diff options
| author | vanhauser-thc <vh@thc.org> | 2023-08-13 11:44:37 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2023-08-13 11:44:37 +0200 |
| commit | 4d8d8633ff39cda2f1d48b66c45e5ae6cd2af477 (patch) | |
| tree | 560cd4925a215b0677de488b97aacd4ba161eb00 /docs | |
| parent | 26f29fd485efaa08824c27501f82caeea525b5e3 (diff) | |
| download | afl++-4d8d8633ff39cda2f1d48b66c45e5ae6cd2af477.tar.gz | |
update faq
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/FAQ.md | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md index 9275eb94..242a379b 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -29,8 +29,8 @@ If you find an interesting or important question missing, submit it via which then implemented their own research and features, making it now by far the most flexible and feature rich guided fuzzer available as open source. And in independent fuzzing benchmarks it is one of the best fuzzers available, - e.g., [Fuzzbench - Report](https://www.fuzzbench.com/reports/2020-08-03/index.html). + e.g., + [Fuzzbench Report](https://www.fuzzbench.com/reports/2020-08-03/index.html). </p></details> <details> @@ -103,6 +103,42 @@ If you find an interesting or important question missing, submit it via to itself, this too would be an edge. </p></details> +<details> + <summary id="should-you-ever-stop-afl-fuzz-minimize-the-corpus-and-restart">Should you ever stop afl-fuzz, minimize the corpus and restart?</summary><p> + + To stop afl-fuzz, minimize it's corpus and restart you would usually do: + + ``` + Control-C # to terminate afl-fuzz + $ afl-cmin -T nproc -i out/default/queue -o minimized_queue -- ./target + $ AFL_FAST_CAL=1 AFL_CMPLOG_ONLY_NEW=1 afl-fuzz -i minimized_queue -o out2 [other options] -- ./target + ``` + + If this improves fuzzing or not is debated and no consensus has been reached + or in-depth analysis been performed. + + On the pro side: + * The queue/corpus is reduced (up to 20%) by removing intermediate paths + that are maybe not needed anymore. + + On the con side: + * Fuzzing time is lost for the time the fuzzing is stopped, minimized and + restarted. + + The the big question: + * Does a minimized queue/corpus improve finding new coverage or does it + hinder it? + + The AFL++ team's own limited analysis seem to to show that keeping + intermediate paths help to find more coverage, at least for afl-fuzz. + + For honggfuzz in comparison it is a good idea to restart it from time to + time if you have other fuzzers (e.g: AFL++) running in parallel to sync + the finds of other fuzzers to honggfuzz as it has no syncing feature like + AFL++ or libfuzzer. + +</p></details> + ## Targets <details> |