| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-06-24 | Fix saturated maps & stability cliff in recalibration | David Melski | |
| I have observed two problems: 1. A sudden "stability cliff" where stability drops precipitously. 2. A sudden jump to a 100% saturated "density map". Both issues are due to attempted "recalibration" of a case at the beginning of fuzz_one_original() or mopt_common_fuzzing(). See the comments "CALIBRATION (only if failed earlier on)" in those functions and the subsequent call to calibrate_case(). At those calls to calibrate_case(), afl->fsrv.trace_bits holds trace_bits for a run of the SUT on a prior queue entry. However, calibrate_case() may use the trace_bits as if they apply to the current queue entry (afl->queue_cur). Most often this bug causes the "stability cliff". Trace bits are compared for runs on distinct inputs, which can be very different. The result is a sudden drop in stability. Sometimes it leads to the "saturated map" problem. A saturated density map arises if the trace bits on the previous entry were "simplified" by simplify_trace(). Simplified traces only contain the values 1 and 128. They are meant to be compared against virgin_crashes and virgin_tmouts. However, this bug causes the (stale) simplified trace to be compared against virgin_bits during a call to has_new_bits(), which causes every byte in vigin_bits to be something other than 255. The overall map density is determined by the percentage of bytes not 255, which will be 100%. Worse, AFL++ will be unable to detect novel occurrences of edge counts 1 and 128 going forward. This patch avoids the above issues by clearing q->exec_cksum when calibration fails. Recalibrations are forced to start with a fresh trace on the queue entry. Thanks to @andreafioraldi for suggesting the current, improved patch. | |||
| 2020-06-24 | decrease time to sync for main | van Hauser | |
| 2020-06-24 | add -D option for -S | van Hauser | |
| 2020-06-24 | create .synced/NAMES.last to document last sync attempts | van Hauser | |
| 2020-06-23 | lto whitelist in test.sh | van Hauser | |
| 2020-06-22 | Added rand, hash unittests | Dominik Maier | |
| 2020-06-22 | old compiler fix | van Hauser | |
| 2020-06-22 | shmem support for afl-tmin and afl-showmap | van Hauser | |
| 2020-06-22 | fix afl-cmin.bash | aflpp | |
| 2020-06-22 | allow /tmp | van Hauser | |
| 2020-06-21 | fix unicorn mode for CFLAGS | van Hauser | |
| 2020-06-21 | fix for s=0 | van Hauser | |
| 2020-06-21 | fix for -s 0 | van Hauser | |
| 2020-06-20 | fix libradamsa see issue #419 | hexcoder- | |
| 2020-06-18 | `fault == afl->crash_mode` should be likely | 2019 | |
| Since during normal fuzzing, crash_mode is FSRV_RUN_OK, and fault is also usually FSRV_RUN_OK since most executions are valid executions, thus it should be likely instead of unlikely | |||
| 2020-06-17 | fix displayed schedule | van Hauser | |
| 2020-06-16 | fix for *BSD: remove all HAVE_ARC4RANDOM dependencies | hexcoder- | |
| 2020-06-15 | code format | Dominik Maier | |
| 2020-06-15 | using XX64 for 32 bit hash | Dominik Maier | |
| 2020-06-15 | tidied hash32, unicorn | Dominik Maier | |
| 2020-06-15 | switched to new MOpt dictionary support | van Hauser | |
| 2020-06-15 | improve performance for default power schedule | van Hauser | |
| 2020-06-15 | code format | Dominik Maier | |
| 2020-06-15 | fixed potential bugs | Dominik Maier | |
| 2020-06-14 | Merge pull request #404 from devnexen/haiku_porting | van Hauser | |
| Porting to Haiku. | |||
| 2020-06-14 | Porting to Haiku. | David Carlier | |
| getrusage does not implement resident memory gathering, no shm api neither. | |||
| 2020-06-14 | kill targets on exit | van Hauser | |
| 2020-06-13 | code format | van Hauser | |
| 2020-06-13 | fix shmem | van Hauser | |
| 2020-06-13 | fix typos | van Hauser | |
| 2020-06-13 | fix resize window crash and slightly more performant timed_read | van Hauser | |
| 2020-06-12 | code-format killed the compilation | van Hauser | |
| 2020-06-12 | fix for checksums | van Hauser | |
| 2020-06-12 | switch to faster and better hash + random | van Hauser | |
| 2020-06-12 | shm debug and fixes | van Hauser | |
| 2020-06-12 | fix warnings | van Hauser | |
| 2020-06-12 | added MOpt dictionary support from repo | van Hauser | |
| 2020-06-11 | code format and debug | van Hauser | |
| 2020-06-10 | start of illumos cpu binding implementation. | David Carlier | |
| The current user needs the proc_owner permission, not something doable via the settings script. | |||
| 2020-06-10 | Merge pull request #398 from devnexen/array_subscript_warn_fix | van Hauser | |
| Disable array subscript warning | |||
| 2020-06-09 | Disable array subscript warning | David Carlier | |
| 2020-06-09 | systems w/o affinity support build fix | David Carlier | |
| 2020-06-09 | always set status | Dominik Maier | |
| 2020-06-09 | fix debug output in stats | Dominik Maier | |
| 2020-06-09 | add cpu affinity to fuzzer_stats | van Hauser | |
| 2020-06-09 | code format | Dominik Maier | |
| 2020-06-09 | fixed shmap fuzzing | Dominik Maier | |
| 2020-06-05 | qemu debug | van Hauser | |
| 2020-06-04 | fix cmplog for shmem persistent mode | van Hauser | |
| 2020-06-04 | typo | hexcoder- | |
