Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus

2025-06-10 09:11:34 +00:00 · 2020-01-31 18:49:26 +01:00 · 2020-01-31 18:49:26 +01:00 · f2511a39ae
commit f2511a39ae
parent f5d4618702 4094dcdf88
4 changed files with 31 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -14,8 +14,7 @@
  Repository: [https://github.com/vanhauser-thc/AFLplusplus](https://github.com/vanhauser-thc/AFLplusplus)

  afl++ is maintained by Marc "van Hauser" Heuse <mh@mh-sec.de>,
-  Heiko "hexcoder-" Eißfeldt <heiko.eissfeldt@hexco.de> and
-  Andrea Fioraldi <andreafioraldi@gmail.com>.
+  Heiko "hexcoder-" Eißfeldt <heiko.eissfeldt@hexco.de>, Andrea Fioraldi <andreafioraldi@gmail.com> and Dominik Maier <mail@dmnk.co>.

  Note that although afl now has a Google afl repository [https://github.com/Google/afl](https://github.com/Google/afl),
  it is unlikely to receive any noteable enhancements: [https://twitter.com/Dor3s/status/1154737061787660288](https://twitter.com/Dor3s/status/1154737061787660288)
--- a/llvm_mode/README.cmplog.md
+++ b/llvm_mode/README.cmplog.md
@ -3,17 +3,17 @@
 The CmpLog instrumentation enables the logging of the comparisons operands in a
 shared memory.

-These values can be used by variuous mutator built on top of it.
+These values can be used by various mutators built on top of it.
 At the moment we support the RedQueen mutator (input-2-state instructions only).

 ## Build

-Tou use CmpLog, you have to build two versions of the instrumented target
+To use CmpLog, you have to build two versions of the instrumented target
 program.

-The first, using the regular AFL++ instrumentation.
+The first version is built using the regular AFL++ instrumentation.

-The second, the CmpLog binary, setting AFL_LLVM_CMPLOG during the compilation.
+The second one, the CmpLog binary, with setting AFL_LLVM_CMPLOG during the compilation.

 For example:

@ -30,8 +30,8 @@ cp ./program ./program.cmplog

 ## Use

-AFL++ have the -c option that can be used to specify a CmpLog binary (the second
-built).
+AFL++ has the new -c option that can be used to specify a CmpLog binary (the second
+build).

 For example:

--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@ -237,15 +237,32 @@ void bind_to_free_cpu(void) {
  }

 #elif defined(__FreeBSD__) || defined(__DragonFly__)
-  if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c))
-    PFATAL("pthread_setaffinity failed");
+  if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) {
+ 
+    if (cpu_start == cpu_core_count)
+      PFATAL("pthread_setaffinity failed for cpu %d, exit", i);
+    WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i);
+    cpu_start++;
+    goto try
+      ;
+
+  }
 #elif defined(__NetBSD__)
-if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c))
-  PFATAL("pthread_setaffinity failed");
+if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) {
+ 
+  if (cpu_start == cpu_core_count)
+    PFATAL("pthread_setaffinity failed for cpu %d, exit", i);
+  WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i);
+  cpu_start++;
+  goto try
+    ;
+
+}

 cpuset_destroy(c);
 #else
 // this will need something for other platforms
+// TODO: Solaris/Illumos has processor_bind ... might worth a try
 #endif

 }
--- a/test/test.sh
+++ b/test/test.sh
@ -565,7 +565,7 @@ test -e ../afl-qemu-trace && {

      $ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds"
      {
-        export AFL_QEMU_PERSISTENT_ADDR=0x$(nm test-instr | grep "T main" | awk '{ print $1 }')
+        export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//')`
        export AFL_QEMU_PERSISTENT_GPR=1
        ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1
      } >>errors 2>&1
@ -573,9 +573,8 @@ test -e ../afl-qemu-trace && {
        $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode"
        RUNTIMEP=`grep execs_done out/fuzzer_stats | awk '{print$3}'`
        test -n "$RUNTIME" -a -n "$RUNTIMEP" && {
-          SLOW=`expr $RUNTIME '*' 103` # persistent mode should be at least 3% faster - minimum!
-          FAST=`expr $RUNTIMEP '*' 100`
-          test "$SLOW" -lt "$FAST" && {
+          DIFF=`expr $RUNTIMEP / $RUNTIME`
+          test "$DIFF" -gt 1 && { # must be at least twice as fast
            $ECHO "$GREEN[+] persistent qemu_mode was noticeable faster than standard qemu_mode"
          } || {
            $ECHO "$YELLOW[-] persistent qemu_mode was not noticeable faster than standard qemu_mode"