Remove test cases with a duplicate trace map #359
Conversation
|
Hmm won't the code in https://github.com/googleprojectzero/winafl/blob/master/afl-fuzz.c#L3114 already take care of that, specifically won't the new_bits be zero in case where a sample with the same trace map was seen before? |
|
My understanding is that currently the user is only warned that some test cases look useless at the end of processing the input directory. The proposed change explicitly marks the bigger redundant case at the end of the dry run stage to be excluded from the seed corpus. Otherwise, it does not affect the fuzzing process, which is already taken care of, as redundant cases will not be added to the corpus. |
|
Understood! My question is, could this be integrated in the "main" loop of perform_dry_run and simply remove all testcases for which calibrate_case returns FAULT_NOBITS rather than doing two additional nested loops over the queue? Relying on FAULT_NOBITS would (AFAIK) also have a benefit of not only removing the testcases for which checksums are exactly the same (a relatively rare case) but also those where the sample covarerage is a subset of coverage seen so far in other samples. |
This PR is intended to somewhat improve the efficiency of fuzzing by marking test cases that have the same trace map as already fuzzed during the dry run stage.