clear seed cov from virgin map

AFLplusplus · Sep 26, 2020 · 454d861 · 454d861
1 parent 3ed8f53
commit 454d861
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 12 deletions.
diff --git a/examples/libaflfuzzer.c b/examples/libaflfuzzer.c
@@ -118,19 +118,21 @@ static afl_ret_t in_memory_fuzzer_initialize(afl_executor_t *executor) {
 
   if (calibration_idx > 0) {
 
-    fprintf(stderr, "\nCalibrations to check: %ld\n", calibration_idx);
+    if (debug) fprintf(stderr, "\nCalibrations to check: %ld\n", calibration_idx);
     while (calibration_idx > 0) {
 
       --calibration_idx;
-      fprintf(stderr, "Seed %ld\n", calibration_idx);
+      if (debug) fprintf(stderr, "Seed %ld\n", calibration_idx);
       afl_entry_t *queue_entry = in_memory_fuzzer->global_queue->base.funcs.get_queue_entry(
           (afl_queue_t *)in_memory_fuzzer->global_queue, calibration_idx);
       if (queue_entry && !queue_entry->info->skip_entry) {
 
-        fprintf(stderr, "Seed %ld testing ...\n", calibration_idx);
+        if (debug) fprintf(stderr, "Seed %ld testing ...\n", calibration_idx);
         queue_entry->info->skip_entry = 1;
         if (afl_stage_run(in_memory_fuzzer->stage, queue_entry->input, false) == AFL_RET_SUCCESS) {
 
+          // We want to clear from the virgin bits what is already in the seeds
+          afl_stage_is_interesting(in_memory_fuzzer->stage);
           queue_entry->info->skip_entry = 0;
 
         } else {
@@ -147,9 +149,9 @@ static afl_ret_t in_memory_fuzzer_initialize(afl_executor_t *executor) {
 
   if (calibration_idx == 0) {
 
-    fprintf(stderr, "Calibration checks done.\n");
     if (debug) {
 
+      fprintf(stderr, "Calibration checks done.\n");
       u32 i;
       fprintf(stderr, "%u seeds:\n", (u32)((afl_queue_t *)in_memory_fuzzer->global_queue)->entries_count);
       for (i = 0; i < (u32)((afl_queue_t *)in_memory_fuzzer->global_queue)->entries_count; i++) {

diff --git a/include/stage.h b/include/stage.h
@@ -47,6 +47,7 @@ struct afl_stage {
 };
 
 afl_ret_t afl_stage_run(afl_stage_t *, afl_input_t *, bool);
+float     afl_stage_is_interesting(afl_stage_t *);
 afl_ret_t afl_stage_perform(afl_stage_t *, afl_input_t *);
 size_t    afl_stage_get_iters(afl_stage_t *);
 afl_ret_t afl_stage_init(afl_stage_t *, afl_engine_t *);

diff --git a/src/stage.c b/src/stage.c
@@ -101,6 +101,22 @@ afl_ret_t afl_stage_run(afl_stage_t *stage, afl_input_t *input, bool overwrite)
 
 }
 
+float afl_stage_is_interesting(afl_stage_t *stage) {
+
+  float interestingness = 0.0f;
+
+  afl_feedback_t **feedbacks = stage->engine->feedbacks;
+  size_t           j;
+  for (j = 0; j < stage->engine->feedbacks_count; ++j) {
+
+    interestingness += feedbacks[j]->funcs.is_interesting(feedbacks[j], stage->engine->executor);
+
+  }
+
+  return interestingness;
+
+}
+
 /* Perform default for fuzzing stage */
 afl_ret_t afl_stage_perform(afl_stage_t *stage, afl_input_t *input) {
 
@@ -145,14 +161,7 @@ afl_ret_t afl_stage_perform(afl_stage_t *stage, afl_input_t *input) {
     afl_ret_t ret = afl_stage_run(stage, copy, true);
 
     /* Let's collect some feedback on the input now */
-    bool interestingness = 0.0f;
-
-    afl_feedback_t **feedbacks = stage->engine->feedbacks;
-    for (j = 0; j < stage->engine->feedbacks_count; ++j) {
-
-      interestingness += feedbacks[j]->funcs.is_interesting(feedbacks[j], stage->engine->executor);
-
-    }
+    float interestingness = afl_stage_is_interesting(stage);
 
     if (interestingness >= 0.5) {