Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LibAFL: scoped coverage experiment #1932

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

LibAFL: scoped coverage experiment #1932

wants to merge 12 commits into from

Conversation

addisoncrump
Copy link
Contributor

Attempting to address or partially resolve a coverage information gap described by Marc Heuse regarding libwebp (cc @vanhauser-thc, you might be interested).

Namely, this implements "scoped" coverage -- the coverage of edges constrained to an observable scope (in this case, stack depth). This allows us to effectively measure the number of times in which a block is executed during a function call, only for that exact frame (i.e. uses of that block in callees do not contribute to this count).

The current implementation does not scope for nested loops, only for function calls; this could potentially be implemented using e.g. sancov's CFG pass to identify cycles, but this will get expensive fast.

Please run this experiment with just libafl and libafl_scoped_cov, provided in this PR.

@vanhauser-thc
Copy link
Collaborator

/gcbrun run_experiment.py -a --experiment-config /opt/fuzzbench/service/experiment-config.yaml --experiment-name 2023-12-14-libafl --fuzzers libafl libafl_scoped_cov

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@addisoncrump @vanhauser-thc @domenukk