Hi,
I am reading the paper at: https://arxiv.org/abs/1905.07147 ( Targeted greybox fuzzing with lookahead analysis)
I am trying to understand lookahead analysis page 5 out of 12, in order to compare it with greybox fuzzing. They have provided the algorithm LookAhead i.e. algoithm2 on page 6 which returns twice: (1) once it returns with hash of Pi_pre along with SPs (split points) and (2) in other case it returns with hash of Pi along with SPs. I thing it is invoked using the invocation named as :
LID , SPs ← LookaheadAnalyze ( prog , input ′ , T ).
The returned computer hash is stored in LID. It further says that lookahead analysis assigns more energy to the inputs whose LID is rare as shown below in the following text:
In the above definition, selected(I ) denotes the number of times that
I was selected for fuzzing (line 3 in Alg. 1), and K is a constant (1024
in our implementation). Intuitively, our power schedule assigns
little energy to inputs whose LID is not rare and whose no-targetahead
prefix does not contain any rare split points. Otherwise, it
assigns much more energy, the amount of which depends on how
often the input has been selected for fuzzing before.
I can’t understand where it assigns more energy? It is incrementing the energy but it is done outside the if-block in Algorithm 1.
Somebody please guide how the energy is being incremented.
Zulfi.