Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/afl/src/docs/notes_for_asan.txt

Issue 2238013002: Roll src/third_party/afl/src/ 2.14b..2.30b (16 versions). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Note in "Local Modifications" that we have removed dictionaries/. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/afl/src/docs/life_pro_tips.txt ('k') | third_party/afl/src/docs/parallel_fuzzing.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ================================== 1 ==================================
2 Notes for using ASAN with afl-fuzz 2 Notes for using ASAN with afl-fuzz
3 ================================== 3 ==================================
4 4
5 This file discusses some of the caveats for fuzzing under ASAN, and suggests 5 This file discusses some of the caveats for fuzzing under ASAN, and suggests
6 a handful of alternatives. See README for the general instruction manual. 6 a handful of alternatives. See README for the general instruction manual.
7 7
8 1) Short version 8 1) Short version
9 ---------------- 9 ----------------
10 10
(...skipping 13 matching lines...) Expand all
24 24
25 - Limit the memory available to process using cgroups on Linux (see 25 - Limit the memory available to process using cgroups on Linux (see
26 experimental/asan_cgroups). 26 experimental/asan_cgroups).
27 27
28 To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The 28 To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The
29 afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags. 29 afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags.
30 Note that ASAN is incompatible with -static, so be mindful of that. 30 Note that ASAN is incompatible with -static, so be mindful of that.
31 31
32 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.) 32 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
33 33
34 Note that both ASAN and MSAN are incompatible with -D_FORTIFY_SOURCE (enabled
35 by default in some distros) and with AFL_HARDEN. Attempting to combine these
36 settings can lead to false negatives in ASAN and false positives in MSAN. This
37 is not AFL-specific.
38
34 There is also the option of generating a corpus using a non-ASAN binary, and 39 There is also the option of generating a corpus using a non-ASAN binary, and
35 then feeding it to an ASAN-instrumented one to check for bugs. This is faster, 40 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,
36 and can give you somewhat comparable results. 41 and can give you somewhat comparable results. You can also try using
42 libdislocator (see libdislocator/README.dislocator in the parent directory) as a
43 lightweight and hassle-free (but less thorough) alternative.
37 44
38 2) Long version 45 2) Long version
39 --------------- 46 ---------------
40 47
41 ASAN allocates a huge region of virtual address space for bookkeeping purposes. 48 ASAN allocates a huge region of virtual address space for bookkeeping purposes.
42 Most of this is never actually accessed, so the OS never has to allocate any 49 Most of this is never actually accessed, so the OS never has to allocate any
43 real pages of memory for the process, and the VM grabbed by ASAN is essentially 50 real pages of memory for the process, and the VM grabbed by ASAN is essentially
44 "free" - but the mapping counts against the standard OS-enforced limit 51 "free" - but the mapping counts against the standard OS-enforced limit
45 (RLIMIT_AS, aka ulimit -v). 52 (RLIMIT_AS, aka ulimit -v).
46 53
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
116 123
117 Some folks expressed interest in fuzzing with UBSAN. This isn't officially 124 Some folks expressed interest in fuzzing with UBSAN. This isn't officially
118 supported, because many installations of UBSAN don't offer a consistent way 125 supported, because many installations of UBSAN don't offer a consistent way
119 to abort() on fault conditions or to terminate with a distinctive exit code. 126 to abort() on fault conditions or to terminate with a distinctive exit code.
120 127
121 That said, some versions of the library can be binary-patched to address this 128 That said, some versions of the library can be binary-patched to address this
122 issue, while newer releases support explicit compile-time flags - see this 129 issue, while newer releases support explicit compile-time flags - see this
123 mailing list thread for tips: 130 mailing list thread for tips:
124 131
125 https://groups.google.com/forum/#!topic/afl-users/GyeSBJt4M38 132 https://groups.google.com/forum/#!topic/afl-users/GyeSBJt4M38
OLDNEW
« no previous file with comments | « third_party/afl/src/docs/life_pro_tips.txt ('k') | third_party/afl/src/docs/parallel_fuzzing.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698