search

Tricker-z / CoFuzz

ICSE'23 - CoFuzz: Coordinated hybrid fuzzing framework with advanced coordination mode
Apache License 2.0
45 stars 6 forks source link

Shouldn't the environment variable AFL_RAND_SEED always be set to a fixed value? #7

Closed yiyuaner closed 7 months ago

yiyuaner commented 7 months ago

Hi, I have a question regarding the random ID associated with basic blocks.

Each basicblock is associated with a random ID in the following three binary: readelf_afl, readelf_cohuzz, readelf_trace. I think the same basicblock should be assigned the same ID across all of the three binaries. That is, fuzzer/llvm_mode/afl-llvm-pass.so.cc, trace/trace-pass.so.cc, and third_party/concolic/compiler/Pass.cpp should share the same random seed.

Otherwise there exists discrepancies when readelf_cohuzz tries to crack an edge (src_id, dst_id) output by readelf_trace, as (src_id, dst_id)may refer to a different edge in readelf_cohuzz.

yiyuaner commented 7 months ago

If srand is not called, rand acts as if srand(1) has been called.

No problems here, my bad:)