From 49d1b18010407fe7932b86c0b700499f0ee0c0d4 Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Tue, 26 Nov 2024 17:10:31 +0100 Subject: [PATCH] Fix negative stability (#2731) * fix * FMT --- fuzzers/baby/baby_fuzzer/src/main.rs | 2 +- libafl/src/stages/calibrate.rs | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/fuzzers/baby/baby_fuzzer/src/main.rs b/fuzzers/baby/baby_fuzzer/src/main.rs index 02a695f296..c98b028026 100644 --- a/fuzzers/baby/baby_fuzzer/src/main.rs +++ b/fuzzers/baby/baby_fuzzer/src/main.rs @@ -9,7 +9,7 @@ use libafl::monitors::SimpleMonitor; use libafl::{ corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, - executors::{InProcessExecutor, ExitKind}, + executors::{ExitKind, InProcessExecutor}, feedbacks::{CrashFeedback, MaxMapFeedback}, fuzzer::{Fuzzer, StdFuzzer}, generators::RandPrintablesGenerator, diff --git a/libafl/src/stages/calibrate.rs b/libafl/src/stages/calibrate.rs index f520f2f1d9..c138758e16 100644 --- a/libafl/src/stages/calibrate.rs +++ b/libafl/src/stages/calibrate.rs @@ -329,15 +329,19 @@ where map_first_filled_count, 0, "The map's filled count must never be 0" ); + // In theory `map_first_filled_count - unstable_entries` could be negative. + // Because `map_first_filled_count` is the filled count of just one single run. + // While the `unstable_entries` is the number of all the unstable entries across multiple runs. + // If the target is very unstable (~100%) then this would hit more edges than `map_first_filled_count`. + // But even in that case, we don't allow negative stability and just show 0% here. + let stable_count: u64 = + map_first_filled_count.saturating_sub(unstable_entries) as u64; mgr.fire( state, Event::UpdateUserStats { name: Cow::from("stability"), value: UserStats::new( - UserStatsValue::Ratio( - (map_first_filled_count - unstable_entries) as u64, - map_first_filled_count as u64, - ), + UserStatsValue::Ratio(stable_count, map_first_filled_count as u64), AggregatorOps::Avg, ), phantom: PhantomData,