You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Good morning,
I have question regarding the paper. More precisely: monitoring thread.
Lets assume there are two base fuzzers: A and B. Monitor try to sync some seed s. It checks coverage with A, update GlobalCover (!) and push the seed to A queue. Then checks coverage with B. It is most probably exactly the same as for fuzzer A (because for example both A and B are afl-based fuzzers). So newCover is empty and s will not be pushed to B queue.
It my understanding of the monitor algorithm correct? If yes, is the algorithm correct? Because intuitively we want diverse fuzzers to share that seed s. It should be fuzzed by both A and B as they may implement different mutations for example.
In other words, shouldn't GlobalCover be per-fuzzer variable (each fuzzer's coverage would be kept by monitor). Or if we really want to push s to only one fuzzer at a loop iteration (sync cycle), then in the next cycle it should be pushed again, but to different fuzzer maybe?
The text was updated successfully, but these errors were encountered:
Good morning,
I have question regarding the paper. More precisely: monitoring thread.
Lets assume there are two base fuzzers:
AandB. Monitor try to sync some seeds. It checks coverage withA, updateGlobalCover(!) and push the seed toAqueue. Then checks coverage withB. It is most probably exactly the same as for fuzzerA(because for example bothAandBare afl-based fuzzers). SonewCoveris empty andswill not be pushed toBqueue.It my understanding of the monitor algorithm correct? If yes, is the algorithm correct? Because intuitively we want diverse fuzzers to share that seed
s. It should be fuzzed by bothAandBas they may implement different mutations for example.In other words, shouldn't
GlobalCoverbe per-fuzzer variable (each fuzzer's coverage would be kept by monitor). Or if we really want to pushsto only one fuzzer at a loop iteration (sync cycle), then in the next cycle it should be pushed again, but to different fuzzer maybe?The text was updated successfully, but these errors were encountered: