ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Select (#995)

Browse Source 
* favor unfuzzed

* fix

* reinit table after a new fuzz
This commit is contained in:
van Hauser
2021-06-27 10:22:18 +02:00
committed by GitHub
parent 6a3877dcd3
commit 7038e56da3
4 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/afl-fuzz.h
View File

@ -519,7 +519,8 @@ typedef struct afl_state {
shmem_testcase_mode, /* If sharedmem testcases are used */ shmem_testcase_mode, /* If sharedmem testcases are used */
expand_havoc, /* perform expensive havoc after no find */ expand_havoc, /* perform expensive havoc after no find */
cycle_schedules, /* cycle power schedules? */ cycle_schedules, /* cycle power schedules? */
old_seed_selection; /* use vanilla afl seed selection */ old_seed_selection, /* use vanilla afl seed selection */
reinit_table; /* reinit the queue weight table */
u8 *virgin_bits, /* Regions yet untouched by fuzzing */ u8 *virgin_bits, /* Regions yet untouched by fuzzing */
*virgin_tmout, /* Bits we haven't seen in tmouts */ *virgin_tmout, /* Bits we haven't seen in tmouts */

1
src/afl-fuzz-one.c
View File

@ -2862,6 +2862,7 @@ abandon_entry:
--afl->pending_not_fuzzed; --afl->pending_not_fuzzed;
afl->queue_cur->was_fuzzed = 1; afl->queue_cur->was_fuzzed = 1;
afl->reinit_table = 1;
if (afl->queue_cur->favored) { --afl->pending_favored; } if (afl->queue_cur->favored) { --afl->pending_favored; }
} }

5
src/afl-fuzz-queue.c
View File

@ -58,7 +58,8 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q,
if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (log(q->bitmap_size) / avg_bitmap_size);
weight *= (1 + (q->tc_ref / avg_top_size)); weight *= (1 + (q->tc_ref / avg_top_size));
if (unlikely(q->favored)) weight *= 5; if (unlikely(q->favored)) { weight *= 5; }
if (unlikely(!q->was_fuzzed)) { weight *= 2; }
return weight; return weight;
@ -198,6 +199,8 @@ void create_alias_table(afl_state_t *afl) {
while (nS) while (nS)
afl->alias_probability[S[--nS]] = 1; afl->alias_probability[S[--nS]] = 1;
afl->reinit_table = 0;
/* /*
#ifdef INTROSPECTION #ifdef INTROSPECTION
u8 fn[PATH_MAX]; u8 fn[PATH_MAX];

3
src/afl-fuzz.c
View File

@ -2154,7 +2154,8 @@ int main(int argc, char **argv_orig, char **envp) {
if (likely(!afl->old_seed_selection)) { if (likely(!afl->old_seed_selection)) {
if (unlikely(prev_queued_paths < afl->queued_paths)) { if (unlikely(prev_queued_paths < afl->queued_paths ||
afl->reinit_table)) {
// we have new queue entries since the last run, recreate alias table // we have new queue entries since the last run, recreate alias table
prev_queued_paths = afl->queued_paths; prev_queued_paths = afl->queued_paths;