Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/afl/src/llvm_mode/README.llvm

Issue 2238013002: Roll src/third_party/afl/src/ 2.14b..2.30b (16 versions). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Note in "Local Modifications" that we have removed dictionaries/. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/afl/src/llvm_mode/Makefile ('k') | third_party/afl/src/llvm_mode/afl-clang-fast.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ============================================ 1 ============================================
2 Fast LLVM-based instrumentation for afl-fuzz 2 Fast LLVM-based instrumentation for afl-fuzz
3 ============================================ 3 ============================================
4 4
5 (See ../docs/README for the general instruction manual.) 5 (See ../docs/README for the general instruction manual.)
6 6
7 1) Introduction 7 1) Introduction
8 --------------- 8 ---------------
9 9
10 The code in this directory allows you to instrument programs for AFL using 10 The code in this directory allows you to instrument programs for AFL using
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 154
155 A more detailed template is shown in ../experimental/persistent_demo/. 155 A more detailed template is shown in ../experimental/persistent_demo/.
156 Similarly to the previous mode, the feature works only with afl-clang-fast; 156 Similarly to the previous mode, the feature works only with afl-clang-fast;
157 #ifdef guards can be used to suppress it when using other compilers. 157 #ifdef guards can be used to suppress it when using other compilers.
158 158
159 Note that as with the previous mode, the feature is easy to misuse; if you 159 Note that as with the previous mode, the feature is easy to misuse; if you
160 do not fully reset the critical state, you may end up with false positives or 160 do not fully reset the critical state, you may end up with false positives or
161 waste a whole lot of CPU power doing nothing useful at all. Be particularly 161 waste a whole lot of CPU power doing nothing useful at all. Be particularly
162 wary of memory leaks and of the state of file descriptors. 162 wary of memory leaks and of the state of file descriptors.
163 163
164 When running in this mode, the execution paths will inherently vary a bit
165 depending on whether the input loop is being entered for the first time or
166 executed again. To avoid spurious warnings, the feature implies
167 AFL_NO_VAR_CHECK and hides the "variable path" warnings in the UI.
168
169 PS. Because there are task switches still involved, the mode isn't as fast as 164 PS. Because there are task switches still involved, the mode isn't as fast as
170 "pure" in-process fuzzing offered, say, by LLVM's LibFuzzer; but it is a lot 165 "pure" in-process fuzzing offered, say, by LLVM's LibFuzzer; but it is a lot
171 faster than the normal fork() model, and compared to in-process fuzzing, 166 faster than the normal fork() model, and compared to in-process fuzzing,
172 should be a lot more robust. 167 should be a lot more robust.
173 168
174 6) Bonus feature #3: new 'trace-pc' mode 169 6) Bonus feature #3: new 'trace-pc' mode
175 ---------------------------------------- 170 ----------------------------------------
176 171
177 Recent versions of LLVM are shipping with a built-in execution tracing feature 172 Recent versions of LLVM are shipping with a built-in execution tracing feature
178 that is fairly usable for AFL, without the need to post-process the assembly 173 that is fairly usable for AFL, without the need to post-process the assembly
179 or install any compiler plugins. See: 174 or install any compiler plugins. See:
180 175
181 http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs 176 http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs
182 177
183 As of this writing, the feature is only available on SVN trunk, and is yet to 178 As of this writing, the feature is only available on SVN trunk, and is yet to
184 make it to an official release of LLVM. Nevertheless, if you have a 179 make it to an official release of LLVM. Nevertheless, if you have a
185 sufficiently recent compiler and want to give it a try, build afl-clang-fast 180 sufficiently recent compiler and want to give it a try, build afl-clang-fast
186 this way: 181 this way:
187 182
188 AFL_TRACE_PC=1 make clean all 183 AFL_TRACE_PC=1 make clean all
189 184
190 Since a form of 'trace-pc' is also supported in GCC, this mode may become a 185 Since a form of 'trace-pc' is also supported in GCC, this mode may become a
191 longer-term solution to all our needs. 186 longer-term solution to all our needs.
192 187
193 Note that this mode supports AFL_INST_RATIO at run time, not at compilation 188 Note that this mode supports AFL_INST_RATIO at run time, not at compilation
194 time. This is somewhat similar to the behavior of the QEMU mode. Because of 189 time. This is somewhat similar to the behavior of the QEMU mode. Because of
195 the need to support it at run time, the mode is also a tad slower than the 190 the need to support it at run time, the mode is also a tad slower than the
196 plugin-based approach. 191 plugin-based approach.
OLDNEW
« no previous file with comments | « third_party/afl/src/llvm_mode/Makefile ('k') | third_party/afl/src/llvm_mode/afl-clang-fast.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698