From fac373ec9e4a0a35a5f0491a34e790137ca17dee Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 1 Jan 2021 13:42:58 +0100 Subject: try new weighting --- src/afl-fuzz-queue.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 9a0d199e..de750f36 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -43,7 +43,8 @@ inline u32 select_next_queue_entry(afl_state_t *afl) { } double compute_weight(afl_state_t *afl, struct queue_entry *q, - double avg_exec_us, double avg_bitmap_size) { + double avg_exec_us, double avg_bitmap_size, + double avg_top_size) { double weight = 1.0; @@ -54,9 +55,9 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, } - weight *= avg_exec_us / q->exec_us; - weight *= (log(q->bitmap_size) / avg_bitmap_size); - + if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } + weight *= (q->bitmap_size / avg_bitmap_size); + weight *= (log(q->tc_ref) / avg_top_size); if (unlikely(q->favored)) weight *= 5; return weight; @@ -91,6 +92,7 @@ void create_alias_table(afl_state_t *afl) { double avg_exec_us = 0.0; double avg_bitmap_size = 0.0; + double avg_top_size = 0.0; u32 active = 0; for (i = 0; i < n; i++) { @@ -101,7 +103,8 @@ void create_alias_table(afl_state_t *afl) { if (likely(!q->disabled)) { avg_exec_us += q->exec_us; - avg_bitmap_size += log(q->bitmap_size); + avg_bitmap_size += q->bitmap_size; + avg_top_size += log(q->tc_ref); ++active; } @@ -110,6 +113,7 @@ void create_alias_table(afl_state_t *afl) { avg_exec_us /= active; avg_bitmap_size /= active; + avg_top_size /= active; for (i = 0; i < n; i++) { @@ -117,7 +121,8 @@ void create_alias_table(afl_state_t *afl) { if (likely(!q->disabled)) { - q->weight = compute_weight(afl, q, avg_exec_us, avg_bitmap_size); + q->weight = + compute_weight(afl, q, avg_exec_us, avg_bitmap_size, avg_top_size); q->perf_score = calculate_score(afl, q); sum += q->weight; -- cgit 1.4.1 From 7b8c8cf12fde0feab25a1d794e010a5778cf9be8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 8 Jan 2021 00:47:52 +0100 Subject: fix --- src/afl-fuzz-queue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index de750f36..c375703d 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -56,7 +56,7 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, } if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } - weight *= (q->bitmap_size / avg_bitmap_size); + weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (log(q->tc_ref) / avg_top_size); if (unlikely(q->favored)) weight *= 5; @@ -103,7 +103,7 @@ void create_alias_table(afl_state_t *afl) { if (likely(!q->disabled)) { avg_exec_us += q->exec_us; - avg_bitmap_size += q->bitmap_size; + avg_bitmap_size += log(q->bitmap_size); avg_top_size += log(q->tc_ref); ++active; -- cgit 1.4.1 From dc81f681c9cb0af66ae6f820ed421a2b7100a404 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 10 Jan 2021 13:12:44 +0100 Subject: fix weight calc, thanks to Marcel --- src/afl-fuzz-queue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 99f564e9..66938635 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -57,7 +57,7 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } weight *= (log(q->bitmap_size) / avg_bitmap_size); - weight *= (log(q->tc_ref) / avg_top_size); + weight *= (1 + (q->tc_ref / avg_top_size)); if (unlikely(q->favored)) weight *= 5; return weight; @@ -104,7 +104,7 @@ void create_alias_table(afl_state_t *afl) { avg_exec_us += q->exec_us; avg_bitmap_size += log(q->bitmap_size); - avg_top_size += log(q->tc_ref); + avg_top_size += q->tc_ref; ++active; } -- cgit 1.4.1