Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1067)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/afl/src/docs/notes_for_asan.txt

Issue 2662883002: Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)
Patch Set: Remove unneeded vuln_samples binaries. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/afl/src/docs/env_variables.txt ('k') | third_party/afl/src/docs/perf_tips.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ================================== 1 ==================================
2 Notes for using ASAN with afl-fuzz 2 Notes for using ASAN with afl-fuzz
3 ================================== 3 ==================================
4 4
5 This file discusses some of the caveats for fuzzing under ASAN, and suggests 5 This file discusses some of the caveats for fuzzing under ASAN, and suggests
6 a handful of alternatives. See README for the general instruction manual. 6 a handful of alternatives. See README for the general instruction manual.
7 7
8 1) Short version 8 1) Short version
9 ---------------- 9 ----------------
10 10
(...skipping 13 matching lines...) Expand all
24 24
25 - Limit the memory available to process using cgroups on Linux (see 25 - Limit the memory available to process using cgroups on Linux (see
26 experimental/asan_cgroups). 26 experimental/asan_cgroups).
27 27
28 To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The 28 To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The
29 afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags. 29 afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags.
30 Note that ASAN is incompatible with -static, so be mindful of that. 30 Note that ASAN is incompatible with -static, so be mindful of that.
31 31
32 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.) 32 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
33 33
34 Note that both ASAN and MSAN are incompatible with -D_FORTIFY_SOURCE (enabled
35 by default in some distros) and with AFL_HARDEN. Attempting to combine these
36 settings can lead to false negatives in ASAN and false positives in MSAN. This
37 is not AFL-specific.
38
39 There is also the option of generating a corpus using a non-ASAN binary, and 34 There is also the option of generating a corpus using a non-ASAN binary, and
40 then feeding it to an ASAN-instrumented one to check for bugs. This is faster, 35 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,
41 and can give you somewhat comparable results. You can also try using 36 and can give you somewhat comparable results. You can also try using
42 libdislocator (see libdislocator/README.dislocator in the parent directory) as a 37 libdislocator (see libdislocator/README.dislocator in the parent directory) as a
43 lightweight and hassle-free (but less thorough) alternative. 38 lightweight and hassle-free (but less thorough) alternative.
44 39
45 2) Long version 40 2) Long version
46 --------------- 41 ---------------
47 42
48 ASAN allocates a huge region of virtual address space for bookkeeping purposes. 43 ASAN allocates a huge region of virtual address space for bookkeeping purposes.
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
123 118
124 Some folks expressed interest in fuzzing with UBSAN. This isn't officially 119 Some folks expressed interest in fuzzing with UBSAN. This isn't officially
125 supported, because many installations of UBSAN don't offer a consistent way 120 supported, because many installations of UBSAN don't offer a consistent way
126 to abort() on fault conditions or to terminate with a distinctive exit code. 121 to abort() on fault conditions or to terminate with a distinctive exit code.
127 122
128 That said, some versions of the library can be binary-patched to address this 123 That said, some versions of the library can be binary-patched to address this
129 issue, while newer releases support explicit compile-time flags - see this 124 issue, while newer releases support explicit compile-time flags - see this
130 mailing list thread for tips: 125 mailing list thread for tips:
131 126
132 https://groups.google.com/forum/#!topic/afl-users/GyeSBJt4M38 127 https://groups.google.com/forum/#!topic/afl-users/GyeSBJt4M38
OLDNEW
« no previous file with comments | « third_party/afl/src/docs/env_variables.txt ('k') | third_party/afl/src/docs/perf_tips.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698