ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Exit on time (#904)

Browse Source 
* Variable AFL_EXIT_ON_TIME description has been added.
Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added.
afl->exit_on_time variable initialization has been added.
The asignment of a value to the afl->afl_env.afl_exit_on_time variable from
environment variables has been added.
Code to exit on timeout if new path not found has been added.

* Type of afl_exit_on_time variable has been changed.
Variable exit_on_time has been added to the afl_state_t structure.

* Command `export AFL_EXIT_WHEN_DONE=1` has been added.

* Millisecond to second conversion has been added.
Call get_cur_time() has been added.

* Revert to using the saved current time value.

* Useless check has been removed.
This commit is contained in:
Roman M. Iudichev
2021-05-07 18:32:17 +03:00
committed by GitHub
parent 2fd9629478
commit 069e61dfc6
8 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/env_variables.md
View File

@ -284,6 +284,10 @@ checks or alter some of the more exotic semantics of the tool:
normally indicated by the cycle counter in the UI turning green. May be normally indicated by the cycle counter in the UI turning green. May be
convenient for some types of automated jobs. convenient for some types of automated jobs.
- `AFL_EXIT_ON_TIME` Causes afl-fuzz to terminate if no new paths were
found within a specified period of time. May be convenient for some
types of automated jobs.
- `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour
which does not allow crashes or timeout seeds in the initial -i corpus. which does not allow crashes or timeout seeds in the initial -i corpus.

5
include/afl-fuzz.h
View File

@ -392,7 +392,7 @@ typedef struct afl_env_vars {
*afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
*afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size,
*afl_testcache_entries, *afl_kill_signal, *afl_target_env, *afl_testcache_entries, *afl_kill_signal, *afl_target_env,
*afl_persistent_record; *afl_persistent_record, *afl_exit_on_time;
} afl_env_vars_t; } afl_env_vars_t;
@ -575,7 +575,8 @@ typedef struct afl_state {
last_sync_cycle, /* Cycle no. of the last sync */ last_sync_cycle, /* Cycle no. of the last sync */
last_path_time, /* Time for most recent path (ms) */ last_path_time, /* Time for most recent path (ms) */
last_crash_time, /* Time for most recent crash (ms) */ last_crash_time, /* Time for most recent crash (ms) */
last_hang_time; /* Time for most recent hang (ms) */ last_hang_time, /* Time for most recent hang (ms) */
exit_on_time; /* Delay to exit if no new paths */
u32 slowest_exec_ms, /* Slowest testcase non hang in ms */ u32 slowest_exec_ms, /* Slowest testcase non hang in ms */
subseq_tmouts; /* Number of timeouts in a row */ subseq_tmouts; /* Number of timeouts in a row */

1
include/envs.h
View File

@ -49,6 +49,7 @@ static char *afl_environment_variables[] = {
"AFL_DUMB_FORKSRV", "AFL_DUMB_FORKSRV",
"AFL_ENTRYPOINT", "AFL_ENTRYPOINT",
"AFL_EXIT_WHEN_DONE", "AFL_EXIT_WHEN_DONE",
"AFL_EXIT_ON_TIME",
"AFL_EXIT_ON_SEED_ISSUES", "AFL_EXIT_ON_SEED_ISSUES",
"AFL_FAST_CAL", "AFL_FAST_CAL",
"AFL_FORCE_UI", "AFL_FORCE_UI",

8
src/afl-fuzz-state.c
View File

@ -99,6 +99,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
afl->cal_cycles = CAL_CYCLES; afl->cal_cycles = CAL_CYCLES;
afl->cal_cycles_long = CAL_CYCLES_LONG; afl->cal_cycles_long = CAL_CYCLES_LONG;
afl->hang_tmout = EXEC_TIMEOUT; afl->hang_tmout = EXEC_TIMEOUT;
afl->exit_on_time = 0;
afl->stats_update_freq = 1; afl->stats_update_freq = 1;
afl->stats_avg_exec = 0; afl->stats_avg_exec = 0;
afl->skip_deterministic = 1; afl->skip_deterministic = 1;
@ -187,6 +188,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_exit_when_done = afl->afl_env.afl_exit_when_done =
get_afl_env(afl_environment_variables[i]) ? 1 : 0; get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_EXIT_ON_TIME",
afl_environment_variable_len)) {
afl->afl_env.afl_exit_on_time =
(u8 *) get_afl_env(afl_environment_variables[i]);
} else if (!strncmp(env, "AFL_NO_AFFINITY", } else if (!strncmp(env, "AFL_NO_AFFINITY",
afl_environment_variable_len)) { afl_environment_variable_len)) {

10
src/afl-fuzz-stats.c
View File

@ -574,6 +574,16 @@ void show_stats(afl_state_t *afl) {
} }
/* AFL_EXIT_ON_TIME. */
if (unlikely(afl->last_path_time && !afl->non_instrumented_mode &&
afl->afl_env.afl_exit_on_time &&
(cur_ms - afl->last_path_time) > afl->exit_on_time)) {
afl->stop_soon = 2;
}
if (unlikely(afl->total_crashes && afl->afl_env.afl_bench_until_crash)) { if (unlikely(afl->total_crashes && afl->afl_env.afl_bench_until_crash)) {
afl->stop_soon = 2; afl->stop_soon = 2;

8
src/afl-fuzz.c
View File

@ -204,6 +204,7 @@ static void usage(u8 *argv0, int more_help) {
"AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DISABLE_TRIM: disable the trimming of test cases\n"
"AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
"AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
"AFL_EXIT_ON_TIME: exit when no new paths are found within the specified time period\n"
"AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n" "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n"
"AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n" "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
"AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n" "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
@ -1246,6 +1247,13 @@ int main(int argc, char **argv_orig, char **envp) {
} }
if (afl->afl_env.afl_exit_on_time) {
u64 exit_on_time = atoi(afl->afl_env.afl_exit_on_time);
afl->exit_on_time = (u64)exit_on_time * 1000;
}
if (afl->afl_env.afl_max_det_extras) { if (afl->afl_env.afl_max_det_extras) {
s32 max_det_extras = atoi(afl->afl_env.afl_max_det_extras); s32 max_det_extras = atoi(afl->afl_env.afl_max_det_extras);

1
test/test-performance.sh
View File

@ -18,6 +18,7 @@ export AFL_QUIET=1
export AFL_PATH=`pwd`/.. export AFL_PATH=`pwd`/..
unset AFL_EXIT_WHEN_DONE unset AFL_EXIT_WHEN_DONE
unset AFL_EXIT_ON_TIME
unset AFL_SKIP_CPUFREQ unset AFL_SKIP_CPUFREQ
unset AFL_DEBUG unset AFL_DEBUG
unset AFL_HARDEN unset AFL_HARDEN

1
test/test-pre.sh
View File

@ -62,6 +62,7 @@ $ECHO \\101 2>&1 | grep -qE '^A' || {
test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; }
export AFL_EXIT_WHEN_DONE=1 export AFL_EXIT_WHEN_DONE=1
export AFL_EXIT_ON_TIME=60
export AFL_SKIP_CPUFREQ=1 export AFL_SKIP_CPUFREQ=1
export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
unset AFL_NO_X86 unset AFL_NO_X86