Is there a way to run traditional AFL with afl-rb?

Question

Is there a way to run traditional AFL with afl-rb?

siddk opened this issue 7 years ago · 3 comments

I'm trying to benchmark some fuzzing runs with afl-rb, and traditional AFL (with the time penalty incurred by the branching code). As such, I was wondering if there was a way to get standard AFL behavior with AFL-rb.

It seems to me the -b option just turns off the masking... is there a feature that turns off the seed selection from the queue? If not, where might I add that code?

Thanks!

Answer 1 · 2018-06-12T19:35:54.000Z

Hmmm there is no easy way to run standard AFL.

What do you mean by "time penalty incurred by the branching code"? Do you mean keeping the count of how many inputs have hit each branch?

Answer 2 · 2018-06-12T19:46:31.000Z

Sorry - I meant the time penalty incurred by the inserted branch masking code (you mention that the -b option will incur unecessary slowdown, which is what I want for a "fair" comparison).

I started digging around your code - if I add an extra command line argument, holding a bool, and switch "off" the part of your code that decrements your variable "vanilla_afl," that should work, right? In addition to the -b option?

Answer 3 · 2018-06-12T20:22:17.000Z

Yes, removing the vanilla_afl decrement should work!