mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 02:58:08 +00:00
add -b option to afl-fuzz
This commit is contained in:
van Hauser
@ -15,6 +15,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
|
|||||||
- afl-fuzz:
|
- afl-fuzz:
|
||||||
- added -F option to allow -M main fuzzers to sync to foreign fuzzers,
|
- added -F option to allow -M main fuzzers to sync to foreign fuzzers,
|
||||||
e.g. honggfuzz or libfuzzer
|
e.g. honggfuzz or libfuzzer
|
||||||
|
- added -b option to bind to a specific CPU
|
||||||
- eliminated CPU affinity race condition for -S/-M runs
|
- eliminated CPU affinity race condition for -S/-M runs
|
||||||
- expanded havoc mode added, on no cycle finds add extra splicing and
|
- expanded havoc mode added, on no cycle finds add extra splicing and
|
||||||
MOpt into the mix
|
MOpt into the mix
|
||||||
|
|||||||
@ -545,7 +545,8 @@ typedef struct afl_state {
|
|||||||
u64 total_bitmap_size, /* Total bit count for all bitmaps */
|
u64 total_bitmap_size, /* Total bit count for all bitmaps */
|
||||||
total_bitmap_entries; /* Number of bitmaps counted */
|
total_bitmap_entries; /* Number of bitmaps counted */
|
||||||
|
|
||||||
s32 cpu_core_count; /* CPU core count */
|
s32 cpu_core_count, /* CPU core count */
|
||||||
|
cpu_to_bind; /* bind to specific CPU */
|
||||||
|
|
||||||
#ifdef HAVE_AFFINITY
|
#ifdef HAVE_AFFINITY
|
||||||
s32 cpu_aff; /* Selected CPU core */
|
s32 cpu_aff; /* Selected CPU core */
|
||||||
|
|||||||
@ -53,6 +53,13 @@ void bind_to_free_cpu(afl_state_t *afl) {
|
|||||||
u8 cpu_used[4096] = {0}, lockfile[PATH_MAX] = "";
|
u8 cpu_used[4096] = {0}, lockfile[PATH_MAX] = "";
|
||||||
u32 i;
|
u32 i;
|
||||||
|
|
||||||
|
if (afl->cpu_to_bind != -1) {
|
||||||
|
|
||||||
|
i = afl->cpu_to_bind;
|
||||||
|
goto set_cpu;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if (afl->sync_id) {
|
if (afl->sync_id) {
|
||||||
|
|
||||||
s32 lockfd, first = 1;
|
s32 lockfd, first = 1;
|
||||||
@ -295,20 +302,23 @@ void bind_to_free_cpu(afl_state_t *afl) {
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
||||||
|
if (afl->cpu_to_bind != -1)
|
||||||
|
FATAL("bind to CPU #%d failed!", afl->cpu_to_bind);
|
||||||
|
|
||||||
#if !defined(__ANDROID__)
|
#if !defined(__ANDROID__)
|
||||||
|
|
||||||
for (i = cpu_start; i < afl->cpu_core_count; i++) {
|
for (i = cpu_start; i < afl->cpu_core_count; i++) {
|
||||||
|
|
||||||
if (!cpu_used[i]) { break; }
|
if (!cpu_used[i]) { break; }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (i == afl->cpu_core_count) {
|
if (i == afl->cpu_core_count) {
|
||||||
|
|
||||||
#else
|
#else
|
||||||
|
|
||||||
for (i = afl->cpu_core_count - cpu_start - 1; i > -1; i--)
|
for (i = afl->cpu_core_count - cpu_start - 1; i > -1; i--)
|
||||||
if (!cpu_used[i]) break;
|
if (!cpu_used[i]) break;
|
||||||
if (i == -1) {
|
if (i == -1) {
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
@ -327,6 +337,8 @@ void bind_to_free_cpu(afl_state_t *afl) {
|
|||||||
|
|
||||||
OKF("Found a free CPU core, try binding to #%u.", i);
|
OKF("Found a free CPU core, try binding to #%u.", i);
|
||||||
|
|
||||||
|
set_cpu:
|
||||||
|
|
||||||
afl->cpu_aff = i;
|
afl->cpu_aff = i;
|
||||||
|
|
||||||
#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__)
|
#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__)
|
||||||
|
|||||||
@ -94,6 +94,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
|
|||||||
afl->havoc_div = 1; /* Cycle count divisor for havoc */
|
afl->havoc_div = 1; /* Cycle count divisor for havoc */
|
||||||
afl->stage_name = "init"; /* Name of the current fuzz stage */
|
afl->stage_name = "init"; /* Name of the current fuzz stage */
|
||||||
afl->splicing_with = -1; /* Splicing with which test case? */
|
afl->splicing_with = -1; /* Splicing with which test case? */
|
||||||
|
afl->cpu_to_bind = -1;
|
||||||
|
|
||||||
#ifdef HAVE_AFFINITY
|
#ifdef HAVE_AFFINITY
|
||||||
afl->cpu_aff = -1; /* Selected CPU core */
|
afl->cpu_aff = -1; /* Selected CPU core */
|
||||||
|
|||||||
@ -143,6 +143,8 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
|
|||||||
//" -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap
|
//" -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap
|
||||||
//" "file\n"
|
//" "file\n"
|
||||||
" -C - crash exploration mode (the peruvian rabbit thing)\n"
|
" -C - crash exploration mode (the peruvian rabbit thing)\n"
|
||||||
|
" -b cpu_id - bind the fuzzing process to the specified CPU core "
|
||||||
|
"(0-...)\n"
|
||||||
" -e ext - file extension for the fuzz test input file (if "
|
" -e ext - file extension for the fuzz test input file (if "
|
||||||
"needed)\n\n",
|
"needed)\n\n",
|
||||||
argv0, EXEC_TIMEOUT, MEM_LIMIT, FOREIGN_SYNCS_MAX);
|
argv0, EXEC_TIMEOUT, MEM_LIMIT, FOREIGN_SYNCS_MAX);
|
||||||
@ -271,9 +273,9 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
|
|
||||||
afl->shmem_testcase_mode = 1; // we always try to perform shmem fuzzing
|
afl->shmem_testcase_mode = 1; // we always try to perform shmem fuzzing
|
||||||
|
|
||||||
while ((opt = getopt(argc, argv,
|
while ((opt = getopt(
|
||||||
"+c:i:I:o:f:F:m:t:T:dDnCB:S:M:x:QNUWe:p:s:V:E:L:hRP:")) >
|
argc, argv,
|
||||||
0) {
|
"+b:c:i:I:o:f:F:m:t:T:dDnCB:S:M:x:QNUWe:p:s:V:E:L:hRP:")) > 0) {
|
||||||
|
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
|
|
||||||
@ -281,6 +283,17 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
afl->infoexec = optarg;
|
afl->infoexec = optarg;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'b': { /* bind CPU core */
|
||||||
|
|
||||||
|
if (afl->cpu_to_bind != -1) FATAL("Multiple -b options not supported");
|
||||||
|
|
||||||
|
if (sscanf(optarg, "%u", &afl->cpu_to_bind) < 0 || optarg[0] == '-')
|
||||||
|
FATAL("Bad syntax used for -b");
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
case 'c': {
|
case 'c': {
|
||||||
|
|
||||||
afl->shm.cmplog_mode = 1;
|
afl->shm.cmplog_mode = 1;
|
||||||
|
|||||||
Reference in New Issue
Block a user