about summary refs log tree commit diff
path: root/include/aflrun.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/aflrun.h')
-rw-r--r--include/aflrun.h111
1 files changed, 111 insertions, 0 deletions
diff --git a/include/aflrun.h b/include/aflrun.h
new file mode 100644
index 00000000..89921e35
--- /dev/null
+++ b/include/aflrun.h
@@ -0,0 +1,111 @@
+#ifndef _HAVE_AFL_RUN_H
+#define _HAVE_AFL_RUN_H
+
+#include "types.h"
+#include "config.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+	/* functions called at initialization */
+
+	void aflrun_load_config(const char* config_str,
+		u8* check_at_begin, u8* log_at_begin, u64* log_check_interval,
+		double* trim_thr, double* queue_quant_thr, u32* min_num_exec);
+
+	void aflrun_load_freachables(const char* temp_path,
+		reach_t* num_ftargets, reach_t* num_freachables);
+	void aflrun_load_edges(const char* bb_edges, reach_t num_reachables);
+	void aflrun_load_dists(const char* dir, reach_t num_targets,
+		reach_t num_reachables, char** reachable_names);
+
+	void aflrun_init_fringes(
+		reach_t num_reachables, reach_t num_targets);
+	void aflrun_init_groups(reach_t num_targets);
+
+	void aflrun_init_globals(void* afl,
+		reach_t num_targets, reach_t num_reachables,
+		reach_t num_ftargets, reach_t num_freachables,
+		u8* virgin_reachables, u8* virgin_freachables, u8* virgin_ctx,
+		char** reachable_names, reach_t** reachable_to_targets,
+		reach_t* reachable_to_size, const char* out_dir,
+		const double* target_weights, u32 map_size, u8* div_switch,
+		const char* cycle_time);
+
+	void aflrun_remove_seed(u32 seed);
+
+	/* functions used to update fringe */
+
+	// path-sensitive fringe, called for mutated input and new imported seed
+	// One thing to note is that we don't consider seed that varies in coverage
+	// among different runs, in which case we only use the coverage of the first
+	// run (e.i. `common_fuzz_stuff` for mutated input and sync input or
+	// first calibration for imported seed)
+	u8 aflrun_has_new_path(const u8* freached, const u8* reached, const u8* path,
+		const ctx_t* virgin_trace, size_t len, u8 inc, u32 seed,
+		const u8* new_bits, const size_t* clusters, size_t num_clusters);
+	u8 aflrun_end_cycle();
+	void aflrun_update_fuzzed_quant(u32 id, double fuzzed_quant);
+
+	/* functions for debugging and inspecting */
+
+	void aflrun_check_state(void);
+	void aflrun_log_fringes(const char* path, u8 prog);
+	void aflrun_get_state(int* cycle_count, u32* cov_quant,
+		size_t* div_num_invalid, size_t* div_num_fringes);
+	u64 aflrun_queue_cycle(void);
+	u8 aflrun_get_mode(void);
+	bool aflrun_is_uni(void);
+	void aflrun_get_reached(reach_t* num_reached, reach_t* num_freached,
+		reach_t* num_reached_targets, reach_t* num_freached_targets);
+	double aflrun_get_seed_quant(u32 seed);
+	void aflrun_get_time(u64* last_reachable, u64* last_fringe,
+		u64* last_pro_fringe, u64* last_target, u64* last_ctx_reachable,
+		u64* last_ctx_fringe, u64* last_ctx_pro_fringe, u64* last_ctx_target);
+
+	/* functions called at begining of each cycle to assign energy */
+
+	// calculate energy for each seed
+	void aflrun_assign_energy(u32 num_seeds, const u32* seeds, double* ret);
+	void aflrun_set_num_active_seeds(u32 n);
+	u8 aflrun_cycle_end(u8*);
+
+	// update score and queue culling
+	void aflrun_update_fringe_score(u32 seed);
+	u32 aflrun_cull_queue(u32* seeds, u32 num);
+	void aflrun_set_favored_seeds(const u32* seeds, u32 num, u8 mode);
+
+	/* Functions for the second diversity idea */
+
+	// Get virgin maps associated with given targets, result goes into `ret_maps`
+	size_t aflrun_get_virgins(
+		const ctx_t* targets, size_t num, u8** ret_maps, size_t* ret_clusters);
+	size_t aflrun_max_clusters(u32 seed);
+	size_t aflrun_get_seed_virgins(u32 seed, u8** ret_maps, size_t* ret_clusters);
+	size_t aflrun_get_seed_tops(u32 seed, void*** ret_tops);
+	size_t aflrun_get_num_clusters(void);
+	size_t aflrun_get_all_tops(void*** ret_tops, u8 mode);
+
+	// For target clustering
+#ifdef WORD_SIZE_64
+	void discover_word_mul(u8 *new_bits,
+		u64 *current, u64* const *virgins, size_t num, size_t idx, u8 modify);
+#else
+	#error "Please use 64-bit to compile AFLRun"
+#endif
+	void aflrun_commit_bit_seqs(const size_t* clusters, size_t num);
+
+	// AFL interfaces
+	u64 get_seed_fav_factor(void* afl_void, u32 seed);
+	double get_seed_perf_score(void* afl_void, u32 seed);
+	bool get_seed_div_favored(void* afl_void, u32 seed);
+	u8 get_seed_cov_favored(void* afl_void, u32 seed);
+	void disable_aflrun_extra(void* afl_void, u32 seed);
+	u64 get_cur_time(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_HAVE_AFL_RUN_H */
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-20 19:20:07 +0000