Skip to content

Introduce BoolMutator #2926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 1, 2025
Merged

Introduce BoolMutator #2926

merged 1 commit into from
Feb 1, 2025

Conversation

riesentoaster
Copy link
Contributor

@riesentoaster riesentoaster commented Feb 1, 2025
edited
Loading

Useful for complex input types containing booleans in combination with MappingMutators.

@tokatoka tokatoka merged commit 6243b68 into AFLplusplus:main Feb 1, 2025
106 checks passed
@tokatoka
Copy link
Member

tokatoka commented Feb 1, 2025

thank you

@riesentoaster riesentoaster deleted the bool-mutator branch February 2, 2025 02:41
@domenukk
Copy link
Member

domenukk commented Feb 2, 2025

I don't know where (if anywhere?) my comments ended up:
IMHO this guy should be called BoolInvertMutator and we may also want a proper BoolMutator that gets a random bool

@riesentoaster
Copy link
Contributor Author

For any other datatype, I'd agree, but for bools this doesn't make much sense imo. It would result in a mutator that does the same as the current BoolMutator half of the time, and return a constant MutationResult::Skipped the other half.

If you want a mutator that only sometimes works, wrap your mutator in another which will filter some of the invocations.

we may also want a proper BoolMutator that gets a random bool

Or are you thinking about a mutator that somehow receives a bool instead of operating on one? Am I misunderstanding you?

@domenukk
Copy link
Member

domenukk commented Feb 2, 2025

It does make perfect sense, it mutates a bool to a random value. At least rename that dude to BoolInvertMutator to make it clear what it does if you don't want to have a "proper" bool mutator

@domenukk
Copy link
Member

domenukk commented Feb 2, 2025

Can you rename it? :)

@riesentoaster
Copy link
Contributor Author

riesentoaster commented Feb 2, 2025
edited
Loading

To me, mutation implies something changed. And while most other mutators don't guarantee this because of performance reasons (I think we discussed this in another issue at some point), here we can. The randomness in most LibAFL-based fuzzers of whether or not the bool in an input is mutated is provided by the mutation scheduler. And there, any non-trivial implementation (so not just random selection or round-robin) will likely work better if mutation happens consistently, and even for trivial implementation, it will just slow the fuzzer down because additional rounds of mutation need to be done or the target is unnecessarily executed with an unchanged input.

I prefer the simple BoolMutator, since I think it's the correct choice for almost every usecase, but if you want me to be more explicit, I can live with something like BoolInvertMutator.

@riesentoaster riesentoaster restored the bool-mutator branch February 3, 2025 12:00
@riesentoaster riesentoaster deleted the bool-mutator branch February 3, 2025 12:01
@riesentoaster
Copy link
Contributor Author

Can you rename it? :)

#2929

@domenukk
Copy link
Member

domenukk commented Feb 3, 2025

I agree that BoolMutator can be both: "Just change that bool" (i.e., invert) or "Randomize that bool"..
So thanks for renaming this dude anyway, it makes it more clear what is happening, in any case.
We could have one "BoolRandMutator" then (if needed), that actually randomizes it and has a clear name as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@riesentoaster @tokatoka @domenukk