mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 11:08:06 +00:00
add AFL_TRY_AFFINITY
This commit is contained in:
vanhauser-thc
@ -50,6 +50,7 @@ RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 0
|
|||||||
|
|
||||||
ENV LLVM_CONFIG=llvm-config-12
|
ENV LLVM_CONFIG=llvm-config-12
|
||||||
ENV AFL_SKIP_CPUFREQ=1
|
ENV AFL_SKIP_CPUFREQ=1
|
||||||
|
ENV AFL_TRY_AFFINITY=1
|
||||||
ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
|
ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
|
||||||
|
|
||||||
RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov /afl-cov
|
RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov /afl-cov
|
||||||
|
|||||||
@ -679,8 +679,8 @@ If you see that an important area or a feature has not been covered so far then
|
|||||||
try to find an input that is able to reach that and start a new secondary in
|
try to find an input that is able to reach that and start a new secondary in
|
||||||
that fuzzing campaign with that seed as input, let it run for a few minutes,
|
that fuzzing campaign with that seed as input, let it run for a few minutes,
|
||||||
then terminate it. The main node will pick it up and make it available to the
|
then terminate it. The main node will pick it up and make it available to the
|
||||||
other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` if you have no
|
other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` or
|
||||||
free core.
|
`export AFL_TRY_AFFINITY=1` if you have no free core.
|
||||||
|
|
||||||
Note that you in nearly all cases can never reach full coverage. A lot of
|
Note that you in nearly all cases can never reach full coverage. A lot of
|
||||||
functionality is usually behind options that were not activated or fuzz e.g.
|
functionality is usually behind options that were not activated or fuzz e.g.
|
||||||
|
|||||||
@ -33,10 +33,12 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
|
|||||||
- added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in
|
- added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in
|
||||||
-i dir crashes the target or results in a timeout. By default
|
-i dir crashes the target or results in a timeout. By default
|
||||||
afl++ ignores these and uses them for splicing instead.
|
afl++ ignores these and uses them for splicing instead.
|
||||||
- added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after
|
- added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing
|
||||||
no new paths have been found for n seconds
|
after no new paths have been found for n seconds
|
||||||
- when AFL_FAST_CAL is set a variable path will no be calibrated 8 times
|
- when AFL_FAST_CAL is set a variable path will no be calibrated
|
||||||
instead of 40
|
8 times instead of 40
|
||||||
|
- added AFL_TRY_AFFINITY to try to bind to CPUs but don't error if
|
||||||
|
it fails
|
||||||
- afl-cc:
|
- afl-cc:
|
||||||
- We do not support llvm versions prior 6.0 anymore
|
- We do not support llvm versions prior 6.0 anymore
|
||||||
- Fix for -pie compiled binaries with default afl-clang-fast PCGUARD
|
- Fix for -pie compiled binaries with default afl-clang-fast PCGUARD
|
||||||
|
|||||||
@ -312,6 +312,9 @@ checks or alter some of the more exotic semantics of the tool:
|
|||||||
on Linux systems. This slows things down, but lets you run more instances
|
on Linux systems. This slows things down, but lets you run more instances
|
||||||
of afl-fuzz than would be prudent (if you really want to).
|
of afl-fuzz than would be prudent (if you really want to).
|
||||||
|
|
||||||
|
- Setting `AFL_TRY_AFFINITY` tries to attempts to bind to a specific CPU core
|
||||||
|
on Linux systems, but will not terminate if it fails.
|
||||||
|
|
||||||
- Setting `AFL_NO_AUTODICT` will not load an LTO generated auto dictionary
|
- Setting `AFL_NO_AUTODICT` will not load an LTO generated auto dictionary
|
||||||
that is compiled into the target.
|
that is compiled into the target.
|
||||||
|
|
||||||
|
|||||||
@ -385,7 +385,7 @@ typedef struct afl_env_vars {
|
|||||||
afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one,
|
afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one,
|
||||||
afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast,
|
afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast,
|
||||||
afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new,
|
afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new,
|
||||||
afl_exit_on_seed_issues;
|
afl_exit_on_seed_issues, afl_try_affinity;
|
||||||
|
|
||||||
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
|
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
|
||||||
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,
|
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,
|
||||||
|
|||||||
@ -120,6 +120,7 @@ static char *afl_environment_variables[] = {
|
|||||||
"AFL_LLVM_INSTRUMENT_FILE",
|
"AFL_LLVM_INSTRUMENT_FILE",
|
||||||
"AFL_LLVM_SKIP_NEVERZERO",
|
"AFL_LLVM_SKIP_NEVERZERO",
|
||||||
"AFL_NO_AFFINITY",
|
"AFL_NO_AFFINITY",
|
||||||
|
"AFL_TRY_AFFINITY",
|
||||||
"AFL_LLVM_LTO_STARTID",
|
"AFL_LLVM_LTO_STARTID",
|
||||||
"AFL_LLVM_LTO_DONTWRITEID",
|
"AFL_LLVM_LTO_DONTWRITEID",
|
||||||
"AFL_NO_ARITH",
|
"AFL_NO_ARITH",
|
||||||
|
|||||||
@ -113,7 +113,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
|
|||||||
u8 lockfile[PATH_MAX] = "";
|
u8 lockfile[PATH_MAX] = "";
|
||||||
s32 i;
|
s32 i;
|
||||||
|
|
||||||
if (afl->afl_env.afl_no_affinity) {
|
if (afl->afl_env.afl_no_affinity && !afl->afl_env.afl_try_affinity) {
|
||||||
|
|
||||||
if (afl->cpu_to_bind != -1) {
|
if (afl->cpu_to_bind != -1) {
|
||||||
|
|
||||||
@ -130,10 +130,21 @@ void bind_to_free_cpu(afl_state_t *afl) {
|
|||||||
|
|
||||||
if (!bind_cpu(afl, afl->cpu_to_bind)) {
|
if (!bind_cpu(afl, afl->cpu_to_bind)) {
|
||||||
|
|
||||||
FATAL(
|
if (afl->afl_env.afl_try_affinity) {
|
||||||
"Could not bind to requested CPU %d! Make sure you passed a valid "
|
|
||||||
"-b.",
|
WARNF(
|
||||||
afl->cpu_to_bind);
|
"Could not bind to requested CPU %d! Make sure you passed a valid "
|
||||||
|
"-b.",
|
||||||
|
afl->cpu_to_bind);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
FATAL(
|
||||||
|
"Could not bind to requested CPU %d! Make sure you passed a valid "
|
||||||
|
"-b.",
|
||||||
|
afl->cpu_to_bind);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -420,11 +431,14 @@ void bind_to_free_cpu(afl_state_t *afl) {
|
|||||||
"Uh-oh, looks like all %d CPU cores on your system are allocated to\n"
|
"Uh-oh, looks like all %d CPU cores on your system are allocated to\n"
|
||||||
" other instances of afl-fuzz (or similar CPU-locked tasks). "
|
" other instances of afl-fuzz (or similar CPU-locked tasks). "
|
||||||
"Starting\n"
|
"Starting\n"
|
||||||
" another fuzzer on this machine is probably a bad plan, but if "
|
" another fuzzer on this machine is probably a bad plan.\n"
|
||||||
"you are\n"
|
"%s",
|
||||||
" absolutely sure, you can set AFL_NO_AFFINITY and try again.\n",
|
afl->cpu_core_count,
|
||||||
afl->cpu_core_count);
|
afl->afl_env.afl_try_affinity ? ""
|
||||||
FATAL("No more free CPU cores");
|
: " If you are sure, you can set "
|
||||||
|
"AFL_NO_AFFINITY and try again.\n");
|
||||||
|
|
||||||
|
if (!afl->afl_env.afl_try_affinity) { FATAL("No more free CPU cores"); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -202,6 +202,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
|
|||||||
afl->afl_env.afl_no_affinity =
|
afl->afl_env.afl_no_affinity =
|
||||||
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
|
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
|
||||||
|
|
||||||
|
} else if (!strncmp(env, "AFL_TRY_AFFINITY",
|
||||||
|
|
||||||
|
afl_environment_variable_len)) {
|
||||||
|
|
||||||
|
afl->afl_env.afl_try_affinity =
|
||||||
|
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
|
||||||
|
|
||||||
} else if (!strncmp(env, "AFL_SKIP_CRASHES",
|
} else if (!strncmp(env, "AFL_SKIP_CRASHES",
|
||||||
|
|
||||||
afl_environment_variable_len)) {
|
afl_environment_variable_len)) {
|
||||||
|
|||||||
@ -220,6 +220,7 @@ static void usage(u8 *argv0, int more_help) {
|
|||||||
" then they are randomly selected instead all of them being\n"
|
" then they are randomly selected instead all of them being\n"
|
||||||
" used. Defaults to 200.\n"
|
" used. Defaults to 200.\n"
|
||||||
"AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n"
|
"AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n"
|
||||||
|
"AFL_TRY_AFFINITY: try to bind to an unused core, but don't fail if unsuccessful\n"
|
||||||
"AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
|
"AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
|
||||||
"AFL_NO_AUTODICT: do not load an offered auto dictionary compiled into a target\n"
|
"AFL_NO_AUTODICT: do not load an offered auto dictionary compiled into a target\n"
|
||||||
"AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
|
"AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
|
||||||
|
|||||||
Reference in New Issue
Block a user