From 3aa72429256d0d24d435abd1f641bfce0d4da557 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 17 Mar 2020 21:42:36 +0100 Subject: added mmopt power schedule --- docs/Changelog.md | 8 ++++++-- docs/power_schedules.md | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index 177054e2..e1f3cd7e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,17 +20,21 @@ sending a mail to . - python mutator modules and custom mutator modules now use the same interface and hence the API changed - AFL_AUTORESUME will resume execution without the need to specify `-i -` + - added experimental power schedule -p mmopt that ignores the runtime of + queue entries and gives higher weighting to the last 5 queue entries + it is currently experimental and subject to change but preliminary + results are good - LTO collision free instrumented added in llvm_mode with afl-clang-lto - note that this mode is amazing, but quite some targets won't compile - llvm_mode InsTrim mode: - removed workaround for bug where paths were not instrumented and imported fix by author - made skipping 1 block functions an option and is disable by default, - set AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK=1 to renable this + set AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK=1 to re-enable this - qemu_mode: - qemu_mode now uses solely the internal capstone version to fix builds on modern Linux distributions - - QEMU now logs routines arguments for CmpLog when the target is x86 + - QEMU now logs routine arguments for CmpLog when the target is x86 - afl-tmin: - now supports hang mode `-H` to minimize hangs - fixed potential afl-tmin missbehavior for targets with multiple hangs diff --git a/docs/power_schedules.md b/docs/power_schedules.md index 4026aedf..cdada0f6 100644 --- a/docs/power_schedules.md +++ b/docs/power_schedules.md @@ -19,6 +19,7 @@ We find that AFL's exploitation-based constant schedule assigns **too much energ | `-p quad` | ![QUAD](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%5Cfrac%7Bs%28i%29%5E2%7D%7Bf%28i%29%7D%2CM%5Cright%29) | | `-p lin` | ![LIN](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%5Cfrac%7Bs%28i%29%7D%7Bf%28i%29%7D%2CM%5Cright%29) | | `-p exploit` (AFL) | ![LIN](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Calpha%28i%29) | +| `-p mmopt` | Experimental: `explore` with no weighting to runtime and increased weighting on the last 5 queue entries | where *α(i)* is the performance score that AFL uses to compute for the seed input *i*, *β(i)>1* is a constant, *s(i)* is the number of times that seed *i* has been chosen from the queue, *f(i)* is the number of generated inputs that exercise the same path as seed *i*, and *μ* is the average number of generated inputs exercising a path. More details can be found in the paper that was accepted at the [23rd ACM Conference on Computer and Communications Security (CCS'16)](https://www.sigsac.org/ccs/CCS2016/accepted-papers/). -- cgit 1.4.1