|
12 | 12 |
|
13 | 13 | # Remove the state machine building process |
14 | 14 | * Disable option `-E` disable the state machine building and selection of state to fuzz |
15 | | - - [ ] follow the boolean variable `state_aware_mode` |
| 15 | + - [x] follow the boolean variable `state_aware_mode` |
16 | 16 | * In `int main(int argc, char** argv)`: |
17 | 17 | - [/] ~remove `check_aslr()` call~ |
18 | 18 | * In `int setup_ipsm()`: |
|
23 | 23 | - [ ] remove records of new paths |
24 | 24 | * In `EXP_ST u8 common_fuzz_stuff(char** argv, u8* out_buf, u32 len)`: |
25 | 25 | - [ ] remove the AFLNet update of `kl_messages` linked list |
26 | | - - [ ] remove `update_fuzzs()` call |
| 26 | + - [x] remove `update_fuzzs()` call |
27 | 27 |
|
28 | 28 | # Build a very simple state list from the seeds files |
29 | 29 | * In `static void perform_dry_run(char** argv)`: |
30 | | - - [ ] build message from *replay* format (see StateAFL) |
| 30 | + - [x] build message from *replay* format (see StateAFL) |
31 | 31 | * In `void update_state_aware_variables(struct queue_entry *q, u8 dry_run)` |
32 | | - - [ ] build a simple state list only if it is a *dry run* |
33 | | - - [ ] otherwise do nothing |
34 | | -* The hash map `khms_states` should be this list |
35 | | - - [ ] initialize it in `update_state_aware_variables` in *dry run* mode |
36 | | - - [ ] never update it after the initialisation |
| 32 | + - [x] replace by `void create_new_state(struct queue_entry *q)` only called on *dry run* |
| 33 | +* The hash map `khms_states` should be the list containing the initial states (only) |
| 34 | + - [x] initialize it in `create_new_state` in *dry run* mode |
| 35 | + - [x] never update it after the initialisation |
37 | 36 | * The type `region_t` should not contain state related stuff (in file `aflnet.h`) |
38 | 37 |
|
39 | 38 | # Select the messages to mutate directly from the seeds files |
40 | | -* In `struct queue_entry *choose_seed(u32 target_state_id, u8 mode)` |
41 | | - - [ ] build a `queue_entry` from the seed file corresponding to the state given as argument |
42 | 39 | * In `static u8 fuzz_one(char** argv)` after the flag `AFLNET_REGIONS_SELECTION` |
43 | | - - [ ] retrieve the M2 part of the messages from the file `length-seed.state[X]` instead of the region information |
44 | | - |
| 40 | + - [x] retrieve the M2 part of the messages from the file `seed-stateXX.length` instead of the region information |
| 41 | +* In `static void read_testcases(void)` |
| 42 | + - [x] retrieve the M2 part of the messages from the file `seed-stateXX.length` |
45 | 43 |
|
46 | 44 | # Select the states in a round-robin fashion (or any other "fair" selection) |
47 | 45 | * In the function `choose_target_state` |
|
0 commit comments