Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(342)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/afl/src/docs/parallel_fuzzing.txt

Issue 2238013002: Roll src/third_party/afl/src/ 2.14b..2.30b (16 versions). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Note in "Local Modifications" that we have removed dictionaries/. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/afl/src/docs/notes_for_asan.txt ('k') | third_party/afl/src/docs/perf_tips.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/afl/src/docs/parallel_fuzzing.txt
diff --git a/third_party/afl/src/docs/parallel_fuzzing.txt b/third_party/afl/src/docs/parallel_fuzzing.txt
index 69c1a9ae2df642e9faa5357c2d03a7288d3b7cd9..58f8d2f412603de55caaf0d4d190e1546c3d2f2a 100644
--- a/third_party/afl/src/docs/parallel_fuzzing.txt
+++ b/third_party/afl/src/docs/parallel_fuzzing.txt
@@ -51,13 +51,27 @@ Each instance will also periodically rescan the top-level sync directory
for any test cases found by other fuzzers - and will incorporate them into
its own fuzzing when they are deemed interesting enough.
-The only difference between the -M and -S modes is that the master instance
-will still perform deterministic checks; while the secondary instances will
+The difference between the -M and -S modes is that the master instance will
+still perform deterministic checks; while the secondary instances will
proceed straight to random tweaks. If you don't want to do deterministic
fuzzing at all, it's OK to run all instances with -S. With very slow or complex
targets, or when running heavily parallelized jobs, this is usually a good plan.
-You can monitor the progress of your jobs from the command line with the
+Note that running multiple -M instances is wasteful, although there is an
+experimental support for parallelizing the deterministic checks. To leverage
+that, you need to create -M instances like so:
+
+$ ./afl-fuzz -i testcase_dir -o sync_dir -M masterA:1/3 [...]
+$ ./afl-fuzz -i testcase_dir -o sync_dir -M masterB:2/3 [...]
+$ ./afl-fuzz -i testcase_dir -o sync_dir -M masterC:3/3 [...]
+
+...where the first value after ':' is the sequential ID of a particular master
+instance (starting at 1), and the second value is the total number of fuzzers to
+distribute the deterministic fuzzing across. Note that if you boot up fewer
+fuzzers than indicated by the second number passed to -M, you may end up with
+poor coverage.
+
+You can also monitor the progress of your jobs from the command line with the
provided afl-whatsup tool. When the instances are no longer finding new paths,
it's probably time to stop.
« no previous file with comments | « third_party/afl/src/docs/notes_for_asan.txt ('k') | third_party/afl/src/docs/perf_tips.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698