From 540de896e346694dd6df03bf4b3676388b53fecf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 14 Oct 2019 11:08:25 +0200 Subject: more time for test case --- TODO | 1 + 1 file changed, 1 insertion(+) (limited to 'TODO') diff --git a/TODO b/TODO index 40828168..696e9372 100644 --- a/TODO +++ b/TODO @@ -4,6 +4,7 @@ Roadmap 2.55d: afl-fuzz: - radamsa mutator + - test the libmutator actually works and does not run infinite (need an example though) gcc_plugin: - needs to be rewritten -- cgit 1.4.1 From 97f5ce52d129c460e4a8af3d55aefd05092a79a9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 15 Oct 2019 16:48:05 +0200 Subject: v2.57c release --- README.md | 7 ++++--- TODO | 4 ++-- docs/ChangeLog | 9 +++++---- include/config.h | 2 +- 4 files changed, 12 insertions(+), 10 deletions(-) (limited to 'TODO') diff --git a/README.md b/README.md index bf8f69dc..f0e6faef 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # american fuzzy lop plus plus (afl++) - Release Version: 2.54c + Release Version: 2.57c - Github Version: 2.54d + Github Version: 2.57d includes all necessary/interesting changes from Google's afl 2.56b @@ -22,7 +22,7 @@ ## The enhancements compared to the original stock afl Many improvements were made over the official afl release - which did not - get any improvements since November 2017. + get any feature improvements since November 2017. Among other changes afl++ has a more performant llvm_mode, supports llvm up to version 9, QEMU 3.1, more speed and crashfixes for QEMU, @@ -103,6 +103,7 @@ These build options exist: * distrib: everything (for both binary-only and source code fuzzing) * install: installs everything you have compiled with the build options above * clean: cleans everything. for qemu_mode and unicorn_mode it means it deletes all downloads as well +* tests: runs test cases to ensure that all features are still working as they should * help: shows these build options [Unless you are on Mac OS X](https://developer.apple.com/library/archive/qa/qa1118/_index.html) you can also build statically linked versions of the diff --git a/TODO b/TODO index 696e9372..3ca13d6e 100644 --- a/TODO +++ b/TODO @@ -1,6 +1,6 @@ -Roadmap 2.55d: -============== +Roadmap 2.60: +============= afl-fuzz: - radamsa mutator diff --git a/docs/ChangeLog b/docs/ChangeLog index 7ccc8b66..aafb7bff 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -13,12 +13,13 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ----------------------- -Version ++2.54d (dev): ----------------------- +-------------------------------- +Version ++2.54d-2.57c (release): +-------------------------------- + - we jump to 2.57 instead of 2.55 to catch up with Google's versioning - persistent mode for QEMU (see qemu_mode/README.md) - - custom mutator library is now a standard mutator, to exclusivly use it + - custom mutator library is now an additional mutator, to exclusivly use it add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour) - new library qemu_mode/unsigaction which filters sigaction events - afl-fuzz: new command line option -I to execute a command on a new crash diff --git a/include/config.h b/include/config.h index f2732ad4..d331cd93 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ -#define VERSION "++2.54d" // c = release, d = volatile github dev +#define VERSION "++2.57c" // c = release, d = volatile github dev /****************************************************** * * -- cgit 1.4.1 From be6bc155ebd891eebd21eac8982784e7f2be4f41 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Oct 2019 11:28:32 +0200 Subject: v2.58c --- Makefile | 9 ++++++++- README.md | 18 +++++++++--------- TODO | 5 +---- docs/ChangeLog | 14 ++++++++------ gcc_plugin/README.gcc.md | 4 ---- gcc_plugin/README.whitelist.md | 3 +-- include/config.h | 2 +- 7 files changed, 28 insertions(+), 27 deletions(-) (limited to 'TODO') diff --git a/Makefile b/Makefile index cfcd0890..87c7cdef 100644 --- a/Makefile +++ b/Makefile @@ -104,6 +104,13 @@ man: $(MANPAGES) tests: source-only @cd test ; ./test.sh +performance-tests: performance-test +test-performance: performance-test + +performance-test: source-only + @cd test ; ./test-performance.sh + + help: @echo "HELP --- the following make targets exist:" @echo "==========================================" @@ -307,7 +314,7 @@ install: all $(MANPAGES) install -m 755 $(PROGS) $(SH_PROGS) $${DESTDIR}$(BIN_PATH) rm -f $${DESTDIR}$(BIN_PATH)/afl-as if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi - #if [ -f afl-gcc-fast ]; then set e; install -m 755 afl-gcc-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-gcc-fast $${DESTDIR}$(BIN_PATH)/afl-g++-fast; install -m 755 afl-gcc-pass.so afl-gcc-rt.o $${DESTDIR}$(HELPER_PATH); fi + if [ -f afl-gcc-fast ]; then set e; install -m 755 afl-gcc-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-gcc-fast $${DESTDIR}$(BIN_PATH)/afl-g++-fast; install -m 755 afl-gcc-pass.so afl-gcc-rt.o $${DESTDIR}$(HELPER_PATH); fi ifndef AFL_TRACE_PC if [ -f afl-clang-fast -a -f libLLVMInsTrim.so -a -f afl-llvm-rt.o ]; then set -e; install -m 755 afl-clang-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang-fast++; install -m 755 libLLVMInsTrim.so afl-llvm-pass.so afl-llvm-rt.o $${DESTDIR}$(HELPER_PATH); fi else diff --git a/README.md b/README.md index f0e6faef..4b9537d2 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # american fuzzy lop plus plus (afl++) - Release Version: 2.57c + Release Version: 2.58c - Github Version: 2.57d + Github Version: 2.58d includes all necessary/interesting changes from Google's afl 2.56b @@ -52,13 +52,13 @@ A more thorough list is available in the PATCHES file. - | Feature/Instrumentation | LLVM | GCC | QEMU | Unicorn | - | ----------------------- |:----:|:---:|:----:| -------:| - | laf-intel / CompCov | x | | x | x | - | NeverZero | x(1)| x | x | x | - | Persistent mode | x | | x | | - | Whitelist | x | | | | - | InsTrim | x | | | | + | Feature/Instrumentation | AFL-GCC | LLVM_MODE | GCC_PLUGIN | QEMU_MODE | Unicorn | + | ----------------------- |:-------:|:---------:|:----------:|:---------:|:-------:| + | laf-intel / CompCov | | x | | x | x | + | NeverZero | X | x(1) | | x | x | + | Persistent mode | | x | X | x | | + | Whitelist | | x | X | | | + | InsTrim | | x | | | | (1) only in LLVM >= 9.0 due to a bug in llvm in previous versions diff --git a/TODO b/TODO index 3ca13d6e..f2642b1a 100644 --- a/TODO +++ b/TODO @@ -7,11 +7,8 @@ afl-fuzz: - test the libmutator actually works and does not run infinite (need an example though) gcc_plugin: - - needs to be rewritten - - whitelist support - - skip over uninteresting blocks - - laf-intel - neverZero + - laf-intel qemu_mode: - update to 4.x (probably this will be skipped :( ) diff --git a/docs/ChangeLog b/docs/ChangeLog index 46b9e330..c2d46e4d 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -13,14 +13,16 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ----------------------- -Version ++2.57d (dev): ----------------------- +-------------------------- +Version ++2.58c (release): +-------------------------- - - reverted patch to not unlink and recreate the input file, it resulted in performance loss + - reverted patch to not unlink and recreate the input file, it resulted in + performance loss of ~10% - added test/test-performance.sh script - - (re)added gcc_plugin, fast inline instrumentation is not yet finished - - added gcc_plugin tests + - (re)added gcc_plugin, fast inline instrumentation is not yet finished, + however it includes the whitelisting and persistance feature! by hexcoder- + - gcc_plugin tests added to testing framework -------------------------------- diff --git a/gcc_plugin/README.gcc.md b/gcc_plugin/README.gcc.md index 2e19e911..676ef427 100644 --- a/gcc_plugin/README.gcc.md +++ b/gcc_plugin/README.gcc.md @@ -156,7 +156,3 @@ depending on whether the input loop is being entered for the first time or executed again. To avoid spurious warnings, the feature implies AFL_NO_VAR_CHECK and hides the "variable path" warnings in the UI. -PS. Because there are task switches still involved, the mode isn't as fast as -"pure" in-process fuzzing offered, say, by LLVM's LibFuzzer; but it is a lot -faster than the normal fork() model, and compared to in-process fuzzing, -should be a lot more robust. diff --git a/gcc_plugin/README.whitelist.md b/gcc_plugin/README.whitelist.md index bcc02693..8ad2068d 100644 --- a/gcc_plugin/README.whitelist.md +++ b/gcc_plugin/README.whitelist.md @@ -6,8 +6,7 @@ Using afl++ with partial instrumentation that are interesting to you using the gcc instrumentation provided by afl++. - Originally developed by Christian Holler (:decoder) , - adapted to gcc plugin by hexcoder-. + Plugin by hexcoder-. ## 1) Description and purpose diff --git a/include/config.h b/include/config.h index 2e993a42..f121025d 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ -#define VERSION "++2.57d" // c = release, d = volatile github dev +#define VERSION "++2.58c" // c = release, d = volatile github dev /****************************************************** * * -- cgit 1.4.1 From bc3ce26e0ecbf97751c6eb444df8e5bf31dcafd7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Oct 2019 17:18:41 +0200 Subject: -V/-E not precise --- TODO | 1 + src/afl-fuzz.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'TODO') diff --git a/TODO b/TODO index f2642b1a..05c89679 100644 --- a/TODO +++ b/TODO @@ -3,6 +3,7 @@ Roadmap 2.60: ============= afl-fuzz: + - change -T to use alarm() instead - radamsa mutator - test the libmutator actually works and does not run infinite (need an example though) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bb342112..25f606fa 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -71,7 +71,9 @@ static void usage(u8* argv0) { " -V seconds - fuzz for a maximum total time of seconds then " "terminate\n" " -E execs - fuzz for a maximum number of total executions then " - "terminate\n\n" + "terminate\n" + "Note: -V/-E are not precise, they are checked after a queue entry is " + "done which\n can be many minutes/execs later\n\n" "Other stuff:\n" " -T text - text banner to show on the screen\n" -- cgit 1.4.1 From f8e0e9ab1f2460c7faeca7d2e0cef5700a05859a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 27 Oct 2019 11:35:40 +0100 Subject: updated todos --- TODO | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 05c89679..b1a96569 100644 --- a/TODO +++ b/TODO @@ -3,14 +3,14 @@ Roadmap 2.60: ============= afl-fuzz: - - change -T to use alarm() instead - - radamsa mutator - - test the libmutator actually works and does not run infinite (need an example though) + - radamsa mutator (via dlopen()) gcc_plugin: - - neverZero - laf-intel +libdislocator: + - add a wrapper for posix_memalign + qemu_mode: - update to 4.x (probably this will be skipped :( ) - instrim for QEMU mode via static analysis (with r2pipe? or angr?) -- cgit 1.4.1