ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-10 17:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

new mutation weighting

Browse Source
This commit is contained in:
vanhauser-thc 2023-06-23 17:08:21 +02:00
parent 2366c00235
commit c2c27349c3
2 changed files with 466 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

460
include/afl-mutations.h
View File

@ -77,6 +77,466 @@ enum {
};
#define MUT_TXT_ARRAY_SIZE 200
u32 text_array[MUT_TXT_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT};
#define MUT_BIN_ARRAY_SIZE 256
u32 binary_array[MUT_BIN_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_CLONE_FIXED,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_OVERWRITE_FIXED,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTEADD,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_BYTESUB,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_SWITCH,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT};
#define MUT_NORMAL_ARRAY_SIZE 77
u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,

30
src/afl-fuzz-one.c
View File

@ -2101,27 +2101,17 @@ havoc_stage:
*/
rand_max = MUT_STRATEGY_ARRAY_SIZE;
if (unlikely(afl->text_input)) { // is text?
if (likely(afl->fuzz_mode == 0)) { // is exploration?
if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
mutation_array = full_splice_array;
rand_max = MUT_SPLICE_ARRAY_SIZE;
} else {
mutation_array = normal_splice_array;
rand_max = MUT_NORMAL_ARRAY_SIZE;
}
mutation_array = (unsigned int *)&text_array;
rand_max = MUT_TXT_ARRAY_SIZE;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
rand_max = MUT_STRATEGY_ARRAY_SIZE;
}
@ -2129,21 +2119,13 @@ havoc_stage:
if (likely(afl->fuzz_mode == 0)) { // is exploration?
if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
mutation_array = full_splice_array;
rand_max = MUT_SPLICE_ARRAY_SIZE;
} else {
mutation_array = normal_splice_array;
rand_max = MUT_NORMAL_ARRAY_SIZE;
}
mutation_array = (unsigned int *)&binary_array;
rand_max = MUT_BIN_ARRAY_SIZE;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
rand_max = MUT_STRATEGY_ARRAY_SIZE;
}