New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conflict between ngram implementation and comments #1048
Comments
Also, I noticed that the ngram implementation is borrowed from here, which is also contradictory to the comment |
@Kyle-Kyle yes true. I basically just ripped the code from that repo :) |
Hi all, Yes, I have noticed this contradiction also :) As you noted, the implementation is largely taken from the qemu version implemented for the "be sensitive and collaborative" paper. And yes, this implementation does not strictly follow what is written in the paper (which is where my comment quotes from). So I just picked the same implementation (because that's what I was evaluating at the time). Not sure what the correct answer is, or even if it matters. |
If the original implementation is like this and it has been evaluated, I think it is fine we keep it as it is. |
I think I see an issue. |
This issue persists even with the left shift because
|
I think why it was not done like it was described in the paper is that left shift does not work. the map size is not necessarily 2^16, it can also be e.g. 2^15 if changed in config.h. a left shift + xor will result in values larger than the map and hence results in a crash. so it would need |
Yeah what you say makes sense. It could also just be a mistake :) I will contact the authors and see what their reason is, because I am very curious to know! |
Any news on this? Can the issue be closed or will we change the impl? |
* update commit ids * new experiment, new variant * new changes to cmplog and schedule * update cmplog, try notrim * cmplog combine variant * fix wrong commit * new cmplog experiment * new commit ids * remove cmplog debug output * new experiment * new cmplog variants, new experiment * fix builder files * default level for cmplog * fix for older afl++ * fix lint * one day I might learn python * weizz does not support the new option * final fixes * fix merge conflict * fix fuzzer.py * fix presubmit hopefully * remove libaflfuzzer * resubmit failed experiment Co-authored-by: Abhishek Arya <inferno@chromium.org>
currently looking at this and to me it looks like the << 1 is there, however when saving the prev_loc, not when using it?
|
It looks like there is some conflict between the implementation and the comments about ngram.
According to the comment:
It should be
(prev_block_trans << 1) ^ curr_block_trans
. But in the implementation, the<< 1
part is missing.In normal cases,
PrevLoc
stores previouscurr_loc << 1
andPrevLocTrans = PrevLoc;
, which meansPrevLocTrans
has<< 1
already in edge coverage. But this is forgotten in ngram, making the algorithmprev_block_trans ^ curr_block_trans
The text was updated successfully, but these errors were encountered: