diff options
| author | van Hauser <vh@thc.org> | 2021-01-01 13:42:58 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2021-01-01 13:42:58 +0100 |
| commit | fac373ec9e4a0a35a5f0491a34e790137ca17dee (patch) | |
| tree | c951c6361a07de2f403df5459bf688fc117bf92f | |
| parent | 16d2bd31778600dedd3f8ca10f19bce62f14ccb8 (diff) | |
| download | afl++-fac373ec9e4a0a35a5f0491a34e790137ca17dee.tar.gz | |
try new weighting
| -rw-r--r-- | include/afl-fuzz.h | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 17 | ||||
| -rw-r--r-- | utils/libdislocator/libdislocator.so.c | 2 |
3 files changed, 14 insertions, 9 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index a99e4991..d6a322cc 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -590,9 +590,9 @@ typedef struct afl_state { u32 rand_cnt; /* Random number counter */ -/* unsigned long rand_seed[3]; would also work */ + /* unsigned long rand_seed[3]; would also work */ AFL_RAND_RETURN rand_seed[3]; - s64 init_seed; + s64 init_seed; u64 total_cal_us, /* Total calibration time (us) */ total_cal_cycles; /* Total calibration cycles */ diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 9a0d199e..de750f36 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -43,7 +43,8 @@ inline u32 select_next_queue_entry(afl_state_t *afl) { } double compute_weight(afl_state_t *afl, struct queue_entry *q, - double avg_exec_us, double avg_bitmap_size) { + double avg_exec_us, double avg_bitmap_size, + double avg_top_size) { double weight = 1.0; @@ -54,9 +55,9 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, } - weight *= avg_exec_us / q->exec_us; - weight *= (log(q->bitmap_size) / avg_bitmap_size); - + if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } + weight *= (q->bitmap_size / avg_bitmap_size); + weight *= (log(q->tc_ref) / avg_top_size); if (unlikely(q->favored)) weight *= 5; return weight; @@ -91,6 +92,7 @@ void create_alias_table(afl_state_t *afl) { double avg_exec_us = 0.0; double avg_bitmap_size = 0.0; + double avg_top_size = 0.0; u32 active = 0; for (i = 0; i < n; i++) { @@ -101,7 +103,8 @@ void create_alias_table(afl_state_t *afl) { if (likely(!q->disabled)) { avg_exec_us += q->exec_us; - avg_bitmap_size += log(q->bitmap_size); + avg_bitmap_size += q->bitmap_size; + avg_top_size += log(q->tc_ref); ++active; } @@ -110,6 +113,7 @@ void create_alias_table(afl_state_t *afl) { avg_exec_us /= active; avg_bitmap_size /= active; + avg_top_size /= active; for (i = 0; i < n; i++) { @@ -117,7 +121,8 @@ void create_alias_table(afl_state_t *afl) { if (likely(!q->disabled)) { - q->weight = compute_weight(afl, q, avg_exec_us, avg_bitmap_size); + q->weight = + compute_weight(afl, q, avg_exec_us, avg_bitmap_size, avg_top_size); q->perf_score = calculate_score(afl, q); sum += q->weight; diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index c2b200cb..c041fec6 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -345,7 +345,7 @@ void free(void *ptr) { len = PTR_L(ptr); total_mem -= len; - u8 * ptr_ = ptr; + u8 *ptr_ = ptr; if (align_allocations && (len & (ALLOC_ALIGN_SIZE - 1))) { |