Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007612OCamlback end (clambda to assembly)public2017-08-25 11:242017-10-11 11:21
Assigned Tostedolan 
PlatformOSOS Version
Product Version4.05.0 
Target Version4.06.0 +dev/beta1/beta2/rc1Fixed in Version 
Summary0007612: afl-fuzz reports 16.00% stability for a simple constant object expression
DescriptionThe program:

let () = (fun () -> ignore (object end))

should behave the same every time it is run. Instead, AFL reports: "stability : 16.00%"

The AFL docs say:

> If a program always behaves the same for the same input data, it will earn a score of 100%.

I believe this means that AFL thinks it is finding new paths when it isn't, making the fuzzing inefficient.

Stephen Dolan said ( [^]):

> Hmm. Looking at the Cmm, that program does indeed seem to have some state (!)
There's a lazily initialised table per class, and a branch to see whether it has already been initialised.
> The bug is indeed the lazy initialisation of classes being picked up by afl-fuzz, and the fix is to ensure that this code is not instrumented. However, class initialisation is pretty hairy, with a bunch of different paths depending on whether the class closes over values, etc.
Steps To Reproducedocker run --rm -it ocaml/opam:debian-9_ocaml-4.05.0
opam sw 4.05.0+afl
eval `opam config env`
opam install afl-persistent
ocamlfind ocamlopt -package afl-persistent -linkpkg
sudo apt-get install afl --no-install-recommends
mkdir in; echo > in/empty
afl-fuzz -i in -o out ./a.out

AFL reports "stability : 16.00%"
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
stedolan (developer)
2017-09-15 17:55

Thanks for the report. Github PR here: [^]
xleroy (administrator)
2017-10-11 11:21

GPR merged in 4.06

- Issue History
Date Modified Username Field Change
2017-08-25 11:24 talex New Issue
2017-09-15 17:55 stedolan Note Added: 0018264
2017-09-30 10:47 xleroy Assigned To => stedolan
2017-09-30 10:47 xleroy Status new => assigned
2017-09-30 10:47 xleroy Target Version => 4.06.0 +dev/beta1/beta2/rc1
2017-10-11 11:21 xleroy Note Added: 0018541
2017-10-11 11:21 xleroy Status assigned => resolved
2017-10-11 11:21 xleroy Resolution open => fixed

Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker