about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--custom_mutators/autotokens/README7
-rw-r--r--custom_mutators/autotokens/autotokens.cpp12
-rw-r--r--include/config.h4
3 files changed, 18 insertions, 5 deletions
diff --git a/custom_mutators/autotokens/README b/custom_mutators/autotokens/README
index 6849279e..0dcc6a3e 100644
--- a/custom_mutators/autotokens/README
+++ b/custom_mutators/autotokens/README
@@ -1,6 +1,6 @@
 # autotokens
 
-This implements an improved autotoken idea presented in
+This implements an improved autotoken grammar fuzzing idea presented in
 [Token-Level Fuzzing][https://www.usenix.org/system/files/sec21-salls.pdf].
 It is a grammar fuzzer without actually knowing the grammar.
 
@@ -8,5 +8,6 @@ It is recommended to run with together in an instance with `CMPLOG`.
 
 If you have a dictionary (`-x`) this improves this custom grammar mutator.
 
-If **not** run with `CMPLOG`, it is possible to set `AFL_CUSTOM_MUTATOR_ONLY`,
-to concentrate on grammar bug classes.
+If **not** running with `CMPLOG`, it is possible to set
+`AFL_CUSTOM_MUTATOR_ONLY` to concentrate on grammar bug classes.
+
diff --git a/custom_mutators/autotokens/autotokens.cpp b/custom_mutators/autotokens/autotokens.cpp
index 850692a1..d6b269fd 100644
--- a/custom_mutators/autotokens/autotokens.cpp
+++ b/custom_mutators/autotokens/autotokens.cpp
@@ -35,6 +35,7 @@ static u32        valid_structures;
 static u32        whitespace_ids;
 static u32        extras_cnt, a_extras_cnt;
 static u64        all_spaces, all_tabs, all_lf, all_ws;
+static u64        all_structure_items;
 static unordered_map<string, vector<u32> *> file_mapping;
 static unordered_map<string, u32>           token_to_id;
 static unordered_map<u32, string>           id_to_token;
@@ -519,6 +520,7 @@ extern "C" unsigned char afl_custom_queue_get(void                *data,
     file_mapping[fn] = structure;
     s = structure;
     ++valid_structures;
+    all_structure_items += structure->size();
 
     // we are done!
     DEBUG(stderr, "DONE! We have %lu tokens in the structure\n",
@@ -586,6 +588,16 @@ extern "C" my_mutator_t *afl_custom_init(afl_state *afl, unsigned int seed) {
 
 extern "C" void afl_custom_deinit(my_mutator_t *data) {
 
+  /* we use this to print statistics at exit :-)
+     needs to be stderr as stdout is filtered */
+
+  fprintf(stderr,
+          "\n\nAutotoken mutator statistics:\n"
+          "  Number of all seen tokens:  %lu\n"
+          "  Number of input structures: %lu\n"
+          "  Number of all items in structures: %lu\n\n",
+          current_id - 1, valid_structures, all_structure_items);
+
   free(data);
 
 }
diff --git a/include/config.h b/include/config.h
index 6cfaac11..f8a742f2 100644
--- a/include/config.h
+++ b/include/config.h
@@ -364,9 +364,9 @@
  *                                                         *
  ***********************************************************/
 
-/* Call count interval between reseeding the libc PRNG from /dev/urandom: */
+/* Call count interval between reseeding the PRNG from /dev/urandom: */
 
-#define RESEED_RNG 100000
+#define RESEED_RNG 2500000
 
 /* The default maximum testcase cache size in MB, 0 = disable.
    A value between 50 and 250 is a good default value. Note that the