fuzzbench icon indicating copy to clipboard operation
fuzzbench copied to clipboard
verified publisher icon google

Add a new fuzzer aflchurn

Open RosenZhu opened this issue 4 years ago • 6 comments

Add a new fuzzer AFLChurn.

AFLChurn is a regression greybox fuzzer that focusses on code that is changed more recently or more frequently. In our empirical study on bugs in OSSFuzz, we found that every four in five bugs reported in OSSFuzz are introduced by recent changes, so called regressions. Unlike a directed fuzzer, AFLChurn is not directed towards a single recent commit. Instead, it uses the entire commit history of a project to steer the fuzzing efforts towards code regions where such regressions may lurk. For AFLChurn, ever basic block (BB) is a target. However, some BBs have more and others less weight. Specifically, executed BBs that are changed more recently or more frequently will contribute a greater weight towards the power schedule of AFLChurn.

When add a new benchmark for AFLChurn, remove --depth 1 to enable the analysis of commit history.

RosenZhu avatar Jul 09 '21 03:07 RosenZhu

Thanks @RosenZhu We can't run any new experiments until next week because we need the cores for our own experiments. I'll get back to you when we can run this.

jonathanmetzman avatar Jul 09 '21 18:07 jonathanmetzman

Hi @inferno-chromium , I fix the previous issues, and use the functions defined in afl/fuzzer.py as many as possible.

RosenZhu avatar Jul 23 '21 04:07 RosenZhu

ooo today. @jonathanmetzman / @laurentsimon can one of you review this.

inferno-chromium avatar Jul 23 '21 14:07 inferno-chromium

Hi, all. Is there anything I need to fix?

RosenZhu avatar Aug 04 '21 11:08 RosenZhu