(hits) + 1); }
} }
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, "WEIGHT id=%u fname=%s start_weight=1.0\n", q->id, q->fname); fprintf(stderr, "WEIGHT id=%u fname=%s start_weight=1.0\n", q->id,
fprintf(stderr, " after step 1: %.2f (log10(hits))\n", weight); q->fname); fprintf(stderr, " after step 1: %.2f (log10(hits))\n", weight);
#endif #endif
if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, " after step 2: %.2f (exec_us)\n", weight); fprintf(stderr, " after step 2: %.2f (exec_us)\n", weight);
#endif #endif
weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (log(q->bitmap_size) / avg_bitmap_size);
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, " after step 3: %.2f (log(bitmap_size))\n", weight); fprintf(stderr, " after step 3: %.2f (log(bitmap_size))\n", weight);
#endif #endif
weight *= (1 + (q->tc_ref / avg_top_size)); weight *= (1 + (q->tc_ref / avg_top_size));
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, " after step 4: %.2f (top_size)\n", weight); fprintf(stderr, " after step 4: %.2f (top_size)\n", weight);
#endif #endif
if (unlikely(avg_score != 0.0)) { weight *= (q->score / avg_score); } if (unlikely(avg_score != 0.0)) { weight *= (q->score / avg_score); }
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, " after step 5: %.2f (score)\n", weight); fprintf(stderr, " after step 5: %.2f (score)\n", weight);
#endif #endif
if (unlikely(weight < 0.1)) { weight = 0.1; } if (unlikely(weight < 0.1)) { weight = 0.1; }
if (unlikely(q->favored)) { if (unlikely(q->favored)) {
weight += 1; weight += 1;
weight *= 5; weight *= 5;
} }
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, " after step 6: %.2f (favored)\n", weight); fprintf(stderr, " after step 6: %.2f (favored)\n", weight);
#endif #endif
*/ */
if (unlikely(!q->was_fuzzed)) { weight *= 3; } if (unlikely(!q->was_fuzzed)) { weight *= 3; }
#ifdef DEBUG_QUEUE #ifdef DEBUG_QUEUE
fprintf(stderr, " after step 7: %.2f (was_fuzzed)\n", weight); fprintf(stderr, " after step 7: %.2f (was_fuzzed)\n", weight);
@ -635,6 +635,7 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
q->trace_mini = NULL; q->trace_mini = NULL;
q->testcase_buf = NULL; q->testcase_buf = NULL;
q->mother = afl->queue_cur; q->mother = afl->queue_cur;
afl->queue_cur->found++;
q->score = afl->current_score; q->score = afl->current_score;
if (unlikely(!q->score)) { q->score = 1; } if (unlikely(!q->score)) { q->score = 1; }

9
src/afl-fuzz.c
View File

@ -3081,15 +3081,16 @@ stop_fuzzing:
struct queue_entry *q = afl->queue_buf[k]; struct queue_entry *q = afl->queue_buf[k];
fprintf(stderr, fprintf(stderr,
"item=%u fname=%s len=%u exec_us=%llu total_execs=%llu has_new_cov=%u " "item=%u fname=%s len=%u exec_us=%llu total_execs=%llu "
"has_new_cov=%u "
"var_behavior=%u favored=%u fs_redundant=%u disabled=%u " "var_behavior=%u favored=%u fs_redundant=%u disabled=%u "
"bitmap_size=%u tc_ref=%u fuzz_level=%u was_fuzzed=%u " "bitmap_size=%u tc_ref=%u fuzz_level=%u was_fuzzed=%u "
"mother=%d perf_score=%.2f weight=%.2f score=%u\n", "mother=%d found=%u perf_score=%.2f weight=%.2f score=%u\n",
k, q->fname, q->len, q->exec_us, q->total_execs, q->has_new_cov, k, q->fname, q->len, q->exec_us, q->total_execs, q->has_new_cov,
q->var_behavior, q->favored, q->fs_redundant, q->disabled, q->var_behavior, q->favored, q->fs_redundant, q->disabled,
q->bitmap_size, q->tc_ref, q->fuzz_level, q->was_fuzzed, q->bitmap_size, q->tc_ref, q->fuzz_level, q->was_fuzzed,
q->mother == NULL ? -1 : (int)q->mother->id, q->perf_score, q->mother == NULL ? -1 : (int)q->mother->id, q->found,
q->weight, q->score); q->perf_score, q->weight, q->score);
} }