fuzzbench icon indicating copy to clipboard operation
fuzzbench copied to clipboard
verified publisher icon google

LibAFL: scoped coverage experiment

Open addisoncrump opened this issue 2 years ago • 1 comments

Attempting to address or partially resolve a coverage information gap described by Marc Heuse regarding libwebp (cc @vanhauser-thc, you might be interested).

Namely, this implements "scoped" coverage -- the coverage of edges constrained to an observable scope (in this case, stack depth). This allows us to effectively measure the number of times in which a block is executed during a function call, only for that exact frame (i.e. uses of that block in callees do not contribute to this count).

The current implementation does not scope for nested loops, only for function calls; this could potentially be implemented using e.g. sancov's CFG pass to identify cycles, but this will get expensive fast.

Please run this experiment with just libafl and libafl_scoped_cov, provided in this PR.

addisoncrump avatar Dec 14 '23 09:12 addisoncrump

/gcbrun run_experiment.py -a --experiment-config /opt/fuzzbench/service/experiment-config.yaml --experiment-name 2023-12-14-libafl --fuzzers libafl libafl_scoped_cov

vanhauser-thc avatar Dec 14 '23 18:12 vanhauser-thc