Add new mutation strategy - callSeqGenFuncDuplicateAtRandom

The function duplicates a call sequence element at index N and places it
at index N+1 if N is not equal to one less the length of the sequence.
Otherwise, the duplicate is placed at index N-1.

Author: s4nsec

Diff for: fuzzing/fuzzer_worker_sequence_generator.go

@@ -2,12 +2,11 @@ package fuzzing
 
 import (
 	"fmt"
-	"math/big"
-
 	"github.com/crytic/medusa/fuzzing/calls"
 	"github.com/crytic/medusa/fuzzing/valuegeneration"
 	"github.com/crytic/medusa/utils"
 	"github.com/crytic/medusa/utils/randomutils"
+	"math/big"
 )
 
 // CallSequenceGenerator generates call sequences iteratively per element, for use in fuzzing campaigns. It is attached
@@ -164,6 +163,13 @@ func NewCallSequenceGenerator(worker *FuzzerWorker, config *CallSequenceGenerato
 			},
 			new(big.Int).SetUint64(config.RandomMutatedCorpusTailWeight),
 		),
+		randomutils.NewWeightedRandomChoice(
+			CallSequenceGeneratorMutationStrategy{
+				CallSequenceGeneratorFunc: callSeqGenFuncDuplicateAtRandom,
+				PrefetchModifyCallFunc:    prefetchModifyCallFuncMutate,
+			},
+			new(big.Int).SetUint64(config.RandomMutatedCorpusTailWeight),
+		),
 		randomutils.NewWeightedRandomChoice(
 			CallSequenceGeneratorMutationStrategy{
 				CallSequenceGeneratorFunc: callSeqGenFuncSpliceAtRandom,
@@ -368,6 +374,22 @@ func callSeqGenFuncCorpusTail(sequenceGenerator *CallSequenceGenerator, sequence
 	return nil
 }
 
+// callSeqGenFuncDuplicateAtRandom is a CallSequenceGeneratorFunc which prepares a CallSequenceGenerator to generate a sequence
+// which duplicates a call sequence element at index N and inserts it at N+1
+// if random index is len(sequence)-1, it inserts the duplicated call sequence element at N-1
+func callSeqGenFuncDuplicateAtRandom(sequenceGenerator *CallSequenceGenerator, sequence calls.CallSequence) error {
+	randIndex := sequenceGenerator.worker.randomProvider.Intn(len(sequence))
+	duplicatedElement := sequence[randIndex]
+
+	if randIndex == len(sequence)-1 {
+		sequence[randIndex-1] = duplicatedElement
+	} else {
+		sequence[randIndex+1] = duplicatedElement
+	}
+
+	return nil
+}
+
 // callSeqGenFuncSpliceAtRandom is a CallSequenceGeneratorFunc which prepares a CallSequenceGenerator to generate a
 // sequence which is based off of two corpus call sequence entries, from which a random length head and tail are
 // respectively sliced and joined together.