ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-18 04:38:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

deterministic fuzzing and -z

Browse Source
This commit is contained in:
vanhauser-thc
2024-02-03 13:31:31 +01:00
parent 68dc4829b3
commit d85722a4f6
3 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/Changelog.md
View File

@ -3,6 +3,11 @@
This is the list of all noteworthy changes made in every public This is the list of all noteworthy changes made in every public
release of the tool. See README.md for the general instruction manual. release of the tool. See README.md for the general instruction manual.
### Version ++4.20a (dev)
- afl-fuzz:
- the new deterministic fuzzing feature is now activated by default,
deactivate with -z. Parameters -d and -D are ignored.
### Version ++4.10c (release) ### Version ++4.10c (release)
- afl-fuzz: - afl-fuzz:
- default power schedule is now EXPLORE, due a fix in fast schedules - default power schedule is now EXPLORE, due a fix in fast schedules

2
src/afl-fuzz-state.c
View File

@ -102,7 +102,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
afl->stats_update_freq = 1; afl->stats_update_freq = 1;
afl->stats_file_update_freq_msecs = STATS_UPDATE_SEC * 1000; afl->stats_file_update_freq_msecs = STATS_UPDATE_SEC * 1000;
afl->stats_avg_exec = 0; afl->stats_avg_exec = 0;
afl->skip_deterministic = 1; afl->skip_deterministic = 0;
afl->sync_time = SYNC_TIME; afl->sync_time = SYNC_TIME;
afl->cmplog_lvl = 2; afl->cmplog_lvl = 2;
afl->min_length = 1; afl->min_length = 1;

19
src/afl-fuzz.c
View File

@ -170,7 +170,6 @@ static void usage(u8 *argv0, int more_help) {
" -g minlength - set min length of generated fuzz input (default: 1)\n" " -g minlength - set min length of generated fuzz input (default: 1)\n"
" -G maxlength - set max length of generated fuzz input (default: " " -G maxlength - set max length of generated fuzz input (default: "
"%lu)\n" "%lu)\n"
" -D - enable (a new) effective deterministic fuzzing\n"
" -L minutes - use MOpt(imize) mode and set the time limit for " " -L minutes - use MOpt(imize) mode and set the time limit for "
"entering the\n" "entering the\n"
" pacemaker mode (minutes of no new finds). 0 = " " pacemaker mode (minutes of no new finds). 0 = "
@ -213,7 +212,8 @@ static void usage(u8 *argv0, int more_help) {
" -F path - sync to a foreign fuzzer queue directory (requires " " -F path - sync to a foreign fuzzer queue directory (requires "
"-M, can\n" "-M, can\n"
" be specified up to %u times)\n" " be specified up to %u times)\n"
// " -d - skip deterministic fuzzing in -M mode\n" " -z - skip the enhanced deterministic fuzzing\n"
" (note that the old -d and -D flags are ignored.)\n"
" -T text - text banner to show on the screen\n" " -T text - text banner to show on the screen\n"
" -I command - execute this command/script when a new crash is " " -I command - execute this command/script when a new crash is "
"found\n" "found\n"
@ -955,20 +955,15 @@ int main(int argc, char **argv_orig, char **envp) {
break; break;
case 'D': /* partial deterministic */ case 'd':
case 'D': /* old deterministic */
afl->skip_deterministic = 0; WARNF("Parameters -d and -D are deprecated, a new enhanced deterministic fuzzing is active by default, to disable it use -z");
break; break;
case 'd': /* no deterministic */ case 'z': /* no deterministic */
// this is the default and currently a lot of infrastructure enforces afl->skip_deterministic = 1;
// it (e.g. clusterfuzz, fuzzbench) based on that this feature
// originally was bad performance wise. We now have a better
// implementation, hence if it is activated, we do not want to
// deactivate it by such setups.
// afl->skip_deterministic = 1;
break; break;
case 'B': /* load bitmap */ case 'B': /* load bitmap */