about summary refs log tree commit diff
path: root/src/afl-fuzz-run.c
AgeCommit message (Collapse)Author
2020-09-02ignore unstablevan Hauser
2020-08-18Reworked maybe_grow to take a single ptr, renamed to afl_realloc (#505)Dominik Maier
* maybe_grow takes a single ptr * fixed use_deflate * reworked maybe_grow_bufsize * helper to access underlying buf * remove redundant realloc_block * code format * fixes * added unit tests * renamed maybe_grow to afl_realloc * BUF_PARAMS -> AFL_BUF_PARAM
2020-08-14Revert "Merge branch 'debug' into dev"root
This reverts commit a7537b5511ad767d2240cf2dc6d3e261daa676f9, reversing changes made to 15e799f7ae666418e75c6a79db833c5316b21f97.
2020-08-14Merge branch 'debug' into devvan Hauser
2020-08-12split up __afl_manual_init, added internal AFL_DISABLE_LLVM_INSTRUMENTATION, ↵van Hauser
skipping ctor+ifunc functions for all llvm, code-format
2020-08-12setting attribute hot intelligently gives 0.5% speedvan Hauser
2020-08-11review done, prayvan Hauser
2020-08-11move taint_mode varvan Hauser
2020-08-11cleanup minor issuesvan Hauser
2020-08-11Merge branch 'debug' into taintvan Hauser
2020-08-10fixed minor inconsistencies, reenabled warningsDominik Maier
2020-08-10increase stack sizevan Hauser
2020-08-10fix another segfaultvan Hauser
2020-08-09final touches for first testingvan Hauser
2020-08-09integration in fuzz_onevan Hauser
2020-08-09taint integration donevan Hauser
2020-08-09fixesvan Hauser
2020-08-09changesvan Hauser
2020-08-09code formatvan Hauser
2020-08-09step 1van Hauser
2020-08-07enabled Wextra, fixed bugsDominik Maier
2020-08-05fix short writevan Hauser
2020-07-30fix post process checkvan Hauser
2020-07-30enhance for custom trim buffervan Hauser
2020-07-30Merge pull request #460 from rish9101/devvan Hauser
Add post-process functionality in write_with_gap
2020-07-29Minor change to write_with_gapRishi Ranjan
2020-07-24add -F option to sync to foreign fuzzer queuesvan Hauser
2020-07-23Remove reduntant copying from write_with_gap functionrish9101
2020-07-23Add post-process functionality in write_with_gaprish9101
2020-06-29fix autodictvan Hauser
2020-06-26original fix for calibration errorAndrea Fioraldi
2020-06-25shmem release fixvan Hauser
2020-06-25initialized variableDominik Maier
2020-06-25Merge pull request #425 from dgmelski/fix-recalibrationAndrea Fioraldi
Fix saturated maps & stability cliff in recalibration
2020-06-25add seek power schedule, remove update stats in calibration, fix help outputvan Hauser
2020-06-24Fix saturated maps & stability cliff in recalibrationDavid Melski
I have observed two problems: 1. A sudden "stability cliff" where stability drops precipitously. 2. A sudden jump to a 100% saturated "density map". Both issues are due to attempted "recalibration" of a case at the beginning of fuzz_one_original() or mopt_common_fuzzing(). See the comments "CALIBRATION (only if failed earlier on)" in those functions and the subsequent call to calibrate_case(). At those calls to calibrate_case(), afl->fsrv.trace_bits holds trace_bits for a run of the SUT on a prior queue entry. However, calibrate_case() may use the trace_bits as if they apply to the current queue entry (afl->queue_cur). Most often this bug causes the "stability cliff". Trace bits are compared for runs on distinct inputs, which can be very different. The result is a sudden drop in stability. Sometimes it leads to the "saturated map" problem. A saturated density map arises if the trace bits on the previous entry were "simplified" by simplify_trace(). Simplified traces only contain the values 1 and 128. They are meant to be compared against virgin_crashes and virgin_tmouts. However, this bug causes the (stale) simplified trace to be compared against virgin_bits during a call to has_new_bits(), which causes every byte in vigin_bits to be something other than 255. The overall map density is determined by the percentage of bytes not 255, which will be 100%. Worse, AFL++ will be unable to detect novel occurrences of edge counts 1 and 128 going forward. This patch avoids the above issues by clearing q->exec_cksum when calibration fails. Recalibrations are forced to start with a fresh trace on the queue entry. Thanks to @andreafioraldi for suggesting the current, improved patch.
2020-06-24create .synced/NAMES.last to document last sync attemptsvan Hauser
2020-06-22allow /tmpvan Hauser
2020-06-21fix unicorn mode for CFLAGSvan Hauser
2020-06-13code formatvan Hauser
2020-06-13fix shmemvan Hauser
2020-06-12switch to faster and better hash + randomvan Hauser
2020-06-04fix cmplog for shmem persistent modevan Hauser
2020-06-03switch shmem_len to the mapvan Hauser
2020-06-03OpenBSD: add missing limits.h header for PATH_MAXhexcoder-
2020-06-03code formatvan Hauser
2020-06-02got rid of questionable phrasingDominik Maier
2020-05-31starting shmap support for unicornDominik Maier
2020-05-25persistent mode: shared memory test case transfervan Hauser
2020-05-20better sync - lesser and better importsvan Hauser
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-12 13:11:03 +0000