Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/afl/src/docs/perf_tips.txt

Issue 2662883002: Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)
Patch Set: Remove unneeded vuln_samples binaries. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/afl/src/docs/notes_for_asan.txt ('k') | third_party/afl/src/docs/sister_projects.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ================================= 1 =================================
2 Tips for performance optimization 2 Tips for performance optimization
3 ================================= 3 =================================
4 4
5 This file provides tips for troubleshooting slow or wasteful fuzzing jobs. 5 This file provides tips for troubleshooting slow or wasteful fuzzing jobs.
6 See README for the general instruction manual. 6 See README for the general instruction manual.
7 7
8 1) Keep your test cases small 8 1) Keep your test cases small
9 ----------------------------- 9 -----------------------------
10 10
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after
160 on a particular schedule and is known to underestimate the needs of 160 on a particular schedule and is known to underestimate the needs of
161 short-lived processes spawned by afl-fuzz (or any other fuzzer). On Linux, 161 short-lived processes spawned by afl-fuzz (or any other fuzzer). On Linux,
162 this can be fixed with: 162 this can be fixed with:
163 163
164 cd /sys/devices/system/cpu 164 cd /sys/devices/system/cpu
165 echo performance | tee cpu*/cpufreq/scaling_governor 165 echo performance | tee cpu*/cpufreq/scaling_governor
166 166
167 On other systems, the impact of CPU scaling will be different; when fuzzing, 167 On other systems, the impact of CPU scaling will be different; when fuzzing,
168 use OS-specific tools to find out if all cores are running at full speed. 168 use OS-specific tools to find out if all cores are running at full speed.
169 169
170 - Transparent huge pages. Some allocators, such as jemalloc, can incur a
171 heavy fuzzing penalty when transparent huge pages (THP) are enabled in the
172 kernel. You can disable this via:
173
174 echo never > /sys/kernel/mm/transparent_hugepage/enabled
175
170 - Suboptimal scheduling strategies. The significance of this will vary from 176 - Suboptimal scheduling strategies. The significance of this will vary from
171 one target to another, but on Linux, you may want to make sure that the 177 one target to another, but on Linux, you may want to make sure that the
172 following options are set: 178 following options are set:
173 179
174 echo 1 >/proc/sys/kernel/sched_child_runs_first 180 echo 1 >/proc/sys/kernel/sched_child_runs_first
175 echo 1 >/proc/sys/kernel/sched_autogroup_enabled 181 echo 1 >/proc/sys/kernel/sched_autogroup_enabled
176 182
177 Setting a different scheduling policy for the fuzzer process - say 183 Setting a different scheduling policy for the fuzzer process - say
178 SCHED_RR - can usually speed things up, too, but needs to be done with 184 SCHED_RR - can usually speed things up, too, but needs to be done with
179 care. 185 care.
180 186
181 9) If all other options fail, use -d 187 9) If all other options fail, use -d
182 ------------------------------------ 188 ------------------------------------
183 189
184 For programs that are genuinely slow, in cases where you really can't escape 190 For programs that are genuinely slow, in cases where you really can't escape
185 using huge input files, or when you simply want to get quick and dirty results 191 using huge input files, or when you simply want to get quick and dirty results
186 early on, you can always resort to the -d mode. 192 early on, you can always resort to the -d mode.
187 193
188 The mode causes afl-fuzz to skip all the deterministic fuzzing steps, which 194 The mode causes afl-fuzz to skip all the deterministic fuzzing steps, which
189 makes output a lot less neat and can ultimately make the testing a bit less 195 makes output a lot less neat and can ultimately make the testing a bit less
190 in-depth, but it will give you an experience more familiar from other fuzzing 196 in-depth, but it will give you an experience more familiar from other fuzzing
191 tools. 197 tools.
OLDNEW
« no previous file with comments | « third_party/afl/src/docs/notes_for_asan.txt ('k') | third_party/afl/src/docs/sister_projects.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698