* afl++ -> AFL++
* update readme
* more debug
* slightly different weighting algo (#1719)
* better seed selection
* slightly different weighting calculation
* remove unnecessary memset
* Add "Hangs saved" to afl-whatsup (#1717)
The hangs could show long or infinite loops. This is important.
Co-authored-by: van Hauser <vh@thc.org>
* nits
* afl-showmap: Start a only a single fork server (#1718)
A forkserver is started by afl_fsrv_get_mapsize() when dynamically
finding the map size. When an input directory option is specified a
second fork server was also started. This commit re-arranges the inits
for several forkserver struct members so that we can re-use the server
started by the get_mapsize() call when not in coresight/qemu/unicorn
modes and just start the server otherwise.
* Source Code Coverage support for Nyx (Part 1) (#1720)
* Additional source code reformatting in afl-compiler-rt
* Add source code coverage support to afl-compiler-rt (for use with Nyx)
* doc, code format
* llvm 17 changes
* more llvm 17
* add frida mode tutorial
* fix effector map
* docs
* Should memset EFF_ALEN(len) of eff_map (#1722)
* fix reallocs
* fix afl-system-config for macos
* afl-fuzz.c: Document -i - in --help (#1725)
afl-fuzz.c: Document `-i -` in `--help`, to write that `-i` can be passed '-' to resume the prior fuzzing job. Also reference AFL_AUTORESUME so users know they can set that parameter to sidestep the issue entirely.
* tritondse custom mutator attempt
* tritondse fixes
* update libnyx (#1727)
* GNUmakefile: Update LLVM instructions (#1728)
Update LLVM instructions, because versions higher than 14 are supported and to be explicit that LLD is also required
* disable macos in the ci, works fine for me
* fix makefile
* better tritondse support
* next steps for tritondse
* qemuafl: Persistent mode for PPC32 targets
* update qemu_mode
* afl-clang-lto incomptable with -flto=thin
* add @responsefile support for afl-cc
---------
Co-authored-by: fxlb <devel.fx.lebail@orange.fr>
Co-authored-by: Nick Potenski <nick.potenski@garmin.com>
Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Moshe Kaplan <me@moshekaplan.com>
Co-authored-by: Sergej Schumilo <sergej@schumilo.de>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
When using TRACEPC instrumentation, loading code dynamically (e.g.
through dlopen()) it can be useful to completely ignore the loaded code,
esp. when it cannot be preloaded and is not the target to be tested.
This patch allows setting AFL_LLVM_IGNORE_PROBLEMS_COVERAGE=1 to do so.
This commit contains the following changes:
- Call `waitpid()` on the child and the fork server when terminating the
fuzzer; thus, we do not end up with zombies.
- Rename `fsrv.kill_signal` to `fsrv.child_kill_signal`, since the
documentation states that the signal is used to terminate the *child*.
- Use SIGTERM instead of fsrv.(child)_kill_signal, thus the fork server
can always reap the child.
