third_party/afl/src/llvm_mode/README.llvm - Issue 2662883002: Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/afl/src/llvm_mode/README.llvm

Issue 2662883002: Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)

Patch Set: Remove unneeded vuln_samples binaries. Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/afl/src/llvm_mode/README.llvm

diff --git a/third_party/afl/src/llvm_mode/README.llvm b/third_party/afl/src/llvm_mode/README.llvm

index f7d48c9129880eab4b3f27e48131a8e917290ede..d96d8c31d6400a9c2dc8625e147fef859f78a50d 100644

--- a/third_party/afl/src/llvm_mode/README.llvm

+++ b/third_party/afl/src/llvm_mode/README.llvm

@@ -166,14 +166,14 @@ PS. Because there are task switches still involved, the mode isn't as fast as

faster than the normal fork() model, and compared to in-process fuzzing,

should be a lot more robust.

-6) Bonus feature #3: new 'trace-pc' mode

-----------------------------------------

+6) Bonus feature #3: new 'trace-pc-guard' mode

+----------------------------------------------

Recent versions of LLVM are shipping with a built-in execution tracing feature

-that is fairly usable for AFL, without the need to post-process the assembly

-or install any compiler plugins. See:

+that provides AFL with the necessary tracing data without the need to

+post-process the assembly or install any compiler plugins. See:

- http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs

+ http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards

As of this writing, the feature is only available on SVN trunk, and is yet to

make it to an official release of LLVM. Nevertheless, if you have a

@@ -182,10 +182,7 @@ this way:

AFL_TRACE_PC=1 make clean all

-Since a form of 'trace-pc' is also supported in GCC, this mode may become a

-longer-term solution to all our needs.

+Note that this mode is currently about 20-30% slower than "vanilla"

+afl-clang-fast, and about 5-10% slower than afl-clang. I am not entirely sure

+why.

-Note that this mode supports AFL_INST_RATIO at run time, not at compilation

-time. This is somewhat similar to the behavior of the QEMU mode. Because of

-the need to support it at run time, the mode is also a tad slower than the

-plugin-based approach.