1 /* Implementation of afl havoc mutation to be used in AFL++ custom mutators and
2 partially in afl-fuzz itself.
3
4 How to use:
5
6 #include "afl-mutations.h" // needs afl-fuzz.h
7
8 u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32t steps, bool is_text,
9 bool is_exploration, u8 *splice_buf, u32 splice_len,
10 u32 max_len);
11
12 Returns:
13 u32 - the length of the mutated data return in *buf. 0 = error
14 Parameters:
15 afl_state_t *afl - the *afl state pointer
16 u8 *buf - the input buffer to mutate which will be mutated into.
17 NOTE: must be able to contain a size of at least max_len!! (see below)
18 u32 len - the length of the input
19 u32 steps - how many mutations to perform on the input
20 bool is_text - is the target expecting text inputs
21 bool is_exploration - mutate for exploration mode (instead of exploitation)
22 splice_buf - a buffer from another corpus item to splice with.
23 If NULL then no splicing is done (obviously).
24 splice_len - the length of the splice buffer. If 0 then no splicing.
25 u32 max_len - the maximum size the mutated buffer may grow to
26 */
27
28 #ifndef AFL_MUTATIONS_H
29 #define AFL_MUTATIONS_H
30
31 #include <stdbool.h>
32 #include <inttypes.h>
33 #include "afl-fuzz.h"
34
35 #define MUT_STRATEGY_ARRAY_SIZE 256
36
37 enum {
38
39 /* 00 */ MUT_FLIPBIT,
40 /* 01 */ MUT_INTERESTING8,
41 /* 02 */ MUT_INTERESTING16,
42 /* 03 */ MUT_INTERESTING16BE,
43 /* 04 */ MUT_INTERESTING32,
44 /* 05 */ MUT_INTERESTING32BE,
45 /* 06 */ MUT_ARITH8_,
46 /* 07 */ MUT_ARITH8,
47 /* 08 */ MUT_ARITH16_,
48 /* 09 */ MUT_ARITH16BE_,
49 /* 10 */ MUT_ARITH16,
50 /* 11 */ MUT_ARITH16BE,
51 /* 12 */ MUT_ARITH32_,
52 /* 13 */ MUT_ARITH32BE_,
53 /* 14 */ MUT_ARITH32,
54 /* 15 */ MUT_ARITH32BE,
55 /* 16 */ MUT_RAND8,
56 /* 17 */ MUT_CLONE_COPY,
57 /* 18 */ MUT_CLONE_FIXED,
58 /* 19 */ MUT_OVERWRITE_COPY,
59 /* 20 */ MUT_OVERWRITE_FIXED,
60 /* 21 */ MUT_BYTEADD,
61 /* 22 */ MUT_BYTESUB,
62 /* 23 */ MUT_FLIP8,
63 /* 24 */ MUT_SWITCH,
64 /* 25 */ MUT_DEL,
65 /* 26 */ MUT_SHUFFLE,
66 /* 27 */ MUT_DELONE,
67 /* 28 */ MUT_INSERTONE,
68 /* 29 */ MUT_ASCIINUM,
69 /* 30 */ MUT_INSERTASCIINUM,
70 /* 31 */ MUT_EXTRA_OVERWRITE,
71 /* 32 */ MUT_EXTRA_INSERT,
72 /* 33 */ MUT_AUTO_EXTRA_OVERWRITE,
73 /* 34 */ MUT_AUTO_EXTRA_INSERT,
74 /* 35 */ MUT_SPLICE_OVERWRITE,
75 /* 36 */ MUT_SPLICE_INSERT,
76
77 MUT_MAX
78
79 };
80
81 #define MUT_TXT_ARRAY_SIZE 200
82 u32 text_array[MUT_TXT_ARRAY_SIZE] = {MUT_FLIPBIT,
83 MUT_FLIPBIT,
84 MUT_FLIPBIT,
85 MUT_FLIPBIT,
86 MUT_FLIPBIT,
87 MUT_FLIPBIT,
88 MUT_FLIPBIT,
89 MUT_FLIPBIT,
90 MUT_INTERESTING8,
91 MUT_INTERESTING8,
92 MUT_INTERESTING8,
93 MUT_INTERESTING8,
94 MUT_INTERESTING16,
95 MUT_INTERESTING16,
96 MUT_INTERESTING16BE,
97 MUT_INTERESTING16BE,
98 MUT_INTERESTING32,
99 MUT_INTERESTING32,
100 MUT_INTERESTING32BE,
101 MUT_INTERESTING32BE,
102 MUT_ARITH8_,
103 MUT_ARITH8_,
104 MUT_ARITH8_,
105 MUT_ARITH8_,
106 MUT_ARITH8_,
107 MUT_ARITH8_,
108 MUT_ARITH8,
109 MUT_ARITH8,
110 MUT_ARITH8,
111 MUT_ARITH8,
112 MUT_ARITH8,
113 MUT_ARITH8,
114 MUT_ARITH16_,
115 MUT_ARITH16_,
116 MUT_ARITH16_,
117 MUT_ARITH16_,
118 MUT_ARITH16_,
119 MUT_ARITH16BE_,
120 MUT_ARITH16BE_,
121 MUT_ARITH16BE_,
122 MUT_ARITH16BE_,
123 MUT_ARITH16BE_,
124 MUT_ARITH16,
125 MUT_ARITH16,
126 MUT_ARITH16,
127 MUT_ARITH16,
128 MUT_ARITH16,
129 MUT_ARITH16BE,
130 MUT_ARITH16BE,
131 MUT_ARITH16BE,
132 MUT_ARITH16BE,
133 MUT_ARITH16BE,
134 MUT_ARITH32_,
135 MUT_ARITH32_,
136 MUT_ARITH32_,
137 MUT_ARITH32_,
138 MUT_ARITH32_,
139 MUT_ARITH32BE_,
140 MUT_ARITH32BE_,
141 MUT_ARITH32BE_,
142 MUT_ARITH32BE_,
143 MUT_ARITH32BE_,
144 MUT_ARITH32,
145 MUT_ARITH32,
146 MUT_ARITH32,
147 MUT_ARITH32,
148 MUT_ARITH32,
149 MUT_ARITH32BE,
150 MUT_ARITH32BE,
151 MUT_ARITH32BE,
152 MUT_ARITH32BE,
153 MUT_ARITH32BE,
154 MUT_RAND8,
155 MUT_RAND8,
156 MUT_RAND8,
157 MUT_RAND8,
158 MUT_RAND8,
159 MUT_RAND8,
160 MUT_RAND8,
161 MUT_RAND8,
162 MUT_CLONE_COPY,
163 MUT_CLONE_COPY,
164 MUT_CLONE_COPY,
165 MUT_CLONE_COPY,
166 MUT_CLONE_COPY,
167 MUT_CLONE_COPY,
168 MUT_CLONE_COPY,
169 MUT_CLONE_COPY,
170 MUT_CLONE_COPY,
171 MUT_CLONE_COPY,
172 MUT_CLONE_COPY,
173 MUT_CLONE_COPY,
174 MUT_CLONE_COPY,
175 MUT_CLONE_COPY,
176 MUT_CLONE_COPY,
177 MUT_CLONE_COPY,
178 MUT_CLONE_FIXED,
179 MUT_CLONE_FIXED,
180 MUT_CLONE_FIXED,
181 MUT_CLONE_FIXED,
182 MUT_CLONE_FIXED,
183 MUT_CLONE_FIXED,
184 MUT_CLONE_FIXED,
185 MUT_CLONE_FIXED,
186 MUT_OVERWRITE_COPY,
187 MUT_OVERWRITE_COPY,
188 MUT_OVERWRITE_COPY,
189 MUT_OVERWRITE_COPY,
190 MUT_OVERWRITE_COPY,
191 MUT_OVERWRITE_COPY,
192 MUT_OVERWRITE_COPY,
193 MUT_OVERWRITE_COPY,
194 MUT_OVERWRITE_COPY,
195 MUT_OVERWRITE_COPY,
196 MUT_OVERWRITE_FIXED,
197 MUT_OVERWRITE_FIXED,
198 MUT_OVERWRITE_FIXED,
199 MUT_OVERWRITE_FIXED,
200 MUT_OVERWRITE_FIXED,
201 MUT_BYTEADD,
202 MUT_BYTEADD,
203 MUT_BYTEADD,
204 MUT_BYTEADD,
205 MUT_BYTEADD,
206 MUT_BYTESUB,
207 MUT_BYTESUB,
208 MUT_BYTESUB,
209 MUT_BYTESUB,
210 MUT_BYTESUB,
211 MUT_FLIP8,
212 MUT_FLIP8,
213 MUT_FLIP8,
214 MUT_FLIP8,
215 MUT_SWITCH,
216 MUT_SWITCH,
217 MUT_SWITCH,
218 MUT_SWITCH,
219 MUT_SWITCH,
220 MUT_SWITCH,
221 MUT_SWITCH,
222 MUT_DEL,
223 MUT_DEL,
224 MUT_DEL,
225 MUT_DEL,
226 MUT_DEL,
227 MUT_DEL,
228 MUT_DEL,
229 MUT_DEL,
230 MUT_DEL,
231 MUT_DEL,
232 MUT_EXTRA_OVERWRITE,
233 MUT_EXTRA_OVERWRITE,
234 MUT_EXTRA_OVERWRITE,
235 MUT_EXTRA_OVERWRITE,
236 MUT_EXTRA_OVERWRITE,
237 MUT_EXTRA_OVERWRITE,
238 MUT_EXTRA_OVERWRITE,
239 MUT_EXTRA_INSERT,
240 MUT_EXTRA_INSERT,
241 MUT_EXTRA_INSERT,
242 MUT_EXTRA_INSERT,
243 MUT_EXTRA_INSERT,
244 MUT_EXTRA_INSERT,
245 MUT_EXTRA_INSERT,
246 MUT_EXTRA_INSERT,
247 MUT_EXTRA_INSERT,
248 MUT_AUTO_EXTRA_OVERWRITE,
249 MUT_AUTO_EXTRA_OVERWRITE,
250 MUT_AUTO_EXTRA_OVERWRITE,
251 MUT_AUTO_EXTRA_OVERWRITE,
252 MUT_AUTO_EXTRA_INSERT,
253 MUT_AUTO_EXTRA_INSERT,
254 MUT_AUTO_EXTRA_INSERT,
255 MUT_AUTO_EXTRA_INSERT,
256 MUT_AUTO_EXTRA_INSERT,
257 MUT_SPLICE_OVERWRITE,
258 MUT_SPLICE_OVERWRITE,
259 MUT_SPLICE_OVERWRITE,
260 MUT_SPLICE_OVERWRITE,
261 MUT_SPLICE_OVERWRITE,
262 MUT_SPLICE_OVERWRITE,
263 MUT_SPLICE_OVERWRITE,
264 MUT_SPLICE_OVERWRITE,
265 MUT_SPLICE_OVERWRITE,
266 MUT_SPLICE_OVERWRITE,
267 MUT_SPLICE_OVERWRITE,
268 MUT_SPLICE_OVERWRITE,
269 MUT_SPLICE_INSERT,
270 MUT_SPLICE_INSERT,
271 MUT_SPLICE_INSERT,
272 MUT_SPLICE_INSERT,
273 MUT_SPLICE_INSERT,
274 MUT_SPLICE_INSERT,
275 MUT_SPLICE_INSERT,
276 MUT_SPLICE_INSERT,
277 MUT_SPLICE_INSERT,
278 MUT_SPLICE_INSERT,
279 MUT_SPLICE_INSERT,
280 MUT_SPLICE_INSERT,
281 MUT_SPLICE_INSERT};
282
283 #define MUT_BIN_ARRAY_SIZE 256
284 u32 binary_array[MUT_BIN_ARRAY_SIZE] = {MUT_FLIPBIT,
285 MUT_FLIPBIT,
286 MUT_FLIPBIT,
287 MUT_FLIPBIT,
288 MUT_FLIPBIT,
289 MUT_FLIPBIT,
290 MUT_FLIPBIT,
291 MUT_FLIPBIT,
292 MUT_FLIPBIT,
293 MUT_FLIPBIT,
294 MUT_FLIPBIT,
295 MUT_INTERESTING8,
296 MUT_INTERESTING8,
297 MUT_INTERESTING8,
298 MUT_INTERESTING8,
299 MUT_INTERESTING8,
300 MUT_INTERESTING8,
301 MUT_INTERESTING8,
302 MUT_INTERESTING8,
303 MUT_INTERESTING8,
304 MUT_INTERESTING16,
305 MUT_INTERESTING16,
306 MUT_INTERESTING16,
307 MUT_INTERESTING16,
308 MUT_INTERESTING16,
309 MUT_INTERESTING16,
310 MUT_INTERESTING16BE,
311 MUT_INTERESTING16BE,
312 MUT_INTERESTING16BE,
313 MUT_INTERESTING16BE,
314 MUT_INTERESTING16BE,
315 MUT_INTERESTING16BE,
316 MUT_INTERESTING32,
317 MUT_INTERESTING32,
318 MUT_INTERESTING32,
319 MUT_INTERESTING32,
320 MUT_INTERESTING32,
321 MUT_INTERESTING32,
322 MUT_INTERESTING32BE,
323 MUT_INTERESTING32BE,
324 MUT_INTERESTING32BE,
325 MUT_INTERESTING32BE,
326 MUT_INTERESTING32BE,
327 MUT_INTERESTING32BE,
328 MUT_ARITH8_,
329 MUT_ARITH8_,
330 MUT_ARITH8_,
331 MUT_ARITH8_,
332 MUT_ARITH8_,
333 MUT_ARITH8_,
334 MUT_ARITH8_,
335 MUT_ARITH8_,
336 MUT_ARITH8_,
337 MUT_ARITH8,
338 MUT_ARITH8,
339 MUT_ARITH8,
340 MUT_ARITH8,
341 MUT_ARITH8,
342 MUT_ARITH8,
343 MUT_ARITH8,
344 MUT_ARITH8,
345 MUT_ARITH8,
346 MUT_ARITH8,
347 MUT_ARITH16_,
348 MUT_ARITH16_,
349 MUT_ARITH16_,
350 MUT_ARITH16_,
351 MUT_ARITH16_,
352 MUT_ARITH16_,
353 MUT_ARITH16BE_,
354 MUT_ARITH16BE_,
355 MUT_ARITH16BE_,
356 MUT_ARITH16BE_,
357 MUT_ARITH16BE_,
358 MUT_ARITH16BE_,
359 MUT_ARITH16,
360 MUT_ARITH16,
361 MUT_ARITH16,
362 MUT_ARITH16,
363 MUT_ARITH16,
364 MUT_ARITH16,
365 MUT_ARITH16BE,
366 MUT_ARITH16BE,
367 MUT_ARITH16BE,
368 MUT_ARITH16BE,
369 MUT_ARITH16BE,
370 MUT_ARITH16BE,
371 MUT_ARITH32_,
372 MUT_ARITH32_,
373 MUT_ARITH32_,
374 MUT_ARITH32_,
375 MUT_ARITH32_,
376 MUT_ARITH32_,
377 MUT_ARITH32BE_,
378 MUT_ARITH32BE_,
379 MUT_ARITH32BE_,
380 MUT_ARITH32BE_,
381 MUT_ARITH32BE_,
382 MUT_ARITH32BE_,
383 MUT_ARITH32,
384 MUT_ARITH32,
385 MUT_ARITH32,
386 MUT_ARITH32,
387 MUT_ARITH32,
388 MUT_ARITH32,
389 MUT_ARITH32BE,
390 MUT_ARITH32BE,
391 MUT_ARITH32BE,
392 MUT_ARITH32BE,
393 MUT_ARITH32BE,
394 MUT_ARITH32BE,
395 MUT_RAND8,
396 MUT_RAND8,
397 MUT_RAND8,
398 MUT_RAND8,
399 MUT_RAND8,
400 MUT_RAND8,
401 MUT_RAND8,
402 MUT_RAND8,
403 MUT_RAND8,
404 MUT_CLONE_COPY,
405 MUT_CLONE_COPY,
406 MUT_CLONE_COPY,
407 MUT_CLONE_COPY,
408 MUT_CLONE_COPY,
409 MUT_CLONE_COPY,
410 MUT_CLONE_COPY,
411 MUT_CLONE_COPY,
412 MUT_CLONE_COPY,
413 MUT_CLONE_COPY,
414 MUT_CLONE_COPY,
415 MUT_CLONE_COPY,
416 MUT_CLONE_COPY,
417 MUT_CLONE_COPY,
418 MUT_CLONE_FIXED,
419 MUT_CLONE_FIXED,
420 MUT_CLONE_FIXED,
421 MUT_CLONE_FIXED,
422 MUT_CLONE_FIXED,
423 MUT_CLONE_FIXED,
424 MUT_CLONE_FIXED,
425 MUT_OVERWRITE_COPY,
426 MUT_OVERWRITE_COPY,
427 MUT_OVERWRITE_COPY,
428 MUT_OVERWRITE_COPY,
429 MUT_OVERWRITE_COPY,
430 MUT_OVERWRITE_COPY,
431 MUT_OVERWRITE_COPY,
432 MUT_OVERWRITE_COPY,
433 MUT_OVERWRITE_COPY,
434 MUT_OVERWRITE_COPY,
435 MUT_OVERWRITE_FIXED,
436 MUT_OVERWRITE_FIXED,
437 MUT_OVERWRITE_FIXED,
438 MUT_OVERWRITE_FIXED,
439 MUT_OVERWRITE_FIXED,
440 MUT_BYTEADD,
441 MUT_BYTEADD,
442 MUT_BYTEADD,
443 MUT_BYTEADD,
444 MUT_BYTEADD,
445 MUT_BYTEADD,
446 MUT_BYTESUB,
447 MUT_BYTESUB,
448 MUT_BYTESUB,
449 MUT_BYTESUB,
450 MUT_BYTESUB,
451 MUT_BYTESUB,
452 MUT_FLIP8,
453 MUT_FLIP8,
454 MUT_FLIP8,
455 MUT_FLIP8,
456 MUT_SWITCH,
457 MUT_SWITCH,
458 MUT_SWITCH,
459 MUT_SWITCH,
460 MUT_SWITCH,
461 MUT_SWITCH,
462 MUT_DEL,
463 MUT_DEL,
464 MUT_DEL,
465 MUT_DEL,
466 MUT_DEL,
467 MUT_DEL,
468 MUT_DEL,
469 MUT_DEL,
470 MUT_DEL,
471 MUT_EXTRA_OVERWRITE,
472 MUT_EXTRA_OVERWRITE,
473 MUT_EXTRA_OVERWRITE,
474 MUT_EXTRA_OVERWRITE,
475 MUT_EXTRA_OVERWRITE,
476 MUT_EXTRA_OVERWRITE,
477 MUT_EXTRA_OVERWRITE,
478 MUT_EXTRA_OVERWRITE,
479 MUT_EXTRA_OVERWRITE,
480 MUT_EXTRA_OVERWRITE,
481 MUT_EXTRA_INSERT,
482 MUT_EXTRA_INSERT,
483 MUT_EXTRA_INSERT,
484 MUT_EXTRA_INSERT,
485 MUT_EXTRA_INSERT,
486 MUT_EXTRA_INSERT,
487 MUT_EXTRA_INSERT,
488 MUT_EXTRA_INSERT,
489 MUT_EXTRA_INSERT,
490 MUT_EXTRA_INSERT,
491 MUT_EXTRA_INSERT,
492 MUT_EXTRA_INSERT,
493 MUT_AUTO_EXTRA_OVERWRITE,
494 MUT_AUTO_EXTRA_OVERWRITE,
495 MUT_AUTO_EXTRA_OVERWRITE,
496 MUT_AUTO_EXTRA_OVERWRITE,
497 MUT_AUTO_EXTRA_OVERWRITE,
498 MUT_AUTO_EXTRA_OVERWRITE,
499 MUT_AUTO_EXTRA_OVERWRITE,
500 MUT_AUTO_EXTRA_OVERWRITE,
501 MUT_AUTO_EXTRA_OVERWRITE,
502 MUT_AUTO_EXTRA_INSERT,
503 MUT_AUTO_EXTRA_INSERT,
504 MUT_AUTO_EXTRA_INSERT,
505 MUT_AUTO_EXTRA_INSERT,
506 MUT_AUTO_EXTRA_INSERT,
507 MUT_AUTO_EXTRA_INSERT,
508 MUT_AUTO_EXTRA_INSERT,
509 MUT_AUTO_EXTRA_INSERT,
510 MUT_AUTO_EXTRA_INSERT,
511 MUT_AUTO_EXTRA_INSERT,
512 MUT_AUTO_EXTRA_INSERT,
513 MUT_SPLICE_OVERWRITE,
514 MUT_SPLICE_OVERWRITE,
515 MUT_SPLICE_OVERWRITE,
516 MUT_SPLICE_OVERWRITE,
517 MUT_SPLICE_OVERWRITE,
518 MUT_SPLICE_OVERWRITE,
519 MUT_SPLICE_OVERWRITE,
520 MUT_SPLICE_OVERWRITE,
521 MUT_SPLICE_OVERWRITE,
522 MUT_SPLICE_OVERWRITE,
523 MUT_SPLICE_OVERWRITE,
524 MUT_SPLICE_OVERWRITE,
525 MUT_SPLICE_OVERWRITE,
526 MUT_SPLICE_INSERT,
527 MUT_SPLICE_INSERT,
528 MUT_SPLICE_INSERT,
529 MUT_SPLICE_INSERT,
530 MUT_SPLICE_INSERT,
531 MUT_SPLICE_INSERT,
532 MUT_SPLICE_INSERT,
533 MUT_SPLICE_INSERT,
534 MUT_SPLICE_INSERT,
535 MUT_SPLICE_INSERT,
536 MUT_SPLICE_INSERT,
537 MUT_SPLICE_INSERT,
538 MUT_SPLICE_INSERT,
539 MUT_SPLICE_INSERT};
540
541 #define MUT_NORMAL_ARRAY_SIZE 77
542 u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
543 MUT_FLIPBIT,
544 MUT_FLIPBIT,
545 MUT_FLIPBIT,
546 MUT_INTERESTING8,
547 MUT_INTERESTING8,
548 MUT_INTERESTING8,
549 MUT_INTERESTING8,
550 MUT_INTERESTING16,
551 MUT_INTERESTING16,
552 MUT_INTERESTING16BE,
553 MUT_INTERESTING16BE,
554 MUT_INTERESTING32,
555 MUT_INTERESTING32,
556 MUT_INTERESTING32BE,
557 MUT_INTERESTING32BE,
558 MUT_ARITH8_,
559 MUT_ARITH8_,
560 MUT_ARITH8_,
561 MUT_ARITH8_,
562 MUT_ARITH8,
563 MUT_ARITH8,
564 MUT_ARITH8,
565 MUT_ARITH8,
566 MUT_ARITH16_,
567 MUT_ARITH16_,
568 MUT_ARITH16BE_,
569 MUT_ARITH16BE_,
570 MUT_ARITH16,
571 MUT_ARITH16,
572 MUT_ARITH16BE,
573 MUT_ARITH16BE,
574 MUT_ARITH32_,
575 MUT_ARITH32_,
576 MUT_ARITH32BE_,
577 MUT_ARITH32BE_,
578 MUT_ARITH32,
579 MUT_ARITH32,
580 MUT_ARITH32BE,
581 MUT_ARITH32BE,
582 MUT_RAND8,
583 MUT_RAND8,
584 MUT_RAND8,
585 MUT_RAND8,
586 MUT_CLONE_COPY,
587 MUT_CLONE_COPY,
588 MUT_CLONE_COPY,
589 MUT_CLONE_FIXED,
590 MUT_OVERWRITE_COPY,
591 MUT_OVERWRITE_COPY,
592 MUT_OVERWRITE_COPY,
593 MUT_OVERWRITE_FIXED,
594 MUT_BYTEADD,
595 MUT_BYTESUB,
596 MUT_FLIP8,
597 MUT_SWITCH,
598 MUT_SWITCH,
599 MUT_DEL,
600 MUT_DEL,
601 MUT_DEL,
602 MUT_DEL,
603 MUT_DEL,
604 MUT_DEL,
605 MUT_DEL,
606 MUT_DEL,
607 MUT_EXTRA_OVERWRITE,
608 MUT_EXTRA_OVERWRITE,
609 MUT_EXTRA_INSERT,
610 MUT_EXTRA_INSERT,
611 MUT_AUTO_EXTRA_OVERWRITE,
612 MUT_AUTO_EXTRA_OVERWRITE,
613 MUT_AUTO_EXTRA_INSERT,
614 MUT_AUTO_EXTRA_INSERT,
615 MUT_SPLICE_OVERWRITE,
616 MUT_SPLICE_OVERWRITE,
617 MUT_SPLICE_INSERT,
618 MUT_SPLICE_INSERT};
619
620 #define MUT_SPLICE_ARRAY_SIZE 81
621 u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT,
622 MUT_FLIPBIT,
623 MUT_FLIPBIT,
624 MUT_FLIPBIT,
625 MUT_INTERESTING8,
626 MUT_INTERESTING8,
627 MUT_INTERESTING8,
628 MUT_INTERESTING8,
629 MUT_INTERESTING16,
630 MUT_INTERESTING16,
631 MUT_INTERESTING16BE,
632 MUT_INTERESTING16BE,
633 MUT_INTERESTING32,
634 MUT_INTERESTING32,
635 MUT_INTERESTING32BE,
636 MUT_INTERESTING32BE,
637 MUT_ARITH8_,
638 MUT_ARITH8_,
639 MUT_ARITH8_,
640 MUT_ARITH8_,
641 MUT_ARITH8,
642 MUT_ARITH8,
643 MUT_ARITH8,
644 MUT_ARITH8,
645 MUT_ARITH16_,
646 MUT_ARITH16_,
647 MUT_ARITH16BE_,
648 MUT_ARITH16BE_,
649 MUT_ARITH16,
650 MUT_ARITH16,
651 MUT_ARITH16BE,
652 MUT_ARITH16BE,
653 MUT_ARITH32_,
654 MUT_ARITH32_,
655 MUT_ARITH32BE_,
656 MUT_ARITH32BE_,
657 MUT_ARITH32,
658 MUT_ARITH32,
659 MUT_ARITH32BE,
660 MUT_ARITH32BE,
661 MUT_RAND8,
662 MUT_RAND8,
663 MUT_RAND8,
664 MUT_RAND8,
665 MUT_CLONE_COPY,
666 MUT_CLONE_COPY,
667 MUT_CLONE_COPY,
668 MUT_CLONE_FIXED,
669 MUT_OVERWRITE_COPY,
670 MUT_OVERWRITE_COPY,
671 MUT_OVERWRITE_COPY,
672 MUT_OVERWRITE_FIXED,
673 MUT_BYTEADD,
674 MUT_BYTESUB,
675 MUT_FLIP8,
676 MUT_SWITCH,
677 MUT_SWITCH,
678 MUT_DEL,
679 MUT_DEL,
680 MUT_DEL,
681 MUT_DEL,
682 MUT_DEL,
683 MUT_DEL,
684 MUT_DEL,
685 MUT_DEL,
686 MUT_EXTRA_OVERWRITE,
687 MUT_EXTRA_OVERWRITE,
688 MUT_EXTRA_INSERT,
689 MUT_EXTRA_INSERT,
690 MUT_AUTO_EXTRA_OVERWRITE,
691 MUT_AUTO_EXTRA_OVERWRITE,
692 MUT_AUTO_EXTRA_INSERT,
693 MUT_AUTO_EXTRA_INSERT,
694 MUT_SPLICE_OVERWRITE,
695 MUT_SPLICE_OVERWRITE,
696 MUT_SPLICE_OVERWRITE,
697 MUT_SPLICE_OVERWRITE,
698 MUT_SPLICE_INSERT,
699 MUT_SPLICE_INSERT,
700 MUT_SPLICE_INSERT,
701 MUT_SPLICE_INSERT};
702
703 u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {
704
705 MUT_FLIPBIT,
706 MUT_FLIPBIT,
707 MUT_FLIPBIT,
708 MUT_FLIPBIT,
709 MUT_FLIPBIT,
710 MUT_FLIPBIT,
711 MUT_INTERESTING8,
712 MUT_INTERESTING8,
713 MUT_INTERESTING8,
714 MUT_INTERESTING8,
715 MUT_INTERESTING8,
716 MUT_INTERESTING16,
717 MUT_INTERESTING16,
718 MUT_INTERESTING16,
719 MUT_INTERESTING16,
720 MUT_INTERESTING16,
721 MUT_INTERESTING16BE,
722 MUT_INTERESTING16BE,
723 MUT_INTERESTING16BE,
724 MUT_INTERESTING16BE,
725 MUT_INTERESTING16BE,
726 MUT_INTERESTING32,
727 MUT_INTERESTING32,
728 MUT_INTERESTING32,
729 MUT_INTERESTING32,
730 MUT_INTERESTING32,
731 MUT_INTERESTING32BE,
732 MUT_INTERESTING32BE,
733 MUT_INTERESTING32BE,
734 MUT_INTERESTING32BE,
735 MUT_INTERESTING32BE,
736 MUT_ARITH8_,
737 MUT_ARITH8_,
738 MUT_ARITH8_,
739 MUT_ARITH8_,
740 MUT_ARITH8_,
741 MUT_ARITH8_,
742 MUT_ARITH8,
743 MUT_ARITH8,
744 MUT_ARITH8,
745 MUT_ARITH8,
746 MUT_ARITH8,
747 MUT_ARITH8,
748 MUT_ARITH16_,
749 MUT_ARITH16_,
750 MUT_ARITH16_,
751 MUT_ARITH16_,
752 MUT_ARITH16_,
753 MUT_ARITH16_,
754 MUT_ARITH16BE_,
755 MUT_ARITH16BE_,
756 MUT_ARITH16BE_,
757 MUT_ARITH16BE_,
758 MUT_ARITH16BE_,
759 MUT_ARITH16BE_,
760 MUT_ARITH16,
761 MUT_ARITH16,
762 MUT_ARITH16,
763 MUT_ARITH16,
764 MUT_ARITH16,
765 MUT_ARITH16,
766 MUT_ARITH16BE,
767 MUT_ARITH16BE,
768 MUT_ARITH16BE,
769 MUT_ARITH16BE,
770 MUT_ARITH16BE,
771 MUT_ARITH16BE,
772 MUT_ARITH32_,
773 MUT_ARITH32_,
774 MUT_ARITH32_,
775 MUT_ARITH32_,
776 MUT_ARITH32_,
777 MUT_ARITH32_,
778 MUT_ARITH32BE_,
779 MUT_ARITH32BE_,
780 MUT_ARITH32BE_,
781 MUT_ARITH32BE_,
782 MUT_ARITH32BE_,
783 MUT_ARITH32BE_,
784 MUT_ARITH32,
785 MUT_ARITH32,
786 MUT_ARITH32,
787 MUT_ARITH32,
788 MUT_ARITH32,
789 MUT_ARITH32,
790 MUT_ARITH32BE,
791 MUT_ARITH32BE,
792 MUT_ARITH32BE,
793 MUT_ARITH32BE,
794 MUT_ARITH32BE,
795 MUT_ARITH32BE,
796 MUT_RAND8,
797 MUT_RAND8,
798 MUT_RAND8,
799 MUT_RAND8,
800 MUT_RAND8,
801 MUT_RAND8,
802 MUT_CLONE_COPY,
803 MUT_CLONE_COPY,
804 MUT_CLONE_COPY,
805 MUT_CLONE_COPY,
806 MUT_CLONE_COPY,
807 MUT_CLONE_COPY,
808 MUT_CLONE_COPY,
809 MUT_CLONE_COPY,
810 MUT_CLONE_COPY,
811 MUT_CLONE_COPY,
812 MUT_CLONE_COPY,
813 MUT_CLONE_COPY,
814 MUT_CLONE_COPY,
815 MUT_CLONE_FIXED,
816 MUT_CLONE_FIXED,
817 MUT_CLONE_FIXED,
818 MUT_CLONE_FIXED,
819 MUT_CLONE_FIXED,
820 MUT_CLONE_FIXED,
821 MUT_CLONE_FIXED,
822 MUT_CLONE_FIXED,
823 MUT_CLONE_FIXED,
824 MUT_CLONE_FIXED,
825 MUT_OVERWRITE_COPY,
826 MUT_OVERWRITE_COPY,
827 MUT_OVERWRITE_COPY,
828 MUT_OVERWRITE_COPY,
829 MUT_OVERWRITE_COPY,
830 MUT_OVERWRITE_COPY,
831 MUT_OVERWRITE_COPY,
832 MUT_OVERWRITE_COPY,
833 MUT_OVERWRITE_COPY,
834 MUT_OVERWRITE_FIXED,
835 MUT_OVERWRITE_FIXED,
836 MUT_OVERWRITE_FIXED,
837 MUT_OVERWRITE_FIXED,
838 MUT_OVERWRITE_FIXED,
839 MUT_OVERWRITE_FIXED,
840 MUT_OVERWRITE_FIXED,
841 MUT_OVERWRITE_FIXED,
842 MUT_BYTEADD,
843 MUT_BYTEADD,
844 MUT_BYTEADD,
845 MUT_BYTEADD,
846 MUT_BYTEADD,
847 MUT_BYTEADD,
848 MUT_BYTESUB,
849 MUT_BYTESUB,
850 MUT_BYTESUB,
851 MUT_BYTESUB,
852 MUT_BYTESUB,
853 MUT_BYTESUB,
854 MUT_FLIP8,
855 MUT_FLIP8,
856 MUT_FLIP8,
857 MUT_FLIP8,
858 MUT_FLIP8,
859 MUT_FLIP8,
860 MUT_FLIP8,
861 MUT_FLIP8,
862 MUT_SWITCH,
863 MUT_SWITCH,
864 MUT_SWITCH,
865 MUT_SWITCH,
866 MUT_SWITCH,
867 MUT_SWITCH,
868 MUT_SWITCH,
869 MUT_SWITCH,
870 MUT_DEL,
871 MUT_DEL,
872 MUT_DEL,
873 MUT_DEL,
874 MUT_DEL,
875 MUT_DEL,
876 MUT_DEL,
877 MUT_SHUFFLE,
878 MUT_SHUFFLE,
879 MUT_SHUFFLE,
880 MUT_SHUFFLE,
881 MUT_SHUFFLE,
882 MUT_SHUFFLE,
883 MUT_SHUFFLE,
884 MUT_SHUFFLE,
885 MUT_DELONE,
886 MUT_DELONE,
887 MUT_DELONE,
888 MUT_DELONE,
889 MUT_DELONE,
890 MUT_DELONE,
891 MUT_DELONE,
892 MUT_INSERTONE,
893 MUT_INSERTONE,
894 MUT_INSERTONE,
895 MUT_INSERTONE,
896 MUT_INSERTONE,
897 MUT_INSERTONE,
898 MUT_ASCIINUM,
899 MUT_ASCIINUM,
900 MUT_ASCIINUM,
901 MUT_ASCIINUM,
902 MUT_ASCIINUM,
903 MUT_ASCIINUM,
904 MUT_ASCIINUM,
905 MUT_ASCIINUM,
906 MUT_INSERTASCIINUM,
907 MUT_INSERTASCIINUM,
908 MUT_INSERTASCIINUM,
909 MUT_INSERTASCIINUM,
910 MUT_INSERTASCIINUM,
911 MUT_INSERTASCIINUM,
912 MUT_INSERTASCIINUM,
913 MUT_INSERTASCIINUM,
914 MUT_EXTRA_OVERWRITE,
915 MUT_EXTRA_OVERWRITE,
916 MUT_EXTRA_OVERWRITE,
917 MUT_EXTRA_OVERWRITE,
918 MUT_EXTRA_OVERWRITE,
919 MUT_EXTRA_OVERWRITE,
920 MUT_EXTRA_OVERWRITE,
921 MUT_EXTRA_OVERWRITE,
922 MUT_EXTRA_INSERT,
923 MUT_EXTRA_INSERT,
924 MUT_EXTRA_INSERT,
925 MUT_EXTRA_INSERT,
926 MUT_EXTRA_INSERT,
927 MUT_EXTRA_INSERT,
928 MUT_EXTRA_INSERT,
929 MUT_EXTRA_INSERT,
930 MUT_AUTO_EXTRA_OVERWRITE,
931 MUT_AUTO_EXTRA_OVERWRITE,
932 MUT_AUTO_EXTRA_OVERWRITE,
933 MUT_AUTO_EXTRA_OVERWRITE,
934 MUT_AUTO_EXTRA_OVERWRITE,
935 MUT_AUTO_EXTRA_OVERWRITE,
936 MUT_AUTO_EXTRA_INSERT,
937 MUT_AUTO_EXTRA_INSERT,
938 MUT_AUTO_EXTRA_INSERT,
939 MUT_AUTO_EXTRA_INSERT,
940 MUT_AUTO_EXTRA_INSERT,
941 MUT_AUTO_EXTRA_INSERT,
942 MUT_SPLICE_OVERWRITE,
943 MUT_SPLICE_OVERWRITE,
944 MUT_SPLICE_OVERWRITE,
945 MUT_SPLICE_OVERWRITE,
946 MUT_SPLICE_OVERWRITE,
947 MUT_SPLICE_OVERWRITE,
948 MUT_SPLICE_OVERWRITE,
949 MUT_SPLICE_OVERWRITE,
950 MUT_SPLICE_OVERWRITE,
951 MUT_SPLICE_INSERT,
952 MUT_SPLICE_INSERT,
953 MUT_SPLICE_INSERT,
954 MUT_SPLICE_INSERT,
955 MUT_SPLICE_INSERT,
956 MUT_SPLICE_INSERT,
957 MUT_SPLICE_INSERT,
958 MUT_SPLICE_INSERT,
959 MUT_SPLICE_INSERT,
960 MUT_SPLICE_INSERT
961
962 };
963
964 u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
965
966 MUT_FLIPBIT,
967 MUT_FLIPBIT,
968 MUT_FLIPBIT,
969 MUT_FLIPBIT,
970 MUT_FLIPBIT,
971 MUT_FLIPBIT,
972 MUT_FLIPBIT,
973 MUT_INTERESTING8,
974 MUT_INTERESTING8,
975 MUT_INTERESTING8,
976 MUT_INTERESTING8,
977 MUT_INTERESTING8,
978 MUT_INTERESTING8,
979 MUT_INTERESTING16,
980 MUT_INTERESTING16,
981 MUT_INTERESTING16,
982 MUT_INTERESTING16,
983 MUT_INTERESTING16,
984 MUT_INTERESTING16,
985 MUT_INTERESTING16BE,
986 MUT_INTERESTING16BE,
987 MUT_INTERESTING16BE,
988 MUT_INTERESTING16BE,
989 MUT_INTERESTING16BE,
990 MUT_INTERESTING16BE,
991 MUT_INTERESTING32,
992 MUT_INTERESTING32,
993 MUT_INTERESTING32,
994 MUT_INTERESTING32,
995 MUT_INTERESTING32,
996 MUT_INTERESTING32,
997 MUT_INTERESTING32BE,
998 MUT_INTERESTING32BE,
999 MUT_INTERESTING32BE,
1000 MUT_INTERESTING32BE,
1001 MUT_INTERESTING32BE,
1002 MUT_INTERESTING32BE,
1003 MUT_ARITH8_,
1004 MUT_ARITH8_,
1005 MUT_ARITH8_,
1006 MUT_ARITH8_,
1007 MUT_ARITH8_,
1008 MUT_ARITH8_,
1009 MUT_ARITH8_,
1010 MUT_ARITH8,
1011 MUT_ARITH8,
1012 MUT_ARITH8,
1013 MUT_ARITH8,
1014 MUT_ARITH8,
1015 MUT_ARITH8,
1016 MUT_ARITH8,
1017 MUT_ARITH16_,
1018 MUT_ARITH16_,
1019 MUT_ARITH16_,
1020 MUT_ARITH16_,
1021 MUT_ARITH16_,
1022 MUT_ARITH16_,
1023 MUT_ARITH16BE_,
1024 MUT_ARITH16BE_,
1025 MUT_ARITH16BE_,
1026 MUT_ARITH16BE_,
1027 MUT_ARITH16BE_,
1028 MUT_ARITH16BE_,
1029 MUT_ARITH16,
1030 MUT_ARITH16,
1031 MUT_ARITH16,
1032 MUT_ARITH16,
1033 MUT_ARITH16,
1034 MUT_ARITH16,
1035 MUT_ARITH16BE,
1036 MUT_ARITH16BE,
1037 MUT_ARITH16BE,
1038 MUT_ARITH16BE,
1039 MUT_ARITH16BE,
1040 MUT_ARITH16BE,
1041 MUT_ARITH32_,
1042 MUT_ARITH32_,
1043 MUT_ARITH32_,
1044 MUT_ARITH32_,
1045 MUT_ARITH32_,
1046 MUT_ARITH32_,
1047 MUT_ARITH32BE_,
1048 MUT_ARITH32BE_,
1049 MUT_ARITH32BE_,
1050 MUT_ARITH32BE_,
1051 MUT_ARITH32BE_,
1052 MUT_ARITH32BE_,
1053 MUT_ARITH32,
1054 MUT_ARITH32,
1055 MUT_ARITH32,
1056 MUT_ARITH32,
1057 MUT_ARITH32,
1058 MUT_ARITH32,
1059 MUT_ARITH32,
1060 MUT_ARITH32BE,
1061 MUT_ARITH32BE,
1062 MUT_ARITH32BE,
1063 MUT_ARITH32BE,
1064 MUT_ARITH32BE,
1065 MUT_ARITH32BE,
1066 MUT_RAND8,
1067 MUT_RAND8,
1068 MUT_RAND8,
1069 MUT_RAND8,
1070 MUT_RAND8,
1071 MUT_RAND8,
1072 MUT_CLONE_COPY,
1073 MUT_CLONE_COPY,
1074 MUT_CLONE_COPY,
1075 MUT_CLONE_COPY,
1076 MUT_CLONE_COPY,
1077 MUT_CLONE_COPY,
1078 MUT_CLONE_COPY,
1079 MUT_CLONE_COPY,
1080 MUT_CLONE_COPY,
1081 MUT_CLONE_COPY,
1082 MUT_CLONE_COPY,
1083 MUT_CLONE_COPY,
1084 MUT_CLONE_COPY,
1085 MUT_CLONE_COPY,
1086 MUT_CLONE_FIXED,
1087 MUT_CLONE_FIXED,
1088 MUT_CLONE_FIXED,
1089 MUT_CLONE_FIXED,
1090 MUT_CLONE_FIXED,
1091 MUT_CLONE_FIXED,
1092 MUT_CLONE_FIXED,
1093 MUT_CLONE_FIXED,
1094 MUT_CLONE_FIXED,
1095 MUT_OVERWRITE_COPY,
1096 MUT_OVERWRITE_COPY,
1097 MUT_OVERWRITE_COPY,
1098 MUT_OVERWRITE_COPY,
1099 MUT_OVERWRITE_COPY,
1100 MUT_OVERWRITE_COPY,
1101 MUT_OVERWRITE_COPY,
1102 MUT_OVERWRITE_COPY,
1103 MUT_OVERWRITE_COPY,
1104 MUT_OVERWRITE_FIXED,
1105 MUT_OVERWRITE_FIXED,
1106 MUT_OVERWRITE_FIXED,
1107 MUT_OVERWRITE_FIXED,
1108 MUT_OVERWRITE_FIXED,
1109 MUT_OVERWRITE_FIXED,
1110 MUT_OVERWRITE_FIXED,
1111 MUT_BYTEADD,
1112 MUT_BYTEADD,
1113 MUT_BYTEADD,
1114 MUT_BYTEADD,
1115 MUT_BYTEADD,
1116 MUT_BYTEADD,
1117 MUT_BYTEADD,
1118 MUT_BYTESUB,
1119 MUT_BYTESUB,
1120 MUT_BYTESUB,
1121 MUT_BYTESUB,
1122 MUT_BYTESUB,
1123 MUT_BYTESUB,
1124 MUT_BYTESUB,
1125 MUT_FLIP8,
1126 MUT_FLIP8,
1127 MUT_FLIP8,
1128 MUT_FLIP8,
1129 MUT_FLIP8,
1130 MUT_FLIP8,
1131 MUT_FLIP8,
1132 MUT_FLIP8,
1133 MUT_FLIP8,
1134 MUT_FLIP8,
1135 MUT_SWITCH,
1136 MUT_SWITCH,
1137 MUT_SWITCH,
1138 MUT_SWITCH,
1139 MUT_SWITCH,
1140 MUT_SWITCH,
1141 MUT_SWITCH,
1142 MUT_DEL,
1143 MUT_DEL,
1144 MUT_DEL,
1145 MUT_DEL,
1146 MUT_DEL,
1147 MUT_DEL,
1148 MUT_SHUFFLE,
1149 MUT_SHUFFLE,
1150 MUT_SHUFFLE,
1151 MUT_SHUFFLE,
1152 MUT_SHUFFLE,
1153 MUT_SHUFFLE,
1154 MUT_DELONE,
1155 MUT_DELONE,
1156 MUT_DELONE,
1157 MUT_DELONE,
1158 MUT_DELONE,
1159 MUT_DELONE,
1160 MUT_INSERTONE,
1161 MUT_INSERTONE,
1162 MUT_INSERTONE,
1163 MUT_INSERTONE,
1164 MUT_INSERTONE,
1165 MUT_INSERTONE,
1166 MUT_ASCIINUM,
1167 MUT_ASCIINUM,
1168 MUT_ASCIINUM,
1169 MUT_ASCIINUM,
1170 MUT_ASCIINUM,
1171 MUT_ASCIINUM,
1172 MUT_INSERTASCIINUM,
1173 MUT_INSERTASCIINUM,
1174 MUT_INSERTASCIINUM,
1175 MUT_INSERTASCIINUM,
1176 MUT_INSERTASCIINUM,
1177 MUT_INSERTASCIINUM,
1178 MUT_EXTRA_OVERWRITE,
1179 MUT_EXTRA_OVERWRITE,
1180 MUT_EXTRA_OVERWRITE,
1181 MUT_EXTRA_OVERWRITE,
1182 MUT_EXTRA_OVERWRITE,
1183 MUT_EXTRA_OVERWRITE,
1184 MUT_EXTRA_OVERWRITE,
1185 MUT_EXTRA_INSERT,
1186 MUT_EXTRA_INSERT,
1187 MUT_EXTRA_INSERT,
1188 MUT_EXTRA_INSERT,
1189 MUT_EXTRA_INSERT,
1190 MUT_EXTRA_INSERT,
1191 MUT_EXTRA_INSERT,
1192 MUT_AUTO_EXTRA_OVERWRITE,
1193 MUT_AUTO_EXTRA_OVERWRITE,
1194 MUT_AUTO_EXTRA_OVERWRITE,
1195 MUT_AUTO_EXTRA_OVERWRITE,
1196 MUT_AUTO_EXTRA_OVERWRITE,
1197 MUT_AUTO_EXTRA_OVERWRITE,
1198 MUT_AUTO_EXTRA_INSERT,
1199 MUT_AUTO_EXTRA_INSERT,
1200 MUT_AUTO_EXTRA_INSERT,
1201 MUT_AUTO_EXTRA_INSERT,
1202 MUT_AUTO_EXTRA_INSERT,
1203 MUT_AUTO_EXTRA_INSERT,
1204 MUT_SPLICE_OVERWRITE,
1205 MUT_SPLICE_OVERWRITE,
1206 MUT_SPLICE_OVERWRITE,
1207 MUT_SPLICE_OVERWRITE,
1208 MUT_SPLICE_OVERWRITE,
1209 MUT_SPLICE_OVERWRITE,
1210 MUT_SPLICE_OVERWRITE,
1211 MUT_SPLICE_OVERWRITE,
1212 MUT_SPLICE_INSERT,
1213 MUT_SPLICE_INSERT,
1214 MUT_SPLICE_INSERT,
1215 MUT_SPLICE_INSERT,
1216 MUT_SPLICE_INSERT,
1217 MUT_SPLICE_INSERT,
1218 MUT_SPLICE_INSERT,
1219 MUT_SPLICE_INSERT,
1220 MUT_SPLICE_INSERT,
1221 MUT_SPLICE_INSERT
1222
1223 };
1224
1225 u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {
1226
1227 MUT_FLIPBIT,
1228 MUT_FLIPBIT,
1229 MUT_FLIPBIT,
1230 MUT_FLIPBIT,
1231 MUT_FLIPBIT,
1232 MUT_FLIPBIT,
1233 MUT_FLIPBIT,
1234 MUT_INTERESTING8,
1235 MUT_INTERESTING8,
1236 MUT_INTERESTING8,
1237 MUT_INTERESTING8,
1238 MUT_INTERESTING8,
1239 MUT_INTERESTING8,
1240 MUT_INTERESTING8,
1241 MUT_INTERESTING16,
1242 MUT_INTERESTING16,
1243 MUT_INTERESTING16,
1244 MUT_INTERESTING16,
1245 MUT_INTERESTING16,
1246 MUT_INTERESTING16,
1247 MUT_INTERESTING16,
1248 MUT_INTERESTING16BE,
1249 MUT_INTERESTING16BE,
1250 MUT_INTERESTING16BE,
1251 MUT_INTERESTING16BE,
1252 MUT_INTERESTING16BE,
1253 MUT_INTERESTING16BE,
1254 MUT_INTERESTING16BE,
1255 MUT_INTERESTING32,
1256 MUT_INTERESTING32,
1257 MUT_INTERESTING32,
1258 MUT_INTERESTING32,
1259 MUT_INTERESTING32,
1260 MUT_INTERESTING32,
1261 MUT_INTERESTING32,
1262 MUT_INTERESTING32,
1263 MUT_INTERESTING32BE,
1264 MUT_INTERESTING32BE,
1265 MUT_INTERESTING32BE,
1266 MUT_INTERESTING32BE,
1267 MUT_INTERESTING32BE,
1268 MUT_INTERESTING32BE,
1269 MUT_INTERESTING32BE,
1270 MUT_INTERESTING32BE,
1271 MUT_ARITH8_,
1272 MUT_ARITH8_,
1273 MUT_ARITH8_,
1274 MUT_ARITH8_,
1275 MUT_ARITH8_,
1276 MUT_ARITH8_,
1277 MUT_ARITH8,
1278 MUT_ARITH8,
1279 MUT_ARITH8,
1280 MUT_ARITH8,
1281 MUT_ARITH8,
1282 MUT_ARITH8,
1283 MUT_ARITH8,
1284 MUT_ARITH16_,
1285 MUT_ARITH16_,
1286 MUT_ARITH16_,
1287 MUT_ARITH16_,
1288 MUT_ARITH16_,
1289 MUT_ARITH16_,
1290 MUT_ARITH16BE_,
1291 MUT_ARITH16BE_,
1292 MUT_ARITH16BE_,
1293 MUT_ARITH16BE_,
1294 MUT_ARITH16BE_,
1295 MUT_ARITH16BE_,
1296 MUT_ARITH16BE_,
1297 MUT_ARITH16,
1298 MUT_ARITH16,
1299 MUT_ARITH16,
1300 MUT_ARITH16,
1301 MUT_ARITH16,
1302 MUT_ARITH16,
1303 MUT_ARITH16,
1304 MUT_ARITH16BE,
1305 MUT_ARITH16BE,
1306 MUT_ARITH16BE,
1307 MUT_ARITH16BE,
1308 MUT_ARITH16BE,
1309 MUT_ARITH16BE,
1310 MUT_ARITH16BE,
1311 MUT_ARITH32_,
1312 MUT_ARITH32_,
1313 MUT_ARITH32_,
1314 MUT_ARITH32_,
1315 MUT_ARITH32_,
1316 MUT_ARITH32_,
1317 MUT_ARITH32BE_,
1318 MUT_ARITH32BE_,
1319 MUT_ARITH32BE_,
1320 MUT_ARITH32BE_,
1321 MUT_ARITH32BE_,
1322 MUT_ARITH32BE_,
1323 MUT_ARITH32,
1324 MUT_ARITH32,
1325 MUT_ARITH32,
1326 MUT_ARITH32,
1327 MUT_ARITH32,
1328 MUT_ARITH32,
1329 MUT_ARITH32BE,
1330 MUT_ARITH32BE,
1331 MUT_ARITH32BE,
1332 MUT_ARITH32BE,
1333 MUT_ARITH32BE,
1334 MUT_ARITH32BE,
1335 MUT_ARITH32BE,
1336 MUT_RAND8,
1337 MUT_RAND8,
1338 MUT_RAND8,
1339 MUT_RAND8,
1340 MUT_RAND8,
1341 MUT_RAND8,
1342 MUT_RAND8,
1343 MUT_CLONE_COPY,
1344 MUT_CLONE_COPY,
1345 MUT_CLONE_COPY,
1346 MUT_CLONE_COPY,
1347 MUT_CLONE_COPY,
1348 MUT_CLONE_COPY,
1349 MUT_CLONE_COPY,
1350 MUT_CLONE_COPY,
1351 MUT_CLONE_COPY,
1352 MUT_CLONE_FIXED,
1353 MUT_CLONE_FIXED,
1354 MUT_CLONE_FIXED,
1355 MUT_CLONE_FIXED,
1356 MUT_CLONE_FIXED,
1357 MUT_CLONE_FIXED,
1358 MUT_CLONE_FIXED,
1359 MUT_CLONE_FIXED,
1360 MUT_OVERWRITE_COPY,
1361 MUT_OVERWRITE_COPY,
1362 MUT_OVERWRITE_COPY,
1363 MUT_OVERWRITE_COPY,
1364 MUT_OVERWRITE_COPY,
1365 MUT_OVERWRITE_COPY,
1366 MUT_OVERWRITE_FIXED,
1367 MUT_OVERWRITE_FIXED,
1368 MUT_OVERWRITE_FIXED,
1369 MUT_OVERWRITE_FIXED,
1370 MUT_OVERWRITE_FIXED,
1371 MUT_OVERWRITE_FIXED,
1372 MUT_BYTEADD,
1373 MUT_BYTEADD,
1374 MUT_BYTEADD,
1375 MUT_BYTEADD,
1376 MUT_BYTEADD,
1377 MUT_BYTEADD,
1378 MUT_BYTEADD,
1379 MUT_BYTESUB,
1380 MUT_BYTESUB,
1381 MUT_BYTESUB,
1382 MUT_BYTESUB,
1383 MUT_BYTESUB,
1384 MUT_BYTESUB,
1385 MUT_FLIP8,
1386 MUT_FLIP8,
1387 MUT_FLIP8,
1388 MUT_FLIP8,
1389 MUT_FLIP8,
1390 MUT_FLIP8,
1391 MUT_FLIP8,
1392 MUT_FLIP8,
1393 MUT_FLIP8,
1394 MUT_SWITCH,
1395 MUT_SWITCH,
1396 MUT_SWITCH,
1397 MUT_SWITCH,
1398 MUT_SWITCH,
1399 MUT_SWITCH,
1400 MUT_SWITCH,
1401 MUT_DEL,
1402 MUT_DEL,
1403 MUT_DEL,
1404 MUT_DEL,
1405 MUT_DEL,
1406 MUT_DEL,
1407 MUT_SHUFFLE,
1408 MUT_SHUFFLE,
1409 MUT_SHUFFLE,
1410 MUT_SHUFFLE,
1411 MUT_SHUFFLE,
1412 MUT_SHUFFLE,
1413 MUT_SHUFFLE,
1414 MUT_DELONE,
1415 MUT_DELONE,
1416 MUT_DELONE,
1417 MUT_DELONE,
1418 MUT_DELONE,
1419 MUT_INSERTONE,
1420 MUT_INSERTONE,
1421 MUT_INSERTONE,
1422 MUT_INSERTONE,
1423 MUT_INSERTONE,
1424 MUT_INSERTONE,
1425 MUT_ASCIINUM,
1426 MUT_ASCIINUM,
1427 MUT_ASCIINUM,
1428 MUT_ASCIINUM,
1429 MUT_ASCIINUM,
1430 MUT_ASCIINUM,
1431 MUT_INSERTASCIINUM,
1432 MUT_INSERTASCIINUM,
1433 MUT_INSERTASCIINUM,
1434 MUT_INSERTASCIINUM,
1435 MUT_INSERTASCIINUM,
1436 MUT_INSERTASCIINUM,
1437 MUT_INSERTASCIINUM,
1438 MUT_INSERTASCIINUM,
1439 MUT_EXTRA_OVERWRITE,
1440 MUT_EXTRA_OVERWRITE,
1441 MUT_EXTRA_OVERWRITE,
1442 MUT_EXTRA_OVERWRITE,
1443 MUT_EXTRA_OVERWRITE,
1444 MUT_EXTRA_OVERWRITE,
1445 MUT_EXTRA_OVERWRITE,
1446 MUT_EXTRA_INSERT,
1447 MUT_EXTRA_INSERT,
1448 MUT_EXTRA_INSERT,
1449 MUT_EXTRA_INSERT,
1450 MUT_EXTRA_INSERT,
1451 MUT_EXTRA_INSERT,
1452 MUT_EXTRA_INSERT,
1453 MUT_AUTO_EXTRA_OVERWRITE,
1454 MUT_AUTO_EXTRA_OVERWRITE,
1455 MUT_AUTO_EXTRA_OVERWRITE,
1456 MUT_AUTO_EXTRA_OVERWRITE,
1457 MUT_AUTO_EXTRA_OVERWRITE,
1458 MUT_AUTO_EXTRA_OVERWRITE,
1459 MUT_AUTO_EXTRA_OVERWRITE,
1460 MUT_AUTO_EXTRA_INSERT,
1461 MUT_AUTO_EXTRA_INSERT,
1462 MUT_AUTO_EXTRA_INSERT,
1463 MUT_AUTO_EXTRA_INSERT,
1464 MUT_AUTO_EXTRA_INSERT,
1465 MUT_AUTO_EXTRA_INSERT,
1466 MUT_AUTO_EXTRA_INSERT,
1467 MUT_SPLICE_OVERWRITE,
1468 MUT_SPLICE_OVERWRITE,
1469 MUT_SPLICE_OVERWRITE,
1470 MUT_SPLICE_OVERWRITE,
1471 MUT_SPLICE_OVERWRITE,
1472 MUT_SPLICE_OVERWRITE,
1473 MUT_SPLICE_OVERWRITE,
1474 MUT_SPLICE_INSERT,
1475 MUT_SPLICE_INSERT,
1476 MUT_SPLICE_INSERT,
1477 MUT_SPLICE_INSERT,
1478 MUT_SPLICE_INSERT,
1479 MUT_SPLICE_INSERT,
1480 MUT_SPLICE_INSERT,
1481 MUT_SPLICE_INSERT,
1482 MUT_SPLICE_INSERT
1483
1484 };
1485
1486 u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {
1487
1488 MUT_FLIPBIT,
1489 MUT_FLIPBIT,
1490 MUT_FLIPBIT,
1491 MUT_FLIPBIT,
1492 MUT_FLIPBIT,
1493 MUT_FLIPBIT,
1494 MUT_FLIPBIT,
1495 MUT_INTERESTING8,
1496 MUT_INTERESTING8,
1497 MUT_INTERESTING8,
1498 MUT_INTERESTING8,
1499 MUT_INTERESTING8,
1500 MUT_INTERESTING8,
1501 MUT_INTERESTING8,
1502 MUT_INTERESTING16,
1503 MUT_INTERESTING16,
1504 MUT_INTERESTING16,
1505 MUT_INTERESTING16,
1506 MUT_INTERESTING16,
1507 MUT_INTERESTING16,
1508 MUT_INTERESTING16,
1509 MUT_INTERESTING16BE,
1510 MUT_INTERESTING16BE,
1511 MUT_INTERESTING16BE,
1512 MUT_INTERESTING16BE,
1513 MUT_INTERESTING16BE,
1514 MUT_INTERESTING16BE,
1515 MUT_INTERESTING16BE,
1516 MUT_INTERESTING32,
1517 MUT_INTERESTING32,
1518 MUT_INTERESTING32,
1519 MUT_INTERESTING32,
1520 MUT_INTERESTING32,
1521 MUT_INTERESTING32,
1522 MUT_INTERESTING32,
1523 MUT_INTERESTING32,
1524 MUT_INTERESTING32BE,
1525 MUT_INTERESTING32BE,
1526 MUT_INTERESTING32BE,
1527 MUT_INTERESTING32BE,
1528 MUT_INTERESTING32BE,
1529 MUT_INTERESTING32BE,
1530 MUT_INTERESTING32BE,
1531 MUT_INTERESTING32BE,
1532 MUT_ARITH8_,
1533 MUT_ARITH8_,
1534 MUT_ARITH8_,
1535 MUT_ARITH8_,
1536 MUT_ARITH8_,
1537 MUT_ARITH8_,
1538 MUT_ARITH8,
1539 MUT_ARITH8,
1540 MUT_ARITH8,
1541 MUT_ARITH8,
1542 MUT_ARITH8,
1543 MUT_ARITH8,
1544 MUT_ARITH8,
1545 MUT_ARITH16_,
1546 MUT_ARITH16_,
1547 MUT_ARITH16_,
1548 MUT_ARITH16_,
1549 MUT_ARITH16_,
1550 MUT_ARITH16_,
1551 MUT_ARITH16BE_,
1552 MUT_ARITH16BE_,
1553 MUT_ARITH16BE_,
1554 MUT_ARITH16BE_,
1555 MUT_ARITH16BE_,
1556 MUT_ARITH16BE_,
1557 MUT_ARITH16BE_,
1558 MUT_ARITH16,
1559 MUT_ARITH16,
1560 MUT_ARITH16,
1561 MUT_ARITH16,
1562 MUT_ARITH16,
1563 MUT_ARITH16,
1564 MUT_ARITH16,
1565 MUT_ARITH16BE,
1566 MUT_ARITH16BE,
1567 MUT_ARITH16BE,
1568 MUT_ARITH16BE,
1569 MUT_ARITH16BE,
1570 MUT_ARITH16BE,
1571 MUT_ARITH16BE,
1572 MUT_ARITH32_,
1573 MUT_ARITH32_,
1574 MUT_ARITH32_,
1575 MUT_ARITH32_,
1576 MUT_ARITH32_,
1577 MUT_ARITH32_,
1578 MUT_ARITH32BE_,
1579 MUT_ARITH32BE_,
1580 MUT_ARITH32BE_,
1581 MUT_ARITH32BE_,
1582 MUT_ARITH32BE_,
1583 MUT_ARITH32BE_,
1584 MUT_ARITH32BE_,
1585 MUT_ARITH32,
1586 MUT_ARITH32,
1587 MUT_ARITH32,
1588 MUT_ARITH32,
1589 MUT_ARITH32,
1590 MUT_ARITH32,
1591 MUT_ARITH32,
1592 MUT_ARITH32BE,
1593 MUT_ARITH32BE,
1594 MUT_ARITH32BE,
1595 MUT_ARITH32BE,
1596 MUT_ARITH32BE,
1597 MUT_ARITH32BE,
1598 MUT_ARITH32BE,
1599 MUT_RAND8,
1600 MUT_RAND8,
1601 MUT_RAND8,
1602 MUT_RAND8,
1603 MUT_RAND8,
1604 MUT_RAND8,
1605 MUT_RAND8,
1606 MUT_CLONE_COPY,
1607 MUT_CLONE_COPY,
1608 MUT_CLONE_COPY,
1609 MUT_CLONE_COPY,
1610 MUT_CLONE_COPY,
1611 MUT_CLONE_COPY,
1612 MUT_CLONE_COPY,
1613 MUT_CLONE_COPY,
1614 MUT_CLONE_COPY,
1615 MUT_CLONE_FIXED,
1616 MUT_CLONE_FIXED,
1617 MUT_CLONE_FIXED,
1618 MUT_CLONE_FIXED,
1619 MUT_CLONE_FIXED,
1620 MUT_CLONE_FIXED,
1621 MUT_CLONE_FIXED,
1622 MUT_CLONE_FIXED,
1623 MUT_OVERWRITE_COPY,
1624 MUT_OVERWRITE_COPY,
1625 MUT_OVERWRITE_COPY,
1626 MUT_OVERWRITE_COPY,
1627 MUT_OVERWRITE_COPY,
1628 MUT_OVERWRITE_COPY,
1629 MUT_OVERWRITE_FIXED,
1630 MUT_OVERWRITE_FIXED,
1631 MUT_OVERWRITE_FIXED,
1632 MUT_OVERWRITE_FIXED,
1633 MUT_OVERWRITE_FIXED,
1634 MUT_OVERWRITE_FIXED,
1635 MUT_BYTEADD,
1636 MUT_BYTEADD,
1637 MUT_BYTEADD,
1638 MUT_BYTEADD,
1639 MUT_BYTEADD,
1640 MUT_BYTEADD,
1641 MUT_BYTEADD,
1642 MUT_BYTESUB,
1643 MUT_BYTESUB,
1644 MUT_BYTESUB,
1645 MUT_BYTESUB,
1646 MUT_BYTESUB,
1647 MUT_BYTESUB,
1648 MUT_FLIP8,
1649 MUT_FLIP8,
1650 MUT_FLIP8,
1651 MUT_FLIP8,
1652 MUT_FLIP8,
1653 MUT_FLIP8,
1654 MUT_FLIP8,
1655 MUT_FLIP8,
1656 MUT_FLIP8,
1657 MUT_FLIP8,
1658 MUT_SWITCH,
1659 MUT_SWITCH,
1660 MUT_SWITCH,
1661 MUT_SWITCH,
1662 MUT_SWITCH,
1663 MUT_SWITCH,
1664 MUT_SWITCH,
1665 MUT_DEL,
1666 MUT_DEL,
1667 MUT_DEL,
1668 MUT_DEL,
1669 MUT_DEL,
1670 MUT_DEL,
1671 MUT_SHUFFLE,
1672 MUT_SHUFFLE,
1673 MUT_SHUFFLE,
1674 MUT_SHUFFLE,
1675 MUT_SHUFFLE,
1676 MUT_SHUFFLE,
1677 MUT_DELONE,
1678 MUT_DELONE,
1679 MUT_DELONE,
1680 MUT_DELONE,
1681 MUT_DELONE,
1682 MUT_INSERTONE,
1683 MUT_INSERTONE,
1684 MUT_INSERTONE,
1685 MUT_INSERTONE,
1686 MUT_INSERTONE,
1687 MUT_INSERTONE,
1688 MUT_ASCIINUM,
1689 MUT_ASCIINUM,
1690 MUT_ASCIINUM,
1691 MUT_ASCIINUM,
1692 MUT_ASCIINUM,
1693 MUT_INSERTASCIINUM,
1694 MUT_INSERTASCIINUM,
1695 MUT_INSERTASCIINUM,
1696 MUT_INSERTASCIINUM,
1697 MUT_INSERTASCIINUM,
1698 MUT_INSERTASCIINUM,
1699 MUT_INSERTASCIINUM,
1700 MUT_EXTRA_OVERWRITE,
1701 MUT_EXTRA_OVERWRITE,
1702 MUT_EXTRA_OVERWRITE,
1703 MUT_EXTRA_OVERWRITE,
1704 MUT_EXTRA_OVERWRITE,
1705 MUT_EXTRA_OVERWRITE,
1706 MUT_EXTRA_OVERWRITE,
1707 MUT_EXTRA_INSERT,
1708 MUT_EXTRA_INSERT,
1709 MUT_EXTRA_INSERT,
1710 MUT_EXTRA_INSERT,
1711 MUT_EXTRA_INSERT,
1712 MUT_EXTRA_INSERT,
1713 MUT_EXTRA_INSERT,
1714 MUT_AUTO_EXTRA_OVERWRITE,
1715 MUT_AUTO_EXTRA_OVERWRITE,
1716 MUT_AUTO_EXTRA_OVERWRITE,
1717 MUT_AUTO_EXTRA_OVERWRITE,
1718 MUT_AUTO_EXTRA_OVERWRITE,
1719 MUT_AUTO_EXTRA_OVERWRITE,
1720 MUT_AUTO_EXTRA_OVERWRITE,
1721 MUT_AUTO_EXTRA_INSERT,
1722 MUT_AUTO_EXTRA_INSERT,
1723 MUT_AUTO_EXTRA_INSERT,
1724 MUT_AUTO_EXTRA_INSERT,
1725 MUT_AUTO_EXTRA_INSERT,
1726 MUT_AUTO_EXTRA_INSERT,
1727 MUT_AUTO_EXTRA_INSERT,
1728 MUT_SPLICE_OVERWRITE,
1729 MUT_SPLICE_OVERWRITE,
1730 MUT_SPLICE_OVERWRITE,
1731 MUT_SPLICE_OVERWRITE,
1732 MUT_SPLICE_OVERWRITE,
1733 MUT_SPLICE_OVERWRITE,
1734 MUT_SPLICE_OVERWRITE,
1735 MUT_SPLICE_INSERT,
1736 MUT_SPLICE_INSERT,
1737 MUT_SPLICE_INSERT,
1738 MUT_SPLICE_INSERT,
1739 MUT_SPLICE_INSERT,
1740 MUT_SPLICE_INSERT,
1741 MUT_SPLICE_INSERT,
1742 MUT_SPLICE_INSERT,
1743 MUT_SPLICE_INSERT
1744
1745 };
1746
1747 u32 afl_mutate(afl_state_t *, u8 *, u32, u32, bool, bool, u8 *, u32, u32);
1748 u32 choose_block_len(afl_state_t *, u32);
1749
1750 /* Helper to choose random block len for block operations in fuzz_one().
1751 Doesn't return zero, provided that max_len is > 0. */
1752
choose_block_len(afl_state_t * afl,u32 limit)1753 inline u32 choose_block_len(afl_state_t *afl, u32 limit) {
1754
1755 u32 min_value, max_value;
1756 u32 rlim = MIN(afl->queue_cycle, (u32)3);
1757
1758 if (unlikely(!afl->run_over10m)) { rlim = 1; }
1759
1760 switch (rand_below(afl, rlim)) {
1761
1762 case 0:
1763 min_value = 1;
1764 max_value = HAVOC_BLK_SMALL;
1765 break;
1766
1767 case 1:
1768 min_value = HAVOC_BLK_SMALL;
1769 max_value = HAVOC_BLK_MEDIUM;
1770 break;
1771
1772 default:
1773
1774 if (likely(rand_below(afl, 10))) {
1775
1776 min_value = HAVOC_BLK_MEDIUM;
1777 max_value = HAVOC_BLK_LARGE;
1778
1779 } else {
1780
1781 min_value = HAVOC_BLK_LARGE;
1782 max_value = HAVOC_BLK_XL;
1783
1784 }
1785
1786 }
1787
1788 if (min_value >= limit) { min_value = 1; }
1789
1790 return min_value + rand_below(afl, MIN(max_value, limit) - min_value + 1);
1791
1792 }
1793
afl_mutate(afl_state_t * afl,u8 * buf,u32 len,u32 steps,bool is_text,bool is_exploration,u8 * splice_buf,u32 splice_len,u32 max_len)1794 inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
1795 bool is_text, bool is_exploration, u8 *splice_buf,
1796 u32 splice_len, u32 max_len) {
1797
1798 if (!buf || !len) { return 0; }
1799
1800 u32 *mutation_array;
1801 static u8 *tmp_buf = NULL;
1802 static u32 tmp_buf_size = 0;
1803
1804 if (max_len > tmp_buf_size) {
1805
1806 if (tmp_buf) {
1807
1808 u8 *ptr = realloc(tmp_buf, max_len);
1809
1810 if (!ptr) {
1811
1812 return 0;
1813
1814 } else {
1815
1816 tmp_buf = ptr;
1817
1818 }
1819
1820 } else {
1821
1822 if ((tmp_buf = malloc(max_len)) == NULL) { return 0; }
1823
1824 }
1825
1826 tmp_buf_size = max_len;
1827
1828 }
1829
1830 if (is_text) {
1831
1832 if (is_exploration) {
1833
1834 mutation_array = (u32 *)&mutation_strategy_exploration_text;
1835
1836 } else {
1837
1838 mutation_array = (u32 *)&mutation_strategy_exploitation_text;
1839
1840 }
1841
1842 } else {
1843
1844 if (is_exploration) {
1845
1846 mutation_array = (u32 *)&mutation_strategy_exploration_binary;
1847
1848 } else {
1849
1850 mutation_array = (u32 *)&mutation_strategy_exploitation_binary;
1851
1852 }
1853
1854 }
1855
1856 for (u32 step = 0; step < steps; ++step) {
1857
1858 retry_havoc_step: {
1859
1860 u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item;
1861
1862 switch (mutation_array[r]) {
1863
1864 case MUT_FLIPBIT: {
1865
1866 /* Flip a single bit somewhere. Spooky! */
1867 u8 bit = rand_below(afl, 8);
1868 u32 off = rand_below(afl, len);
1869 buf[off] ^= 1 << bit;
1870
1871 break;
1872
1873 }
1874
1875 case MUT_INTERESTING8: {
1876
1877 /* Set byte to interesting value. */
1878
1879 item = rand_below(afl, sizeof(interesting_8));
1880 buf[rand_below(afl, len)] = interesting_8[item];
1881 break;
1882
1883 }
1884
1885 case MUT_INTERESTING16: {
1886
1887 /* Set word to interesting value, little endian. */
1888
1889 if (unlikely(len < 2)) { break; } // no retry
1890
1891 item = rand_below(afl, sizeof(interesting_16) >> 1);
1892 *(u16 *)(buf + rand_below(afl, len - 1)) = interesting_16[item];
1893
1894 break;
1895
1896 }
1897
1898 case MUT_INTERESTING16BE: {
1899
1900 /* Set word to interesting value, big endian. */
1901
1902 if (unlikely(len < 2)) { break; } // no retry
1903
1904 item = rand_below(afl, sizeof(interesting_16) >> 1);
1905 *(u16 *)(buf + rand_below(afl, len - 1)) = SWAP16(interesting_16[item]);
1906
1907 break;
1908
1909 }
1910
1911 case MUT_INTERESTING32: {
1912
1913 /* Set dword to interesting value, little endian. */
1914
1915 if (unlikely(len < 4)) { break; } // no retry
1916
1917 item = rand_below(afl, sizeof(interesting_32) >> 2);
1918 *(u32 *)(buf + rand_below(afl, len - 3)) = interesting_32[item];
1919
1920 break;
1921
1922 }
1923
1924 case MUT_INTERESTING32BE: {
1925
1926 /* Set dword to interesting value, big endian. */
1927
1928 if (unlikely(len < 4)) { break; } // no retry
1929
1930 item = rand_below(afl, sizeof(interesting_32) >> 2);
1931 *(u32 *)(buf + rand_below(afl, len - 3)) = SWAP32(interesting_32[item]);
1932
1933 break;
1934
1935 }
1936
1937 case MUT_ARITH8_: {
1938
1939 /* Randomly subtract from byte. */
1940
1941 item = 1 + rand_below(afl, ARITH_MAX);
1942 buf[rand_below(afl, len)] -= item;
1943 break;
1944
1945 }
1946
1947 case MUT_ARITH8: {
1948
1949 /* Randomly add to byte. */
1950
1951 item = 1 + rand_below(afl, ARITH_MAX);
1952 buf[rand_below(afl, len)] += item;
1953 break;
1954
1955 }
1956
1957 case MUT_ARITH16_: {
1958
1959 /* Randomly subtract from word, little endian. */
1960
1961 if (unlikely(len < 2)) { break; } // no retry
1962
1963 u32 pos = rand_below(afl, len - 1);
1964 item = 1 + rand_below(afl, ARITH_MAX);
1965 *(u16 *)(buf + pos) -= item;
1966
1967 break;
1968
1969 }
1970
1971 case MUT_ARITH16BE_: {
1972
1973 /* Randomly subtract from word, big endian. */
1974
1975 if (unlikely(len < 2)) { break; } // no retry
1976
1977 u32 pos = rand_below(afl, len - 1);
1978 u16 num = 1 + rand_below(afl, ARITH_MAX);
1979 *(u16 *)(buf + pos) = SWAP16(SWAP16(*(u16 *)(buf + pos)) - num);
1980
1981 break;
1982
1983 }
1984
1985 case MUT_ARITH16: {
1986
1987 /* Randomly add to word, little endian. */
1988
1989 if (unlikely(len < 2)) { break; } // no retry
1990
1991 u32 pos = rand_below(afl, len - 1);
1992 item = 1 + rand_below(afl, ARITH_MAX);
1993 *(u16 *)(buf + pos) += item;
1994
1995 break;
1996
1997 }
1998
1999 case MUT_ARITH16BE: {
2000
2001 /* Randomly add to word, big endian. */
2002
2003 if (unlikely(len < 2)) { break; } // no retry
2004
2005 u32 pos = rand_below(afl, len - 1);
2006 u16 num = 1 + rand_below(afl, ARITH_MAX);
2007 *(u16 *)(buf + pos) = SWAP16(SWAP16(*(u16 *)(buf + pos)) + num);
2008
2009 break;
2010
2011 }
2012
2013 case MUT_ARITH32_: {
2014
2015 /* Randomly subtract from dword, little endian. */
2016
2017 if (unlikely(len < 4)) { break; } // no retry
2018
2019 u32 pos = rand_below(afl, len - 3);
2020 item = 1 + rand_below(afl, ARITH_MAX);
2021 *(u32 *)(buf + pos) -= item;
2022
2023 break;
2024
2025 }
2026
2027 case MUT_ARITH32BE_: {
2028
2029 /* Randomly subtract from dword, big endian. */
2030
2031 if (unlikely(len < 4)) { break; } // no retry
2032
2033 u32 pos = rand_below(afl, len - 3);
2034 u32 num = 1 + rand_below(afl, ARITH_MAX);
2035 *(u32 *)(buf + pos) = SWAP32(SWAP32(*(u32 *)(buf + pos)) - num);
2036
2037 break;
2038
2039 }
2040
2041 case MUT_ARITH32: {
2042
2043 /* Randomly add to dword, little endian. */
2044
2045 if (unlikely(len < 4)) { break; } // no retry
2046
2047 u32 pos = rand_below(afl, len - 3);
2048 item = 1 + rand_below(afl, ARITH_MAX);
2049 *(u32 *)(buf + pos) += item;
2050
2051 break;
2052
2053 }
2054
2055 case MUT_ARITH32BE: {
2056
2057 /* Randomly add to dword, big endian. */
2058
2059 if (unlikely(len < 4)) { break; } // no retry
2060
2061 u32 pos = rand_below(afl, len - 3);
2062 u32 num = 1 + rand_below(afl, ARITH_MAX);
2063 *(u32 *)(buf + pos) = SWAP32(SWAP32(*(u32 *)(buf + pos)) + num);
2064
2065 break;
2066
2067 }
2068
2069 case MUT_RAND8: {
2070
2071 /* Just set a random byte to a random value. Because,
2072 why not. We use XOR with 1-255 to eliminate the
2073 possibility of a no-op. */
2074
2075 u32 pos = rand_below(afl, len);
2076 item = 1 + rand_below(afl, 255);
2077 buf[pos] ^= item;
2078 break;
2079
2080 }
2081
2082 case MUT_CLONE_COPY: {
2083
2084 if (likely(len + HAVOC_BLK_XL < max_len)) {
2085
2086 /* Clone bytes. */
2087
2088 u32 clone_len = choose_block_len(afl, len);
2089 u32 clone_from = rand_below(afl, len - clone_len + 1);
2090 u32 clone_to = rand_below(afl, len);
2091
2092 /* Head */
2093
2094 memcpy(tmp_buf, buf, clone_to);
2095
2096 /* Inserted part */
2097
2098 memcpy(tmp_buf + clone_to, buf + clone_from, clone_len);
2099
2100 /* Tail */
2101 memcpy(tmp_buf + clone_to + clone_len, buf + clone_to,
2102 len - clone_to);
2103
2104 len += clone_len;
2105 memcpy(buf, tmp_buf, len);
2106
2107 } else if (unlikely(len < 8)) {
2108
2109 break;
2110
2111 } else {
2112
2113 goto retry_havoc_step;
2114
2115 }
2116
2117 break;
2118
2119 }
2120
2121 case MUT_CLONE_FIXED: {
2122
2123 if (likely(len + HAVOC_BLK_XL < max_len)) {
2124
2125 /* Insert a block of constant bytes (25%). */
2126
2127 u32 clone_len = choose_block_len(afl, HAVOC_BLK_XL);
2128 u32 clone_to = rand_below(afl, len);
2129 u32 strat = rand_below(afl, 2);
2130 u32 clone_from = clone_to ? clone_to - 1 : 0;
2131 item = strat ? rand_below(afl, 256) : buf[clone_from];
2132
2133 /* Head */
2134
2135 memcpy(tmp_buf, buf, clone_to);
2136
2137 /* Inserted part */
2138
2139 memset(tmp_buf + clone_to, item, clone_len);
2140
2141 /* Tail */
2142 memcpy(tmp_buf + clone_to + clone_len, buf + clone_to,
2143 len - clone_to);
2144
2145 len += clone_len;
2146 memcpy(buf, tmp_buf, len);
2147
2148 } else if (unlikely(len < 8)) {
2149
2150 break;
2151
2152 } else {
2153
2154 goto retry_havoc_step;
2155
2156 }
2157
2158 break;
2159
2160 }
2161
2162 case MUT_OVERWRITE_COPY: {
2163
2164 /* Overwrite bytes with a randomly selected chunk bytes. */
2165
2166 if (unlikely(len < 2)) { break; } // no retry
2167
2168 u32 copy_len = choose_block_len(afl, len - 1);
2169 u32 copy_from = rand_below(afl, len - copy_len + 1);
2170 u32 copy_to = rand_below(afl, len - copy_len + 1);
2171
2172 if (likely(copy_from != copy_to)) {
2173
2174 memmove(buf + copy_to, buf + copy_from, copy_len);
2175
2176 }
2177
2178 break;
2179
2180 }
2181
2182 case MUT_OVERWRITE_FIXED: {
2183
2184 /* Overwrite bytes with fixed bytes. */
2185
2186 if (unlikely(len < 2)) { break; } // no retry
2187
2188 u32 copy_len = choose_block_len(afl, len - 1);
2189 u32 copy_to = rand_below(afl, len - copy_len + 1);
2190 u32 strat = rand_below(afl, 2);
2191 u32 copy_from = copy_to ? copy_to - 1 : 0;
2192 item = strat ? rand_below(afl, 256) : buf[copy_from];
2193 memset(buf + copy_to, item, copy_len);
2194
2195 break;
2196
2197 }
2198
2199 case MUT_BYTEADD: {
2200
2201 /* Increase byte by 1. */
2202
2203 buf[rand_below(afl, len)]++;
2204 break;
2205
2206 }
2207
2208 case MUT_BYTESUB: {
2209
2210 /* Decrease byte by 1. */
2211
2212 buf[rand_below(afl, len)]--;
2213 break;
2214
2215 }
2216
2217 case MUT_FLIP8: {
2218
2219 /* Flip byte. */
2220
2221 buf[rand_below(afl, len)] ^= 0xff;
2222 break;
2223
2224 }
2225
2226 case MUT_SWITCH: {
2227
2228 if (unlikely(len < 4)) { break; } // no retry
2229
2230 /* Switch bytes. */
2231
2232 u32 to_end, switch_to, switch_len, switch_from;
2233 switch_from = rand_below(afl, len);
2234 do {
2235
2236 switch_to = rand_below(afl, len);
2237
2238 } while (unlikely(switch_from == switch_to));
2239
2240 if (switch_from < switch_to) {
2241
2242 switch_len = switch_to - switch_from;
2243 to_end = len - switch_to;
2244
2245 } else {
2246
2247 switch_len = switch_from - switch_to;
2248 to_end = len - switch_from;
2249
2250 }
2251
2252 switch_len = choose_block_len(afl, MIN(switch_len, to_end));
2253
2254 /* Backup */
2255
2256 memcpy(tmp_buf, buf + switch_from, switch_len);
2257
2258 /* Switch 1 */
2259
2260 memcpy(buf + switch_from, buf + switch_to, switch_len);
2261
2262 /* Switch 2 */
2263
2264 memcpy(buf + switch_to, tmp_buf, switch_len);
2265
2266 break;
2267
2268 }
2269
2270 case MUT_DEL: {
2271
2272 /* Delete bytes. */
2273
2274 if (unlikely(len < 2)) { break; } // no retry
2275
2276 /* Don't delete too much. */
2277
2278 u32 del_len = choose_block_len(afl, len - 1);
2279 u32 del_from = rand_below(afl, len - del_len + 1);
2280 memmove(buf + del_from, buf + del_from + del_len,
2281 len - del_from - del_len);
2282 len -= del_len;
2283
2284 break;
2285
2286 }
2287
2288 case MUT_SHUFFLE: {
2289
2290 /* Shuffle bytes. */
2291
2292 if (unlikely(len < 4)) { break; } // no retry
2293
2294 u32 blen = choose_block_len(afl, len - 1);
2295 u32 off = rand_below(afl, len - blen + 1);
2296
2297 for (u32 i = blen - 1; i > 0; i--) {
2298
2299 u32 j;
2300 do {
2301
2302 j = rand_below(afl, i + 1);
2303
2304 } while (unlikely(i == j));
2305
2306 u8 temp = buf[off + i];
2307 buf[off + i] = buf[off + j];
2308 buf[off + j] = temp;
2309
2310 }
2311
2312 break;
2313
2314 }
2315
2316 case MUT_DELONE: {
2317
2318 /* Delete bytes. */
2319
2320 if (unlikely(len < 2)) { break; } // no retry
2321
2322 /* Don't delete too much. */
2323
2324 u32 del_len = 1;
2325 u32 del_from = rand_below(afl, len - del_len + 1);
2326 memmove(buf + del_from, buf + del_from + del_len,
2327 len - del_from - del_len);
2328
2329 len -= del_len;
2330
2331 break;
2332
2333 }
2334
2335 case MUT_INSERTONE: {
2336
2337 if (unlikely(len < 2)) { break; } // no retry
2338
2339 u32 clone_len = 1;
2340 u32 clone_to = rand_below(afl, len);
2341 u32 strat = rand_below(afl, 2);
2342 u32 clone_from = clone_to ? clone_to - 1 : 0;
2343 item = strat ? rand_below(afl, 256) : buf[clone_from];
2344
2345 /* Head */
2346
2347 memcpy(tmp_buf, buf, clone_to);
2348
2349 /* Inserted part */
2350
2351 memset(tmp_buf + clone_to, item, clone_len);
2352
2353 /* Tail */
2354 memcpy(tmp_buf + clone_to + clone_len, buf + clone_to, len - clone_to);
2355
2356 len += clone_len;
2357 memcpy(buf, tmp_buf, len);
2358
2359 break;
2360
2361 }
2362
2363 case MUT_ASCIINUM: {
2364
2365 if (unlikely(len < 4)) { break; } // no retry
2366
2367 u32 off = rand_below(afl, len), off2 = off, cnt = 0;
2368
2369 while (off2 + cnt < len && !isdigit(buf[off2 + cnt])) {
2370
2371 ++cnt;
2372
2373 }
2374
2375 // none found, wrap
2376 if (off2 + cnt == len) {
2377
2378 off2 = 0;
2379 cnt = 0;
2380
2381 while (cnt < off && !isdigit(buf[off2 + cnt])) {
2382
2383 ++cnt;
2384
2385 }
2386
2387 if (cnt == off) {
2388
2389 if (len < 8) {
2390
2391 break;
2392
2393 } else {
2394
2395 goto retry_havoc_step;
2396
2397 }
2398
2399 }
2400
2401 }
2402
2403 off = off2 + cnt;
2404 off2 = off + 1;
2405
2406 while (off2 < len && isdigit(buf[off2])) {
2407
2408 ++off2;
2409
2410 }
2411
2412 s64 val = buf[off] - '0';
2413 for (u32 i = off + 1; i < off2; ++i) {
2414
2415 val = (val * 10) + buf[i] - '0';
2416
2417 }
2418
2419 if (off && buf[off - 1] == '-') { val = -val; }
2420
2421 u32 strat = rand_below(afl, 8);
2422 switch (strat) {
2423
2424 case 0:
2425 val++;
2426 break;
2427 case 1:
2428 val--;
2429 break;
2430 case 2:
2431 val *= 2;
2432 break;
2433 case 3:
2434 val /= 2;
2435 break;
2436 case 4:
2437 if (likely(val && (u64)val < 0x19999999)) {
2438
2439 val = (u64)rand_next(afl) % (u64)((u64)val * 10);
2440
2441 } else {
2442
2443 val = rand_below(afl, 256);
2444
2445 }
2446
2447 break;
2448 case 5:
2449 val += rand_below(afl, 256);
2450 break;
2451 case 6:
2452 val -= rand_below(afl, 256);
2453 break;
2454 case 7:
2455 val = ~(val);
2456 break;
2457
2458 }
2459
2460 char numbuf[32];
2461 snprintf(numbuf, sizeof(buf), "%" PRId64, val);
2462 u32 old_len = off2 - off;
2463 u32 new_len = strlen(numbuf);
2464
2465 if (old_len == new_len) {
2466
2467 memcpy(buf + off, numbuf, new_len);
2468
2469 } else {
2470
2471 /* Head */
2472
2473 memcpy(tmp_buf, buf, off);
2474
2475 /* Inserted part */
2476
2477 memcpy(tmp_buf + off, numbuf, new_len);
2478
2479 /* Tail */
2480 memcpy(tmp_buf + off + new_len, buf + off2, len - off2);
2481
2482 len += (new_len - old_len);
2483 memcpy(buf, tmp_buf, len);
2484
2485 }
2486
2487 // fprintf(stderr, "AFTER : %s\n", buf);
2488 break;
2489
2490 }
2491
2492 case MUT_INSERTASCIINUM: {
2493
2494 u32 ins_len = 1 + rand_below(afl, 8);
2495 u32 pos = rand_below(afl, len);
2496
2497 /* Insert ascii number. */
2498 if (unlikely(len < pos + ins_len)) {
2499
2500 // no retry if we have a small input
2501 if (unlikely(len < 8)) {
2502
2503 break;
2504
2505 } else {
2506
2507 goto retry_havoc_step;
2508
2509 }
2510
2511 }
2512
2513 u64 val = rand_next(afl);
2514 char numbuf[32];
2515 snprintf(numbuf, sizeof(numbuf), "%llu", val);
2516 size_t val_len = strlen(numbuf), off;
2517
2518 if (ins_len > val_len) {
2519
2520 ins_len = val_len;
2521 off = 0;
2522
2523 } else {
2524
2525 off = val_len - ins_len;
2526
2527 }
2528
2529 memcpy(buf + pos, numbuf + off, ins_len);
2530
2531 break;
2532
2533 }
2534
2535 case MUT_EXTRA_OVERWRITE: {
2536
2537 if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; }
2538
2539 /* Use the dictionary. */
2540
2541 u32 use_extra = rand_below(afl, afl->extras_cnt);
2542 u32 extra_len = afl->extras[use_extra].len;
2543
2544 if (unlikely(extra_len > len)) { goto retry_havoc_step; }
2545
2546 u32 insert_at = rand_below(afl, len - extra_len + 1);
2547 memcpy(buf + insert_at, afl->extras[use_extra].data, extra_len);
2548
2549 break;
2550
2551 }
2552
2553 case MUT_EXTRA_INSERT: {
2554
2555 if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; }
2556
2557 u32 use_extra = rand_below(afl, afl->extras_cnt);
2558 u32 extra_len = afl->extras[use_extra].len;
2559 if (unlikely(len + extra_len >= max_len)) { goto retry_havoc_step; }
2560
2561 u8 *ptr = afl->extras[use_extra].data;
2562 u32 insert_at = rand_below(afl, len + 1);
2563
2564 /* Tail */
2565 memmove(buf + insert_at + extra_len, buf + insert_at, len - insert_at);
2566
2567 /* Inserted part */
2568 memcpy(buf + insert_at, ptr, extra_len);
2569 len += extra_len;
2570
2571 break;
2572
2573 }
2574
2575 case MUT_AUTO_EXTRA_OVERWRITE: {
2576
2577 if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; }
2578
2579 /* Use the dictionary. */
2580
2581 u32 use_extra = rand_below(afl, afl->a_extras_cnt);
2582 u32 extra_len = afl->a_extras[use_extra].len;
2583
2584 if (unlikely(extra_len > len)) { goto retry_havoc_step; }
2585
2586 u32 insert_at = rand_below(afl, len - extra_len + 1);
2587 memcpy(buf + insert_at, afl->a_extras[use_extra].data, extra_len);
2588
2589 break;
2590
2591 }
2592
2593 case MUT_AUTO_EXTRA_INSERT: {
2594
2595 if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; }
2596
2597 u32 use_extra = rand_below(afl, afl->a_extras_cnt);
2598 u32 extra_len = afl->a_extras[use_extra].len;
2599 if (unlikely(len + extra_len >= max_len)) { goto retry_havoc_step; }
2600
2601 u8 *ptr = afl->a_extras[use_extra].data;
2602 u32 insert_at = rand_below(afl, len + 1);
2603
2604 /* Tail */
2605 memmove(buf + insert_at + extra_len, buf + insert_at, len - insert_at);
2606
2607 /* Inserted part */
2608 memcpy(buf + insert_at, ptr, extra_len);
2609 len += extra_len;
2610
2611 break;
2612
2613 }
2614
2615 case MUT_SPLICE_OVERWRITE: {
2616
2617 if (unlikely(!splice_buf || !splice_len)) { goto retry_havoc_step; }
2618
2619 /* overwrite mode */
2620
2621 u32 copy_from, copy_to, copy_len;
2622
2623 copy_len = choose_block_len(afl, splice_len - 1);
2624
2625 if (copy_len > len) copy_len = len;
2626
2627 copy_from = rand_below(afl, splice_len - copy_len + 1);
2628 copy_to = rand_below(afl, len - copy_len + 1);
2629 memmove(buf + copy_to, splice_buf + copy_from, copy_len);
2630
2631 break;
2632
2633 }
2634
2635 case MUT_SPLICE_INSERT: {
2636
2637 if (unlikely(!splice_buf || !splice_len)) { goto retry_havoc_step; }
2638
2639 if (unlikely(len + HAVOC_BLK_XL >= max_len)) { goto retry_havoc_step; }
2640
2641 /* insert mode */
2642
2643 u32 clone_from, clone_to, clone_len;
2644
2645 clone_len = choose_block_len(afl, splice_len);
2646 clone_from = rand_below(afl, splice_len - clone_len + 1);
2647 clone_to = rand_below(afl, len + 1);
2648
2649 /* Head */
2650
2651 memcpy(tmp_buf, buf, clone_to);
2652
2653 /* Inserted part */
2654
2655 memcpy(tmp_buf + clone_to, splice_buf + clone_from, clone_len);
2656
2657 /* Tail */
2658 memcpy(tmp_buf + clone_to + clone_len, buf + clone_to, len - clone_to);
2659
2660 len += clone_len;
2661 memcpy(buf, tmp_buf, len);
2662
2663 break;
2664
2665 }
2666
2667 }
2668
2669 }
2670
2671 }
2672
2673 return len;
2674
2675 }
2676
2677 #endif /* !AFL_MUTATIONS_H */
2678
2679