Skip to content

CAPCOMIN/MutatorStudy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
dictionaries
dictionaries
 
 
docs
docs
 
 
experimental
experimental
 
 
libdislocator
libdislocator
 
 
libtokencap
libtokencap
 
 
llvm_mode
llvm_mode
 
 
qemu_mode
qemu_mode
 
 
testcases
testcases
 
 
tutorials
tutorials
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README-AFL.md
README-AFL.md
 
 
README-AFLNet.md
README-AFLNet.md
 
 
README.md
README.md
 
 
afl-analyze.c
afl-analyze.c
 
 
afl-as.c
afl-as.c
 
 
afl-as.h
afl-as.h
 
 
afl-cmin
afl-cmin
 
 
afl-fuzz.c
afl-fuzz.c
 
 
afl-gcc.c
afl-gcc.c
 
 
afl-gotcpu.c
afl-gotcpu.c
 
 
afl-plot
afl-plot
 
 
afl-replay.c
afl-replay.c
 
 
afl-showmap.c
afl-showmap.c
 
 
afl-tmin.c
afl-tmin.c
 
 
afl-whatsup
afl-whatsup
 
 
aflnet-replay.c
aflnet-replay.c
 
 
aflnet.c
aflnet.c
 
 
aflnet.h
aflnet.h
 
 
alloc-inl.h
alloc-inl.h
 
 
android-ashmem.h
android-ashmem.h
 
 
config.h
config.h
 
 
debug.h
debug.h
 
 
hash.h
hash.h
 
 
khash.h
khash.h
 
 
klist.h
klist.h
 
 
test-instr.c
test-instr.c
 
 
test-libfuzzer-target.c
test-libfuzzer-target.c
 
 
types.h
types.h
 
 

Repository files navigation

Artifact

This repository contains the artifact accompanying our paper, including the source code of an extended version of AFLNet with support for configurable mutator switches. These switches allow fine-grained control over mutator categories and splicing during fuzzing.

📂 Repository Contents

  • The source code of extended AFLNet modified to support mutator switches.

  • Experimental Outputs (Link): The raw output from our experiments as presented in the paper.

    Note: The uncompressed dataset occupies approximately 300 GB of disk space.

🚀 Mutator Switches

We introduce two command-line options to selectively enable or disable categories of havoc mutators in AFLNet:

  • -U<bitstring> — controls mutation type categories.
  • -A<bitstring> — controls mutation granularity categories.

Only one of these options can be used in a single fuzzing run. Using both -U and -A simultaneously is not allowed.

Each <bitstring> is a sequence of 1s and 0s, with each bit (from right to left) representing whether a specific category is enabled (1) or disabled (0).

🔹 Mutation Type Categories (-U option)

The bitstring for -U controls the following 8 mutation type categories, from right to left:

Bit Position Category Name
0 (LSB) TBitflip
1 TInteresting
2 TArithmetic
3 TRandomByte
4 TDelete
5 TBlockDup
6 TToken
7 (MSB) TRegion

Example:

  • -U11111111 enables all mutation type categories.
  • -U10000000 enables only the TRegion category.

🔸 Mutation Granularity Categories (-A option)

The bitstring for -A controls the following 5 mutation granularity categories, again from right to left:

Bit Position Category Name
0 (LSB) GBit
1 GByte
2 GWord
3 GDword
4 (MSB) GS

Example:

  • -A00001 enables only GBit category.

Disabling Splicing

To disable splicing during fuzzing, simply add the -H option.

🔧 Usage

Other than the added mutator switches, the usage of this AFLNet version remains identical to the original AFLNet.

For details on how to use AFLNet, please refer to README-AFLNet.md included in this repository.

📜 License

This artifact is licensed under the Apache License 2.0.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages