CAFA1
commented
6 years ago Just read the code. Angr will send the new input to the directory(/dev/shm/work/"your own test_binary"/sync/driller/queue/ ). Driller set a timer. When the timer triggers, the angr will do offline symbolic execution on the test_binary with the queue input of the AFL. Until Angr has tested all the inputs in the queue, angr will stop.
Hi guys, I'm stuck in a question how driller controls angr. As my understanding after AFL get stuck it will invokes Angr in order to give the AFL new interesting input. But here, I don't know the exactly when Angr stops and give the new input. Do you guys just let the Angr run till it can't find new path? Or do u limit how far Angr can go to prevent Angr go through the function that can makes path explosion? I tried to read ur paper but still can't understand this part. Thanks for the answer