Cornelius Aschermann
Cornelius Aschermann
Just to avoid flaming: The idea is to sample a very small percentage of the inputs during fuzzing.
exactly & relative frequency of the areas explored.
Like @aflgo said, initially it was meant to be about the difference in frequency. Which is stronger than difference in coverage. The downside is that it requires additional changes to...
For the record: While super cool to watch, I don't think that kind of visualization (cookie dough) will help to understand the performance of fuzzers on real programs - We...
It's certainly nontrivial to predict this from the queue... you will at least also need to know how often the seed where mutated. And even then you will probably only...
Sweet! This is exactly the kind of plot I was thinking of! The differences between hongg fuzz and AFL are pretty big (in terms of coverage reached overall) but I...
hmm that means that early basic blocks will be under represented, as they are found in a few inputs, but where ran a lot of times. And basic blocks that...
Is there a way to access this data? I wonder if it would be helpful to display how often the losing fuzzer covered the same basic block. So you can...
> This should already be visible. For any BB where the line is below 0 (i.e., AFL is the losing fuzzer), blue indicates log10(hits + 1) for AFL. Yes, in...
We implemented something similar for our concept debugger Schem: https://github.com/hexgolems/schem We have a relatively complete list of opcode alt texts for x86 here: https://github.com/hexgolems/schem/blob/master/controller/lib/x86_instr_desc.txt We simply implemented a hover text...