ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 03:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

add power schedule info

Browse Source
This commit is contained in:
vanhauser-thc
2021-12-29 10:57:37 +01:00
parent b5cb99f6fe
commit 0792cab566
3 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/FAQ.md
View File

@ -180,6 +180,27 @@ If you find an interesting or important question missing, submit it via
[best_practices.md#improving-stability](best_practices.md#improving-stability). [best_practices.md#improving-stability](best_practices.md#improving-stability).
</p></details> </p></details>
<details>
<summary id="what-are-power-schedules">What are power schedules?</summary><p>
Not every item in our queue/corpus is the same, some are more interesting,
others provide little value.
A power schedule measures how "interesting" a value is, and depending on
the calculated value spends more or less time mutating it.
AFL++ comes with several power schedules, initially ported from [AFLFast](https://github.com/mboehme/aflfast)
however modified to be more effective and several more modes added.
The most effective modes are '-p fast` (default) and `-p explore`.
If you fuzz with several parallel afl-fuzz instances, then it is beneficial
to assign a different schedule to each instance, however the majority should
be `fast` and `explore`.
It does not make sense to explain the details of the calculation and
reasoning behind all of the schedules. If you are interested, read the source
code and the AFLFast paper.
## Troubleshooting ## Troubleshooting
<details> <details>

3
docs/fuzzing_in_depth.md
View File

@ -562,7 +562,8 @@ All other secondaries should be used like this:
* a quarter to a third with the MOpt mutator enabled: `-L 0` * a quarter to a third with the MOpt mutator enabled: `-L 0`
* run with a different power schedule, recommended are: * run with a different power schedule, recommended are:
`fast (default), explore, coe, lin, quad, exploit and rare` which you can set `fast (default), explore, coe, lin, quad, exploit and rare` which you can set
with, e.g., `-p explore` with the `-p` option, e.g., `-p explore`. See the [FAQ](FAQ.md#what-are-power-schedules)
for details.
* a few instances should use the old queue cycling with `-Z` * a few instances should use the old queue cycling with `-Z`
Also, it is recommended to set `export AFL_IMPORT_FIRST=1` to load test cases Also, it is recommended to set `export AFL_IMPORT_FIRST=1` to load test cases

2
src/afl-fuzz.c
View File

@ -105,7 +105,7 @@ static void usage(u8 *argv0, int more_help) {
" -p schedule - power schedules compute a seed's performance score:\n" " -p schedule - power schedules compute a seed's performance score:\n"
" fast(default), explore, exploit, seek, rare, mmopt, " " fast(default), explore, exploit, seek, rare, mmopt, "
"coe, lin\n" "coe, lin\n"
" quad -- see docs/power_schedules.md\n" " quad -- see docs/FAQ.md for more information\n"
" -f file - location read by the fuzzed program (default: stdin " " -f file - location read by the fuzzed program (default: stdin "
"or @@)\n" "or @@)\n"
" -t msec - timeout for each run (auto-scaled, default %u ms). " " -t msec - timeout for each run (auto-scaled, default %u ms). "