Skip to content
STIMSMITH

Arithmetic Mutation

Technique

Arithmetic Mutation is a mutation strategy identified in American Fuzzy Lop (AFL). In the provided evidence, it is described as adding or subtracting integers, and it appears alongside bitflip and havoc mutations as one of AFL’s notable mutation types for discovering new behaviors through edge-coverage feedback.

First seen 5/26/2026
Last seen 5/28/2026
Evidence 1 chunks
Wiki v1

WIKI

Overview

Arithmetic Mutation is a fuzzing mutation technique described in the context of American Fuzzy Lop (AFL). AFL is characterized as an out-of-process, coverage-guided grey-box fuzzer. Within AFL’s set of mutations, arithmetic mutation modifies inputs by adding or subtracting integers. [Arithmetic mutation behavior]

Role in AFL

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
AFL ← uses 100% 2e
AFL uses arithmetic mutation to add/subtract integers in the test input.

LINKED ENTITIES

3 links
Bitflip Mutation sibling_mutation_type The evidence lists bitflip mutation alongside arithmetic mutation as a notable AFL mutation.
Havoc Mutation sibling_mutation_type The evidence lists havoc mutation alongside arithmetic mutation as a notable AFL mutation.
Edge Coverage feedback_signal_for_behavior_discovery The evidence states that AFL realizes detection of new behaviors through edge coverage, in the same discussion of AFL mutations including arithmetic mutation.

CITATIONS

4 sources
4 citations — click to collapse
[1] Arithmetic mutation behavior: arithmetic mutation adds or subtracts integers. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[2] AFL notable mutations: AFL uses multiple mutations, including bitflip, arithmetic, and havoc mutations; bitflip flips bits, arithmetic adds/subtracts integers, and havoc combines multiple mutations at random positions. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[3] AFL behavior discovery: AFL detects new behaviors through edge coverage. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[4] AFL execution model: AFL is described as an out-of-process coverage-guided grey-box fuzzer; out-of-process fuzzers reset the whole process and do not require a custom reset function in the software under test; AFL also uses trim mutation to reduce test-vector size without changing measured coverage. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing