DonggeLiu
commented
4 years ago Yep, it does not distinguish multiple new states from one in each trace. For each trace of response codes, if it contains one new state/code, then that trace is new. If fuzzing a seed finds multiple traces, then we repeat it for each trace.
Looking at the current implementation (https://github.com/Alan32Liu/AFLNet_MCTS/blob/2945f1097223fab28ff81404f55121ba9d4d89be/MCTS/TreeNode.c#L445), I think Expansion does not take into account the cases in which response_codes list contains more than one new states/response codes. Am I right?