From 8823f22a9c87123c1bfcc5bff10044de4c7a4a1f Mon Sep 17 00:00:00 2001 From: marc Date: Fri, 11 Aug 2023 11:22:18 +0200 Subject: add AFL_FINAL_SYNC --- src/afl-fuzz-state.c | 7 +++++++ src/afl-fuzz.c | 9 +++++++++ 2 files changed, 16 insertions(+) (limited to 'src') diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5a6b95cf..97e00415 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -269,6 +269,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_import_first = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_FINAL_SYNC", + + afl_environment_variable_len)) { + + afl->afl_env.afl_final_sync = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index cdb3f996..c2ec4a1d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2899,6 +2899,15 @@ stop_fuzzing: time_spent_working / afl->fsrv.total_execs); #endif + if (afl->afl_env.afl_final_sync) { + + SAYF(cYEL "[!] " cRST "\nPerforming final sync, this make take some time ...\n"); + sync_fuzzers(afl); + write_bitmap(afl); + SAYF(cYEL "[!] " cRST "Done!\n\n"); + + } + if (afl->is_main_node) { u8 path[PATH_MAX]; -- cgit 1.4.1 From 030799638ddb7bd42d97fea81951c7cb246e263b Mon Sep 17 00:00:00 2001 From: chinggg <24590067+chinggg@users.noreply.github.com> Date: Sun, 13 Aug 2023 00:24:44 +0800 Subject: Remove redundant comparison of `fav_factor` in `update_bitmap_score` `top_rated_fav_factor` was actually calculated twice, but only one calculation and comparison is needed. Since `fav_factor` > `top_rated_fav_factor` will always cause skip of current iteration, `else if (fuzz_p2 == top_rated_fuzz_p2)` is also redundant. --- src/afl-fuzz-queue.c | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 48fd33ec..20973f51 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -746,30 +746,9 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { } - if (fuzz_p2 > top_rated_fuzz_p2) { + if (fuzz_p2 > top_rated_fuzz_p2) continue; - continue; - - } else if (fuzz_p2 == top_rated_fuzz_p2) { - - if (fav_factor > top_rated_fav_factor) { continue; } - - } - - if (unlikely(afl->schedule >= RARE) || unlikely(afl->fixed_seed)) { - - if (fav_factor > afl->top_rated[i]->len << 2) { continue; } - - } else { - - if (fav_factor > - afl->top_rated[i]->exec_us * afl->top_rated[i]->len) { - - continue; - - } - - } + if (fav_factor > top_rated_fav_factor) continue; /* Looks like we're going to win. Decrease ref count for the previous winner, discard its afl->fsrv.trace_bits[] if necessary. */ -- cgit 1.4.1 From 26f29fd485efaa08824c27501f82caeea525b5e3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 13 Aug 2023 10:18:33 +0200 Subject: nits --- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-queue.c | 27 ++++++++++++++++++++------- src/afl-fuzz.c | 3 ++- 3 files changed, 23 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 87157cad..0429db34 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -474,7 +474,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { /* Generating a hash on every input is super expensive. Bad idea and should only be used for special schedules */ - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) { + if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { classify_counts(&afl->fsrv); classified = 1; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 20973f51..14ba1ace 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -701,13 +701,20 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u64 fav_factor; u64 fuzz_p2; - if (unlikely(afl->schedule >= FAST && afl->schedule < RARE)) + if (likely(afl->schedule >= FAST && afl->schedule < RARE)) { + fuzz_p2 = 0; // Skip the fuzz_p2 comparison - else if (unlikely(afl->schedule == RARE)) + + } else if (unlikely(afl->schedule == RARE)) { + fuzz_p2 = next_pow2(afl->n_fuzz[q->n_fuzz_entry]); - else + + } else { + fuzz_p2 = q->fuzz_level; + } + if (unlikely(afl->schedule >= RARE) || unlikely(afl->fixed_seed)) { fav_factor = q->len << 2; @@ -729,12 +736,18 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { /* Faster-executing or smaller test cases are favored. */ u64 top_rated_fav_factor; u64 top_rated_fuzz_p2; - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) + + if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { + top_rated_fuzz_p2 = next_pow2(afl->n_fuzz[afl->top_rated[i]->n_fuzz_entry]); - else + + } else { + top_rated_fuzz_p2 = afl->top_rated[i]->fuzz_level; + } + if (unlikely(afl->schedule >= RARE) || unlikely(afl->fixed_seed)) { top_rated_fav_factor = afl->top_rated[i]->len << 2; @@ -746,9 +759,9 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { } - if (fuzz_p2 > top_rated_fuzz_p2) continue; + if (likely(fuzz_p2 > top_rated_fuzz_p2)) { continue; } - if (fav_factor > top_rated_fav_factor) continue; + if (likely(fav_factor > top_rated_fav_factor)) { continue; } /* Looks like we're going to win. Decrease ref count for the previous winner, discard its afl->fsrv.trace_bits[] if necessary. */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c2ec4a1d..93bcdccf 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2901,7 +2901,8 @@ stop_fuzzing: if (afl->afl_env.afl_final_sync) { - SAYF(cYEL "[!] " cRST "\nPerforming final sync, this make take some time ...\n"); + SAYF(cYEL "[!] " cRST + "\nPerforming final sync, this make take some time ...\n"); sync_fuzzers(afl); write_bitmap(afl); SAYF(cYEL "[!] " cRST "Done!\n\n"); -- cgit 1.4.1 From 8cf6a13eb7f0d56495baf92745fae3084dc2fb67 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Aug 2023 11:47:12 +0200 Subject: add env var to help output --- src/afl-fuzz.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 93bcdccf..43834172 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -299,6 +299,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded)\n" "AFL_NO_STARTUP_CALIBRATION: no initial seed calibration, start fuzzing at once\n" + "AFL_NO_WARN_INSTABILITY: no warn about instability issues on startup calibration\n" "AFL_NO_UI: switch status screen off\n" "AFL_NYX_AUX_SIZE: size of the Nyx auxiliary buffer. Must be a multiple of 4096.\n" " Increase this value in case the crash reports are truncated.\n" -- cgit 1.4.1 From 53c26d086b94c4e5f31dddac0dd212cbff89e957 Mon Sep 17 00:00:00 2001 From: "Samuel E. Moelius III" Date: Sat, 19 Aug 2023 08:17:23 -0400 Subject: Loosen `ReportCrash` check --- afl-system-config | 2 +- src/afl-fuzz-init.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/afl-system-config b/afl-system-config index b50bb06e..e3eb8527 100755 --- a/afl-system-config +++ b/afl-system-config @@ -110,7 +110,7 @@ if [ "$PLATFORM" = "Darwin" ] ; then sysctl kern.sysv.shmall=131072000 echo Settings applied. echo - if $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ; then + if $(launchctl list 2>/dev/null | grep -q '\.ReportCrash\>') ; then echo echo Unloading the default crash reporter SL=/System/Library; PL=com.apple.ReportCrash diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 5a530821..4c09fab7 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2270,7 +2270,7 @@ void check_crash_handling(void) { reporting the awful way. */ #if !TARGET_OS_IPHONE - if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash$'")) return; + if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash\\>'")) return; SAYF( "\n" cLRD "[-] " cRST -- cgit 1.4.1