diff options
| author | gnbon <kiddo.pwn@gmail.com> | 2024-03-13 12:10:38 +0900 |
|---|---|---|
| committer | gnbon <kiddo.pwn@gmail.com> | 2024-03-13 12:10:38 +0900 |
| commit | c9ad3acc9b69daea5e99b6ef66ed1f593331d474 (patch) | |
| tree | 16398da295660efb375b9ae33a3400b0949fec2e | |
| parent | 775861ea94d00672c9e868db329073afd699b994 (diff) | |
| download | afl++-c9ad3acc9b69daea5e99b6ef66ed1f593331d474.tar.gz | |
Add -l option for adjustable block deletion
- Introduce the -l option to set min block deletion length using
powers of 2 (e.g., 1, 2, 4, 8, 16, ...).
- This enables a trade-off between minimization thoroughness and speed.
- Adjusting del_len_limit allows for faster processing, as doubling it
roughly halves the minimization time.
| -rw-r--r-- | src/afl-tmin.c | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 4e5dab41..03e70a6f 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -82,6 +82,8 @@ static u8 crash_mode, /* Crash-centric mode? */ remove_shm = 1, /* remove shmem on exit? */ debug; /* debug mode */ +static u32 del_len_limit; /* Minimum block deletion length */ + static volatile u8 stop_soon; /* Ctrl-C pressed? */ static afl_forkserver_t *fsrv; @@ -421,6 +423,7 @@ next_pass: del_len = next_pow2(in_len / TRIM_START_STEPS); stage_o_len = in_len; + if (!del_len_limit) { del_len_limit = 1; } ACTF(cBRI "Stage #1: " cRST "Removing blocks of data..."); @@ -480,7 +483,7 @@ next_del_blksize: } - if (del_len > 1 && in_len >= 1) { + if (del_len > del_len_limit && in_len >= 1) { del_len /= 2; goto next_del_blksize; @@ -796,8 +799,9 @@ static void usage(u8 *argv0) { "Minimization settings:\n" " -e - solve for edge coverage only, ignore hit counts\n" - " -x - treat non-zero exit codes as crashes\n\n" - " -H - minimize a hang (hang mode)\n" + " -l bytes - set minimum block deletion length to speed up minimization\n" + " -x - treat non-zero exit codes as crashes\n" + " -H - minimize a hang (hang mode)\n\n" "For additional tips, please consult %s/README.md.\n\n" @@ -829,8 +833,9 @@ static void usage(u8 *argv0) { int main(int argc, char **argv_orig, char **envp) { - s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; + s32 opt; + u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0, + del_limit_given = 0; char **use_argv; char **argv = argv_cpy_dup(argc, argv_orig); @@ -846,7 +851,7 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-tmin" VERSION cRST " by Michal Zalewski\n"); - while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeAOQUWXYHh")) > 0) { + while ((opt = getopt(argc, argv, "+i:o:f:m:t:l:B:xeAOQUWXYHh")) > 0) { switch (opt) { @@ -1055,6 +1060,24 @@ int main(int argc, char **argv_orig, char **envp) { read_bitmap(optarg, mask_bitmap, map_size); break; + case 'l': + if (del_limit_given) { FATAL("Multiple -l options not supported"); } + del_limit_given = 1; + + if (!optarg) { FATAL("Wrong usage of -l"); } + + if (optarg[0] == '-') { FATAL("Dangerously low value of -l"); } + + del_len_limit = atoi(optarg); + + if (del_len_limit < 1 || del_len_limit >= TMIN_MAX_FILE) { + + FATAL("Value of -l out of range between 1 and TMIN_MAX_FILE"); + + } + + break; + case 'h': usage(argv[0]); return -1; |