ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 18:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

update fuzzing in depth

Browse Source
This commit is contained in:
vanhauser-thc
2022-04-08 23:10:35 +02:00
parent e9288bcfad
commit d8317182ef
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/fuzzing_in_depth.md
View File

@ -911,16 +911,17 @@ normal fuzzing campaigns as these are much shorter runnings.
* Keep the generated corpus, use afl-cmin and reuse it every time! * Keep the generated corpus, use afl-cmin and reuse it every time!
2. Additionally randomize the AFL++ compilation options, e.g.: 2. Additionally randomize the AFL++ compilation options, e.g.:
* 40% for `AFL_LLVM_CMPLOG` * 30% for `AFL_LLVM_CMPLOG`
* 10% for `AFL_LLVM_LAF_ALL` * 5% for `AFL_LLVM_LAF_ALL`
3. Also randomize the afl-fuzz runtime options, e.g.: 3. Also randomize the afl-fuzz runtime options, e.g.:
* 65% for `AFL_DISABLE_TRIM` * 65% for `AFL_DISABLE_TRIM`
* 50% for `AFL_KEEP_TIMEOUTS`
* 50% use a dictionary generated by `AFL_LLVM_DICT2FILE` * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE`
* 40% use MOpt (`-L 0`) * 40% use MOpt (`-L 0`)
* 40% for `AFL_EXPAND_HAVOC_NOW` * 40% for `AFL_EXPAND_HAVOC_NOW`
* 20% for old queue processing (`-Z`) * 20% for old queue processing (`-Z`)
* for CMPLOG targets, 60% for `-l 2`, 40% for `-l 3` * for CMPLOG targets, 70% for `-l 2`, 10% for `-l 3`, 20% for `-l 2AT`
4. Do *not* run any `-M` modes, just running `-S` modes is better for CI 4. Do *not* run any `-M` modes, just running `-S` modes is better for CI
fuzzing. `-M` enables old queue handling etc. which is good for a fuzzing fuzzing. `-M` enables old queue handling etc. which is good for a fuzzing