* FASAN Support
* Fix handling of Address Sanitizer DSO
* Changes to identification of Address Sanitizer DSO
Co-authored-by: Your Name <you@example.com>
* Variable AFL_EXIT_ON_TIME description has been added.
Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added.
afl->exit_on_time variable initialization has been added.
The asignment of a value to the afl->afl_env.afl_exit_on_time variable from
environment variables has been added.
Code to exit on timeout if new path not found has been added.
* Type of afl_exit_on_time variable has been changed.
Variable exit_on_time has been added to the afl_state_t structure.
* Command `export AFL_EXIT_WHEN_DONE=1` has been added.
* Millisecond to second conversion has been added.
Call get_cur_time() has been added.
* Revert to using the saved current time value.
* Useless check has been removed.
* Added x64 support for persistent mode (function call only), in-memory teest cases and complog
* Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC
* Various minor fixes and finished support for AFL_INST_LIBS
* Review changes
Co-authored-by: Your Name <you@example.com>
variable AFL_USE_LSAN.
AFL_USE_LSAN introduces the macro __AFL_CHECK_LEAK() which will check
for a memory leak when the macro is run. This is especially helpful
when using __AFL_LOOP().
If __AFL_LEAK_CHECK() is not used when AFL_USE_LSAN=1 is set,
the leak checker will run when the program exits.
In QEMU mode (-Q), setting AFL_QEMU_CUSTOM_BIN cause afl-fuzz to skip
prepending afl-qemu-trace to your command line. Use this if you wish to use a
custom afl-qemu-trace or if you need to modify the afl-qemu-trace arguments.
This environment variable allows rejection of
specific regions from instrumentation.
It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES,
so it can be used to poke a "hole" in previously included sections.
* Adding AFL_KILL_SIGNAL environment variable
Controlling the kill signal used to end forked processes.
* Checking validity of AFL_KILL_SIGNAL env variable
This commit also sets a valid value in the environment to avoid
duplicating code in at_exit(). Changing data type of
fsrv->kill_signal to u8 to match last_kill_signal.
* Adding afl_kill_signal to AFL (environment) state
This commit simply introduces a struct member for future use. The
env variable is not used from the afl struct but from fsrv, where
its validity is checked, resulting in a FATAL in case of errors.
When we started using AFL, it did not have an integrated GCC plugin.
There was one proposed by Austin Seipp, but for various reasons we
ended up using some of its infrastructure (runtime and wrapper), but
writing the GCC plugin proper from scratch.
With AFL++'s renewed interest in a GCC plugin, we rebased ours, with
some features that are or were missing in the one that was integrated:
* efficient, fully-functional inline and out-of-line instrumentation
Inline instrumentation was work in progress in the original plugin.
Controlled by AFL_GCC_OUT_OF_LINE.
* reproducible instrumentation
Obey -frandom-seed for pseudorandom number generation.
* licensing clarity and strict compliance
GPLv3+ for the plugin, that uses GCC internals; add a copy of the
license, as required.
* allow/deny list support
Copied and adjusted from the LLVM plugin implementation.
* neverZero support
Not as compact as the asm-wrapper version, but likely more efficient.
Both are quite thread-unsafe, with different caveats.
Controlled with AFL_GCC_SKIP_NEVERZERO.
