winafl icon indicating copy to clipboard operation
winafl copied to clipboard
verified publisher icon googleprojectzero

Remove test cases with a duplicate trace map

Open sgabe opened this issue 3 years ago • 3 comments

This PR is intended to somewhat improve the efficiency of fuzzing by marking test cases that have the same trace map as already fuzzed during the dry run stage.

sgabe avatar Jan 06 '22 20:01 sgabe

Hmm won't the code in https://github.com/googleprojectzero/winafl/blob/master/afl-fuzz.c#L3114 already take care of that, specifically won't the new_bits be zero in case where a sample with the same trace map was seen before?

ifratric avatar Jan 07 '22 16:01 ifratric

My understanding is that currently the user is only warned that some test cases look useless at the end of processing the input directory. The proposed change explicitly marks the bigger redundant case at the end of the dry run stage to be excluded from the seed corpus. Otherwise, it does not affect the fuzzing process, which is already taken care of, as redundant cases will not be added to the corpus.

sgabe avatar Jan 24 '22 15:01 sgabe

Understood! My question is, could this be integrated in the "main" loop of perform_dry_run and simply remove all testcases for which calibrate_case returns FAULT_NOBITS rather than doing two additional nested loops over the queue? Relying on FAULT_NOBITS would (AFAIK) also have a benefit of not only removing the testcases for which checksums are exactly the same (a relatively rare case) but also those where the sample covarerage is a subset of coverage seen so far in other samples.

ifratric avatar Jan 25 '22 13:01 ifratric