* Pure Python (3.6) port of benchmark.sh as benchmark.py, no other changes
* Test standard and persistent modes separately
* Add support for multi-core benchmarking
* Save the results to a json file
* Allow config of all experiment params, average across runs
* Add start_time_of_run and total_execs_per_sec, cleanup for PR
* benchmark: cleanup, add results, add a data exploration notebook
* benchmark: add a README, lower default runs from 5 to 3
* benchmark: notebook wording tweaks
* copy 'detect_leaks=0' from ASAN to LSAN
fix for issue #1733, set "detect_leaks=0" when ASAN_OPTIONS contains it and LSAN_OPTIONS are not set.
* fix of fix: make sure ASAN_OPTIONS and LSAN_OPTIONS agree on leak detection
* fix lsan fix
* clang-format 16->17
* Add missing initialisation for havoc_queued during the custom mutator's stage.
* fix dictionary and cmin
* Use direct call to write to OpenBSD
The linker on OpenBSD emits a warning when linking this file:
warning: syscall() may go away, please rewrite code to use direct calls
* Fix possible doc inconsistency for custom mutator's queue_get function.
* update todos
* benchmark: Add support for COMPARISON file
* benchmark: show the number of cores used in COMPARISON
* benchmark: lower minimum Python version to 3.8
* benchmark: use afl's execs/s; increase CPU model width
* benchmark: disallow duplicate entries for the same CPU in COMPARISON
* Update benchmark.py
* fix inf in stats
* Fix benchmark.py
* missing closing parenthesis
* Update benchmark.py
* benchmark: remove self-calculation of execs/sec
* benchmark: update COMPARISON
* benchmark: Update Jupyter notebook and results file.
* benchmark: rename afl_execs_per_sec to execs_per_sec
* benchmark: update README
* update
* add benchmark
* nits
* add benchmarks
* Update unicornafl ref
* Pass correct Nyx ID when creating a Nyx runner
* Fix typo in docker pull command, add exampe to mount current dir as volume (#1914)
* mini fix
* add custom_post_run.c
* update afl-fuzz-run
* update python module
* format code
* update
* merge function
* changes
* code format
* improve cmplog
* nit
* nit
* fix
* fix
* Stop hardcoding the path /usr/local/lib/afl in afl-ld-lto.c and respect the configured PREFIX.
* Add benchmark for Raspberry Pi 5
* ryzen 5950 benchmark
* add missing raspery5
* comparison -> comparison.md
* removing options "-Wl,-rpath" "LLVM_LIBDIR" when using gcc
* fixing -Wl,-rpath=<LLVM_LIBDIR>
* nits
* fix
* afl-cc fixes
* nit
* add n_fuzz to ignore_timeouts
* fix
* Fix#1927
* in-depth blog post
* add AFL_FUZZER_LOOPCOUNT
* AFL_FUZZER_LOOPCOUNT
* fix 2 mutation bugs
* v4.09c release
* v4.10a init
* switch to explore powerschedule as default
* fix MUT_INSERTASCIINUM
* fix MUT_STRATEGY_ARRAY_SIZE
* fix bad fix for MUT_STRATEGY_ARRAY_SIZE
* remove afl-network-client on uninstall
* update nyx
* Improve binary-only related docs
* llvm 18 build fixes.
* code format
* Fix custom_send link
Add a leading '/' to walk in the repo root instead of current dir.
* Use ../ instead
* initial simple injection detection support
* inject docs
* fix for issue #1916, iLLVM crash in split-floatingpoint-compares
* LLVM 17 bug workaround
* finish injection implementation
* remove tmp todo
* update changelog
* forgot to add the injection pass
* Output afl-clang-fast stuffs only if necessary (#1912)
* afl-cc header
* afl-cc common declarations
- Add afl-cc-state.c
- Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c
- Use debugf_args in main
- Modify execvp stuffs to fit new aflcc struct
* afl-cc show usage
* afl-cc mode selecting
1. compiler_mode by callname in argv[0]
2. compiler_mode by env "AFL_CC_COMPILER"
3. compiler_mode/instrument_mode by command line options "--afl-..."
4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT"
5. final checking steps
6. print "... - mode: %s-%s\n"
7. determine real argv[0] according to compiler_mode
* afl-cc macro defs
* afl-cc linking behaviors
* afl-cc fsanitize behaviors
* afl-cc misc
* afl-cc body update
* afl-cc all-in-one
formated with custom-format.py
* nits
---------
Co-authored-by: vanhauser-thc <vh@thc.org>
* changelog
* update grammar mutator
* lto llvm 12+
* docs(custom_mutators): fix missing ':' (#1953)
* Fix broken LTO mode and response file support (#1948)
* Strip `-Wl,-no-undefined` during compilation (#1952)
Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`.
Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix).
* Remove dead code in write_to_testcase (#1955)
The custom_mutators_count check in if case is duplicate with if condition.
The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed.
Signed-off-by: Xeonacid <h.dwwwwww@gmail.com>
* update qemuafl
* WIP: Add ability to generate drcov trace using QEMU backend (#1956)
* Document new drcov QEMU plugin
* Add link to lightkeeper for QEMU drcov file loading
---------
Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com>
* code format
* changelog
* sleep on uid != 0 afl-system-config
* fix segv about skip_next, warn on unsupported cases of linking options (#1958)
* todos
* ensure afl-cc only allows available compiler modes
* update grammar mutator
* disable aslr on apple
* fix for arm64
* help selective instrumentation
* typos
* macos
* add compiler test script
* apple fixes
---------
Signed-off-by: Xeonacid <h.dwwwwww@gmail.com>
Co-authored-by: Chris Ball <chris@printf.net>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
Co-authored-by: hexcoder- <heiko@hexco.de>
Co-authored-by: Manuel Carrasco <m.carrasco@imperial.ac.uk>
Co-authored-by: Jasper Lievisse Adriaanse <j@jasper.la>
Co-authored-by: ifyGecko <26214995+ifyGecko@users.noreply.github.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com>
Co-authored-by: Carlo Maragno <ste.maragno@gmail.com>
Co-authored-by: yangzao <yangzaocn@outlook.com>
Co-authored-by: Romain Geissler <romain.geissler@amadeus.com>
Co-authored-by: Jakob Lell <jakob@jakoblell.com>
Co-authored-by: vincenzo MEZZELA <vincenzo.mezzela@amadeus.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: Bet4 <0xbet4@gmail.com>
Co-authored-by: David Carlier <devnexen@gmail.com>
Co-authored-by: Xeonacid <h.dwwwwww@gmail.com>
Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com>
Co-authored-by: Nils Bars <nils.bars@rub.de>
Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com>
Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com>
* Refactored split compare pass to be more efficient in LTO usage and allow splitting to other minimum bitwidths.
Efficiency: avoid looping over the whole llvm module N times, when once is also enough.
Bitwidth: Previously, due to fallthrough in switch-case, all comparisons were split to 8-bit, which might not be desirable e.g., 16 or 32 bit might be enough. So now all comparison are split until they are smaller or equal to the target bitwidth, which is controlled through the `AFL_LLVM_LAF_SPLIT_COMPARES_BITW` environment variable.
* fixed miscompilation due to incorrectly trying to split a signed comparison operator
* minor formatting updates and use IRBuilder when inserting multiple instructions
* added @hexcoder-'s test-int_cases.c to make test
* Avoid recursion; switch to smallvector in splitAndSimplify; use switch case for icmp type;
* Fixed issue when splitting < where the inverse comparison was not further split
* some cleanup
