ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-18 12:48:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

mopt: uppercase constants

Browse Source
This commit is contained in:
vanhauser-thc
2025-04-05 13:52:49 +02:00
parent 5a56790dfc
commit 81bbb90454
4 changed files with 77 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
include/afl-fuzz.h
View File

@ -317,14 +317,13 @@ enum {
}; };
#define operator_num 19 #define OPERATOR_NUM 19
#define swarm_num 5 #define SWARM_NUM 5
#define period_core 500000 #define PERIOD_CORE 500000
#define RAND_C (rand() % 1000 * 0.001) #define RAND_C (rand() % 1000 * 0.001)
#define v_max 1 #define V_MAX 1
#define v_min 0.05 #define V_MIN 0.05
#define limit_time_bound 1.1
#define SPLICE_CYCLES_puppet_up 25 #define SPLICE_CYCLES_puppet_up 25
#define SPLICE_CYCLES_puppet_low 5 #define SPLICE_CYCLES_puppet_low 5
#define STAGE_RANDOMBYTE 12 #define STAGE_RANDOMBYTE 12
@ -334,7 +333,7 @@ enum {
#define STAGE_OverWriteExtra 16 #define STAGE_OverWriteExtra 16
#define STAGE_InsertExtra 17 #define STAGE_InsertExtra 17
#define STAGE_Splice 18 #define STAGE_Splice 18
#define period_pilot 50000 #define PERIOD_PILOT 50000
enum { enum {
@ -518,23 +517,23 @@ typedef struct afl_state {
u64 tmp_core_time; u64 tmp_core_time;
s32 swarm_now; s32 swarm_now;
double x_now[swarm_num][operator_num], L_best[swarm_num][operator_num], double x_now[SWARM_NUM][OPERATOR_NUM], L_best[SWARM_NUM][OPERATOR_NUM],
eff_best[swarm_num][operator_num], G_best[operator_num], eff_best[SWARM_NUM][OPERATOR_NUM], G_best[OPERATOR_NUM],
v_now[swarm_num][operator_num], probability_now[swarm_num][operator_num], v_now[SWARM_NUM][OPERATOR_NUM], probability_now[SWARM_NUM][OPERATOR_NUM],
swarm_fitness[swarm_num]; swarm_fitness[SWARM_NUM];
u64 stage_finds_puppet[swarm_num][operator_num], /* Patterns found per u64 stage_finds_puppet[SWARM_NUM][OPERATOR_NUM], /* Patterns found per
fuzz stage */ fuzz stage */
stage_finds_puppet_v2[swarm_num][operator_num], stage_finds_puppet_v2[SWARM_NUM][OPERATOR_NUM],
stage_cycles_puppet_v2[swarm_num][operator_num], stage_cycles_puppet_v2[SWARM_NUM][OPERATOR_NUM],
stage_cycles_puppet_v3[swarm_num][operator_num], stage_cycles_puppet_v3[SWARM_NUM][OPERATOR_NUM],
stage_cycles_puppet[swarm_num][operator_num], stage_cycles_puppet[SWARM_NUM][OPERATOR_NUM],
operator_finds_puppet[operator_num], operator_finds_puppet[OPERATOR_NUM],
core_operator_finds_puppet[operator_num], core_operator_finds_puppet[OPERATOR_NUM],
core_operator_finds_puppet_v2[operator_num], core_operator_finds_puppet_v2[OPERATOR_NUM],
core_operator_cycles_puppet[operator_num], core_operator_cycles_puppet[OPERATOR_NUM],
core_operator_cycles_puppet_v2[operator_num], core_operator_cycles_puppet_v2[OPERATOR_NUM],
core_operator_cycles_puppet_v3[operator_num]; /* Execs per fuzz stage */ core_operator_cycles_puppet_v3[OPERATOR_NUM]; /* Execs per fuzz stage */
double period_pilot_tmp; double period_pilot_tmp;
s32 key_lv; s32 key_lv;

83
src/afl-fuzz-one.c
View File

@ -33,19 +33,16 @@
static int select_algorithm(afl_state_t *afl, u32 max_algorithm) { static int select_algorithm(afl_state_t *afl, u32 max_algorithm) {
int i_puppet, j_puppet = 0, operator_number = max_algorithm; int i_puppet = 0, j_puppet = 0, OPERATOR_NUMber = max_algorithm;
double range_sele = double range_sele =
(double)afl->probability_now[afl->swarm_now][operator_number - 1]; (double)afl->probability_now[afl->swarm_now][OPERATOR_NUMber - 1];
double sele = ((double)(rand_below(afl, 10000) * 0.0001 * range_sele)); double sele =
((double)((double)rand_below(afl, 10000) * 0.0001 * range_sele));
for (i_puppet = 0; i_puppet < operator_num; ++i_puppet) { if (likely(sele >= afl->probability_now[afl->swarm_now][0])) {
if (unlikely(i_puppet == 0)) { for (i_puppet = 1; i_puppet < OPERATOR_NUM; ++i_puppet) {
if (sele < afl->probability_now[afl->swarm_now][i_puppet]) { break; }
} else {
if (sele < afl->probability_now[afl->swarm_now][i_puppet]) { if (sele < afl->probability_now[afl->swarm_now][i_puppet]) {
@ -58,10 +55,10 @@ static int select_algorithm(afl_state_t *afl, u32 max_algorithm) {
} }
if ((j_puppet == 1 && if (unlikely((j_puppet == 1 &&
sele < afl->probability_now[afl->swarm_now][i_puppet - 1]) || sele < afl->probability_now[afl->swarm_now][i_puppet - 1]) ||
(i_puppet + 1 < operator_num && (i_puppet + 1 < OPERATOR_NUM &&
sele > afl->probability_now[afl->swarm_now][i_puppet + 1])) { sele > afl->probability_now[afl->swarm_now][i_puppet + 1]))) {
FATAL("error select_algorithm"); FATAL("error select_algorithm");
@ -3466,7 +3463,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (!MOpt_globals.is_pilot_mode) { if (!MOpt_globals.is_pilot_mode) {
if (swarm_num == 1) { if (SWARM_NUM == 1) {
afl->key_module = 2; afl->key_module = 2;
return 0; return 0;
@ -3685,7 +3682,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
s32 temp_len_puppet; s32 temp_len_puppet;
// for (; afl->swarm_now < swarm_num; ++afl->swarm_now) // for (; afl->swarm_now < SWARM_NUM; ++afl->swarm_now)
{ {
if (unlikely(afl->orig_hit_cnt_puppet == 0)) { if (unlikely(afl->orig_hit_cnt_puppet == 0)) {
@ -3757,7 +3754,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
afl->stage_cur_val = use_stacking; afl->stage_cur_val = use_stacking;
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
MOpt_globals.cycles_v3[i] = MOpt_globals.cycles_v2[i]; MOpt_globals.cycles_v3[i] = MOpt_globals.cycles_v2[i];
@ -4427,7 +4424,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (MOpt_globals.is_pilot_mode) { if (MOpt_globals.is_pilot_mode) {
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
if (MOpt_globals.cycles_v2[i] > MOpt_globals.cycles_v3[i]) { if (MOpt_globals.cycles_v2[i] > MOpt_globals.cycles_v3[i]) {
@ -4439,7 +4436,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} else { } else {
for (i = 0; i < operator_num; i++) { for (i = 0; i < OPERATOR_NUM; i++) {
if (afl->core_operator_cycles_puppet_v2[i] > if (afl->core_operator_cycles_puppet_v2[i] >
afl->core_operator_cycles_puppet_v3[i]) afl->core_operator_cycles_puppet_v3[i])
@ -4616,7 +4613,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} }
afl->temp_puppet_find = afl->total_puppet_find; afl->temp_puppet_find = afl->total_puppet_find;
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
if (MOpt_globals.is_pilot_mode) { if (MOpt_globals.is_pilot_mode) {
@ -4642,15 +4639,15 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
MOpt_globals.finds[i] = MOpt_globals.finds_v2[i]; MOpt_globals.finds[i] = MOpt_globals.finds_v2[i];
MOpt_globals.cycles[i] = MOpt_globals.cycles_v2[i]; MOpt_globals.cycles[i] = MOpt_globals.cycles_v2[i];
} /* for i = 0; i < operator_num */ } /* for i = 0; i < OPERATOR_NUM */
if (MOpt_globals.is_pilot_mode) { if (MOpt_globals.is_pilot_mode) {
afl->swarm_now = afl->swarm_now + 1; afl->swarm_now = afl->swarm_now + 1;
if (afl->swarm_now == swarm_num) { if (afl->swarm_now == SWARM_NUM) {
afl->key_module = 1; afl->key_module = 1;
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
afl->core_operator_cycles_puppet_v2[i] = afl->core_operator_cycles_puppet_v2[i] =
afl->core_operator_cycles_puppet[i]; afl->core_operator_cycles_puppet[i];
@ -4663,7 +4660,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
double swarm_eff = 0.0; double swarm_eff = 0.0;
afl->swarm_now = 0; afl->swarm_now = 0;
for (i = 0; i < swarm_num; ++i) { for (i = 0; i < SWARM_NUM; ++i) {
if (afl->swarm_fitness[i] > swarm_eff) { if (afl->swarm_fitness[i] > swarm_eff) {
@ -4674,13 +4671,13 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} }
if (afl->swarm_now < 0 || afl->swarm_now > swarm_num - 1) { if (afl->swarm_now < 0 || afl->swarm_now > SWARM_NUM - 1) {
PFATAL("swarm_now error number %d", afl->swarm_now); PFATAL("swarm_now error number %d", afl->swarm_now);
} }
} /* if afl->swarm_now == swarm_num */ } /* if afl->swarm_now == SWARM_NUM */
/* adjust pointers dependent on 'afl->swarm_now' */ /* adjust pointers dependent on 'afl->swarm_now' */
afl->mopt_globals_pilot.finds = afl->mopt_globals_pilot.finds =
@ -4696,7 +4693,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} else { } else {
for (i = 0; i < operator_num; i++) { for (i = 0; i < OPERATOR_NUM; i++) {
afl->core_operator_finds_puppet[i] = afl->core_operator_finds_puppet[i] =
afl->core_operator_finds_puppet_v2[i]; afl->core_operator_finds_puppet_v2[i];
@ -4739,17 +4736,17 @@ u8 pilot_fuzzing(afl_state_t *afl) {
void pso_updating(afl_state_t *afl) { void pso_updating(afl_state_t *afl) {
afl->g_now++; afl->g_now++;
if (afl->g_now > afl->g_max) { afl->g_now = 0; } if (unlikely(afl->g_now > afl->g_max)) { afl->g_now = 0; }
afl->w_now = afl->w_now =
(afl->w_init - afl->w_end) * (afl->g_max - afl->g_now) / (afl->g_max) + (afl->w_init - afl->w_end) * (afl->g_max - afl->g_now) / (afl->g_max) +
afl->w_end; afl->w_end;
int tmp_swarm, i, j; int tmp_swarm, i, j;
u64 temp_operator_finds_puppet = 0; u64 temp_operator_finds_puppet = 0;
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
afl->operator_finds_puppet[i] = afl->core_operator_finds_puppet[i]; afl->operator_finds_puppet[i] = afl->core_operator_finds_puppet[i];
for (j = 0; j < swarm_num; ++j) { for (j = 0; j < SWARM_NUM; ++j) {
afl->operator_finds_puppet[i] = afl->operator_finds_puppet[i] =
afl->operator_finds_puppet[i] + afl->stage_finds_puppet[j][i]; afl->operator_finds_puppet[i] + afl->stage_finds_puppet[j][i];
@ -4761,7 +4758,7 @@ void pso_updating(afl_state_t *afl) {
} }
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
if (afl->operator_finds_puppet[i]) { if (afl->operator_finds_puppet[i]) {
@ -4772,10 +4769,10 @@ void pso_updating(afl_state_t *afl) {
} }
for (tmp_swarm = 0; tmp_swarm < swarm_num; ++tmp_swarm) { for (tmp_swarm = 0; tmp_swarm < SWARM_NUM; ++tmp_swarm) {
double x_temp = 0.0; double x_temp = 0.0;
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
afl->probability_now[tmp_swarm][i] = 0.0; afl->probability_now[tmp_swarm][i] = 0.0;
afl->v_now[tmp_swarm][i] = afl->v_now[tmp_swarm][i] =
@ -4783,13 +4780,13 @@ void pso_updating(afl_state_t *afl) {
RAND_C * (afl->L_best[tmp_swarm][i] - afl->x_now[tmp_swarm][i]) + RAND_C * (afl->L_best[tmp_swarm][i] - afl->x_now[tmp_swarm][i]) +
RAND_C * (afl->G_best[i] - afl->x_now[tmp_swarm][i]); RAND_C * (afl->G_best[i] - afl->x_now[tmp_swarm][i]);
afl->x_now[tmp_swarm][i] += afl->v_now[tmp_swarm][i]; afl->x_now[tmp_swarm][i] += afl->v_now[tmp_swarm][i];
if (afl->x_now[tmp_swarm][i] > v_max) { if (afl->x_now[tmp_swarm][i] > V_MAX) {
afl->x_now[tmp_swarm][i] = v_max; afl->x_now[tmp_swarm][i] = V_MAX;
} else if (afl->x_now[tmp_swarm][i] < v_min) { } else if (afl->x_now[tmp_swarm][i] < V_MIN) {
afl->x_now[tmp_swarm][i] = v_min; afl->x_now[tmp_swarm][i] = V_MIN;
} }
@ -4797,7 +4794,7 @@ void pso_updating(afl_state_t *afl) {
} }
for (i = 0; i < operator_num; ++i) { for (i = 0; i < OPERATOR_NUM; ++i) {
afl->x_now[tmp_swarm][i] = afl->x_now[tmp_swarm][i] / x_temp; afl->x_now[tmp_swarm][i] = afl->x_now[tmp_swarm][i] / x_temp;
if (likely(i != 0)) { if (likely(i != 0)) {
@ -4813,8 +4810,8 @@ void pso_updating(afl_state_t *afl) {
} }
if (afl->probability_now[tmp_swarm][operator_num - 1] < 0.99 || if (afl->probability_now[tmp_swarm][OPERATOR_NUM - 1] < 0.99 ||
afl->probability_now[tmp_swarm][operator_num - 1] > 1.01) { afl->probability_now[tmp_swarm][OPERATOR_NUM - 1] > 1.01) {
FATAL("ERROR probability"); FATAL("ERROR probability");
@ -4858,9 +4855,13 @@ u8 fuzz_one(afl_state_t *afl) {
limit_time_sig < 0 both are run limit_time_sig < 0 both are run
*/ */
if (afl->limit_time_sig <= 0) { key_val_lv_1 = fuzz_one_original(afl); } if (likely(afl->limit_time_sig <= 0)) {
if (afl->limit_time_sig != 0) { key_val_lv_1 = fuzz_one_original(afl);
}
if (unlikely(afl->limit_time_sig >= 0)) {
if (afl->key_module == 0) { if (afl->key_module == 0) {

4
src/afl-fuzz-state.c
View File

@ -44,7 +44,7 @@ static void init_mopt_globals(afl_state_t *afl) {
core->cycles_v3 = afl->core_operator_cycles_puppet_v3; core->cycles_v3 = afl->core_operator_cycles_puppet_v3;
core->is_pilot_mode = 0; core->is_pilot_mode = 0;
core->pTime = &afl->tmp_core_time; core->pTime = &afl->tmp_core_time;
core->period = period_core; core->period = PERIOD_CORE;
core->havoc_stagename = "MOpt-core-havoc"; core->havoc_stagename = "MOpt-core-havoc";
core->splice_stageformat = "MOpt-core-splice %u"; core->splice_stageformat = "MOpt-core-splice %u";
core->havoc_stagenameshort = "MOpt_core_havoc"; core->havoc_stagenameshort = "MOpt_core_havoc";
@ -58,7 +58,7 @@ static void init_mopt_globals(afl_state_t *afl) {
pilot->cycles_v3 = afl->stage_cycles_puppet_v3[0]; pilot->cycles_v3 = afl->stage_cycles_puppet_v3[0];
pilot->is_pilot_mode = 1; pilot->is_pilot_mode = 1;
pilot->pTime = &afl->tmp_pilot_time; pilot->pTime = &afl->tmp_pilot_time;
pilot->period = period_pilot; pilot->period = PERIOD_PILOT;
pilot->havoc_stagename = "MOpt-havoc"; pilot->havoc_stagename = "MOpt-havoc";
pilot->splice_stageformat = "MOpt-splice %u"; pilot->splice_stageformat = "MOpt-splice %u";
pilot->havoc_stagenameshort = "MOpt_havoc"; pilot->havoc_stagenameshort = "MOpt_havoc";

24
src/afl-fuzz.c
View File

@ -1319,12 +1319,12 @@ int main(int argc, char **argv_orig, char **envp) {
(afl->g_max) + (afl->g_max) +
afl->w_end; afl->w_end;
for (tmp_swarm = 0; tmp_swarm < swarm_num; ++tmp_swarm) { for (tmp_swarm = 0; tmp_swarm < SWARM_NUM; ++tmp_swarm) {
double total_puppet_temp = 0.0; double total_puppet_temp = 0.0;
afl->swarm_fitness[tmp_swarm] = 0.0; afl->swarm_fitness[tmp_swarm] = 0.0;
for (j = 0; j < operator_num; ++j) { for (j = 0; j < OPERATOR_NUM; ++j) {
afl->stage_finds_puppet[tmp_swarm][j] = 0; afl->stage_finds_puppet[tmp_swarm][j] = 0;
afl->probability_now[tmp_swarm][j] = 0.0; afl->probability_now[tmp_swarm][j] = 0.0;
@ -1338,7 +1338,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
for (j = 0; j < operator_num; ++j) { for (j = 0; j < OPERATOR_NUM; ++j) {
afl->stage_cycles_puppet_v2[tmp_swarm][j] = afl->stage_cycles_puppet_v2[tmp_swarm][j] =
afl->stage_cycles_puppet[tmp_swarm][j]; afl->stage_cycles_puppet[tmp_swarm][j];
@ -1351,7 +1351,7 @@ int main(int argc, char **argv_orig, char **envp) {
double x_temp = 0.0; double x_temp = 0.0;
for (j = 0; j < operator_num; ++j) { for (j = 0; j < OPERATOR_NUM; ++j) {
afl->probability_now[tmp_swarm][j] = 0.0; afl->probability_now[tmp_swarm][j] = 0.0;
afl->v_now[tmp_swarm][j] = afl->v_now[tmp_swarm][j] =
@ -1362,13 +1362,13 @@ int main(int argc, char **argv_orig, char **envp) {
afl->x_now[tmp_swarm][j] += afl->v_now[tmp_swarm][j]; afl->x_now[tmp_swarm][j] += afl->v_now[tmp_swarm][j];
if (afl->x_now[tmp_swarm][j] > v_max) { if (afl->x_now[tmp_swarm][j] > V_MAX) {
afl->x_now[tmp_swarm][j] = v_max; afl->x_now[tmp_swarm][j] = V_MAX;
} else if (afl->x_now[tmp_swarm][j] < v_min) { } else if (afl->x_now[tmp_swarm][j] < V_MIN) {
afl->x_now[tmp_swarm][j] = v_min; afl->x_now[tmp_swarm][j] = V_MIN;
} }
@ -1376,7 +1376,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
for (j = 0; j < operator_num; ++j) { for (j = 0; j < OPERATOR_NUM; ++j) {
afl->x_now[tmp_swarm][j] = afl->x_now[tmp_swarm][j] / x_temp; afl->x_now[tmp_swarm][j] = afl->x_now[tmp_swarm][j] / x_temp;
if (likely(j != 0)) { if (likely(j != 0)) {
@ -1393,8 +1393,8 @@ int main(int argc, char **argv_orig, char **envp) {
} }
if (afl->probability_now[tmp_swarm][operator_num - 1] < 0.99 || if (afl->probability_now[tmp_swarm][OPERATOR_NUM - 1] < 0.99 ||
afl->probability_now[tmp_swarm][operator_num - 1] > 1.01) { afl->probability_now[tmp_swarm][OPERATOR_NUM - 1] > 1.01) {
FATAL("ERROR probability"); FATAL("ERROR probability");
@ -1402,7 +1402,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
for (j = 0; j < operator_num; ++j) { for (j = 0; j < OPERATOR_NUM; ++j) {
afl->core_operator_finds_puppet[j] = 0; afl->core_operator_finds_puppet[j] = 0;
afl->core_operator_finds_puppet_v2[j] = 0; afl->core_operator_finds_puppet_v2[j] = 0;