Extension: Directed Greybox Fuzzing

The directed greybox fuzzing extension built on top of FOT contains two major parts: the static analysis and fuzzing loop. The static part calculates the function/basic block level distance, and instruments the relevant information during the compilation of the binaries. The fuzzing loop deals with the actual fuzzing according to the execution traces of the current seed and the generated basic block trace distance, covered function distance, and the target sites. The workflow is as below.