ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix AFL_CAL_FAST

Browse Source
This commit is contained in:
vanhauser-thc
2021-06-10 10:25:37 +02:00
parent b8092c6227
commit a7340a1ac6
7 changed files with 18 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/Changelog.md
View File

@ -15,6 +15,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- removed implied -D determinstic from -M main - removed implied -D determinstic from -M main
- if the target becomes unavailable check out out/default/error.txt for - if the target becomes unavailable check out out/default/error.txt for
an indicator why an indicator why
- AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL
- afl-cc - afl-cc
- support partial linking - support partial linking
- We do support llvm versions from 3.8 again - We do support llvm versions from 3.8 again

4
docs/env_variables.md
View File

@ -108,9 +108,6 @@ make fairly broad use of environmental variables instead:
- Setting `AFL_QUIET` will prevent afl-cc and afl-as banners from being - Setting `AFL_QUIET` will prevent afl-cc and afl-as banners from being
displayed during compilation, in case you find them distracting. displayed during compilation, in case you find them distracting.
- Setting `AFL_CAL_FAST` will speed up the initial calibration, if the
application is very slow.
## 2) Settings for LLVM and LTO: afl-clang-fast / afl-clang-fast++ / afl-clang-lto / afl-clang-lto++ ## 2) Settings for LLVM and LTO: afl-clang-fast / afl-clang-fast++ / afl-clang-lto / afl-clang-lto++
The native instrumentation helpers (instrumentation and gcc_plugin) accept a subset The native instrumentation helpers (instrumentation and gcc_plugin) accept a subset
@ -386,6 +383,7 @@ checks or alter some of the more exotic semantics of the tool:
- `AFL_FAST_CAL` keeps the calibration stage about 2.5x faster (albeit less - `AFL_FAST_CAL` keeps the calibration stage about 2.5x faster (albeit less
precise), which can help when starting a session against a slow target. precise), which can help when starting a session against a slow target.
`AFL_CAL_FAST` works too.
- The CPU widget shown at the bottom of the screen is fairly simplistic and - The CPU widget shown at the bottom of the screen is fairly simplistic and
may complain of high load prematurely, especially on systems with low core may complain of high load prematurely, especially on systems with low core

4
include/afl-fuzz.h
View File

@ -478,9 +478,7 @@ typedef struct afl_state {
u32 hang_tmout; /* Timeout used for hang det (ms) */ u32 hang_tmout; /* Timeout used for hang det (ms) */
u8 cal_cycles, /* Calibration cycles defaults */ u8 havoc_stack_pow2, /* HAVOC_STACK_POW2 */
cal_cycles_long, /* Calibration cycles defaults */
havoc_stack_pow2, /* HAVOC_STACK_POW2 */
no_unlink, /* do not unlink cur_input */ no_unlink, /* do not unlink cur_input */
debug, /* Debug mode */ debug, /* Debug mode */
custom_only, /* Custom mutator only mode */ custom_only, /* Custom mutator only mode */

7
src/afl-analyze.c
View File

@ -643,12 +643,14 @@ static void set_up_environment(char **argv) {
} }
fsrv.out_file = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); fsrv.out_file =
alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid());
} }
unlink(fsrv.out_file); unlink(fsrv.out_file);
fsrv.out_fd = open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); fsrv.out_fd =
open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); } if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); }
@ -1118,7 +1120,6 @@ int main(int argc, char **argv_orig, char **envp) {
if (fsrv.target_path) { ck_free(fsrv.target_path); } if (fsrv.target_path) { ck_free(fsrv.target_path); }
if (in_data) { ck_free(in_data); } if (in_data) { ck_free(in_data); }
exit(0); exit(0);
} }

5
src/afl-fuzz-run.c
View File

@ -314,7 +314,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
++q->cal_failed; ++q->cal_failed;
afl->stage_name = "calibration"; afl->stage_name = "calibration";
afl->stage_max = afl->fast_cal ? 3 : CAL_CYCLES; afl->stage_max = afl->afl_env.afl_cal_fast ? 3 : CAL_CYCLES;
/* Make sure the forkserver is up before we do anything, and let's not /* Make sure the forkserver is up before we do anything, and let's not
count its spin-up time toward binary calibration. */ count its spin-up time toward binary calibration. */
@ -403,7 +403,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
} }
var_detected = 1; var_detected = 1;
afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG; afl->stage_max =
afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG;
} else { } else {

9
src/afl-fuzz-state.c
View File

@ -96,8 +96,6 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
afl->splicing_with = -1; /* Splicing with which test case? */ afl->splicing_with = -1; /* Splicing with which test case? */
afl->cpu_to_bind = -1; afl->cpu_to_bind = -1;
afl->havoc_stack_pow2 = HAVOC_STACK_POW2; afl->havoc_stack_pow2 = HAVOC_STACK_POW2;
afl->cal_cycles = CAL_CYCLES;
afl->cal_cycles_long = CAL_CYCLES_LONG;
afl->hang_tmout = EXEC_TIMEOUT; afl->hang_tmout = EXEC_TIMEOUT;
afl->exit_on_time = 0; afl->exit_on_time = 0;
afl->stats_update_freq = 1; afl->stats_update_freq = 1;
@ -341,6 +339,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_cal_fast = afl->afl_env.afl_cal_fast =
get_afl_env(afl_environment_variables[i]) ? 1 : 0; get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_FAST_CAL",
afl_environment_variable_len)) {
afl->afl_env.afl_cal_fast =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_STATSD", } else if (!strncmp(env, "AFL_STATSD",
afl_environment_variable_len)) { afl_environment_variable_len)) {

9
src/afl-fuzz.c
View File

@ -1276,7 +1276,6 @@ int main(int argc, char **argv_orig, char **envp) {
if (get_afl_env("AFL_NO_CPU_RED")) { afl->no_cpu_meter_red = 1; } if (get_afl_env("AFL_NO_CPU_RED")) { afl->no_cpu_meter_red = 1; }
if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; } if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; }
if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; } if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; }
if (get_afl_env("AFL_FAST_CAL")) { afl->fast_cal = 1; }
if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; } if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; }
if (afl->afl_env.afl_autoresume) { if (afl->afl_env.afl_autoresume) {
@ -1489,14 +1488,6 @@ int main(int argc, char **argv_orig, char **envp) {
check_if_tty(afl); check_if_tty(afl);
if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; } if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; }
if (afl->afl_env.afl_cal_fast) {
/* Use less calibration cycles, for slow applications */
afl->cal_cycles = 3;
afl->cal_cycles_long = 5;
}
if (afl->afl_env.afl_custom_mutator_only) { if (afl->afl_env.afl_custom_mutator_only) {
/* This ensures we don't proceed to havoc/splice */ /* This ensures we don't proceed to havoc/splice */