https://github.com/adrianherrera/afl-ngram-pass

An LLVM-based implementation of n-gram branch coverage for AFL
https://github.com/adrianherrera/afl-ngram-pass

afl fuzzing llvm

Last synced: 3 months ago
JSON representation

An LLVM-based implementation of n-gram branch coverage for AFL

• Host: GitHub
• URL: https://github.com/adrianherrera/afl-ngram-pass
• Owner: adrianherrera
• License: apache-2.0
• Created: 2019-09-29T01:15:29.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2020-05-06T05:49:50.000Z (about 6 years ago)
• Last Synced: 2025-06-20T09:06:13.488Z (12 months ago)
• Topics: afl, fuzzing, llvm
• Language: C++
• Size: 32.2 KB
• Stars: 13
• Watchers: 3
• Forks: 9
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# AFL N-Gram Branch Coverage

This is an LLVM-based implementation of the n-gram branch coverage proposed in

the paper ["Be Sensitive and Collaborative: Analzying Impact of Coverage Metrics

in Greybox Fuzzing"](https://www.usenix.org/system/files/raid2019-wang-jinghan.pdf),

by Jinghan Wang, et. al.

Note that the original implementation (available

[here](https://github.com/bitsecurerlab/afl-sensitive)) is built on top of AFL's

QEMU mode. This is essentially a port that uses LLVM vectorized instructions to

achieve the same results when compiling source code.

## Usage

Simply copy the source files from **either** `circular-buf` or `vectorized` into

AFL's `llvm_mode` directory and build `afl-clang-fast` as normal.

The size of `n` (i.e., the number of branches to remember) is an option that can

be specified in the `AFL_NGRAM_SIZE` environment variable.