LibAFL icon indicating copy to clipboard operation
LibAFL copied to clipboard
verified publisher icon AFLplusplus

GeneralizationStage takes an unreasonably long time

Open addisoncrump opened this issue 2 years ago • 1 comments

While testing GeneralizationStage in libafl_libfuzzer, we observed that some inputs may take exceedingly long amounts of time to be generalized. This is due to two issues:

  • [ ] GeneralizationStage cannot recover if a solution causes a crash or timeout, meaning that the fuzzer may never be able to complete a stage tuple execution for an input which has this behaviour (related: #1341)
  • [ ] GeneralizationStage attempts to execute the input between every gap discovered in the input for whether it removes the most-recently-novel edges. This can mean tens of thousands of executions spent on generalization, only to squeeze out a few more inputs that might trigger new edges.

We should investigate if we can improve its performance or switch to other strategies (see: #1542).

addisoncrump avatar Sep 22 '23 21:09 addisoncrump

I can confirm that this is still an issue!

s1341 avatar Jan 07 '24 15:01 s1341