From 034a4870e273963f35e66065cc0d3e9ffa976777 Mon Sep 17 00:00:00 2001 From: Dongjia Zhang Date: Sun, 3 Apr 2022 09:25:59 +0900 Subject: [PATCH] Set the number of stacked mutations in MOpt mutator (#587) * max_stack_pow * fix * fix * fmt * rename --- fuzzers/baby_fuzzer_gramatron/src/main.rs | 2 +- fuzzers/baby_fuzzer_grimoire/src/main.rs | 4 ++-- fuzzers/baby_fuzzer_nautilus/src/main.rs | 2 +- fuzzers/baby_fuzzer_tokens/src/main.rs | 2 +- fuzzers/fuzzbench/src/lib.rs | 7 ++++++- fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs | 7 ++++++- fuzzers/fuzzbench_qemu/src/fuzzer.rs | 7 ++++++- fuzzers/fuzzbench_text/src/lib.rs | 16 +++++++++++++--- fuzzers/fuzzbench_weighted/src/lib.rs | 7 ++++++- libafl/src/mutators/mopt_mutator.rs | 11 +++++++++-- libafl/src/mutators/scheduled.rs | 10 +++++----- 11 files changed, 56 insertions(+), 19 deletions(-) diff --git a/fuzzers/baby_fuzzer_gramatron/src/main.rs b/fuzzers/baby_fuzzer_gramatron/src/main.rs index 46e304f225..6008bcf3f1 100644 --- a/fuzzers/baby_fuzzer_gramatron/src/main.rs +++ b/fuzzers/baby_fuzzer_gramatron/src/main.rs @@ -145,7 +145,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_iterations( + let mutator = StdScheduledMutator::with_max_stack_pow( tuple_list!( GramatronRandomMutator::new(&generator), GramatronRandomMutator::new(&generator), diff --git a/fuzzers/baby_fuzzer_grimoire/src/main.rs b/fuzzers/baby_fuzzer_grimoire/src/main.rs index fd83e92fcf..b01165fcfb 100644 --- a/fuzzers/baby_fuzzer_grimoire/src/main.rs +++ b/fuzzers/baby_fuzzer_grimoire/src/main.rs @@ -145,8 +145,8 @@ pub fn main() { .expect("Failed to create the Executor"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_iterations(havoc_mutations(), 2); - let grimoire_mutator = StdScheduledMutator::with_max_iterations( + let mutator = StdScheduledMutator::with_max_stack_pow(havoc_mutations(), 2); + let grimoire_mutator = StdScheduledMutator::with_max_stack_pow( tuple_list!( GrimoireExtensionMutator::new(), GrimoireRecursiveReplacementMutator::new(), diff --git a/fuzzers/baby_fuzzer_nautilus/src/main.rs b/fuzzers/baby_fuzzer_nautilus/src/main.rs index 997caf48c1..baf0699cd9 100644 --- a/fuzzers/baby_fuzzer_nautilus/src/main.rs +++ b/fuzzers/baby_fuzzer_nautilus/src/main.rs @@ -141,7 +141,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_iterations( + let mutator = StdScheduledMutator::with_max_stack_pow( tuple_list!( NautilusRandomMutator::new(&context), NautilusRandomMutator::new(&context), diff --git a/fuzzers/baby_fuzzer_tokens/src/main.rs b/fuzzers/baby_fuzzer_tokens/src/main.rs index 6a0b94b603..8429db3f67 100644 --- a/fuzzers/baby_fuzzer_tokens/src/main.rs +++ b/fuzzers/baby_fuzzer_tokens/src/main.rs @@ -116,7 +116,7 @@ pub fn main() { .expect("Failed to create the Executor"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_iterations(encoded_mutations(), 2); + let mutator = StdScheduledMutator::with_max_stack_pow(encoded_mutations(), 2); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); println!("Decoder {:?} ...", &encoder_decoder); diff --git a/fuzzers/fuzzbench/src/lib.rs b/fuzzers/fuzzbench/src/lib.rs index ea66b95e2b..42049f52f1 100644 --- a/fuzzers/fuzzbench/src/lib.rs +++ b/fuzzers/fuzzbench/src/lib.rs @@ -306,7 +306,12 @@ fn fuzz( let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); // Setup a MOPT mutator - let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?; + let mutator = StdMOptMutator::new( + &mut state, + havoc_mutations().merge(tokens_mutations()), + 7, + 5, + )?; let power = StdPowerMutationalStage::new(&mut state, mutator, &edges_observer, PowerSchedule::FAST); diff --git a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs index 0f5e74c471..5c1a5593f9 100644 --- a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs @@ -277,7 +277,12 @@ fn fuzz( let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); // Setup a MOPT mutator - let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?; + let mutator = StdMOptMutator::new( + &mut state, + havoc_mutations().merge(tokens_mutations()), + 7, + 5, + )?; let power = StdPowerMutationalStage::new(&mut state, mutator, &edges_observer, PowerSchedule::FAST); diff --git a/fuzzers/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_qemu/src/fuzzer.rs index 8b55bfa9b7..6a4985397b 100644 --- a/fuzzers/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_qemu/src/fuzzer.rs @@ -290,7 +290,12 @@ fn fuzz( let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); // Setup a MOPT mutator - let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?; + let mutator = StdMOptMutator::new( + &mut state, + havoc_mutations().merge(tokens_mutations()), + 7, + 5, + )?; let power = StdPowerMutationalStage::new(&mut state, mutator, &edges_observer, PowerSchedule::FAST); diff --git a/fuzzers/fuzzbench_text/src/lib.rs b/fuzzers/fuzzbench_text/src/lib.rs index 7c25070c08..44ada277e7 100644 --- a/fuzzers/fuzzbench_text/src/lib.rs +++ b/fuzzers/fuzzbench_text/src/lib.rs @@ -367,7 +367,12 @@ fn fuzz_binary( let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); // Setup a MOPT mutator - let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?; + let mutator = StdMOptMutator::new( + &mut state, + havoc_mutations().merge(tokens_mutations()), + 7, + 5, + )?; let power = StdPowerMutationalStage::new(&mut state, mutator, &edges_observer, PowerSchedule::FAST); @@ -572,12 +577,17 @@ fn fuzz_text( let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); // Setup a MOPT mutator - let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?; + let mutator = StdMOptMutator::new( + &mut state, + havoc_mutations().merge(tokens_mutations()), + 7, + 5, + )?; let power = StdPowerMutationalStage::new(&mut state, mutator, &edges_observer, PowerSchedule::FAST); - let grimoire_mutator = StdScheduledMutator::with_max_iterations( + let grimoire_mutator = StdScheduledMutator::with_max_stack_pow( tuple_list!( GrimoireExtensionMutator::new(), GrimoireRecursiveReplacementMutator::new(), diff --git a/fuzzers/fuzzbench_weighted/src/lib.rs b/fuzzers/fuzzbench_weighted/src/lib.rs index 8b37c44367..833dcf4a1c 100644 --- a/fuzzers/fuzzbench_weighted/src/lib.rs +++ b/fuzzers/fuzzbench_weighted/src/lib.rs @@ -306,7 +306,12 @@ fn fuzz( let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); // Setup a MOPT mutator - let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?; + let mutator = StdMOptMutator::new( + &mut state, + havoc_mutations().merge(tokens_mutations()), + 7, + 5, + )?; let power = StdPowerMutationalStage::new(&mut state, mutator, &edges_observer, PowerSchedule::FAST); diff --git a/libafl/src/mutators/mopt_mutator.rs b/libafl/src/mutators/mopt_mutator.rs index 377d0f6580..45badd8c0f 100644 --- a/libafl/src/mutators/mopt_mutator.rs +++ b/libafl/src/mutators/mopt_mutator.rs @@ -369,6 +369,7 @@ where mode: MOptMode, finds_before: usize, mutations: MT, + max_stack_pow: u64, phantom: PhantomData<(I, S)>, } @@ -531,7 +532,12 @@ where S: HasRand + HasMetadata + HasCorpus + HasSolutions, { /// Create a new [`StdMOptMutator`]. - pub fn new(state: &mut S, mutations: MT, swarm_num: usize) -> Result { + pub fn new( + state: &mut S, + mutations: MT, + max_stack_pow: u64, + swarm_num: usize, + ) -> Result { if !state.has_metadata::() { state.add_metadata::(MOpt::new(mutations.len(), swarm_num)?); } @@ -539,6 +545,7 @@ where mode: MOptMode::Pilotfuzzing, finds_before: 0, mutations, + max_stack_pow, phantom: PhantomData, }) } @@ -637,7 +644,7 @@ where { /// Compute the number of iterations used to apply stacked mutations fn iterations(&self, state: &mut S, _: &I) -> u64 { - 1 << (1 + state.rand_mut().below(6)) + 1 << (1 + state.rand_mut().below(self.max_stack_pow)) } /// Get the next mutation to apply diff --git a/libafl/src/mutators/scheduled.rs b/libafl/src/mutators/scheduled.rs index 92fd4fb415..49f1002fd1 100644 --- a/libafl/src/mutators/scheduled.rs +++ b/libafl/src/mutators/scheduled.rs @@ -109,7 +109,7 @@ where S: HasRand, { mutations: MT, - max_iterations: u64, + max_stack_pow: u64, phantom: PhantomData<(I, S)>, } @@ -173,7 +173,7 @@ where { /// Compute the number of iterations used to apply stacked mutations fn iterations(&self, state: &mut S, _: &I) -> u64 { - 1 << (1 + state.rand_mut().below(self.max_iterations)) + 1 << (1 + state.rand_mut().below(self.max_stack_pow)) } /// Get the next mutation to apply @@ -193,16 +193,16 @@ where pub fn new(mutations: MT) -> Self { StdScheduledMutator { mutations, - max_iterations: 6, + max_stack_pow: 7, phantom: PhantomData, } } /// Create a new [`StdScheduledMutator`] instance specifying mutations and the maximun number of iterations - pub fn with_max_iterations(mutations: MT, max_iterations: u64) -> Self { + pub fn with_max_stack_pow(mutations: MT, max_stack_pow: u64) -> Self { StdScheduledMutator { mutations, - max_iterations, + max_stack_pow, phantom: PhantomData, } }