From e5c98d0d1d7b9bfac02234607c351c486955d3e4 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Tue, 26 Nov 2024 16:04:54 +0900 Subject: Calculate mean proximity score MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: 김태은 --- src/afl-fuzz-run.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index a3787e5c..2da27453 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -427,6 +427,12 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, } +static u64 compute_proximity_score(u32 *dfg_bits) { + u64 result = 0; + for (size_t i = 0; i < DFG_MAP_SIZE; result += dfg_bits[++i]); + return result; +} + /* Calibrate a new test case. This is done when processing the input directory to warn about flaky or otherwise problematic test cases early on; and when new paths are discovered to detect variable behavior and so on. */ @@ -645,6 +651,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, if (unlikely(!q->exec_us)) { q->exec_us = 1; } q->bitmap_size = count_bytes(afl, afl->fsrv.trace_bits); + q->prox_score = compute_proximity_score(); q->handicap = handicap; q->cal_failed = 0; @@ -653,6 +660,9 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, update_bitmap_score(afl, q); + afl->mean_prox_score += + (q->prox_score - afl->mean_prox_score) / afl->queued_items; + /* If this case didn't result in new output from the instrumentation, tell parent. This is a non-critical problem, but something to warn the user about. */ -- cgit 1.4.1