Skip to content

4.20 release pre-PR #2052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 123 commits into from
Apr 13, 2024
Merged

4.20 release pre-PR #2052

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
123 commits
Select commit Hold shift + click to select a range
8fedf49
replay mode support
quarta-qti Jan 23, 2024
4d49345
tmp
vanhauser-thc Jan 25, 2024
b0a912a
working ugly version
vanhauser-thc Jan 26, 2024
44a7696
fixes
vanhauser-thc Jan 26, 2024
d668010
fixes
vanhauser-thc Jan 26, 2024
ceb7e44
fixes
vanhauser-thc Jan 27, 2024
e6eee68
fix
vanhauser-thc Jan 27, 2024
7908035
better CTX instrumentation
vanhauser-thc Feb 1, 2024
bd13d32
final touches
vanhauser-thc Feb 2, 2024
ba3a039
finish lto-ctx
vanhauser-thc Feb 2, 2024
d85722a
deterministic fuzzing and -z
vanhauser-thc Feb 3, 2024
e1d7f4a
Merge pull request #1988 from AFLplusplus/ltoctx
vanhauser-thc Feb 3, 2024
dc151ca
add lto caller instrumentation
vanhauser-thc Feb 3, 2024
9fab7e8
new forkserver - server part
vanhauser-thc Feb 3, 2024
27338fc
new forkserver - client side
vanhauser-thc Feb 3, 2024
c77709c
add U256/32byte support
vanhauser-thc Feb 4, 2024
34a3060
config __afl_cmplog_max_len
vanhauser-thc Feb 4, 2024
6d209ce
fix -z
vanhauser-thc Feb 4, 2024
47e7d24
increase version
vanhauser-thc Feb 4, 2024
40df85d
adjust cmplog header
vanhauser-thc Feb 5, 2024
023fc19
better replay mode error handling, added replay mode documentation, c…
quarta-qti Feb 5, 2024
698f1e2
fix hashmap test
vanhauser-thc Feb 6, 2024
f49e391
prevent afl-whatsup tmp files
vanhauser-thc Feb 6, 2024
58aa181
revert persistent_demo_new.c to b99bbf671b7469a5aad29898fe28489004c4cbe7
quarta-qti Feb 6, 2024
9f8eea5
add spec_rstack_overflow=off to persistent-config
vanhauser-thc Feb 6, 2024
375aca2
nits
vanhauser-thc Feb 6, 2024
49d4fa4
add replay_record binaries to .gitignore
quarta-qti Feb 6, 2024
e405e72
reuse first_pass aux var in persistent loop for record replay mode, k…
quarta-qti Feb 6, 2024
a7fd84e
fix typo
quarta-qti Feb 6, 2024
8e4bd03
added README.md to utils/replay_record
quarta-qti Feb 6, 2024
7f8347b
Add 7950x3d and 6900hs benchmarks, with and without mitigations
monik3r Feb 7, 2024
25a6c2c
Add benmark-results.jsonl
monik3r Feb 7, 2024
a2100f3
Add missing jsonl entry. Thanks @cjb!
monik3r Feb 7, 2024
e0e8645
Merge pull request #1990 from monik3r/dev
vanhauser-thc Feb 7, 2024
ea0ea88
add conditional check for persistent record mode on forkserver handli…
quarta-qti Feb 7, 2024
956fa95
updated readme
quarta-qti Feb 7, 2024
42c663e
Merge pull request #1965 from CodeLinaro/stateful
vanhauser-thc Feb 8, 2024
038fef9
performance
vanhauser-thc Feb 8, 2024
c23bbdd
workaround for MOpt bug with -S
vanhauser-thc Feb 8, 2024
48070e0
Merge branch '420' into dev
vanhauser-thc Feb 8, 2024
eaf4a29
make redqueen hashmap not default
vanhauser-thc Feb 8, 2024
369fce9
code format
vanhauser-thc Feb 8, 2024
88e41f0
env fix
vanhauser-thc Feb 8, 2024
037a14f
Fixed issue #1981: document PATH correctly based on homebrew version
seanm Feb 9, 2024
3cbaefd
Merge pull request #1995 from seanm/issue1981
vanhauser-thc Feb 9, 2024
f2b7357
fixes
vanhauser-thc Feb 9, 2024
07bc202
fixes
vanhauser-thc Feb 9, 2024
dd88069
fix
vanhauser-thc Feb 9, 2024
6fed799
unicorn fix
vanhauser-thc Feb 9, 2024
5404eef
update docs
vanhauser-thc Feb 9, 2024
61ceef6
valid comparison.md
vanhauser-thc Feb 13, 2024
1b84448
afl-persistent-config: Use GRUB_CMDLINE_LINUX instead of GRUB_CMDLINE…
maxammann Feb 14, 2024
6dc5875
issue #2001: fix passing rpath to linker on macOS
seanm Feb 16, 2024
ebdb71a
Merge pull request #2002 from seanm/issue2001
vanhauser-thc Feb 16, 2024
ad4a776
Change both
maxammann Feb 16, 2024
ca91d3f
Revert other changes
maxammann Feb 16, 2024
eee7807
Merge pull request #1998 from trail-of-forks/grub-cmdline
vanhauser-thc Feb 16, 2024
808022d
Fixed #1865: many updates to INSTALL.md for macOS
seanm Feb 15, 2024
fea76df
Merge pull request #1999 from seanm/issue1865
vanhauser-thc Feb 19, 2024
7307131
replaced unicornafl with unicorn (#2003)
Resery Feb 19, 2024
80158de
Catch invalid frees (#2008)
Resery Feb 20, 2024
5ae4a7a
afl-whatsup current speed
vanhauser-thc Feb 20, 2024
340d6aa
unicornafl: fix malloc of size 0 (#2010)
Resery Feb 21, 2024
98238ed
Convert from microseconds (us) to milliseconds (ms)
Feb 22, 2024
07e0b39
Do not circumvent sanity checks from arg parsing
Feb 22, 2024
eaedf2e
Adhere to documented behavior
Feb 23, 2024
01f442d
Be specific about the unit of time
Feb 23, 2024
fae760f
Add upper and lower safety margins
Feb 23, 2024
1286d19
Merge pull request #2012 from clesmian/dev
vanhauser-thc Feb 23, 2024
849994d
update changelog
vanhauser-thc Feb 23, 2024
b2b887d
Issue #2007: add filename extension to /crashes files
seanm Feb 22, 2024
8fcd404
Update GNUmakefile
hyrathon Feb 27, 2024
9f6d27d
Merge pull request #2018 from hyrathon/patch-2
vanhauser-thc Feb 27, 2024
1e01ccc
unicornafl: Add UAF chcker to loader (#2009)
Resery Feb 27, 2024
603136e
unicornafl: Fix dump_regs() type errors in pwndbg dumper (#2005)
hyrathon Feb 27, 2024
335b2d4
Load autodictionary when using new forkserver
Feb 28, 2024
036a792
gcc cmplog fix
vanhauser-thc Feb 29, 2024
a607adb
Merge pull request #2019 from zidel/fork_server_fix
vanhauser-thc Feb 29, 2024
7652406
nit
vanhauser-thc Feb 29, 2024
31adb57
Merge pull request #2014 from seanm/issue2007
vanhauser-thc Feb 29, 2024
acc178e
log
vanhauser-thc Feb 29, 2024
6062668
fix not using autodict
vanhauser-thc Feb 29, 2024
e46fac6
Fix delayed pcmap writing for code coverage with pc-table
choller Mar 6, 2024
bf17953
Code formating
choller Mar 6, 2024
52e19d3
Add optional handling of Nyx InvalidWriteToPayload event
choller Mar 6, 2024
092260e
Merge pull request #2026 from choller/pcmap_fix2
vanhauser-thc Mar 6, 2024
0ea53ea
likely
vanhauser-thc Mar 6, 2024
306a917
UI fix
vanhauser-thc Mar 7, 2024
2300088
support parsing of llvm rc minor version
Mar 11, 2024
2ed2ac8
fix record compat loop to replay correct number of inputs, and at lea…
Mar 11, 2024
08f6d59
correct fix
Mar 11, 2024
b85174f
nit
vanhauser-thc Mar 12, 2024
6650ef4
Merge pull request #2030 from ocean1/replay_loop_fix
vanhauser-thc Mar 12, 2024
443edcd
nits
vanhauser-thc Mar 12, 2024
ee07fc9
fix rc minor version parsing
Mar 12, 2024
93c7a42
Merge pull request #2029 from ocean1/minor_ver_fix
vanhauser-thc Mar 12, 2024
c9ad3ac
Add -l option for adjustable block deletion
kiddo-pwn Mar 13, 2024
1860f6e
Fix invalid range for del_len_limit
kiddo-pwn Mar 14, 2024
a96bda8
Merge pull request #2033 from gnbon/stable
vanhauser-thc Mar 15, 2024
ed50f37
bugfix: update_firda_version can't get the newest version of frida
Resery Mar 15, 2024
59465bd
Merge pull request #2035 from Resery/patch-6
vanhauser-thc Mar 15, 2024
9b5b71b
fix override directive and recipe echoing
SonicStark Mar 22, 2024
4b2cdaf
Fix build_qemu_support.sh static builds
flk0 Mar 23, 2024
9ece2e3
Merge pull request #2040 from flk0/stable
vanhauser-thc Mar 23, 2024
6ef5d7c
Merge pull request #2038 from SonicStark/dev-makefile-0322
vanhauser-thc Mar 23, 2024
b02adf6
citation: fix typo
ligurio Mar 28, 2024
8943ba0
Merge pull request #2042 from ligurio/patch-1
vanhauser-thc Mar 28, 2024
5ffc8c7
src: fix calculation of fuzzing time in statistics
ligurio Mar 30, 2024
ad65cfb
Merge pull request #2043 from ligurio/ligurio/fix-clock_gettime
vanhauser-thc Mar 31, 2024
2bf9284
Fixed unicorn_dumper_gdb.py for updated version of gef (#2045)
SolarDebris Apr 3, 2024
f7ea0f5
fix aflpp custom mutator + standalone tool
vanhauser-thc Apr 5, 2024
4560336
fix llvm modules
vanhauser-thc Apr 7, 2024
420a90f
code format
vanhauser-thc Apr 7, 2024
29544e4
fix time
vanhauser-thc Apr 7, 2024
48a862c
:Adds stats tracking time spend in calibration/trim/sync
fbeqv Mar 13, 2024
eeae114
Merge pull request #2034 from fbeqv/add_effective_fuzzing_time_tracker
vanhauser-thc Apr 9, 2024
40adc34
fix -V, code format
vanhauser-thc Apr 9, 2024
72226d6
fix shared memory test cases
vanhauser-thc Apr 9, 2024
b08df87
fix syncing with custom mutator
vanhauser-thc Apr 11, 2024
c49a4c7
Clarify that oss-fuzz doesn't randomize builds anymore
Phasip Apr 12, 2024
beb9f95
Merge pull request #2051 from Phasip/patch-1
vanhauser-thc Apr 12, 2024
e01307a
v4.20c
vanhauser-thc Apr 13, 2024
1582aa9
Merge pull request #2027 from choller/nyx-handler-fix
vanhauser-thc Apr 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
branches:
- stable
- dev
- 420
pull_request:
branches:
- dev # No need for stable-pull-request, as that equals dev-push
Expand Down
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,15 @@ unicorn_mode/samples/*/\.test-*
utils/afl_network_proxy/afl-network-client
utils/afl_network_proxy/afl-network-server
utils/afl_proxy/afl-proxy
utils/bench/hash
utils/optimin/build
utils/optimin/optimin
utils/persistent_mode/persistent_demo
utils/persistent_mode/persistent_demo_new
utils/persistent_mode/persistent_demo_new_compat
utils/persistent_mode/test-instr
utils/replay_record/persistent_demo_replay
utils/replay_record/persistent_demo_replay_compat
utils/replay_record/persistent_demo_replay_argparse
utils/plot_ui/afl-plot-ui
vuln_prog
2 changes: 1 addition & 1 deletion CITATION.cff
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,5 @@ keywords:
- qemu
- llvm
- unicorn-emulator
- securiy
- security
license: AGPL-3.0-or-later
77 changes: 42 additions & 35 deletions GNUmakefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ endif
ifdef ASAN_BUILD
$(info Compiling ASAN version of binaries)
override CFLAGS += $(ASAN_CFLAGS)
LDFLAGS += $(ASAN_LDFLAGS)
override LDFLAGS += $(ASAN_LDFLAGS)
endif
ifdef UBSAN_BUILD
$(info Compiling UBSAN version of binaries)
Expand Down Expand Up @@ -84,38 +84,44 @@ else
endif
endif

#ifeq "$(shell echo 'int main() {return 0; }' | $(CC) -fno-move-loop-invariants -fdisable-tree-cunrolli -x c - -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
# SPECIAL_PERFORMANCE += -fno-move-loop-invariants -fdisable-tree-cunrolli
#endif

#ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -march=native -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
# ifndef SOURCE_DATE_EPOCH
# HAVE_MARCHNATIVE = 1
# CFLAGS_OPT += -march=native
# endif
#endif
ifdef PERFORMANCE
SPECIAL_PERFORMANCE := -D_AFL_SPECIAL_PERFORMANCE
ifeq "$(SYS)" "Linux"
ifeq "$(shell grep avx2 /proc/cpuinfo)" ""
else
SPECIAL_PERFORMANCE += -mavx2 -D_HAVE_AVX2
endif
endif
ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -march=native -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
HAVE_MARCHNATIVE = 1
SPECIAL_PERFORMANCE += -march=native
endif
$(info SPECIAL_PERFORMANCE=$(SPECIAL_PERFORMANCE))
else
SPECIAL_PERFORMANCE :=
endif

ifneq "$(SYS)" "Darwin"
#ifeq "$(HAVE_MARCHNATIVE)" "1"
# SPECIAL_PERFORMANCE += -march=native
#endif
#ifeq "$(HAVE_MARCHNATIVE)" "1"
# SPECIAL_PERFORMANCE += -march=native
#endif
#ifndef DEBUG
# CFLAGS_OPT += -D_FORTIFY_SOURCE=1
# override CFLAGS_OPT += -D_FORTIFY_SOURCE=1
#endif
else
# On some odd MacOS system configurations, the Xcode sdk path is not set correctly
SDK_LD = -L$(shell xcrun --show-sdk-path)/usr/lib
LDFLAGS += $(SDK_LD)
override LDFLAGS += $(SDK_LD)
endif

COMPILER_TYPE=$(shell $(CC) --version|grep "Free Software Foundation")
ifneq "$(COMPILER_TYPE)" ""
#$(info gcc is being used)
CFLAGS_OPT += -Wno-error=format-truncation -Wno-format-truncation
override CFLAGS_OPT += -Wno-error=format-truncation -Wno-format-truncation
endif

ifeq "$(SYS)" "SunOS"
LDFLAGS = -lkstat -lrt -lsocket -lnsl
override LDFLAGS = -lkstat -lrt -lsocket -lnsl
endif

ifdef STATIC
Expand All @@ -125,8 +131,8 @@ ifdef STATIC
PYFLAGS=
PYTHON_INCLUDE = /

CFLAGS_OPT += -static
LDFLAGS += -lm -lpthread -lz -lutil
override CFLAGS_OPT += -static
override LDFLAGS += -lm -lpthread -lz -lutil
endif

ifdef PROFILING
Expand Down Expand Up @@ -389,6 +395,7 @@ help:
@echo
@echo Known build environment options:
@echo "=========================================="
@echo "PERFORMANCE - compile with performance options that make the binary not transferable to other systems. Recommended!"
@echo STATIC - compile AFL++ static
@echo "CODE_COVERAGE - compile the target for code coverage (see docs/instrumentation/README.llvm.md)"
@echo ASAN_BUILD - compiles AFL++ with memory sanitizer for debug purposes
Expand Down Expand Up @@ -453,31 +460,31 @@ afl-as: src/afl-as.c include/afl-as.h $(COMM_HDR) | test_x86
@ln -sf afl-as as

src/afl-performance.o : $(COMM_HDR) src/afl-performance.c include/hash.h
$(CC) $(CFLAGS) $(CFLAGS_OPT) -Iinclude -c src/afl-performance.c -o src/afl-performance.o
$(CC) $(CFLAGS) $(CFLAGS_OPT) $(SPECIAL_PERFORMANCE) -Iinclude -c src/afl-performance.c -o src/afl-performance.o

src/afl-common.o : $(COMM_HDR) src/afl-common.c include/common.h
$(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-common.c -o src/afl-common.o
$(CC) $(CFLAGS) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) -c src/afl-common.c -o src/afl-common.o

src/afl-forkserver.o : $(COMM_HDR) src/afl-forkserver.c include/forkserver.h
$(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-forkserver.c -o src/afl-forkserver.o
$(CC) $(CFLAGS) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) -c src/afl-forkserver.c -o src/afl-forkserver.o

src/afl-sharedmem.o : $(COMM_HDR) src/afl-sharedmem.c include/sharedmem.h
$(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-sharedmem.c -o src/afl-sharedmem.o
$(CC) $(CFLAGS) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) -c src/afl-sharedmem.c -o src/afl-sharedmem.o

afl-fuzz: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(PYFLAGS) $(LDFLAGS) -lm
afl-fuzz: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o src/hashmap.c | test_x86
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) -Wno-shift-count-overflow $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o src/hashmap.c -o $@ $(PYFLAGS) $(LDFLAGS) -lm

afl-showmap: src/afl-showmap.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-fuzz-mutators.c src/afl-fuzz-python.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(PYFLAGS) $(LDFLAGS)
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) src/$@.c src/afl-fuzz-mutators.c src/afl-fuzz-python.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(PYFLAGS) $(LDFLAGS)

afl-tmin: src/afl-tmin.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(LDFLAGS)
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(LDFLAGS)

afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o $(COMM_HDR) | test_x86
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o -o $@ $(LDFLAGS)
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o -o $@ $(LDFLAGS)

afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o -o $@ $(LDFLAGS)
$(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(SPECIAL_PERFORMANCE) src/$@.c src/afl-common.o -o $@ $(LDFLAGS)

.PHONY: document
document: afl-fuzz-document
Expand All @@ -494,17 +501,17 @@ unit_maybe_alloc: test/unittests/unit_maybe_alloc.o
./test/unittests/unit_maybe_alloc

test/unittests/unit_hash.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_hash.c $(AFL_FUZZ_FILES) src/afl-performance.o
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_hash.c -o test/unittests/unit_hash.o
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) $(SPECIAL_PERFORMANCE) -c test/unittests/unit_hash.c -o test/unittests/unit_hash.o

unit_hash: test/unittests/unit_hash.o src/afl-performance.o
@$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf $^ -o test/unittests/unit_hash $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
@$(CC) $(CFLAGS) $(SPECIAL_PERFORMANCE) -Wl,--wrap=exit -Wl,--wrap=printf $^ -o test/unittests/unit_hash $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
./test/unittests/unit_hash

test/unittests/unit_rand.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_rand.c $(AFL_FUZZ_FILES) src/afl-performance.o
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_rand.c -o test/unittests/unit_rand.o
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) $(SPECIAL_PERFORMANCE) -c test/unittests/unit_rand.c -o test/unittests/unit_rand.o

unit_rand: test/unittests/unit_rand.o src/afl-common.o src/afl-performance.o
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf $^ -o test/unittests/unit_rand $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) $(SPECIAL_PERFORMANCE) -Wl,--wrap=exit -Wl,--wrap=printf $^ -o test/unittests/unit_rand $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
./test/unittests/unit_rand

test/unittests/unit_list.o : $(COMM_HDR) include/list.h test/unittests/unit_list.c $(AFL_FUZZ_FILES)
Expand Down Expand Up @@ -752,7 +759,7 @@ endif
@test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-13 and clang-13 or newer, see docs/INSTALL.md"
@test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode successfully built" || echo "[-] LLVM LTO mode could not be built, it is optional, if you want it, please install LLVM 11-14. More information at instrumentation/README.lto.md on how to build it"
ifneq "$(SYS)" "Darwin"
test -e afl-gcc-pass.so && echo "[+] gcc_mode successfully built" || echo "[-] gcc_mode could not be built, it is optional, install gcc-VERSION-plugin-dev to enable this"
@test -e afl-gcc-pass.so && echo "[+] gcc_mode successfully built" || echo "[-] gcc_mode could not be built, it is optional, install gcc-VERSION-plugin-dev to enable this"
endif
ifeq "$(SYS)" "Linux"
ifndef NO_NYX
Expand Down
2 changes: 1 addition & 1 deletion GNUmakefile.llvm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ endif

LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' )
LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' )
LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' )
LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' | sed 's/rc.*//' )
LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-8]\.' && echo 1 || echo 0 )
LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[8-9]|^2[0-9]' && echo 1 || echo 0 )
LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 )
Expand Down
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

<img align="right" src="https://raw.githubusercontent.com/AFLplusplus/Website/main/static/aflpp_bg.svg" alt="AFL++ logo" width="250" heigh="250">

Release version: [4.10c](https://github.com/AFLplusplus/AFLplusplus/releases)
Release version: [4.20c](https://github.com/AFLplusplus/AFLplusplus/releases)

GitHub version: 4.10c
GitHub version: 4.20c

Repository:
[https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)
Expand Down
4 changes: 1 addition & 3 deletions TODO.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,15 @@

## Must

- UI revamp
- hardened_usercopy=0 page_alloc.shuffle=0
- add value_profile but only enable after 15 minutes without finds
- cmplog max len, cmplog max items envs?
- cmplog max items env?
- adapt MOpt to new mutation engine
- Update afl->pending_not_fuzzed for MOpt
- cmplog rtn sanity check on fixed length? currently we ignore the length
- afl-showmap -f support
- afl-fuzz multicore wrapper script
- when trimming then perform crash detection
- problem: either -L0 and/or -p mmopt results in zero new coverage


## Should
Expand Down
2 changes: 1 addition & 1 deletion afl-cmin
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ function usage() {
"\n" \
"Execution control settings:\n" \
" -T tasks - how many parallel tasks to run (default: 1, all=nproc)\n" \
" -f file - location read by the fuzzed program (stdin)\n" \
" -f file - location read by the fuzzed program (default: stdin)\n" \
" -m megs - memory limit for child process ("mem_limit" MB)\n" \
" -t msec - run time limit for child process (default: 5000)\n" \
" -O - use binary-only instrumentation (FRIDA mode)\n" \
Expand Down
25 changes: 17 additions & 8 deletions afl-persistent-config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,17 +124,26 @@ kernel.sched_latency_ns=250000000
EOF
}

grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null || echo Error: /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT is not present, cannot set boot options
grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null && {
grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | grep -E -q 'noibrs pcid nopti' || {
grub_try_disable_mitigation () {
KEY="$1"
if ! grep -E "^$KEY=" /etc/default/grub | grep -E -q 'noibrs pcid nopti'; then
echo "Configuring performance boot options"
LINE=`grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | sed 's/^GRUB_CMDLINE_LINUX_DEFAULT=//' | tr -d '"'`
OPTIONS="$LINE ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx=on tsx_async_abort=off mitigations=off audit=0 hardened_usercopy=off ssbd=force-off"
echo Setting boot options in /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"
sed -i "s|^GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"|" /etc/default/grub
}
LINE=`grep -E "^$KEY=" /etc/default/grub | sed "s/^$KEY=//" | tr -d '"'`
OPTIONS="$LINE ibpb=off ibrs=off kpti=off l1tf=off spec_rstack_overflow=off mds=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx=on tsx_async_abort=off mitigations=off audit=0 hardened_usercopy=off ssbd=force-off"
echo Setting boot options in /etc/default/grub to $KEY=\"$OPTIONS\"
sed -i "s|^$KEY=.*|$KEY=\"$OPTIONS\"|" /etc/default/grub
fi
}


if grep -E -q '^GRUB_CMDLINE_LINUX=' /etc/default/grub || grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub; then
grub_try_disable_mitigation "GRUB_CMDLINE_LINUX_DEFAULT"
# We also overwrite GRUB_CMDLINE_LINUX because some distributions already overwrite GRUB_CMDLINE_LINUX_DEFAULT
grub_try_disable_mitigation "GRUB_CMDLINE_LINUX"
else
echo "Error: /etc/default/grub with GRUB_CMDLINE_LINUX is not present, cannot set boot options"
fi

echo
echo "Reboot and enjoy your fuzzing"
exit 0
Expand Down
42 changes: 25 additions & 17 deletions afl-whatsup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ fi
CUR_TIME=`date +%s`

TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
trap "rm -f $TMP" 1 2 3 13 15

ALIVE_CNT=0
DEAD_CNT=0
Expand All @@ -122,6 +123,7 @@ START_CNT=0
TOTAL_TIME=0
TOTAL_EXECS=0
TOTAL_EPS=0
TOTAL_EPLM=0
TOTAL_CRASHES=0
TOTAL_HANGS=0
TOTAL_PFAV=0
Expand Down Expand Up @@ -181,6 +183,8 @@ for j in `find . -maxdepth 2 -iname fuzzer_setup | sort`; do

if [ -f "$i" ]; then

IS_STARTING=
IS_DEAD=
sed 's/^command_line.*$/_skip:1/;s/[ ]*:[ ]*/="/;s/$/"/' "$i" >"$TMP"
. "$TMP"
DIRECTORY=$DIR
Expand Down Expand Up @@ -211,9 +215,6 @@ for j in `find . -maxdepth 2 -iname fuzzer_setup | sort`; do

if ! kill -0 "$fuzzer_pid" 2>/dev/null; then

IS_STARTING=
IS_DEAD=

if [ -e "$i" ] && [ -e "$j" ] && [ -n "$FUSER" ]; then

if [ "$i" -ot "$j" ]; then
Expand Down Expand Up @@ -272,11 +273,15 @@ for j in `find . -maxdepth 2 -iname fuzzer_setup | sort`; do
ALIVE_CNT=$((ALIVE_CNT + 1))

EXEC_SEC=0
EXEC_MIN=0
test -z "$RUN_UNIX" -o "$RUN_UNIX" = 0 || EXEC_SEC=$((execs_done / RUN_UNIX))
PATH_PERC=$((cur_item * 100 / corpus_count))

test "$IS_DEAD" = 1 || EXEC_MIN=$(echo $execs_ps_last_min|sed 's/\..*//')

TOTAL_TIME=$((TOTAL_TIME + RUN_UNIX))
TOTAL_EPS=$((TOTAL_EPS + EXEC_SEC))
TOTAL_EPLM=$((TOTAL_EPLM + EXEC_MIN))
TOTAL_EXECS=$((TOTAL_EXECS + execs_done))
TOTAL_CRASHES=$((TOTAL_CRASHES + saved_crashes))
TOTAL_HANGS=$((TOTAL_HANGS + saved_hangs))
Expand Down Expand Up @@ -398,41 +403,44 @@ if [ -z "$SUMMARY_ONLY" -o -z "$MINIMAL_ONLY" ]; then
echo
fi

echo " Fuzzers alive : $ALIVE_CNT"
echo " Fuzzers alive : $ALIVE_CNT"

if [ ! "$START_CNT" = "0" ]; then
echo " Starting up : $START_CNT ($TXT)"
echo " Starting up : $START_CNT ($TXT)"
fi

if [ ! "$DEAD_CNT" = "0" ]; then
echo " Dead or remote : $DEAD_CNT ($TXT)"
echo " Dead or remote : $DEAD_CNT ($TXT)"
fi

echo " Total run time : $FMT_TIME"
echo " Total run time : $FMT_TIME"
if [ -z "$MINIMAL_ONLY" ]; then
echo " Total execs : $FMT_EXECS"
echo " Cumulative speed : $TOTAL_EPS execs/sec"
echo " Total execs : $FMT_EXECS"
echo " Cumulative speed : $TOTAL_EPS execs/sec"
if [ "$ALIVE_CNT" -gt "0" ]; then
echo " Total average speed : $((TOTAL_EPS / ALIVE_CNT)) execs/sec"
fi
fi
if [ "$ALIVE_CNT" -gt "0" ]; then
echo " Average speed : $((TOTAL_EPS / ALIVE_CNT)) execs/sec"
echo "Current average speed : $TOTAL_EPLM execs/sec"
fi
if [ -z "$MINIMAL_ONLY" ]; then
echo " Pending items : $TOTAL_PFAV faves, $TOTAL_PENDING total"
echo " Pending items : $TOTAL_PFAV faves, $TOTAL_PENDING total"
fi

if [ "$ALIVE_CNT" -gt "1" -o -n "$MINIMAL_ONLY" ]; then
if [ "$ALIVE_CNT" -gt "0" ]; then
echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)"
echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)"
fi
fi

echo " Coverage reached : ${TOTAL_COVERAGE}%"
echo " Crashes saved : $TOTAL_CRASHES"
echo " Coverage reached : ${TOTAL_COVERAGE}%"
echo " Crashes saved : $TOTAL_CRASHES"
if [ -z "$MINIMAL_ONLY" ]; then
echo " Hangs saved : $TOTAL_HANGS"
echo "Cycles without finds : $TOTAL_WCOP"
echo " Hangs saved : $TOTAL_HANGS"
echo " Cycles without finds : $TOTAL_WCOP"
fi
echo " Time without finds : $TOTAL_LAST_FIND"
echo " Time without finds : $TOTAL_LAST_FIND"
echo

exit 0
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy